(upbeat music) >> We're back with Jerome West, the Product Management Security Lead for HCI at Dell Technologies Hyper-Converged Infrastructure. Jerome, welcome. >> Thank you, Dave. >> Hey, Jerome, in this series "A Blueprint for Trusted Infrastructure," we've been digging into the different parts of the infrastructure stack, including storage servers and networking, and now we want to cover hyper-converged infrastructure. So my first question is what's unique about HCI that presents specific security challenges? What do we need to know? >> So what's unique about hyper-converged infrastructure is the breadth of the security challenge. We can't simply focus on a single type of IT system, so like a server or a storage system or a virtualization piece of software. I mean, HCI is all of those things. So luckily we have excellent partners like VMware, Microsoft and internal partners, like the Dell Power Edge Team, the Dell Storage Team, the Dell Networking Team, and on and on. These partnerships and these collaborations are what make us successful from a security standpoint. So let me give you an example to illustrate. In the recent past, we're seeing growing scope and sophistication in supply chain attacks. This means an attacker is going to attack your software supply chain upstream, so that hopefully a piece of code, malicious code that wasn't identified early in the software supply chain is distributed like a large player, like a VMware or a Microsoft or a Dell. So to confront this kind of sophisticated hard to defeat problem, we need short-term solutions and we need long-term solutions as well. So for the short-term solution, the obvious thing to do is to patch the vulnerability. The complexity is for our HCI portfolio, we build our software on VMware. So we would have to consume a patch that VMware would produce and provide it to our customers in a timely manner. Luckily, VxRail's engineering team has co engineered a release process with VMware that significantly shortens our development life cycle, so that VMware will produce a patch, and within 14 days we will integrate our own code with the VMware release. We will have tested and validated the update, and we will give an update to our customers within 14 days of that VMware release. That as a result of this kind of rapid development process, VxRail had over 40 releases of software updates last year. For a longer term solution, we're partnering with VMware and others to develop a software bill of materials. We work with VMware to consume their software manifest including their upstream vendors and their open source providers to have a comprehensive list of software components. Then we aren't caught off guard by an unforeseen vulnerability, and we're more able to easily detect where the software problem lies so that we can quickly address it. So these are the kind of relationships and solutions that we can co-engineer with effective collaborations with our partners. >> Great, thank you for that description. So if I had to define what cybersecurity resilience means to HCI or converged infrastructure, to me, my takeaway was you got to have a short-term instant patch solution and then you got to do an integration in a very short time, you know, two weeks to then have that integration done. And then longer-term, you have to have a software bill of materials so that you can ensure the provenance of all the components. Help us, is that a right way to think about cybersecurity resilience? Do you have, you know, additives to that definition? >> I do. I really think that cybersecurity and resilience for HCI, because like I said it has sort of unprecedented breadth across our portfolio. It's not a single thing. It's a bit of everything. So really the strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer. So let me give you an example. So HCI, it's a basically taking a software abstraction of hardware functionality and implementing it into something called the virtualized layer. It's basically the virtualizing hardware functionality, like say a storage controller. You could implement it in the hardware, but for HCI, for example, in our VxRail portfolio, our VxRail product, we integrated it into a product called vSan which is provided by our partner VMware. So that portfolio strength is still, you know, through our partnerships. So what we do, we integrate these security functionality and features into our product. So our partnership grows through our ecosystem through products like VMware products, like NSX, Horizon, Carbon Black and vSphere. All of them integrate seamlessly with VMware. And we also leverage VMware's software partnerships on top of that. So for example, VxRail supports multifactor authentication through vSphere's integration with something called Active Directory Federation Services or ADFS. So there is a lot of providers that support ADFS, including Microsoft Azure. So now we can support a wide array of identity providers such as Auth0, or I mentioned Azure or Active Directory through that partnership. So we can leverage all of our partners' partnerships as well. So there's sort of a second layer. So being able to secure all of that, that provides a lot of options and flexibility for our customers. So basically to summarize my answer, we consume all of the security advantages of our partners, but we also expand on them to make a product that is comprehensively secured at multiple layers from the hardware layer that's provided by Dell through Power Edge to the hyper-converged software that we build ourselves to the virtualization layer that we get through our partnerships with Microsoft and VMware. >> Great, I mean, that's super helpful. You've mentioned NSX, Horizon, Carbon Black, all the you know, the VMware component, Auth0, which the developers are going to love. You got Azure Identity. So it's really an ecosystem. So you may have actually answered my next question, but I'm going to ask it anyway cause you've got this software-defined environment, and you're managing servers and networking and storage with this software-led approach. How do you ensure that the entire system is secure end to end? >> That's a really great question. So the answer is we do testing and validation as part of the engineering process. It's not just bolted on at the end. So when we do, for example VxRail is the market's only co-engineered solution with VMware. Other vendors sell VMware as a hyper-converged solution, but we actually include security as part of the co-engineering process with VMware. So it's considered when VMware builds their code, and their process dovetails with ours because we have a secure development lifecycle which other products might talk about in their discussions with you, that we integrate into our engineering lifecycle. So because we follow the same framework, all of the code should inter-operate from a security standpoint. And so when we do our final validation testing, when we do a software release, we're already halfway there in ensuring that all these features will give the customers what we promised. >> That's great. All right, let's close. Pitch me. What would you say is the strong suit, summarize the the strengths of the Dell hyper-converged infrastructure and converged infrastructure portfolio, specifically from a security perspective, Jerome? >> So I talked about how hyper-converged infrastructure simplifies security management because basically you're going to take all of these features that are abstracted in hardware. They're not abstracted in the virtualization layer. Now you can manage them from a single point of view, whether it would be say, you know, for VxRail it would be vCenter, for example. So by abstracting all this, you make it very easy to manage security and highly flexible because now you don't have limitations around a single vendor. You have a multiple array of choices and partnerships to select. So I would say that is the key to making, to HCI. Now what makes Dell the market leader in HCI is not only do we have that functionality, but we also make it exceptionally useful to you because it's co-engineered. It's not bolted on. So I gave the example of SBOM. I gave the example of how we modify our software release process with VMware to make it very responsive. A couple of other features that we have specific just to HCI are digitally signed LCM updates. This is an example of a feature that we have that's only exclusive to Dell. It's not done through a partnership. So we digitally sign our software updates. So the user can be sure that the update that they're installing into their system is an authentic and unmodified product. So we give it a Dell signature that's invalidated prior to installation. So not only do we consume the features that others develop in a seamless and fully validated way, but we also bolt on our own specific HCI security features that work with all the other partnerships and give the user an exceptional security experience. So for example, the benefit to the customer is you don't have to create a complicated security framework. That's hard for your users to use, and it's hard for your system administrators to manage. It all comes in a package, so it can be all managed through vCenter, for example. And then the specific hyper-converged functions can be managed through VxRail manager or through STDC manager. So there's very few panes of glass that the administrator or user ever has to worry about. It's all self-contained and manageable. >> That makes a lot of sense. So you've got your own infrastructure. You're applying your best practices to that like the digital signatures. You've got your ecosystem. You're doing co-engineering with the ecosystems, delivering security in a package, minimizing the complexity at the infrastructure level. The reason, Jerome, this is so important is because SecOps teams, you know, they got to deal with Cloud security. They got to deal with multiple Clouds. Now they have their shared responsibility model going across multiple. They got all this other stuff that they have to worry. They got to secure the containers and the run time and the platform and so forth. So they're being asked to do other things. If they have to worry about all the things that you just mentioned, they'll never get, you know, the security is just going to get worse. So my takeaway is you're removing that infrastructure piece and saying, okay, guys, you now can focus on those other things that is not necessarily Dell's, you know, domain, but you, you know, you can work with other partners and your own teams to really nail that. Is that a fair summary? >> I think that is a fair summary because absolutely the worst thing you can do from a security perspective is provide a feature that's so unusable that the administrator disables it or other key security features. So when I work with my partners to define and develop a new security feature, the thing I keep foremost in mind is will this be something our users want to use and our administrators want to administer? Because if it's not, if it's something that's too difficult or onerous or complex, then I try to find ways to make it more user-friendly and practical. And this is a challenge sometimes because our products operate in highly regulated environments, and sometimes they have to have certain rules and certain configurations that aren't the most user friendly or management friendly. So I put a lot of effort into thinking about how can we make this feature useful while still complying with all the regulations that we have to comply with. And by the way, we're very successful in a highly regulated space. We sell a lot of VxRail, for example, into the Department of Defense and banks and other highly regulated environments. And we're very successful there. >> Excellent, okay, Jerome, thanks. We're going to leave it there for now. I'd love to have you back to talk about the progress that you're making down the road. Things always, you know, advance in the tech industry, and so would appreciate that >> I would look forward to it. Thank you very much, Dave. >> You're really welcome. In a moment, I'll be back to summarize the program and offer some resources that can help you on your journey to secure your enterprise infrastructure. (upbeat music)

>> From theCUBE Studios in Palo Alto and Boston bringing you data driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> After a two year hiatus, AWS re:Inforce is back on as an in-person event in Boston next week. Like the All-Star break in baseball, re:Inforce gives us an opportunity to evaluate the cyber security market overall, the state of cloud security and cross cloud security and more specifically what AWS is up to in the sector. Welcome to this week's Wikibon cube insights powered by ETR. In this Breaking Analysis we'll share our view of what's changed since our last cyber update in May. We'll look at the macro environment, how it's impacting cyber security plays in the market, what the ETR data tells us and what to expect at next week's AWS re:Inforce. We start this week with a checkpoint from Breaking Analysis contributor and stock trader Chip Simonton. We asked for his assessment of the market generally in cyber stocks specifically. So we'll summarize right here. We've kind of moved on from a narrative of the sky is falling to one where the glass is half empty you know, and before today's big selloff it was looking more and more like glass half full. The SNAP miss has dragged down many of the big names that comprise the major indices. You know, earning season as always brings heightened interest and this time we're seeing many cross currents. It starts as usual with the banks and the money centers. With the exception of JP Morgan the numbers were pretty good according to Simonton. Investment banks were not so great with Morgan and Goldman missing estimates but in general, pretty positive outlooks. But the market also shrugged off IBM's growth. And of course, social media because of SNAP is getting hammered today. The question is no longer recession or not but rather how deep the recession will be. And today's PMI data was the weakest since the start of the pandemic. Bond yields continue to weaken and there's a growing consensus that Fed tightening may be over after September as commodity prices weaken. Now gas prices of course are still high but they've come down. Tesla, Nokia and AT&T all indicated that supply issues were getting better which is also going to help with inflation. So it's no shock that the NASDAQ has done pretty well as beaten down as tech stocks started to look oversold you know, despite today's sell off. But AT&T and Verizon, they blamed their misses in part on people not paying their bills on time. SNAP's huge miss even after guiding lower and then refusing to offer future guidance took that stock down nearly 40% today and other social media stocks are off on sympathy. Meta and Google were off, you know, over 7% at midday. I think at one point hit 14% down and Google, Meta and Twitter have all said they're freezing new hires. So we're starting to see according to Simonton for the first time in a long time, the lower income, younger generation really feeling the pinch of inflation. Along of course with struggling families that have to choose food and shelter over discretionary spend. Now back to the NASDAQ for a moment. As we've been reporting back in mid-June and NASDAQ was off nearly 33% year to date and has since rallied. It's now down about 25% year to date as of midday today. But as I say, it had been, you know much deeper back in early June. But it's broken that downward trend that we talked about where the highs are actually lower and the lows are lower. That's started to change for now anyway. We'll see if it holds. But chip stocks, software stocks, and of course the cyber names have broken those down trends and have been trading above their 50 day moving averages for the first time in around four months. And again, according to Simonton, we'll see if that holds. If it does, that's a positive sign. Now remember on June 24th, we recorded a Breaking Analysis and talked about Qualcomm trading at a 12 X multiple with an implied 15% growth rate. On that day the stock was 124 and it surpassed 155 earlier this month. That was a really good call by Simonton. So looking at some of the cyber players here SailPoint is of course the anomaly with the Thoma Bravo 7 billion acquisition of the company holding that stock up. But the Bug ETF of basket of cyber stocks has definitely improved. When we last reported on cyber in May, CrowdStrike was off 23% year to date. It's now off 4%. Palo Alto has held steadily. Okta is still underperforming its peers as it works through the fallout from the breach and the ingestion of its Auth0 acquisition. Meanwhile, Zscaler and SentinelOne, those high flyers are still well off year to date, with Ping Identity and CyberArk not getting hit as hard as their valuations hadn't run up as much. But virtually all these tech stocks generally in cyber issues specifically, they've been breaking their down trend. So it will now come down to earnings guidance in the coming months. But the SNAP reaction is quite stunning. I mean, the environment is slowing, we know that. Ad spending gets cut in that type of market, we know that too. So it shouldn't be a huge surprise to anyone but as Chip Simonton says, this shows that sellers are still in control here. So it's going to take a little while to work through that despite the positive signs that we're seeing. Okay. We also turned to our friend Eric Bradley from ETR who follows these markets quite closely. He frequently interviews CISOs on his program, on his round tables. So we asked to get his take and here's what ETR is saying. Again, as we've reported while CIOs and IT buyers have tempered spending expectations since December and early January when they called for an 8% plus spending growth, they're still expecting a six to seven percent uptick in spend this year. So that's pretty good. Security remains the number one priority and also is the highest ranked sector in the ETR data set when you measure in terms of pervasiveness in the study. Within security endpoint detection and extended detection and response along with identity and privileged account management are the sub-sectors with the most spending velocity. And when you exclude Microsoft which is just dominant across the board in so many sectors, CrowdStrike has taken over the number one spot in terms of spending momentum in ETR surveys with CyberArk and Tanium showing very strong as well. Okta has seen a big dropoff in net score from 54% last survey to 45% in July as customers maybe put a pause on new Okta adoptions. That clearly shows in the survey. We'll talk about that in a moment. Look Okta still elevated in terms of spending momentum, but it doesn't have the dominant leadership position it once held in spend velocity. Year on year, according to ETR, Tenable and Elastic are seeing the biggest jumps in spending momentum, with SailPoint, Tanium, Veronis, CrowdStrike and Zscaler seeing the biggest jump in new adoptions since the last survey. Now on the downside, SonicWall, Symantec, Trellic which is McAfee, Barracuda and TrendMicro are seeing the highest percentage of defections and replacements. Let's take a deeper look at what the ETR data tells us about the cybersecurity space. This is a popular view that we like to share with net score or spending momentum on the Y axis and overlap or pervasiveness in the data on the X axis. It's a measure of presence in the data set we used to call it market share. With the data, the dot positions, you see that little inserted table, that's how the dots are plotted. And it's important to note that this data is filtered for firms with at least 100 Ns in the survey. That's why some of the other ones that we mentioned might have dropped off. The red dotted line at 40% that indicates highly elevated spending momentum and there are several firms above that mark including of course, Microsoft, which is literally off the charts in both dimensions in the upper right. It's quite incredible actually. But for the rest of the pack, CrowdStrike has now taken back its number one net score position in the ETR survey. And CyberArk and Okta and Zscaler, CloudFlare and Auth0 now Okta through the acquisition, are all above the 40% mark. You can stare at the data at your leisure but I'll just point out, make three quick points. First Palo Alto continues to impress and as steady as she goes. Two, it's a very crowded market still and it's complicated space. And three there's lots of spending in different pockets. This market has too many tools and will continue to consolidate. Now I'd like to drill into a couple of firms net scores and pick out some of the pure plays that are leading the way. This series of charts shows the net score or spending velocity or granularity for Okta, CrowdStrike, Zscaler and CyberArk. Four of the top pure plays in the ETR survey that also have over a hundred responses. Now the colors represent the following. Bright red is defections. We're leaving the platform. The pink is we're spending less, meaning we're spending 6% or worse. The gray is flat spend plus or minus 5%. The forest green is spending more, i.e, 6% or more and the lime green is we're adding the platform new. That red dotted line at the 40% net score mark is the same elevated level that we like to talk about. All four are above that target. Now that blue line you see there is net score. The yellow line is pervasiveness in the data. The data shown in each bar goes back 10 surveys all the way back to January 2020. First I want to call out that all four again are seeing down trends in spending momentum with the whole market. That's that blue line. They're seeing that this quarter, again, the market is off overall. Everybody is kind of seeing that down trend for the most part. Very few exceptions. Okta is being hurt by fewer new additions which is why we highlighted in red, that red dotted area, that square that we put there in the upper right of that Okta bar. That lime green, new ads are off as well. And the gray for Okta, flat spending is noticeably up. So it feels like people are pausing a bit and taking a breather for Okta. And as we said earlier, perhaps with the breach earlier this year and the ingestion of Auth0 acquisition the company is seeing some friction in its business. Now, having said that, you can see Okta's yellow line or presence in the data set, continues to grow. So it's a good proxy from market presence. So Okta remains a leader in identity. So again, I'll let you stare at the data if you want at your leisure, but despite some concerns on declining momentum, notice this very little red at these companies when it comes to the ETR survey data. Now one more data slide which brings us to our four star cyber firms. We started a tradition a few years ago where we sorted the ETR data by net score. That's the left hand side of this graphic. And we sorted by shared end or presence in the data set. That's the right hand side. And again, we filtered by companies with at least 100 N and oh, by the way we've excluded Microsoft just to level the playing field. The red dotted line signifies the top 10. If a company cracks the top 10 in both spending momentum and presence, we give them four stars. So Palo Alto, CrowdStrike, Okta, Fortinet and Zscaler all made the cut this time. Now, as we pointed out in May if you combined Auth0 with Okta, they jumped to the number two on the right hand chart in terms of presence. And they would lead the pure plays there although it would bring down Okta's net score somewhat, as you can see, Auth0's net score is lower than Okta's. So when you combine them it would drag that down a little bit but it would give them bigger presence in the data set. Now, the other point we'll make is that Proofpoint and Splunk both dropped off the four star list this time as they both saw marked declines in net score or spending velocity. They both got four stars last quarter. Okay. We're going to close on what to expect at re:Inforce this coming week. Re:Inforce, if you don't know, is AWS's security event. They first held it in Boston back in 2019. It's dedicated to cloud security. The past two years has been virtual and they announced that reinvent that it would take place in Houston in June, which everybody said, that's crazy. Who wants to go to Houston in June and turns out nobody did so they postponed the event, thankfully. And so now they're back in Boston, starting on Monday. Not that it's going to be much cooler in Boston. Anyway, Steven Schmidt had been the face of AWS security at all these previous events as the Chief Information Security Officer. Now he's dropped the I from his title and is now the Chief Security Officer at Amazon. So he went with Jesse to the mothership. Presumably he dropped the I because he deals with physical security now too, like at the warehouses. Not that he didn't have to worry about physical security at the AWS data centers. I don't know. Anyway, he and CJ Moses who is now the new CISO at AWS will be keynoting along with some others including MongoDB's Chief Information Security Officer. So that should be interesting. Now, if you've been following AWS you'll know they like to break things down into, you know, a couple of security categories. Identity, detection and response, data protection slash privacy slash GRC which is governance, risk and compliance, and we would expect a lot more talk this year on container security. So you're going to hear also product updates and they like to talk about how they're adding value to services and try to help, they try to help customers understand how to apply services. Things like GuardDuty, which is their threat detection that has machine learning in it. They'll talk about Security Hub, which centralizes views and alerts and automates security checks. They have a service called Detective which does root cause analysis, and they have tools to mitigate denial of service attacks. And they'll talk about security in Nitro which isolates a lot of the hardware resources. This whole idea of, you know, confidential computing which is, you know, AWS will point out it's kind of become a buzzword. They take it really seriously. I think others do as well, like Arm. We've talked about that on previous Breaking Analysis. And again, you're going to hear something on container security because it's the hottest thing going right now and because AWS really still serves developers and really that's what they're trying to do. They're trying to enable developers to design security in but you're also going to hear a lot of best practice advice from AWS i.e, they'll share the AWS dogfooding playbooks with you for their own security practices. AWS like all good security practitioners, understand that the keys to a successful security strategy and implementation don't start with the technology, rather they're about the methods and practices that you apply to solve security threats and a top to bottom cultural approach to security awareness, designing security into systems, that's really where the developers come in, and training for continuous improvements. So you're going to get heavy doses of really strong best practices and guidance and you know, some good preaching. You're also going to hear and see a lot of partners. They'll be very visible at re:Inforce. AWS is all about ecosystem enablement and AWS is going to host close to a hundred security partners at the event. This is key because AWS doesn't do it all. Interestingly, they don't even show up in the ETR security taxonomy, right? They just sort of imply that it's built in there even though they have a lot of security tooling. So they have to apply the shared responsibility model not only with customers but partners as well. They need an ecosystem to fill gaps and provide deeper problem solving with more mature and deeper security tooling. And you're going to hear a lot of positivity around how great cloud security is and how it can be done well. But the truth is this stuff is still incredibly complicated and challenging for CISOs and practitioners who are understaffed when it comes to top talent. Now, finally, theCUBE will be at re:Inforce in force. John Furry and I will be hosting two days of broadcast so please do stop by if you're in Boston and say hello. We'll have a little chat, we'll share some data and we'll share our overall impressions of the event, the market, what we're seeing, what we're learning, what we're worried about in this dynamic space. Okay. That's it for today. Thanks for watching. Thanks to Alex Myerson, who is on production and manages the podcast. Kristin Martin and Cheryl Knight, they helped get the word out on social and in our newsletters and Rob Hoff is our Editor in Chief over at siliconangle.com. You did some great editing. Thank you all. Remember all these episodes they're available, this podcast. Wherever you listen, all you do is search Breaking Analysis podcast. I publish each week on wikibon.com and siliconangle.com. You can get in touch with me by emailing avid.vellante@siliconangle.com or DM me @dvellante, or comment on my LinkedIn post and please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching and we'll see you in Boston next week if you're there or next time on Breaking Analysis (soft music)

>> Narrator: theCUBE presents KubeCon, and CloudNativeCon Europe, 2022, brought to you by Red Hat, the Cloud Native Computing Foundation, and its ecosystem partners. >> Welcome to Valencia, Spain and KubeCon, CloudNativeCon Europe, 2022. I'm Keith Townsend, and we're continuing the conversation with builders, startups, large enterprise, customers, small customers, the whole community. Just got a interesting stat earlier in the day, 7.1 million community members in the CNCF foundation, and we're been interacting with 7,500 of them. But we're bringing the signal, separating the signal from the noise. We have a Kube alum who's been on both sides of the table, Omri Gazitt co-founder and CEO of Aserto. Welcome to the show. >> Thank you so much, Keith. >> So identity management, you know it's, it's critical need to the enterprise cloud native but there's plenty of solutions on the market, what unique problem are you solving you know how are you solving the problem in a unique way that we don't go to some of the big named vendors in this space? >> Yeah, we, my co-founder and I, were veterans of large clouds. We helped start Azure at Microsoft. We in fact helped build what became Azure Active Directory and those solutions entirely focus on one part, the "I" part, the identity part of the problem. They completely ignore the access management part and you could argue that is a larger problem and it is far from solved. So we completely agree. Identity management, a problem that's been solved over the last 15 years and solved well by great companies like Microsoft and Okta and Auth0. And we're best friends with them. We basically pick up where they leave off. We do the access management part. >> So the access management part, what specifically, what what am I getting when I engage with your team and your product? >> Yep. So basically I, authentication is all about proving that you are, who you say you are through a password or something else, you know, biometric. And that part is done. We basically pick up where that leaves off. So once you know who you are, once you've proven to a system that you are Keith. Now, what can Keith do? What roles, what permissions, , what operations can Keith perform on what resources? That's a harder problem. And that's the problem that we focus on. So for example, if you have a SaaS app - let's say you're building, you know an applicant tracking system and you Keith are an owner of some job descriptions and you have some candidates, but  somebody else has a different set of candidates and an admin, maybe has visibility at everything. How do you build that system? That actually is a pretty hard problem. And how do you build it to enterprise grade? That's where we come in. We basically have an end-to-end solution that gives you cloud native, end-to-end authorization that's built to enterprise grade. >> So when I think of this capability, I can't help but to think of AWS IAM and I'm in AWS IAM, I get my security role, and now I can assign to an EC2 instance, the ability to access some other AWS service or identity. So role based identity - are you giving me that type of capability? >> For everything else. So AWS IAM for AWS resources right? Google IAM for Google Resources. Azure has a similar system but they're all infrastructure focused. And what we're trying to do is bring that to your domain specific resources, right? So you, as an application builder, you have the things that correspond  you're not doing VMs, you're not doing storage arrays, you're not doing networks. You have higher level constructs, right. You know, like I said, if you're building Lever or Greenhouse, you have candidates and jobs and reports and things like that. So we basically allow you to create this fine grained access control, but for your own objects. >> So where's the boundaries? Let's say that I have a container or microservice that is a service and it has a role, it has an identity on my network. And there is a cloud based service, let's say a, a cloud SQL. And I want to do authentication across the two or can I only have the boundaries within my private infrastructure or does that boundary extend to the public cloud as well? >> It extends everywhere, right. So basically, you know, if you think about all the different hops here, you know, Zero Trust is the, the rage, right? And that encourages defense in depth. So you have an access proxy that does some type of authorization. Then you have an API Gateway that has a little bit more context, a little bit more authorization. For us we live inside of the application. So the application calls us, we give you a sidecar, you deploy it right next to your application. It gives you, you know, sub-millisecond response time, a hundred percent availability, all the authorization decisions are done with full context about who the user is and what resource they're trying to access. And so our sidecar will give you a response back, allow or deny, and then downstream from us, you could basically talk to another microservice. And at that point you're doing machine identities, right? So you may have a different authorization policy for those, only you know these particular services, are allowed to talk to these other services. And so we solve both the, you know authorization for machine identities as well as authorization for human identities. >> All right Omri are you ready for Q Clock? >> I sure am! >> Oh, I like the energy. >> Bring it on. >> You know, there have been many before you, they have failed the test. >> All right. I mean, they brought, they've brought the energy. You have the energy but do you have the ability to survive the clock? >> I'm going to do my best. >> So I'm going to say start the clock. I haven't said, said start cube clock yet, but when I say it, you have 60 seconds. There's no start overs. There's no repeats. The pressure's on, you ready? >> All right. I'm ready. >> Ready? Start Cube Clock. >> All right. If you are a VP of Engineering or a CTO or run a security or engineering organization what are you doing for roles and permissions? You're building it on your own, right? >> Tough times never last, tough people always do, and you're, you're delaying, you're letting me break you up. >> All right, I'm not going to let you break me up. Great. So you don't want to build it yourself. You don't want to build it yourself. Why would you spend engineering time? Why would you spend, you know, the- >> You deserve a seat at the table. >> No but look, why would you ever spend your time building something that is not differentiating your application? Instead use something like Aserto, just dear God use something, use a developer API. Don't build it yourself because what are you doing? You're reinventing the wheel, you know. You want to get out of the business of reinventing the wheel. >> Crawl before you walk. (Omri laughs) >> You think so? I think, I think you have to go you know, make sure that you spend your engineering resources on the things that matter and the things that matter are. >> Time up. >> Yep. >> You know what? You threw three great curve balls and struck me out. Great job. (Omri laughs) You, you, you just knocked it out the park. Great job Omri, I appreciate you coming in, stopping by, sharing your company's journey about authorization and authorization services and getting kind of this cloud capability, the cloud native. >> I appreciate your time as well Keith, always a pleasure. >> From Valencia Spain, I'm Keith Townsend, and you're watching theCUBE, the leader in high tech coverage. (soft instrumental music)

>> From theCUBE Studios in Palo Alto in Boston, bringing you data driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> Cybersecurity stocks have been sending mixed signals as of late, mostly negative like much of tech, but some such as Palo Alto Networks, despite a tough go of it recently have held up better than most tech names. Others like CrowdStrike, had been out performing Broader Tech in March, but then flipped in May. Okta's performance was pretty much tracking along with CrowdStrike for most of the past several months, a little bit below, but then the Okta hack changed the trajectory of that name. Zscaler has crossed the critical billion dollar ARR revenue milestone, and now sees a path to five billion dollars in revenue, but the company stock fell sharply after its last earnings report and has been on a down trend since last November. Meanwhile, CyberArk's recent beat and raise, was encouraging and the stock acted well after its last report. Security remains the number one initiative priority amongst IT organizations and the spending momentum for many high flying cyber names remain strong. So what gives in cyber security? Hello, and welcome to this week's Wikibon CUBE insights powered by ETR. In this breaking analysis, we focus on security and will update you on the latest data from ETR to try to make sense out of the market and read into what this all means in both the near and long term, for some of our favorite names in cyber. First, the news. There's always something happening in security news cycles. The big recent news is new President Rodrigo Chavez declared a national emergency in Costa Rica due to the preponderance of Russian cyber attacks on the country's critical infrastructure. Such measures are normally reserved for natural disasters like earthquakes, but this move speaks to the nature of today's cyber threats. Of no surprise is modern superpower warfare even for a depleted power like Russia almost certainly involves cyber warfare as we continue to see in Ukraine. Privately held Arctic Wolf Networks hired Dustin Williams as its new CFO. Williams has taken three companies to IPO, including Nutanix in 2016, a very successful IPO for that company. Whether AWN chooses to pull the trigger this year or will wait until markets are less choppy or obviously remains to be seen. But it's a pretty clear sign the company is headed to IPO at some point. Now, big point of discussion this week at Red Hat Summit in Boston and the prior week at Dell technologies world was security. In the case of Red Hat, securing the digital supply chain was the main theme. And from Dell building, many security features into its storage arrays and cyber resilience services into its as a service offering called Apex. And we're seeing a trend where buyers want to reduce the number of bespoke tools they use if they, in fact can. Here's IDC's Jim Mercer, sharing data from a recent survey they conducted on the topic. Play the clip. >> Interestingly, we did a survey, I think around last August or something. And one of the questions was around where do you want your security, right? Where do you want to get your DevSecOps security from? Do you want to get it from individual vendors, right? Or do you want to get it from like your platforms that you're using and deploying changes in Kubernetes? >> Great question. What did they say? >> The majority of them, they're hoping they can get it built into the platform. That's really what they want-- >> Now, whether that's actually achievable is debatable because you have so much innovation and investment going on from the likes of startups and for instance, lace work or sneak and security companies that you see even trying to build platforms, you've got CrowdStrike, Okta, Zscaler and many others, trying to build security platforms and put it all under their umbrella. Now the last point will hit here is there was a lot of buzz in the news about Okta. The reaction to what was a relatively benign hack was pretty severe and probably overblown, but Okta's stock is paying the price of what is generally considered a blown communications plan versus a technical failure. Remember, identity is not an easy thing to rip and replace and Okta remains a best-of-breed player and leader in the space. So we're going to look at some ETR data later in this segment to try and make sense of the recent action in the market and certain names. Speaking of which let's take a look at how some of the names in cybersecurity have fared relative to some of the indices and relative indicators that we like to look at. Here's a Google finance comparison for a number of stocks and names in the bottom there you can see we plot the hack ETF which tracks security stocks. This is a year to date view. And so we don't show it here but the tech heavy NASDAQ is off around 26% year to date whereas the cyber ETF that we're showing is down 18%, okay. So cyber holding up a little bit better than broader tech as we've reported earlier, was actually much better and still seems to be a gap there, but the data are mixed. You can see Okta is way off relative to its peers. That's a combination of the breach that we talked about but also the run up in the stock since COVID. CrowdStrike was actually faring better but broke this month, we'll see how it's upcoming earnings announcements are received when it announces on June 2nd after the close. Palo Alto in the light blue has done better than most and until recently was holding up quite well. And of course, Sailpoint is another identity specialist, it is kind of off the charts here because it's going private with the acquisition by Thoma Bravo at nearly seven billion dollars. So you see some mixed signals in cyber these past several months and weeks. And so we're trying to understand what that all means. So let's take a look at the survey data and see how spending momentum is holding up. As we've reported IT spending forecast, at the macro level, they've come off their 8% highs from the end of the year, the ETRS December survey, but robust tech spending is still there. It's expected at nearly seven percent and this is amongst 1200 ETR respondents. Here's a picture from the ETR survey of the cybersecurity landscape. That y-axis that's net score or a measure of spending momentum and that horizontal access is overlap. We used to talk about it as a market share which is a measure of pervasiveness in the data set. That dotted red line at 40% indicates an elevated spending momentum level on the vertical axis and we filter the names and limited to only those with a hundred or more responses in the ETR survey. Then the pictures still pretty crowded as you can see. You got lots of companies above the red dotted line, including Microsoft which is up into the right, they're so far off the chart, it's just amazing. But also Palo Alto and Okta, Auth0, which of course is now owned by Okta, Zscaler, CyberArk is making moves. Sailpoint and Cloudflare, they're all above that magic 40% line. Now, you look at Cisco, it shows a very large presence in the horizontal axis in the data set. And it's got pretty respectable momentum and you see Splunk doing okay, no before and tenable just below that 40% line and a lot of names in the very respectable 20% zone. And we've included some legacy names just for context that fall below the zero percent line with a negative net score. And that means a larger proportion, that negative net score means a larger proportion of their customers in the survey are spending less than those that are spending more. Now, typically for these legacy names you're going to have a huge proportion of customers who have flat spending that kind of fat middle and that's why they sort of don't have that highly elevated score, but they're still viable as they get the recurring revenue each year. But the bottom line is that spending remains robust for some of the top names that we've talked about earlier despite their rocky stock performance. Now, let's filter this data a bit more to make it a little bit easier to read. So to do that, we take out Microsoft because they're just so dominant and we cherry pick some names to make the data more consumable and scannable. The other data point we've added is Okta's net score breakdown, the multicolored rows there, that row in the bottom right. Net score, it measures the percent of customers that are adding the platform new, that's the lime green, at 18% for Okta. The forest green is at 42%. That's the percent of customers in the survey that are spending six percent or more. The gray is flat spending. That's 32% for Okta, this past survey. The pink is customers that are spending less, that's three percent. They're spending six percent or worse in the survey, so only three percent for Okta. And the bright red at three percent is decommissioning the platform. You subtract the reds from the greens and you get a net score, well, into the 50s for Okta and you can see. We highlight Okta here because it's a name that we've been following for quite some time and customers have given us really solid feedback on the technology and up until the hack, they're affinity to Okta, but that seems to be continuing. We'll talk more about that. This recent breach to Okta has caused us to take a closer look. And you may recall, we reported with our ETR colleague, Eric Bradley. The breach was announced right in the middle of ETR collecting data in the last survey. And while we did see a noticeable downtick right after the announcement, the exposure of the hack and Okta's net score just after the breach was disclosed, you can see the combination of Okta and Auth0 remains very strong. I asked Eric Bradley this morning what he thought about Okta, and he pointed out that you can't evaluate this company on its price to earnings ratio. But it's forward sales multiple is now below 7X. And while attractive, these high flyers at some point, Eric says, they got to start making a profit. So you going to hold that thought, we'll come back to that. Now, another cut of the ETR data to look at our four star security names here. A while back we developed a methodology to try and cut through the noise of the crowded security sector using the ETR data to evaluate two key metrics; net score and shared N. Net score again is, spending momentum, the latter is an indicator of presence in the data set which is a proxy for market presence. Okay, we assigned those companies that cracked the top 10 in both net score and shared N, we give them four stars, okay, if they make the top 10. This chart here shows the April survey data for those companies with an N that's greater than, equal to a hundred responses. So again, we're filtering on those with a hundred or more responses. The table on the left that you see there, that's sorted by net score, okay. So we're sorting by spending momentum. And then the one on the right is sorted by shared N, so their presence in the data set. Seven companies hit the top 10 for both categories; Palo Alto Network, Splunk, CrowdStrike Okta, Proofpoint, Fortinet and Zscaler. Now, remember, take a look, Okta excludes Auth0, in this little methodology that we came up with. Auth0 didn't make the cuts but it hits the top 10 for net score. So if you add in Auth0's 112 N there that you see on the right. You add that into Okta, we put Okta in the number two spot in the survey on the right most table with the shared N of 354. Only Cisco has a higher presence in the data set. And you can see Cisco in the left lands just below that red dotted line. That's the top 10 in security. So if we were to combine Okta and Auth0 as one, Cisco would make the cut and earn four stars. Now, some other notables are CyberArk, which is just below the red line on the right most chart with an impressive 177 shared N. Again, if you combine Auth0 and Okta, CyberArk makes the four star grade because it's in the top 10 for net score on the left. And Sailpoint is another notable with a net score above 50% and it's got a shared N of 122, which is respectable. So despite the market's choppy waters, we're seeing some positive signs in the survey data for some of the more prominent names that we've been following for the last couple of years. So what does this mean for the markets going forward? As always, when we see these confusing signs we like to reach out to the network and one of the sharpest traders out there is Chip Simonton. We've quoted him before and we like to share some of his insights. And so we're going to highlight some of that here. So technically, almost every good tech stock is oversold. And as such, he suggested we might see a bounce here. We certainly are seeing that on this Friday, the 13th. But the right call tactically has been to sell into the rally these past several months, so we'll see what happens on Monday. The key issue with the name like Okta and some other momentum names like CrowdStrike and Zscaler is that when money comes back into tech, it's likely going to go to the FAANG stocks, the Facebook, Apple, Amazon, Netflix, Google, and of course, you put Microsoft in there as well. And we'll see about Amazon, by the way, it's kind of out of favor right now, as everyone's focused on the retail side of the business meanwhile it's cloud business is booming and that's where all the profit is. We think that should be the real focus for Amazon. But the point is, for these momentum names in cybersecurity that don't make money, they face real headwinds, as growth is slowing overall and interest rates rise, that makes the net present value of these investments much less attractive. We've talked about that before. But longer term, we agree with Chip Simonton that these are excellent companies and they will weather the storm and we think they're going to lead their respective markets. And in cyber, we would expect continued M&A activity, which could act as a booster shot in the arms of these names. Now in 2019, we saw the ETR data, it pointed to CrowdStrike, Zscaler, Okta and others in the security space. Some of those names that really looked to us like they were moving forward and the pandemic just created a surge in these names and admittedly they got out over their skis. But the data suggests that these leading companies have continued momentum and the potential for stay in power. Unlike the SolarWinds hack, it seems at this point anyway that Okta will recover in the market. For the reasons that we cited, investors, they might stay away for some time but longer term, there's a shift in CSO security strategies that appear to be permanent. They're really valuing cloud-based modern platforms, these platforms will likely continue to gain share and carry their momentum forward. Okay, that's it for now, thanks to Stephanie Chan, who helps with the background research and with social, Kristen Martin and Cheryl Knight help get the word out and do some great work as well. Alex Morrison is on production and handles all of our podcast. Alex, thank you. And Rob Hof is our Editor in Chief at SiliconANGLE. Remember, all these episodes, they're available as podcast, you can pop in the headphones and listen, just search "Breaking Analysis Podcast." I publish each week on wikibon.com and SiliconANGLE.com. Don't forget to check out etr.ai, best in the business for real customer data. It's an awesome platform. You can reach me at dave.vellante@siliconangle.com or @dvellante. You can comment on our LinkedIn posts. This is Dave Vellante for the CUBEinsights powered by ETR. Thanks for watching. And we'll see you next time. (bright upbeat music)

>> From the theCUBE studios in Palo Alto, in Boston, bringing you data-driven insights from theCUBE and ETR. This is "Breaking Analysis", with Dave Vellante. >> The recent security breach of an Okta third party supplier has been widely reported. The criticisms of Okta's response have been harsh, and the impact on Okta's value has been obvious, investors shaved about $6 billion off the company's market cap during the week the hack was made public. We believe Okta's claim that the customer technical impact was, "Near zero," may be semantically correct. However, based on customer data, we feel Okta has a blind spot. There are customer ripple effects that require clear action which are missed in Okta's public statements, in our view. Okta's product portfolio remains solid, it's a clear leader in the identity space. But in our view, one part of the long journey back to credibility requires Okta to fully understand and recognize the true scope of this breach on its customers. Hello, and welcome to this week's Wikibon "CUBE Insights", powered by ETR. In this "Breaking Analysis", we welcome our ETR colleague, Erik Bradley, to share new data from the community. Erik, welcome. >> Thank you, Dave, always enjoy being on the show, particularly when we get to talk about a topic that's not being well covered in the mainstream media in my opinion. >> Yeah, I agree, you've got some new data, and we're going to share some of that today. Let's first review the timeline of this hack. On January 20th this year, Okta got an alert that something was amiss at one of its partners, a company called Sitel, that provides low-level contact center support for Okta. The next day, Sitel retained a forensic firm to investigate, which was completed, that investigation was completed on February 28th. A report dated March 10th was created, and Okta received a summary of that from Sitel on March 17th. Five days later, Lapsus$ posted the infamous screenshots on Twitter. And later that day, sheesh, Okta got the full report from Sitel, and then responded publicly. Then the media frenzy in the back and forth ensued. So Erik, you know, there's so much wrong with this timeline, it's been picked apart by the media. But I will say this, what appeared to be a benign incident and generally has turned into a PR disaster for Okta, and I imagine Sitel as well. Who I reached out to by the way, but they did not provide a comment, whereas Okta did. We'll share that later. I mean, where do we start on this, Erik? >> It's a great question, "Where do we start?" As you know, our motto here is opinions only exist due to a lack of data, so I'm going to start with the data. What we were able to do is because we had a survey that was in the field when the news broke, is that we were able to observe the data in realtime. So we sequestered the data up until that moment when it was announced, so before March 23rd and then after March 23rd. And although most of the responses came in prior, so it wasn't as much of an end as we would've liked. It really was telling to see the difference of how the survey responses changed from before the breach was announced to after, and we can get into a little bit more- >> So let's... Sorry, sorry to interrupt, let's bring that up, let's look at some of that data. And as followers of this program know... Let me just set it up, Erik. Every quarter, ETR, they have a proprietary net score methodology to determine customer spending momentum, and that's what we're talking about here. Essentially measuring the net number of customers spending more on a particular product or platform. So apologize for interrupting, but you're on this data right here. >> Not at all. >> So take us through this. >> Yeah, so again, let's caveat. Okta is still a premier company in our work. Top five in overall security, not just in their niche, and they still remained extremely strong at the end of the survey. However, when you kind of look at that at a more of a micro analysis, what you noticed was a true difference between before March 23rd and after. Overall, their cumulative net score or proprietary spending intention score that we use, was 56% prior. That dropped to 44% during the time period after, that is a significant drop. Even a little bit more telling, and again, small sample size, I want to be very fair about that. Before March 23rd, only three of our community members indicated any indication of replacing Okta. That number went to eight afterwards. So again, small number, but a big difference when you're talking about a percentage change. >> Yeah, so that's that sort of green line that was shown there. You know, not too damaging, but definitely a noticeable downturn with the caveat that it's a small end. But here's the thing that I love working with you, we didn't stop there. You went out, you talked to customers, I talked to a number of customers. You actually organized a panel. This week, Erik hosted a deep dive on the topic with CISOs. And we have, if we could bring up that next slide, Alex. These are some of the top CISOs in the community, and I'm going to just summarize the comments and then turn it over to you, Erik. The first one was really concerning, "We heard about this in the media," ooh, ooh, ouch. Next one, "Not a huge hit, but loss of trust." "We can't just shut Okta off like SolarWinds." So there's definitely a lock in effect there. "We may need to hire new people," i.e, "There's a business impact to us beyond the technical impact." "We're rethinking contract negotiations with Okta." And bottom line, "It's still a strong solution." "We're not really worried about our Okta environment, but this is a trust and communications issue." Erik, these are painful to read, and in the end of the day, Okta has to own this. Todd McKinnon did acknowledge this. As I said at the top, there are domino business impacts that Okta may not be seeing. What are your thoughts? >> There's a lot we're going to need to get into in a little bit, and I think you were spot on earlier, when McKinnon said there was no impact. And that's not actually true, there's a lot of peripheral, derivative impact that was brought up in our panel. Before we even did the panel though, I do want to say we went out quickly to about 20 customers and asked them if they were willing to give an opinion. And it was sort of split down the middle where about, you know, half of them were saying, "You know, this is okay. We're going to stand by 'em, Okta's the best in the industry." A few were cautious, "Opinion's unchanged, but we're going to take a look deeper." And then another 40% were just flat out negative. And again, small sample size, but you don't want to see that. It's indicative of reputational damage right away. That was what led us to say, "You know what, let's go do this panel." And as you know, from reading it and looking at the panel, well, a lot of topics were brought up about the derivative impact of it. And whether that's your own, you know, having to hire people to go look into your backend to deal with and manage Okta. Whether it's cyber insurance ramifications down the road, there's a lot of aspects that need to be discussed about this. >> Yeah now, so before I go on... And by the way, I've spent a fair amount of time just parsing, listening very carefully to Todd McKinnon's commentary. He did an interview with Emily Chang, it was quite useful. But before I go on, I reached out to Okta, and they were super responsive and I appreciate that. And I do believe they're taking this seriously, here's a statement they provided to theCUBE. Quote, "As a global leader in identity, we recognize the critical role Okta plays for our customers and our customers' end users. Okta has a culture of learning and improving, and we are taking the steps to prevent this from happening again. We know trust is earned, and building back our customers' trust in Okta through our actions and our ongoing support as their secure identity partner is our top priority." Okay, so look, you know, what are you going to say, right? I mean, I think they do own it. Again, the concern is the blind spots. So we put together this visual to try to explain how Okta is describing the impact, and maybe another way to look at it. So let me walk you through this. Here's a simple way in which organizations think about the impact of a breach. What's the probability of a breach, that's the vertical axis, and what's the impact on the horizontal. Now I feel as though business impact really is the financial, you know, condition. But we've narrowed this to map to Todd McKinnon's statements of the technical impact. And they've said the technical impact in terms of things customers need to do or change, is near zero, and that's the red dot that you see there. Look, the fact is, that Okta has more than 15,000 customers, and at most, 366 were directly impacted by this. That's less than 3% of the base, and it's probably less than that, they're just being conservative. And the technical impact which Todd McKinnon described in an interview, again, with Emily Chang, was near zero in terms of actions the customers had to take on things like reporting and changes and remediation. Basically negligible. But based on the customer feedback outside of that 366, that's what we're calling that blind spot and that bracket. And then we list the items that we are hearing from customers on things that they have to do now, despite that minimal exposure. Erik, this is new information that we've uncovered through the ETR process, and there's a long list of collateral impacts that you just referred to before, actions that customers have to take, right? >> Yeah, there's a lot, and the panel really brought that to life even more than I expected to be quite honest. First of all, you're right, most of them believe that this was a minimal impact. The true damage here was reputational, and the derivatives that come from it. We had one panelist say that they now have to go hire people, because, and I hate to say this, but Okta isn't known for their best professional support. So they have to go get people now in to kind of do that themselves and manage that. That's obviously not the easiest thing to do in this environment. We had other ones express concern about, "Hey I'm an Okta customer. When I have to do my cyber insurance renewal, is my policy going to go up? Is my premium going to go up?" And it's not something that they even want to have to handle, but they do. There were a lot of concerns. One particular person didn't think the impact was minimal, and I just think it's worth bringing up. There was no demand for ransom here. So there were only two and a half percent of Okta customers that were hit, but we don't know what the second play is, right, this could just be stage one. And I think that there was one particular person on the panel who truly believes that, that could be the case, that this was just the first step. And in his opinion, there wasn't anything specific about those 366 customers that made him feel like the bad actor was targeting them. So he does believe that this might be a step one of a step two situation. Now that's a, you know, bit of an alarmist opinion and the rest of the panel didn't really echo it, but it is something that's kind of worth bringing up out there. >> Well, you know, it just pays to be paranoid. I mean, you know, it was reported that supposedly, this hack was done by a 16-year-old in England, out of his, you know, mother's house, but who knows? You know, other actors might have paid that individual to see what they could do. It could have been a little bit of reconnaissance, throw the pawn in there and see how, you know, what the response is like. So I want to parse some of Todd McKinnon's statements from that Bloomberg interview. Look, we've always, you and I both have been impressed with Okta, and Todd McKinnon's management. His decisions, execution, leadership, super impressive individual. You know, big fans of the company. And in the interview, it looked like (chuckles) the guy hadn't slept in three weeks, so really you have to feel for him. But I think there are some statements that have to be unpacked. The first one, McKinnon took responsibility and talked about how they'll be transparent about steps they're taking in the future to avoid you know, similar problems. We talked about the near-zero technical impact, we don't need to go there anymore. But Erik, the two things that struck me as communication misfires were the last two. Especially the penultimate statement there, quote, "The competitor product was at fault for this breach." You know, by the way, I believe this to be true. Evidently, Sitel was not using Okta as its identity access platform. You know, we're all trying to figure out who that is. I can tell you it definitely was not CyberArk, we're still digging to find out who. But you know, you can't say in my view, "We are taking responsibility," and then later say it was the competitor's fault. And I know that's not what he meant, but that's kind of how it came across. And even if it's true, you just don't say that later in a conversation after saying that, "We own it." Now on the last point, love your thoughts on this, Erik? My first reaction was Okta's throwing Sitel under the bus. You know, Okta's asking for forgiveness from its customers, but it just shot its partner, and I kind of get it. This shows that they're taking action but I would've preferred something like, "Look, we've suspended our use of Sitel for the time being pending a more detailed review. We've shut down that relationship to block any exposures. Our focus right now is on customers, and we'll take a look at that down the road." But I have to say in looking at the timeline, it looks like Sitel did hide the ball a little bit, and so you can't blame 'em. And you know, what are your thoughts on that? >> Well, I'll go back to my panelists again, who unanimously agreed this was a masterclass on how not to handle crisis management. And I do feel for 'em, they're a fantastic management team. The acquisition of Auth0 alone, was just such a brilliant move that you have to kind of wonder what went wrong here, they clearly were blindsided. I agree with you that Sitel was not forthcoming quickly enough, and I have a feeling that, that's what got them in this position, in a bad PR. However, you can't go ahead and fire your partner and then turn around and ask other people not to fire you. Particularly until a very thorough investigation and a root cause analysis has been released to everyone. And the customers that I have spoken to don't believe that, that is done yet. Now, when I ask them directly, "Would you consider leaving Okta?" Their answers were, "No, it is not easy to rip and replace, and we're not done doing our due diligence." So it's interesting that Okta's customers are giving them that benefit of the doubt, but we haven't seen it, you know, flow the other way with Okta's partner. >> Yeah, and that's why I would've preferred a different public posture, because who knows? I mean, is Sitel the only partner that's not using Okta as its identity management, who knows? I'd like to learn more about that. And to your point, you know, maybe Okta's got to vertically integrate here and start, you know, supporting the lower level stuff directly itself, you know, and/or tightening up those partnerships. Now of course, the impact on Okta obviously has been really serious, big hit on the stock. You know, they're piling on inflation and quantitative tightening and rate hikes. But the real damage, as we've said, is trust and reputation, which Okta has earned, and now it has to work hard to earn back. And it's unfortunate. Look, Okta was founded in 2009 and in over a decade, you know, by my count, there have been no major incidents that are obvious. And we've seen the damage that hackers can do by going after the digital supply chain and third and fourth party providers. You know, rules on disclosure is still not tight and that maybe is part of the problem here. Perhaps the new law The House just sent over to President Biden, is going to help. But the point, Erik, is Okta is not alone here. It feels like they got what looked like a benign alert. Sitel wasn't fully transparent, and Okta is kind of fumbling on the comms, which creates this spiraling effect. Look, we're going to have to wait for the real near-term and midterm impacts, but longterm, I personally believe Okta is going to be fine. But they're going to have to sacrifice some margin possibly in the near to midterm, and go through more pain to regain the loyalty of its customers. And I really would like to hear from Okta that they understand that customers, the impact of this breach to customers, actually does go beyond the 366 that were possibly compromised. Erik, I'll give you the final word. >> Yeah, there's a couple of things there if I can have a moment, and yes, Okta... Well, there was a great quote, one of the guys said, "Okta's built like a tank, but they just gave the keys to a 16 year old valet." So he said, "There is some concern here." But yes, they are best of breed, they are the leader, but there is some concern. And every one of the guys I spoke to, all CISOs, said, "This is going to come up at renewal time. At a minimum, this is leverage. I have to ask them to audit their third parties and their partners. I have to bring this up when it comes time." And then the other one that's a little bit of a concern is data-wise. We saw Ping Identity jump big, from 9% net score to 24% net score. Don't know if it's causative or correlated, but it did happen. Another thing to be concerned about out there, is Microsoft is making absolutely massive strides in security. And all four of the panelists said, "Hey, I've got an E5 license, why don't I get the most out of it? I'm at least going to look." So for Okta to say, you know, "Hey, there's no impact here," it's just not true, there is an impact, they're saying what they need to say. But there's more to this, you know, their market cap definitely got hit. But you know, I think over time if the market stabilized, we could see that recover. It's a great management team, but they did just open the door for a big, big player like Microsoft. And you and I also both know that there's a lot of emerging names out there too, that would like to, you know, take a little bit of that share. >> And you know, but here's the thing, I want to keep going here for a minute. Microsoft got hit by lapses, Nvidia got hit by lapses. But I think, Erik, I feel like people, "Oh yeah, Microsoft, they get hit all the time." They're kind of used to it with Microsoft, right? So that's why I'm saying, it's really interesting here. Customers want to consolidate their security portfolio and the number of tools that they have, you know. But then you look at something like this and you say, "Okay, we're narrowing the blast radius. You know, maybe we have to rethink that and that creates more complexity," and so it's a very complicated situation. But you know, your point about Microsoft is ironic, right. Because you know, when you see Microsoft, Amazon, you know, customers get hit all the time and it's oftentimes the fault of the customer, or the partner. And so it seems like, again, coming back to the comms of this, is that really is the one thing that they just didn't get right. >> Yeah, the biggest takeaway from this without a doubt is it's not the impact of the breach, it was the impact of their delay and how they handled it and how they managed it. That's through the course of 25 CISOs I've spoken to now, that's unanimous. It's not about that this was a huge damaging hit, but the damage really came from their reaction or lack thereof. >> Yeah, and it's unfortunate, 'cause it feels like a lot of it was sort of, I want to say out of their control because obviously they could have audited the partners. But still, I feel like they got thrown a curve ball that they really had a, you know, difficult time, you know, parsing through that. All right, hey, we got to leave it there for now. Thank you, Erik Bradley, appreciate you coming on, It's always a pleasure to have you >> Always good talking to you too, Dave, thanks a lot. >> ETR team, you guys are amazing, do some great work. I want to thank Stephanie Chan, who helps me with background research for "Breaking Analysis". Kristen Martin and Cheryl Knight, help get the word out, as do some others. Alex Myerson on production, Alex, thank you. And Rob Hof, is our EIC at SiliconANGLE. Remember, all these episodes, they are available as podcasts. Wherever you listen, just search, "Breaking Analysis podcast." I publish each week on wikibon.com and siliconangle.com. Check out etr.ai, it's the best in the business for real customer data real-time, near real-time, awesome platform. You can reach out to me at david.vellante@siliconangle.com, or @DVellante, or comment on my LinkedIn post. This is Dave Vellante, for Erik Bradley, and "theCUBE Insights", powered by ETR. Thanks for watching, be well, and we'll see you next time. (bright music)

>> From theCUBE studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> The pandemic precipitated what is shaping up to be a permanent shift in cybersecurity spending patterns. As a direct result of hybrid work, CSOs have vested heavily in endpoint security, identity access management, cloud security, and further hardening the network beyond the headquarters. We've reported on this extensively in this Breaking Analysis series. Moreover, the need to build security into applications from the start rather than bolting protection on as an afterthought has led to vastly high heightened awareness around DevSecOps. Finally, attacking security as a data problem with automation and AI is fueling new innovations in cyber products and services and startups. Hello and welcome to this week's Wikibon CUBE Insights powered by ETR. In this Breaking Analysis, we present our quarterly findings in the security industry, and share the latest ETR survey data on the spending momentum and market movers. Let's start with the most recent news in cybersecurity. Nary a week goes by without more concerning news. The latest focus in the headlines is, of course, Russia's relentless cyber attacks on critical infrastructure in the Ukraine, including banking, government websites, weaponizing information. The hacker group, BlackByte, put a double whammy on the San Francisco 49ers, meaning they exfiltrated data and they encrypted the organization's files as part of its ransomware attack. Then there's the best Super Bowl ad last Sunday, the Coinbase floating QR code. Did you catch that? As people rushed to scan the code and participate in the Coinbase Bitcoin giveaway, it highlights yet another exposure, meaning we're always told not to click on links that we don't trust or we've never seen, but so many people activated this random QR code on their smartphones that it crashed Coinbase's website. What does that tell you? In other news, Securonix raised a billion dollars. They did this raise on top of Lacework's massive $1.3 billion raise last November. Both of these companies are attacking security with data automation and APIs that can engage machine intelligence. Securonix, specifically in the announcement, mentioned the uptake from MSSPs, managed security service providers, something we've talked about in this series. And that's a trend that we see as increasingly gaining traction as customers are just drawing in and drowning in security incidents. Peter McKay's company, Snyk, acquired Fugue, a company focused on making sure security policies are consistent throughout the software development life cycle. It's a really an example of a developer-defined security approach where policy can be checked at the dev, deployment, and production phases to ensure the same policies are in place at all stages, including monitoring at runtime. Fugue, according to Crunchbase, had raised $85 million to date. In some other company news, Cisco was rumored to be acquiring Splunk for not much more than Splunk is worth today. And the talks reportedly broke down. This would be a major move in security by Cisco and underscores the pressure to consolidate. Cisco would get an extremely strong customer base and through efficiencies could improve Splunk's profitability, but it seems like the premium Cisco was willing to pay was not enough to entice board to act. Splunk board, that is. Datadog blew away its earnings, and the stock was up 12%. It's pulled back now, thanks to Putin, but it's one of those companies that is disrupting Splunk. Datadog is less than half the size of Splunk, revenue-wise, but its valuation is more than 2 1/2 times greater. Finally, Elastic, another Splunk disruptor, settled its trademark dispute with AWS, and now AWS will now stop using the name Elasticsearch. All right, let's take a high level look at how cyber companies have performed in the stock market over time. Here's a graph of the Cyber ETF, and you can see the March 1st crosshairs of 2020 signifying the start of the lockdown. The trajectory of cybersecurity stocks is shown by the orange and blue lines, and it surely has steepened post March of 2020. And, of course, it's been down with the market lately, but the run up, as you can see, was substantial and eclipsed the trajectory of the previous cycles over the last couple of years, owing much of the momentum to the spending dynamics that we talked about at our open. Let's now drill into some of the names that we've been following over the last few years and take a look at the firm level. This chart shows some data that we've been tracking since before the pandemic. The top rows show the S&P 500 and the NASDAQ prices, and the bottom rows show specific stocks. The first column is the index price or the market cap of the company just before the pandemic, then the same data one year later. Then the next column shows the peak value during the pandemic, and then the current value. Then it shows in the next column where it is today, in percentage terms, i.e., how far has it pulled back from the peak, then the delta from pre-pandemic, in other words, how much did the issue earn or lose during the pandemic for investors? We then compare the pre-pandemic revenue multiple using a trailing 12-month revenue metric. Sorry, that's what we used. It's easy to get. (laughs) And that's the revenue multiple compared to the August in 2020, when multiples were really high, and where they are today, and then a recent quarterly growth rate guide based on the last earnings report. That's the last column. Okay, so I'm throwing a lot of data at you here, but what does it tell us? First, the S&P and the NAS are well up from pre-pandemic levels, yet they're off 9% and 15%, respectively, from their peaks today. That was earlier on Friday morning. Now let's look at the names more closely. Splunk has been struggling. It definitely had a tailwind from the pandemic as all boats seem to rise, but its execution has been lacking. It's now 30% off from its pre-pandemic levels. (groans) And it's multiple is compressing, and perhaps Cisco thought it could pick up the company for a discount. Now let's talk about Palo Alto Networks. We had reported on some of the challenges the company faced moving into a cloud-friendly model. that was before the pandemic. And we talked about the divergence between Palo Alto's stock price and the valuations relative to Fortinet, and we said at the time, we fully expected Palo Alto to rebound, and that's exactly what happened. It rode the tailwinds of the last two years. It's up over 100% from its pre-COVID levels, and its revenue multiple is expanding, owing to the nice growth rates. Now Fortinet had been doing well coming into the pandemic. In fact, we said it was executing on a cloud strategy better than Palo Alto Networks, hence that divergence in valuations at the time. So it didn't get as much of a boost from the pandemic. Didn't get that momentum at first, but the company's been executing very well. And as you can see, with 155% increase in valuation since just before the pandemic, it's going more than okay for Fortinet. Now, Okta is a name that we've really followed closely, the identity access management specialist that rocketed. But since it's Auth0 acquisition, it's pulled back. Investors are concerned about its guidance and its profitability. And several analyst have downgraded their price targets on Okta. We still really like the company. The Auth0 acquisition gives Okta a developer vector, and we think the company is going hard after market presence and is willing to sacrifice short-term profitability. We actually like that posture. It's very Frank Slupin-like. This company spends a lot of money on R&D and go-to-market. The question is, does Okta have inherent profitability? The company, as they say, spends a ton in some really key areas but it looks to us like it's going to establish a footprint. It's guiding revenue CAGR in the mid-30s over the mid to long-term and near term should beat that benchmark handily. But you can see the red highlights on Okta. And even though Okta is up 59% from its pre-pandemic levels, it's far behind its peers shown in the chart, especially CrowdStrike and Zscaler, the latter being somewhat less impacted by the pullback in stocks recently, of course, due to the fears of inflation and interest rates, and, of course, Russian invasion escalation. But these high flyers, they were bound to pull back. The question is can they maintain their category leadership? And for the most part, we think they can. All right, let's get into some of the ETR data. Here's our favorite XY view with net score, or spending momentum on the Y-axis, and market share or pervasiveness in the data center on the horizontal axis. That red 40% line, that indicates a highly elevated spending level. And the chart inserts to the right, that shows how the data is plotted with net score and shared N in each of the columns by each company. Okay, so this is an eye chart, but there really are three main takeaways. One is that it's a crowded market. And this shows only the companies ETR captures in its survey. We filtered on those that had more than 50 mentions. So there's others in the ETR survey that we're not showing here, and there are many more out there which don't get reported in the spending data in the ETR survey. Secondly, there are a lot of companies above the 40% mark, and plenty with respectable net scores just below. Third, check out SentinelOne, Elastic, Tanium, Datadog, Netskope, and Darktrace. Each has under 100 N's but we're watching these companies closely. They're popping up in the survey, and they're catching our attention, especially SentinelOne, post-IPO. So we wanted to pare this back a bit and filter the data some more. So let's look at companies with more than 100 mentions in the same chart. It gets a little cleaner this picture, but it's still crowded. Auth0 leads everyone in net score. Okta is also up there, so that's very positive sign since they had just acquired Auth0. CrowdStrike SalePoint, Cyberark, CloudFlare, and Zscaler are all right up there as well. And then there's the bigger security companies. Palo Alto Network, very impressive because it's well above the 40% mark, and it has a big presence in the survey, and, of course, in the market. And Microsoft as well. They're such a big whale. They skew the data for everybody else to kind of mess up these charts. And the position of Cisco and Splunk make for an interesting combination. They get both decent net scores, not above the 40% line but they got a good presence in the survey as well. Thinking about the acquisition, Al Shugart was the CEO of of Seagate, and founder. Brilliant Silicon valley icon and engineer. Great business person. I was asking him one time, hey, you thinking about buying this company or that company? And of course, he's not going to tell me who he's thinking about buying or acquiring. He said, let me just tell you this. If you want to know what I'm thinking, ask yourself if it were free, would you take it? And he said the answer's not always obviously yes, because acquisitions can be messy and disruptive. In the case of Cisco and Splunk, I think the answer would be a definitive yes It would expand Cisco's portfolio and make it the leader in security, with an opportunity to bring greater operating leverage to Splunk. Cisco's just got to pay more if it wants that asset. It's got to pay more than the supposed $20 billion offer that it made. It's going to have to get kind of probably north of 23 billion. I pinged my ETR colleague, Erik Bradley, on this, and he generally agreed. He's very close to the security space. He said, Splunk isn't growing the customer base but the customers are sticky. I totally agree. Cisco could roll Splunk into its security suite. Splunk is the leader in that space, security information and event management, and Cisco really is missing that piece of the pie. All right, let's filter the data even more and look at some of the companies that have moved in the survey over the past year and a half. We'll go back here to July 2020. Same two-dimensional chart. And we're isolating here Auth0, Okta, SalePoint CrowdStrike, Zscaler, Cyberark, Fortinet, and Cisco. No Microsoft. That cleans up the chart. Okay, why these firms? Because they've made some major moves to the right, and some even up since last July. And that's what this next chart shows. Here's the data from the January 2022 survey. The arrow start points show the position that we just showed you earlier in July 2020, and all these players have made major moves to the right. How come? Well, it's likely a combination of strong execution, and the fact that security is on the radar of every CEO, CIO, of course, CSOs, business heads, boards of directors. Everyone is thinking about security. The market momentum is there, especially for the leaders. And it's quite tremendous. All right, let's now look at what's become a bit of a tradition with Breaking Analysis, and look at the firms that have earned four stars. Four-star firms are leaders in the ETR survey that demonstrate both a large presence, that's that X-axis that we showed you, and elevated spending momentum. Now in this chart, we filter the N's. Has to be greater than 100. And we isolate on those companies. So more than 100 responses in the survey. On the left-hand side of the chart, we sort by net score or spending velocity. On the right-hand side, we sort by shared N's or presence in the dataset. We show the top 20 for each of the categories. And the red line shows the top 10 cutoffs. Companies that show up in the top 10 for both spending momentum and presence in the data set earn four stars. If they show up in one, and make the top 10 in one, and make the top 20 in the other, they get two stars. And we've added a one-star category as honorable mention for those companies that make the top 20 in both categories. Microsoft, Palo Alto Networks, CrowdStrike, and Okta make the four-star grade. Okta makes it even without Auth0, which has the number one net score in this data set with 115 shared N to boot. So you can add that to Okta. The weighted average would pull Okta's net score to just above Cyberark's into fourth place. And its shared N would bump Okta up to third place on the right-hand side of the chart Cisco, Splunk, Proofpoint, KnowBe4, Zscaler, and Cyberark get two stars. And then you can see the honorable mentions with one star. Now thinking about a Cisco, Splunk combination. You'd get an entity with a net score in the mid-20s. Yeah, not too bad, definitely respectable. But they'd be number one on the right-hand side of this chart, with the largest market presence in the survey by far. Okay, let's wrap. The trends around hybrid work, cloud migration and the attacker escalation that continue to drive cybersecurity momentum and they're going to do so indefinitely. And we've got some bullet points here that you're seeing private companies, (laughs) they're picking up gobs of money, which really speaks to the fact that there's no silver bullet in this market. It's complex, chaotic, and cash-rich. This idea of MSSPs on the rise is going to continue, we think. About half the mid-size and large organization in the US don't have a SecOps, a security operation center, and outsourcing to one that can be tapped on a consumption basis, cloud-like, as a service just makes sense to us. We see the momentum that companies that we've highlighted over the many quarters of Breaking Analysis are forming. They're forming a strong base in the market. They're going for market share and footprint, and they're focusing on growth, at bringing in new talent. They have good balance sheets and strong management teams and we think they'll be leading companies in the future, Zscaler, CrowdStrike, Okta, SentinelOne, Cyberark, SalePoint, over time, joining the ranks of billion dollar cyber firms, when I say billion dollar, billion dollar revenue like Palo Alto Networks, Fortinet, and Splunk, if it doesn't get acquired. These independent firms that really focus on security. Which underscores the pressure and consolidation and M&A in the whole space. It's almost assured with the fragmentation of companies and so many new entrants fighting for escape velocity that this market is going to continue with robust M&A and consolidation. Okay, that's it for today. Thanks to my colleague, Stephanie Chan, who helped research this week's topics, and Alex Myerson on the production team. He also manages the Breaking Analysis podcast. Kristen Martin and Cheryl Knight, who get the word out. Thank you to all. Remember these episodes are all available as podcasts wherever you listen. All you do is search Breaking Analysis podcast. Check out ETR's website at etr.ai. We also publish a full report every week on wikibon.com and siliconangle.com. You can email me at david.vellante@siliconangle.com. @dvellante is my DM. Comment on our LinkedIn posts. This is Dave Vellante for theCUBE Insights powered by ETR. Have a great week. Be safe, be well, and we'll see you next time. (upbeat music)

>> From theCUBE Studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE and ETR, this is Breaking Analysis with Dave Vellante. >> The pandemic has changed the way we think about and predict the future. As we enter the third year of a global pandemic, we see the significant impact that it's had on technology strategy, spending patterns, and company fortunes Much has changed. And while many of these changes were forced reactions to a new abnormal, the trends that we've seen over the past 24 months have become more entrenched, and point to the way that's coming ahead in the technology business. Hello and welcome to this week's Wikibon CUBE Insights powered by ETR. In this Breaking Analysis, we welcome our partner and colleague and business friend, Erik Porter Bradley, as we deliver what's becoming an annual tradition for Erik and me, our predictions for Enterprise Technology in 2022 and beyond Erik, welcome. Thanks for taking some time out. >> Thank you, Dave. Luckily we did pretty well last year, so we were able to do this again. So hopefully we can keep that momentum going. >> Yeah, you know, I want to mention that, you know, we get a lot of inbound predictions from companies and PR firms that help shape our thinking. But one of the main objectives that we have is we try to make predictions that can be measured. That's why we use a lot of data. Now not all will necessarily fit that parameter, but if you've seen the grading of our 2021 predictions that Erik and I did, you'll see we do a pretty good job of trying to put forth prognostications that can be declared correct or not, you know, as black and white as possible. Now let's get right into it. Our first prediction, we're going to go run into spending, something that ETR surveys for quarterly. And we've reported extensively on this. We're calling for tech spending to increase somewhere around 8% in 2022, we can see there on the slide, Erik, we predicted spending last year would increase by 4% IDC. Last check was came in at five and a half percent. Gardner was somewhat higher, but in general, you know, not too bad, but looking ahead, we're seeing an acceleration from the ETR September surveys, as you can see in the yellow versus the blue bar in this chart, many of the SMBs that were hard hit by the pandemic are picking up spending again. And the ETR data is showing acceleration above the mean for industries like energy, utilities, retail, and services, and also, notably, in the Forbes largest 225 private companies. These are companies like Mars or Koch industries. They're predicting well above average spending for 2022. So Erik, please weigh in here. >> Yeah, a lot to bring up on this one, I'm going to be quick. So 1200 respondents on this, over a third of which were at the C-suite level. So really good data that we brought in, the usual bucket of, you know, fortune 500, global 2000 make up the meat of that median, but it's 8.3% and rising with momentum as we see. What's really interesting right now is that energy and utilities. This is usually like, you know, an orphan stock dividend type of play. You don't see them at the highest point of tech spending. And the reason why right now is really because this state of tech infrastructure in our energy infrastructure needs help. And it's obvious, remember the Florida municipality break reach last year? When they took over the water systems or they had the ability to? And this is a real issue, you know, there's bad nation state actors out there, and I'm no alarmist, but the energy and utility has to spend this money to keep up. It's really important. And then you also hit on the retail consumer. Obviously what's happened, the work from home shift created a shop from home shift, and the trends that are happening right now in retail. If you don't spend and keep up, you're not going to be around much longer. So I think the really two interesting things here to call out are energy utilities, usually a laggard in IT spend and it's leading, and also retail consumer, a lot of changes happening. >> Yeah. Great stuff. I mean, I recall when we entered the pandemic, really ETR was the first to emphasize the impact that work from home was going to have, so I really put a lot of weight on this data. Okay. Our next prediction is we're going to get into security, it's one of our favorite topics. And that is that the number one priority that needs to be addressed by organizations in 2022 is security and you can see, in this slide, the degree to which security is top of mind, relative to some other pretty important areas like cloud, productivity, data, and automation, and some others. Now people may say, "Oh, this is obvious." But I'm going to add some context here, Erik, and then bring you in. First, organizations, they don't have unlimited budgets. And there are a lot of competing priorities for dollars, especially with the digital transformation mandate. And depending on the size of the company, this data will vary. For example, while security is still number one at the largest public companies, and those are of course of the biggest spenders, it's not nearly as pronounced as it is on average, or in, for example, mid-sized companies and government agencies. And this is because midsized companies or smaller companies, they don't have the resources that larger companies do. Larger companies have done a better job of securing their infrastructure. So these mid-size firms are playing catch up and the data suggests cyber is even a bigger priority there, gaps that they have to fill, you know, going forward. And that's why we think there's going to be more demand for MSSPs, managed security service providers. And we may even see some IPO action there. And then of course, Erik, you and I have talked about events like the SolarWinds Hack, there's more ransomware attacks, other vulnerabilities. Just recently, like Log4j in December. All of this has heightened concerns. Now I want to talk a little bit more about how we measure this, you know, relatively, okay, it's an obvious prediction, but let's stick our necks out a little bit. And so in addition to the rise of managed security services, we're calling for M&A and/or IPOs, we've specified some names here on this chart, and we're also pointing to the digital supply chain as an area of emphasis. Again, Log4j really shone that under a light. And this is going to help the likes of Auth0, which is now Okta, SailPoint, which is called out on this chart, and some others. We're calling some winners in end point security. Erik, you're going to talk about sort of that lifecycle, that transformation that we're seeing, that migration to new endpoint technologies that are going to benefit from this reset refresh cycle. So Erik, weigh in here, let's talk about some of the elements of this prediction and some of the names on that chart. >> Yeah, certainly. I'm going to start right with Log4j top of mind. And the reason why is because we're seeing a real paradigm shift here where things are no longer being attacked at the network layer, they're being attacked at the application layer, and in the application stack itself. And that is a huge shift left. And that's taking in DevSecOps now as a real priority in 2022. That's a real paradigm shift over the last 20 years. That's not where attacks used to come from. And this is going to have a lot of changes. You called out a bunch of names in there that are, they're either going to work. I would add to that list Wiz. I would add Orca Security. Two names in our emerging technology study, in addition to the ones you added that are involved in cloud security and container security. These names are either going to get gobbled up. So the traditional legacy names are going to have to start writing checks and, you know, legacy is not fair, but they're in the data center, right? They're, on-prem, they're not cloud native. So these are the names that money is going to be flowing to. So they're either going to get gobbled up, or we're going to see some IPO's. And on the other thing I want to talk about too, is what you mentioned. We have CrowdStrike on that list, We have SentinalOne on the list. Everyone knows them. Our data was so strong on Tanium that we actually went positive for the first time just today, just this morning, where that was released. The trifecta of these are so important because of what you mentioned, under resourcing. We can't have security just tell us when something happens, it has to automate, and it has to respond. So in this next generation of EDR and XDR, an automated response has to happen because people are under-resourced, salaries are really high, there's a skill shortage out there. Security has to become responsive. It can't just monitor anymore. >> Yeah. Great. And we should call out too. So we named some names, Snyk, Aqua, Arctic Wolf, Lacework, Netskope, Illumio. These are all sort of IPO, or possibly even M&A candidates. All right. Our next prediction goes right to the way we work. Again, something that ETR has been on for awhile. We're calling for a major rethink in remote work for 2022. We had predicted last year that by the end of 2021, there'd be a larger return to the office with the norm being around a third of workers permanently remote. And of course the variants changed that equation and, you know, gave more time for people to think about this idea of hybrid work and that's really come in to focus. So we're predicting that is going to overtake fully remote as the dominant work model with only about a third of the workers back in the office full-time. And Erik, we expect a somewhat lower percentage to be fully remote. It's now sort of dipped under 30%, at around 29%, but it's still significantly higher than the historical average of around 15 to 16%. So still a major change, but this idea of hybrid and getting hybrid right, has really come into focus. Hasn't it? >> Yeah. It's here to stay. There's no doubt about it. We started this in March of 2020, as soon as the virus hit. This is the 10th iteration of the survey. No one, no one ever thought we'd see a number where only 34% of people were going to be in office permanently. That's a permanent number. They're expecting only a third of the workers to ever come back fully in office. And against that, there's 63% that are saying their permanent workforce is going to be either fully remote or hybrid. And this, I can't really explain how big of a paradigm shift this is. Since the start of the industrial revolution, people leave their house and go to work. Now they're saying that's not going to happen. The economic impact here is so broad, on so many different areas And, you know, the reason is like, why not? Right? The productivity increase is real. We're seeing the productivity increase. Enterprises are spending on collaboration tools, productivity tools, We're seeing an increased perception in productivity of their workforce. And the CFOs can cut down an expense item. I just don't see a reason why this would end, you know, I think it's going to continue. And I also want to point out these results, as high as they are, were before the Omicron wave hit us. I can only imagine what these results would have been if we had sent the survey out just two or three weeks later. >> Yeah. That's a great point. Okay. Next prediction, we're going to look at the supply chain, specifically in how it's affecting some of the hardware spending and cloud strategies in the future. So in this chart, ETRS buyers, have you experienced problems procuring hardware as a result of supply chain issues? And, you know, despite the fact that some companies are, you know, I would call out Dell, for example, doing really well in terms of delivering, you can see that in the numbers, it's pretty clear, there's been an impact. And that's not not an across the board, you know, thing where vendors are able to deliver, especially acute in PCs, but also pronounced in networking, also in firewall servers and storage. And what's interesting is how companies are responding and reacting. So first, you know, I'm going to call the laptop and PC demand staying well above pre-COVID norms. It had peaked in 2012. Pre-pandemic it kept dropping and dropping and dropping, in terms of, you know, unit volume, where the market was contracting. And we think can continue to grow this year in double digits in 2022. But what's interesting, Erik, is when you survey customers, is despite the difficulty they're having in procuring network hardware, there's as much of a migration away from existing networks to the cloud. You could probably comment on that. Their networks are more fossilized, but when it comes to firewalls and servers and storage, there's a much higher propensity to move to the cloud. 30% of customers that ETR surveyed will replace security appliances with cloud services and 41% and 34% respectively will move to cloud compute and storage in 2022. So cloud's relentless march on traditional on-prem models continues. Erik, what do you make of this data? Please weigh in on this prediction. >> As if we needed another reason to go to the cloud. Right here, here it is yet again. So this was added to the survey by client demand. They were asking about the procurement difficulties, the supply chain issues, and how it was impacting our community. So this is the first time we ran it. And it really was interesting to see, you know, the move there. And storage particularly I found interesting because it correlated with a huge jump that we saw on one of our vendor names, which was Rubrik, had the highest net score that it's ever had. So clearly we're seeing some correlation with some of these names that are there, you know, really well positioned to take storage, to take data into the cloud. So again, you didn't need another reason to, you know, hasten this digital transformation, but here we are, we have it yet again, and I don't see it slowing down anytime soon. >> You know, that's a really good point. I mean, it's not necessarily bad news for the... I mean, obviously you wish that it had no change, would be great, but things, you know, always going to change. So we'll talk about this a little bit later when we get into the Supercloud conversation, but this is an opportunity for people who embrace the cloud. So we'll come back to that. And I want to hang on cloud a bit and share some recent projections that we've made. The next prediction is the big four cloud players are going to surpass 167 billion, an IaaS and PaaS revenue in 2022. We track this. Observers of this program know that we try to create an apples to apples comparison between AWS, Azure, GCP and Alibaba in IaaS and PaaS. So we're calling for 38% revenue growth in 2022, which is astounding for such a massive market. You know, AWS is probably not going to hit a hundred billion dollar run rate, but they're going to be close this year. And we're going to get there by 2023, you know they're going to surpass that. Azure continues to close the gap. Now they're about two thirds of the size of AWS and Google, we think is going to surpass Alibaba and take the number three spot. Erik, anything you'd like to add here? >> Yeah, first of all, just on a sector level, we saw our sector, new survey net score on cloud jumped another 10%. It was already really high at 48. Went up to 53. This train is not slowing down anytime soon. And we even added an edge compute type of player, like CloudFlare into our cloud bucket this year. And it debuted with a net score of almost 60. So this is really an area that's expanding, not just the big three, but everywhere. We even saw Oracle and IBM jump up. So even they're having success, taking some of their on-prem customers and then selling them to their cloud services. This is a massive opportunity and it's not changing anytime soon, it's going to continue. >> And I think the operative word there is opportunity. So, you know, the next prediction is something that we've been having fun with and that's this Supercloud becomes a thing. Now, the reason I say we've been having fun is we put this concept of Supercloud out and it's become a bit of a controversy. First, you know, what the heck's the Supercloud right? It's sort of a buzz-wordy term, but there really is, we believe, a thing here. We think there needs to be a rethinking or at least an evolution of the term multi-cloud. And what we mean is that in our view, you know, multicloud from a vendor perspective was really cloud compatibility. It wasn't marketed that way, but that's what it was. Either a vendor would containerize its legacy stack, shove it into the cloud, or a company, you know, they'd do the work, they'd build a cloud native service on one of the big clouds and they did do it for AWS, and then Azure, and then Google. But there really wasn't much, if any, leverage across clouds. Now from a buyer perspective, we've always said multicloud was a symptom of multi-vendor, meaning I got different workloads, running in different clouds, or I bought a company and they run on Azure, and I do a lot of work on AWS, but generally it wasn't necessarily a prescribed strategy to build value on top of hyperscale infrastructure. There certainly was somewhat of a, you know, reducing lock-in and hedging the risk. But we're talking about something more here. We're talking about building value on top of the hyperscale gift of hundreds of billions of dollars in CapEx. So in addition, we're not just talking about transforming IT, which is what the last 10 years of cloud have been like. And, you know, doing work in the cloud because it's cheaper or simpler or more agile, all of those things. So that's beginning to change. And this chart shows some of the technology vendors that are leaning toward this Supercloud vision, in our view, building on top of the hyperscalers that are highlighted in red. Now, Jerry Chan at Greylock, they wrote a piece called Castles in the Cloud. It got our thinking going, and he and the team at Greylock, they're building out a database of all the cloud services and all the sub-markets in cloud. And that got us thinking that there's a higher level of abstraction coalescing in the market, where there's tight integration of services across clouds, but the underlying complexity is hidden, and there's an identical experience across clouds, and even, in my dreams, on-prem for some platforms, so what's new or new-ish and evolving are things like location independence, you've got to include the edge on that, metadata services to optimize locality of reference and data source awareness, governance, privacy, you know, application independent and dependent, actually, recovery across clouds. So we're seeing this evolve. And in our view, the two biggest things that are new are the technology is evolving, where you're seeing services truly integrate cross-cloud. And the other big change is digital transformation, where there's this new innovation curve developing, and it's not just about making your IT better. It's about SaaS-ifying and automating your entire company workflows. So Supercloud, it's not just a vendor thing to us. It's the evolution of, you know, the, the Marc Andreessen quote, "Every company will be a SaaS company." Every company will deliver capabilities that can be consumed as cloud services. So Erik, the chart shows spending momentum on the y-axis and net score, or presence in the ETR data center, or market share on the x-axis. We've talked about snowflake as the poster child for this concept where the vision is you're in their cloud and sharing data in that safe place. Maybe you could make some comments, you know, what do you think of this Supercloud concept and this change that we're sensing in the market? >> Well, I think you did a great job describing the concept. So maybe I'll support it a little bit on the vendor level and then kind of give examples of the ones that are doing it. You stole the lead there with Snowflake, right? There is no better example than what we've seen with what Snowflake can do. Cross-portability in the cloud, the ability to be able to be, you know, completely agnostic, but then build those services on top. They're better than anything they could offer. And it's not just there. I mean, you mentioned edge compute, that's a whole nother layer where this is coming in. And CloudFlare, the momentum there is out of control. I mean, this is a company that started off just doing CDN and trying to compete with Okta Mite. And now they're giving you a full soup to nuts with security and actual edge compute layer, but it's a fantastic company. What they're doing, it's another great example of what you're seeing here. I'm going to call out HashiCorp as well. They're more of an infrastructure services, a little bit more of an open-source freemium model, but what they're doing as well is completely cloud agnostic. It's dynamic. It doesn't care if you're in a container, it doesn't matter where you are. They recently IPO'd and they're down 25%, but their data looks so good across both of our emerging technology and TISA survey. It's certainly another name that's playing on this. And another one that we mentioned as well is Rubrik. If you need storage, compute, and in the cloud layer and you need to be agnostic to it, they're another one that's really playing in this space. So I think it's a great concept you're bringing up. I think it's one that's here to stay and there's certainly a lot of vendors that fit into what you're describing. >> Excellent. Thank you. All right, let's shift to data. The next prediction, it might be a little tough to measure. Before I said we're trying to be a little black and white here, but it relates to Data Mesh, which is, the ideas behind that term were created by Zhamak Dehghani of ThoughtWorks. And we see Data Mesh is really gaining momentum in 2022, but it's largely going to be, we think, confined to a more narrow scope. Now, the impetus for change in data architecture in many companies really stems from the fact that their Hadoop infrastructure really didn't solve their data problems and they struggle to get more value out of their data investments. Data Mesh prescribes a shift to a decentralized architecture in domain ownership of data and a shift to data product thinking, beyond data for analytics, but data products and services that can be monetized. Now this a very powerful in our view, but they're difficult for organizations to get their heads around and further decentralization creates the need for a self-service platform and federated data governance that can be automated. And not a lot of standards around this. So it's going to take some time. At our power panel a couple of weeks ago on data management, Tony Baer predicted a backlash on Data Mesh. And I don't think it's going to be so much of a backlash, but rather the adoption will be more limited. Most implementations we think are going to use a starting point of AWS and they'll enable domains to access and control their own data lakes. And while that is a very small slice of the Data Mesh vision, I think it's going to be a starting point. And the last thing I'll say is, this is going to take a decade to evolve, but I think it's the right direction. And whether it's a data lake or a data warehouse or a data hub or an S3 bucket, these are really, the concept is, they'll eventually just become nodes on the data mesh that are discoverable and access is governed. And so the idea is that the stranglehold that the data pipeline and process and hyper-specialized roles that they have on data agility is going to evolve. And decentralized architectures and the democratization of data will eventually become a norm for a lot of different use cases. And Erik, I wonder if you'd add anything to this. >> Yeah. There's a lot to add there. The first thing that jumped out to me was that that mention of the word backlash you said, and you said it's not really a backlash, but what it could be is these are new words trying to solve an old problem. And I do think sometimes the industry will notice that right away and maybe that'll be a little pushback. And the problems are what you already mentioned, right? We're trying to get to an area where we can have more assets in our data site, more deliverable, and more usable and relevant to the business. And you mentioned that as self-service with governance laid on top. And that's really what we're trying to get to. Now, there's a lot of ways you can get there. Data fabric is really the technical aspect and data mesh is really more about the people, the process, and the governance, but the two of those need to meet, in order to make that happen. And as far as tools, you know, there's even cataloging names like Informatica that play in this, right? Istio plays in this, Snowflake plays in this. So there's a lot of different tools that will support it. But I think you're right in calling out AWS, right? They have AWS Lake, they have AWS Glue. They have so much that's trying to drive this. But I think the really important thing to keep here is what you said. It's going to be a decade long journey. And by the way, we're on the shoulders of giants a decade ago that have even gotten us to this point to talk about these new words because this has been an ongoing type of issue, but ultimately, no matter which vendors you use, this is going to come down to your data governance plan and the data literacy in your business. This is really about workflows and people as much as it is tools. So, you know, the new term of data mesh is wonderful, but you still have to have the people and the governance and the processes in place to get there. >> Great, thank you for that, Erik. Some great points. All right, for the next prediction, we're going to shine the spotlight on two of our favorite topics, Snowflake and Databricks, and the prediction here is that, of course, Databricks is going to IPO this year, as expected. Everybody sort of expects that. And while, but the prediction really is, well, while these two companies are facing off already in the market, they're also going to compete with each other for M&A, especially as Databricks, you know, after the IPO, you're going to have, you know, more prominence and a war chest. So first, these companies, they're both looking pretty good, the same XY graph with spending velocity and presence and market share on the horizontal axis. And both Snowflake and Databricks are well above that magic 40% red dotted line, the elevated line, to us. And for context, we've included a few other firms. So you can see kind of what a good position these two companies are really in, especially, I mean, Snowflake, wow, it just keeps moving to the right on this horizontal picture, but maintaining the next net score in the Y axis. Amazing. So, but here's the thing, Databricks is using the term Lakehouse implying that it has the best of data lakes and data warehouses. And Snowflake has the vision of the data cloud and data sharing. And Snowflake, they've nailed analytics, and now they're moving into data science in the domain of Databricks. Databricks, on the other hand, has nailed data science and is moving into the domain of Snowflake, in the data warehouse and analytics space. But to really make this seamless, there has to be a semantic layer between these two worlds and they're either going to build it or buy it or both. And there are other areas like data clean rooms and privacy and data prep and governance and machine learning tooling and AI, all that stuff. So the prediction is they'll not only compete in the market, but they'll step up and in their competition for M&A, especially after the Databricks IPO. We've listed some target names here, like Atscale, you know, Iguazio, Infosum, Habu, Immuta, and I'm sure there are many, many others. Erik, you care to comment? >> Yeah. I remember a year ago when we were talking Snowflake when they first came out and you, and I said, "I'm shocked if they don't use this war chest of money" "and start going after more" "because we know Slootman, we have so much respect for him." "We've seen his playbook." And I'm actually a little bit surprised that here we are, at 12 months later, and he hasn't spent that money yet. So I think this prediction's just spot on. To talk a little bit about the data side, Snowflake is in rarefied air. It's all by itself. It is the number one net score in our entire TISA universe. It is absolutely incredible. There's almost no negative intentions. Global 2000 organizations are increasing their spend on it. We maintain our positive outlook. It's really just, you know, stands alone. Databricks, however, also has one of the highest overall net sentiments in the entire universe, not just its area. And this is the first time we're coming up positive on this name as well. It looks like it's not slowing down. Really interesting comment you made though that we normally hear from our end-user commentary in our panels and our interviews. Databricks is really more used for the data science side. The MLAI is where it's best positioned in our survey. So it might still have some catching up to do to really have that caliber of usability that you know Snowflake is seeing right now. That's snowflake having its own marketplace. There's just a lot more to Snowflake right now than there is Databricks. But I do think you're right. These two massive vendors are sort of heading towards a collision course, and it'll be very interesting to see how they deploy their cash. I think Snowflake, with their incredible management and leadership, probably will make the first move. >> Well, I think you're right on that. And by the way, I'll just add, you know, Databricks has basically said, hey, it's going to be easier for us to come from data lakes into data warehouse. I'm not sure I buy that. I think, again, that semantic layer is a missing ingredient. So it's going to be really interesting to see how this plays out. And to your point, you know, Snowflake's got the war chest, they got the momentum, they've got the public presence now since November, 2020. And so, you know, they're probably going to start making some aggressive moves. Anyway, next prediction is something, Erik, that you and I have talked about many, many times, and that is observability. I know it's one of your favorite topics. And we see this world screaming for more consolidation it's going all in on cloud native. These legacy stacks, they're fighting to stay relevant, but the direction is pretty clear. And the same XY graph lays out the players in the field, with some of the new entrants that we've also highlighted, like Observe and Honeycomb and ChaosSearch that we've talked about. Erik, we put a big red target around Splunk because everyone wants their gold. So please give us your thoughts. >> Oh man, I feel like I've been saying negative things about Splunk for too long. I've got a bad rap on this name. The Splunk shareholders come after me all the time. Listen, it really comes down to this. They're a fantastic company that was designed to do logging and monitoring and had some great tool sets around what you could do with it. But they were designed for the data center. They were designed for prem. The world we're in now is so dynamic. Everything I hear from our end user community is that all net new workloads will be going to cloud native players. It's that simple. So Splunk has entrenched. It's going to continue doing what it's doing and it does it really, really well. But if you're doing something new, the new workloads are going to be in a dynamic environment and that's going to go to the cloud native players. And in our data, it is extremely clear that that means Datadog and Elastic. They are by far number one and two in net score, increase rates, adoption rates. It's not even close. Even New Relic actually is starting to, you know, entrench itself really well. We saw New Relic's adoption's going up, which is super important because they went to that freemium model, you know, to try to get their little bit of an entrenched customer base and that's working as well. And then you made a great list here, of all the new entrants, but it goes beyond this. There's so many more. In our emerging technology survey, we're seeing Century, Catchpoint, Securonix, Lucid Works. There are so many options in this space. And let's not forget, the biggest data that we're seeing is with Grafana. And Grafana labs as yet to turn on their enterprise. Elastic did it, why can't Grafana labs do it? They have an enterprise stack. So when you look at how crowded this space is, there has to be consolidation. I recently hosted a panel and every single guy on that panel said, "Please give me a consolidation." Because they're the end users trying to actually deploy these and it's getting a little bit confusing. >> Great. Thank you for that. Okay. Last prediction. Erik, might be a little out of your wheelhouse, but you know, you might have some thoughts on it. And that's a hybrid events become the new digital model and a new category in 2022. You got these pure play digital or virtual events. They're going to take a back seat to in-person hybrids. The virtual experience will eventually give way to metaverse experiences and that's going to take some time, but the physical hybrid is going to drive it. And metaverse is ultimately going to define the virtual experience because the virtual experience today is not great. Nobody likes virtual. And hybrid is going to become the business model. Today's pure virtual experience has to evolve, you know, theCUBE first delivered hybrid mid last decade, but nobody really wanted it. We did Mobile World Congress last summer in Barcelona in an amazing hybrid model, which we're showing in some of the pictures here. Alex, if you don't mind bringing that back up. And every physical event that we're we're doing now has a hybrid and virtual component, including the pre-records. You can see in our studios, you see that the green screen. I don't know. Erik, what do you think about, you know, the Zoom fatigue and all this. I know you host regular events with your round tables, but what are your thoughts? >> Well, first of all, I think you and your company here have just done an amazing job on this. So that's really your expertise. I spent 20 years of my career hosting intimate wall street idea dinners. So I'm better at navigating a wine list than I am navigating a conference floor. But I will say that, you know, the trend just goes along with what we saw. If 35% are going to be fully remote. If 70% are going to be hybrid, then our events are going to be as well. I used to host round table dinners on, you know, one or two nights a week. Now those have gone virtual. They're now panels. They're now one-on-one interviews. You know, we do chats. We do submitted questions. We do what we can, but there's no reason that this is going to change anytime soon. I think you're spot on here. >> Yeah. Great. All right. So there you have it, Erik and I, Listen, we always love the feedback. Love to know what you think. Thank you, Erik, for your partnership, your collaboration, and love doing these predictions with you. >> Yeah. I always enjoy them too. And I'm actually happy. Last year you made us do a baker's dozen, so thanks for keeping it to 10 this year. >> (laughs) We've got a lot to say. I know, you know, we cut out. We didn't do much on crypto. We didn't really talk about SaaS. I mean, I got some thoughts there. We didn't really do much on containers and AI. >> You want to keep going? I've got another 10 for you. >> RPA...All right, we'll have you back and then let's do that. All right. All right. Don't forget, these episodes are all available as podcasts, wherever you listen, all you can do is search Breaking Analysis podcast. Check out ETR's website at etr.plus, they've got a new website out. It's the best data in the industry, and we publish a full report every week on wikibon.com and siliconangle.com. You can always reach out on email, David.Vellante@siliconangle.com I'm @DVellante on Twitter. Comment on our LinkedIn posts. This is Dave Vellante for the Cube Insights powered by ETR. Have a great week, stay safe, be well. And we'll see you next time. (mellow music)

>> From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is "Breaking Analysis" with Dave Vellante. >> When Facebook changed its name to Meta last fall, it catalyzed a chain reaction throughout the tech industry. Software firms, gaming companies, chip makers, device manufacturers, and others have joined in hype machine. Now, it's easy to dismiss the metaverse as futuristic hyperbole, but do we really believe that tapping on a smartphone, or staring at a screen, or two-dimensional Zoom meetings are the future of how we work, play, and communicate? As the internet itself proved to be larger than we ever imagined, it's very possible, and even quite likely that the combination of massive processing power, cheap storage, AI, blockchains, crypto, sensors, AR, VR, brain interfaces, and other emerging technologies will combine to create new and unimaginable consumer experiences, and massive wealth for creators of the metaverse. Hello, and welcome to this week's Wiki Bond Cube Insights, powered by ETR. In this "Breaking Analysis" we welcome in cyber expert, hacker gamer, NFT expert, and founder of ORE System, Nick Donarski. Nick, welcome, thanks so much for coming on theCUBE. >> Thank you, sir, glad to be here. >> Yeah, okay, so today we're going to traverse two parallel paths, one that took Nick from security expert and PenTester to NFTs, tokens, and the metaverse. And we'll simultaneously explore the complicated world of cybersecurity in the enterprise, and how the blockchain, crypto, and NFTs will provide key underpinnings for digital ownership in the metaverse. We're going to talk a little bit about blockchain, and crypto, and get things started there, and some of the realities and misconceptions, and how innovations in those worlds have led to the NFT craze. We'll look at what's really going on in NFTs and why they're important as both a technology and societal trend. Then, we're going to dig into the tech and try to explain why and how blockchain and NFTs are going to lay the foundation for the metaverse. And, finally, who's going to build the metaverse. And how long is it going to take? All right, Nick, let's start with you. Tell us a little bit about your background, your career. You started as a hacker at a really, really young age, and then got deep into cyber as a PenTester. You did some pretty crazy stuff. You have some great stories about sneaking into buildings. You weren't just doing it all remote. Tell us about yourself. >> Yeah, so I mean, really, I started a long time ago. My dad was really the foray into technology. I wrote my first program on an Apple IIe in BASIC in 1989. So, I like to say I was born on the internet, if you will. But, yeah, in high school at 16, I incorporated my first company, did just tech support for parents and teachers. And then in 2000 I transitioned really into security and focused there ever since. I joined Rapid7 and after they picked up Medis boy, I joined HP. I was one of their founding members of Shadowlabs and really have been part of the information security and the cyber community all throughout, whether it's training at various different conferences or talking. My biggest thing and my most awesome moments as various things of being broken into, is really when I get to actually work with somebody that's coming up in the industry and who's new and actually has that light bulb moment of really kind of understanding of technology, understanding an idea, or getting it when it comes to that kind of stuff. >> Yeah, and when you think about what's going on in crypto and NFTs and okay, now the metaverse it's you get to see some of the most innovative people. Now I want to first share a little bit of data on enterprise security and maybe Nick get you to comment. We've reported over the past several years on the complexity in the security business and the numerous vendor choices that SecOps Pros face. And this chart really tells that story in the cybersecurity space. It's an X,Y graph. We've shown it many times from the ETR surveys where the vertical axis, it's a measure of spending momentum called net score. And the horizontal axis is market share, which represents each company's presence in the data set, and a couple of points stand out. First, it's really crowded. In that red dotted line that you see there, that's 40%, above that line on the net score axis, marks highly elevated spending momentum. Now, let's just zoom in a bit and I've cut the data by those companies that have more than a hundred responses in the survey. And you can see here on this next chart, it's still very crowded, but a few call-outs are noteworthy. First companies like SentinelOne, Elastic, Tanium, Datadog, Netskope and Darktrace. They were all above that 40% line in the previous chart, but they've fallen off. They still have actually a decent presence in the survey over 60 responses, but under that hundred. And you can see Auth0 now Okta, big $7 billion acquisition. They got the highest net score CrowdStrike's up there, Okta classic they're kind of enterprise business, and Zscaler and others above that line. You see Palo Alto Networks and Microsoft very impressive because they're both big and they're above that elevated spending velocity. So Nick, kind of a long-winded intro, but it was a little bit off topic, but I wanted to start here because this is the life of a SecOps pro. They lack the talent in a capacity to keep bad guys fully at bay. And so they have to keep throwing tooling at the problem, which adds to the complexity and as a PenTester and hacker, this chaos and complexity means cash for the bad guys. Doesn't it? >> Absolutely. You know, the more systems that these organizations find to integrate into the systems, means that there's more components, more dollars and cents as far as the amount of time and the engineers that need to actually be responsible for these tools. There's a lot of reasons that, the more, I guess, hands in the cookie jar, if you will, when it comes to the security architecture, the more links that are, or avenues for attack built into the system. And really one of the biggest things that organizations face is being able to have engineers that are qualified and technical enough to be able to support that architecture as well, 'cause buying it from a vendor and deploying it, putting it onto a shelf is good, but if it's not tuned properly, or if it's not connected properly, that security tool can just hold up more avenues of attack for you. >> Right, okay, thank you. Now, let's get into the meat of the discussion for today and talk a little bit about blockchain and crypto for a bit. I saw sub stack post the other day, and it was ripping Matt Damon for pedaling crypto on TV ads and how crypto is just this big pyramid scheme. And it's all about allowing criminals to be anonymous and it's ransomware and drug trafficking. And yes, there are definitely scams and you got to be careful and lots of dangers out there, but these are common criticisms in the mainstream press, that overlooked the fact by the way that IPO's and specs are just as much of a pyramid scheme. Now, I'm not saying there shouldn't be more regulation, there should, but Bitcoin was born out of the 2008 financial crisis, cryptocurrency, and you think about, it's really the confluence of software engineering, cryptography and game theory. And there's some really powerful innovation being created by the blockchain community. Crypto and blockchain are really at the heart of a new decentralized platform being built out. And where today, you got a few, large internet companies. They control the protocols and the platform. Now the aspiration of people like yourself, is to create new value opportunities. And there are many more chances for the little guys and girls to get in on the ground floor and blockchain technology underpins all this. So Nick, what's your take, what are some of the biggest misconceptions around blockchain and crypto? And do you even pair those two in the same context? What are your thoughts? >> So, I mean, really, we like to separate ourselves and say that we are a blockchain company, as opposed to necessarily saying(indistinct) anything like that. We leverage those tools. We leverage cryptocurrencies, we leverage NFTs and those types of things within there, but blockchain is a technology, which is the underlying piece, is something that can be used and utilized in a very large number of different organizations out there. So, cryptocurrency and a lot of that negative context comes with a fear of something new, without having that regulation in place, without having the rules in place. And we were a big proponent of, we want the regulation, right? We want to do right. We want to do it by the rules. We want to do it under the context of, this is what should be done. And we also want to help write those rules as well, because a lot of the lawmakers, a lot of the lobbyists and things, they have a certain aspect or a certain goal of when they're trying to get these things. Our goal is simplicity. We want the ability for the normal average person to be able to interact with crypto, interact with NFTs, interact with the blockchain. And basically by saying, blockchain in quotes, it's very ambiguous 'cause there's many different things that blockchain can be, the easiest way, right? The easiest way to understand blockchain is simply a distributed database. That's really the core of what blockchain is. It's a record keeping mechanism that allows you to reference that. And the beauty of it, is that it's quote unquote immutable. You can't edit that data. So, especially when we're talking about blockchain, being underlying for technologies in the future, things like security, where you have logging, you have keeping, whether you're talking about sales, where you may have to have multiple different locations (indistinct) users from different locations around the globe. It creates a central repository that provides distribution and security in the way that you're ensuring your data, ensuring the validation of where that data exists when it was created. Those types of things that blockchain really is. If you go to the historical, right, the very early on Bitcoin absolutely was made to have a way of not having to deal with the fed. That was the core functionality of the initial crypto. And then you had a lot of the illicit trades, those black markets that jumped onto it because of what it could do. The maturity of the technology though, of where we are now versus say back in 97 is a much different world of blockchain, and there's a much different world of cryptocurrency. You still have to be careful because with any fed, you're still going to have that FUD that goes out there and sells that fear, uncertainty and doubt, which spurs a lot of those types of scams, and a lot of those things that target end users that we face as security professionals today. You still get mailers that go out, looking for people to give their social security number over during tax time. Snail mail is considered a very ancient technology, but it still works. You still get a portion of the population that falls for those tricks, fishing, whatever it might be. It's all about trying to make sure that you have fear about what is that change. And I think that as we move forward, and move into the future, the simpler and the more comfortable these types of technologies become, the easier it is to utilize and indoctrinate normal users, to be able to use these things. >> You know, I want to ask you about that, Nick, because you mentioned immutability, there's a lot of misconceptions about that. I had somebody tell me one time, "Blockchain's Bs," and they say, "Well, oh, hold on a second. They say, oh, they say it's a mutable, but you can hack Coinbase, whatever it is." So I guess a couple of things, one is that the killer app for blockchain became money. And so we learned a lot through that. And you had Bitcoin and it really wasn't programmable through its interface. And then Ethereum comes out. I know, you know a lot about Ether and you have solidity, which is a lot simpler, but it ain't JavaScript, which is ubiquitous. And so now you have a lot of potential for the initial ICO's and probably still the ones today, the white papers, a lot of security flaws in there. I'm sure you can talk to that, but maybe you can help square that circle about immutability and security. I've mentioned game theory before, it's harder to hack Bitcoin and the Bitcoin blockchain than it is to mine. So that's why people mine, but maybe you could add some context to that. >> Yeah, you know it goes to just about any technology out there. Now, when you're talking about blockchain specifically, the majority of the attacks happen with the applications and the smart contracts that are actually running on the blockchain, as opposed to necessarily the blockchain itself. And like you said, the impact for whether that's loss of revenue or loss of tokens or whatever it is, in most cases that results from something that was a phishing attack, you gave up your credentials, somebody said, paste your private key in here, and you win a cookie or whatever it might be, but those are still the fundamental pieces. When you're talking about various different networks out there, depending on the blockchain, depends on how much the overall security really is. The more distributed it is, and the more stable it is as the network goes, the better or the more stable any of the code is going to be. The underlying architecture of any system is the key to success when it comes to the overall security. So the blockchain itself is immutable, in the case that the owner are ones have to be trusted. If you look at distributed networks, something like Ethereum or Bitcoin, where you have those proof of work systems, that disperses that information at a much more remote location, So the more disperse that information is, the less likely it is to be able to be impacted by one small instance. If you look at like the DAO Hack, or if you look at a lot of the other vulnerabilities that exist on the blockchain, it's more about the code. And like you said, solidity being as new as it is, it's not JavaScript. The industry is very early and very infantile, as far as the developers that are skilled in doing this. And with that just comes the inexperience and the lack of information that you don't learn until JavaScript is 10 or 12 years old. >> And the last thing I'll say about this topic, and we'll move on to NFTs, but NFTs relate is that, again, I said earlier that the big internet giants have pretty much co-opted the platform. You know, if you wanted to invest in Linux in the early days, there was no way to do that. You maybe have to wait until red hat came up with its IPO and there's your pyramid scheme folks. But with crypto it, which is again, as Nick was explaining underpinning is the blockchain, you can actually participate in early projects. Now you got to be careful 'cause there are a lot of scams and many of them are going to blow out if not most of them, but there are some, gems out there, because as Nick was describing, you've got this decentralized platform that causes scaling issues or performance issues, and people are solving those problems, essentially building out a new internet. But I want to get into NFTs, because it's sort of the next big thing here before we get into the metaverse, what Nick, why should people pay attention to NFTs? Why do they matter? Are they really an important trend? And what are the societal and technological impacts that you see in this space? >> Yeah, I mean, NFTs are a very new technology and ultimately it's just another entry on the blockchain. It's just another piece of data in the database. But how it's leveraged in the grand scheme of how we, as users see it, it can be the classic idea of an NFT is just the art, or as good as the poster on your wall. But in the case of some of the new applications, is where are you actually get that utility function. Now, in the case of say video games, video games and gamers in general, already utilize digital items. They already utilize digital points. As in the case of like Call of Duty points, those are just different versions of digital currencies. You know, World of Warcraft Gold, I like to affectionately say, was the very first cryptocurrency. There was a Harvard course taught on the economy of WOW, there was a black market where you could trade your end game gold for Fiat currencies. And there's even places around the world that you can purchase real world items and stay at hotels for World of Warcraft Gold. So the adoption of blockchain just simply gives a more stable and a more diverse technology for those same types of systems. You're going to see that carry over into shipping and logistics, where you need to have data that is single repository for being able to have multiple locations, multiple shippers from multiple global efforts out there that need to have access to that data. But in the current context, it's either sitting on a shipping log, it's sitting on somebody's desk. All of those types of paper transactions can be leveraged as NFTs on the blockchain. It's just simply that representation. And once you break the idea of this is just a piece of art, or this is a cryptocurrency, you get into a world where you can apply that NFT technology to a lot more things than I think most people think of today. >> Yeah, and of course you mentioned art a couple of times when people sold as digital art for whatever, it was 60, 65 million, 69 million, that caught a lot of people's attention, but you're seeing, I mean, there's virtually infinite number of applications for this. One of the Washington wizards, tokenized portions of his contract, maybe he was creating a new bond, that's really interesting use cases and opportunities, and that kind of segues into the latest, hot topic, which is the metaverse. And you've said yourself that blockchain and NFTs are the foundation of the metaverse, they're foundational elements. So first, what is the metaverse to you and where do blockchain and NFTs, fit in? >> Sure, so, I mean, I affectionately refer to the metaverse just a VR and essentially, we've been playing virtual reality games and all the rest for a long time. And VR has really kind of been out there for a long time. So most people's interpretation or idea of what the metaverse is, is a virtual reality version of yourself and this right, that idea of once it becomes yourself, is where things like NFT items, where blockchain and digital currencies are going to come in, because if you have a manufacturer, so you take on an organization like Nike, and they want to put their shoes into the metaverse because we, as humans, want to individualize ourselves. We go out and we want to have that one of one shoe or that, t-shirt or whatever it is, we're going to want to represent that same type of individuality in our virtual self. So NFTs, crypto and all of those digital currencies, like I was saying that we've known as gamers are going to play that very similar role inside of the metaverse. >> Yeah. Okay. So basically you're going to take your physical world into the metaverse. You're going to be able to, as you just mentioned, acquire things- I loved your WOW example. And so let's stay on this for a bit, if we may, of course, Facebook spawned a lot of speculation and discussion about the concept of the metaverse and really, as you pointed out, it's not new. You talked about why second life, really started in 2003, and it's still around today. It's small, I read recently, it's creators coming back into the company and books were written in the early 90s that used the term metaverse. But Nick, talk about how you see this evolving, what role you hope to play with your company and your community in the future, and who builds the metaverse, when is it going to be here? >> Yeah, so, I mean, right now, and we actually just got back from CES last week. And the Metaverse is a very big buzzword. You're going to see a lot of integration of what people are calling, quote unquote, the metaverse. And there was organizations that were showing virtual office space, virtual malls, virtual concerts, and those types of experiences. And the one thing right now that I don't think that a lot of organizations have grasp is how to make one metaverse. There's no real player one, if you will always this yet, There's a lot of organizations that are creating their version of the metaverse, which then again, just like every other software and game vendor out there has their version of cryptocurrency and their version of NFTs. You're going to see it start to pop up, especially as Oculus is going to come down in price, especially as you get new technologies, like some of the VR glasses that look more augmented reality and look more like regular glasses that you're wearing, things like that, the easier that those technologies become as in adopting into our normal lifestyle, as far as like looks and feels, the faster that stuff's going to actually come out to the world. But when it comes to like, what we're doing is we believe that the metaverse should actually span multiple different blockchains, multiple different segments, if you will. So what ORE system is doing, is we're actually building the underlying architecture and technologies for developers to bring their metaverse too. You can leverage the ORE Systems NFTs, where we like to call our utility NFTs as an in-game item in one game, or you can take it over and it could be a t-shirt in another game. The ability for having that cross support within the ecosystem is what really no one has grasp on yet. Most of the organizations out there are using a very classic business model. Get the user in the game, make them spend their money in the game, make all their game stuff as only good in their game. And that's where the developer has you, they have you in their bubble. Our goal, and what we like to affectionately say is, we want to bring white collar tools and technology to blue collar folks, We want to make it simple. We want to make it off the shelf, and we want to make it a less cost prohibitive, faster, and cheaper to actually get out to all the users. We do it by supporting the technology. That's our angle. If you support the technology and you support the platform, you can build a community that will build all of the metaverse around them. >> Well, and so this is interesting because, if you think about some of the big names, we've Microsoft is talking about it, obviously we mentioned Facebook. They have essentially walled gardens. Now, yeah, okay, I could take Tik Tok and pump it into Instagram is fine, but they're really siloed off. And what you're saying is in the metaverse, you should be able to buy a pair of sneakers in one location and then bring it to another one. >> Absolutely, that's exactly it. >> And so my original kind of investment in attractiveness, if you will, to crypto, was that, the little guy can get an early, but I worry that some of these walled gardens, these big internet giants are going to try to co-op this. So I think what you're doing is right on, and I think it's aligned with the objectives of consumers and the users who don't want to be forced in to a pen. They want to be able to live freely. And that's really what you're trying to do. >> That's exactly it. You know, when you buy an item, say a Skin in Fortnite or Skin in Call of Duty, it's only good in that game. And not even in the franchise, it's only good in that version of the game. In the case of what we want to do is, you can not only have that carry over and your character. So say you buy a really cool shirt, and you've got that in your Call of Duty or in our case, we're really Osiris Protocol, which is our proof of concept video game to show that this all thing actually works, but you can actually go in and you can get a gun in Osiris Protocol. And if we release, Osiris Protocol two, you'll be able to take that to Osiris Protocol two. Now the benefit of that is, is you're going to be the only one in the next version with that item, if you haven't sold it or traded it or whatever else. So we don't lock you into a game. We don't lock you into a specific application. You own that, you can trade that freely with other users. You can sell that on the open market. We're embracing what used to be considered the black market. I don't understand why a lot of video games, we're always against the skins and mods and all the rest. For me as a gamer and coming up, through the many, many years of various different Call of Duties and everything in my time, I wish I could still have some this year. I still have a World of Warcraft account. I wasn't on, Vanilla, Burning Crusade was my foray, but I still have a character. If you look at it that way, if I had that wild character and that gear was NFTs, in theory, I could actually pass that onto my kid who could carry on that character. And it would actually increase in value because they're NFT back then. And then if needed, you could trade those on the open market and all the rest. It just makes gaming a much different thing. >> I love it. All right, Nick, hey, we're out of time, but I got to say, Nick Donarski, thanks so much for coming on the program today, sharing your insights and really good luck to you and building out your technology platform and your community. >> Thank you, sir, it's been an absolute pleasure. >> And thank you for watching. Remember, all these episodes are available as podcasts, just search "Breaking Analysis Podcast", and you'll find them. I publish pretty much every week on siliconangle.com and wikibond.com. And you can reach me @dvellante on Twitter or comment on my LinkedIn posts. You can always email me david.vellante@siliconangle.com. And don't forget, check out etr.plus for all the survey data. This is Dave Vellante for theCUBE Insights, powered by ETR, happy 2022 be well, and we'll see you next time. (upbeat music)

>> From The Cube Studios in Palo Alto in Boston, bringing you data-driven insights from The Cube in ETR. This is "Breaking Analysis" with Dave Vellante >> The pandemic not only accelerated the shift to digital but it also highlighted a rush of cyber criminal sophistication, collaboration, and chaotic responses by virtually every major company in the planet. The SolarWinds hack exposed supply chain weaknesses and so-called island hopping techniques that are exceedingly difficult to detect. Moreover, the will and aggressiveness of well-organized cybercriminals has elevated to the point where incident responses are now met with counter attacks, designed to both punish and extract money from victims via ransomware and other criminal activities. The only upshot is the cybersecurity market remains one of the most enduring and attractive investment sectors for those that can figure out where the market is headed and which firms are best positioned to capitalize. Hello, everyone. And welcome to this week's Wikibon Cube Insights powered by ETR. In this "Breaking Analysis" we'll provide our quarterly update of the security industry, and share new survey data from ETR and the Cube community that will help you navigate through the maze of corporate cyber warfare. We'll also share our thoughts on the game of 3D chess that Okta CEO, Todd McKinnon, is playing against the market. Now, we all know this market is complicated, fragmented and fast moving. And this next chart says it all. It's an interactive graphic from Optiv, a Denver, Colorado-based SI that's focused on cybersecurity. They've done some really excellent research and put together this awesome taxonomy, and it mapped vendor names therein. And this helps users navigate the complex security landscape. And there are over a dozen major sectors, high-level sectors within the security taxonomy and nearly 60 subsectors. From monitoring, vulnerability assessment, identity, asset management, firewalls, automation, cloud, data center, sim, threat detection and intelligent endpoint network, and so on and so on and so on. But this is a terrific resource, and going to help you understand where players fit and help you connect the dots in the space. Now let's talk about what's going on in the market. The dynamics in this crazy mess of a landscape are really confusing sometimes. Now, since the beginning of cyber time, we've talked about the increasing sophistication of the adversary, and the back and forth escalation between good and evil. And unfortunately, this trend is unlikely to stop. Here's some data from Carbon Black's annual modern bank heist report. This is the fourth, and of course now, VMware's brand, highlights the Carbon Black study since the acquisition, and to catalyze the creation of VMware's cloud security division. Destructive malware attacks, according to the recent study are up 118% from last year. Now, one major takeaway from the report is that hackers aren't just conducting wire fraud, they are. 57% of the banks surveyed, saw an increase in wire fraud, but the cybercriminals are also targeting non-public information such as future trading strategies. This allows the bad guys to front-run large block trades and profit. It's become a very lucrative practice. Now the prevalence of so-called island hopping is up 38% from already elevated levels. This is where a virus enters a company supply chain via a partner, and then often connects with other stealthy malware downstream. These techniques are more common where the malware will actually self-form with other infected parts of the supply chain and create actions with different signatures, designed to identify and exfiltrate valuable information. It's a really complex problem. Of major concern is that 63% of banking respondents in the study reported that responses to incidents were then met with retaliation designed to intimidate, or initiate ransomware tax to extract a final pound of flesh from the victim. Notably, the study found that 75% of CISOs reported to the CIO, which many feel is not the right regime. The study called for a rethinking of the right cyber regime where the CISO has increased responsibility and a direct reporting line to the CEO, or perhaps the COO, with greater exposure to boards of directors. So, many thanks to VMware and Tom Kellerman specifically for sharing this information with us this past week. Great work by your team. Now, some of the themes that we've been talking about for several quarters are shown in the lower half of the chart. Cloud, of course is the big driver thanks to work-from-home and to the pandemic. And the interesting corollary of course, is we see a rapid rethinking of end point and identity access management, and the concept of zero trust. In a recent ESG survey, two thirds of respondents said that their use of cloud computing necessitated a change in how they approach identity access management. Now, as shown in the chart from Optiv, the market remains highly fragmented, and M&A is of course, way up. Now, based on our research, it looks like transaction volume has increased more than 40% just in the last five months. So let's dig into the M&A, the merger and acquisition trends for just a moment. We took a five-month snapshot and we were able to count about 80 deals that were completed in that timeframe. Those transactions represented more than $20 billion in value. Some of the larger ones are highlighted here. The biggest of course, being the Thoma Bravo, taking Proofpoint private for a $12 plus billion price tag. The stock went from the low 130s and is trading in the low 170s based on the $176 per share offer. So there's your arbitrage, folks. Go for it. Perhaps the more interesting acquisition was Auth0 by Optiv for 6.5 billion, which we're going to talk about more in a moment. There was more private equity action we saw as Insight bought Armis, an IOT security play, and Cisco shelled out $730 million for IMImobile, which is more of an adjacency to cyber, but it's going to go under Cisco security and applications business run by Jeetu Patel. But these are just the tip of the iceberg. Some of the themes that we see connecting the dots of these acquisitions are first, SIs like Accenture, Atos and Wipro are making moves in cyber to go local. They're buying SecOps expertise, as I say, locally in places like France, Germany, Netherlands, Canada, and Australia, that last mile, that belly to belly intimate service. Israeli-based startups chocked up five acquired companies in the space over the last five months. Also financial services firms are getting into the act with Goldman and MasterCard making moves to own its own part of the stack themselves to combat things like fraud and identity theft. And then finally, numerous moves to expand markets. Okta with Auth0, CrowdStrike buying a log management company, Palo Alto, picking up dev ops expertise, Rapid7 shoring up it's Coobernetti's chops, Tenable expanding beyond Insights and going after identity, interesting. Fortinet filling gaps in a multi-cloud offering. SailPoint extending to governance risk and compliance, GRC. Zscaler picked up an Israeli firm to fill gaps in access control. And then VMware buying Mesh7 to secure modern app development and distribution service. So tons and tons of activity here. Okay, so let's look at some of the ETR data to put the cyber market in context. ETR uses the concept of market share, it's one of the key metrics which is a measure of pervasiveness in the dataset. So for each sector, it calculates the number of respondents for that sector divided by the total to get a sense for how prominent the sector is within the CIO and IT buyer communities. Okay, this chart shows the full ETR sector taxonomy with security highlighted across three survey periods; April last year, January this year, and April this year. Now you wouldn't expect big moves in market share over time. So it's relatively stable by sector, but the big takeaway comes from observing which sectors are most prominent. So you see that red line, that dotted line imposed at the 60% level? You can see there are only six sectors above that line and cyber security is one of them. Okay, so we know that security is important in a large market. But this puts it in the context of the other sectors. However, we know from previous breaking analysis episodes that despite the importance of cyber, and the urgency catalyzed by the pandemic, budgets unfortunately are not unlimited, and spending is bounded. It's not an open checkbook for CSOs as shown in this chart. This is a two-dimensional graphic showing market share in the horizontal axis, or pervasiveness in net score in the vertical axis. Net score is ETR's measurement of spending velocity. And we've superimposed a red line at 40% because anything over 40%, we consider extremely elevated. We've filtered and limited the number of sectors to simplify the graphic. And you can see, in the sectors that we've highlighted, only the big four are above that 40% line; AI, containers, RPA, and cloud. They exceed that sort of 40% magic waterline. Information security, you can see that as highlighted and it's respectable, but it competes for budget with other important sectors. So this is of course creates challenges for organization, because not only are they strapped for talent as we've reported, they like everyone else in IT face ongoing budget pressures. Research firm, Cybersecurity Ventures estimates that in 2021, $6 trillion worldwide will be lost on cyber crime. Conversely, research firm, Cannolis peg security spending somewhere around $60 billion annually. IDC has at higher, around $100 billion. So either way, we're talking about spending between 1 to 1.6% annually of how much the bad guys are taking out. That's peanuts really when you consider the consequences. So let's double-click into the cyber landscape a bit and further look at some of the companies. Here's that same X/Y graphic with the companies ETR captures from respondents in the cybersecurity sector. That's what's shown on the chart here. Now, the usefulness of the red lines is 20% on the horizontal indicates the largest presence in the survey, and the magic 40% line that we talked about earlier shows those firms with the most elevated momentum. Only Microsoft and Palo Alto exceed both high watermarks. Of course, Splunk and Cisco are prominent horizontally. And there are numerous companies to the left of the 20% line and many above that 40% high watermark on the vertical axis. Now in the bottom left quadrant, that includes many of the legacy names that have been around for a long time. And there are dozens of companies that show spending momentum on their platforms, i.e above single digits. So that picture is like the first one we showed you, very, very crowded space. But so let's filter it a bit and only include companies in the ETR survey that had at least 100 responses. So an N of 100 or greater. So it was a little easier to read but still it's kind of crowded when you think about it. Okay, so same graphic, and we've superimposed the data that determined the plot position over in the bottom right there. So there's net score and shared in, including only companies with more than 100 N. So what does this data tell us about the market? Well, Microsoft is dominant as always, it seems in all dimensions but let's focus on that red line for a moment. Some of the names that we've highlighted over the past two years show very well here. First, I want to talk about Palo Alto Networks. Pre-COVID as you might recall, we highlighted the valuation divergence between Palo Alto and Fortinet. And we said Fortinet was executing better on its cloud strategy, and Palo Alto was at the time struggling with the transition especially with its go-to-market and its Salesforce compensation, and really refreshing its portfolio. But we told you that we were bullish on Palo Alto Networks at the time because of its track record, and the fact that CIOs consistently told us that they saw Palo Alto as a thought leader in the space that they wanted to work with. They said that Palo Alto was the gold standard, the best, especially larger company CISOs. So that gave us confidence that Palo Alto, a very well-run company was going to get its act together and perform better. And Palo Alto has just done just that. As we expected, they've done very well and rapidly moving customers to the next generation of platforms. And we're very impressed by the company's execution. And the stock has generally reflected that. Now, some other names that hit our radar in the ETR data a couple of years ago, continue to perform well. CrowdStrike, Zscaler, SailPoint, and CloudFlare. Now, CloudFlare just reported and beat earnings but was off, the stock fell on headwinds for tech overall, the big rotation. But the company is doing very well and they're growing rapidly and they have momentum as you can see from the ETR data. Now, we put that double star around Proofpoint to highlight that it was worthy of fetching $12.5 billion from private equity firm. So nice exit there, supporting the continued consolidation trend that we've predicted in cybersecurity. Now let's turn our attention to Okta and Auth0. This is where it gets interesting, and is a clever play for Okta we think, and we want to drill into it a bit. Okta is acquiring Auth0 for big money. Why? Well, we think Todd McKinnon, Okta CEO, wants to run the table on identity and then continue to expand as TAM has to do that, to justify his lofty valuation. So Okta's ascendancy around identity and single sign-on is notable. The fragmented pictures that we've shown you, they scream out for simplification and trust, and that's what Okta brings. But it competes with some major players, most notably Microsoft with active directory. So look, of course, Microsoft is going to dominate in its massive customer base, but the rest of the market, that's like (indistinct) wide open. And we think McKinnon saw the opportunity to go dominate that sector. Now Okta comes at this from an enterprise perspective bringing top-down trust to the equation, and throwing a big blanket over all the discreet SaaS platforms and unifying employee access. Okta's timing was perfect. It was founded in 2009, just as the massive SaaSifiation trend was happening around CRM and HR, and service management and cloud, et cetera. But the one thing that Okta didn't have that Auth0 does is serious developer chops. While Okta was crushing it with its enterprise sales strategy, Auth0 was laser-focused on developers and building a bottoms up approach to identity. By acquiring Auth0, Okta can dominate both sides of the barbell and then capture the fat middle. So yes, it's a pricey acquisition, but in our view, it's a great move by McKinnon. Now, I don't know McKinnon personally, but last week I spoke to Arun Shrestha, who's the CEO of security specialist, BeyondID, they're a platinum services partner of Okta. And they're a zero trust expert. He worked for Okta for a number of years and shared with me a bit about McKinnon's style, and think big approach. Arun said something that caught my attention. He said, firewalls used to be the perimeter, now people are. And while that's self-serving to Okta and probably BeyondID, it's true. People, apps and data are the new perimeter, and they're not in one location. And that's the point. Now, unfortunately, I had lined up an interview with Diya Jolly, who was the chief product officer at Okta and a Cube alum for this past week, knowing that we were running this segment in this episode but she unfortunately fell ill the day of our interview and had to cancel. But I want to follow up with her, and understand how she's thinking about connecting the dots with Auth0 with devs and enterprises and really test our thesis there. This is a really interesting chess match that's going on. Let's look a little deeper into that identity space. This chart here shows some of the major identity players. It has some of the leaders in the identity market, and is a breakdown at ETR's net score. Now net score comprises five elements. The lime green is, we're adding the platform new. The forest green is we're spending 6% or more relative to last year. The gray is flat send plus or minus flat spend, plus or minus 5%. The pinkish is spending less. And the bright red is we're exiting the platform, retiring. Now you subtract the red from the green, and that gets you the result for net score which you can see super-imposed on the right hand chart at the bottom, that first column there. The far column is shared in which informs and indicates the number of responses and is a proxy for presence in the market. Oh, look at the top two players in terms of spending momentum. Now SailPoint is right there, but Auth0 combined with Okta's distribution channel will extend Okta's lead significantly in our view. And then there's Microsoft. Now just a caveat, this includes all of Microsoft's security offerings, not just identity, but it's there for context. And CyberArk as well includes this acquisition of adaptive, but also other parts of CyberArk's portfolio. So you can see some of the other names that are there, many of which you'll find in the Gartner magic quadrant for identity. And as we said, we really like this move by Okta. It combines positive market forces with lead offerings from very well-run companies that have winning DNA and passionate people. Now, to further emphasize what's happening here, take a look at this. This chart shows ETR data for Okta within SailPoint and CyberArk accounts. Out of the 230 CyberArk and SailPoint customers in the dataset, there are 81 Okta accounts. That's a 35% overlap. And the good news for Okta is that within that base of SailPoint and CyberArk accounts, Okta is shown by the net score line, that green line has a very elevated spending in momentum. And the kicker is, if you read the fine print in the right hand column, ETR correctly points out that while SailPoint and CyberArk have long been partners with Okta, at the recent Octane21 event, Okta's big customer event, The company announced that it was expanding into privileged access management, PAM, and identity governance. Hello, and welcome to co-opetition in the 2020s. Now, our current thinking is that this bodes very well for Okta and CyberArk and SailPoint. Well, they're going to have to make some counter moves to fend off the onslaught that is coming. Now, let's wrap up with what has become a tradition in our quarterly security updates. Looking at those two dimensions of net score and market share, we're going to see which companies crack the top 10 for both measures within the ETR dataset. We do this every quarter. So here in the left, we have the top 20, sorted by net score spending momentum and on the right, we sort by shared N. So it's again, top 20, which informs, shared N informs the market share metric or presence in the dataset. That red horizontal lines, those two lines on each separate the top 10 from the remaining 10 within those top 20. And our method, what we do is we assign four stars to those companies that crack the top 10 for both metrics. So again, you see Microsoft, Palo Alto Networks, Okta, CrowdStrike, and Fortinet. Fortinet by the way, didn't make it last quarter. They've kind of been in and out and on the bubble, but company is very strong, and doing quite well. Only the other four did last quarter. They were the same for last quarter. And we give two stars to those companies that make it in both categories within the top 20 but didn't make the top 10. So Cisco, Splunk, which has been steadily decelerating from a spending momentum standpoint, and Zscaler, which is just on the cusp. We really like Zscaler and the company has great momentum, but that's the methodology. That is what it is. Now you can see, we kept Carbon Black on the right most chart, it's like kind of cut off, it's number 21. Only because they're just outside looking in on net score. You see them there, they're just below on net score, number 11. And VMware's presence in the market we think, that Carbon Black is right really worth paying attention to. Okay, so we're going to close with some summary and final thoughts. Last quarter, we did a deeper dive on the SolarWinds hack, and we think the ramifications are significant. It has set the stage for a new era of escalation and adversary sophistication. Now, major change we see is a heightened awareness that when you find intruders, you'd better think very carefully about your next moves. When someone breaks into your house, if the dog barks, or if you come down with a baseball bat or other weapon, you might think the intruder is going to flee. But if the criminal badly wants what you have in your house and it's valuable enough, you might find yourself in a bloody knife fight or worse. Well, what's happening is intruders come to your company via island hopping or insider subterfuge or whatever method. And they'll live off the land stealthily using your own tools against you so that you can't find them so easily. So instead of injecting new tools in that send off an alert, they just use what you already have there. That's what's called living off the land. They'll steal sensitive data, for example, positive COVID test results when that was really, really sensitive, obviously still is, or other medical data. And when you retaliate, they will double-extort you. They'll encrypt your data and hold it for ransom, and at the same time threaten to release the sensitive information, crushing your brand in the process. So your response must be as stealthy as their intrusion, as you marshal your resources and devise an attack plan. And you face serious headwinds. Not only is this a complicated situation, there's your ongoing and acute talent shortage that you tell us about all the time. Many companies are mired in technical debt, that's an additional challenge. And then you've got to balance the running of the business while actually effecting a digital transformation. That's very, very difficult, and it's risky because the more digital you become, the more exposed you are. So this idea of zero trust, people used to call it a buzzword, it's now a mandate along with automation. Because you just can't throw labor at the problem. This is all good news for investors as cyber remains a market that's ripe for valuation increases and M&A activity, especially if you know where to look. Hopefully we've helped you squint through the maze a little bit. Okay, that's it for now. Thanks to the community for your comments and insights. Remember I publish each week on wikibon.com and siliconangle.com. These episodes, they're all available as podcasts. All you got to do is search breaking analysis podcasts, put in the headphones, listen when you're in your car, or out for your walk or run, and you can always connect on Twitter @DVellante, or email me at david.vellante@siliconangle.com. I appreciate the comments on LinkedIn and in Clubhouse, please follow me, so you're notified when we start a room and riff on these topics and others. And don't forget to check out etr.plus for all the survey data. This is Dave Vellante for The Cube Insights powered by ETR. Be well, and we'll see you next time. (light instrumental music)

>> Announcer: From theCUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is a CUBE conversation. >> As you may recall, coming into the second part of 2019 we reported, based on ETR Survey data, that there was a narrowing of spending on emerging tech and an unplugging of a lot of legacy systems. This was really because people were going from experimentation into operationalizing their digital initiatives. When COVID hit, conventional wisdom suggested that there would be a flight to safety. Now, interestingly, we reported with Eric Bradley, based on one of the Venns, that a lot of CIOs were still experimenting with emerging vendors. But this was very anecdotal. Today, we have more data, fresh data, from the ETR Emerging Technology Study on private companies, which really does suggest that there's a notable decline in experimentation, and that's affecting emerging technology vendors. Hi, everybody, this is Dave Vellante, and welcome to this week's Wikibon Cube Insights, powered by ETR. Once again, Sagar Kadakia is joining us. Sagar is the Director of Research at ETR. Sagar, good to see you. Thanks for coming on. >> Good to see you again. Thanks for having me, Dave. >> So, it's really important to point out, this Emerging Tech Study that you guys do, it's different from your quarterly Technology Spending Intention Survey. Take us through the methodology. Guys, maybe you could bring up the first chart. And, Sagar, walk us through how you guys approach this. >> No problem. So, a lot of the viewers are used to seeing a lot of the results from the Technology Spending Intention Survey, or the TSIS, as we call it. That study, as the title says, it really tracks spending intentions on more pervasive vendors, right, Microsoft, AWS, as an example. What we're going to look at today is our Emerging Technology Study, which we conduct biannually, in May and November. This study is a little bit different. We ask CIOs around evaluations, awareness, planned evaluations, so think of this as pre-spend, right. So that's a major differentiator from the TSIS. That, and this study, really focuses on private emerging providers. We're really only focused on those really emerging private companies, say, like your Series B to Series G or H, whatever it may be, so, two big differences within those studies. And then today what we're really going to look at is the results from the Emerging Technology Study. Just a couple of quick things here. We had 811 CIOs participate, which represents about 380 billion in annual IT spend, so the results from this study matter. We had almost 75 Fortune 100s take it. So, again, we're really measuring how private emerging providers are doing in the largest organizations. And so today we're going to be reviewing notable sectors, but largely this survey tracks roughly 356 private technologies and frameworks. >> All right, guys, bring up the pie chart, the next slide. Now, Sagar, this is sort of a snapshot here, and it basically says that 44% of CIOs agree that COVID has decreased the organization's evaluation and utilization of emerging tech, despite what I mentioned, Eric Bradley's Venn, which suggested one CIO in particular said, "Hey, I always pick somebody in the lower left "of the magic quadrant." But, again, this is a static view. I know we have some other data, but take us through this, and how this compares to other surveys that you've done. >> No problem. So let's start with the high level takeaways. And I'll actually kind of get into to the point that Eric was debating, 'cause that point is true. It's just really how you kind of slice and dice the data to get to that. So, what you're looking at here, and what the overall takeaway from the Emerging Technology Study was, is, you know, you are going to see notable declines in POCs, of proof-of-concepts, any valuations because of COVID-19. Even though we had been communicating for quite some time, you know, the last few months, that there's increasing pressure for companies to further digitize with COVID-19, there are IT budget constraints. There is a huge pivot in IT resources towards supporting remote employees, a decrease in risk tolerance, and so that's why what you're seeing here is a rather notable number of CIOs, 44%, that said that they are decreasing their organization's evaluation and utilization of private emerging providers. So that is notable. >> Now, as you pointed out, you guys run this survey a couple of times a year. So now let's look at the time series. Guys, if you bring up the next chart. We can see how the sentiment has changed since last year. And, of course, we're isolating here on some of larger companies. So, take us through what this data means. >> No problem. So, how do we quantify what we just saw in the prior slide? We saw 44% of CIOs indicating that they are going to be decreasing their evaluations. But what exactly does that mean? We can pretty much determine that by looking at a lot of the data that we captured through our Emerging Technology Study. There's a lot going on in this slide, but I'll walk you through it. What you're looking at here is Fortune 1000 organizations, so we've really isolated the data to those organizations that matter. So, let's start with the teal, kind of green line first, because I think it's a little bit easier to understand. What you're looking at, Fortune 1000 evaluations, both planned and current, okay? And you're looking at a time series, one year ago and six months ago. So, two of the answer options that we provide CIOs in this survey, right, think about the survey as a grid, where you have seven answer options going horizontally, and then 300-plus vendors and technologies going vertically. For any given vendor, they can essentially indicate one of these options, two of them being on currently evaluating them or I plan to evaluate them in six months. So what you're looking at here is effectively the aggregate number, or the average number of Fortune 1000 evaluations. So if you look into May 2019, all the way on the left of that chart, that 24% roughly means that a quarter of selections made by Fortune 1000 of the survey, they selected plan to evaluate or currently evaluating. If you fast-forward six months, to the middle of the chart, November '19, it's roughly the same, one in four technologies that are Fortune 1000 selected, they indicated that I plan or am currently evaluating them. But now look at that big drop off going into May 2020, the 17%, right? So now one out of every six technologies, or one out of every selections that they made was an evaluation. So a very notable drop. And then if you look at the blue line, this is another answer option that we provided CIOs: I'm aware of the technology but I have no plans to evaluate. So this answer option essentially tracks awareness levels. If you look at the last six months, look at that big uptick from 44% to over 50%, right? So now, essentially one out of every two technologies, or private technologies that a CIO is aware of, they have no plans to evaluate. So this is going to have an impact on the general landscape, when we think about those private emerging providers. But there is one caveat, and, Dave, this is what you mentioned earlier, this is what Eric was talking about. The providers that are doing well are the ones that are work-from-home aligned. And so, just like a few years ago, we were really analyzing results based on are you cloud-native or are you Cloud-aligned, because those technologies are going to do the best, what we're seeing in the emerging space is now the same thing. Those emerging providers that enable organizations to maintain productivity for their employees, essentially allowing their employees to work remotely, those emerging providers are still doing well. And that is probably the second biggest takeaway from this study. >> So now what we're seeing here is this flight to perceive safety, which, to your point, Sagar, doesn't necessarily mean good news for all enterprise tech vendors, but certainly for those that are positioned for the work-from-home pivot. So now let's take a look at a couple of sectors. We'll start with information security. We've reported for years about how the perimeter's been broken down, and that more spend was going to shift from inside the moat to a distributed network, and that's clearly what's happened as a result of COVID. Guys, if you bring up the next chart. Sagar, you take us through this. >> No problem. And as you imagine, I think that the big theme here is zero trust. So, a couple of things here. And let me just explain this chart a little bit, because we're going to be going through a couple of these. What you're seeing on the X-axis here, is this is effectively what we're classifying as near term growth opportunity from all customers. The way we measure that effectively is we look at all the evaluations, current evaluations, planned evaluations, we look at people who are evaluated and plan to utilize these vendors. The more indications you get on that the more to the top right you're going to be. The more indications you get around I'm aware of but I don't plan to evaluate, or I'm replacing this early-stage vendor, the further down and on the left you're going to be. So, on the X-axis you have near term growth opportunity from all customers, and on the Y-axis you have near term growth opportunity from, really, the biggest shops in the world, your Global 2000, your Forbes Private 225, like Cargill, as an example, and then, of course, your federal agencies. So you really want to be positioned up and to the right here. So, the big takeaway here is zero trust. So, just a couple of things on this slide when we think about zero trust. As organizations accelerate their Cloud and Saas spend because of COVID-19, and, you know, what we were talking about earlier, Dave, remote work becomes the new normal, that perimeter security approach is losing appeal, because the perimeter's less defined, right? Apps and data are increasingly being stored in the Cloud. That, and employees are working remotely from everywhere, and they're accessing all of these items. And so what we're seeing now is a big move into zero trust. So, if we look at that chart again, what you're going to see in that upper right quadrant are a lot of identity and access management players. And look at the bifurcation in general. This is what we were talking about earlier in terms of the landscape not doing well. Most security vendors are in that red area, you know, in the middle to the bottom. But if you look at the top right, what are you seeing here? Unify ID, Auth0, WSO2, right, all identity and access management players. These are critical in your zero trust approach, and this is one of the few area where we are seeing upticks. You also see here BitSight, Lucideus. So that's going to be security assessment. You're seeing VECTRA and Netskope and Darktrace, and a few others here. And Cloud Security and IDPS, Intrusion Detection and Prevention System. So, very few sectors are seeing an uptick, very few security sectors actually look pretty good, based on opportunities that are coming. But, essentially, all of them are in that work-from-home aligned security stack, so to speak. >> Right, and of course, as we know, as we've been reporting, buyers have options, from both established companies and these emerging companies that are public, Okta, CrowdStrike, Zscaler. We've seen the work-from-home pivot benefit those guys, but even Palo Alto Networks, even CISCO, I asked (other speaker drowns out speech) last week, I said, "Hey, what about this pivot to work from home? "What about this zero trust?" And he said, "Look, the reality is, yes, "a big part of our portfolio is exposed "to that traditional infrastructure, "but we have options for zero trust as well." So, from a buyer's standpoint, that perceived flight to safety, you have a lot of established vendors, and that clearly is showing up in your data. Now, the other sector that we want to talk about is database. We've been reporting a lot on database, data warehouse. So, why don't you take us through the next graphic here, if you would. >> Sagar: No problem. So, our theme here is that Snowflake is really separating itself from the pack, and, again, you can see that here. Private database and data warehousing vendors really continue to impact a lot of their public peers, and Snowflake is leading the way. We expect Snowflake to gain momentum in the next few years. And, look, there's some rumors that IPOing soon. And so when we think about that set-up, we like it, because as organizations transition away from hybrid Cloud architectures to 100% or near-100% public Cloud, Snowflake is really going to benefit. So they look good, their data stacks look pretty good, right, that's resiliency, redundancy across data centers. So we kind of like them as well. Redis Labs bring a DB and they look pretty good here on the opportunity side, but we are seeing a little bit of churn, so I think probably Snowflake and DataStax are probably our two favorites here. And again, when you think about Snowflake, we continue to think more pervasive vendors, like Paradata and Cloudera, and some of the other larger database firms, they're going to continue seeing wallet and market share losses due to some of these emerging providers. >> Yeah. If you could just keep that slide up for a second, I would point out, in many ways Snowflake is kind of a safer bet, you know, we talk about flight to safety, because they're well-funded, they're established. You can go from zero to Snowflake very quickly, that's sort of their mantra, if you will. But I want to point out and recognize that it is somewhat oranges and tangerines here, Snowflake being an analytical database. You take MariaDB, for instance, I look at that, anyway, as relational and operational. And then you mentioned DataStax. I would say Couchbase, Redis Labs, Aerospike. Cockroach is really a... EValue Store. You've got some non-relational databases in there. But we're looking at the entire sector of databases, which has become a really interesting market. But again, some of those established players are going to do very well, and I would put Snowflake on that cusp. As you pointed out, Bloomberg broke the story, I think last week, that they were contemplating an IPO, which we've known for a while. >> Yeah. And just one last thing on that. We do like some of the more pervasive players, right. Obviously, AWS, all their products, Redshift and DynamoDB. Microsoft looks really good. It's just really some of the other legacy ones, like the Teradatas, the Oracles, the Hadoops, right, that we are going to be impacted. And so the claw providers look really good. >> So, the last decade has really brought forth this whole notion of DevOps, infrastructure as code, the whole API economy. And that's the piece we want to jump into now. And there are some real stand-outs here, you know, despite the early data that we showed you, where CIOs are less prone to look at emerging vendors. There are some, for instance, if you bring up the next chart, guys, like Hashi, that really are standing out, aren't they? >> That's right, Dave. So, again, what you're seeing here is you're seeing that bifurcation that we were talking about earlier. There are a lot of infrastructure software vendors that are not positioned well, but if you look at the ones at the top right that are positioned well... We have two kind of things on here, starting with infrastructure automation. We think a winner here is emerging with Terraform. Look all the way up to the right, how well-positioned they are, how many opportunities they're getting. And for the second straight survey now, Terraform is leading along their peers, Chef, Puppet, SaltStack. And they're leading their peers in so many different categories, notably on allocating more spend, which is obviously very important. For Chef, Puppet and SaltStack, which you can see a little bit below, probably a little bit higher than the middle, we are seeing some elevator churn levels. And so, really, Terraform looks like they're kind of separating themselves. And we've got this great quote from the CIO just a few months ago, on why Terraform is likely pulling away, and I'll read it out here quickly. "The Terraform tool creates "an entire infrastructure in a box. "Unlike vendors that use procedural languages, "like Ants, Bull and Chef, "it will show you the infrastructure "in the way you want it to be. "You don't have to worry about "the things that happen underneath." I know some companies where you can put your entire Amazon infrastructure through Terraform. If Amazon disappears, if your availability drops, load balancers, RDS, everything, you just run Terraform and everything will be created in 10 to 15 minutes. So that shows you the power of Terraform and why we think it's ranked better than some of the other vendors. >> Yeah, I think that really does sum it up. And, actually, guys, if you don't mind bringing that chart back up again. So, a point out, so, Mitchell Hashimoto, Hashi, really, I believe I'm correct, talking to Stu about this a little bit, he sort of led the Terraform project, which is an Open Source project, and, to your point, very easy to deploy. Chef, Puppet, Salt, they were largely disrupted by Cloud, because they're designed to automate deployment largely on-prem and DevOps, and now Terraform sort of packages everything up into a platform. So, Hashi actually makes money, and you'll see it on this slide, and things, Vault, which is kind of their security play. You see GitLab on here. That's really application tooling to deploy code. You see Docker containers, you know, Docker, really all about open source, and they've had great adoption, Docker's challenge has always been monetization. You see Turbonomic on here, which is application resource management. You can't go too deep on these things, but it's pretty deep within this sector. But we are comparing different types of companies, but just to give you a sense as to where the momentum is. All right, let's wrap here. So maybe some final thoughts, Sagar, on the Emerging Technology Study, and then what we can expect in the coming month here, on the update in the Technology Spending Intention Study, please. >> Yeah, no problem. One last thing on the zero trust side that has been a big issue that we didn't get to cover, is VPN spend. Our data is pointing that, yes, even though VPN spend did increase the last few months because of remote work, we actually think that people are going to move away from that as they move onto zero trust. So just one last point on that, just in terms of overall thoughts, you know, again, as we cover it, you can see how bifurcated all these spaces are. Really, if we were to go sector by sector by sector, right, storage and block chain and MLAI and all that stuff, you would see there's a few or maybe one or two vendors doing well, and the majority of vendors are not seeing as many opportunities. And so, again, are you work-from-home aligned? Are you the best vendor of all the other emerging providers? And if you fit those two criteria then you will continue seeing POCs and evaluations. And if you don't fit that criteria, unfortunately, you're going to see less opportunities. So think that's really the big takeaway on that. And then, just in terms of next steps, we're already transitioning now to our next Technology Spending Intention Survey. That launched last week. And so, again, we're going to start getting a feel for how CIOs are spending in 2H-20, right, so, for the back half of the year. And our question changes a little bit. We ask them, "How do you plan on spending in the back half year "versus how you actually spent "in the first half of the year, or 1H-20?" So, we're kind of, tighten the screw, so to speak, and really getting an idea of what's spend going to look like in the back half, and we're also going to get some updates as it relates to budget impacts from COVID-19, as well as how vendor-relationships have changed, as well as business impacts, like layoffs and furloughs, and all that stuff. So we have a tremendous amount of data that's going to be coming in the next few weeks, and it should really prepare us for what to see over the summer and into the fall. >> Yeah, very excited, Sagar, to see that. I just wanted to double down on what you said about changes in networking. We've reported with you guys on NPLS networks, shifting to SD-WAN. But even VPN and SD-WAN are being called into question as the internet becomes the new private network. And so lots of changes there. And again, very excited to see updated data, return of post-COVID, as we exit this isolation economy. Really want to point out to folks that this is not a snapshot survey, right? This is an ongoing exercise that ETR runs, and grateful for our partnership with you guys. Check out ETR.plus, that's the ETR website. I publish weekly on Wikibon.com and SiliconANGLE.com. Sagar, thanks so much for coming on. Once again, great to have you. >> Thank you so much, for having me, Dave. I really appreciate it, as always. >> And thank you for watching this episode of theCube Insights, powered by ETR. This Dave Vellante. We'll see you next time. (gentle music)