>>And welcome back to the cubes coverage of a, of us. Reinforc here in Boston, Massachusetts. I'm John furrier. We're here for a great interview on the next generation topic of state of industrial security. We have two great guests, Tim Jefferson, senior vice president data network and application security at Barracuda. And Cenon Aron vice president of zero trust engineering at Barracuda. Gentlemen. Thanks for coming on the queue. Talk about industrial security. >>Yeah, thanks for having us. >>So one of the, one of the big things that's going on, obviously you got zero trust. You've got trusted, trusted software supply chain challenges. You've got hardware mattering more than ever. You've got software driving everything, and all this is talking about industrial, you know, critical infrastructure. We saw the oil pipeline had a hack and ransomware attack, and that's just constant barrage of threats in the industrial area. And all the data is pointing to that. This area is gonna be fast growth machine learning's kicking in automation is coming in. You see a huge topic, huge growth trend. What is the big story going on here? >>Yeah, I think at a high level, you know, we did a survey and saw that, you know, over 95% of the organizations are experiencing, you know, security challenges in this space. So, you know, the blast radius in the, of the, the interface that this creates so many different devices and things and objects that are getting network connected now create a huge challenge for security teams to kind of get their arms around that. >>Yeah. And I can add that, you know, majority of these incidents that, that these organizations suffer lead to significant downtime, right? And we're talking about operational technology here, you know, lives depend on, on these technologies, right? Our, our wellbeing everyday wellbeing depend on those. So, so that is a key driver of initiatives and projects to secure industrial IOT and operational technologies in, in these businesses. >>Well, it's great to have both of you guys on, you know, Tim, you know, you had a background at AWS and sit on your startup, founder, soldier, coming to Barracuda, both very experienced, seeing the ways before in this industry. And I'd like to, if you don't mind talk about three areas, remote access, which we've seen in huge demand with, with the pandemic and the out, coming out with the hybrid and certainly industrial, that's a big part of it. And then secondly, that the trend of clear commitment from enterprises to have in a public cloud component, and then finally the secure access edge, you know, with SAS business models, securing these things, these are the three hot areas let's go into the first one, remote access. Why is this important? It seems that this is the top priority for having immediate attention on what's the big challenge here? Is it the most unsecure? Is it the most important? What, why is this relevant? >>So now I'll let you jump in there. >>Yeah, sure. Happy to. I mean, if you think about it, especially now, we've been through a, a pandemic shelter in place cycle for almost two years. It, it becomes essentially a business continuity matter, right? You do need remote access. We also seen a tremendous shift in hiring the best talent, wherever they are, right. Onboarding them and bringing the talent into, into, into, into businesses that have maybe a lot more distributed environments than traditionally. So you have to account for remote access in every part of everyday life, including industrial technologies, you need remote support, right? You need vendors that might be overseas providing you, you know, guidance and support for these technologies. So remote support is every part of life. Whether you work from home, you work on your, on the go, or you are getting support from a vendor that happens to be in Germany, you know, teleporting into your environment in Hawaii. You know, all these things are essentially critical parts of everyday life. Now >>Talk about ZT and a zero trust network access is a, this is a major component for companies. Obviously, you know, it's a position taking trust and verifies. One other approach, zero trust is saying, Hey, I don't trust you. Take us through why that's important. Why is zero trust network access important in this area? >>Yeah. I mean, I could say that traditionally remote access, if you think about infancy of the internet in the nineties, right? It was all about encryption in, in transit, right? You were all about internet was vastly clear text, right? We didn't have even SSL TLS, widely distributed and, and available. So when VPNs first came out, it was more about preventing sniffing, clear tech clear text information from, from, from the network, right? It was more about securing the, the transport, but now that kind of created a, a big security control gap, which implicitly trusted user users, once they are teleported into a remote network, right? That's the essence of having a remote access session you're brought from wherever you are into an internal network. They implicitly trust you that simply breakdown over time because you are able to compromise end points relatively easily using browser exploits. >>You know, so, so for supply chain issues, water hole attacks, and leverage the existing VPN tunnels to laterally move into the organization from within the network, you literally move in further and further and further down, you know, down the network, right? So the VPN needed a, a significant innovation. It was meant to be securing packets and transit. It was all about an encryption layer, but it had an implicit trust problem with zero trust. We turn it into an explicit trust problem, right? Explicit trust concept, ideally. Right? So you are, who do you say you are? And you are authorized to access only to things that you need to access to get the work done. >>So you're talking about granular levels versus the one time database look up you're in >>That's right. >>Tim, talk about the OT it side of this equation of industrial, because it, you know, is IP based, networking, OT have been purpose built, you know, maybe some proprietary technology yeah. That connects to the internet internet, but it's mainly been secure. Those have come together over the years and now with no perimeter security, how is this world evolving? Because there's gonna be more cloud there, be more machine learning, more hybrid on premise, that's going on almost a reset if you will. I mean, is it a reset? What's the, what's the situation. >>Yeah. I think, you know, in typical human behavior, you know, there's a lot of over rotation going on. You know, historically a lot of security controls are all concentrated in a data center. You know, a lot of enterprises had very large sophisticated well-established security stacks in a data center. And as those applications kind of broke down and, and got rearchitected for the cloud, they got more modular, they got more distributed that centralized security stack became an anti pattern. So now this kind of over rotation, Hey, let's take this stack and, and put it up in the cloud. You know, so there's lots of names for this secure access, service edge, you know, secure service edge. But in the end, you know, you're taking your controls and, and migrating them into the cloud. And, you know, I think ultimately this creates a great opportunity to embrace some of security, best practices that were difficult to do in some of the legacy architectures, which is being able to push your controls as far out to the edge as possible. >>And the interesting thing about OT and OT now is just how far out the edge is, right? So instead of being, you know, historically it was the branch or user edge, remote access edge, you know, Syon mentioned that you, you have technologies that can VPN or bring those identities into those networks, but now you have all these things, you know, partners, devices. So it's the thing, edge device edge, the user edge. So a lot more fidelity and awareness around who users are. Cause in parallel, a lot of the IDP and I IBM's platforms have really matured. So marrying those concepts of this, this lot of maturity around identity management yeah. With device in and behavior management into a common security framework is really exciting. But of course it's very nascent. So people are, it's a difficult time getting your arms around >>That. It's funny. We were joking about the edge. We just watching the web telescope photos come in the deep space, the deep edge. So the edge is continuing to be pushed out. Totally see that. And in fact, you know, one of the things we're gonna, we're gonna talk about this survey that you guys had done by an independent firm has a lot of great data. I want to unpack that, but one of the things that was mentioned in there, and I'll get, I wanna get your both reaction to this is that virtually all organizations are committing to the public cloud. Okay. I think it was like 96% or so was the stat. And if you combine in that, the fact that the edge is expanding, the cloud model is evolving at the edge. So for instance, a building, there's a lot behind it. You know, how far does it go? So we don't and, and what is the topology because the topology seem to change too. So there's this growth and change where we need cloud operations, DevOps at, at the edge and the security, but it's changing. It's not pure cloud, but it's cloud. It has to be compatible. What's your reaction to that, Tim? I mean, this is, this is a big part of the growth of industrial. >>Yeah. I think, you know, if you think about, there's kind of two exciting developments that I would think of, you know, obviously there's this increase to the surface area, the tax surface areas, people realize, you know, it's not just laptops and devices and, and people that you're trying to secure, but now they're, you know, refrigerators and, you know, robots and manufacturing floors that, you know, could be compromised, have their firmware updated or, you know, be ransomware. So this a huge kind of increase in surface area. But a lot of those, you know, industrial devices, weren't built around the concept with network security. So kind of bolting on, on thinking through how can you secure who and what ultimately has access to those, to those devices and things. And where is the control framework? So to your point, the control framework now is typically migrated now into public cloud. >>These are custom applications, highly distributed, highly available, very modular. And then, you know, so how do you, you know, collect the telemetry or control information from these things. And then, you know, it creates secure connections back into these, these control applications, which again, are now migrated to public cloud. So you have this challenge, you know, how do you secure? We were talking about this last time we discussed, right. So how do you secure the infrastructure that I've, I've built in deploying now, this control application and in public cloud, and then connect in with this, this physical presence that I have with these, you know, industrial devices and taking telemetry and control information from those devices and bringing it back into the management. And this kind marries again, back into the remote axis that Sunan was mentioning now with this increase awareness around the efficacy of ransomware, we are, you know, we're definitely seeing attackers going after the management frameworks, which become very vulnerable, you know, and they're, they're typically just unprotected web applications. So once you get control of the management framework, regardless of where it's hosted, you can start moving laterally and, and causing some damage. >>Yeah. That seems to be the common thread. So no talk about, what's your reaction to that because, you know, zero trust, if it's evolving and changing, you, you gotta have zero trust you. I didn't even know it's out there and then it gets connected. How do you solve that problem? Cuz you know, there's a lot of surface area that's evolving all the OT stuff and the new, it, what's the, what's the perspective and posture that the clients your clients are having and customers. Well, >>I, I think they're having this conversation about further mobilizing identity, right? We did start with, you know, user identity that become kind of the first foundational building block for any kind of zero trust implementation. You work with, you know, some sort of SSO identity provider, you get your, you sync with your user directories, you have a single social truth for all your users. >>You authenticate them through an identity provider. However that didn't quite cut it for industrial OT and OT environments. So you see like we have the concept of hardware machines, machine identities now become an important construct, right? The, the legacy notion of being able to put controls and, and, and, and rules based on network constructs doesn't really scale anymore. Right? So you need to have this concept of another abstraction layer of identity that belongs to a service that belongs to an application that belongs to a user that belongs to a piece of hardware. Right. And then you can, yeah. And then you can build a lot more, of course, scalable controls that basically understand the, the trust relation between these identities and enforce that rather than trying to say this internal network can talk to this other internal network through a, through a network circuit. No, those things are really, are not scalable in this new distributed landscape that we live in today. So identity is basically going to operationalize zero trust and a lot more secure access going forward. >>And that's why we're seeing the sassy growth. Right. That's a main piece of it. Is that what you, what you're seeing too? I mean, that seems to be the, the approach >>I think like >>Go >>Ahead to, yeah. I think like, you know, sassy to me is really about, you know, migrating and moving your security infrastructure to the cloud edge, you know, as we talked to the cloud, you know, and then, you know, do you funnel all ingress and egress traffic through this, you know, which is potentially an anti pattern, right? You don't wanna create, you know, some brittle constraint around who and what has access. So again, a security best practices, instead of doing all your enforcement in one place, you can distribute and push your controls out as far to the edge. So a lot of SASI now is really around centralizing policy management, which is the big be one of the big benefits is instead of having all these separate management plans, which always difficult to be very federated policy, right? You can consolidate your policy and then decide mechanism wise how you're gonna instrument those controls at the edge. >>So I think that's the, the real promise of, of the, the sassy movement and the, I think the other big piece, which you kind of touched on earlier is around analytics, right? So it creates an opportunity to collect a whole bunch of telemetry from devices and things, behavior consumption, which is, which is a big, common, best practice around once you have SA based tools that you can instrument in a lot of visibility and how users and devices are behaving in being operated. And to Syon point, you can marry that in with their identity. Yeah. Right. And then you can start building models around what normal behavior is and, you know, with very fine grain control, you can, you know, these types of analytics can discover things that humans just can't discover, you know, anomalous behavior, any kind of indicators are compromised. And those can be, you know, dynamic policy blockers. >>And I think sun's point about what he was talking about, talks about the, the perimeters no longer secure. So you gotta go to the new way to do that. Totally, totally relevant. I love that point. Let me ask you guys a question on the, on the macro, if you don't mind, how concerned are you guys on the current threat landscape in the geopolitical situation in terms of the impact on industrial IOT in this area? >>So I'll let you go first. Yeah. >>I mean, it's, it's definitely significantly concerning, especially if now with the new sanctions, there's at least two more countries being, you know, let's say restricted to participate in the global economic, you know, Mar marketplace, right? So if you look at North Korea as a pattern, since they've been isolated, they've been sanctioned for a long time. They actually double down on rents somewhere to even fund state operations. Right? So now that you have, you know, BES be San Russia being heavily sanctioned due to due to their due, due to their activities, we can envision more increase in ransomware and, you know, sponsoring state activities through illegal gains, through compromising, you know, pipelines and, you know, industrial, you know, op operations and, and seeking large payouts. So, so I think the more they will, they're ized they're pushed out from the, from the global marketplace. There will be a lot more aggression towards critical infrastructure. >>Oh yeah. I think it's gonna ignite more action off the books, so to speak as we've seen. Yeah. We've >>Seen, you know, another point there is, you know, Barracuda also runs a, a backup, you know, product. We do a, a purpose built backup appliance and a cloud to cloud backup. And, you know, we've been running this service for over a decade. And historically the, the amount of ransomware escalations that we got were very slow, you know, is whenever we had a significant one, helping our customers recover from them, you know, you know, once a month, but over the last 18 months, this is routine now for us, this is something we deal with on a daily basis. And it's becoming very common. You know, it's, it's been a well established, you know, easily monetized route to market for the bad guys. And, and it's being very common now for people to compromise management planes, you know, they use account takeover. And the first thing they're doing is, is breaking into management planes, looking at control frameworks. And then first thing they'll do is delete, you know, of course the backups, which this sort of highlights the vulnerability that we try to talk to our customers about, you know, and this affects industrial too, is the first thing you have to do is among other things, is, is protect your management planes. Yeah. And putting really fine grain mechanisms like zero trust is, is a great, >>Yeah. How, how good is backup, Tim, if you gets deleted first is like no backup. There it is. So, yeah. Yeah. Air gaping. >>I mean, obviously that's kinda a best practice when you're bad guys, like go in and delete all the backups. So, >>And all the air gaps get in control of everything. Let me ask you about the, the survey pointed out that there's a lot of security incidents happening. You guys pointed that out and discussed a little bit of it. We also talked about in the survey, you know, the threat vectors and the threat landscape, the common ones, ransomware was one of them. The area that I liked, what that was interesting was the, the area that talked about how organizations are investing in security and particularly around this, can you guys share your thoughts on how you see the, the market, your customers and, and the industry investing? What are they investing in? What stage are they in when it comes to IOT and OT, industrial IOT and OT security, do they do audits? Are they too busy? I mean, what's the state of their investment thesis progress of, of, of how they're investing in industrial IOT? >>Yeah. Our, our view is, you know, we have a next generation product line. We call, you know, our next, our cloud chain firewalls. And we have a form factor that sports industrial use cases we call secure connectors. So it's interesting that if you, what we learned from that business is a tremendous amount of bespoke efforts at this point, which is sort of indicative of a, of a nascent market still, which is related to another piece of information I thought was really interested in the survey that I think it was 93% of the, the participants, the enterprises had a failed OT initiative, you know, that, you know, people tried to do these things and didn't get off the ground. And then once we see build, you know, strong momentum, you know, like we have a, a large luxury car manufacturer that uses our secure connectors on the, on the robots, on the floor. >>So well established manufacturing environments, you know, building very sophisticated control frameworks and, and security controls. And, but again, a very bespoke effort, you know, they have very specific set of controls and specific set of use cases around it. So it kind of reminds me of the late nineties, early two thousands of people trying to figure out, you know, networking and the blast radi and networking and, and customers, and now, and a lot of SI are, are invested in this building, you know, fast growing practices around helping their customers build more robust controls in, in helping them manage those environments. So, yeah, I, I think that the market is still fairly nascent >>From what we seeing, right. But there are some encouraging, you know, data that shows that at least helpful of the organizations are actively pursuing. There's an initiative in place for OT and a, you know, industrial IOT security projects in place, right. They're dedicating time and resources and budget for this. And, and in, in regards to industries, verticals and, and geographies oil and gas, you know, is, is ahead of the curve more than 50% responded to have the project completed, which I guess colonial pipeline was the, you know, the call to arms that, that, that was the big, big, you know, industrial, I guess, incident that triggered a lot of these projects to be accelerating and, and, you know, coming to the finish line as far as geographies go DACA, which is Germany, Austria, Switzerland, and of course, north America, which happens to be the industrial powerhouses of, of the world. Well, APAC, you know, also included, but they're a bit behind the curve, which is, you know, that part is a bit concerning, but encouragingly, you know, Western Europe and north America is ahead of these, you know, projects. A lot of them are near completion or, or they're in the middle of some sort of an, you know, industrial IOT security project right >>Now. I'm glad you brought the colonial pipeline one and, and oil and gas was the catalyst. Again, a lot of, Hey, scared that better than, than me kinda attitude, better invest. So I gotta ask you that, that supports Tim's point about the management plane. And I believe on that hack or ransomware, it wasn't actually control of the pipeline. It was control over the management billing, and then they shut down the pipeline cuz they were afraid it was gonna move over. So it wasn't actually the critical infrastructure itself to your point, Tim. >>Yeah. It's hardly over the critical infrastructure, by the way, you always go through the management plane, right. It's such an easier lying effort to compromise because it runs on an endpoint it's standard endpoint. Right? All this control software will, will be easier to get to rather than the industrial hardware itself. >>Yeah. It's it's, it's interesting. Just don't make a control software at the endpoint, put it zero trust. So down that was a great point. Oh guys. So really appreciate the time and the insight and, and the white paper's called NETEC it's on the Barracuda. Netex industrial security in 2022. It's on the barracuda.com website Barracuda network guys. So let's talk about the read force event hasn't been around for a while cuz of the pandemic we're back in person what's changed in 2019 a ton it's like security years is not dog years anymore. It's probably dog times too. Right. So, so a lot's gone on where are we right now as an industry relative to the security cybersecurity. Could you guys summarize kind of the, the high order bit on where we are today in 2022 versus 2019? >>Yeah, I think, you know, if you look at the awareness around how to secure infrastructure in applications that are built in public cloud in AWS, it's, you know, exponentially better than it was. I think I remember when you and I met in 2018 at one of these conferences, you know, there were still a lot of concerns, whether, you know, IAS was safe, you know, and I think the amount of innovation that's gone on and then the amount of education and awareness around how to consume, you know, public cloud resources is amazing. And you know, I think that's facilitated a lot of the fast growth we've seen, you know, the consistent, fast growth that we've seen across all these platforms >>Say that what's your reaction to the, >>I think the shared responsibility model is well understood, you know, and, and, and, and we can see a lot more implementation around, you know, CSBM, you know, continuously auditing the configurations in these cloud environments become a, a standard table stake, you know, investment from every stage of any business, right? Whether from early state startups, all the way to, you know, public companies. So I think it's very well understood and, and the, and the investment has been steady and robust when it comes to cloud security. We've been busy, you know, you know, helping our customers and AWS Azure environments and, and others. So I, I think it's well understood. And, and, and we are on a very optimistic note actually in a good place when it comes to public cloud. >>Yeah. A lot of great momentum, a lot of scale and data act out there. People sharing data, shared responsibility. Tim is in, thank you for sharing your insights here in this cube segment coverage of reinforce here in Boston. Appreciate it. >>All right. Thanks for having >>Us. Thank you. >>Okay, everyone. Thanks for watching the we're here at the reinforced conference. AWS, Amazon web services reinforced. It's a security focused conference. I'm John furier host of the cube. We'd right back with more coverage after the short break.

>>Live from Orlando, Florida. It's the cube covering Microsoft ignite brought to you by Cohesity. >>Good afternoon everyone and welcome back to the cubes live coverage of Microsoft ignite. We are wrapping up three days of wall to wall coverage. Back to back interviews. I'm your host Rebecca Knight, alongside my cohost Stu Miniman. We have saved the best for last. We have BJ Jenkins, president and CEO of Barracuda networks. Thank you so much for coming on the cube. Feel a lot of pressure on internet. It's going to be great. Why don't you start by Barracuda. I think of that heartsong tell our viewers a little bit about, about your business, what you do. >>Yeah. Um, Barracuda is a company focused in the security industry, primarily on email security and network and application security. Uh, we have over 220,000 customers, uh, since we were founded a little over 15 years ago. And um, you know, we have a passion for making our customers secure and safe and being able to run their business. And we're a great partner in Microsoft, so, uh, they really help us drive our business. >>Yeah. So, so much to catch up, PJ, since it's been many years since you've been on the program, you were new in the role, but let's start with that Microsoft relationship here. We've been spending all week talking through all of the various environments. Talk about a little bit about your joint customers, the relationship and what's happening there. >>Yeah. I joined Barracuda seven years ago. Yesterday was my anniversary. And um, when I came into Barracuda, it was primarily at the time focused on a kind of small and midsize businesses. And most of those businesses ran Microsoft exchange or ran some form of Microsoft applications. And really that was the start of our partnership, realizing how important Microsoft was and it's grown. We were the first, uh, security company to put our firewalls in Azure. And that was over five years ago. And I think being first with a partner like Microsoft who is really at that point trying to catch up with Amazon and you know, Satya was, we're starting to drive the business in that direction. Uh, it gave us a unique vantage point in the partnership and it's grown from there. We were, uh, the Azure partner the year in 2016, uh, across their business. Um, we do joint development with them. We do joint go to market activities. And when you look around and you see 30,000 customers here, it's a, it's a good, good place to focus for a company like ourselves. >>Yeah. Well the, the, the changes in Microsoft business has had a ripple effect in the ecosystem, not only the launch of Azure, but I mean a big push office three 65 you talk about there's gotta be a difference between I'm rolling out exchange servers and well, it's all in the cloud. We know that customers still need to think sick as strong about security when they go to SAS Deere. If your customers figured that out yet. >>Yeah. I think, um, the trends that played out on prom play out in the cloud, um, how am I gonna secure my applications? How am I going to secure my data, my network? Um, and then the individuals that are using that cause at the end of the day, the individuals tend to be the weakest link in the security chain. And, um, you know, Mike, what I like is Microsoft has done a really good job improving their security posture, the base level that they provide to their customers every single day improves. And our job is to innovate on top of that and make them even safer. And, um, Microsoft's position in the industry too has been one where they want to be a ecosystem. They want to partner with third parties to help their customers move from on prem into Azure. And they know they're not gonna be able to do it on their own. >>So they've upped their game. We've got to up our game and we do it jointly, which is the nice thing. I, I joke with people. When I was at EMC and I used to go to Redmond, I'd go with battle armor on because there was not gonna be a fun meeting, uh, who's going to be, how Microsoft was going to hurt our business. And now I go to Redmond and you're embraced as a partner. They want to understand what customers and partners are thinking. They jointly plan with you. It's a completely different tone and tenor, which has been nice for us. >>So it is a scary world out there. And as we know that the threat environment is changing, hackers are becoming more sophisticated. I wonder if you could just set the scene for our viewers and just talk about security challenges in general and then we'll get into the specifics of the new solutions that you've announced here. >>Yeah, it's, threats come from everywhere and I think it's hard to boil it down and make it simple at times. But one of the stories I tell, uh, investors and customers about how fast the world is changing, uh, when I came on board, CEO's are obviously targets for hackers and the types of phishing mails I would get at that point. Um, and they would be very obvious. I've gone by BJ my entire life. On the website it says William Jenkins. And so the phishing emails would come in and say, you know, today fog, no, Hey, can you wire money here, William? Right. And so there was just base level intelligence. Nowadays they use LinkedIn, they use fee, they create social graphs. They study your communication forms, they look, they know how you're organized and they target the people. It will have, I always signed my emails past comma, BJ, the best fishing males have that in there. >>They've discovered that they've incorporated that they, so the, just the level of intelligence, the sophistication of what hackers do today, uh, has exponentially changed. And, you know, we're fortunate you can, we have more computing power. We have more artificial intelligence that we can apply to stop them. But the game just keeps getting escalated. And it's a, it's why the security industry has been strong. It's why there's so many companies out there. We've got to keep getting better. Um, but it's, it's a scary world. It's, it's, you know, you can never, never rest and never think you're ahead. You always gotta keep attacking it. >>So BJ, you had a number of announcements. Barracuda did, not nearly as many as Microsoft did, but give us the highlights if you would. >>Yeah. Um, so a number number of things announced here. Uh, first we're part of, uh, Misa, the Microsoft intelligence security association. So we're proud, proud to be a part of that. At launch. Um, we announced, uh, the cloud application platform security platform and the big announcement for us around that was our launch of as a service, uh, that's run on Azure. And, uh, we've always had a strong application approach. We've got integrated, um, detection, DDoSs uh, the O OS top 20 are all in Kurt corporate into our platform. What we've done is really leveraged Microsoft scale to run a very easy, simple to deploy a web application security platform, uh, that takes advantage of Microsoft scale and resiliency and brings that to our customers. Uh, we did a study, you know, only 10% of the websites in the world today are protected. So 90% of the web sites and web applications in the world today run on protected. >>We think this is a great way to go out and, um, help protect more of those. And then finally, um, you know, we announced Microsoft announced their V land solution and we have done joint development with them. We'll continue to innovate here, but we announced obviously our solution that we'll run, uh, with Microsoft's B when we're the only ones who can provide a customer really with multiple lengths run on Microsoft backbone, they can really run their data center. Now the corporate data center out of Azure, uh, we give them traffic prioritization, fail over resiliency that customers need when they're making those types of decisions. So there was more than that, but that was a lot of good stuff for us. We're excited about it. >>What does the recent announcement that Microsoft has won the Jetta contract, does that have any impact on Barracuda's business? Is that, >>well, I think anytime Microsoft wins business, it's a good thing because we're partnering with them. That contract is so big and, uh, has a lot of different elements and, and certainly security is a part of it. So we think there's aspects where we can play. I did hear, I think, um, Oracle was suing and I think AWS, so this may have a lot of legs before it becomes real. But it, I, you know, I think it continues to show that customers want to utilize, um, the scale breadth and depth of solutions that the cloud companies are bringing. And, you know, we view that as opportunity because security is an important element to making that work for those customers. >>So PJ, one to put aside the Microsoft stuff for a second here, since last we talk barracudas gone private and the security industry feels like it just growing so fast. You know, every week we're getting approached by new startups, heavy investment and the like, give us a little bit about your position has a CIO and CEO in this space. Uh, and you know, the love, a little bit of a note. We know it happened a few years back now, but going private when so many companies have, >>yeah, they're, you know, obviously there's a lot of funded companies in the security market. You know, we were in, uh, we had been public for, for four years. Um, a company that's been around 15 years where we were a profitable security company to, we were unique. We weren't, uh, the high flyer growth, but we were growing, you know, kind of, uh, low double digits with profitability, but there were investments that needed to be made in the business. Uh, we were running our transaction system on code, the founder wrote. Um, so there were investments we really needed to make to go from, you know, the 400, 500 million Mark to 1 billion mark. And so going private with a partner like Thoma Bravo, um, who really understands this industry has allowed us to reset the strategy and focus on, uh, the highest growth areas for us, which are email and network and application security. >>Um, they've helped us, we've invested over 20 million in internal systems, um, modern systems, Salesforce, NetSuite, uh, that we think give us the foundational elements to scale to $1 billion. And, um, you know, they combine that with operational expertise that they bring in to help us get more customers to the 220,000. Uh, one of the other interesting things for us too is, um, well we have 220,000 customers. We have 50 of the fortune 100. We have 250 of the fortune 1000 and as the movement, as, as customers have move to cloud, our solutions have become more relevant for customers of scale. And so they've given us the backing really to make that transition into that. So I liked not having to go on public conference calls every quarter. That's been a really nice thing. Um, but they've been a great partner for us. So we've, I think what you can think of us as we focused on areas that we think are the highest priority to our customers. >>Yeah, PJ, it also, we talked about there's so many startups in this space out there. The profile security keeps getting raised. Pat Gelsinger, VMware, you know, pounding the table saying that security needs to do over the, he just purchased black Boston based company that was public. You know, I talked to my friends that had been deep in the security industry and they scoff a little bit about, you know, we've been doing this for a long time. Barracuda is a company that has been around for quite a number of years. How's the industry doing? What do we need to do better? And how do you look at that landscape? >>Yeah, I, you know, I love pats energy and vigor, but there's no silver bullet that's gonna solve every problem out there. I do think, uh, where the industry is getting better is one on sharing information. You can see alliances, associations that have been formed. Um, you know, even with the cloud providers, we're actively sharing information and sharing of that information. We'll make more robust solutions first. Um, second you're seeing vendors go more towards platform where they're offering a larger, so the, the quality of solutions are getting better. And I do think there's consolidation happening where there, there are going to be certain segments of the market where you don't need 15 solutions. You really need, you know, one not from a particular player. So I think you'll see more, uh, consolidation occur around that. And you know, certainly that's been a trend we've been on in terms of integrating our solutions, making them easier to deploy and use for the customers. And then, you know, I think the last part of this is regulation is really a, it's still behind, but it's finally catching up and there's an interest in it. And I think in partnership with the industry, we can get our customers in a better position, a better security posture. So, you know, I, um, there will be consolidation over over time. Uh, you know, I've seen a map, I think there's 3000 security companies in all different segments that won't last forever. And, uh, it'll get easier for customers over time, is my belief. >>So with regulation, do you want to work in partnership with regulators? I mean, how do you, to help them understand the industry first of all and understand the dangers and the risks? I mean, how do you see the future of regulation for this industry? >>First of all, there's a large education process for legislators in general. You have to look no further than when Mark Zuckerberg got questioned by Congress. And the questions he were getting asked were not the best questions. Um, but you do have people who understand this industry and you can look at regulations like GDPR. You know, California's coming out data privacy law now and they're never perfect, but they're good foundational elements to start. And they're helping customers, um, get more aware of what they have to do to be secure and they're helping us explain to customers the things you can do to be in a better security posture. And so there's a continuum around this. We're in the early days, I, there's still a lot of education that has to go on, but when you see, >>start getting passed, it's a good step in the right direction. And by my estimation, BJ, we did save the best for last. Thank you so much for coming on the cube. That was terrific. Sorry it took so long. I'm Rebecca and I first two minutes and that wraps up three days of coverage at Microsoft ignite at the cube. Thank you so much for tuning in and we will see you next time.

(upbeat music) >> Announcer: From downtown San Francisco, it's theCUBE. Covering RSA North America 2018. >> Welcome back everybody, Jeff Frick here, with theCUBE. We're at RSA Conference 2018 in downtown San Francisco, 40,000 plus people, it's a really busy, busy, busy conference, talking about security, enterprise security and, of course, a big, new, and growing important theme is cloud and how does public cloud work within your security structure, and your ecosystem, and your system. So we're excited to have an expert in the field, who comes from that side. He's Tim Jefferson, he's a VP Public Cloud for Barracuda Networks. Tim, great to see you. >> Yeah, thanks for having me. >> Absolutely, so you worked for Amazon for a while, for AWS, so you've seen the security from that side. Now, you're at Barracuda, and you guys are introducing an interesting concept of public cloud firewall. What does that mean exactly? >> Yeah, I think from my time at AWS, one of my roles was working with all the global ISVs, to help them re-architect their solution portfolio for public cloud, so got some interesting insight into a lot of the friction that enterprise customers had moving their datacenter security architectures into public cloud. And the great biggest friction point tend to be around the architectures that firewalls are deploying. So they ended up creating, if you think about how a firewall is architected and created, it's really designed around datacenters and tightly coupling all the traffic back into a centralized policy enforcement point that scales vertically. That ends up being a real anti-pattern in public cloud best practice, where you want to build loosely coupled architectures that scale elastically. So, just from feedback from customers, we've kind of re-architected our whole solution portfolio to embrace that, and not only that, but looking at all the native services that the public cloud IaaS platforms, you know, Amazon, Azure, and Google, provide, and integrating those solutions to give customers the benefit, all the security telemetry you can get out of the native fabric, combined with the compliance you get out of web application and next-generation firewall. >> So, it's interesting, James Hamilton, one of my favorite people at AWS, he used to have his Tuesday Nights with James Hamilton at every event, very cool. And what always impressed me every time James talked is just the massive scale that Amazon and the other public cloud vendors have at their disposal, whether it's for networking and running cables or security, et cetera. So, I mean, what is the best way for people to take advantage of that security, but then why is there still a hole, where there's a new opportunity for something like a cloud firewall? >> I think the biggest thing for customers to embrace is that there's way more security telemetry available in the APIs that the public cloud providers do than in the data plane. So most traditional network security architects consider network packets the single source of truth, and a lot of the security architecture's really built around instrumenting in visibility into the data plane so you can kind of crunch through that, but the reality is the management plane on AWS and Azure, GCP, offer tremendous amount of security telemetry. So it's really about learning what all those services are, how you can use the instrument controls, mine that telemetry out, and then combine it with control enforcement that the public cloud providers don't provide, so that kind of gives you the best of both worlds. >> It's interesting, a lot of times we'll hear about a breach and it'll be someone who's on Amazon or another public cloud provider, and then you see, well they just didn't have their settings in the right configuration, right? >> It's usually really kind of Security 101 things. But the reality is, just because it's a new sandbox, there's new rules, new services, you know, and engineers have to kind of, and the other interesting thing is that developers now own the infrastructures they're deploying on. So you don't have the traditional controls that maybe network security engineers or security professionals can build architectures to prevent that. A developer can inadvertently build an app, launch it, not really think about security vulnerabilities he put in, that's kind of what you see in the news. Those people kind of doing basic security misconfigurations that some of these tools can pick up programmatically. >> Now you guys just commissioned a survey about firewalls in the cloud. I wonder if you can share some of the high-level outcomes of that survey. What did you guys find? >> Yeah, it's similar to what we're chatting. It's just that, I think, you know, over 90% of enterprise customers acknowledge the fact that there's friction when they're deploying their datacenter security architectures, specifically network security tools, just because of the architectural friction and the fact that, it's really interesting, you know, a lot of those are really built because everything's tightly coupled into them, but in the public cloud, a lot of your policy enforcement comes from the native services. So, for instance, your segmentation policy, the route tables actually get put into the, when you're creating the networking environment. So the security tools, a network security tool, has to work in conjunction with those native services in order to build architectures that are truly compliant. >> So is firewall even the right name anymore? Should it have a different name, because really, we always think, all right, firewall was like a wall. And now it's really more like this layered risk management approach. >> There's definitely a belief, you know, among especially the cloud security evangelists, to make sure people don't think in terms of perimeter. You don't want to architect in something that's brittle in something that's meant to be truly elastic. I think there's kind of two, you know the word firewall is expanding, right, so more and more customers are now embracing web application firewalls because the applications are developing are port 80 or 443, they're public-facing web apps, and those have a unique set of protections into them. And then next-generation firewalls still provide ingress/egress policy management that the native platforms don't offer, so they're important tools for customers to use for compliance and policy enforcement. They key is just getting customers to understand thinking through specifically which controls they're trying to implement and then architect the solutions to embrace the public cloud they're playing in. So, if they're in Azure, they need to think about making sure the tools they're choosing are architected specifically for the Azure environment. If they're using AWS, the same sort of thing. Both those companies have programs where they highlight the vendors that have well-architected their solutions for those environments. So Barracuda has, you know, two security competencies, there's Amazon Web Services. We are the first security vendor for Azure, so we were their Partner of the Year. So the key is just diving in, and there's no silver bullet, just re-architecting the solutions to embrace the platforms you're deploying on. >> What's the biggest surprise to the security people at the company when they start to deploy stuff on a public cloud? There's obviously things they think about, but what do they usually get caught by surprise? >> I think it's just the depth and breadth of the services. There's just so many of them. And they overlap a little bit. And the other key thing is, especially for network security professionals, a lot of the tools are made for software developers. And they have APIs and they're tooling is really built around software development tools, so if you're not a software developer, it can be pretty intimidating to understand how to architect in the controls and especially to leverage all these native services which all tie together. So it's just bridging those two worlds, you know, software development and network security teams, and figuring out a way for them to collaborate and work together. And our advice to customers have been, we've seen comical stories for those battles between the two. Those are always fun to talk about, but I think the best practice is around getting, instead of security teams saying no, I think everybody's trying to get culturally around how do I say yes. Now the burden can be back to the software development teams. The security teams can say, here the list of controls that I need you to cover in order for this app to go live. You know, HIPAA or PCI, here are these compliance controls. You guys chose which tools and automation frameworks work as part of your CI/CD pipeline pr your development pipeline, and then I'll join your sprints and you guys can show incrementally how we're making progress to those compliance. >> And how early do they interject that data in kind of a pilot program that's on its way to a new production app? How early do the devs need to start baking that in? >> I think it has to be from day zero, because as you embrace and think through the service, and the native services you're going to use, depending on which cloud provider, each one of those has an ecosystem of other native services that can be plugged in and they all have overlapping security value, so it's kind of thinking through your security strategy. And then you can be washed away by all the services, and what they can and can't do, but if you just start from the beginning, like what policies or compliance frameworks, what's our risk management posture, and then architect back from that. You know, start from the end mine and then work back, say hey, what's the best tool or services I can instrument in. And then, it may be, starting with less cloudy tools, you know, just because you can instrument in something you know, and then as you build up more expertise, depending on which cloud platform you're on, you can sort of instrument in the native services that you get more comfortable with then. So it's kind of a journey. >> You got to start from the beginning. Bake it in from the zero >> Got to be from the zero. >> It's not a build-on anymore. All right Tim, last question. What are we looking forward to at RSA this week? >> I'm very cloud-biased, you know, so I'm always looking at the latest startups and how creative people are about rethinking how to deploy security controls and just kind of the story and the pulse around the friction with public cloud security and seeing that evolve. >> All right, well I'm sure there'll be lots of it. It never fails to fascinate me, the way that this valley keeps evolving and evolving and evolving. Whatever the next big opportunity is. All right, he's Tim Jefferson, I'm Jeff Frick, thanks for stopping by. You're watching theCUBE. We're at RSAC 2018 in San Francisco. Thanks for watching. (upbeat techno music)

>> TheCUBE presents Ignite 22 brought to you by Palo Alto Networks. >> Welcome back to Las Vegas, everyone. We're glad you're with us. This is theCUBE live at Palo Alto Ignite 22 at the MGM Grant in Las Vegas. Lisa Martin here with Dave Vellante, day one of our coverage. We've had great conversations. The cybersecurity landscape is so interesting Dave, it's such a challenging problem to solve but it's so diverse and dynamic at the same time. >> You know, Lisa theCUBE started in May of 2010 in Boston. We called it the chowder event, chowder and Lobster. It was a EMC world, 2010. BJ Jenkins, who's here, of course, was a longtime friend of theCUBE and made the, made the transition into from, well, it's still data, data to, to cyber. So >> True. And BJ is back with us. BJ Jenkins, president Palo Alto Networks great to have you back on theCUBE. >> It is great to be here in person on theCube >> Isn't it great? >> In Vegas. It's awesome. >> And we can tell by your voice will be, will be gentle. You, you've been in Vegas typical Vegas occupational hazard of losing the voice. >> Yeah. It was one of the benefits of Covid. I didn't lose my voice at home sitting talking to a TV. You lose it when you come to Vegas. >> Exactly. >> But it's a small price to pay. >> So things kick off yesterday with the partner summit. You had a keynote then, you had a customer, a CISO on stage. You had a keynote today, which we didn't get to see. But talk to us a little bit about the lay of the land. What are you hearing from CISOs, from CIOs as we know security is a board level conversation. >> Yeah, I, you know it's been an interesting three or four months here. Let me start with that. I think, cybersecurity in general is still front and center on CIOs and CISO's minds. It has to be, if you saw Wendy's presentation today and the threats out there companies have to have it front and center. I do think it's been interesting though with the macro uncertainty. We've taken to calling this year the revenge of the CFO and you know these deals in cybersecurity are still a top priority but they're getting finance and procurements, scrutiny which I think in this environment is a necessity but it's still a, you know, number one number two imperative no matter who you talked to, in my mind >> It was interesting what Nikesh was saying in the last conference call that, hey we just have to get more approvals. We know this. We're, we're bringing more go-to-market people on board. We, we have, we're filling the pipeline 'cause we know they're going to split up deals big deals go into smaller chunks. So the question I have for you is is how are you able to successfully integrate those people so that you can get ahead of that sort of macro transition? >> Yeah I, you know, I think there's two things I'd say about uncertain macro situations and Dave, you know how old I am. I'm pretty old. I've been through a lot of cycles. And in those cycles I've always found stronger companies with stronger value proposition separate themselves actually in uncertain, economic times. And so I think there's actually an opportunity here. The message tilts a little bit though where it's been about innovation and new threat vectors to one of you have 20, 30, 40 vendors you can consolidate become more effective in your security posture and save money on your TCOs. So one of the things as we bring people on board it's training them on that business value proposition. How do you take a customer who's got 20 or 30 tools take 'em down to 5 or 10 where Palo is more central and strategic and be able to demonstrate that value. So we do that through, we're making a huge investment in our people but macroeconomic times also puts some stronger people back on the market and we're able to incorporate them into the business. >> What are the conditions that are necessary for that consolidation? Like I would imagine if you're, if you're a big customer of a big, you know, competitor of yours that that migration is going to be harder than if you're dealing with lots of little point tools. Do those, do those point tools, are they sort of is it the end of the subscription? Is it just stuff that's off the books now? What's, the condition that is ripe for that kind of consolidation? >> Look, I think the challenge coming into this year was skills. And so customers had all of these point products. It required a lot more human intervention as Nikesh was talking about to integrate them or make them work. And as all of us know finding people with cybersecurity skills over the last 12 months has been incredibly hard. That drove, if you know, if you think about that a CIO and a CISO sitting there going, I have all all this investment in tools. I don't have the people to operate 'em. What do I need to do? What we tried to do is elevate that conversation because in a customer, everybody who's bought one of those, they they bought it to solve a problem. And there's people with affinity for that tool. They're not just going to say I want to get consolidated and give up my tool. They're going to wrap their arms around it. And so what we needed to do and this changed our ecosystem strategy too how we leverage partners. We needed to get into the CIO and CISO and say look at this chaos you have here and the challenges around people that it's, it's presenting you. We can help solve that by, by standardizing, consolidating taking that integration away from you as Nikesh talked about, and making it easier for your your high skill people to work on high skill, you know high challenges in there. >> Let chaos reign, and then reign in the chaos. >> Yes. >> Andy Grove. >> I was looking at some stats that there's 26 million developers but less than 3 million cybersecurity professionals. >> Talked about that skills gap and what CISOs and CIOs are facing is do you consider from a value prop perspective Palo Alto Networks to be a, a facilitator of helping organizations deal with that skills gap? >> I think there's a short term and a long term. I think Nikesh today talked about the long term that we'll never win this battle with human beings. We're going to have to win it with automation. That, that's the long term the short term right here and now is that people need people with cybersecurity skills. Now what we're trying to do, you know, is multifaceted. We work with universities to standardize programs to develop skills that people can come into the marketplace with. We run our own programs inside the company. We have a cloud academy program now where we take people high aptitude for sales and technical aptitude and we will put them through a six month boot camp on cloud and they'll come out of that ready to really work with the leading experts in cloud security. The third angle is partners, right, there are partners in the marketplace who want to drive their business into high services areas. They have people, they know how to train. We give them, we partner with them to give them training. Hopefully that helps solve some of the short-term gaps that are out there today. >> So you made the jump from data storage to security and >> Yeah. >> You know, network security, all kinds of security. What was that like? What you must have learned a lot in the last better part of a decade? >> Yeah. >> Take us through that. >> You know, so the first jump was from EMC. I was 15 years there to be CEO of Barracuda. And you know, it was interesting because EMC was, you know large enterprise for the most part. At Barracuda we had, you know 250,000 small and mid-size enterprises. And it was, it's interesting to get into security in small and mid-size businesses because, you know Wendy today was talking about nation states. For small and mid-size business, it's common thievery right? It's ransomware, it's, and, those customers don't have, you know, the human and financial resources to keep up with the threat factor. So, you know, Nikesh talked about how it's taken 'em four and a half years to get into cybersecurity. I remember my first week at Barracuda, I was talking with a customer who had, you know, breached data shut down. There wasn't much bitcoin back then so it was just a pure ransom. And I'm like, wow, this is, you know, incredible industry. So it's been a good, you know, transition for me. I still think data is at the heart of all of this. Right? And I have always believed there's a strong connection between the things I learned growing up at EMC and what I put into practice today at Palo Alto Networks. >> And how about a culture because I, you know I know have observed the EMC culture >> Yeah. >> And you were there in really the heyday. >> Yeah. >> Right? Which was an awesome place. And it seems like Palo Alto obviously, different times but you know, similar like laser focus on solving problems, you know, obviously great, you know value sellers, you know, you guys aren't the commodity >> Yeah. For Product. But there seemed to be some similarities from afar. I don't know Palo Alto as well as I know EMC. >> I think there's a lot. When I joined EMC, it was about, it was 2 billion in in revenue and I think when I left it was over 20, 20, 21. And, you know, we're at, you know hopefully 5, 5 5 in revenue. I feel like it's this very similar, there's a sense of urgency, there's an incredible focus on the customer. you know, Near and Moche are definitely different individuals but the both same kind of disruptive, Israeli force out there driving the business. There are a lot of similarities. I, you know, the passion, I feel privileged as a, you know go to market person that I have this incredible portfolio to go, you know, work with customers on. It's a lucky position to be in, but very I feel like it is a movie I've seen before. >> Yeah. And but, and the course, the challenges from the, the target that you're disrupting is different. It was, you know, EMC had a lot of big, you know IBM obviously was, you know, bigger target whereas you got thousands of, you know, smaller companies. >> Yes. >> And, and so that's a different dynamic but that's why the consolidation play is so important. >> Look at, that's why I joined Palo Alto Networks when I was at Barracuda for nine years. It just fascinated me, that there was 3000 plus players in security and why didn't security evolve like the storage market did or the server market or network where working >> Yeah, right. >> You know, two or three big gorillas came to, to dominate those markets. And it's, I think it's what Nikesh talked about today. There was a new problem in best of breed. It was always best of breed. You can never in security go in and, you know, say, Hey it's good I saved us some money but I got the third best product in the marketplace. And there was that kind of gap between products. I, believe in why I joined here I think this is my last gig is we have a chance to change that. And this is the first company as I look from the outside in that had best of breed as, you know Nikesh said 13 categories. >> Yeah. >> And you know, we're in the leaders quadrant and it's a conversation I have with customers. You don't have to sacrifice best of breed but get the benefits of a platform. And I, think that resonates today. I think we have a chance to change the industry from that viewpoint. >> Give us a little view of the voice of the customer. You had, was it Sabre? >> Yeah. >> That was on >> Scott Moser, The CISO from Sabre. >> Give us a view, what are you hearing from the voice of the customer? Obviously they're quite a successful customer but challenges, concerns, the partnership. >> Yeah. Look, I think security is similar to industries where we come up with magic marketing phrases and, you know, things to you know, make you want to procure our solutions. You know, zero trust is one. And you know, you'll talk to customers and they're like, okay, yes. And you know, the government, right? Joe, Joe Biden's putting out zero trust executive orders. And the, the problem is if you talk to customers, it's a journey. They have legacy infrastructure they have business drivers that you know they just don't deal with us. They've got to deal with the business side who's trying to make the money that keeps the, the company going. it's really helped them draw a map from where they're at today to zero trust or to a better security architecture. Or, you know, they're moving their apps into the cloud. How am I going to migrate? Right? Again, that discussion three years ago was around lift and shift, right? Today it's about, well, no I need cloud native developed apps to service the business the way I want to, I want to service it. How do I, so I, I think there's this element of a trusted partner and relationship. And again, I think this is why you can't have 40 or 50 of those. You got to start narrowing it down if you want to be able to meet and beat the threats that are out there for you. So I, you know, the customers, I see a lot of 'em. It's, here's where I'm at help me get here to a better position. And they know it's, you know Scott said in our keynote today, you don't just, you know have layer three firewall policies and decide, okay tomorrow I'm going to go to layer seven. That, that's not how it works. Right? There's, and, and by the way these things are a mission critical type areas. So there's got to be a game plan that you help customers go through to get there. >> Definitely. Last question, my last question for you is, is security being a board level conversation I was reading some stats from a survey I think it was the what's new in Cypress survey that that Palo Alto released today that showed that while significant numbers of organizations think they've got a cyber resiliency playbook, there's a lot of disconnect or lack of alignment at the boardroom. Are you in those conversations? How can you help facilitate that alignment between the executive team and the board when it comes to security being so foundational to any business? >> Yeah, it's, I've been on three, four public company boards. I'm on, I'm on two today. I would say four years ago, this was a almost a taboo topic. It was a, put your head in the sand and pray to God nothing happened. And you know, the world has changed significantly. And because of the number of breaches the impact it's had on brand, boards have to think about this in duty of care and their fiduciary duty. Okay. So then you start with a board that may not have the technical skills. The first problem the security industry had is how do I explain your risk profile in a way you can understand it. I'm, I'm on the board of Generac that makes home generators. It's a manufacturing, you know, company but they put Wifi modules in their boxes so that the dealers could help do the maintenance on 'em. And all of a sudden these things were getting attacked. Right? And they're being used for bot attacks. >> Yeah. >> Everybody on their board had a manufacturing background. >> Ah. >> So how do you help that board understand the risk they have that's what's changed over the last four years. It's a constant discussion. It's one I have with CISOs where they're like help us put it in layman's terms so they understand they know what we're doing and they feel confident but at the same time understand the marketplace better. And that's a journey for us. >> That Generac example is a great one because, you know, think about IOT Technologies. They've historically been air gaped >> Yes. >> By design. And all of a sudden the business comes in and says, "Hey we can put wifi in there", you know >> Connect it to a home Wifi system that >> Make our lives so much easier. Next thing you know, it's being used to attack. >> Yeah. >> So that's why, as you go around the world are you discerning, I know you were just in Japan are you discerning significant differences in sort of attitudes toward, towards cyber? Whether it's public policy, you know things like regulation where you, they don't want you sharing data, but as as a cyber company, you want to share that data with you know, public and private? >> Look it, I, I think around the world we see incredible government activity first of all. And I think given the position we're in we get to have some unique conversations there. I would say worldwide security is an imperative. I, no matter where I go, you know it's in front of everybody's mind. The, on the, the governance side, it's really what do we need to adapt to make sure we meet local regulations. And I, and I would just tell you Dave there's ways when you do that, and we talk with governments that because of how they want to do it reduce our ability to give them full insight into all the threats and how we can help them. And I do think over time governments understand that we can anonymize the data. There's, but that, that's a work in process. Definitely there is a balance. We need to have privacy, we need to have, you know personal security for people. But there's ways to collect that data in an anonymous way and give better security insight back into the architectures that are out there. >> All right. A little shift the gears here. A little sports question. We've had some great Boston's sports guests on theCUBE right? I mean, Randy Seidel, we were talking about him. Peter McKay, Snyk, I guess he's a competitor now but you know, there's no question got >> He got a little funding today. I saw that. >> Down round. But they still got a lot of money. Not of a down round, but they were, but yeah, but actually, you know, he was on several years ago and it was around the time they were talking about trading Brady. He said Never trade Brady. And he got that right. We, I think we can agree Brady's the goat. >> Yes. >> The big question I have for you is, Belichick. Do you ever question Has your belief in him as the greatest coach of all time wavered, you know, now that- No. Okay. >> Never. >> Weigh in on that. >> Never, he says >> Still the Goat. >> I'll give you my best. You know, never In Bill we trust. >> Okay. Still. >> All right >> I, you know, the NFL is a unique property that's designed for parody and is designed, I mean actively designed to not let Mr. Craft and Bill Belichick do what they do every year. I feel privileged as a Boston sports fan that in our worst years we're in the seventh playoff spot. And I have a lot of family in Chicago who would kill for that position, by the way. And you know, they're in perpetual rebuilding. And so look, and I think he, you know the way he's been able to manage the cap and the skill levels, I think we have a top five defense. There's different ways to win titles. And if I, you know, remember in Brady's last title with Boston, the defense won us that Super Bowl. >> Well thanks for weighing in on that because there's a lot of crazy talk going on. Like, 'Hey, if he doesn't beat Arizona, he's got to go.' I'm like, what? So, okay, I'm sometimes it takes a good good loyal fan who's maybe, you know, has >> The good news in Boston is we're emotional fans too so I understand you got to keep the long term long term in mind. And we're, we're in a privileged position in Boston. We've got Celtics, we've got Bruins we've got the Patriots right on the edge of the playoffs and we need the Red Sox to get to work. >> Yeah, no, you know they were last, last year so maybe they're going to win it all like they usually do. So >> Fingers crossed. >> Crazy worst to first. >> Exactly. Well you said, in Bill we trust it sounds like from our conversation in BJ we trust from the customers, the partners. >> I hope so. >> Thank you so much BJ, for coming back on theCUBE giving us the lay of the land, what's new, the voice of the customer and how Palo Alto was really differentiated in the market. We always appreciate your, coming on the show you >> Honor and privilege seeing you here. Thanks. >> You may be thinking that you were watching ESPN just now but you know, we call ourselves the ESPN at Tech News. This is Lisa Martin for Dave Vellante and our guest. You're watching theCUBE, the Leader and live emerging in enterprise tech coverage. (upbeat music)

(upbeat music) >> From theCube Studios in Palo Alto in Boston, bringing you data driven insights from theCube and ETR. This is Breaking Analysis with Dave Vellante. >> While by no means a safe haven, the cybersecurity sector has outpaced the broader tech market by a meaningful margin, that is up until very recently. Cybersecurity remains the number one technology priority for the C-suite, but as we've previously reported the CISO's budget has constraints just like other technology investments. Recent trends show that economic headwinds have elongated sales cycles, pushed deals into future quarters, and just like other tech initiatives, are pacing cybersecurity investments and breaking them into smaller chunks. Hello and welcome to this week's Wikibon Cube Insights powered by ETR. In this Breaking Analysis we explain how cybersecurity trends are reverting to the mean and tracking more closely with other technology investments. We'll make a couple of valuation comparisons to show the magnitude of the challenge and which cyber firms are feeling the heat, which aren't. There are some exceptions. We'll then show the latest survey data from ETR to quantify the contraction in spending momentum and close with a glimpse of the landscape of emerging cybersecurity companies, the private companies that could be ripe for acquisition, consolidation, or disruptive to the broader market. First, let's take a look at the recent patterns for cyber stocks relative to the broader tech market as a benchmark, as an indicator. Here's a year to date comparison of the bug ETF, which comprises a basket of cyber security names, and we compare that with the tech heavy NASDAQ composite. Notice that on April 13th of this year the cyber ETF was actually in positive territory while the NAS was down nearly 14%. Now by August 16th, the green turned red for cyber stocks but they still meaningfully outpaced the broader tech market by more than 950 basis points as of December 2nd that Delta had contracted. As you can see, the cyber ETF is now down nearly 25%, year to date, while the NASDAQ is down 27% and change. Now take a look at just how far a few of the high profile cybersecurity names have fallen. Here are six security firms that we've been tracking closely since before the pandemic. We've been, you know, tracking dozens but let's just take a look at this data and the subset. We show for comparison the S&P 500 and the NASDAQ, again, just for reference, they're both up since right before the pandemic. They're up relative to right before the pandemic, and then during the pandemic the S&P shot up more than 40%, relative to its pre pandemic level, around February is what we're using for the pre pandemic level, and the NASDAQ peaked at around 65% higher than that February level. They're now down 85% and 71% of their previous. So they're at 85% and 71% respectively from their pandemic highs. You compare that to these six companies, Splunk, which was and still is working through a transition is well below its pre pandemic market value and 44, it's 44% of its pre pandemic high as of last Friday. Palo Alto Networks is the most interesting here, in that it had been facing challenges prior to the pandemic related to a pivot to the Cloud which we reported on at the time. But as we said at that time we believe the company would sort out its Cloud transition, and its go to market challenges, and sales compensation issues, which it did as you can see. And its valuation jumped from 24 billion prior to Covid to 56 billion, and it's holding 93% of its peak value. Its revenue run rate is now over 6 billion with a healthy growth rate of 24% expected for the next quarter. Similarly, Fortinet has done relatively well holding 71% of its peak Covid value, with a healthy 34% revenue guide for the coming quarter. Now, Okta has been the biggest disappointment, a darling of the pandemic Okta's communication snafu, with what was actually a pretty benign hack combined with difficulty absorbing its 7 billion off zero acquisition, knocked the company off track. Its valuation has dropped by 35 billion since its peak during the pandemic, and that's after a nice beat and bounce back quarter just announced by Okta. Now, in our view Okta remains a viable long-term leader in identity. However, its recent fiscal 24 revenue guide was exceedingly conservative at around 16% growth. So either the company is sandbagging, or has such poor visibility that it wants to be like super cautious or maybe it's actually seeing a dramatic slowdown in its business momentum. After all, this is a company that not long ago was putting up 50% plus revenue growth rates. So it's one that bears close watching. CrowdStrike is another big name that we've been talking about on Breaking Analysis for quite some time. It like Okta has led the industry in a key ETR performance indicator that measures customer spending momentum. Just last week, CrowdStrike announced revenue increased more than 50% but new ARR was soft and the company guided conservatively. Not surprisingly, the stock got absolutely crushed as CrowdStrike blamed tepid demand from smaller and midsize firms. Many analysts believe that competition from Microsoft was one factor along with cautious spending amongst those midsize and smaller customers. Notably, large customers remain active. So we'll see if this is a longer term trend or an anomaly. Zscaler is another company in the space that we've reported having great customer spending momentum from the ETR data. But even though the company beat expectations for its recent quarter, like other companies its Outlook was conservative. So other than Palo Alto, and to a lesser extent Fortinet, these companies and others that we're not showing here are feeling the economic pinch and it shows in the compression of value. CrowdStrike, for example, had a 70 billion valuation at one point during the pandemic Zscaler top 50 billion, Okta 45 billion. Now, having said that Palo Alto Networks, Fortinet, CrowdStrike, and Zscaler are all still trading well above their pre pandemic levels that we tracked back in February of 2020. All right, let's go now back to ETR'S January survey and take a look at how much things have changed since the beginning of the year. Remember, this is obviously pre Ukraine, and pre all the concerns about the economic headwinds but here's an X Y graph that shows a net score, or spending momentum on the y-axis, and market presence on the x-axis. The red dotted line at 40% on the vertical indicates a highly elevated net score. Anything above that we think is, you know, super elevated. Now, we filtered the data here to show only those companies with more than 50 responses in the ETR survey. Still really crowded. Note that there were around 20 companies above that red 40% mark, which is a very, you know, high number. It's a, it's a crowded market, but lots of companies with, you know, positive momentum. Now let's jump ahead to the most recent October survey and take a look at what, what's happening. Same graphic plotting, spending momentum, and market presence, and look at the number of companies above that red line and how it's been squashed. It's really compressing, it's still a crowded market, it's still, you know, plenty of green, but the number of companies above 40% that, that key mark has gone from around 20 firms down to about five or six. And it speaks to that compression and IT spending, and of course the elongated sales cycles pushing deals out, taking them in smaller chunks. I can't tell you how many conversations with customers I had, at last week at Reinvent underscoring this exact same trend. The buyers are getting pressure from their CFOs to slow things down, do more with less and, and, and prioritize projects to those that absolutely are critical to driving revenue or cutting costs. And that's rippling through all sectors, including cyber. Now, let's do a bit more playing around with the ETR data and take a look at those companies with more than a hundred citations in the survey this quarter. So N, greater than or equal to a hundred. Now remember the followers of Breaking Analysis know that each quarter we take a look at those, what we call four star security firms. That is, those are the, that are in, that hit the top 10 for both spending momentum, net score, and the N, the mentions in the survey, the presence, the pervasiveness in the survey, and that's what we show here. The left most chart is sorted by spending momentum or net score, and the right hand chart by shared N, or the number of mentions in the survey, that pervasiveness metric. that solid red line denotes the cutoff point at the top 10. And you'll note we've actually cut it off at 11 to account for Auth 0, which is now part of Okta, and is going through a go to market transition, you know, with the company, they're kind of restructuring sales so they can take advantage of that. So starting on the left with spending momentum, again, net score, Microsoft leads all vendors, typical Microsoft, very prominent, although it hadn't always done so, it, for a while, CrowdStrike and Okta were, were taking the top spot, now it's Microsoft. CrowdStrike, still always near the top, but note that CyberArk and Cloudflare have cracked the top five in Okta, which as I just said was consistently at the top, has dropped well off its previous highs. You'll notice that Palo Alto Network Palo Alto Networks with a 38% net score, just below that magic 40% number, is healthy, especially as you look over to the right hand chart. Take a look at Palo Alto with an N of 395. It is the largest of the independent pure play security firms, and has a very healthy net score, although one caution is that net score has dropped considerably since the beginning of the year, which is the case for most of the top 10 names. The only exception is Fortinet, they're the only ones that saw an increase since January in spending momentum as ETR measures it. Now this brings us to the four star security firms, that is those that hit the top 10 in both net score on the left hand side and market presence on the right hand side. So it's Microsoft, Palo Alto, CrowdStrike, Okta, still there even not accounting for a Auth 0, just Okta on its own. If you put in Auth 0, it's, it's even stronger. Adding then in Fortinet and Zscaler. So Microsoft, Palo Alto, CrowdStrike, Okta, Fortinet, and Zscaler. And as we've mentioned since January, only Fortinet has shown an increase in net score since, since that time, again, since the January survey. Now again, this talks to the compression in spending. Now one of the big themes we hear constantly in cybersecurity is the market is overcrowded. Everybody talks about that, me included. The implication there, is there's a lot of room for consolidation and that consolidation can come in the form of M&A, or it can come in the form of people consolidating onto a single platform, and retiring some other vendors, and getting rid of duplicate vendors. We're hearing that as a big theme as well. Now, as we saw in the previous, previous chart, this is a very crowded market and we've seen lots of consolidation in 2022, in the form of M&A. Literally hundreds of M&A deals, with some of the largest companies going private. SailPoint, KnowBe4, Barracuda, Mandiant, Fedora, these are multi billion dollar acquisitions, or at least billion dollars and up, and many of them multi-billion, for these companies, and hundreds more acquisitions in the cyberspace, now less you think the pond is overfished, here's a chart from ETR of emerging tech companies in the cyber security industry. This data comes from ETR's Emerging Technologies Survey, ETS, which is this diamond in a rough that I found a couple quarters ago, and it's ripe with companies that are candidates for M&A. Many would've liked, many of these companies would've liked to, gotten to the public markets during the pandemic, but they, you know, couldn't get there. They weren't ready. So the graph, you know, similar to the previous one, but different, it shows net sentiment on the vertical axis and that's a measurement of, of, of intent to adopt against a mind share on the X axis, which measures, measures the awareness of the vendor in the community. So this is specifically a survey that ETR goes out and, and, and fields only to track those emerging tech companies that are private companies. Now, some of the standouts in Mindshare, are OneTrust, BeyondTrust, Tanium and Endpoint, Net Scope, which we've talked about in previous Breaking Analysis. 1Password, which has been acquisitive on its own. In identity, the managed security service provider, Arctic Wolf Network, a company we've also covered, we've had their CEO on. We've talked about MSSPs as a real trend, particularly in small and medium sized business, we'll come back to that, Sneek, you know, kind of high flyer in both app security and containers, and you can just see the number of companies in the space this huge and it just keeps growing. Now, just to make it a bit easier on the eyes we filtered the data on these companies with with those, and isolated on those with more than a hundred responses only within the survey. And that's what we show here. Some of the names that we just mentioned are a bit easier to see, but these are the ones that really stand out in ERT, ETS, survey of private companies, OneTrust, BeyondTrust, Taniam, Netscope, which is in Cloud, 1Password, Arctic Wolf, Sneek, BitSight, SecurityScorecard, HackerOne, Code42, and Exabeam, and Sim. All of these hit the ETS survey with more than a hundred responses by, by the IT practitioners. Okay, so these firms, you know, maybe they do some M&A on their own. We've seen that with Sneek, as I said, with 1Password has been inquisitive, as have others. Now these companies with the larger footprint, these private companies, will likely be candidate for both buying companies and eventually going public when the markets settle down a bit. So again, no shortage of players to affect consolidation, both buyers and sellers. Okay, so let's finish with some key questions that we're watching. CrowdStrike in particular on its earnings calls cited softness from smaller buyers. Is that because these smaller buyers have stopped adopting? If so, are they more at risk, or are they tactically moving toward the easy button, aka, Microsoft's good enough approach. What does that mean for the market if smaller company cohorts continue to soften? How about MSSPs? Will companies continue to outsource, or pause on on that, as well as try to free up, to try to free up some budget? Adam Celiski at Reinvent last week said, "If you want to save money the Cloud's the best place to do it." Is the cloud the best place to save money in cyber? Well, it would seem that way from the standpoint of controlling budgets with lots of, lots of optionality. You could dial up and dial down services, you know, or does the Cloud add another layer of complexity that has to be understood and managed by Devs, for example? Now, consolidation should favor the likes of Palo Alto and CrowdStrike, cause they're platform players, and some of the larger players as well, like Cisco, how about IBM and of course Microsoft. Will that happen? And how will economic uncertainty impact the risk equation, a particular concern is increase of tax on vulnerable sectors of the population, like the elderly. How will companies and governments protect them from scams? And finally, how many cybersecurity companies can actually remain independent in the slingshot economy? In so many ways the market is still strong, it's just that expectations got ahead of themselves, and now as earnings forecast come, come, come down and come down to earth, it's going to basically come down to who can execute, generate cash, and keep enough runway to get through the knothole. And the one certainty is nobody really knows how tight that knothole really is. All right, let's call it a wrap. Next week we dive deeper into Palo Alto Networks, and take a look at how and why that company has held up so well and what to expect at Ignite, Palo Alto's big user conference coming up later this month in Las Vegas. We'll be there with theCube. Okay, many thanks to Alex Myerson on production and manages the podcast, Ken Schiffman as well, as our newest edition to our Boston studio. Great to have you Ken. Kristin Martin and Cheryl Knight help get the word out on social media and in our newsletters. And Rob Hof is our EIC over at Silicon Angle. He does some great editing for us. Thank you to all. Remember these episodes are all available as podcasts. Wherever you listen, just search Breaking Analysis podcast. I publish each week on wikibond.com and siliconangle.com, or you can email me directly David.vellante@siliconangle.com or DM me @DVellante, or comment on our LinkedIn posts. Please do checkout etr.ai, they got the best survey data in the enterprise tech business. This is Dave Vellante for theCube Insights powered by ETR. Thanks for watching, and we'll see you next time on Breaking Analysis. (upbeat music)

>> From theCUBE Studios in Palo Alto and Boston bringing you data driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> After a two year hiatus, AWS re:Inforce is back on as an in-person event in Boston next week. Like the All-Star break in baseball, re:Inforce gives us an opportunity to evaluate the cyber security market overall, the state of cloud security and cross cloud security and more specifically what AWS is up to in the sector. Welcome to this week's Wikibon cube insights powered by ETR. In this Breaking Analysis we'll share our view of what's changed since our last cyber update in May. We'll look at the macro environment, how it's impacting cyber security plays in the market, what the ETR data tells us and what to expect at next week's AWS re:Inforce. We start this week with a checkpoint from Breaking Analysis contributor and stock trader Chip Simonton. We asked for his assessment of the market generally in cyber stocks specifically. So we'll summarize right here. We've kind of moved on from a narrative of the sky is falling to one where the glass is half empty you know, and before today's big selloff it was looking more and more like glass half full. The SNAP miss has dragged down many of the big names that comprise the major indices. You know, earning season as always brings heightened interest and this time we're seeing many cross currents. It starts as usual with the banks and the money centers. With the exception of JP Morgan the numbers were pretty good according to Simonton. Investment banks were not so great with Morgan and Goldman missing estimates but in general, pretty positive outlooks. But the market also shrugged off IBM's growth. And of course, social media because of SNAP is getting hammered today. The question is no longer recession or not but rather how deep the recession will be. And today's PMI data was the weakest since the start of the pandemic. Bond yields continue to weaken and there's a growing consensus that Fed tightening may be over after September as commodity prices weaken. Now gas prices of course are still high but they've come down. Tesla, Nokia and AT&T all indicated that supply issues were getting better which is also going to help with inflation. So it's no shock that the NASDAQ has done pretty well as beaten down as tech stocks started to look oversold you know, despite today's sell off. But AT&T and Verizon, they blamed their misses in part on people not paying their bills on time. SNAP's huge miss even after guiding lower and then refusing to offer future guidance took that stock down nearly 40% today and other social media stocks are off on sympathy. Meta and Google were off, you know, over 7% at midday. I think at one point hit 14% down and Google, Meta and Twitter have all said they're freezing new hires. So we're starting to see according to Simonton for the first time in a long time, the lower income, younger generation really feeling the pinch of inflation. Along of course with struggling families that have to choose food and shelter over discretionary spend. Now back to the NASDAQ for a moment. As we've been reporting back in mid-June and NASDAQ was off nearly 33% year to date and has since rallied. It's now down about 25% year to date as of midday today. But as I say, it had been, you know much deeper back in early June. But it's broken that downward trend that we talked about where the highs are actually lower and the lows are lower. That's started to change for now anyway. We'll see if it holds. But chip stocks, software stocks, and of course the cyber names have broken those down trends and have been trading above their 50 day moving averages for the first time in around four months. And again, according to Simonton, we'll see if that holds. If it does, that's a positive sign. Now remember on June 24th, we recorded a Breaking Analysis and talked about Qualcomm trading at a 12 X multiple with an implied 15% growth rate. On that day the stock was 124 and it surpassed 155 earlier this month. That was a really good call by Simonton. So looking at some of the cyber players here SailPoint is of course the anomaly with the Thoma Bravo 7 billion acquisition of the company holding that stock up. But the Bug ETF of basket of cyber stocks has definitely improved. When we last reported on cyber in May, CrowdStrike was off 23% year to date. It's now off 4%. Palo Alto has held steadily. Okta is still underperforming its peers as it works through the fallout from the breach and the ingestion of its Auth0 acquisition. Meanwhile, Zscaler and SentinelOne, those high flyers are still well off year to date, with Ping Identity and CyberArk not getting hit as hard as their valuations hadn't run up as much. But virtually all these tech stocks generally in cyber issues specifically, they've been breaking their down trend. So it will now come down to earnings guidance in the coming months. But the SNAP reaction is quite stunning. I mean, the environment is slowing, we know that. Ad spending gets cut in that type of market, we know that too. So it shouldn't be a huge surprise to anyone but as Chip Simonton says, this shows that sellers are still in control here. So it's going to take a little while to work through that despite the positive signs that we're seeing. Okay. We also turned to our friend Eric Bradley from ETR who follows these markets quite closely. He frequently interviews CISOs on his program, on his round tables. So we asked to get his take and here's what ETR is saying. Again, as we've reported while CIOs and IT buyers have tempered spending expectations since December and early January when they called for an 8% plus spending growth, they're still expecting a six to seven percent uptick in spend this year. So that's pretty good. Security remains the number one priority and also is the highest ranked sector in the ETR data set when you measure in terms of pervasiveness in the study. Within security endpoint detection and extended detection and response along with identity and privileged account management are the sub-sectors with the most spending velocity. And when you exclude Microsoft which is just dominant across the board in so many sectors, CrowdStrike has taken over the number one spot in terms of spending momentum in ETR surveys with CyberArk and Tanium showing very strong as well. Okta has seen a big dropoff in net score from 54% last survey to 45% in July as customers maybe put a pause on new Okta adoptions. That clearly shows in the survey. We'll talk about that in a moment. Look Okta still elevated in terms of spending momentum, but it doesn't have the dominant leadership position it once held in spend velocity. Year on year, according to ETR, Tenable and Elastic are seeing the biggest jumps in spending momentum, with SailPoint, Tanium, Veronis, CrowdStrike and Zscaler seeing the biggest jump in new adoptions since the last survey. Now on the downside, SonicWall, Symantec, Trellic which is McAfee, Barracuda and TrendMicro are seeing the highest percentage of defections and replacements. Let's take a deeper look at what the ETR data tells us about the cybersecurity space. This is a popular view that we like to share with net score or spending momentum on the Y axis and overlap or pervasiveness in the data on the X axis. It's a measure of presence in the data set we used to call it market share. With the data, the dot positions, you see that little inserted table, that's how the dots are plotted. And it's important to note that this data is filtered for firms with at least 100 Ns in the survey. That's why some of the other ones that we mentioned might have dropped off. The red dotted line at 40% that indicates highly elevated spending momentum and there are several firms above that mark including of course, Microsoft, which is literally off the charts in both dimensions in the upper right. It's quite incredible actually. But for the rest of the pack, CrowdStrike has now taken back its number one net score position in the ETR survey. And CyberArk and Okta and Zscaler, CloudFlare and Auth0 now Okta through the acquisition, are all above the 40% mark. You can stare at the data at your leisure but I'll just point out, make three quick points. First Palo Alto continues to impress and as steady as she goes. Two, it's a very crowded market still and it's complicated space. And three there's lots of spending in different pockets. This market has too many tools and will continue to consolidate. Now I'd like to drill into a couple of firms net scores and pick out some of the pure plays that are leading the way. This series of charts shows the net score or spending velocity or granularity for Okta, CrowdStrike, Zscaler and CyberArk. Four of the top pure plays in the ETR survey that also have over a hundred responses. Now the colors represent the following. Bright red is defections. We're leaving the platform. The pink is we're spending less, meaning we're spending 6% or worse. The gray is flat spend plus or minus 5%. The forest green is spending more, i.e, 6% or more and the lime green is we're adding the platform new. That red dotted line at the 40% net score mark is the same elevated level that we like to talk about. All four are above that target. Now that blue line you see there is net score. The yellow line is pervasiveness in the data. The data shown in each bar goes back 10 surveys all the way back to January 2020. First I want to call out that all four again are seeing down trends in spending momentum with the whole market. That's that blue line. They're seeing that this quarter, again, the market is off overall. Everybody is kind of seeing that down trend for the most part. Very few exceptions. Okta is being hurt by fewer new additions which is why we highlighted in red, that red dotted area, that square that we put there in the upper right of that Okta bar. That lime green, new ads are off as well. And the gray for Okta, flat spending is noticeably up. So it feels like people are pausing a bit and taking a breather for Okta. And as we said earlier, perhaps with the breach earlier this year and the ingestion of Auth0 acquisition the company is seeing some friction in its business. Now, having said that, you can see Okta's yellow line or presence in the data set, continues to grow. So it's a good proxy from market presence. So Okta remains a leader in identity. So again, I'll let you stare at the data if you want at your leisure, but despite some concerns on declining momentum, notice this very little red at these companies when it comes to the ETR survey data. Now one more data slide which brings us to our four star cyber firms. We started a tradition a few years ago where we sorted the ETR data by net score. That's the left hand side of this graphic. And we sorted by shared end or presence in the data set. That's the right hand side. And again, we filtered by companies with at least 100 N and oh, by the way we've excluded Microsoft just to level the playing field. The red dotted line signifies the top 10. If a company cracks the top 10 in both spending momentum and presence, we give them four stars. So Palo Alto, CrowdStrike, Okta, Fortinet and Zscaler all made the cut this time. Now, as we pointed out in May if you combined Auth0 with Okta, they jumped to the number two on the right hand chart in terms of presence. And they would lead the pure plays there although it would bring down Okta's net score somewhat, as you can see, Auth0's net score is lower than Okta's. So when you combine them it would drag that down a little bit but it would give them bigger presence in the data set. Now, the other point we'll make is that Proofpoint and Splunk both dropped off the four star list this time as they both saw marked declines in net score or spending velocity. They both got four stars last quarter. Okay. We're going to close on what to expect at re:Inforce this coming week. Re:Inforce, if you don't know, is AWS's security event. They first held it in Boston back in 2019. It's dedicated to cloud security. The past two years has been virtual and they announced that reinvent that it would take place in Houston in June, which everybody said, that's crazy. Who wants to go to Houston in June and turns out nobody did so they postponed the event, thankfully. And so now they're back in Boston, starting on Monday. Not that it's going to be much cooler in Boston. Anyway, Steven Schmidt had been the face of AWS security at all these previous events as the Chief Information Security Officer. Now he's dropped the I from his title and is now the Chief Security Officer at Amazon. So he went with Jesse to the mothership. Presumably he dropped the I because he deals with physical security now too, like at the warehouses. Not that he didn't have to worry about physical security at the AWS data centers. I don't know. Anyway, he and CJ Moses who is now the new CISO at AWS will be keynoting along with some others including MongoDB's Chief Information Security Officer. So that should be interesting. Now, if you've been following AWS you'll know they like to break things down into, you know, a couple of security categories. Identity, detection and response, data protection slash privacy slash GRC which is governance, risk and compliance, and we would expect a lot more talk this year on container security. So you're going to hear also product updates and they like to talk about how they're adding value to services and try to help, they try to help customers understand how to apply services. Things like GuardDuty, which is their threat detection that has machine learning in it. They'll talk about Security Hub, which centralizes views and alerts and automates security checks. They have a service called Detective which does root cause analysis, and they have tools to mitigate denial of service attacks. And they'll talk about security in Nitro which isolates a lot of the hardware resources. This whole idea of, you know, confidential computing which is, you know, AWS will point out it's kind of become a buzzword. They take it really seriously. I think others do as well, like Arm. We've talked about that on previous Breaking Analysis. And again, you're going to hear something on container security because it's the hottest thing going right now and because AWS really still serves developers and really that's what they're trying to do. They're trying to enable developers to design security in but you're also going to hear a lot of best practice advice from AWS i.e, they'll share the AWS dogfooding playbooks with you for their own security practices. AWS like all good security practitioners, understand that the keys to a successful security strategy and implementation don't start with the technology, rather they're about the methods and practices that you apply to solve security threats and a top to bottom cultural approach to security awareness, designing security into systems, that's really where the developers come in, and training for continuous improvements. So you're going to get heavy doses of really strong best practices and guidance and you know, some good preaching. You're also going to hear and see a lot of partners. They'll be very visible at re:Inforce. AWS is all about ecosystem enablement and AWS is going to host close to a hundred security partners at the event. This is key because AWS doesn't do it all. Interestingly, they don't even show up in the ETR security taxonomy, right? They just sort of imply that it's built in there even though they have a lot of security tooling. So they have to apply the shared responsibility model not only with customers but partners as well. They need an ecosystem to fill gaps and provide deeper problem solving with more mature and deeper security tooling. And you're going to hear a lot of positivity around how great cloud security is and how it can be done well. But the truth is this stuff is still incredibly complicated and challenging for CISOs and practitioners who are understaffed when it comes to top talent. Now, finally, theCUBE will be at re:Inforce in force. John Furry and I will be hosting two days of broadcast so please do stop by if you're in Boston and say hello. We'll have a little chat, we'll share some data and we'll share our overall impressions of the event, the market, what we're seeing, what we're learning, what we're worried about in this dynamic space. Okay. That's it for today. Thanks for watching. Thanks to Alex Myerson, who is on production and manages the podcast. Kristin Martin and Cheryl Knight, they helped get the word out on social and in our newsletters and Rob Hoff is our Editor in Chief over at siliconangle.com. You did some great editing. Thank you all. Remember all these episodes they're available, this podcast. Wherever you listen, all you do is search Breaking Analysis podcast. I publish each week on wikibon.com and siliconangle.com. You can get in touch with me by emailing avid.vellante@siliconangle.com or DM me @dvellante, or comment on my LinkedIn post and please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching and we'll see you in Boston next week if you're there or next time on Breaking Analysis (soft music)

>> Narrator: From theCUBE Studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is theCUBE conversation. >> Hi everybody, this is Dave Vellante and welcome to this week's CUBE insights powered by ETR. In this breaking analysis, we're going to bring in Sagar Kadakia who's the Director of Research at ETR. He's been away for the last couple of weeks, he's really digging into the latest data set, ETR of course it was in it's quiet period. And today, what we want to do is give you three of the macro takeaways from that last two-week analysis and drill into to some of the sectors. So Sagar, that's for coming on, great to see you again. Let's get right into it. >> Let's do it, thanks for having me. >> You've been crazy busy, we started the year at a plus 4%, consensus IT spend. We reported for several weeks and ended up at minus 4%. We're now at minus 5%, after you've gone through and done some additional analysis. So bring us up to date the IT spend projection. >> Yeah no problem, and that's our first macro takeaway, is we're seeing declines in IT budget, a decline of 5%. And remember, coming into the year as you mentioned, consensus assessments were right around that 4% number. And so we've seen this kind of 900 basis point shift downward so that's kind of where we are today, if we kind of look at that chart that we've been tracking for the last few weeks. And then for those that have seen this chart before, you've kind of seen where we've been kind of going the last two, three weeks. And for those that haven't seen the chart, I'll kind of go through it now. So, as many of you know, kind of launched its COVID-19 drill down survey to measure the impact that the virus was going to have on total spend this year and so we kind of launched that drill down on March 11th and so if you kind of look at that blue line there, what you're looking at, is we asked individuals, estimate what percentage impact you think the virus is going to have on your budget versus your original expectations. And since we launched this on March 11th, on that blue line that you're looking at, we got a lot of positivity in the beginning. And so if you look at the blue line all the way through, you follow that, you get about zero percent growth. Now the issue is, as I just mentioned is, we launched on the 11th, and there wasn't a tremendous amount of information available as to how severe the virus was, and so we kind of did this in Venn analysis and we talked about this last time, on the last breaking analysis, where it's probably more appropriate to look at a start date closer to 3/17 or 3/23 when the market really understood the severity of COVID-19. NYC became the epicenter. And if we look at just those customers who indicated a spend impact after that date, you can see it's coming out to about four or 5% decline. And so that's kind of one of our big macro takeaways, and the other thing on this chart, kind of focus on is, and even though we're not looking at, some of the vendors here, is when you think about declines, it's not across the full IT stack, and I think that's really important for the audience to understand. We're seeing focused declines among on-prem legacy pure plays. You're still seeing CIO spend on cloud and SaaS. In fact, they're doubling down there. And so when you kind of think about how things are going to shape up the next three, six, nine months, there's going to be a lot of bifurcation. And we think cloud and SaaS are going to be well positioned with a lot of legacy and on-prem. That's where you're going to see a majority of those declines that you're seeing here kind of play out. >> I've made the case, statement many times that cloud is good, or downturns have been to cloud. You saw this in 2008, 2009 with the shift from CapEx to OpEx. We came out of 2009 into the decade of cloud. And very clearly we're seeing some similar things here as people shift to that work-from-home. We had one CIO on the recent Venns that I want to just delete my data centers. Unfortunately, he's not going to be able to do that overnight, but I think, as Eric Bradley pointed out last week, a lot of customers who weren't even thinking about cloud, or really were sort of reticent to go all in, really have flipped and changed their tune. Let's talk about some of the industries that are impacted by this COVID-19 and the stay-at-home. This slide really kind of underscores that. Why don't you take us through it? >> Yeah, no problem. So on the last slide, you were looking at kind of our COVID-19 drill-down study. On this slide, what we're now going to focus on is a study that we did in tandem, which is called our Technology Spending Intentions Survey. And specifically we conducted this in April. What we did is we asked CIOs to update their 2020 spending intentions versus how they spent in '19. So this survey was originally posed in January and then we're essentially asking for a three-month update now. So we're trying to get an understanding of how much has changed in the last three months because of COVID-19. And when we asked these CIOs, we give them essentially a list of 400 vendors. And they're able to then indicate which ones they're flattening on, decreasing on, maybe accelerating on. And so what you're looking at here is we've aggregated that data by industry. And if you look at the X-axis here, you're going to look at spend intensity versus three months ago. And the Y-axis will be spend intensity versus a year ago. And so what you're seeing here is over the last three months, look at how much verticals, like retail/consumer, airlines, delivery services, financials/insurance, IT/TelCo, services/consulting. Those have really seen some of the largest pullbacks in spend versus three months ago. And those are also some of the industries that have indicated the largest pullback in demand from consumers and businesses. And so this is where we think a lot of the declines that we showed you earlier really kind of focus on some of these verticals. And that's how, when you kind of think about which organization are going to be hurt, which ones might see the most impact, three, six months from now, this is a really good chart to view. >> Yeah, a couple of points I would make on this data. Retail and consumer, again, even that's bifurcated. Obviously the physical stores getting crushed. You see Amazon now trading at all-time highs. Target announced today, I think they said a 200% increase in online shopping, which, of course, is fulfilled. 85% of Target's demand is fulfilled by their stores. So that's kind of mixed. You're going to see an accelerated move toward digital transformation there. Airlines, it's really unclear what's going to happen there. IT/TelCo, on one of the last Venns we talked about MPLS, people trying to get off of MPLS, really moving toward a SD-WAN. Healthcare, pharma, healthcare doesn't have time to do anything right now. No time to take a breather. Financials is interesting. I mean, they're down right now, but they still have a lot of cash. Liquidity is good. And then energy, I mean oil, I've just never seen anything like it. We're concerned obviously about credit risk there and oil companies being able to pay off their debts. So it's really not a pretty picture, is it? >> Yeah, and if focus on energy, even though you're not seeing a huge pullback versus three months ago in energy, it's really important to understand when we did this survey in January, energy was all the way on the left side of that chart. And so it already looked really bad coming into the year. So it got worse. But because of the severity versus last year, like they're just not seeing that much more of a negative impact now. This was before, this survey closed before everything happened the last few days with oil prices. So it is very possible that that data is going to get worse. And we'll know if it gets really-- >> We're not laughing a lot these days, but if you haven't filled up your car in a while, I mean it's, Anyway, let's go into the security piece. We talked about, you guys were really the first to report this work-from-home pivot. Others have sort of more recently coming to that conclusion. And it wasn't just Zoom and WebEx and video collaboration, Teams, et cetera. It really was all kinds of infrastructure, including security. So we can bring up the next chart, guys. Let's sort of get into this. We're going to talk about the sector and some of the vendors in here. Let's go. >> Yeah, no problem, so if we kind of step away from the macro and really start getting into the sectors and vendors in here. If we start with security, what we're really saying is that, look, a remote workforce is really kind of revealing best-in-breed. And we think it's going to lead to the permanent changes. So what you're looking at here is these are the net scores for each individual vendor currently versus three months ago as well as a year ago levels. The yellow bars will be what's currently. And the way to think about net score is just kind of spend intensity. And so the higher your net score, the more spend intensity, the more spend velocity you're seeing from enterprise customers. And what we're really seeing here, if you kind of look at the vendors on the left, you're seeing a lot of acceleration among secure web gateway end point, mobile security, cloud SaaS application security, identity, and these make sense. As we mentioned earlier, as you really accelerate your cloud and SaaS spend, you're going to want to use vendors that best protect those areas. And so if you look to the left here, Okta and Zscaler, Cloudflare, CrowdStrike, some of these really look best positioned moving forward. Palo Alto looks good longer term. Splunk at this point also looked good longer term. And then the other thing to kind of hit on here is the other side in terms of, we talked about the bifurcation that we expect. We're seeing significant declines in net scores among a lot of these legacy vendors. Check points come down quite a bit. Juniper, Trend Micro, Broadcom, Barracuda Networks, SonicWALL, and so you can see the disparity here. It's pretty clear on the image. But we think there's some pretty clear winners and losers here. And I think we may see permanent changes moving forward. >> Yeah, so Twistlock, of course, is now owned by Palo Alto. CrowdStrike, they're a hot company in the sector. Okta, I have the Chief Product Officer coming on shortly here for part of my CXO series. We've talked about Palo Alto and how they sort of fell behind a little bit in the cloud. But you talk to customers, they really see Palo Alto as in the mix. Zscaler came up in the Venn as, to your point, securing gateways and doing a really good job in that space. And so I think the fragmentation, the fragmentation probably continues, but there's also bifurcation, as you pointed out. Let's talk about cloud. As you've said and I said, downturns have been good to cloud. People are obviously looking more toward cloud, whether it's SaaS or cloud type of consumption. Let's bring up the next slide, which looks at the big three, Azure, AWS, and GCP. First of all, all three have very strong net scores. Up in the 60% plus range. But you have Azure pulling away. I'd love to hear your thoughts on that. >> Yeah, that's right, and we've kind of been using this analogy of kind of a horse race. Just kind of as context, coming into January you see really GCP accelerating. And so one of the things we said in January was it's becoming more of a three-horse race. Even though GCP doesn't have the same type of market share as the other two, you are seeing the spend intensity increase. And now what you're seeing is Azure pulling away a little bit because of, we think, COVID-19. When you look at Azure's data set, it really looks robust and healthy across all verticals, across most regions. And that is what you're seeing here where it's continuing to kind of accelerate. It looks good. AWS, GCP, it also looks good here, but you're not seeing the same uniform strength. There's a couple verticals for AWS where we're seeing a little bit of a pullback in spend, like retail and industrials. For GCP we're seeing a pullback in mid-size and small enterprises. So that's causing a couple of cracks here and there. Even though they look overall healthy, but we did want to kind of indicate here on cloud where, look one vendor looks like they're pulling away when it comes to spend velocity. >> It's going to be interesting to see. I mean, we reported on the sort of deltas between Azure and AWS and the cloud, the quality of the cloud. I think we're going to carefully watch the quarterly reports. You always have to kind of squint through the Azure numbers to see what's in there. But there's no question that Microsoft, across the board, is really very, very strong. All right, let's talk about collaboration, productivity, video conferencing. I mean, we've certainly seen upticks. But as shown on this slide, you guys, if you could bring the next slide up. You know, it's not all rosy. Talk about this a little bit. >> Yeah, I think, look, there's been a lot of coverage around which vendors look best. And so I kind of want to take the opposite view on this chart for the audience, and say hey look, which vendors are not benefiting? And this is kind of like a hodgepodge sector of productivity and collaboration, video conferencing. What we're saying is it's now of never, so to speak. And you're looking at replacement rates. So if you look at, if you see something on this chart that says 20% replacement, that means one out of five customers indicated for that vendor in our survey, indicated a replacement for them, which is not good. And so you're seeing vendors here like Dropbox, Box and Slack having elevated or accelerating replacement levels. And these vendors, pitch themselves as collaboration tools. And if they're not doing well now and they're seeing elevated replacements, especially as everyone is working from home, that doesn't bode well for the future. >> I think people who know me know I'm not a huge fan of Box and Slack. They drive me crazy. And so this is interesting to see. I mean, we're a Zoom shop, so obviously you Zoom, you like Zoom. I had my first experience very recently with Microsoft teams. I was quite impressed. I thought it was easy to use. Skype, hell was just terrible. And so, much, much improved. Very interesting cut on that one. So again, it's a bifurcated story. Let's drill into teams a little bit. Guys, have you bring up the next slide, Movements reporting. And you guys are really again, first on this, how strong Microsoft is across the board. But really going after it and collaboration. >> On that previous slide you saw that, Dropbox and Slack, we're all seeing replacements. So again, a lot of customers like where was all that spend going? Well, it's going to Microsoft Teams. It's going to One Drive. This is a Slack drilled out, or sorry, a Slack and teams drill down. That we did, earlier this year. And what we're trying to do is measure, how these products were going to do in the next 12 months. And so what you're looking at here is Fortune 500 organizations. What we did is we asked them how much of your organization, is using Microsoft Teams today. What percentage of your organization is going to be using Microsoft Teams 12 months from now? That's going to be in the yellow bars. And you can see the big upticks in 12 months. And we took some mid point averages. Look at how much Microsoft Teams is going to grow, within Fortune 500 accounts in the next 12 months. And if we look at Slack on the next slide, you're really now seeing the exact opposite. Same question, how many folks in your Fortune 500 organization are using Slack today? And what does that look like in 12 months? And the mid point average is actually coming down. And so, it's like Slack is a seat-based model. And so when you have less users that's going to generate less revenue. And so again, this is amongst the existing Fortune 500 customers. This doesn't include new Fortune 500, but this spells problems for Slack, when you kind of think about the next six to 12 months ahead. >> Well it's one thing if you're competing with Microsoft and your AWS. I've not really not worried about AWS, Microsoft, take a note AWS. If you're one of these collaboration platforms, Microsoft, we've seen over the years, first of all, they got great developer affinity. They know how to bundle different products together. Now they got the cloud working so they got their flywheel effect in the cloud. There's just not a ton of room. The thing is they have such a huge software estate, such a giant customer install base and it's just makes it easy for them. The products are good enough or in some cases really good. So that's going to be something to watch, because there's a lot of high valuations going on right now in their collaboration space. >> That's right. And I think, it really hits on the previous slide, or the previous slides on collaboration that we saw, was when you think again about the declines, a lot of that is impacting some of these pure plays. So in security you saw a lot of the legacy names getting in. On the collaboration side, you saw a lot of these pure plays your getting in. And so this is kind of, again when you think about where budgets are going and which vendors are being impacted, it's really concentrated into some specific areas. >> So now, one of the hardest hit areas, and you guys reported on this earlier, was the IT consulting and outsourcing IT. You guys have you bring up that the chart, it's pretty ugly. Maybe you can explain what you're seeing here and why you think that is. >> Yeah, no problem. So again, this is from our technology spending intention survey. We're measuring spend velocity here. Spend intensity, and you can see across, these are just a handful of IT consulting firms. If you look at the blue bars to the yellow bar. So the blue bar is, 2020 spending intent that we captured in January and now we're asking for updated 2020 spending intentions. You can see the deceleration in just the last three months. If you look at our COVID-19 drill down side that we conducted, one of the questions in there we asked was, are you freezing new IT projects or deployments? Almost, 1/4 percentage of customers said they are. And so, that is going to spell problems for this space. When you think about, look, if you're going into uncertain times an easy way to reduce your budget is by, spending less with consulting vendors since you know, you can just less than the number of deliverables, these individuals get paid based on. How many deliverables they can complete. So this is another area that when you kind of think about where the declines are coming from, this is certainly an area to look at. >> A lot of the customers we've talked to have said, we've basically shut down spending on some of the large projects. We're still focusing on some digital transformation, but that's maybe a longer term priority. And then the IBM piece of this chart, guys, if you could bring it back is interesting to me because look, they paid 34 billion for Red Hat. I've always said a key to the Red Hat acquisition was being able to point it at the large consulting base and modernize those applications. IBM actually had a pretty good quarter in services. Although they did mention that respect especially in software that in the month of the quarter software spending shutdown. I don't think we got visibility that this piece of the business, but this could be, somewhat of a concern going forward. I think that's going to be one of the areas that gets slow rolled coming back, Sagar. I don't think it's going to come back tomorrow. So please your thoughts. >> Just to kind of quickly wrap up IBM. So yeah, one of the things we kind of saw in the data was not only eroding spending intention data on a lot of their SaaS portfolio but also eroding market share. And we saw big down takes on Red Hat products and IT services. Even in cloud. And I know they indicated pretty healthy numbers on Red Hat and cloud. But again, we're asking about 2020, forward-looking spending intentions. And of course they pulled their guidance. So we don't know how that's going to look. But in our data, things are really coming down versus three months ago. And so I think just overall, that is a data set that we're quite negative one. >> I think IBM has that sense. Like I said, March was not good for software. That's when the big deals come through. You're right. Red Hat, I think route 20% in the quarter and is now accredited from a cashflow basis, which is one of their targets. I think they beat their target there. Still good cashflow. But I think there's just so much uncertainty, And IBM have to be prepared for that and I'm sure will. That we're at minus 5% now. We're seeing cloud SaaS, we're seeing a bifurcation. We talked about some of the areas that are in trouble. That's kind of part one. Next week we'll be talking about part two. What can we expect? >> Yeah, we'll start going through networking, CDN, ITSM, IT workflows, database, data warehousing, and we'll kind of go through that as well. But again, you're going to see a lot of what we talked about today. Just the bifurcation span where, vendors that are more next gen, more work-from-home friendly like all of the SaaS guys, they're doing really well. And on the on-prem and the legacy, you're just seeing elevated replacements, elevated decreased rates. This is the most bifurcated, I've seen this data set and I've been doing this at ETR for, almost seven, probably going on eight years now. So I think that kind of says something about the environment that we're in and what to kind of expect in the next three to six months. >> And it's kind of like the stock market is right now. You're actually seeing, some great momentum in certain stocks and terrible in others. Those were great balance sheets and maybe COVID is a tailwind for them. Others, tons of uncertainty, a lot of concern. I know in poking around the data set, like you said, some of the analytics, the data warehouses, you see Snowflake, UiPath, Automation Anywhere. A lot of the automation, RPA, momentum is there. Security, we talked about that. There's some real bright spots there but a lot of the on-prem stuff. We'll see product cycles affect that, in the second half of of 2020. We'll continue to report on this Sagar. Thank you so much for we're coming on and we'll definitely see you next week. >> Thanks for having me again, Dave. Looking forward. >> All right, and thank you for watching, this CUBE insights powered by ETR. We will see you next time. Don't forget, all these episodes are available as podcasts, wherever you listen. Go to etr.plus, checkout what's happening there. Siliconangle.com has all the news I publish in there weekly. I also publish on wikibond.com. Thanks for watching this breaking analysis. This is Dave Vellante and Sagar Kadakia, we'll see you next time. (upbeat music)

>> From the SiliconANGLE Media Office in Boston, Massachusetts, it's theCUBE! Now here's your host, Dave Vellante. >> Hi, everybody, welcome to this Cube Insights, powered by ETR. In this breaking analysis I want to talk to you about what I learned this week at Dell Technology's financial analyst meeting in New York. They gathered all the financial analysts, Rob Williams hosted it, he's the head of IR, Michael Dell of course was there. They had Dennis Hoffman who is the head of strategic planning, Jeff Clarke who basically runs the business and Tom Sweet, of course, who was the star of the show, the CFO, all the analysts want to see him. Dell laid out its longterm goals, it provided much clearer understanding of its strategic direction, basically focused on three areas. Dell believes that IT is getting more complex, we know that, they want to capitalize on that by simplifying IT. We'll talk about that. And then they want to position for the wave of digital transformations that are coming and they also believe, Dell believes, that it can capitalize on the consolidation trend, consolidating vendors, so I'll talk about each of those. And so let me bring up the first slide, Alex, if you would. The takeaways from the Dell financial analyst meeting. Let me share with you the overall framework that Tom Sweet laid out. And I have to say, the messaging was very consistent, these guys were very well-prepared. I think Dell is, from a management perspective, very well-run company. They're targeting three to 5% growth on what they're saying is a 4% GDP forecast. Or sorry, 4%, I have GDP here, it's really 4% industry growth. GDP's a little lower than that obviously. So this is IDC data, Gartner data, 4% industry growth. So that's an error on my part, I apologize. The strategies to grow relative to their competition. So grow share on a relative basis. So whatever the market does, again, not GDP, but whatever the market does, Dell wants to grow faster than the market. So it wants to gain share, that's its primary metric. From there they want to grow operating income and they want to grow that faster than revenue, that's going to throw off cash. And then they're going to also continue to delever the balance sheet. I think they paid down 17 billion in debt since the EMC acquisition. They want to get to a two X debt to EBITA ratio within 18 months. And what they're saying is, you know, they talked about, Tom Sweet talked about this consistent march toward investment-grade rating. They've been talkin' about that for awhile. He made the comment, we don't need to have a triple A rating but we want to get to the point where we can reduce our interest expense, and that will, 'cause they'll drop right into the bottom line. So they talked about these various levers that they can turn, some of them under the P and L, gaining share, some are their operating structure and their organizational structure, and one big one is obviously their debt structure. The other key issue here is will this cut the liquidity discount that Dell faces? What do I mean by that? Well, VMware has about a $60 billion valuation. Dell owns about 80% of VMware, which would equate to 48 billion. But if you look at Dell's market cap, it's only 37 billion. So it essentially says that Dell's core business is worth minus 11 billion. We used to talk about this when EMC owned VMware. Its core business only comprised about 40% of the overall value of the company, in this case because of the high debt, Dell has a negative value. And it's not just the high debt. Michael Dell has control over the voting shares, it's essentially a conglomerate structure, there's very high debt, and it's a relatively low margin business, notwithstanding VMware. And so as a result, Dell trades at a discount relative to what you would think it should trade at, given its prominence in the market, $92 billion company, the leader in every category under the sun. So that's the big question is can Dell turn these levers, drop EBITA or cash to the bottom line, affect operating income, and then ultimately pay down its debt and affect that discount that it trades at? Okay, bring up, if you would, Alex, the next slide. Now I want to share with you the takeaways from the Dell line of business focus. This really was Jeff Clarke's presentations that I'm going to draw from. Servers, we know, they're softer demand, but the key there is they're really faced tough compares. Last year, Dell's server business grew like crazy. So this year the comparisons are lessened. But there's less spending on servers. I'll share with you some of the ETR data. Storage, they call it holding serve, you saw last quarter I did an analysis, I took the ETR data and the income statement, it showed Pure was gaining share at like 22% growth from the income statement standpoint. Dell was 0% growth but is actually growing faster than its competitors. With the exception of Pure. It's growing faster than the market. So Dell actually gained share with 0% growth. Dell's really focused on consolidating the portfolio. They've cut the portfolio down from 80, I think actually the right number is 88 products, down to 20 by May of 2020. They've got some new mid-range coming, they've just refreshed their data protection portfolio, so again, by May of next year, by Dell Technologies World they'll have a much, much more simplified portfolio. And they're gaining back share. They've refocused on the storage business. You might recall after the acquisition, EMC was kind of a mess. It was losing share before the acquisition, it was so distracted with all the Elliott Management stuff goin' on. And kind of took its eye off the ball, and then after the acquisition it took awhile for them to get their act together. They gained back about 375 basis points in the last 18 months. Remember a basis point is 1/100th of 1%. So gaining share and their consistent focus on trying to do that. Their PC business, which is actually doin' quite well, is focused on the commercial segment and focused on higher margins. They made the statement that the PCs are kind of undersupply right now so it's helping margins. There's a big focus in Jeff Clarke's organization on VMware integration. To me this makes a lot of sense. To the extent that you can take the VMware platform and make Dell hardware run VMware better, that's something that is an advantage for Dell, obviously. And at the same time, VMware has to walk the fine line with the ecosystem. But certainly it's earned the presence in the market now that it can basically do what I just said, tightly integrate with Dell and at the same time serve the ecosystem, 'cause frankly, the ecosystem has no choice. It must serve VMware customers. The strategy, essentially, is to, as I say, capitalize on vendor consolidation, leverage value across the portfolio, so whether it's pivotal, VMware integration, the security portfolio, try to leverage that and then differentiate with scale. And Dell really has the number one supply chain in the tech business. Something that Dave Donatelli at HP, when he was at HP, used to talk about. HPE doesn't really talk about that supply chain advantage anymore 'cause essentially it doesn't have it. Dell does. So Jeff Clarke's reorganization, he came in, he streamlined the organization, really from the focus on R and D to product to collaboration across the organization and the VMware integration. I actually was quite impressed with when I first met Jeff Clarke I guess two years ago now, what he and the organization have accomplished since then. No BS kind of person. And you can see it's starting to take effect. So we'll keep an eye on that. The next slide I want to show you, I want to bring in the ETR data. We've been sharing with you the ETR spending intention surveys for the last couple of weeks and months. ETR, enterprise technology research, they have a data platform that comprises 4,500 practitioners that share spending data with them. CIOs, IT managers, et cetera. What I'm showing here is a cut off of the server sector. So I'm going to drill down into server and storage. So these are spending intentions from the July survey asking about the second half of 2019 relative to the first half of 2019. And this is a drill-down into the giant public and private firms. Why do I do that? Because in meeting the ETR, this is the best indicator. So it's big, big public companies and big private companies. Think Uber. Private companies that spend a ton of dough on IT. UPS before it went public, for example. So those companies are in here. And they're, according to ETR, the best indicators. What this chart shows, so the bars show, and I've shared this with you a number of times, the lime green is we're adding, we're new to this platform, we're new adoption. The evergreen is we're spending more, the gray is we're spending the same, the light red or pink is we're spending less, and the dark red is we're leaving the platform. So if you subtract the red from the green you get what's called a net score, and that's that blue line. And this is the overall server spending intentions from that July survey. The end is about 525 respondents out of the 4,500. And this is, again, those that just answered the question on server. So you can see the net score on server spend is dropping. And you can see the market share on server is dropping. The takeaway here is that servers, as a percentage of overall IT spend, are on a downward slope, and have been for quite some time. Back to the January '16 survey. Okay, so that's going to serve us. Let's take a look at the same data for storage. So if, Alex, if you bring up the storage sector slide, You can see kind of a similar trend. And I would argue what's happening here, a couple of things. You've got the CLOB effect, I'll talk about that some more, and you've also got, in this case, the flash, all-flash array effect. What happened was you had all-flash arrays and flash come into the data center, and that gave performance a huge headroom. Remember, spinning disk was the last bastion of mechanical movement and it was the main bottleneck in terms of overall application performance. IO was the problem. Well you put a bunch of flash into the system and it gives a lot of headroom. People used to over-provision capacity just for performance reasons. So flash has had the effect of customers saying, hey, my performance is good, I don't need to over-provision anymore, I don't need to buy so much. So that combined with cloud, I think, has put down the pressure on the storage business as well. Now the next slide, Alex, that I want you to bring up is the vendor net scores, the server spending intentions. And what I've done is I've highlighted Dell EMC. Now what's happening here in the slide, and I realize it's an eye chart, but basically where you want to be in this chart is in the left-hand side. What it shows is the spending intentions and the momentum from the October '18, which is the gray, the April '19, which is the blue, and then the July '19 which is the most recent one. Again, the end is 525 in the servers for the July '19 survey. And you can see Dell's kind of in the middle of the pack. You'd love to be in the left-hand side, you know, Docker, Microsoft, VMware, Intel, Ubuntu. And you don't want to be on the right-hand side, you know, Fujitsu, IBM, is sort of below the line. Dell's kind of in the middle there, Dell EMC. The next slide I want to show you is that same slide for storage. And again, you can see here is that on-- So this is vendor net scores, the storage spending intentions. On the left-hand side it's all the high growth companies. Rubrik, Cohesity, Nutanix, Pure, VMware with vSAN, Veeam. You see Dell EMC's VxRail. On the right-hand side, you see the guys that are losing momentum. Veritas, Iron Mountain, Barracuda, HitachiHDS, Fusion-io still comes up in the survey after the acquisition by Western Digital. Again, you see Dell EMC kind of holding serve in the middle there. Not great, not bad. Okay, so that's kind of just some other ETR data that I wanted to share. All right, next thing we're going to talk about is the macros market summary. And Alex, I've got some bullet points on this, so if you bring up that slide, let me talk about that a little bit. So five points here. First, cloud continues to eat away at on-prem, despite all this talk about repatriation, which I know does happen. People try to throw everything to the cloud and they go, whoa! Look at my Amazon bill, yeah, I get that. That's at the margin. The main trend is that cloud continues to grow. That whole repatriation thing is not moving the on-prem market. On-prem is kind of steady eddy. Storage is still working through that AFA injection. Got a lot of headroom from performance standpoint. So people don't need to buy as much as they used to because you had that step function in performance. Now eventually the market will catch up, all this digital transformation is happening, all this data is flowing through the system and it will catch up, and the storage market is elastic. As NAN prices fall, people will, I predict, will buy more storage. But there's been somewhat of a lull in the overall storage market. It's not a great market right now, frankly, at the macro level. Now ETR does these surveys on a quarterly basis. They're just about to release the October survey, and they put out a little glimpse on Friday about this survey. And I'll share some bullet points there. Overall IT spending clearly is softening. We kind of know that, everybody kind of realizes that. Here's the nuance. New adoptions are reverting to pre-2018 levels, and the replacements are rising. What does this mean? So the number of respondents that said, oh yes, we're adopting this platform for the first time is declining, and the replacements are actually accelerating. Why is that? Well I was at ETR last week and we were talking about this and one of the theories, and I think it's a good one, is that 2016, 2017 was kind of experimentation around digital transformation. 2018, people started to put things into production or closer to production, they were running systems in parallel, and now they're making their bets, they're saying, hey, this test worked, let's put this heavy into production in 2019, and now we're going to start replacing. So we're not going to adopt as much stuff 'cause we're not doing as much experimentation. We're going to now focus and narrow in on those things that are going to drive our business, and we're going to replace those things that aren't going to drive our business. We're going to start unplugging them. So that's some of what's happening. Another big trend is Microsoft. Microsoft is extending its presence throughout. They're goin' after collaboration, you saw the impact that they had on Slack and Slack stock recently. So Slack Box, Dropbox, are kind of exposed there. They're goin' after security, they've just announced a SIM product. So Splunk and IBM, they're kind of goin' after that base. The application performance management vendors. For instance, New Relic. Microsoft goin' after them. Obviously they got a huge presence in cloud. Their Windows 10 cycle is a little slower this time around, but they've got other businesses that are really starting to click. So Microsoft is one of the few vendors that really is showing accelerated spending momentum in the ETR data. Financial services and telcos, which are always leading spender indicators, are actually very weak right now. That's having a spillover effect into Europe, which is over-banked, if I can use that term. Banking heavy, if you will. So right now it's not a pretty picture, but it's not a disaster. I don't want to necessarily suggest this as like going back to 2007, 2008, it's not. It's really just a matter of things are softening and it's, you know, maybe taking a little breath. Okay, so let me summarize the meeting overall. Again, it was a very well-run meeting. Started at 9:00, ended at 12:00, bagged lunch, go home. Nice and crisp. So these guys are very well-prepared. I think, again, Dell is a extremely well-managed company. They laid out a much clearer vision for Wall Street of its strategy, where it's headed. As they say, they're going after IT complexity. I want to make a comment on this. You think about Legacy EMC. Legacy EMC was not the company that you would expect to deal with complexity. In fact, they were the culprit of complexity. One of the things that Jeff Clarke did when he came in, he said, this portfolio's too complex, needs to be simplified. Joe Tucci used to say, overlap is better than gaps. Jeff Clarke said we got too much overlap. We don't have a lot of gaps so let's streamline that portfolio. Taking advantage of vendor consolidation, this is an interesting one. Ever since I've been in this business, which has been quite a long time now, I've been hearing that buyers want to consolidate the number of vendors that they have. They've really not succeeded in doing that. Now can they do that now 'cause there are less vendors? Well, in a sense, yes, there are less sort of on-prem big vendors. EMC's no longer in the market, you don't have companies like Sun and Digital anymore, Compact is gone. HP split in two, but still. You're not seeing a huge number of new vendors, at scale, come into the market. Except you've got AWS and Google as new players there. So I think that injects sort of a new dynamic that a lot of people like to put cloud aside and kind of ignore it and talk about the old on-prem business, but I think that you're going to see a lot of experimentations and workload ins and outs, particularly with AWS and Google and of course Azure, which is in itself, their cloud is almost a separate force. So we'll see how that shakes up. As I say, servers right now, Dell's got a very tough compare. I think Dell will be fine in the server space. Storage, it's all about simplifying the portfolio, they've got a refreshed portfolio focused on regaining share. They've rebranded everything Power, so their whole line is going to be Power by, if it's not already, by May of next year, Dell Technologies World. It's a much more scalable portfolio. And I think Dell's got a lot of valuation levers. They're a $92 billion company, they've got their current operations, their current P and L, their share gains, their cross-company synergies, particularly with VMware, they can expand their TAM into cloud with partnerships like they're doing with AWS and others, Google, Microsoft. The Edge is a TAM expansion opportunity to them. And also corporate structure. You've seen them. VMware acquired Pivotal. They're cleaning that up. I'm sure they could potentially make some other moves. Secureworks is out there, for example. Maybe they'll do some things with RSA. So they got that knob to turn and they can delever. Paying down the debt to the extent that they can get back to investment grade, that will lower their interest rates, that'll drop right to the bottom line, and they'll be able to reinvest that. And Tom Sweet said, within 18 months, we'll be able to get there with that two X ratio relative to EBITA, and that's when they're going to start having conversations with the rating agencies to talk about you know, hey, maybe we can get a better rating and lower our interest expense. Bottom line, did Wall Street buy the story? Yes. But I don't think it's going to necessarily change anything in the near term. This is a show me from Missouri, prove it, execute, and then I think Dell will get rewarded. Okay, so this is Dave Vellante, thanks for watching this Cube Insights powered by ETR. We'll see ya next time. (electronic music)

(upbeat techno music) >> From Mountain View California, it's the Cube covering the 15th Annual Grow Awards. Brought to you by ACG SV. >> Hi, Lisa Martin with the Cube on the ground at the Computer History Museum for the 15th annual ACG SV Awards. And in Mountain View California excited to welcome to the Cube for the first time, John Hennessy, the chairman of Alphabet and the co-founder of the Knight-Hennessy Scholars Program at Stanford. JOHN, it's truly a pleasure to have you on the Cube today. >> Well delighted to be here, Lisa. >> So I was doing some research on you. And I see Marc Andreessen has called you the godfather of Silicon Valley. >> Marc very generous (loughs) >> so I thought I was pretty cool I'm going to sit down with the godfather tonight. (loughs) >> I have not done that yet. So you are keynoting the 15th Annual ACG SV Awards tonight. Talk to us a little bit about the takeaways that the audience is going to hear from you tonight. >> Well, they're going to hear some things about leadership the importance of leadership, obviously the importance of innovation. We're in the middle of Silicon Valley innovation is a big thing. And the role that technology plays in our lives and how we should be thinking about that, and how do we ensure the technology is something that serves the public good. >> Definitely. So there's about I think over 230 attendees expected tonight over 100 sea levels, the ACG SV Is has been it's it's much more than a networking organization. there's a lot of opportunities for collaboration for community. Tell me a little bit about your experience with that from a collaboration standpoint? >> Well, I think collaboration is a critical ingredient. I mean, for so many years, you look at the collaboration is gone. Just take between between the universities, my own Stanford and Silicon Valley and how that collaboration has developed over time and lead the founding of great companies, but also collaboration within the valley. This is the place to be a technology person in the whole world it's the best place partly because of this collaboration, and this innovative spirit that really is a core part of what we are as a place. >> I agree. The innovative spirit is one of the things that I enjoy, about not only being in technology, but also living in Silicon Valley. You can't go to a Starbucks without hearing a conversation or many conversations about new startups or cloud technology. So the innovative spirit is pervasive here. And it's also one that I find in an in an environment like ASG SV. You just hear a lot of inspiring stories and I was doing some research on them in the last 18 months. Five CEO positions have been seated and materialized through ACG SV. Number of venture deals initiated several board positions. So a lot of opportunity in this group here tonight. >> Right, well I think that's important because so much of the leadership has got to come by recruiting new young people. And with the increase in concerned about diversity and our leadership core and our boards, I think building that network out and trying to stretch it a little bit from the from perhaps the old boys network of an earlier time in the Valley is absolutely crucial. >> Couldn't agree more. So let's now talk a little bit about the Knight-Hennessy Scholars Program at Stanford. Tell us a little bit about it. When was it founded? >> So we are we are in our very first year, actually, this year, our first year of scholars, we founded it in 2016. The motivation was, I think, an increasing gap we perceived in terms of the need for great leadership and what was available. And it was in government. It was in the nonprofit world, it was in the for profit world. So I being a lifelong educator said, What can we do about this? Let's try to recruit and develop a core of younger people who show that they're committed to the greater good and who are excellent, who are innovative, who are creative, and prepare them for leadership roles in the future. >> So you're looking for are these undergraduate students? >> They are graduate students, so they've completed their undergraduate, it's a little hard to tell when somebody's coming out of high school, what their civic commitment is, what their ability to lead is. But coming out of coming out of undergraduate experience, and often a few years of work experience, we can tell a lot more about whether somebody has the potential to be a future leader. >> So you said, found it just in 2016. And one of the things I saw that was very interesting is projecting in the next 50 years, there's going to be 5000 Knight-Hennessy scholars at various stages of their careers and government organizations, NGOs, as you mentioned, so looking out 50 years you have a strong vision there, but really expect this organization to be able to make a lasting impact. >> That's what our goal is lasting impact over decades, because people who go into leadership positions often take a decade or two to rise to that position. But that's what our investment is our investment is in the in the future. And when I went to Phil Knight who's my co-founder and donor, might lead donor to the program, he was enthusiastic. His view was that we had a we had a major gap in leadership. And we needed to begin training, we need to do multiple things. We need to do things like we're doing tonight. But we also need to think about that next younger generation is up and coming. >> Some terms of inspiring the next generation of innovative diversity thinkers. Talk to me about some of the things that this program is aimed at, in addition to just, you know, some of the knowledge about leadership, but really helping them understand this diverse nature in which we now all find ourselves living. >> So one of the things we do is we try to bring in leaders from all different walks of life to meet and have a conversation with our scholars. This morning, we had the UN High Commissioner for Human Rights in town, Michelle Bachelet, and she sat down and talked about how she thought about her role as addressing human rights, how to move things forward in very complex situations we face around the world with collapse of many governments and many human rights violations. And how do you how do you make that forward progress with a difficult problem? So that kind of exposure to leaders who are grappling with really difficult problems is a critical part of our program. >> And they're really seeing and experiencing real world situations? >> Absolutely. They're seeing them up close as they're really occurring. They see the challenges we had, we had Governor Brown and just before he went out of office here in California, to talk about criminal justice reform a major issue in California and around the country. And how do we make progress on that on that particular challenge? >> So you mentioned a couple of other leaders who the students I've had the opportunity to learn from and engage with, but you yourself are quite the established leader. You went to Stanford as a professor in 1977. You are a President Emeritus you were president of Stanford from 2000 to 2016. So these students also get the opportunity to learn from all that you have experienced as it as a professor of Computer Science, as well as in one of your current roles as chairman of Alphabet. Talk to us a little bit about just the massive changes that you have seen, not just in Silicon Valley, but in technology and innovation over the last 40 plus years. >> Well, it is simply amazing. When I arrived at Stanford, there was no internet. The ARPANET was in its young days, email was something that a bunch of engineers and scientists use to communicate, nobody else did. I still remember going and seeing the first demonstration of what would become Yahoo. Well, while David Filo and Jerry Yang had it set up in their office. And the thing that immediately convinced me Lisa was they showed me that their favorite Pizza Parlor would now allow orders to go online. And when I saw that I said, the World Wide Web is not just about a bunch of scientists and engineers exchanging information. It's going to change our lives and it did. And we've seen wave after wave that with Google and Facebook, social media rise. And now the rise of AI I mean this this is a transformative technology as big as anything I think we've ever seen. In terms of its potential impact. >> It is AI is so transformative. I was I was in Hawaii recently on vacation and Barracuda Networks was actually advertising about AI in Hawaii and I thought that's interesting that the people that are coming to to Hawaii on vacation, presumably, people have you know, many generations who now have AI as a common household word may not understand the massive implications and opportunities that it provides. But it is becoming pervasive at every event we're at at the Cube and there's a lot of opportunity there. It's it's a very exciting subject. Last question for you. You mentioned that this that the Knight-Hennessy Scholars Program is really aimed towards graduate students. What is your advice to those BB stem kids in high school right now who are watching this saying, oh, John, what, what? How do you advise me to be able to eventually get into a program like this? >> Well, I think it begins by really finding your passion, finding something you're really dedicated to pushing yourself challenging yourself, showing that you can do great things with it. And then thinking about the bigger role you want to have with technology. In the after all, technology is not an end in itself. It's a tool to make human lives better and that's the sort of person we're looking for in the knight-Hennessy Scholars Program, >> Best advice you've ever gotten. >> Best advice ever gotten is remember that leadership is about service to the people in the institution you lead. >> It's fantastic not about about yourself but really about service to those. >> About service to others >> JOHN, it's been a pleasure having you on the Cube tonight we wish you the best of luck in your keynote at the 15th annual ACG SV Awards and we thank you for your time. >> Thank you, Lisa. I've enjoyed it. Lisa Martin, you're watching the Cube on the ground. Thanks for watching. (upbeat tech music)

>> Announcer: Live from Las Vegas, it's theCUBE, covering AWS Reinvent 2017, presented by AWS, intel, and our ecosystem of partners. >> Welcome back everyone, live here in Las Vegas. We're at AWS Reinvent. Day one coverage of three days of theCUBE, I'm John Furrier, the host this week. >> We've got two sets, our fifth year covering Reinvent. It's been great to watch. Every year we try to get in the VC panels. We just had Jerry Chen on from Greylock. We've got two more awesome friends of theCUBE in the community here. We've got Sunil Dhaliwal who is the founder of Amplify Ventures and Nick Sturiale with Ignition Partners. Guys, great to see you. >> Great to see you, John. >> Good to see you, John. >> Boy what a lineup it's been over the past three years, four years with Amazon, just watching them tear. Now it's all steamed ahead. Microsoft is totally gearing up. You can see them playing, what they're doing, they're pedaling as fast as they can. Google Play and the (mumbles) we're gonna compete on TensorFlow and other, little goodness, a lot more to go. You got Alibaba Cloud. Intel behind us is making (mumbles) chips. Good market on paper. >> Yeah. >> But we're seeing startups kind of get bought, not for what they wanted. Didn't go public. Skyhigh from Greylock. You see Barracuda going private. A lot of money to be made. Maybe the investment thesis of 200 million dollar fundings, that's over, is it over? Get a little bit of cash and get the critical mass and... >> Well, here's a question. Do you invest in these companies thinking every one of them is going to go public? Or do you think that a good number of them are gonna get acquired? And I think the investors that have done this for a while, and Nick's done this for what, like 45 years? >> I started when I was two, so. >> I've done this like two years less than you have, so I don't pretend I'm dramatically younger. But the reality is, these companies get acquired. And pretending that you're gonna pile into a company late and expect every single thing to go public I think is kind of crazy. And the people that are getting caught in that trap, I think they're gonna be in for a rude awakening. But look, you've got a billion six outcome for Barracuda, right? >> John: That was pretty damn good. >> And you know Skyhigh number hasn't been printed, but it wasn't a small one. Like, those are good outcomes. Those are good venture returns, if you were smart about where you got in. >> So I have a slightly different perspective, which is the real issue is that so much money moved into the late stage, and these companies thought that growth would always be linear even asymptotic. And so what happens is that their growth rate slows down and the cost of growth goes up, and suddenly the company's not quite as hot as it was a year ago, and so now the options for what they do have shrunk dramatically, and so you get exits like you just mentioned. And so part of the problem is is that entrepreneurs and investors really have to have a sober view of what is a business model that's durable over time and which ones really are gonna start to leak in their later phases. >> Well it's kind of a planted question for you guys, because you're early stage in Amplify. I've been following you guys, do a great job. You guys do a range of early, end growth. >> Mostly early though. >> The days of just laying back and kicking your feet up and throwing cash at stuff is over. You actually gotta do the work. It sounds like old school VCs. Greg Sands and I talk about this all the time. You gotta go in and be venturing. You gotta actually make it work. >> And that sucks, I was just told I put my feet up, I put some money in and then I get a distribution check at the end of it. >> That's what everyone thinks you guys do. What do you guys do every day? Take us through your day. >> It looks a lot like that except... >> It's so easy to be a VC, all you do is okay, yes, no, okay that's good. >> We got a dartboard. >> All you gotta do is bet on the good ones. >> Yeah. >> That's so easy. >> So there are what, 14,000 startups in the bay area, how many of them are worthwhile you think? >> It's a lot of work. Well old school, let's go back to the old school tactics, because you're seeing a couple things going on. You guys essentially pointing it out, you gotta do the work and pick the winners. But now that the business models are changing, right? You're seeing Amazon just ignoring conventional wisdom, and they're winning. The game is changing a bit in the business model side. How are you guys looking at that as you make investments? So you got the classic venture, bet on a good team, do all that stuff. What do you guys look at now in the marketplace for fit, scale, longevity, durability? >> I mean the stuff we care about the most is are you going after a big problem? Because I think a lot of the stuff we see, even with your great teams and great technologies, but you step back and you actually think, you know, that isn't a company, that's a product, or that's not even a product, that's a feature. And I think that's the natural outgrowth of what happens when you got 14,000 startups in the bay area, is there aren't 14,000 products that are companies worth having. What you have is, probably 12,000 features, 1500 products, and then like 500 real companies. And that's probably the biggest filter that you gotta apply on the way in, and it's maybe the hardest one to solve for, which is, roll this out seven years, nine years, because that's really what you're talking about when you're talking about building a public durable company is, what does this market look like way down the road? And is that a thing that can stand alone? And that's really, I think, the difference between the companies and the investors that do really well and the ones that can kind of squeeze by, knocking out a couple interesting outcomes. >> My favorite thing is that when you say we just pick the winners, is that nobody knows who the winner is a priori. If you knew that, that market would be gone already. And most successful companies that you read about, and they talk about the (mumbles) investors that were in it early, that's all BS. It's a million good things happen along the way, serendipity, a ton of hard work on the management team and the employees. So this idea that things are preordained is just silly. And I would tell you that you look at most really successful companies today, their business model is completely different than the one that the venture person backed. >> I mean it's always the classic, because I remember when I first started an entrepreneur in the 90s, the question was what's your exit strategy? It was a legitimate question at that time, and it was kind of a peg mark, okay, when I build a growing company and have an exit. Now the exits are, as you mentioned, buyers. And that's not necessarily a bad thing. If Microsoft's in a race to fill in their white spaces, man, I would crop up and get the crops growing, right? So you can say, okay, Microsoft. So you guys gotta kind of do a little bit of homework there, do some relationship work, and you guys are close to Microsoft, so. >> Yes. >> I mean, is that kind of the new playbook? >> Yes. >> How should entrepreneurs posture to this? I mean obviously they're gonna try to build a durable venture, but they don't want to be zig-zagging too much or pivoting. >> No. >> I mean Nick made the point earlier, which I think is absolutely the one to focus on, which is when you raise a ton of capital your options start to shrink. The more money you raise at the higher and higher price, there's somebody you gotta serve who's thinking about the even bigger pot of gold at the end of the rainbow. And honestly, when we look at, I'll take one company in our portfolio for example, and I think the Splunk story is right up there with it, If you look at Datadog, Datadog's huge here at this show. There's purple shirts everywhere and a massive booth, and they've been here for five years running or four years running. That business has barely touched the last round of capital they raised, let alone the round of capital before that. The capital efficiency of that business, not only is it gonna make it a great outcome, but it's gonna give them tons of options of things that they can do. And, you know, they'll get to make every single decision they make, whether it's going to new product or whatever, position of strength. And not a lot of companies do that. >> So Splunk started in 2004. Guess how much total the company raised before it went public? >> How much? >> Forty million. Guess how much it spent up to the time it went public? >> John: How much? >> John: Twenty five. >> So it went public... >> So very capital efficient? >> John: Think about that. >> Yes, and it's worth 9 billion now. So you had several hundred millionaires created out of Splunk, and I would submit to you if Splunk was started today, the investor community would have killed it. >> John: Why? >> Because 18 Brinks trucks would have backed up and dumped a billion dollars on top of it, and buried it in too much money without allowing the company to get the time to become a fully viable system. >> Sunil: Yeah. >> So the too much cash can create toxicity for the startup? >> Money rarely makes the company. Money rarely makes the company. >> Lew Cirne was on earlier, founder of New Relic. Another capital efficient company. >> Great company. >> Went public all time high. Love that guy. He's such a strong, he wrote some code last week. He said, if you can help your partners be successful, in referring to Amazon. >> Man: Amazon. >> Then you can be a great ecosystem partner. So the question now is that's not a bad deal for a company to jump into the Cloud game and be a really good partner and build a kick-ass product. >> Yes. >> And look like a feature maybe on paper, and then sequence to an opportunity. Thoughts on that? It's certainly lucrative if you can get the flywheel going. Right? >> So you don't want to build a company whose basic thesis is helping Amazon or Azure or Google. That is a dead company. If, however, you pull revenue for one of those three in a way that's interesting to them, they will support you all day long. We have two companies in particular, Icertis and KenSci that are pulling a lot of revenue for Azure right now. And Microsoft gives them extraordinary support. >> That's the nuance right there. That's the nuance. Pulling revenue, value, creation. >> Yes. >> Well, they've created Amazon and Microsoft and Google, to a degree, as they get going. They've created a really interesting model, which is unlike your traditional ecosystem, hub-and-spoke model, where someone's gonna capture (mumbles) control of the sale, etc., etc. The smart thing that Amazon's done is they say, you use whatever you want, we're gonna bill you for the primitives until the cows come home, and as long as you're not standing in between Amazon and their primitives revenue, you're gonna do great. >> All right, final question for you guys. First of all, great conversation on the capital markets, certainly it's crazy. We always try to cover it, but here's a thought exercise. Last night we were at the analyst summit. We were talking to some analysts, and the question was, the airplane's going down, and you're in a board meeting, I gotta pick a parachute. There are only three parachutes, Amazon, Microsoft, and Google, which one do you grab? You got 10 seconds. >> To sell to or? >> No, just grab a parachute, and you hope that it opens and you live. Pick a parachute. >> Amazon, >> I'm going with Amazon. This one isn't hard. >> Microsoft and Google. The only person who's gonna grab the Microsoft parachute is the guy who's been with Microsoft for 30 years and knows they're not gonna let him down. If you're a forward-facing company you're going with Amazon, and if you're nuts, you're gonna grab Google right now. No offense to my friends at Google. >> So we're sitting here at Reinvent, so I feel like that's a trick question. (laughing) >> Well, that's good. If you're in the Microsoft ecosystem, they do take care of their own. >> They do. >> Their DNA is tuned to ISVs, they're very good at it. >> and that's their track record. Well, the one guys says, well it depends. By the time you argue with the parachute the planes (mumbles). But it does depend on your business. >> Sunil: Yes. >> Nick: Yes. >> But it is hard not to look at this show and say this is what electricity was in 1920. >> Final question, obviously Amazon is looking at all steam ahead, business models are changing, you're starting to see the top of the stack develop nicely, moving up the stacks seems to be the trend. You got this decentralized market up there. Bitcoin hit 10,000. A lot of smart alpha geeks, including some of the guys here at theCUBE team, is looking at ways to kind of leverage this decentralization trend in a way that's productive. Yet there's a lot of scams out there with these ICOs. Decentralization good or just another infrastructure dynamic? Thoughts on this whole decentralized token economics wave? Also the FCC has regulations now in it. Is it disrupting VC? Your thoughts, Nick. >> Do remember what H.L. Mencken said? "A fool and his money are soon parted." so I think anyone who sits there and says I understand completely what an ICO is and what I'm buying and doesn't view it as something that'll be a tax deduction for next year, I think is gonna be in for a bumpy ride. >> Get out your Gartner Hype Cycle. And if you don't know what it is, go look it up, and there's a spot right now of where we are in the hype cycle, and I think the movement my finger tells you where we are, but this is coming, but this comes afterwards. >> I heard this argument, the web is just for kids. No one will ever use the web. Browsers is a toy. >> A K memory is all you'll ever need. >> Yeah, but guess what, guess what, 2001 happened before we got to 2017, so let's never forget where we are at that kind of hype. >> ICOs are like subprime mortgages, and I speak Spanish and I can't even read the thing. That is what an ICO is. >> So certainly hyped up. Winter's coming, we'll see. All right, we got the VCs here, Nick and Sunil. We got Amplify and Ignition Partners here in theCUBE. More live coverage day one after this short break.

>> Announcer: Live from Las Vegas, it's the Cube, covering AWS reInvent 2017, presented by AWS, intel, and our ecosystem of partners >> Hello everyone, welcome to the Cube here, live in Las Vegas for Amazon web services, AWS annual conference reInvent 2017 and I'm John Furrier here, the co-founder of SiliconANGLE Media, co-host of the Cube. We are here for our fifth year in a row as Amazon Web Services continues to go on a thundering pace of product announcements and massive growth and we're here with two live sets, we're growing so much, there's so much action, there's two cubes, double barrel shotgun of innovation and data we're sharing with you, go to SiliconAngle.com, check out all the stories, all the news and we're hear kicking it of with an analysis, getting ready for tomorrow, the big day, today's officially the partner day, Sunday night they had Midnight Madness, the first ever event for Amazon, where they used the March Madness, kind of copied Cube Madness if you follow the Cube and they do a little preview, I'm here with Justin Moore and Keith Townsend, two great analysts in the community, guys and co-host this week at the cube. First of all thanks for co-hosting the Cube this week and thanks for coming by >> It's a pleasure >> Nice being here with my 50,000 closest friends (laughs) >> It's so good to have you guys here, one, the hosting but more importantly more Cloud thinking men but we've been watching this evolution, both when the Amazon start, I know you both have been involved in the game, in the Cloud watching it and participating but watching just like the tipping point, you're starting to see that moment where, people are calling this the Vmware 2008 moment, Where it's like oh my God its kind of gone mainstream but its still got a community, can they keep that alive? Meanwhile everybody is just getting blown away by Amazon, no matter what is being said, they're clearly the leader in Cloud, Microsoft pedaling as fast as they can, cobbling together their legacy Cloud, to try to keep up. Google, a new guard company looking really good with developers but not international, not a lot of things there yet but certainly looking great and then you got everybody else. >> Keith: Is there anybody else, really? >> As Dave Alonzo would say, what horses are on the track? >> Yeah there's lots of smaller players who are calling themselves Cloud, they're much more like, manage service providers and collocation kind of things, its not really Cloud they way you would think of it from the AWS kind of perspective. >> I've been talking to a lot of Fortune 500's lately and all of their internal customers, when they describe what they want, they're describing AWS, Azure and Google compute and everything else is just not even part of the discussion >> Yeah it needs to look like AWS, that's like the bench mark so this is what it is >> Total gold standard, the bell weather, let's talk about Amazon because I was writing a post on Forbes, I posted about kind of, trying to tell the story in a way that was kind of understood by the mainstream, still not really truly understood but they're changing the game, they're just kind of minding their knitting, they're just all steam ahead, you know, why look in the rear view mirror when your top dog? Why do that but the game is changing, they're constantly introducing new stuff, serverless is the hot trend that we've been tracking, you're seeing it here, you're seeing real developer centric, customer centric announcements. Even during the analysts meeting I heard rumblings, we can't even keep up with all the news, it's so massive so just thundering pace of announcements. Where's the innovation? What's Amazon doing now? What do they gotta do to distance themselves from the field? >> It's interesting, I reckon the competitors to Amazon are actually distancing themselves from AWS, they're trying to find their own way of doing things because you cannot AWS AWS >> Keith: Rackspace learned that a couple years ago right? >> Yeah, trying to compete head on, you're gonna lose so then we see Google is pushing really really hard, machine oiling and they are in top systems, a lot of people are using them for that big data and genomics research, Microsoft is all about office 365 and their traditional enterprise applications that all of their customers today, they know and love >> Yeah so Microsoft is doing what Microsoft does, which is taking care of their enterprise customers and I think this is where AWS needs to innovate in and its not maybe a technical innovation more than a operating and sales approach to how they treat enterprise customers. Enterprise customers still I think, are struggling to this date on how to interact with AWS and AWS is still trying to figure out how do they sale and help manage enterprise accounts. >> So let's separate IT because obviously two factors are merging, the CXO which is traditional IT, which we're all familiar with and a new kind of developer model is emerging and I won't say it's developer speeds and fees, developer programs, where developers are shaping the agenda. It used to be CXO's have the cash, they drive everything. Now you got this developer mojo and I can see early signs of a cult here, where all the innovation that's come in the field, is from customers saying screw it, I don't need the big dog telling me, the old guard, the old CIO up there, I'm just gonna go do it, get out of my way, three feet in the Cloud dust, get a prototype up and running. So you guys see that dynamic, with this cultural shift, what's your thoughts? >> Cloud is a state of mind... (laughs) It's a way of operating the business, its not so much about the infrastructure, its not so much about the services that live on top of it, it's how you use them and that way of doing things that the developers like, is that they get to pick and choose their favorite tools from what they think is the best solution and a lot of the time that's been AWS and then they blend them together and they just stitch this system together based on the favorite tools that they have and that just lives in a completely different level of abstraction than what we've seen before. >> And the speed too, I mean that's just changing the game too, right? >> Well you can do that a lot faster than waiting, raise a PO, wait for three months for someone to rack ans stack a whole bunch of gear, wait for everything to clear through purchasing and then you get access to the enterprise, anointed correct thing, so we saw it the same with sales floors, where people would... sales guys would just go with a credit card and just say, yes I'll have some of that, thanks >> It's much more than a credit card, VMware worked their re-Cloud air service a couple years, said, I can take your credit card, build a data center, my son a developer, in college, I gave him that solution, he looked at it, he was like what's a load balancer, why do I need to configure a firewall, I just want to build a application man, I just want to build, I just want to code, and AWS has figured that out, how to get developers back to what they love to do, which is solving problems via code and you see it, even before the start of this show, there's a lot of hoodies and shorts at this conference, compared to the culture that we see at a lot of other and past shows. >> I find it inspirational, so couple key points, so I asked Andy Jassy, an exclusive one on one with him last Monday and I asked him, you know, he was talking and he made a comment to me and I'll tell you the story here, he says, you know, we have a conversation inside Amazon, this is Andy talking about if we were gonna start Amazon all over again, cause he tells the story about the scar tissue and all the pain they went through with S3. He says if we're going to do it all over again, we would use Lambda, and the serverless trend is interesting because now that speaks to your son's objective, I don't need routers, I don't need load balances, I don't need gear... >> What do you mean how many CPUs I need? I don't know >> What's a patch? >> You tell me, alright, yeah >> Load Linux? What's Linux? So, okay if that's the norm, the driver has to be a new programming methodology, not agile, we're talking about compose ability and a level where no one says, oh I need Oracle for that or I need Mongodb for that, there's just data bases. So a whole new things happening where this choice that used to be the religious war between vendor A or B... serverless could change the game on this >> We're just gonna end up with a new religious war I think, it's gonna be, instead of Vim versus Emacs, it's gonna be should I use Amazon Lambda or should I use Google Cloud functions, it's gonna be one of those, which programming language is the best. >> Okay old guard, new guard, it's a term that Jassy uses, I like it because I'm old, so maybe I'm old guard trying to be new guard, old guard means legacy, he's really talking about Oracle, IBM, probably say Microsoft, so move over and put them in that bucket, so new guard players, clearly Amazon, saying they're new guard, but Google's new guard in Cloud, they're not really trying to do anything legacy, they have legacy infrastructure but they're approaching a... a market from a new guard perspective. What's you guys take on old guard, new guard and do you agree with that statement and what do the old guards have to do to be cool with the new school? >> So the Cube has been at almost every major conference, this year, take an example, what some of the old guard is trying to do, NetApp is trying to get into the Cloud conversation. Google has none of that legacy concern of needing to sell boxes, you look at a solution like Kubernetes, Kubernetes has come on and taken over the container orchestration conversation because Google doesn't need to make money off of Kubernetes, they don't need it to sell more boxes, there's a bit of freedom... >> They may have moved some work loads off Amazon, don't you think? >> It's a great way to move work loads out of Amazon, AWS has joined the CNCF because they no longer have a choice in the matter, Kubernetes has won the containers war so because of that, these new school competitors can compete in ways that a HPE, Dell EMC, etc., simply can't. >> Josh I gotta ask you this, I agree with what he's saying, I'll take it one step further, the old guards trying to slow the game down, move the goal post as an expression, they gotta try to slow this freight train down because otherwise it could be less than it does and they have leverage, they've got customers, they have market power, even Oracle I would say is in that category so they gotta kind of slow the game down but is the scale and the unprecedented amount of announcements, the differentiator as more services come on, their thesis here at Amazon, as I release more services faster, more available capability thus more, total address full markets available. Do you buy those two things, slowing down and services being the advantage? >> That's interesting I think it's more of a scatter gun approach in a way, it's like you know, fail fast. So if we throw enough services out there, throw enough stuff at the wall, we'll just find the ones that work and concentrate on those, as someone who tries to keep up with what Amazon is doing and this happens with developers as well. When you release 800 new services in a year, name them all, as a human that's really really difficult to manage. So I think in some ways it's a little bit... >> I've got four kids I can't even name, I get them all confused >> It's a little bit like Microsoft Word, it's got 800 billion different features but for any given customer they're gonna use maybe 10% of them and yet all of them are there because different customers use a different 10%. I think that's a little bit what Amazon is going for, kind of ubiquitous market coverage, as much market as it can possibly get, it's a lot like it's retail strategy, we want to be in everything, where some of the competitors are being a little bit more focused about saying well rather than just being a generic service that covers everything, we're gonna focus on particular areas that we think have enough value in that for it to be worth that time. >> Okay I wanna ask you guys a question about value creation, entrepreneurial, the startups, companies that are trying to go, you kind of see, certainly in Silicon Valley, where I live, startups are getting pummeled, if they were born before 2012, they're really going.6.. they try to go big but they're mostly going home. Barracuda Networks just announced this week that they're gonna go private, private equity's squabbling up all these companies that have pretty good sizeable funding, 100 million dollar invests from Andressen Horowitz, Graylog, Sequoia, big names, folding tent and being acquired which is code words for we can't got public and even big public companies that don't have a Cloud player, kind of retooling. So the question is, are we at a point now where scale and speed of the game is causing some havoc in the market place. >> Well look no further than what's going on in Europe now, the Cube is at HPE reInvent. HPE's discover in Europe and HPE is a completely different company than it was three years ago as a direct result of what Amazon has done in the Cloud space and gobbling up all of these smaller accounts and new opportunity. You mentioned it earlier, HPE is still HPE, HPE is gonna get that interview or session with the CIO, Meg makes the call, someones going to pick up the line. >> Now Antonio >> Yeah, now Antonio But AWS has been changing that story, impacting and taking the air out. HPE chose a interesting approach, get smaller, become more agile, Dell chose the opposite route of getting bigger to compete, we'll see which one plays out, in the meantime 18 billion dollar run rate and no sign of slowing down. >> 18 billion dollar run rate with 40% growth on that bassline is pretty significant, I think they might even be doing better than that next quarter but that speaks to the traction, it's not just startups, those numbers aren't just startups. Airbnb is a big company now but they started out small. We use Amazon, a lot of people use Amazon, they're winning big enterprise deals, why? What do you guys think, what's the reason why? >> You know what... Go a little bit intuitive here, look at VMware on AWS, I've been kind of critical of that solution but it is a easy win, if VMware made the exact same announcement on IBM, the year before at VM world... the Fortune 500's I talk to don't consider that Cloud, the exact same solution and AWS is Cloud, that's the Cloud check box. AWS, they do a much better job at controlling their brand Kleenex but they are the Kleenex, they are the Xerox of Cloud, you don't have Cloud unless you have AWS from a enterprise perspective, that's what Azure, Google Compute, and all the other Cloud providers have to compete against >> First of all those guys are incomplete in their Cloud and that's just on a feature by feature basis, I do agree it's kind of like Outlook or Word, I like Outlook because it's more bloated than Word and less useful but my point is, that's the name of the game, getting functional value creation. So final question for you guys is, as we look at reInvent this week obviously I looked at the industry day yesterday and the board, a lot of Alexa repeats. So you can see what sessions are repeating so that's a indicator of popularity so Alexa's got traction, serverless with Lambda. What do you guys see as the big, so far, early show buzz? >> I'm hearing a lot about containers, containers and like you say, things like Lambda and Alexa, anything that has AI machine learning in it, that's very hot at the moment whether or not it's just hype and the bubble on that will pop in a few years, I personally think that that is mostly hype and hot air but it'll settle down and there'll be some real value in there. That's where I'm seeing the noise. >> So over at the RA, they have the container kind of show, it's a show within a show and I'm hearing similarities with containers but not just containers, to your point, serverless, it was a term that we struggled with a couple years ago, now it's generally accepted, you know what, I can just write code and that code can be executed without regard to infrastructure operations. That has proved to be insanely popular right now. >> Okay final question, I'll start it, we're gonna end this on this last segment, I know I wanna get one more in, that's the buzz. I wanna ask you guys, what tea leaves are you reading, what signals are you looking for? Because remember Amazon is very scripted up right now, you can see them on message, I'm trying to poke holes, and which tea leaves, smelling it, putting my ear, ear to the ground, think about that question, my view is, I'm looking at, is this developer trend a cultural shift and to what extent is that developer traction in terms of mind share and love of the brand, Kleenex, the Cloud, the real Cloud, and how much will that tip the CXO conversation. Where's that power shift? So me, I'm trying to read what the tea leaves are saying, if this developer tipping point happens at this scale, developers could really be in the drivers seat. Not just oh developers are in charge, I'm talking about really making the decisions on all big deployments, that's my tea leaf read. What are you looking at? >> So I'm talking to a lot of vendors, their number one reason for being at AWS, when I say vendors, vendors that we see at traditional infrastructure shows, they're here to talk to new audiences, to that developer audience that you mentioned and what I want to know from them, more than just interest, do these developers have money? One of those challenges that all of these Cloudy type companies have faced is that the developers fall in love with them, Docker is a great example, developers fell in love with Docker, millions of downloads. However that doesn't translate to POs and purchases, do these guys actually have the buying power to see through that initial contact all the way to the sale of the solution. >> Influence the buying decisions and IT, thoughts? >> You made the same comment I think earlier about 2008 VM world, it has a very similar vibe to me here, I'm seeing that this is now the crossover between where it was developers, where it was all hoodies and tracksuits and pink hair, I'm seeing a lot of suits, seeing a lot of money floating around this conference, so I'm starting to think that this is the point where AWS is starting its transition from being the new guard to the old guard, they would love to be IBM, IBM made a lot of money. >> Turning into an old guard is very good financially >> It makes you a lot of money. So I'm looking to see where on that transition are we and how long can AWS maintain that momentum of being a new guard company. >> If they can hold the line on new guard they win everything as long as they could in my opinion. Alright, I'm John Furrier here with Justin Moore and Keith Townsend kicking off the first day of three days of wall to wall coverage here at AWS reInvent, stay tuned for more analysis opinion, commentary, of course go to SiliconANGLE.com for all the exclusive interviews with Andy Jassy and all the top executives of Amazon. We'll be back with more after this short break. (slow futuristic music)