(gentle synth music) (music ends) >> Welcome back to Supercloud 2, an open industry collaboration between technologists, consultants, analysts, and of course practitioners to help shape the future of cloud. At this event, one of the key areas we're exploring is the intersection of cloud and data. And how building value on top of hyperscale clouds and across clouds is evolving, a concept of course we call "Supercloud". And we're pleased to welcome our friends from Enterprise Technology research, Erik Bradley and Darren Brabham. Guys, thanks for joining us, great to see you. we love to bring the data into these conversations. >> Thank you for having us, Dave, I appreciate it. >> Yeah, thanks. >> You bet. And so, let me do the setup on what is Supercloud. It's a concept that we've floated, Before re:Invent 2021, based on the idea that cloud infrastructure is becoming ubiquitous, incredibly powerful, but there's a lack of standards across the big three clouds. That creates friction. So we defined over the period of time, you know, better part of a year, a set of essential elements, deployment models for so-called supercloud, which create this common experience for specific cloud services that, of course, again, span multiple clouds and even on-premise data. So Erik, with that as background, I wonder if you could add your general thoughts on the term supercloud, maybe play proxy for the CIO community, 'cause you do these round tables, you talk to these guys all the time, you gather a lot of amazing information from senior IT DMs that compliment your survey. So what are your thoughts on the term and the concept? >> Yeah, sure. I'll even go back to last year when you and I did our predictions panel, right? And we threw it out there. And to your point, you know, there's some haters. Anytime you throw out a new term, "Is it marketing buzz? Is it worth it? Why are you even doing it?" But you know, from my own perspective, and then also speaking to the IT DMs that we interview on a regular basis, this is just a natural evolution. It's something that's inevitable in enterprise tech, right? The internet was not built for what it has become. It was never intended to be the underlying infrastructure of our daily lives and work. The cloud also was not built to be what it's become. But where we're at now is, we have to figure out what the cloud is and what it needs to be to be scalable, resilient, secure, and have the governance wrapped around it. And to me that's what supercloud is. It's a way to define operantly, what the next generation, the continued iteration and evolution of the cloud and what its needs to be. And that's what the supercloud means to me. And what depends, if you want to call it metacloud, supercloud, it doesn't matter. The point is that we're trying to define the next layer, the next future of work, which is inevitable in enterprise tech. Now, from the IT DM perspective, I have two interesting call outs. One is from basically a senior developer IT architecture and DevSecOps who says he uses the term all the time. And the reason he uses the term, is that because multi-cloud has a stigma attached to it, when he is talking to his business executives. (David chuckles) the stigma is because it's complex and it's expensive. So he switched to supercloud to better explain to his business executives and his CFO and his CIO what he's trying to do. And we can get into more later about what it means to him. But the inverse of that, of course, is a good CSO friend of mine for a very large enterprise says the concern with Supercloud is the reduction of complexity. And I'll explain, he believes anything that takes the requirement of specific expertise out of the equation, even a little bit, as a CSO worries him. So as you said, David, always two sides to the coin, but I do believe supercloud is a relevant term, and it is necessary because the cloud is continuing to be defined. >> You know, that's really interesting too, 'cause you know, Darren, we use Snowflake a lot as an example, sort of early supercloud, and you think from a security standpoint, we've always pushed Amazon and, "Are you ever going to kind of abstract the complexity away from all these primitives?" and their position has always been, "Look, if we produce these primitives, and offer these primitives, we we can move as the market moves. When you abstract, then it becomes harder to peel the layers." But Darren, from a data standpoint, like I say, we use Snowflake a lot. I think of like Tim Burners-Lee when Web 2.0 came out, he said, "Well this is what the internet was always supposed to be." So in a way, you know, supercloud is maybe what multi-cloud was supposed to be. But I mean, you think about data sharing, Darren, across clouds, it's always been a challenge. Snowflake always, you know, obviously trying to solve that problem, as are others. But what are your thoughts on the concept? >> Yeah, I think the concept fits, right? It is reflective of, it's a paradigm shift, right? Things, as a pendulum have swung back and forth between needing to piece together a bunch of different tools that have specific unique use cases and they're best in breed in what they do. And then focusing on the duct tape that holds 'em all together and all the engineering complexity and skill, it shifted from that end of the pendulum all the way back to, "Let's streamline this, let's simplify it. Maybe we have budget crunches and we need to consolidate tools or eliminate tools." And so then you kind of see this back and forth over time. And with data and analytics for instance, a lot of organizations were trying to bring the data closer to the business. That's where we saw self-service analytics coming in. And tools like Snowflake, what they did was they helped point to different databases, they helped unify data, and organize it in a single place that was, you know, in a sense neutral, away from a single cloud vendor or a single database, and allowed the business to kind of be more flexible in how it brought stuff together and provided it out to the business units. So Snowflake was an example of one of those times where we pulled back from the granular, multiple points of the spear, back to a simple way to do things. And I think Snowflake has continued to kind of keep that mantle to a degree, and we see other tools trying to do that, but that's all it is. It's a paradigm shift back to this kind of meta abstraction layer that kind of simplifies what is the reality, that you need a complex multi-use case, multi-region way of doing business. And it sort of reflects the reality of that. >> And you know, to me it's a spectrum. As part of Supercloud 2, we're talking to a number of of practitioners, Ionis Pharmaceuticals, US West, we got Walmart. And it's a spectrum, right? In some cases the practitioner's saying, "You know, the way I solve multi-cloud complexity is mono-cloud, I just do one cloud." (laughs) Others like Walmart are saying, "Hey, you know, we actually are building an abstraction layer ourselves, take advantage of it." So my general question to both of you is, is this a concept, is the lack of standards across clouds, you know, really a problem, you know, or is supercloud a solution looking for a problem? Or do you hear from practitioners that "No, this is really an issue, we have to bring together a set of standards to sort of unify our cloud estates." >> Allow me to answer that at a higher level, and then we're going to hand it over to Dr. Brabham because he is a little bit more detailed on the realtime streaming analytics use cases, which I think is where we're going to get to. But to answer that question, it really depends on the size and the complexity of your business. At the very large enterprise, Dave, Yes, a hundred percent. This needs to happen. There is complexity, there is not only complexity in the compute and actually deploying the applications, but the governance and the security around them. But for lower end or, you know, business use cases, and for smaller businesses, it's a little less necessary. You certainly don't need to have all of these. Some of the things that come into mind from the interviews that Darren and I have done are, you know, financial services, if you're doing real-time trading, anything that has real-time data metrics involved in your transactions, is going to be necessary. And another use case that we hear about is in online travel agencies. So I think it is very relevant, the complexity does need to be solved, and I'll allow Darren to explain a little bit more about how that's used from an analytics perspective. >> Yeah, go for it. >> Yeah, exactly. I mean, I think any modern, you know, multinational company that's going to have a footprint in the US and Europe, in China, or works in different areas like manufacturing, where you're probably going to have on-prem instances that will stay on-prem forever, for various performance reasons. You have these complicated governance and security and regulatory issues. So inherently, I think, large multinational companies and or companies that are in certain areas like finance or in, you know, online e-commerce, or things that need real-time data, they inherently are going to have a very complex environment that's going to need to be managed in some kind of cleaner way. You know, they're looking for one door to open, one pane of glass to look at, one thing to do to manage these multi points. And, streaming's a good example of that. I mean, not every organization has a real-time streaming use case, and may not ever, but a lot of organizations do, a lot of industries do. And so there's this need to use, you know, they want to use open-source tools, they want to use Apache Kafka for instance. They want to use different megacloud vendors offerings, like Google Pub/Sub or you know, Amazon Kinesis Firehose. They have all these different pieces they want to use for different use cases at different stages of maturity or proof of concept, you name it. They're going to have to have this complexity. And I think that's why we're seeing this need, to have sort of this supercloud concept, to juggle all this, to wrangle all of it. 'Cause the reality is, it's complex and you have to simplify it somehow. >> Great, thanks you guys. All right, let's bring up the graphic, and take a look. Anybody who follows the breaking analysis, which is co-branded with ETR Cube Insights powered by ETR, knows we like to bring data to the table. ETR does amazing survey work every quarter, 1200 plus 1500 practitioners that that answer a number of questions. The vertical axis here is net score, which is ETR's proprietary methodology, which is a measure of spending momentum, spending velocity. And the horizontal axis here is overlap, but it's the presence pervasiveness, and the dataset, the ends, that table insert on the bottom right shows you how the dots are plotted, the net score and then the ends in the survey. And what we've done is we've plotted a bunch of the so-called supercloud suspects, let's start in the upper right, the cloud platforms. Without these hyperscale clouds, you can't have a supercloud. And as always, Azure and AWS, up and to the right, it's amazing we're talking about, you know, 80 plus billion dollar company in AWS. Azure's business is, if you just look at the IaaS is in the 50 billion range, I mean it's just amazing to me the net scores here. Anything above 40% we consider highly elevated. And you got Azure and you got Snowflake, Databricks, HashiCorp, we'll get to them. And you got AWS, you know, right up there at that size, it's quite amazing. With really big ends as well, you know, 700 plus ends in the survey. So, you know, kind of half the survey actually has these platforms. So my question to you guys is, what are you seeing in terms of cloud adoption within the big three cloud players? I wonder if you could could comment, maybe Erik, you could start. >> Yeah, sure. Now we're talking data, now I'm happy. So yeah, we'll get into some of it. Right now, the January, 2023 TSIS is approaching 1500 survey respondents. One caveat, it's not closed yet, it will close on Friday, but with an end that big we are over statistically significant. We also recently did a cloud survey, and there's a couple of key points on that I want to get into before we get into individual vendors. What we're seeing here, is that annual spend on cloud infrastructure is expected to grow at almost a 70% CAGR over the next three years. The percentage of those workloads for cloud infrastructure are expected to grow over 70% as three years as well. And as you mentioned, Azure and AWS are still dominant. However, we're seeing some share shift spreading around a little bit. Now to get into the individual vendors you mentioned about, yes, Azure is still number one, AWS is number two. What we're seeing, which is incredibly interesting, CloudFlare is number three. It's actually beating GCP. That's the first time we've seen it. What I do want to state, is this is on net score only, which is our measure of spending intentions. When you talk about actual pervasion in the enterprise, it's not even close. But from a spending velocity intention point of view, CloudFlare is now number three above GCP, and even Salesforce is creeping up to be at GCPs level. So what we're seeing here, is a continued domination by Azure and AWS, but some of these other players that maybe might fit into your moniker. And I definitely want to talk about CloudFlare more in a bit, but I'm going to stop there. But what we're seeing is some of these other players that fit into your Supercloud moniker, are starting to creep up, Dave. >> Yeah, I just want to clarify. So as you also know, we track IaaS and PaaS revenue and we try to extract, so AWS reports in its quarterly earnings, you know, they're just IaaS and PaaS, they don't have a SaaS play, a little bit maybe, whereas Microsoft and Google include their applications and so we extract those out and if you do that, AWS is bigger, but in the surveys, you know, customers, they see cloud, SaaS to them as cloud. So that's one of the reasons why you see, you know, Microsoft as larger in pervasion. If you bring up that survey again, Alex, the survey results, you see them further to the right and they have higher spending momentum, which is consistent with what you see in the earnings calls. Now, interesting about CloudFlare because the CEO of CloudFlare actually, and CloudFlare itself uses the term supercloud basically saying, "Hey, we're building a new type of internet." So what are your thoughts? Do you have additional information on CloudFlare, Erik that you want to share? I mean, you've seen them pop up. I mean this is a really interesting company that is pretty forward thinking and vocal about how it's disrupting the industry. >> Sure, we've been tracking 'em for a long time, and even from the disruption of just a traditional CDN where they took down Akamai and what they're doing. But for me, the definition of a true supercloud provider can't just be one instance. You have to have multiple. So it's not just the cloud, it's networking aspect on top of it, it's also security. And to me, CloudFlare is the only one that has all of it. That they actually have the ability to offer all of those things. Whereas you look at some of the other names, they're still piggybacking on the infrastructure or platform as a service of the hyperscalers. CloudFlare does not need to, they actually have the cloud, the networking, and the security all themselves. So to me that lends credibility to their own internal usage of that moniker Supercloud. And also, again, just what we're seeing right here that their net score is now creeping above AGCP really does state it. And then just one real last thing, one of the other things we do in our surveys is we track adoption and replacement reasoning. And when you look at Cloudflare's adoption rate, which is extremely high, it's based on technical capabilities, the breadth of their feature set, it's also based on what we call the ability to avoid stack alignment. So those are again, really supporting reasons that makes CloudFlare a top candidate for your moniker of supercloud. >> And they've also announced an object store (chuckles) and a database. So, you know, that's going to be, it takes a while as you well know, to get database adoption going, but you know, they're ambitious and going for it. All right, let's bring the chart back up, and I want to focus Darren in on the ecosystem now, and really, we've identified Snowflake and Databricks, it's always fun to talk about those guys, and there are a number of other, you know, data platforms out there, but we use those too as really proxies for leaders. We got a bunch of the backup guys, the data protection folks, Rubric, Cohesity, and Veeam. They're sort of in a cluster, although Rubric, you know, ahead of those guys in terms of spending momentum. And then VMware, Tanzu and Red Hat as sort of the cross cloud platform. But I want to focus, Darren, on the data piece of it. We're seeing a lot of activity around data sharing, governed data sharing. Databricks is using Delta Sharing as their sort of place, Snowflakes is sort of this walled garden like the app store. What are your thoughts on, you know, in the context of Supercloud, cross cloud capabilities for the data platforms? >> Yeah, good question. You know, I think Databricks is an interesting player because they sort of have made some interesting moves, with their Data Lakehouse technology. So they're trying to kind of complicate, or not complicate, they're trying to take away the complications of, you know, the downsides of data warehousing and data lakes, and trying to find that middle ground, where you have the benefits of a managed, governed, you know, data warehouse environment, but you have sort of the lower cost, you know, capability of a data lake. And so, you know, Databricks has become really attractive, especially by data scientists, right? We've been tracking them in the AI machine learning sector for quite some time here at ETR, attractive for a data scientist because it looks and acts like a lake, but can have some managed capabilities like a warehouse. So it's kind of the best of both worlds. So in some ways I think you've seen sort of a data science driver for the adoption of Databricks that has now become a little bit more mainstream across the business. Snowflake, maybe the other direction, you know, it's a cloud data warehouse that you know, is starting to expand its capabilities and add on new things like Streamlit is a good example in the analytics space, with apps. So you see these tools starting to branch and creep out a bit, but they offer that sort of neutrality, right? We heard one IT decision maker we recently interviewed that referred to Snowflake and Databricks as the quote unquote Switzerland of what they do. And so there's this desirability from an organization to find these tools that can solve the complex multi-headed use-case of data and analytics, which every business unit needs in different ways. And figure out a way to do that, an elegant way that's governed and centrally managed, that federated kind of best of both worlds that you get by bringing the data close to the business while having a central governed instance. So these tools are incredibly powerful and I think there's only going to be room for growth, for those two especially. I think they're going to expand and do different things and maybe, you know, join forces with others and a lot of the power of what they do well is trying to define these connections and find these partnerships with other vendors, and try to be seen as the nice add-on to your existing environment that plays nicely with everyone. So I think that's where those two tools are going, but they certainly fit this sort of label of, you know, trying to be that supercloud neutral, you know, layer that unites everything. >> Yeah, and if you bring the graphic back up, please, there's obviously big data plays in each of the cloud platforms, you know, Microsoft, big database player, AWS is, you know, 11, 12, 15, data stores. And of course, you know, BigQuery and other, you know, data platforms within Google. But you know, I'm not sure the big cloud guys are going to go hard after so-called supercloud, cross-cloud services. Although, we see Oracle getting in bed with Microsoft and Azure, with a database service that is cross-cloud, certainly Google with Anthos and you know, you never say never with with AWS. I guess what I would say guys, and I'll I'll leave you with this is that, you know, just like all players today are cloud players, I feel like anybody in the business or most companies are going to be so-called supercloud players. In other words, they're going to have a cross-cloud strategy, they're going to try to build connections if they're coming from on-prem like a Dell or an HPE, you know, or Pure or you know, many of these other companies, Cohesity is another one. They're going to try to connect to their on-premise states, of course, and create a consistent experience. It's natural that they're going to have sort of some consistency across clouds. You know, the big question is, what's that spectrum look like? I think on the one hand you're going to have some, you know, maybe some rudimentary, you know, instances of supercloud or maybe they just run on the individual clouds versus where Snowflake and others and even beyond that are trying to go with a single global instance, basically building out what I would think of as their own cloud, and importantly their own ecosystem. I'll give you guys the last thought. Maybe you could each give us, you know, closing thoughts. Maybe Darren, you could start and Erik, you could bring us home on just this entire topic, the future of cloud and data. >> Yeah, I mean I think, you know, two points to make on that is, this question of these, I guess what we'll call legacy on-prem players. These, mega vendors that have been around a long time, have big on-prem footprints and a lot of people have them for that reason. I think it's foolish to assume that a company, especially a large, mature, multinational company that's been around a long time, it's foolish to think that they can just uproot and leave on-premises entirely full scale. There will almost always be an on-prem footprint from any company that was not, you know, natively born in the cloud after 2010, right? I just don't think that's reasonable anytime soon. I think there's some industries that need on-prem, things like, you know, industrial manufacturing and so on. So I don't think on-prem is going away, and I think vendors that are going to, you know, go very cloud forward, very big on the cloud, if they neglect having at least decent connectors to on-prem legacy vendors, they're going to miss out. So I think that's something that these players need to keep in mind is that they continue to reach back to some of these players that have big footprints on-prem, and make sure that those integrations are seamless and work well, or else their customers will always have a multi-cloud or hybrid experience. And then I think a second point here about the future is, you know, we talk about the three big, you know, cloud providers, the Google, Microsoft, AWS as sort of the opposite of, or different from this new supercloud paradigm that's emerging. But I want to kind of point out that, they will always try to make a play to become that and I think, you know, we'll certainly see someone like Microsoft trying to expand their licensing and expand how they play in order to become that super cloud provider for folks. So also don't want to downplay them. I think you're going to see those three big players continue to move, and take over what players like CloudFlare are doing and try to, you know, cut them off before they get too big. So, keep an eye on them as well. >> Great points, I mean, I think you're right, the first point, if you're Dell, HPE, Cisco, IBM, your strategy should be to make your on-premise state as cloud-like as possible and you know, make those differences as minimal as possible. And you know, if you're a customer, then the business case is going to be low for you to move off of that. And I think you're right. I think the cloud guys, if this is a real problem, the cloud guys are going to play in there, and they're going to make some money at it. Erik, bring us home please. >> Yeah, I'm going to revert back to our data and this on the macro side. So to kind of support this concept of a supercloud right now, you know Dave, you and I know, we check overall spending and what we're seeing right now is total year spent is expected to only be 4.6%. We ended 2022 at 5% even though it began at almost eight and a half. So this is clearly declining and in that environment, we're seeing the top two strategies to reduce spend are actually vendor consolidation with 36% of our respondents saying they're actively seeking a way to reduce their number of vendors, and consolidate into one. That's obviously supporting a supercloud type of play. Number two is reducing excess cloud resources. So when I look at both of those combined, with a drop in the overall spending reduction, I think you're on the right thread here, Dave. You know, the overall macro view that we're seeing in the data supports this happening. And if I can real quick, couple of names we did not touch on that I do think deserve to be in this conversation, one is HashiCorp. HashiCorp is the number one player in our infrastructure sector, with a 56% net score. It does multiple things within infrastructure and it is completely agnostic to your environment. And if we're also speaking about something that's just a singular feature, we would look at Rubric for data, backup, storage, recovery. They're not going to offer you your full cloud or your networking of course, but if you are looking for your backup, recovery, and storage Rubric, also number one in that sector with a 53% net score. Two other names that deserve to be in this conversation as we watch it move and evolve. >> Great, thank you for bringing that up. Yeah, we had both of those guys in the chart and I failed to focus in on HashiCorp. And clearly a Supercloud enabler. All right guys, we got to go. Thank you so much for joining us, appreciate it. Let's keep this conversation going. >> Always enjoy talking to you Dave, thanks. >> Yeah, thanks for having us. >> All right, keep it right there for more content from Supercloud 2. This is Dave Valente for John Ferg and the entire Cube team. We'll be right back. (gentle synth music) (music fades)

(upbeat music) >> Hey, everyone. Welcome to theCUBE's Special Program Series: Women of the Cloud, brought to you by AWS. I'm your host, Lisa Martin. Very pleased to welcome Ashley Gaare to the program, Global Extended Executive Board Member and President, North America at SoftwareONE. Ashley, welcome, it's great to have you here. >> Hi Lisa, thank you for having me. I'm excited to be here. >> Talk to us a little bit about you, about SoftwareONE, about your role, give us that context. >> So SoftwareONE is a global services provider for end-to-end software cloud management. We operate in over 90 countries. Our headquarters globally are in Zurich, Switzerland. Our North American headquarters are in Milwaukee, Wisconsin. And I run the North American region with scales from the US, Canada, we have parts in Costa Rica, in Mexico. And our primary purpose and to serve our clients is to help them really understand the restraints in cloud management, everything from licensing used rights to financial operations to workload migrations, to help them drive better outcomes for their business. >> It's all about outcomes for the business. Every conversation we have always goes back to outcomes, but I want to learn a little bit more actually about you. Talk a little bit about your career path and then give us some recommendations that you would have for others who are looking to really kind of step the ladder in their tech careers. >> Yeah, so I've been very fortunate and blessed to be able to be at SoftwareONE for 15 years. So I came up through inside sales. I had no idea how the tech world operated, didn't even know what a server was. And I learned on the job, and this was before even cloud was really relevant. And I think for me, I get asked a lot, "How did you work your way up," so to speak, and it's really about understanding where your strengths sit and investing in those strengths, building a brand of yourself and what your identity is like within the workplace. What do you want people to know of you? Do they want to, "Oh, I got to get Ashley on this project because she accelerates and executes cleanly," right? Or, "I need Ashley to do this because she can collaborate with peers and bring people along." So really understanding where you want to sit, what your skills are, and your strengths, and then asking for mentorship, getting career advice, raising your hand, take on more, and don't ever be afraid to ask questions and admit stuff when you don't know, that humble is part of our core value within SoftwareONE, and it's really, really helped me grow in my own career. >> Ashley, I love that you talked about creating your own personal brand. Another thing that I hear often from women in this situation is creating your own personal board of directors, of mentors, and sponsors who can help guide you along that path. You also talk about investing in you, and I think that is such pertinent advice for those to be able to create success stories within their career. I would love to then know about some of the successes that you've had, where you've helped solve problems relating to cloud computing for organizations, internal, external. >> Yeah, it's a great question. That's why we're here, right? Women of the Cloud. Yeah, SoftwareONE in particular, took the approach early on that we were going to go cloud first in our services portfolio offering, right? We saw the writing on the wall. There was no reason to invest backwards and build (indistinct) and data center consulting practices. So for us, everything we built from the ground up has been cloud native. And so some of the amazing client stories that we've had are really I think, I know it's a silver lining coming out of the pandemic when you had industries hit so hard but hit so differently. And technology was at the core on how they address those problems. So you had the healthcare space that had to get protection and be able to meet with their patients face to face but virtual at the same time. So they had to be able to take the data and still governance with HIPAA laws, keep it secure but then move it to the cloud and shift it fast, right? And then you had manufacturing who had employees who had to stay on site, right? To keep the supply chain running, but at the same time you had office workers that had to move home and completely be 100% remote. And so what we've been able to do really with AWS and our certifications in that practice is AWS differentiates itself with its agility, its framework, it allows for true development in the the PaaS space. It provides a really, really secure robust end to end solution for our clients. And when you have to be able to be nimble that quickly it's created this new expectation in the industry that it could happen again. So are you set up for the next recession? Are you set up for the next pandemic? God willing, there isn't one, but you never know. And so investing in the right infrastructure there in the cloud is critical. And then having the framework, to manage it and go it is second in line and importance. >> Being able to be just aware of the situations that can happen. In hindsight, it's, that's a silver lining coming at a COVID cheer point, being able to prepare for disasters of different types or the need to establish business continuity. I mean, we saw so many organ, well every, almost that survived every surviving organization pivot to cloud during the last couple of years that had no choice to one, survive and two, to be able to be competitive in our organization. And so we've seen so many great stories of successes. And it sounds like SoftwareONE has really been at the forefront of enabling a lot of businesses, I would imagine. Can the industry be successful in that migration and that quick pivot to being competitive advantage competitively, competitive? >> Yeah. Yeah. And I think our differentiator which comes from our core strength of this licensing and asset financial management piece. So with COVID, right? When you had this great acceleration to the cloud whether it was remote workplace or it was IaaS you then had no choice but to pay what you had to pay. It was all about keeping the lights on and running the business and thriving as much as you could. And so cost wasn't a concern. And then you had the impact in certain industries where it became a concern pretty quick. And so now we're seeing this over pendulum kind of this pendulum swing back where it's like, okay we're in the cloud, now we got to go back in time and kind of fix the processes and the financial piece and the components and the compliance that we didn't really address or have time to sit and think because we were in survival mode. And that's where SoftwareONE really comes in with this end to end view on everything from what should you move to the cloud? How does it impact your budget, your bottom line should you capitalize it? Can you capitalize it? And so the CFO and the CEO and that CIO suite have to be working end to end on how to do this effectively, right? So that they can continue to thrive in the business and not just run in survival mode anymore. >> Absolutely, we're past that point of running in survival mode. We've got to be able to thrive to be able to be agile and nimble and flexible to develop new products, new services to get them to market faster than our competition. So much has changed in the last couple of years. I'm wondering what your perspective is on diversity. We've talked about it a lot in technology. We talk about DEI often. >> Yeah. >> A lot's gone on in the last couple of years thought there's so much value in thought diversity alone. But talk to me about some of the things that you're seeing through the diversity lens and what are some of the challenges that are still there that organizations need help to eradicate? >> Yeah, topic I'm very passionate about. So there's a couple of big bullets, right? That are big rocks that we have to move. There's a gender gap, we know this. There's a wage gap, we know this. Statistics state, essentially that women make 82 cents for every $1 a man makes. Men hold 75% of the US tech jobs and working mothers, for example. 34% of them do not return to the workforce. It's mind blowing, fun facts and SoftwareONE is we actually have a hundred percent return working mothers come back and stay for at least a year, yeah. And it requires really intentional investment in making sure that they have an environment that they can be successful as they transition back making diligent choices on the benefits that you provide those women so that they don't feel that they have to make some of the tough choices that they feel pressured to do. And then you have this talent shortage, right? So on top of gender, on top of pay, then you have this all up shortage of underrepresented groups, right? And you also have, in the tech space there's just a lack of talent all up. And I think looking back, hindsight's always 2020 but as a community and as a vertical in the tech space, the organizations didn't do enough good job of reaching into high schools, understanding early on in elementary and middle school to provide equal opportunity to make the computer coding classes a requirement and not an elective to give everybody exposure to how tech works in the real world, right? As opposed to offering it as an elective. It should be a requirement. I mean, it's like financial management. It's how the world runs today is on tech. So something that SoftwareONE has done to really address that is we built this academy it's only two years in its infancy, so it's young but we go intentionally to schools and we hand select and we create a program, right? To get them exposed to the industries that they're interested in. Personally though, I think we need to start way earlier on and I think that's something that we all can work better at and is exposing the next generation to setting an expectation that tech is going to be in your life. And so let's learn about it and not be afraid of it and turn it into a career, right? >> Absolutely, every company these days has to be a data company. They have to be a tug company whether it's your grocery store, a retailer, a manufacturer, a car dealer. So that kind of choice isn't really there anymore that's just the direction that these companies have to go in. You mentioned something that I love because I've been hearing it a lot from women in this series. And that is, with respect to diversity organizations need to be intentional. It has to be intentional, really from the get go. And it sounds like SoftwareONE has done a great job with intention about creating the program and looking at how can we go after and solve some of the challenges that we have today but really go after some of these younger groups who might not understand the impact and the influence that tech is having in their lives. >> Yeah, and the only way to be intentional with the right outcome is to ensure that you have diversity of thought in the leadership teams that make those decisions, right? So you can put your best foot forward in being intentional with trying to keep women in the workforce but if you don't have women on your leadership team where are you getting that feedback from? And so it starts by this getting the talent into the company at the very bottom level from an inclusion standpoint, keeping them, but also intentionally selecting the right diversity of thought at the leadership levels where they make decisions. Because that's where the magic happens Where, I have the privilege to be able to choose and work with my HR partner on what benefits we provide. And you have to have a team that's all inclusive in understanding the needs of all the groups, right? Otherwise you end up intentionally in with the best intent of heart creating benefits that don't really help women. I think it takes a lot of work and and time, but it's something that's very important. >> Very, very important. The fact that you mentioned thought diversity, the amount of value that can come from thought diversity alone is huge. I've seen so many different data points that talk about when there are females or people of color in the executive positions at organizations they are x percent say 20% more profitable. So the data is there to demonstrate the power and the business value that can come from thought diversity alone. >> Yep. Exactly. Yep. >> So moving on, we've got a couple minutes left. I want to understand what you are seeing in your crystal ball or maybe it's a magic ball about what's next in cloud. How do you see your role evolving in the industry? >> So, well, what I think what's next in cloud both from an industry and a SoftwareONE standpoint is expanding outside of this infrastructure as a service mindset where cloud was there to run your business. And the beauty of it now is that cloud is there to also drive your business and create new products and capabilities. And so one of the biggest trends we're seeing is all organizations at some form or at some point in time will become a service provider or have an application that they host that they provide to their clients, right? And so they're a tech company. And so it's not just using tech to run it's using tech to build and innovate and be able to create a profit center to be able to drive back those to meet your clients' needs. And in order for you to make the appropriate decisions on financial strategy and budget management you have to know the cost to go into, to building the product, right? And if you don't know the cost to go into the building the product then you don't know the profit margins to set and you don't have a strategy to go sell it, at market value. And so it really becomes this linchpin in all of the areas of the business where you're not only running but you're also developing and building. So you have to have a very good, strong investment in the financial operations component of cloud. And I think that's where FinOps is coming in. You'll hear that phrase a lot, right? And so the end to end ability to financially manage cloud while secure, but also with visibility is that is this next generation, and it's going to include SaaS, right? 'Cause they're going to be plugging in it's going to include governance because it's not just the CIO making decisions anymore. It's business line leaders. And so how do you have this cloud center of excellence to be able to provide the data to the decision makers so that they can drive the business? >> And that's what it's all about, is data being able to be be used, extracting insights from it in a fast real time manner to create those business decisions that help organizations to be successful to pivot when needed and to be able to meet consumer demand. Last question for you, Ashley is, if you think about in the last say five years what are some of the biggest changes in terms of the tech workforce and innovation that you've seen? And what excites you about the direction that we're going in? >> Oh, I think that, well I think the biggest change over the last five years is the criticality of the space. It used to be like, well we're not so mature in cloud. We'll eventually get there, we'll dabble in it, we'll dip our toes in it, eventually, we'll move everything. And it's like, well, we're there.(laughs) So if you're not in it, you're behind. And I think what is really important for people who want to get into this space is it doesn't mean you have to be super techy, right? The number of times people are like can you help me with my computer? And I'm like, "No, I don't even know how." Like, "No, I not can help you with your computer." I consult and I help drive, business decisions with clients. And so there's all these peripheral roles that people can get involved in, whether it's marketing or it's sales or it's product design. It's not just engineering anymore. And I think that's what's really exciting about what's to come in this space. >> The horizon is infinite. Ashley, thank you so much for joining me on the program, talking about your role, what you're doing at SoftwareONE, some of the great successes that you've had in the cloud and some of your recommendations for organizations and people to grow their careers and really increase diversity in tech. We so appreciate your time. >> Thank you, Lisa. Thanks for having me. >> My pleasure. For Ashley Gaare, I'm Lisa Martin. You're watching theCUBE special program series; Women of the Cloud, brought to you by AWS. Thanks so much for watching. (soft upbeat music)

Hello and welcome back to Supercloud 2 where we examine the intersection of cloud and data in the 2020s. My name is Dave Vellante. Our Supercloud panel, our power panel is back. Maribel Lopez is the founder and principal analyst at Lopez Research. Sanjeev Mohan is former Gartner analyst and principal at Sanjeev Mohan. And Keith Townsend is the CTO advisor. Folks, welcome back and thanks for your participation today. Good to see you. >> Okay, great. >> Great to see you. >> Thanks. Let me start, Maribel, with you. Bob Muglia, we had a conversation as part of Supercloud the other day. And he said, "Dave, I like the work, you got to simplify this a little bit." So he said, quote, "A Supercloud is a platform." He said, "Think of it as a platform that provides programmatically consistent services hosted on heterogeneous cloud providers." And then Nelu Mihai said, "Well, wait a minute. This is just going to create more stove pipes. We need more standards in an architecture," which is kind of what Berkeley Sky Computing initiative is all about. So there's a sort of a debate going on. Is supercloud an architecture, a platform? Or maybe it's just another buzzword. Maribel, do you have a thought on this? >> Well, the easy answer would be to say it's just a buzzword. And then we could just kill the conversation and be done with it. But I think the term, it's more than that, right? The term actually isn't new. You can go back to at least 2016 and find references to supercloud in Cornell University or assist in other documents. So, having said this, I think we've been talking about Supercloud for a while, so I assume it's more than just a fancy buzzword. But I think it really speaks to that undeniable trend of moving towards an abstraction layer to deal with the chaos of what we consider managing multiple public and private clouds today, right? So one definition of the technology platform speaks to a set of services that allows companies to build and run that technology smoothly without worrying about the underlying infrastructure, which really gets back to something that Bob said. And some of the question is where that lives. And you could call that an abstraction layer. You could call it cross-cloud services, hybrid cloud management. So I see momentum there, like legitimate momentum with enterprise IT buyers that are trying to deal with the fact that they have multiple clouds now. So where I think we're moving is trying to define what are the specific attributes and frameworks of that that would make it so that it could be consistent across clouds. What is that layer? And maybe that's what the supercloud is. But one of the things I struggle with with supercloud is. What are we really trying to do here? Are we trying to create differentiated services in the supercloud layer? Is a supercloud just another variant of what AWS, GCP, or others do? You spoken to Walmart about its cloud native platform, and that's an example of somebody deciding to do it themselves because they need to deal with this today and not wait for some big standards thing to happen. So whatever it is, I do think it's something. I think we're trying to maybe create an architecture out of it would be a better way of saying it so that it does get to those set of principles, but it also needs to be edge aware. I think whenever we talk about supercloud, we're always talking about like the big centralized cloud. And I think we need to think about all the distributed clouds that we're looking at in edge as well. So that might be one of the ways that supercloud evolves. >> So thank you, Maribel. Keith, Brian Gracely, Gracely's law, things kind of repeat themselves. We've seen it all before. And so what Muglia brought to the forefront is this idea of a platform where the platform provider is really responsible for the architecture. Of course, the drawback is then you get a a bunch of stove pipes architectures. But practically speaking, that's kind of the way the industry has always evolved, right? >> So if we look at this from the practitioner's perspective and we talk about platforms, traditionally vendors have provided the platforms for us, whether it's distribution of lineage managed by or provided by Red Hat, Windows, servers, .NET, databases, Oracle. We think of those as platforms, things that are fundamental we can build on top. Supercloud isn't today that. It is a framework or idea, kind of a visionary goal to get to a point that we can have a platform or a framework. But what we're seeing repeated throughout the industry in customers, whether it's the Walmarts that's kind of supersized the idea of supercloud, or if it's regular end user organizations that are coming out with platform groups, groups who normalize cloud native infrastructure, AWS multi-cloud, VMware resources to look like one thing internally to their developers. We're seeing this trend that there's a desire for a platform that provides the capabilities of a supercloud. >> Thank you for that. Sanjeev, we often use Snowflake as a supercloud example, and now would presumably would be a platform with an architecture that's determined by the vendor. Maybe Databricks is pushing for a more open architecture, maybe more of that nirvana that we were talking about before to solve for supercloud. But regardless, the practitioner discussions show. At least currently, there's not a lot of cross-cloud data sharing. I think it could be a killer use case, egress charges or a barrier. But how do you see it? Will that change? Will we hide that underlying complexity and start sharing data across cloud? Is that something that you think Snowflake or others will be able to achieve? >> So I think we are already starting to see some of that happen. Snowflake is definitely one example that gets cited a lot. But even we don't talk about MongoDB in this like, but you could have a MongoDB cluster, for instance, with nodes sitting in different cloud providers. So there are companies that are starting to do it. The advantage that these companies have, let's take Snowflake as an example, it's a centralized proprietary platform. And they are building the capabilities that are needed for supercloud. So they're building things like you can push down your data transformations. They have the entire security and privacy suite. Data ops, they're adding those capabilities. And if I'm not mistaken, it'll be very soon, we will see them offer data observability. So it's all works great as long as you are in one platform. And if you want resilience, then Snowflake, Supercloud, great example. But if your primary goal is to choose the most cost-effective service irrespective of which cloud it sits in, then things start falling sideways. For example, I may be a very big Snowflake user. And I like Snowflake's resilience. I can move from one cloud to another cloud. Snowflake does it for me. But what if I want to train a very large model? Maybe Databricks is a better platform for that. So how do I do move my workload from one platform to another platform? That tooling does not exist. So we need server hybrid, cross-cloud, data ops platform. Walmart has done a great job, but they built it by themselves. Not every company is Walmart. Like Maribel and Keith said, we need standards, we need reference architectures, we need some sort of a cost control. I was just reading recently, Accenture has been public about their AWS bill. Every time they get the bill is tens of millions of lines, tens of millions 'cause there are over thousand teams using AWS. If we have not been able to corral a usage of a single cloud, now we're talking about supercloud, we've got multiple clouds, and hybrid, on-prem, and edge. So till we've got some cross-platform tooling in place, I think this will still take quite some time for it to take shape. >> It's interesting. Maribel, Walmart would tell you that their on-prem infrastructure is cheaper to run than the stuff in the cloud. but at the same time, they want the flexibility and the resiliency of their three-legged stool model. So the point as Sanjeev was making about hybrid. It's an interesting balance, isn't it, between getting your lowest cost and at the same time having best of breed and scale? >> It's basically what you're trying to optimize for, as you said, right? And by the way, to the earlier point, not everybody is at Walmart's scale, so it's not actually cheaper for everybody to have the purchasing power to make the cloud cheaper to have it on-prem. But I think what you see almost every company, large or small, moving towards is this concept of like, where do I find the agility? And is the agility in building the infrastructure for me? And typically, the thing that gives you outside advantage as an organization is not how you constructed your cloud computing infrastructure. It might be how you structured your data analytics as an example, which cloud is related to that. But how do you marry those two things? And getting back to sort of Sanjeev's point. We're in a real struggle now where one hand we want to have best of breed services and on the other hand we want it to be really easy to manage, secure, do data governance. And those two things are really at odds with each other right now. So if you want all the knobs and switches of a service like geospatial analytics and big query, you're going to have to use Google tools, right? Whereas if you want visibility across all the clouds for your application of state and understand the security and governance of that, you're kind of looking for something that's more cross-cloud tooling at that point. But whenever you talk to somebody about cross-cloud tooling, they look at you like that's not really possible. So it's a very interesting time in the market. Now, we're kind of layering this concept of supercloud on it. And some people think supercloud's about basically multi-cloud tooling, and some people think it's about a whole new architectural stack. So we're just not there yet. But it's not all about cost. I mean, cloud has not been about cost for a very, very long time. Cloud has been about how do you really make the most of your data. And this gets back to cross-cloud services like Snowflake. Why did they even exist? They existed because we had data everywhere, but we need to treat data as a unified object so that we can analyze it and get insight from it. And so that's where some of the benefit of these cross-cloud services are moving today. Still a long way to go, though, Dave. >> Keith, I reached out to my friends at ETR given the macro headwinds, And you're right, Maribel, cloud hasn't really been about just about cost savings. But I reached out to the ETR, guys, what's your data show in terms of how customers are dealing with the economic headwinds? And they said, by far, their number one strategy to cut cost is consolidating redundant vendors. And a distant second, but still notable was optimizing cloud costs. Maybe using reserve instances, or using more volume buying. Nowhere in there. And I asked them to, "Could you go look and see if you can find it?" Do we see repatriation? And you hear this a lot. You hear people whispering as analysts, "You better look into that repatriation trend." It's pretty big. You can't find it. But some of the Walmarts in the world, maybe even not repatriating, but they maybe have better cost structure on-prem. Keith, what are you seeing from the practitioners that you talk to in terms of how they're dealing with these headwinds? >> Yeah, I just got into a conversation about this just this morning with (indistinct) who is an analyst over at GigaHome. He's reading the same headlines. Repatriation is happening at large scale. I think this is kind of, we have these quiet terms now. We have quiet quitting, we have quiet hiring. I think we have quiet repatriation. Most people haven't done away with their data centers. They're still there. Whether they're completely on-premises data centers, and they own assets, or they're partnerships with QTX, Equinix, et cetera, they have these private cloud resources. What I'm seeing practically is a rebalancing of workloads. Do I really need to pay AWS for this instance of SAP that's on 24 hours a day versus just having it on-prem, moving it back to my data center? I've talked to quite a few customers who were early on to moving their static SAP workloads onto the public cloud, and they simply moved them back. Surprising, I was at VMware Explore. And we can talk about this a little bit later on. But our customers, net new, not a lot that were born in the cloud. And they get to this point where their workloads are static. And they look at something like a Kubernetes, or a OpenShift, or VMware Tanzu. And they ask the question, "Do I need the scalability of cloud?" I might consider being a net new VMware customer to deliver this base capability. So are we seeing repatriation as the number one reason? No, I think internal IT operations are just naturally come to this realization. Hey, I have these resources on premises. The private cloud technologies have moved far along enough that I can just simply move this workload back. I'm not calling it repatriation, I'm calling it rightsizing for the operating model that I have. >> Makes sense. Yeah. >> Go ahead. >> If I missed something, Dave, why we are on this topic of repatriation. I'm actually surprised that we are talking about repatriation as a very big thing. I think repatriation is happening, no doubt, but it's such a small percentage of cloud migration that to me it's a rounding error in my opinion. I think there's a bigger problem. The problem is that people don't know where the cost is. If they knew where the cost was being wasted in the cloud, they could do something about it. But if you don't know, then the easy answer is cloud costs a lot and moving it back to on-premises. I mean, take like Capital One as an example. They got rid of all the data centers. Where are they going to repatriate to? They're all in the cloud at this point. So I think my point is that data observability is one of the places that has seen a lot of traction is because of cost. Data observability, when it first came into existence, it was all about data quality. Then it was all about data pipeline reliability. And now, the number one killer use case is FinOps. >> Maribel, you had a comment? >> Yeah, I'm kind of in violent agreement with both Sanjeev and Keith. So what are we seeing here? So the first thing that we see is that many people wildly overspent in the big public cloud. They had stranded cloud credits, so to speak. The second thing is, some of them still had infrastructure that was useful. So why not use it if you find the right workloads to what Keith was talking about, if they were more static workloads, if it was already there? So there is a balancing that's going on. And then I think fundamentally, from a trend standpoint, these things aren't binary. Everybody, for a while, everything was going to go to the public cloud and then people are like, "Oh, it's kind of expensive." Then they're like, "Oh no, they're going to bring it all on-prem 'cause it's really expensive." And it's like, "Well, that doesn't necessarily get me some of the new features and functionalities I might want for some of my new workloads." So I'm going to put the workloads that have a certain set of characteristics that require cloud in the cloud. And if I have enough capability on-prem and enough IT resources to manage certain things on site, then I'm going to do that there 'cause that's a more cost-effective thing for me to do. It's not binary. That's why we went to hybrid. And then we went to multi just to describe the fact that people added multiple public clouds. And now we're talking about super, right? So I don't look at it as a one-size-fits-all for any of this. >> A a number of practitioners leading up to Supercloud2 have told us that they're solving their cloud complexity by going in monocloud. So they're putting on the blinders. Even though across the organization, there's other groups using other clouds. You're like, "In my group, we use AWS, or my group, we use Azure. And those guys over there, they use Google. We just kind of keep it separate." Are you guys hearing this in your view? Is that risky? Are they missing out on some potential to tap best of breed? What do you guys think about that? >> Everybody thinks they're monocloud. Is anybody really monocloud? It's like a group is monocloud, right? >> Right. >> This genie is out of the bottle. We're not putting the genie back in the bottle. You might think your monocloud and you go like three doors down and figure out the guy or gal is on a fundamentally different cloud, running some analytics workload that you didn't know about. So, to Sanjeev's earlier point, they don't even know where their cloud spend is. So I think the concept of monocloud, how that's actually really realized by practitioners is primary and then secondary sources. So they have a primary cloud that they run most of their stuff on, and that they try to optimize. And we still have forked workloads. Somebody decides, "Okay, this SAP runs really well on this, or these analytics workloads run really well on that cloud." And maybe that's how they parse it. But if you really looked at it, there's very few companies, if you really peaked under the hood and did an analysis that you could find an actual monocloud structure. They just want to pull it back in and make it more manageable. And I respect that. You want to do what you can to try to streamline the complexity of that. >> Yeah, we're- >> Sorry, go ahead, Keith. >> Yeah, we're doing this thing where we review AWS service every day. Just in your inbox, learn about a new AWS service cursory. There's 238 AWS products just on the AWS cloud itself. Some of them are redundant, but you get the idea. So the concept of monocloud, I'm in filing agreement with Maribel on this that, yes, a group might say I want a primary cloud. And that primary cloud may be the AWS. But have you tried the licensed Oracle database on AWS? It is really tempting to license Oracle on Oracle Cloud, Microsoft on Microsoft. And I can't get RDS anywhere but Amazon. So while I'm driven to desire the simplicity, the reality is whether be it M&A, licensing, data sovereignty. I am forced into a multi-cloud management style. But I do agree most people kind of do this one, this primary cloud, secondary cloud. And I guarantee you're going to have a third cloud or a fourth cloud whether you want to or not via shadow IT, latency, technical reasons, et cetera. >> Thank you. Sanjeev, you had a comment? >> Yeah, so I just wanted to mention, as an organization, I'm complete agreement, no organization is monocloud, at least if it's a large organization. Large organizations use all kinds of combinations of cloud providers. But when you talk about a single workload, that's where the program arises. As Keith said, the 238 services in AWS. How in the world am I going to be an expert in AWS, but then say let me bring GCP or Azure into a single workload? And that's where I think we probably will still see monocloud as being predominant because the team has developed its expertise on a particular cloud provider, and they just don't have the time of the day to go learn yet another stack. However, there are some interesting things that are happening. For example, if you look at a multi-cloud example where Oracle and Microsoft Azure have that interconnect, so that's a beautiful thing that they've done because now in the newest iteration, it's literally a few clicks. And then behind the scene, your .NET application and your Oracle database in OCI will be configured, the identities in active directory are federated. And you can just start using a database in one cloud, which is OCI, and an application, your .NET in Azure. So till we see this kind of a solution coming out of the providers, I think it's is unrealistic to expect the end users to be able to figure out multiple clouds. >> Well, I have to share with you. I can't remember if he said this on camera or if it was off camera so I'll hold off. I won't tell you who it is, but this individual was sort of complaining a little bit saying, "With AWS, I can take their best AI tools like SageMaker and I can run them on my Snowflake." He said, "I can't do that in Google. Google forces me to go to BigQuery if I want their excellent AI tools." So he was sort of pushing, kind of tweaking a little bit. Some of the vendor talked that, "Oh yeah, we're so customer-focused." Not to pick on Google, but I mean everybody will say that. And then you say, "If you're so customer-focused, why wouldn't you do a ABC?" So it's going to be interesting to see who leads that integration and how broadly it's applied. But I digress. Keith, at our first supercloud event, that was on August 9th. And it was only a few months after Broadcom announced the VMware acquisition. A lot of people, myself included said, "All right, cuts are coming." Generally, Tanzu is probably going to be under the radar, but it's Supercloud 22 and presumably VMware Explore, the company really... Well, certainly the US touted its Tanzu capabilities. I wasn't at VMware Explore Europe, but I bet you heard similar things. Hawk Tan has been blogging and very vocal about cross-cloud services and multi-cloud, which doesn't happen without Tanzu. So what did you hear, Keith, in Europe? What's your latest thinking on VMware's prospects in cross-cloud services/supercloud? >> So I think our friend and Cube, along host still be even more offended at this statement than he was when I sat in the Cube. This was maybe five years ago. There's no company better suited to help industries or companies, cross-cloud chasm than VMware. That's not a compliment. That's a reality of the industry. This is a very difficult, almost intractable problem. What I heard that VMware Europe were customers serious about this problem, even more so than the US data sovereignty is a real problem in the EU. Try being a company in Switzerland and having the Swiss data solvency issues. And there's no local cloud presence there large enough to accommodate your data needs. They had very serious questions about this. I talked to open source project leaders. Open source project leaders were asking me, why should I use the public cloud to host Kubernetes-based workloads, my projects that are building around Kubernetes, and the CNCF infrastructure? Why should I use AWS, Google, or even Azure to host these projects when that's undifferentiated? I know how to run Kubernetes, so why not run it on-premises? I don't want to deal with the hardware problems. So again, really great questions. And then there was always the specter of the problem, I think, we all had with the acquisition of VMware by Broadcom potentially. 4.5 billion in increased profitability in three years is a unbelievable amount of money when you look at the size of the problem. So a lot of the conversation in Europe was about industry at large. How do we do what regulators are asking us to do in a practical way from a true technology sense? Is VMware cross-cloud great? >> Yeah. So, VMware, obviously, to your point. OpenStack is another way of it. Actually, OpenStack, uptake is still alive and well, especially in those regions where there may not be a public cloud, or there's public policy dictating that. Walmart's using OpenStack. As you know in IT, some things never die. Question for Sanjeev. And it relates to this new breed of data apps. And Bob Muglia and Tristan Handy from DBT Labs who are participating in this program really got us thinking about this. You got data that resides in different clouds, it maybe even on-prem. And the machine polls data from different systems. No humans involved, e-commerce, ERP, et cetera. It creates a plan, outcomes. No human involvement. Today, you're on a CRM system, you're inputting, you're doing forms, you're, you're automating processes. We're talking about a new breed of apps. What are your thoughts on this? Is it real? Is it just way off in the distance? How does machine intelligence fit in? And how does supercloud fit? >> So great point. In fact, the data apps that you're talking about, I call them data products. Data products first came into limelight in the last couple of years when Jamal Duggan started talking about data mesh. I am taking data products out of the data mesh concept because data mesh, whether data mesh happens or not is analogous to data products. Data products, basically, are taking a product management view of bringing data from different sources based on what the consumer needs. We were talking earlier today about maybe it's my vacation rentals, or it may be a retail data product, it may be an investment data product. So it's a pre-packaged extraction of data from different sources. But now I have a product that has a whole lifecycle. I can version it. I have new features that get added. And it's a very business data consumer centric. It uses machine learning. For instance, I may be able to tell whether this data product has stale data. Who is using that data? Based on the usage of the data, I may have a new data products that get allocated. I may even have the ability to take existing data products, mash them up into something that I need. So if I'm going to have that kind of power to create a data product, then having a common substrate underneath, it can be very useful. And that could be supercloud where I am making API calls. I don't care where the ERP, the CRM, the survey data, the pricing engine where they sit. For me, there's a logical abstraction. And then I'm building my data product on top of that. So I see a new breed of data products coming out. To answer your question, how early we are or is this even possible? My prediction is that in 2023, we will start seeing more of data products. And then it'll take maybe two to three years for data products to become mainstream. But it's starting this year. >> A subprime mortgages were a data product, definitely were humans involved. All right, let's talk about some of the supercloud, multi-cloud players and what their future looks like. You can kind of pick your favorites. VMware, Snowflake, Databricks, Red Hat, Cisco, Dell, HP, Hashi, IBM, CloudFlare. There's many others. cohesive rubric. Keith, I wanted to start with CloudFlare because they actually use the term supercloud. and just simplifying what they said. They look at it as taking serverless to the max. You write your code and then you can deploy it in seconds worldwide, of course, across the CloudFlare infrastructure. You don't have to spin up containers, you don't go to provision instances. CloudFlare worries about all that infrastructure. What are your thoughts on CloudFlare this approach and their chances to disrupt the current cloud landscape? >> As Larry Ellison said famously once before, the network is the computer, right? I thought that was Scott McNeley. >> It wasn't Scott McNeley. I knew it was on Oracle Align. >> Oracle owns that now, owns that line. >> By purpose or acquisition. >> They should have just called it cloud. >> Yeah, they should have just called it cloud. >> Easier. >> Get ahead. >> But if you think about the CloudFlare capability, CloudFlare in its own right is becoming a decent sized cloud provider. If you have compute out at the edge, when we talk about edge in the sense of CloudFlare and points of presence, literally across the globe, you have all of this excess computer, what do you do with it? First offering, let's disrupt data in the cloud. We can't start the conversation talking about data. When they say we're going to give you object-oriented or object storage in the cloud without egress charges, that's disruptive. That we can start to think about supercloud capability of having compute EC2 run in AWS, pushing and pulling data from CloudFlare. And now, I've disrupted this roach motel data structure, and that I'm freely giving away bandwidth, basically. Well, the next layer is not that much more difficult. And I think part of CloudFlare's serverless approach or supercloud approaches so that they don't have to commit to a certain type of compute. It is advantageous. It is a feature for me to be able to go to EC2 and pick a memory heavy model, or a compute heavy model, or a network heavy model, CloudFlare is taken away those knobs. and I'm just giving code and allowing that to run. CloudFlare has a massive network. If I can put the code closest using the CloudFlare workers, if I can put that code closest to where the data is at or residing, super compelling observation. The question is, does it scale? I don't get the 238 services. While Server List is great, I have to know what I'm going to build. I don't have a Cognito, or RDS, or all these other services that make AWS, GCP, and Azure appealing from a builder's perspective. So it is a very interesting nascent start. It's great because now they can hide compute. If they don't have the capacity, they can outsource that maybe at a cost to one of the other cloud providers, but kind of hiding the compute behind the surplus architecture is a really unique approach. >> Yeah. And they're dipping their toe in the water. And they've announced an object store and a database platform and more to come. We got to wrap. So I wonder, Sanjeev and Maribel, if you could maybe pick some of your favorites from a competitive standpoint. Sanjeev, I felt like just watching Snowflake, I said, okay, in my opinion, they had the right strategy, which was to run on all the clouds, and then try to create that abstraction layer and data sharing across clouds. Even though, let's face it, most of it might be happening across regions if it's happening, but certainly outside of an individual account. But I felt like just observing them that anybody who's traditional on-prem player moving into the clouds or anybody who's a cloud native, it just makes total sense to write to the various clouds. And to the extent that you can simplify that for users, it seems to be a logical strategy. Maybe as I said before, what multi-cloud should have been. But are there companies that you're watching that you think are ahead in the game , or ones that you think are a good model for the future? >> Yes, Snowflake, definitely. In fact, one of the things we have not touched upon very much, and Keith mentioned a little bit, was data sovereignty. Data residency rules can require that certain data should be written into certain region of a certain cloud. And if my cloud provider can abstract that or my database provider, then that's perfect for me. So right now, I see Snowflake is way ahead of this pack. I would not put MongoDB too far behind. They don't really talk about this thing. They are in a different space, but now they have a lakehouse, and they've got all of these other SQL access and new capabilities that they're announcing. So I think they would be quite good with that. Oracle is always a dark forest. Oracle seems to have revived its Cloud Mojo to some extent. And it's doing some interesting stuff. Databricks is the other one. I have not seen Databricks. They've been very focused on lakehouse, unity, data catalog, and some of those pieces. But they would be the obvious challenger. And if they come into this space of supercloud, then they may bring some open source technologies that others can rely on like Delta Lake as a table format. >> Yeah. One of these infrastructure players, Dell, HPE, Cisco, even IBM. I mean, I would be making my infrastructure as programmable and cloud friendly as possible. That seems like table stakes. But Maribel, any companies that stand out to you that we should be paying attention to? >> Well, we already mentioned a bunch of them, so maybe I'll go a slightly different route. I'm watching two companies pretty closely to see what kind of traction they get in their established companies. One we already talked about, which is VMware. And the thing that's interesting about VMware is they're everywhere. And they also have the benefit of having a foot in both camps. If you want to do it the old way, the way you've always done it with VMware, they got all that going on. If you want to try to do a more cross-cloud, multi-cloud native style thing, they're really trying to build tools for that. So I think they have really good access to buyers. And that's one of the reasons why I'm interested in them to see how they progress. The other thing, I think, could be a sleeping horse oddly enough is Google Cloud. They've spent a lot of work and time on Anthos. They really need to create a certain set of differentiators. Well, it's not necessarily in their best interest to be the best multi-cloud player. If they decide that they want to differentiate on a different layer of the stack, let's say they want to be like the person that is really transformative, they talk about transformation cloud with analytics workloads, then maybe they do spend a good deal of time trying to help people abstract all of the other underlying infrastructure and make sure that they get the sexiest, most meaningful workloads into their cloud. So those are two people that you might not have expected me to go with, but I think it's interesting to see not just on the things that might be considered, either startups or more established independent companies, but how some of the traditional providers are trying to reinvent themselves as well. >> I'm glad you brought that up because if you think about what Google's done with Kubernetes. I mean, would Google even be relevant in the cloud without Kubernetes? I could argue both sides of that. But it was quite a gift to the industry. And there's a motivation there to do something unique and different from maybe the other cloud providers. And I'd throw in Red Hat as well. They're obviously a key player and Kubernetes. And Hashi Corp seems to be becoming the standard for application deployment, and terraform, or cross-clouds, and there are many, many others. I know we're leaving lots out, but we're out of time. Folks, I got to thank you so much for your insights and your participation in Supercloud2. Really appreciate it. >> Thank you. >> Thank you. >> Thank you. >> This is Dave Vellante for John Furrier and the entire Cube community. Keep it right there for more content from Supercloud2.

Upbeat music plays >> Voice Over: TheCUBE presents Ignite 22, brought to you by Palo Alto Networks. >> Good morning everyone. Welcome to theCUBE. Lisa Martin here with Dave Vellante. We are live at Palo Alto Networks Ignite. This is the 10th annual Ignite. There's about 3,000 people here, excited to really see where this powerhouse organization is taking security. Dave, it's great to be here. Our first time covering Ignite. People are ready to be back. They.. and security is top. It's a board level conversation. >> It is the other Ignite, I like to call it cuz of course there's another big company has a conference name Ignite, so I'm really excited to be here. Palo Alto Networks, a company we've covered for a number of years, as we just wrote in our recent breaking analysis, we've called them the gold standard but it's not just our opinion, we've backed it up with data. The company's on track. We think to do close to 7 billion in revenue by 2023. That's double it's 2020 revenue. You can measure it with execution, market cap M and A prowess. I'm super excited to have the CEO here. >> We have the CEO here, Nikesh Arora joins us from Palo Alto Networks. Nikesh, great to have you on theCube. Thank you for joining us. >> Well thank you very much for having me Lisa and Dave >> Lisa: It was great to see your keynote this morning. You said that, you know fundamentally security is a data problem. Well these days every company has to be a data company. Grocery stores, gas stations, car dealers. How is Palo Alto networks making customers, these data companies, more secure? >> Well Lisa, you know, (coughs) I've only done cybersecurity for about four, four and a half years so when I came to the industry I was amazed to see how security is so reactive as opposed to proactive. We should be able to stop bad threats, right? as they're happening. But I think a lot of threats get through because we don't have the right infrastructure and the right tooling and right products in there. So I think we've been working hard for the last four and a half years to turn it around so we can have consistent data flow across an enterprise and then mine that data for threats and anomalous behavior and try and protect our customers. >> You know the problem, I wrote this, this weekend, the problem in cybersecurity is well understood, you put up that Optiv graph and it's like 8,000 companies >> Yes >> and I think you mentioned your keynote on average, you know 30 to 40 tools, maybe 50, at least 20, >> Yes. >> from the folks that I talked to. So, okay, great, but actually solving that problem is not trivial. To be a consolidator, I mean, everybody wants to consolidate tools. So in your three to four years and security as you well know, it's, you can't fake security. It's a really, really challenging topic. So when you joined Palo Alto Networks and you heard that strategy, I know you guys have been thinking about this for some time, what did you see as the challenges to actually executing on that and how is it that you've been able to sort of get through that knot hole. >> So Dave, you know, it's interesting if you look at the history of cybersecurity, I call them the flavor of the decade, a flare, you know a new threat vector gets created, very large market gets created, a solution comes through, people flock, you get four or five companies will chase that opportunity, and then they become leaders in that space whether it's firewalls or endpoints or identity. And then people stick to their swim lane. The problem is that's a very product centric approach to security. It's not a customer-centric approach. The customer wants a more secure enterprise. They don't want to solve 20 different solutions.. problems with 20 different point solutions. But that's kind of how the industry's grown up, and it's been impossible for a large security company in one category, to actually have a substantive presence in the next category. Now what we've been able to do in the last four and a half years is, you know, from our firewall base we had resources, we had intellectual capability from a security perspective and we had cash. So we used that to pay off our technical debt. We acquired a bunch of companies, we created capability. In the last three years, four years we've created three incremental businesses which are all on track to hit a billion dollars the next 12 to 18 months. >> Yeah, so it's interesting on Twitter last night we had a little conversation about acquirers and who was a good, who was not so good. It was, there was Oracle, they came up actually very high, they'd done pretty, pretty good Job, VMware was on the list, IBM, Cisco, ServiceNow. And if you look at IBM and Cisco's strategy, they tend to be very services heavy, >> Mm >> right? How is it that you have been able to, you mentioned get rid of your technical debt, you invested in that. I wonder if you could, was it the, the Cloud, even though a lot of the Cloud was your own Cloud, was that a difference in terms of your ability to integrate? Because so many companies have tried it in the past. Oracle I think has done a good job, but it took 'em 10 to 12 years, you know, to, to get there. What was the sort of secret sauce? Is it culture, is it just great engineering? >> Dave it's a.. thank you for that. I think, look, it's, it's a mix of everything. First and foremost, you know, there are certain categories we didn't play in so there was nothing to integrate. We built a capability in a category in automation. We didn't have a product, we acquired a company. It's a net new capability in instant response. We didn't have a capability. It was net new capability. So there was, there was, other than integrating culturally and into the organization into our core to market processes there was no technical integration needed. Most of our technical integration was needed in our Cloud platform, which we bought five or six companies, we integrated then we just bought one recently called cyber security as well, which is going to get integrated in the Cloud platform. >> Dave: Yeah. >> And the thing is like, the Cloud platform is net new in the industry. We.. nobody's created a Cloud security platform yet, so we're working hard to create it because we don't want to replicate the mistakes of the past, that were made in enterprise security, in Cloud security. So it's a combination of cultural integration it's a combination of technical integration. The two things we do differently I think, than most people in the industry is look, we have no pride of, you know of innovations. Like, if somebody else has done it, we respect it and we'll acquire it, but we always want to acquire number one or number two in their category. I don't want number three or four. There's three or four for a reason and there still leaves one or two out there to compete with. So we've always acquired one or two, one. And the second thing, which is as important is most of these companies are in the early stage of development. So it's very important for the founding team to be around. So we spend a lot of time making sure they stick around. We actually make our people work for them. My principle is, listen, if they beat us in the open market with all our resources and our people, then they deserve to run this as opposed to us. So most of our new product categories are run by founders of companies required. >> So a little bit of Jack Welch, a little bit of Franks Lubens is a, you know always deference to the founders. But go ahead Lisa. >> Speaking of cultural transformation, you were mentioning your keynote this morning, there's been a significant workforce transformation at Palo Alto Networks. >> Yeah >> Talk a little bit about that, cause that's a big challenge, for many organizations to achieve. Sounds like you've done it pretty well. >> Well you know, my old boss, Eric Schmidt, used to say, 'revenue solves all known problems'. Which kind of, you know, it is a part joking, part true, but you know as Dave mentioned, we've doubled or two and a half time the revenues in the last four and a half years. That allows you to grow, that allows you to increase headcount. So we've gone from four and a half thousand people to 14,000 people. Good news is that's 9,500 people are net new to the company. So you can hire a whole new set of people who have new skills, new capabilities and there's some attrition four and a half thousand, some part of that turns over in four and a half years, so we effectively have 80% net new people, and the people we have, who are there from before, are amazing because they've built a phenomenal firewall business. So it's kind of been right sized across the board. It's very hard to do this if you're not growing. So you got to focus on growing. >> Dave: It's like winning in sports. So speaking of firewalls, I got to ask you does self-driving cars need brakes? So if I got a shout out to my friend Zeus Cararvela so like that's his line about why you need firewalls, right? >> Nikesh: Yes. >> I mean you mentioned it in your keynote today. You said it's the number one question that you get. >> and I don't get it why P industry observers don't go back and say that's, this is ridiculous. The network traffic is doubling or tripling. (clears throat) In fact, I gave an interesting example. We shut down our data centers, as I said, we are all on Google Cloud and Amazon Cloud and then, you know our internal team comes in, we'd want a bigger firewall. I'm like, why do you want a bigger firewall? We shut down our data centers as well. The traffic coming in and out of our campus is doubled. We need a bigger firewall. So you still need a firewall even if you're in the Cloud. >> So I'm going to come back to >> Nikesh: (coughs) >> the M and A strategy. My question is, can you be both best of breed and develop a comprehensive suite number.. part one and part one A of that is do you even have to, because generally sweets win out over best of breed. But what, how do you, how do you respond? >> Well, you know, this is this age old debate and people get trapped in that, I think in my mind, and let me try and expand the analogy which I tried to do up in my keynote. You know, let's assume that Oracle, Microsoft, Dynamics and Salesforce did not exist, okay? And you were running a large company of 50,000 people and your job was to manage the customer process which easier to understand than security. And I said, okay, guess what? I have a quoting system and a lead system but the lead system doesn't talk to my coding system. So I get leads, but I don't know who those customers. And I write codes for a whole new set of customers and I have a customer database. Then when they come as purchase orders, I have a new database with all the customers who've bought something from me, and then when I go get them licensing I have a new database and when I go have customer support, I have a fifth database and there are customers in all five databases. You'll say Nikesh you're crazy, you should have one customer database, otherwise you're never going to be able to make this work. But security is the same problem. >> Dave: Mm I should.. I need consistency in data from suit to nuts. If it's in Cloud, if you're writing code, I need to understand the security flaws before they go into deployment, before they go into production. We for somehow ridiculously have bought security like IT. Now the difference between IT and security is, IT is required to talk to each other, so a Dell server and HP server work very similarly but a Palo Alto firewall and a Checkpoint firewall Fortnight firewall work formally differently. And then how that transitions into endpoints is a whole different ball game. So you need consistency in data, as Lisa was saying earlier, it's a data problem. You need consistency as you traverse to the enterprise. And that's why that's the number one need. Now, when you say best of breed, (coughs) best of breed, if it's fine, if it's a specific problem that you're trying to solve. But if you're trying to make sure that's the data flow that happens, you need both best of breed, you know, technology that stops things and need integration on data. So what we are trying to do is we're trying to give people best to breed solutions in the categories they want because otherwise they won't buy us. But we're also trying to make sure we stitch the data. >> But that definition of best of breed is a little bit of nuance than different in security is what I'm hearing because that consistency >> Nikesh: (coughs) Yes, >> across products. What about across Cloud? You mentioned Google and Amazon. >> Yeah so that's great question. >> Dave: Are you building the security super Cloud, I call it, above the Cloud? >> It's, it's not, it's, less so a super Cloud, It's more like Switzerland and I used to work at Google for 10 years, not a secret. And we used to sell advertising and we decided to go into pub into display ads or publishing, right. Now we had no publishing platform so we had to be good at everybody else's publishing platform >> Dave: Mm >> but we never were able to search ads for everybody else because we only focus on our own platform. So part of it is when the Cloud guys they're busy solving security for their Cloud. Google is not doing anything about Amazon Cloud or Microsoft Cloud, Microsoft's Azure, right? AWS is not doing anything about Google Cloud or Azure. So what we do is we don't have a Cloud. Our job in providing Cloud securities, be Switzerland make sure it works consistently across every Cloud. Now if you try to replicate what we offer Prisma Cloud, by using AWS, Azure and GCP, you'd have to first of all, have three panes of glass for all three of them. But even within them they have four panes of glass for the capabilities we offer. So you could end up with 12 different interfaces to manage a development process, we give you one. Now you tell me which is better. >> Dave: Sounds like a super Cloud to me Lisa (laughing) >> He's big on super Cloud >> Uber Cloud, there you >> Hey I like that, Uber Cloud. Well, so I want to understand Nikesh, what's realistic. You mentioned in your keynote Dave, brought it up that the average organization has 30 to 50 tools, security tools. >> Nikesh: Yes, yes >> On their network. What is realistic for from a consolidation perspective where Palo Alto can come in and say, let me make this consistent and simple for you. >> Well, I'll give you your own example, right? (clears throat) We're probably sub 10 substantively, right? There may be small things here and there we do. But on a substantive protecting the enterprise perspective you be should be down to eight or 10 vendors, and that is not perfect but it's a lot better than 50, >> Lisa: Right? >> because don't forget 50 tools means you have to have capability to understand what those 50 tools are doing. You have to have the capability to upgrade them on a constant basis, learn about their new capabilities. And I just can't imagine why customers have two sets of firewalls right. Now you got to learn both the files on how to deploy both them. That's silly because that's why we need 7 million more people. You need people to understand, so all these tools, who work for companies. If you had less tools, we need less people. >> Do you think, you know I wrote about this as well, that the security industry is anomalous and that the leader has, you know, single digit, low single digit >> Yes >> market shares. Do you think that you can change that? >> Well, you know, when I started that was exactly the observation I had Dave, which you highlighted in your article. We were the largest by revenue, by small margin. And we were one and half percent of the industry. Now we're closer to three, three to four percent and we're still at, you know, like you said, going to be around $7 billion. So I see a path for us to double from here and then double from there, and hopefully as we keep doubling and some point in time, you know, I'd like to get to double digits to start with. >> One of the things that I think has to happen is this has to grow dramatically, the ecosystem. I wonder if you could talk about the ecosystem and your strategy there. >> Well, you know, it's a matter of perspective. I think we have to get more penetrated in our largest customers. So we have, you know, 1800 of the top 2000 customers in the world are Palo Alto customers. But we're not fully penetrated with all our capabilities and the same customers set, so yes the ecosystem needs to grow, but the pandemic has taught us the ecosystem can grow wherever they are without having to come to Vegas. Which I don't think is a bad thing to be honest. So the ecosystem is growing. You are seeing new players come to the ecosystem. Five years ago you didn't see a lot of systems integrators and security. You didn't see security offshoots of telecom companies. You didn't see the Optivs, the WWTs, the (indistinct) of the world (coughs) make a concerted shift towards consolidation or services and all that is happening >> Dave: Mm >> as we speak today in the audience you will find people from Google, Amazon Microsoft are sitting in the audience. People from telecom companies are sitting in the audience. These people weren't there five years ago. So you are seeing >> Dave: Mm >> the ecosystem's adapting. They're, they want to be front and center of solving the customer's problem around security and they want to consolidate capability, they need. They don't want to go work with a hundred vendors because you know, it's like, it's hard. >> And the global system integrators are key. I always say they like to eat at the trough and there's a lot of money in security. >> Yes. >> Dave: (laughs) >> Well speaking of the ecosystem, you had Thomas Curry and Google Cloud CEO in your fireside chat in the keynote. Talk a little bit about how Google Cloud plus Palo Alto Networks, the Zero Trust Partnership and what it's enable customers to achieve. >> Lisa, that's a great question. (clears his throat) Thank you for bringing it up. Look, you know the, one of the most fundamental shifts that is happening is obviously the shift to the Cloud. Now when that shift fully, sort of, takes shape you will realize if your network has changed and you're delivering everything to the Cloud you need to go figure out how to bring the traffic to the Cloud. You don't have to bring it back to your data center you can bring it straight to the Cloud. So in that context, you know we use Google Cloud and Amazon Cloud, to be able to carry our traffic. We're going from a product company to a services company in addition, right? Cuz when we go from firewalls to SASE we're not carrying your traffic. When we carry our traffic, we need to make sure we have underlying capability which is world class. We think GCP and AWS and Azure run some of the biggest and best networks in the world. So our partnership with Google is such that we use their public Cloud, we sit on top of their Cloud, they give us increased enhanced functionality so that our customers SASE traffic gets delivered in priority anywhere in the world. They give us tooling to make sure that there's high reliability. So you know, we partner, they have Beyond Corp which is their version of Zero Trust which allows you to take unmanaged devices with browsers. We have SASE, which allows you to have managed devices. So the combination gives our collective customers the ability for Zero Trust. >> Do you feel like there has to be more collaboration within the ecosystem, the security, you know, landscape even amongst competitors? I mean I think about Google acquires Mandiant. You guys have Unit 42. Should and will, like, Wendy Whitmore and maybe they already are, Kevin Mandia talk more and share more data. If security's a data problem is all this data >> Nikesh: Yeah look I think the industry shares threat data, both in private organizations as well as public and private context, so that's not a problem. You know the challenge with too much collaboration in security is you never know. Like you know, the moment you start sharing your stuff at third parties, you go out of Secure Zone. >> Lisa: Mm >> Our biggest challenge is, you know, I can't trust a third party competitor partner product. I have to treat it with as much suspicion as anything else out there because the only way I can deliver Zero Trust is to not trust anything. So collaboration in Zero Trust are a bit of odds with each other. >> Sounds like another problem you can solve >> (laughs) >> Nikesh last question for you. >> Yes >> Favorite customer or example that you think really articulates the value of what Palo Alto was delivering? >> Look you know, it's a great question, Lisa. I had this seminal conversation with a customer and I explained all those things we were talking about and the customer said to me, great, okay so what do I need to do? I said, fun, you got to trust me because you know, we are on a journey, because in the past, customers have had to take the onus on themselves of integrating everything because they weren't sure a small startup will be independent, be bought by another cybersecurity company or a large cybersecurity company won't get gobbled up and split into pieces by private equity because every one of the cybersecurity companies have had a shelf life. So you know, our aspiration is to be the evergreen cybersecurity company. We will always be around and we will always tackle innovation and be on the front line. So the customer understood what we're doing. Over the last three years we've been working on a transformation journey with them. We're trying to bring them, or we have brought them along the path of Zero Trust and we're trying to work with them to deliver this notion of reducing their meantime to remediate from days to minutes. Now that's an outcome based approach that's a partnership based approach and we'd like, love to have more and more customers of that kind. I think we weren't ready to be honest as a company four and a half years ago, but I think today we're ready. Hence my keynote was called The Perfect Storm. I think we're at the right time in the industry with the right capabilities and the right ecosystem to be able to deliver what the industry needs. >> The perfect storm, partners, customers, investors, employees. Nikesh, it's been such a pleasure having you on theCUBE. Thank you for coming to talk to Dave and me right after your keynote. We appreciate that and we look forward to two days of great coverage from your executives, your customers, and your partners. Thank you. >> Well, thank you for having me, Lisa and Dave and thank you >> Dave: Pleasure >> for what you guys do for our industry. >> Our pleasure. For Nikesh Arora and Dave Vellante, I'm Lisa Martin, you're watching theCUBE live at MGM Grand Hotel in Las Vegas, Palo Alto Ignite 22. Stick around Dave and I will be joined by our next guest in just a minute. (cheerful music plays out)

>>Hello, brilliant humans and welcome back to Las Vegas, Nevada, where we are live from the AWS Reinvent Show floor here with the cube. My name is Savannah Peterson, joined with Dave Valante, and we have a very exciting conversation with you. Two, two companies you may have heard of. We've got AWS and Red Hat in the house. Manu and Joel, thank you so much for being here. Love this little fist bump. Started off, that's right. Before we even got rolling, Manu, you said that you wanted this to be the best segment of, of the cubes airing. We we're doing over a hundred segments, so you're gonna have to bring the heat. >>We're ready. We're did go. Are we ready? Yeah, go. We're ready. Let's bring it on. >>We're ready. All right. I'm, I'm ready. Dave's ready. Let's do it. How's the show going for you guys real quick before we dig in? >>Yeah, I think after Covid, it's really nice to see that we're back into the 2019 level and, you know, people just want to get out, meet people, have that human touch with each other, and I think a lot of trust gets built as a functional that, so it's super amazing to see our partners and customers here at Reedman. Yeah, >>And you've got a few in the house. That's true. Just a few maybe, maybe a couple >>Very few shows can say that, by the way. Yeah, it's maybe a handful. >>I think one of the things we were saying, it's almost like the entire Silicon Valley descended in the expo hall area, so >>Yeah, it's >>For a few different reasons. There's a few different silicon defined. Yeah, yeah, yeah. Don't have strong on for you. So far >>It's, it's, it is amazing. It's the 10th year, right? It's decade, I think I've been to five and it's, it grows every single year. It's the, you have to be here. It's as simple as that. And customers from every single industry are here too. You don't get, a lot of shows have every single industry and almost every single location around the globe. So it's, it's a must, must be >>Here. Well, and the personas evolved, right? I was at reinvent number two. That was my first, and it was all developers, not all, but a lot of developers. And today it's a business mix, really is >>Totally, is a business mix. And I just, I've talked about it a little bit down the show, but the diversity on the show floor, it's the first time I've had to wait in line for the ladies' room at a tech conference. Almost a two decade career. It is, yeah. And it was really refreshing. I'm so impressed. So clearly there's a commitment to community, but also a commitment to diversity. Yeah. And, and it's brilliant to see on the show floor. This is a partnership that is robust and has been around for a little while. Money. Why don't you tell us a little bit about the partnership here? >>Yes. So Red Hand and AWS are best friends, you know, forever together. >>Aw, no wonder we got the fist bumps and all the good vibes coming out. I know, it's great. I love that >>We have a decade of working together. I think the relationship in the first phase was around running rail bundled with E two. Sure. We have about 70,000 customers that are running rail, which are running mission critical workloads such as sap, Oracle databases, bespoke applications across the state of verticals. Now, as more and more enterprise customers are finally, you know, endorsing and adopting public cloud, I think that business is just gonna continue to grow. So a, a lot of progress there. The second titration has been around, you know, developers tearing Red Hat and aws, Hey, listen, we wanna, it's getting competitive. We wanna deliver new features faster, quicker, we want scale and we want resilience. So just entire push towards devs containers. So that's the second chapter with, you know, red Hat OpenShift on aws, which launched as a, a joint manage service in 2021 last year. And I think the third phase, which you're super excited about, is just bringing the ease of consumption, one click deployment, and then having our customers, you know, benefit from the joint committed spend programs together. So, you know, making sure that re and Ansible and JBoss, the entire portfolio of Red Hat products are available on AWS marketplace. So that's the 1, 2, 3, it of our relationship. It's a decade of working together and, you know, best friends are super committed to making sure our customers and partners continue successful. >>Yeah, that he said it, he said it perfectly. 2008, I know you don't like that, but we started with Rel on demand just in 2008 before E two even had a console. So the partnership has been there, like Manu says, for a long time, we got the partnership, we got the products up there now, and we just gotta finalize that, go to market and get that gas on the fire. >>Yeah. So Graviton Outpost, local zones, you lead it into all the new stuff. So that portends, I mean, 2008, we're talking two years after the launch of s3. >>That's right. >>Right. So, and now look, so is this a harbinger of things to come with these new innovations? >>Yeah, I, I would say, you know, the innovation is a key tenant of our partnership, our relationship. So if you look at from a product standpoint, red Hat or Rel was one of the first platforms that made a support for graviton, which is basically 40% better price performance than any other distribution. Then that translated into making sure that Rel is available on all of our regions globally. So this year we launched Switzerland, Spain, India, and Red Hat was available on launch there, support for Nitro support for Outpost Rosa support on Outpost as well. So I think that relationship, that innovation on the product side, that's pretty visible. I think that innovation again then translates into what we are doing on marketplace with one click deployments we spoke about. I think the third aspect of the know innovation is around making sure that we are making our partners and our customers successful. So one of the things that we've done so far is Joe leads a, you know, a black belt team that really goes into each customer opportunity, making sure how can we help you be successful. We launched and you know, we should be able to share that on a link. After this, we launched like a big playlist, which talks about every single use case on how do you get successful and running OpenShift on aws. So that innovation on behalf of our customers partners to make them successful, that's been a key tenant for us together as >>Well. That's right. And that team that Manu is talking about, we're gonna, gonna 10 x that team this year going into January. Our fiscal yield starts in January. Love that. So yeah, we're gonna have a lot of no hiring freeze over here. Nope. No ma'am. No. Yeah, that's right. Yeah. And you know what I love about working with aws and, and, and Manu just said it very, all of that's customer driven. Every single event that we, that he just talked about in that timeline, it's customer driven, right? Customers wanted rail on demand, customers want JBoss up in the cloud, Ansible this week, you know, everything's up there now. So it's just getting that go to market tight and we're gonna, we're gonna get that done. >>So what's the algorithm for customer driven in terms of taking the input? Because if every customers saying, Hey, I this a >>Really similar >>Question right up, right? I, that's what I want. And if you know, 95% of the customers say it, Jay, maybe that's a good idea. >>Yeah, that's right. Trends. But >>Yeah. You know, 30% you might be like, mm, you know, 20%, you know, how do you guys decide when to put gas on the fire? >>No, that, I think, as I mentioned, there are about 70,000 large customers that are running rail on Easy Two, many of these customers are informing our product strategy. So we have, you know, close to about couple of thousand power users. We have customer advisory booths, and these are the, you know, customers are informing us, Hey, let's get all of the Red Hat portfolio and marketplace support for graviton, support for Outpost. Why don't we, why are we not able to dip into the consumption committed spend programs for both Red Hat and aws? That's right. So it's these power users both at the developer level as well as the guys who are actually doing large commercial consumption. They are the ones who are informing the roadmap for both Red Hat and aws. >>But do, do you codify the the feedback? >>Yeah, I'm like, I wanna see the database, >>The, I think it was, I don't know, it was maybe Chasy, maybe it was Besos, that that data beats intuition. So do you take that information and somehow, I mean, it's global, 70,000 customers, right? And they have different weights, different spending patterns, different levels of maturity. Yeah. Do you, how do you codify that and then ultimately make the decision? Yeah, I >>If, I mean, well you, you've got the strategic advisory boards, which are made up of customers and partners and you know, you get, you get a good, you gotta get a good slice of your customer base to get, and you gotta take their feedback and you gotta do something with it, right? That's the, that's the way we do it and codify it at the product level, I'm sure open source. That's, that's basically how we work at the product level, right? The most elegant solution in open source wins. And that's, that's pretty much how we do that at the, >>I would just add, I think it's also just the implicit trust that the two companies had built with each other, working in the trenches, making our customers and partners successful over the last decade. And Alex, give an example. So that manifests itself in context of like, you know, Amazon and Red Hat just published the entire roadmap for OpenShift. What are the new features that are becoming over the next six to nine to 12 months? It's open source available on GitHub. Customers can see, and then they can basically come back and give feedback like, Hey, you know, we want hip compliance. We just launched. That was a big request that was coming from our >>Customers. That is not any process >>Also for Graviton or Nvidia instances. So I I I think it's a, >>Here's the thing, the reason I'm pounding on this is because you guys have a pretty high hit rate, and I think as a >>Customer, mildly successful company >>As, as a customer advocate, the better, you know, if, if you guys make bets that pay off, it's gonna pay off for customers. Right. And because there's a lot of failures in it. Yeah. I mean, let's face it. That's >>Right. And I think, I think you said the key word bets. You place a lot of small bets. Do you have the, the innovation engine to do that? AWS is the perfect place to place those small bets. And then you, you know, pour gas on the fire when, when they take off. >>Yeah, it's a good point. I mean, it's not expensive to experiment. Yeah. >>Especially in the managed service world. Right? >>And I know you love taking things to market and you're a go to market guy. Let's talk gtm, what's got your snow pumped about GTM for 2023? >>We, we are gonna, you know, 10 x the teams that's gonna be focused on these products, right? So we're gonna also come out with a hybrid committed spend program for our customers that meet them where they want to go. So they're coming outta the data center going into a cloud. We're gonna have a nice financial model for them to do that. And that's gonna take a lot of the friction out. >>Yeah. I mean, you've nailed it. I, I think the, the fact that now entire Red Hat portfolio is available on marketplace, you can do it on one click deployment. It's deeply integrated with Amazon services and the most important part that Joel was making now customers can double dip. They can drive benefit from the consumption committed spend programs, both from Red Hat and from aws, which is amazing. Which is a game changer That's right. For many of our large >>Customers. That's right. And that, so we're gonna, we're gonna really go to town on that next year. That's, and all the, all the resources that I have, which are the technology sellers and the sas, you know, the engineers we're growing this team the most out that team. So it's, >>When you say 10 x, how many are you at now? I'm >>Curious to see where you're headed. Tell you, okay. There's not right? Oh no, there's not one. It's triple digit. Yeah, yeah. >>Today. Oh, sweet. Awesome. >>So, and it's a very sizable team. They're actually making sure that each of our customers are successful and then really making sure that, you know, no customer left behind policy. >>And it's a great point that customers love when Amazonians and Red Hats show up, they love it and it's, they want to get more of it, and we're gonna, we're gonna give it to 'em. >>Must feel great to be loved like that. >>Yeah, that's right. Yeah. Yeah. I would say yes. >>Seems like it's safe to say that there's another decade of partnership between your two companies. >>Hope so. That's right. That's the plan. >>Yeah. And I would say also, you know, just the IBM coming into the mix here. Yeah. I, you know, red Hat has informed the way we have turned around our partnership with ibm, essentially we, we signed the strategic collaboration agreement with the company. All of IBM software now runs on Rosa. So that is now also providing a lot of tailwinds both to our rail customers and as well as Rosa customers. And I think it's a very net creative, very positive for our partnership. >>That's right. It's been very positive. Yep. Yeah. >>You see the >>Billboards positive. Yeah, right. Also that, that's great. Great point, Dave. Yep. We have a, we have a new challenge, a new tradition on the cube here at Reinvent where we're, well, it's actually kind of a glamor moment for you, depending on how you leverage it. We're looking for your 32nd hot take your Instagram reel, your sizzle thought leadership, biggest takeaway, most important theme from this year's show. I know you want, right, Joel? I mean, you TM boy, I feel like you can spit the time. >>Yeah. It is all about Rosa for us. It is all in on that, that's the native OpenShift offering on aws and that's, that's the soundbite we're going go to town with. Now, I don't wanna forget all the other products that are in there, but Rosa is a, is a very key push for us this year. >>Fantastic. All right. Manu. >>I think our customers, it's getting super competitive. Our customers want to innovate just a >>Little bit. >>The enterprise customers see the cloud native companies. I wanna do what these guys are doing. I wanna develop features at a fast clip. I wanna scale, I wanna be resilient. And I think that's really the spirit that's coming out. So to Joel's point, you know, move to worlds containers, serverless, DevOps, which was like, you know, aha, something that's happening on the side of an enterprise is not becoming mainstream. The business is demanding it. The, it is becoming the centerpiece in the business strategy. So that's been really like the aha. Big thing that's happening here. >>Yeah. And those architectures are coming together, aren't they? That's correct. Right. You know, VMs and containers, it used to be one architecture and then at the other end of the spectrum is serverless. People thought of those as different things and now it's a single architecture and, and it's kind of right approach for the right job. >>And, and a compliments say to Red Hat, they do an incredible job of hiding that complexity. Yeah. Yes. And making sure that, you know, for example, just like, make it easier for the developers to create value and then, and you know, >>Yeah, that's right. Those, they were previously siloed architectures and >>That's right. OpenShift wanna be place where you wanna run containers or virtual machines. We want that to be this Yeah. Single place. Not, not go bolt on another piece of architecture to just do one or the other. Yeah. >>And hey, the hybrid cloud vision is working for ibm. No question. You know, and it's achievable. Yeah. I mean, I just, I've said unlike, you know, some of the previous, you know, visions on fixing the world with ai, hybrid cloud is actually a real problem that you're attacking and it's showing the results. Agreed. Oh yeah. >>Great. Alright. Last question for you guys. Cause it might be kind of fun, 10 years from now, oh, we're at another, we're sitting here, we all look the same. Time has passed, but we are not aging, which is a part of the new technology that's come out in skincare. That's my, I'm just throwing that out there. Why not? What do you guys hope that you can say about the partnership and, and your continued commitment to community? >>Oh, that's a good question. You go first this time. Yeah. >>I think, you know, the, you know, for looking into the future, you need to look into the past. And Amazon has always been driven by working back from our customers. That's like our key tenant, principle number 1 0 1. >>Couple people have said that on this stage this week. Yeah. >>Yeah. And I think our partnership, I hope over the next decade continues to keep that tenant as a centerpiece. And then whatever comes out of that, I think we, we are gonna be, you know, working through that. >>Yeah. I, I would say this, I think you said that, well, the customer innovation is gonna lead us to wherever that is. And it's, it's, it's gonna be in the cloud for sure. I think we can say that in 10 years. But yeah, anything from, from AI to the quant quantum computing that IBM's really pushing behind that, you know, those are, those are gonna be things that hopefully we show up on a, on a partnership with Manu in 10 years, maybe sooner. >>Well, whatever happens next, we'll certainly be covering it here on the cube. That's right. Thank you both for being here. Joel Manu, fantastic interview. Thanks to see you guys. Yeah, good to see you brought the energy. I think you're definitely ranking high on the top interviews. We >>Love that for >>The day. >>Thank >>My pleasure >>Job, guys. Now that you're competitive at all, and thank you all for tuning in to our live coverage here from AWS Reinvent in Las Vegas, Nevada, with Dave Valante. I'm Savannah Peterson. You're watching The Cube, the leading source for high tech coverage.

>>We're back at Supercomputing 22 in Dallas, winding down day four of this conference. I'm Paul Gillan, my co-host Dave Nicholson. We are talking, we've been talking super computing all week and you hear a lot about what's going on in the United States, what's going on in China, Japan. What we haven't talked a lot about is what's going on in Europe and did you know that two of the top five supercomputers in the world are actually from European countries? Well, our guest has a lot to do with that. Florian, bearish, I hope I pronounce that correctly. My German is, German is not. My strength is the operations director for price, ais, S B L. And let's start with that. What is price? >>So, hello and thank you for the invitation. I'm Flon and Price is a partnership for Advanced Computing in Europe. It's a non-profit association with the seat in Brussels in Belgium. And we have 24 members. These are representatives from different European countries dealing with high performance computing in at their place. And we, so far, we provided the resources for our European research communities. But this changed in the last year, this oral HPC joint undertaking who put a lot of funding in high performance computing and co-funded five PET scale and three preis scale systems. And two of the preis scale systems. You mentioned already, this is Lumi and Finland and Leonardo in Bologna in Italy were in the place for and three and four at the top 500 at least. >>So why is it important that Europe be in the top list of supercomputer makers? >>I think Europe needs to keep pace with the rest of the world. And simulation science is a key technology for the society. And we saw this very recently with a pandemic, with a covid. We were able to help the research communities to find very quickly vaccines and to understand how the virus spread around the world. And all this knowledge is important to serve the society. Or another example is climate change. Yeah. With these new systems, we will be able to predict more precise the changes in the future. So the more compute power you have, the better the smaller the grid and there is resolution you can choose and the lower the error will be for the future. So these are, I think with these systems, the big or challenges we face can be addressed. This is the climate change, energy, food supply, security. >>Who are your members? Do they come from businesses? Do they come from research, from government? All of the >>Above. Yeah. Our, our members are public organization, universities, research centers, compute sites as a data centers, but But public institutions. Yeah. And we provide this services for free via peer review process with excellence as the most important criteria to the research community for free. >>So 40 years ago when, when the idea of an eu, and maybe I'm getting the dates a little bit wrong, when it was just an idea and the idea of a common currency. Yes. Reducing friction between, between borders to create a trading zone. Yes. There was a lot of focus there. Fast forward to today, would you say that these efforts in supercomputing, would they be possible if there were not an EU super structure? >>No, I would say this would not be possible in this extent. I think when though, but though European initiatives are, are needed and the European Commission is supporting these initiatives very well. And before praise, for instance 2008, there were research centers and data centers operating high performance computing systems, but they were not talking to each other. So it was isolated praise created community of operation sites and it facilitated the exchange between them and also enabled to align investments and to, to get the most out of the available funding. And also at this time, and still today for one single country in Europe, it's very hard to provide all the different architectures needed for all the different kind of research communities and applications. If you want to, to offer always the latest technologies, though this is really hardly possible. So with this joint action and opening the resources for other research groups from other countries, you, we, we were able to, yeah, get access to the latest technology for different communities at any given time though. And >>So, so the fact that the two systems that you mentioned are physically located in Finland and in Italy, if you were to walk into one of those facilities and meet the people that are there, they're not just fins in Finland and Italians in Italy. Yeah. This is, this is very much a European effort. So this, this is true. So, so in this, in that sense, the geography is sort of abstracted. Yeah. And the issues of sovereignty that make might take place in in the private sector don't exist or are there, are there issues with, can any, what are the requirements for a researcher to have access to a system in Finland versus a system in Italy? If you've got a EU passport, Hmm. Are you good to go? >>I think you are good to go though. But EU passport, it's now it becomes complicated and political. It's, it's very much, if we talk about the recent systems, well first, let me start a praise. Praise was inclusive and there was no any constraints as even we had users from US, Australia, we wanted just to support excellence in science. And we did not look at the nationality of the organization, of the PI and and so on. There were quotas, but these quotas were very generously interpreted. So, and if so, now with our HPC joint undertaking, it's a question from what European funds, these systems were procured and if a country or being country are associated to this funding, the researchers also have access to these systems. And this addresses basically UK and and Switzerland, which are not in the European Union, but they were as created to the Horizon 2020 research framework. And though they could can access the systems now available, Lumi and Leono and the Petascale system as well. How this will develop in the future, I don't know. It depends to which research framework they will be associated or not. >>What are the outputs of your work at price? Are they reference designs? Is it actual semiconductor hardware? Is it the research? What do you produce? >>So the, the application we run or the simulation we run cover all different scientific domains. So it's, it's science, it's, but also we have industrial let projects with more application oriented targets. Aerodynamics for instance, for cars or planes or something like this. But also fundamental science like the physical elementary physics particles for instance or climate change, biology, drug design, protein costa, all these >>Things. Can businesses be involved in what you do? Can they purchase your, your research? Do they contribute to their, I'm sure, I'm sure there are many technology firms in Europe that would like to be involved. >>So this involving industry though our calls are open and is, if they want to do open r and d, they are invited to submit also proposals. They will be evaluated and if this is qualifying, they will get the access and they can do their jobs and simulations. It's a little bit more tricky if it's in production, if they use these resources for their business and do not publish the results. They are some, well, probably more sites who, who are able to deal with these requests. Some are more dominant than others, but this is on a smaller scale, definitely. Yeah. >>What does the future hold? Are you planning to, are there other countries who will be joining the effort, other institutions? Do you plan to expand your, your scope >>Well, or I think or HPC joint undertaking with 36 member states is quite, covers already even more than Europe. And yeah, clearly if, if there are other states interest interested to join that there is no limitation. Although the focus lies on European area and on union. >>When, when you interact with colleagues from North America, do you, do you feel that there is a sort of European flavor to supercomputing that is different or are we so globally entwined? No. >>So research is not national, it's not European, it's international. This is also clearly very clear and I can, so we have a longstanding collaboration with our US colleagues and also with Chap and South Africa and Canada. And when Covid hit the world, we were able within two weeks to establish regular seminars inviting US and European colleagues to talk to to other, to each other and exchange the results and find new collaboration and to boost the research activities. So, and I have other examples as well. So when we, we already did the joint calls US exceed and in Europe praise and it was a very interesting experience. So we received applications from different communities and we decided that we will review this on our side, on European, with European experts and US did it in US with their experts. And you can guess what the result was at the meeting when we compared our results, it was matching one by one. It was exactly the same. Recite >>That it, it's, it's refreshing to hear a story of global collaboration. Yeah. Where people are getting along and making meaningful progress. >>I have to mention you, I have to to point out, you did not mention China as a country you were collaborating with. Is that by, is that intentional? >>Well, with China, definitely we have less links and collaborations also. It's also existing. There, there was initiative to look at the development of the technologies and the group meet on a regular basis. And there, there also Chinese colleagues involved. It's on a lower level, >>Yes, but is is the con conversations are occurring. We're out of time. Florian be operations director of price, European Super Computing collaborative. Thank you so much for being with us. I'm always impressed when people come on the cube and submit to an interview in a language that is not their first language. Yeah, >>Absolutely. >>Brave to do that. Yeah. Thank you. You're welcome. Thank you. We'll be right back after this break from Supercomputing 22 in Dallas.

(soft music) >> Welcome back to Chicago guys and gals. Lisa Martin here with John Furrier. We have been covering Ansible Fest '22 for the last two days. This is our show wrap. We're going to leave you with some great insights into the things that we were able to dissect over the last two days. John, this has been an action packed two days. A lot of excitement, a lot of momentum. Good to be back in person. >> It's great to be back in person. It was the first time for you to do Ansible Fest. >> Yes. >> My first one was 2019 in person. That's the last time they had an event in person. So again, it's a very chill environment here, but it's content packed, great active loyal community and is growing. It's changing. Ansible now owned by Red Hat, and now Red Hat owned by IBM. Kind of see some game changing kind of movements here on the chess board, so to speak, in the industry. Ansible has always been a great product. It started in open source. It evolved configuration management configuring servers, networks. You know, really the nuts and bolts of IT. And became a fan favorite mainly because it was built by the fans and I think that never stopped. And I think you started to see an opportunity for Ansible to be not only just a, I won't say niche product or niche kind of use case to being the overall capabilities for large scale enterprise system architectures, system management. So it's very interesting. I mean I find it fascinating how, how it stays relevant and cool and continues to power through a massive shift >> A massive shift. They've done a great job though since the inception and through the acquisition of being still community first. You know, we talked a lot yesterday and today about helping organizations become automation first that Ansible has really stayed true to its roots in being community first, community driven and really that community flywheel was something that was very obvious the last couple of days. >> Yeah, I mean the community thing is is is their production system. I mean if you look at Red Hat, their open source, Ansible started open source, good that they're together. But what people may or may not know about Ansible is that they build their product from the community. So the community actually makes the suggestions. Ansible's just in listening modes. So when you have a system that's that efficient where you have direct working backwards from the customer like that, it's very efficient. Now, as a product manager you might want to worry about scope creep, but at the end of the day they do a good job of democratizing that process. So again, very strong product production system with open source, very relevant, solves the right problems. But this year the big story to me is the cultural shift of Ansible's relevance. And I think with multicloud on the horizon, operations is the new kind of developer kind of ground. DevOps has been around for a while. That's now shifted up to the developer themselves, the cloud native developer. But at cloud scale and hybrid computing, it's about the operations. It's about the data and the security. All of it's about the data. So to me there's a new ops configuration operating model that you're seeing people use, SRE and DevOps. That's the new culture, and the persona's changing. The operator of a large scale enterprise is going to be a lot different than it was past five, 10 years. So major cultural shift, and I think this community's going to step up to that position and fill that role. >> They seem to be having a lot of success meeting people where they are, meeting the demographics, delivering on how their community wants to work, how they want to collaborate. But yesterday you talked about operations. We talked a lot about Ops as code. Talk about what does that mean from your perspective, and what did you hear from our guests on the program with respect that being viable? >> Well great, that's a great point. Ops as code is the kind of their next layer of progression. Infrastructure is code. Configuration is code. Operations is code. To me that means running the company as software. So software influencing how operators, usually hardware in the past. Now it's infrastructure and software going to run things. So ops as code's, the next progression in how people are going to manage it. And I think most people think of that as enterprises get larger, when they hear words like SRE, which stands for Site Reliable Engineer. That came out of Google, and Google had all these servers that ran the search engine and at scale. And so one person managed boatload of servers and that was efficient. It was like a multiple 10x engineer, they used to call it. So that that was unique to Google but not everyone's Google. So it became language or parlance for someone who's running infrastructure but not everyone's that scale. So scale is a big issue. Ops as code is about scale and having that program ability as an operator. That's what Ops as code is. And that to me is a sign of where the scale meets the automation. Large scale is hard to do. Automating at large scale is even harder. So that's where Ansible fits in with their new automation platform. And you're seeing new things like signing code, making sure it's trusted and verified. So that's the software supply chain issue. So they're getting into the world where software, open source, automation are all happening at scale. So to me that's a huge concept of Ops as code. It's going to be very relevant, kind of the next gen positioning. >> Let's switch gears and talk about the partner ecosystem. We had Stefanie Chiras on yesterday, one of our longtime theCUBE alumni, talking about what they're doing with AWS in the marketplace. What was your take on that, and what's the "what's in it for me" for both Red Hat, Ansible and AWS? >> Yeah, so the big news on the automation platform was one. The other big news I thought was really, I won't say watered down, but it seems small but it's not. It's the Amazon Web Services relationship with Red Hat, now Ansible, where Ansible's now a product in AWS's marketplace. AWS marketplace is kind of hanging around. It's a catalog right now. It's not the most advanced technical system in the world, and it does over 2 billion plus revenue transactions. So even if it's just sitting there as a large marketplace, that's already doing massive amounts of disruption in the procurement, how software is bought. So we interviewed them in the past, and they're innovating on that. They're going to make that a real great platform. But the fact that Ansible's in the marketplace means that their sales are going to go up, number one. Number two, that means customers can consume it simply by clicking a button on their Amazon bill. That means they don't have to do anything. It's like getting a PO for free. It's like, hey, I'm going to buy Ansible, click, click, click. And then by the way, draw that down from their commitment to AWS. So that means Amazon's going into business with Ansible, and that is a huge revenue thing for Ansible, but also an operational efficiency thing that gives them more of an advantage over the competition. >> Talk what's in it for me as a customer. At Red Hat Summit a few months ago they announced similar partnership with Azure. Now we're talking about AWS. Customers are living in this hybrid cloud world, often by default. We're going to see that proliferate. What do you think this means for customers in terms of being able to- >> In the marketplace deal or Ansible? >> Yeah, the marketplace deal, but also what Red Hat and Ansible are doing with the hyperscalers to enable customers to live successfully in the hyper hybrid cloud world. >> It's just in the roots of the company. They give them the choice to consume the product on clouds that they like. So we're seeing a lot of clients that have standardized on AWS with their dev teams but also have productivity software on Azure. So you have the large enterprises, they sit on both clouds. So you know, Ansible, the customer wants to use Ansible anyway, they want that to happen. So it's a natural thing for them to work anywhere. I call that the Switzerland strategy. They'll play with all the clouds. Even though the clouds are fighting against each other, and they have to to differentiate, there's still going to be some common services. I think Ansible fits this shim layer between clouds but also a bolt on. Now that's a really a double win for them. They can bolt on to the cloud, Azure and bolt on to AWS and Google, and also be a shim layer technically in clouds as well. So there's two technical advantages to that strategy >> Can Ansible be a facilitator of hybrid cloud infrastructure for organizations, or a catalyst? >> I think it's going to be a gateway on ramp or gateway to multicloud or supercloud, as we call it, because Ansible's in that configuration layer. So you know, it's interesting to hear the IBM research story, which we're going to get to in a second around how they're doing the AI for Ansible with that wisdom project. But the idea of configuring stuff on the fly is really a concept that's needed for multicloud 'Cause programs don't want to have to configure anything. (he laughs) So standing up an application to run on Azure that's on AWS that spans both clouds, you're going to need to have that automation, and I think this is an opportunity whether they can get it or not, we'll see. I think Red Hat is probably angling on that hard, and I can see them kind of going there and some of the commentary kind of connects the dots for that. >> Let's dig into some of news that came out today. You just alluded to this. IBM research, we had on with Red Hat. Talk about what they call project wisdom, the value in that, what it also means for for Red Hat and IBM working together very synergistically. >> I mean, I think the project wisdom is an interesting dynamic because you got the confluence of the organic community of Ansible partnering with a research institution of IBM research. And I think that combination of practitioners and research groups is going to map itself out to academic and then you're going to see this kind of collaboration going forward. So I think it's a very nuanced story, but the impact to me is very clear that this is the new power brokers in the tech industry, because researchers have a lot of muscle in terms of deep research in the academic area, and the practitioners are the ones who are actually doing it. So when you bring those two forces together, that pretty much trumps any kind of standards bodies or anything else. So I think that's a huge signaling benefit to Ansible and Red Hat. I think that's an influence of Red Hat being bought by IBM. But the project itself is really amazing. It's taking AI and bringing it to Ansible, so you can do automated configurations. So for people who don't know how to code they can actually just automate stuff and know the process. I don't need to be a coder, I can just use the AI to do that. That's a low code, no code dynamic. That kind of helps with skill gaps, because I need to hire someone to do that. Today if I want to automate something, and I don't know how to code, I've got to get someone who codes. Here I can just do it and automate it. So if that continues to progress the way they want it to, that could literally be a game changer, 'cause now you have software configuring machines and that's pretty badass in my opinion. So that thought that was pretty cool. And again it's just an evolution of how AI is becoming more relevant. And I think it's directionally correct, and we'll see how it goes. >> And they also talked about we're nearing an inflection point in AI. You agree? >> Yeah I think AI is at an inflection point because it just falls short on the scale side. You see it with chatbots, NLP. You see what Amazon's doing. They're building these models. I think we're one step away from model scaling. I think the building the models is going to be one of these things where you're going to start to see marketplace and models and you start to composability of AI. That's where it's going to get very interesting to see which cloud is the best AI scale. So I think AI at scale's coming, and that's going to be something to watch really closely. >> Something exciting. Another thing that was big news today was the event driven Ansible. Talk about that, and that's something they've been working on in conjunction with the community for quite a while. They were very proud of that release and what that's going to enable organizations to do. >> Well I think that's more meat on the bone on the AI side 'cause in the big trend right now is MLAI ops. You hear that a lot. Oh, data ops or AI ops. What event driven automation does is allows you to take things that are going on in your world, infrastructure, triggers, alarms, notifications, data pipelining flows, things that go on in the plumbing of infrastructure. are being monitored and observed. So when events happen they trigger events. You want to stream something, you send a trigger and things happen. So these are called events. Events are wide ranging number of events. Kafka streaming for data. You got anything that produces data is an event. So harnessing that data into a pipeline is huge. So doing that at scale, that's where I think that product's a home run, and I think that's going to be a very valuable product, 'cause once you understand what the event triggers are, you then can automate that, and no humans involved. So that will save a lot of time for people in the the higher pay grade of MLAI ops automate some of that low level plumbing. They move their skill set to something more valuable or more impactful. >> And we talked about, speaking of impact, we talked about a lot of the business impact that organizations across industries are going to be able to likely achieve by using that. >> Yeah, I mean I think that you're going to see the community fill the gap on that. I mean the big part about all this is that their community builds the product and they have the the playbooks and they're shareable and they're reusable. So we produce content as a media company. They'd talk about content as is playbooks and documentation for people to use. So reuse and and reusing these playbooks is a huge part of it. So as they build up these catalogs and these playbooks and rules, it gets better by the community. So it's going to be interesting to see the adoption. That's going to be a big tell sign for what's going to happen. >> Yep, we get definitely are going to be watching that space. And the last thing, we got to talk to a couple of customers. We talked to Wells Fargo who says "We are a tech company that does banking," which I loved. We got to talk with Rockwell Automation. What are some of your takeaways from how the customers are leveraging Ansible and the technology to drive their businesses forward to meet demanding customers where they are? >> I think you're seeing the script flipping a little bit here, where the folks that used to use Ansible for configuration are flipping to be on the front edge of the innovation strategy where what process to automate is going to drive the profitability and scale. Cause you're talking about things like skill gaps, workflows. These are business constructs and people These are assets so they have economic value. So before it was just, IT serve the business, configure some servers, do some stuff. When you start getting into automation where you have expertise around what this means, that's economic value. So I think you're going to see the personas change significantly in this community where they're on the front lines, kind of like developers are. That's why ops as code is to me a developer kind of vibe. That's going to completely change how operations runs in IT. And I think that's going to be a very interesting cultural shift. And some will make it, some won't. That's going to be a big thing. Some people say, I'm going to retire. I'm old school storage server person, or no, I'm the new guard. I'm going to be the new team. I'm going be on the right side of history here. So they're clearly going down that right path in my opinion. >> What's your overall summary in the last minute of what this event delivered the last couple of days in terms of really talking about the transformation of enterprises and industries through automation? >> I think the big takeaway from me in listening and reading the tea leaves was the Ansible company and staff and the community together. It was really a call for arms. Like, hey, we've had it right from the beginning. We're on the right wave and the wave's getting bigger. So expand your scope, uplevel your skills. They're on the right side of history. And I think the message was engage more. Bring more people in because it is open source, and if they are on that track, you're going to see more of hey, we got it right, let's continue. So they got platform release. They got the key products coming out after years of work. So you know, they're doing their work. And the message I heard was, it's bigger than we thought. So I think that's interesting. We'll see what that means. We're going to unpack that after the event in series of showcases. But yeah, it was very positive, I thought. Very positive. >> Yeah, I think there was definitely some surprises in there for them. John, thank you so much. It's been a pleasure co-hosting with you the last couple of days, really uncovering what Ansible is doing, what they're enabling customers in every industry to achieve. >> Been fun. >> Yes. All right for my co-host, John Furrier, I'm Lisa Martin. You've been watching theCUBE's coverage of Ansible Fest 2022 live from Chicago. We hope you take good care and we'll see you soon.

>>Hey guys. Welcome back to the Cubes coverage of Ansible Fast 2022. This is day two of our wall to wall coverage. Lisa Martin here with John Ferer. John, we're seeing this world where companies are saying if we can't automate it, we need to, The automation market is transforming. There's been a lot of buzz about that. A lot of technical chops here at Ansible Fest. >>Yeah, I mean, we've got a great guest here coming on Cuba alumni, Dean Newman, future room. He travels every event he's got. He's got his nose to the grindstone ear to the ground. Great analysis. I mean, we're gonna get into why it's important. How does Ansible fit into the big picture? It's really gonna be a great segment. The >>Board do it well, John just did my job for me about, I'll introduce him again. Daniel Newman, one of our alumni is Back Principal Analyst at Future and Research. Great to have you back on the cube. >>Yeah, it's good to join you. Excited to be back in Chicago. I don't know if you guys knew this, but for 40 years, this was my hometown. Now I don't necessarily brag about that anymore. I'm, I live in Austin now. I'm a proud Texan, but I did grow up here actually out in the west suburbs. I got off the plane, I felt the cold air, and I almost turned around and said, Does this thing go back? Yeah. Cause I'm, I've, I've grown thin skin. It did not take me long. I, I like the warm, Come on, >>I'm the saying, I'm from California and I got off the plane Monday. I went, Whoa, I need a coat. And I was in Miami a week ago and it was 85. >>Oh goodness. >>Crazy. So you just flew in. Talk about what's going on, your take on, on Ansible. We've talked a lot with the community, with partners, with customers, a lot of momentum. The flywheel of the community is going around and round and round. What are some of your perspectives that you see? >>Yeah, absolutely. Well, let's you know, I'm gonna take a quick step back. We're entering an era where companies are gonna have to figure out how to do more with less. Okay? We've got exponential data growth, we've got more architectural complexity than ever before. Companies are trying to discern how to deal with many different environments. And just at a macro level, Red Hat is one of the companies that is almost certainly gonna be part of this multi-cloud hybrid cloud era. So that should initially give a lot of confidence to the buying group that are looking at how to automate their environments. You're automating workflows, but really with, with Ansible, we're focused on automating it, automating the network. So as companies are kind of dig out, we're entering this recessionary period, Okay, we're gonna call it what it is. The first thing that they're gonna look at is how do we tech our way out of it? >>I had a wonderful one-on-one conversation with ServiceNow ceo, Bill McDermott, and we saw ServiceNow was in focus this morning in the initial opening session. This is the integration, right? Ansible integrating with ServiceNow. What we need to see is infrastructure automation, layers and applications working in concert to basically enable enterprises to be up and running all the time. Let's first fix the problems that are most common. Let's, let's automate 'em, let's script them. And then at some point, let's have them self resolving, which we saw at the end with Project Wisdom. So as I see it, automation is that layer that enterprises, boards, technologists, all can agree upon are basically here's something that can make our business more efficient, more profitable, and it's gonna deal with this short term downturn in a way that tech is actually gonna be the answer. Just like Bill and I said, let's tech our way out of it. >>If you look at the Red Hat being bought by ibm, you see Project Wisdom Project, not a product, it's a project. Project Wisdom is the confluence of research and practitioners kind of coming together with ai. So bringing AI power to the Ansible is interesting. Red Hat, Linux, Rel OpenShift, I mean, Red Hat's kind of position, isn't it? Kind of be in that right spot where a puck might be coming maybe. I mean, what do you think? >>Yeah, as analysts, we're really good at predicting the, the recent past. It's a joke I always like to make, but Red Hat's been building toward the future. I think for some time. Project Wisdom, first of all, I was very encouraged with it. One of the things that many people in the market probably have commented on is how close is IBM in Red Hat? Now, again, it's a $34 billion acquisition that was made, but boy, the cultures of these two companies couldn't be more different. And of course, Red Hat kind of carries this, this sort of middle ground layer where they provide a lot of value in services to companies that maybe don't use IBM at, at, for the public cloud especially. This was a great indication of how you can take the power of IBM's research, which of course has some of the world's most prolific data scientists, engineers, building things for the future. >>You know, you see things like yesterday they launched a, you know, an AI solution. You know, they're building chips, semiconductors, and technologies that are gonna power the future. They're building quantum. Long story short, they have these really brilliant technologists here that could be adding value to Red Hat. And I don't know that the, the world has fully been able to appreciate that. So when, when they got on stage and they kind of say, Here's how IBM is gonna help power the next generation, I was immediately very encouraged by the fact that the two companies are starting to show signs of how they can collaborate to offer value to their customers. Because of course, as John kind of started off with, his question is, they've kind of been where the puck is going. Open source, Linux hybrid cloud, This is the future. In the future. Every company's multi-cloud. And I said in a one-on-one meeting this morning, every company is going to probably have workloads on every cloud, especially large enterprises. >>Yeah. And I think that the secret's gonna be how do you make that evolve? And one of the things that's coming out of the industry over the years, and looking back as historians, we would say, gotta have standards. Well, with cloud, now people standards might slow things down. So you're gonna start to figure out how does the community and the developers are thinking it'll be the canary in the coal mine. And I'd love to get your reaction on that, because we got Cuban next week. You're seeing people kind of align and try to win the developers, which, you know, I always laugh cuz like, you don't wanna win, you want, you want them on your team, but you don't wanna win them. It's like a, it's like, so developers will decide, >>Well, I, I think what's happening is there are multiple forces that are driving product adoption. And John, getting the developers to support the utilization and adoption of any sort of stack goes a long way. We've seen how sticky it can be, how sticky it is with many of the public cloud pro providers, how sticky it is with certain applications. And it's gonna be sticky here in these interim layers like open source automation. And Red Hat does have a very compelling developer ecosystem. I mean, if you sat in the keynote this morning, I said, you know, if you're not a developer, some of this stuff would've been fairly difficult to understand. But as a developer you saw them laughing at jokes because, you know, what was it the whole part about, you know, it didn't actually, the ping wasn't a success, right? And everybody started laughing and you know, I, I was sitting next to someone who wasn't technical and, and you know, she kinda goes, What, what was so funny? >>I'm like, well, he said it worked. Do you see that? It said zero data trans or whatever that was. So, but if I may just really quickly, one, one other thing I did wanna say about Project Wisdom, John, that the low code and no code to the full stack developer is a continuum that every technology company is gonna have to think deeply about as we go to the future. Because the people that tend to know the process that needs to be automated tend to not be able to code it. And so we've seen every automation company on the planet sort of figuring out and how to address this low code, no code environment. I think the power of this partnership between IBM Research and Red Hat is that they have an incredibly deep bench of capabilities to do things like, like self-training. Okay, you've got so much data, such significant size models and accuracy is a problem, but we need systems that can self teach. They need to be able self-teach, self learn, self-heal so that we can actually get to the crux of what automation is supposed to do for us. And that's supposed to take the mundane out and enable those humans that know how to code to work on the really difficult and hard stuff because the automation's not gonna replace any of that stuff anytime soon. >>So where do you think looking at, at the partnership and the evolution of it between IBM research and Red Hat, and you're saying, you know, they're, they're, they're finally getting this synergy together. How is it gonna affect the future of automation and how is it poised to give them a competitive advantage in the market? >>Yeah, I think the future or the, the competitive space is that, that is, is ecosystems and integration. So yesterday you heard, you know, Red Hat Ansible focusing on a partnership with aws. You know, this week I was at Oracle Cloud world and they're talking about running their database in aws. And, and so I'm kind of going around to get to the answer to your question, but I think collaboration is sort of the future of growth and innovation. You need multiple companies working towards the same goal to put gobs of resources, that's the technical term, gobs of resources towards doing really hard things. And so Ansible has been very successful in automating and securing and focusing on very certain specific workloads that need to be automated, but we need more and there's gonna be more data created. The proliferation, especially the edge. So you saw all this stuff about Rockwell, How do you really automate the edge at scale? You need large models that are able to look and consume a ton of data that are gonna be continuously learning, and then eventually they're gonna be able to deliver value to these companies at scale. IBM plus Red Hat have really great resources to drive this kind of automation. Having said that, I see those partnerships with aws, with Microsoft, with ibm, with ServiceNow. It's not one player coming to the table. It's a lot of players. They >>Gotta be Switzerland. I mean they have the Switzerland. I mean, but the thing about the Amazon deal is like that marketplace integration essentially puts Ansible once a client's in on, on marketplace and you get the central on the same bill. I mean, that's gonna be a money maker for Ansible. I >>Couldn't agree more, John. I think being part of these public cloud marketplaces is gonna be so critical and having Ansible land and of course AWS largest public cloud by volume, largest marketplace today. And my opinion is that partnership will be extensible to the other public clouds over time. That just makes sense. And so you start, you know, I think we've learned this, John, you've done enough of these interviews that, you know, you start with the biggest, with the highest distribution and probability rates, which in this case right now is aws, but it'll land on in Azure, it'll land in Google and it'll continue to, to grow. And that kind of adoption, streamlining make it consumption more consumable. That's >>Always, I think, Red Hat and Ansible, you nailed it on that whole point about multicloud, because what happens then is why would I want to alienate a marketplace audience to use my product when it could span multiple environments, right? So you saw, you heard that Stephanie yesterday talk about they, they didn't say multiple clouds, multiple environments. And I think that is where I think I see this layer coming in because some companies just have to work on all clouds. That's the way it has to be. Why wouldn't you? >>Yeah. Well every, every company will probably end up with some workloads in every cloud. I just think that is the fate. Whether it's how we consume our SaaS, which a lot of people don't think about, but it always tends to be running on another hyperscale public cloud. Most companies tend to be consuming some workloads from every cloud. It's not always direct. So they might have a single control plane that they tend to lead the way with, but that is only gonna continue to change. And every public cloud company seems to be working on figuring out what their niche is. What is the one thing that sort of drives whether, you know, it is, you know, traditional, we know the commoditization of traditional storage network compute. So now you're seeing things like ai, things like automation, things like the edge collaboration tools, software being put into the, to the forefront because it's a different consumption model, it's a different margin and economic model. And then of course it gives competitive advantages. And we've seen that, you know, I came back from Google Cloud next and at Google Cloud next, you know, you can see they're leaning into the data AI cloud. I mean, that is their focus, like data ai. This is how we get people to come in and start using Google, who in most cases, they're probably using AWS or Microsoft today. >>It's a great specialty cloud right there. That's a big use case. I can run data on Google and run something on aws. >>And then of course you've got all kinds of, and this is a little off topic, but you got sovereignty, compliance, regulatory that tends to drive different clouds over, you know, global clouds like Tencent and Alibaba. You know, if your workloads are in China, >>Well, this comes back down at least to the whole complexity issue. I mean, it has to get complex before it gets easier. And I think that's what we're seeing companies opportunities like Ansible to be like, Okay, tame, tame the complexity. >>Yeah. Yeah, I totally agree with you. I mean, look, when I was watching the demonstrations today, my take is there's so many kind of simple, repeatable and mundane tasks in everyday life that enterprises need to, to automate. Do that first, you know? Then the second thing is working on how do you create self-healing, self-teaching, self-learning, You know, and, and I realize I'm a little broken of a broken record at this, but these are those first things to fix. You know, I know we want to jump to the future where we automate every task and we have multi-term conversational AI that is booking our calendars and driving our cars for us. But in the first place, we just need to say, Hey, the network's down. Like, let's make sure that we can quickly get access back to that network again. Let's make sure that we're able to reach our different zones and locations. Let's make sure that robotic arm is continually doing the thing it's supposed to be doing on the schedule that it's been committed to. That's first. And then we can get to some of these really intensive deep metaverse state of automation that we talk about. Self-learning, data replication, synthetic data. I'm just gonna throw terms around. So I sound super smart. >>In your customer conversations though, from an looking at the automation journey, are you finding most of them, or some percentage is, is wanting to go directly into those really complex projects rather than starting with the basics? >>I don't know that you're, you're finding that the customers want to do that? I think it's the architecture that often ends up being a problem is we as, as the vendor side, will tend to talk about the most complex problems that they're able to solve before companies have really started solving the, the immediate problems that are before them. You know, it's, we talk about, you know, the metaphor of the cloud is a great one, but we talk about the cloud, like it's ubiquitous. Yeah. But less than 30% of our workloads are in the public cloud. Automation is still in very early days and in many industries it's fairly nascent. And doing things like self-healing networks is still something that hasn't even been able to be deployed on an enterprise-wide basis, let alone at the industrial layer. Maybe at the company's on manufacturing PLAs or in oil fields. Like these are places that have difficult to reach infrastructure that needs to be running all the time. We need to build systems and leverage the power of automation to keep that stuff up and running. That's, that's just business value, which by the way is what makes the world go running. Yeah. Awesome. >>A lot of customers and users are struggling to find what's the value in automating certain process, What's the ROI in it? How do you help them get there so that they understand how to start, but truly to make it a journey that is a success. >>ROI tends to be a little bit nebulous. It's one of those things I think a lot of analysts do. Things like TCO analysis Yeah. Is an ROI analysis. I think the businesses actually tend to know what the ROI is gonna be because they can basically look at something like, you know, when you have an msa, here's the downtime, right? Business can typically tell you, you know, I guarantee you Amazon could say, Look for every second of downtime, this is how much commerce it costs us. Yeah. A company can generally say, if it was, you know, we had the energy, the windmills company, like they could say every minute that windmill isn't running, we're creating, you know, X amount less energy. So there's a, there's a time value proposition that companies can determine. Now the question is, is about the deployment. You know, we, I've seen it more nascent, like cybersecurity can tend to be nascent. >>Like what does a breach cost us? Well there's, you know, specific costs of actually getting the breach cured or paying for the cybersecurity services. And then there's the actual, you know, ephemeral costs of brand damage and of risks and customer, you know, negative customer sentiment that potentially comes out of it. With automation, I think it's actually pretty well understood. They can look at, hey, if we can do this many more cycles, if we can keep our uptime at this rate, if we can reduce specific workforce, and I'm always very careful about this because I don't believe automation is about replacement or displacement, but I do think it is about up-leveling and it is about helping people work on things that are complex problems that machines can't solve. I mean, said that if you don't need to put as many bodies on something that can be immediately returned to the organization's bottom line, or those resources can be used for something more innovative. So all those things are pretty well understood. Getting the automation to full deployment at scale, though, I think what often, it's not that roi, it's the timeline that gets misunderstood. Like all it projects, they tend to take longer. And even when things are made really easy, like with what Project Wisdom is trying to do, semantically enable through low code, no code and the ability to get more accuracy, it just never tends to happen quite as fast. So, but that's not an automation problem, That's just the crux of it. >>Okay. What are some of the, the next things on your plate? You're quite a, a busy guy. We, you, you were at Google, you were at Oracle, you're here today. What are some of the next things that we can expect from Daniel Newman? >>Oh boy, I moved Really, I do move really quickly and thank you for that. Well, I'm very excited. I'm taking a couple of work personal days. I don't know if you're a fan, but F1 is this weekend. I'm the US Grand Prix. Oh, you're gonna Austin. So I will be, I live in Austin. Oh. So I will be in Austin. I will be at the Grand Prix. It is work because it, you know, I'm going with a number of our clients that have, have sponsorships there. So I'll be spending time figuring out how the data that comes off of these really fun cars is meaningfully gonna change the world. I'll actually be talking to Splunk CEO at the, at the race on Saturday morning. But yeah, I got a lot of great things. I got a, a conversation coming up with the CEO of Twilio next week. We got a huge week of earnings ahead and so I do a lot of work on that. So I'll be on Bloomberg next week with Emily Chang talking about Microsoft and Google. Love talking to Emily, but just as much love being here on, on the queue with you >>Guys. Well we like to hear that. Who you're rooting for F one's your favorite driver. I, >>I, I like Lando. Do you? I'm Norris. I know it's not necessarily a fan favorite, but I'm a bit of a McLaren guy. I mean obviously I have clients with Oracle and Red Bull with Ball Common Ferrari. I've got Cly Splunk and so I have clients in all. So I'm cheering for all of 'em. And on Sunday I'm actually gonna be in the Williams Paddock. So I don't, I don't know if that's gonna gimme me a chance to really root for anything, but I'm always, always a big fan of the underdog. So maybe Latifi. >>There you go. And the data that comes off the how many central unbeliev, the car, it's crazy's. Such a scientific sport. Believable. >>We could have Christian, I was with Christian Horner yesterday, the team principal from Reside. Oh yeah, yeah. He was at the Oracle event and we did a q and a with him and with the CMO of, it's so much fun. F1 has been unbelievable to watch the momentum and what a great, you know, transitional conversation to to, to CX and automation of experiences for fans as the fan has grown by hundreds of percent. But just to circle back full way, I was very encouraged with what I saw today. Red Hat, Ansible, IBM Strong partnership. I like what they're doing in their expanded ecosystem. And automation, by the way, is gonna be one of the most robust investment areas over the next few years, even as other parts of tech continue to struggle that in cyber security. >>You heard it here. First guys, investment in automation and cyber security straight from two analysts. I got to sit between. For our guests and John Furrier, I'm Lisa Martin, you're watching The Cube Live from Chicago, Ansible Fest 22. John and I will be back after a short break. SO'S stick around.

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

(light music) >> Hello, and welcome to theCUBE's special presentation with Horizon3.ai with Rainer Richter, Vice President of EMEA, Europe, Middle East and Africa, and Asia Pacific, APAC Horizon3.ai. Welcome to this special CUBE presentation. Thanks for joining us. >> Thank you for the invitation. >> So Horizon3.ai, driving global expansion, big international news with a partner-first approach. You guys are expanding internationally. Let's get into it. You guys are driving this new expanse partner program to new heights. Tell us about it. What are you seeing in the momentum? Why the expansion? What's all the news about? >> Well, I would say in international, we have, I would say a similar situation like in the US. There is a global shortage of well-educated penetration testers on the one hand side. On the other side, we have a raising demand of network and infrastructure security. And with our approach of an autonomous penetration testing, I believe we are totally on top of the game, especially as we have also now starting with an international instance. That means for example, if a customer in Europe is using our service, NodeZero, he will be connected to a NodeZero instance, which is located inside the European Union. And therefore, he doesn't have to worry about the conflict between the European GDPR regulations versus the US CLOUD Act. And I would say there, we have a total good package for our partners that they can provide differentiators to their customers. >> You know, we've had great conversations here on theCUBE with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company. And obviously, I can just connect the dots here, but I'd like you to weigh in more on how that translates into the go-to-market here because you got great cloud scale with the security product you guys are having success with. Great leverage there, I'm seeing a lot of success there. What's the momentum on the channel partner program internationally? Why is it so important to you? Is it just the regional segmentation? Is it the economics? Why the momentum? >> Well, there are multiple issues. First of all, there is a raising demand in penetration testing. And don't forget that in international, we have a much higher level number or percentage in SMB and mid-market customers. So these customers, typically, most of them even didn't have a pen test done once a year. So for them, pen testing was just too expensive. Now with our offering together with our partners, we can provide different ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with a traditional manual pen test, and that is because we have our Consulting PLUS package, which is for typically pen testers. They can go out and can do a much faster, much quicker pen test at many customers after each other. So they can do more pen test on a lower, more attractive price. On the other side, there are others or even the same one who are providing NodeZero as an MSSP service. So they can go after SMP customers saying, "Okay, you only have a couple of hundred IP addresses. No worries, we have the perfect package for you." And then you have, let's say the mid-market. Let's say the thousand and more employees, then they might even have an annual subscription. Very traditional, but for all of them, it's all the same. The customer or the service provider doesn't need a piece of hardware. They only need to install a small piece of a Docker container and that's it. And that makes it so smooth to go in and say, "Okay, Mr. Customer, we just put in this virtual attacker into your network, and that's it and all the rest is done." And within three clicks, they can act like a pen tester with 20 years of experience. >> And that's going to be very channel-friendly and partner-friendly, I can almost imagine. So I have to ask you, and thank you for calling out that breakdown and segmentation. That was good, that was very helpful for me to understand, but I want to follow up, if you don't mind. What type of partners are you seeing the most traction with and why? >> Well, I would say at the beginning, typically, you have the innovators, the early adapters, typically boutique-size of partners. They start because they are always looking for innovation. Those are the ones, they start in the beginning. So we have a wide range of partners having mostly even managed by the owner of the company. So they immediately understand, okay, there is the value, and they can change their offering. They're changing their offering in terms of penetration testing because they can do more pen tests and they can then add others ones. Or we have those ones who offered pen test services, but they did not have their own pen testers. So they had to go out on the open market and source pen testing experts to get the pen test at a particular customer done. And now with NodeZero, they're totally independent. They can go out and say, "Okay, Mr. Customer, here's the service. That's it, we turn it on. And within an hour, you are up and running totally." >> Yeah, and those pen tests are usually expensive and hard to do. Now it's right in line with the sales delivery. Pretty interesting for a partner. >> Absolutely, but on the other hand side, we are not killing the pen tester's business. We are providing with NodeZero, I would call something like the foundational work. The foundational work of having an ongoing penetration testing of the infrastructure, the operating system. And the pen testers by themselves, they can concentrate in the future on things like application pen testing, for example. So those services, which we are not touching. So we are not killing the pen tester market. We are just taking away the ongoing, let's say foundation work, call it that way. >> Yeah, yeah. That was one of my questions. I was going to ask is there's a lot of interest in this autonomous pen testing. One because it's expensive to do because those skills are required are in need and they're expensive. (chuckles) So you kind of cover the entry-level and the blockers that are in there. I've seen people say to me, "This pen test becomes a blocker for getting things done." So there's been a lot of interest in the autonomous pen testing and for organizations to have that posture. And it's an overseas issue too because now you have that ongoing thing. So can you explain that particular benefit for an organization to have that continuously verifying an organization's posture? >> Certainly. So I would say typically, you have to do your patches. You have to bring in new versions of operating systems, of different services, of operating systems of some components, and they are always bringing new vulnerabilities. The difference here is that with NodeZero, we are telling the customer or the partner the package. We're telling them which are the executable vulnerabilities because previously, they might have had a vulnerability scanner. So this vulnerability scanner brought up hundreds or even thousands of CVEs, but didn't say anything about which of them are vulnerable, really executable. And then you need an expert digging in one CVE after the other, finding out is it really executable, yes or no? And that is where you need highly-paid experts, which where we have a shortage. So with NodeZero now, we can say, "Okay, we tell you exactly which ones are the ones you should work on because those are the ones which are executable. We rank them accordingly to risk level, how easily they can be used." And then the good thing is converted or in difference to the traditional penetration test, they don't have to wait for a year for the next pen test to find out if the fixing was effective. They run just the next scan and say, "Yes, closed. Vulnerability is gone." >> The time is really valuable. And if you're doing any DevOps, cloud-native, you're always pushing new things. So pen test, ongoing pen testing is actually a benefit just in general as a kind of hygiene. So really, really interesting solution. Really bringing that global scale is going to be a new coverage area for us, for sure. I have to ask you, if you don't mind answering, what particular region are you focused on or plan to target for this next phase of growth? >> Well, at this moment, we are concentrating on the countries inside the European Union plus United Kingdom. And of course, logically, I'm based in the Frankfurt area. That means we cover more or less the countries just around. So it's like the so-called DACH region, Germany, Switzerland, Austria, plus the Netherlands. But we also already have partners in the Nordic, like in Finland and Sweden. So we have partners already in the UK and it's rapidly growing. So for example, we are now starting with some activities in Singapore and also in the Middle East area. Very important, depending on let's say, the way how to do business. Currently, we try to concentrate on those countries where we can have, let's say at least English as an accepted business language. >> Great, is there any particular region you're having the most success with right now? Sounds like European Union's kind of first wave. What's the most- >> Yes, that's the first. Definitely, that's the first wave. And now with also getting the European INSTANCE up and running, it's clearly our commitment also to the market saying, "Okay, we know there are certain dedicated requirements and we take care of this." And we are just launching, we are building up this one, the instance in the AWS service center here in Frankfurt. Also, with some dedicated hardware, internet, and a data center in Frankfurt, where we have with the DE-CIX, by the way, the highest internet interconnection bandwidth on the planet. So we have very short latency to wherever you are on the globe. >> That's a great call out benefit too. I was going to ask that. What are some of the benefits your partners are seeing in EMEA and Asia Pacific? >> Well, I would say, the benefits for them, it's clearly they can talk with customers and can offer customers penetration testing, which they before even didn't think about because penetration testing in a traditional way was simply too expensive for them, too complex, the preparation time was too long, they didn't have even have the capacity to support an external pen tester. Now with this service, you can go in and even say, "Mr. Customer, we can do a test with you in a couple of minutes. We have installed a Docker container. Within 10 minutes, we have the pen test started. That's it and then we just wait." And I would say we are seeing so many aha moments then. On the partner side, when they see NodeZero the first time working, it's like they say, "Wow, that is great." And then they walk out to customers and show it to their typically at the beginning, mostly the friendly customers like, "Wow, that's great, I need that." And I would say the feedback from the partners is that is a service where I do not have to evangelize the customer. Everybody understands penetration testing, I don't have to describe what it is. The customer understanding immediately, "Yes. Penetration testing, heard about that. I know I should do it, but too complex, too expensive." Now for example, as an MSSP service provided from one of our partners, it's getting easy. >> Yeah, and it's great benefit there. I mean, I got to say I'm a huge fan of what you guys are doing. I like this continuous automation. That's a major benefit to anyone doing DevOps or any kind of modern application development. This is just a godsend for them, this is really good. And like you said, the pen testers that are doing it, they were kind of coming down from their expertise to kind of do things that should have been automated. They get to focus on the bigger ticket items. That's a really big point. >> Exactly. So we free them, we free the pen testers for the higher level elements of the penetration testing segment, and that is typically the application testing, which is currently far away from being automated. >> Yeah, and that's where the most critical workloads are, and I think this is the nice balance. Congratulations on the international expansion of the program, and thanks for coming on this special presentation. I really appreciate it. Thank you very much. >> You're welcome. >> Okay, this is theCUBE special presentation, you know, checking on pen test automation, international expansion, Horizon3.ai. A really innovative solution. In our next segment, Chris Hill, Sector Head for Strategic Accounts, will discuss the power of Horizon3.ai and Splunk in action. You're watching theCUBE, the leader in high tech enterprise coverage. (steady music)

>>Good afternoon, everyone. And welcome back to the VMware Explorer. 2022 live from San Francisco. Lisa Martin, here with Dave. Valante good to be sitting next to you, sir. >>Yeah. Yeah. The big set >>And we're very excited to be welcoming buck. One of our esteemed alumni Sanja poin joins us, the CEO and president of cohesive. Nice to see >>You. Thank you, Lisa. Thank you, Dave. It's great to meet with you all the time and the new sort of setting here, but first >>Time, first time we've been in west, is that right? We've been in north. We've been in south. We've been in Las Vegas, right. But west, >>I mean, it's also good to be back with live shows with absolutely, you know, after sort of the two or three or hiatus. And it was a hard time for the whole world, but I'm kind of driving a little bit of adrenaline just being here with people. So >>You've also got some adrenaline, sorry, Dave. Yeah, you're good because you are new in the role at cohesive. You wrote a great blog that you are identified. The four reasons I came to cohesive. Tell the audience, just give 'em a little bit of a teaser about that. >>Yeah, I think you should all read it. You can Google and, and Google find that article. I talked about the people Mohi is a fantastic founder. You know, he was the, you know, the architect of the Google file system. And you know, one of the senior Google executives was on my board. Bill Corrin said one of the smartest engineers. He was the true father of hyperconverge infrastructure. A lot of the code of Nutanix. He wrote, I consider him really the father of that technology, which brought computer storage. And when he took that same idea of bringing compute to secondary storage, which is really what made the scale out architect unique. And we were at your super cloud event talking about that, Dave. Yeah. Right. So it's a people I really got to respect his smarts, his integrity and the genius, what he is done. I think the customer base, I called a couple of customers. One of them, a fortune 100 customer. I, I can't tell you who it was, but a very important customer. I've known him. He said, I haven't seen tech like this since VMware, 20 years ago, Amazon 10 years ago and now Ko. So that's special league. We're winning very much in the enterprise and that type of segment, the partners, you know, we have HPE, Cisco as investors. Amazon's an investors. So, you know, and then finally the opportunity, I think this whole area of data management and data security now with threats, like ransomware big opportunity. >>Okay. So when you were number two at VMware, you would come on and say, we'd love all our partners and of course, okay. So you know, a little bit about how to work with, with VMware. So, so when you now think about the partnership between cohesive and VMware, what are the things that you're gonna stress to your constituents on the VMware side to convince them that Hey, partnering with cohesive is gonna gonna drive more value for customers, you know, put your thumb on the scale a little bit. You know, you gotta, you gotta unfair advantage somewhat, but you should use it. So what's the narrative gonna be like? >>Yeah, I think listen with VMware and Amazon, that probably their top two partners, Dave, you know, like one of the first calls I made was to Raghu and he knew about this decision before. That's the level of trust I have in him. I even called Michael Dell, you know, before I made the decision, there's a little bit of overlap with Dell, but it's really small compared to the overlap, the potential with Dell hardware that we could compliment. And then I called four CEOs. I was, as I was making this decision, Andy Jassey at Amazon, he was formerly AWS CEO sat Nadela at Microsoft Thomas cor at Google and Arvin Christian, IBM to say, I'm thinking about this making decision. They are many of the mentors and friends to me. So I believe in an ecosystem. And you know, even Chuck Robbins, who the CEO of Cisco is an investor, I texted him and said, Hey, finally, we can be friends. >>It was harder to us to be friends with Cisco, given the overlap of NSX. So I have a big tent towards everybody in our ecosystem with VMware. I think the simple answer is there's no overlap okay. With, with the kind of the primary storage capabilities with VSAN. And by the same thing with Nutanix, we will be friends and, and extend that to be the best data protection solution. But given also what we could do with security, I think this is gonna go a lot further. And then it's all about meet the field. We have common partners. I think, you know, sort of the narrative I talked about in that blog is just like snowflake was replacing Terada and ServiceNow replace remedy and CrowdStrike, replacing Symantec, we're replacing legacy vendors. We are viewed as the modern solution cloud optimized for private and public cloud. We can help you and make VMware and vs a and VCF very relevant to that part of the data management and data security continuum, which I think could end VMware. And by the way, the same thing into the public cloud. So most of the places where we're being successful is clearly withs, but increasingly there's this discussion also about playing into the cloud. So I think both with VMware and Amazon, and of course the other partners in the hyperscaler service, storage, networking place and security, we have some big plans. >>How, how much do you see this? How do you see this multi-cloud narrative that we're hearing here from, from VMware evolving? How much of an opportunity is it? How are customers, you know, we heard about cloud chaos yesterday at the keynote, are customers, do they, do they admit that there's cloud chaos? Some probably do some probably don't how much of an opportunity is that for cohesive, >>It's tremendous opportunity. And I think that's why you need a Switzerland type player in this space to be successful. And you know, and you can't explicitly rule out the fact that the big guys get into this space, but I think it's, if you're gonna back up office 365 or what they call now, Microsoft 365 into AWS or Google workspace into Azure or Salesforce into one of those clouds, you need a Switzerland player. It's gonna be hard. And in many cases, if you're gonna back up data or you protect that data into AWS banks need a second copy of that either on premise or Azure. So it's very hard, even if they have their own native data protection for them to be dual cloud. So I think a multi-cloud story and the fact that there's at least three big vendors of cloud in, in the us, you know, one in China, if include Alibaba creates a Switzerland opportunity for us, that could be fairly big. >>And I think, you know, what we have to do is make sure while we'll be optimized, our preferred cloud is AWS. Our control plane runs there. We can't take an all in AWS stack with the control plane and the data planes at AWS to Walmart. So what I've explained to both Microsoft and AWS is that data plane will need to be multi-cloud. So I can go to an, a Walmart and say, I can back up your data into Azure if you choose to, but the control plane's still gonna be an AWS, same thing with Google. Maybe they have another account. That's very Google centric. So that's how we're gonna believe the, the control plane will be in AWS. We'll optimize it there, but the data plane will be multicloud. >>Yeah. And that's what Mo had explained at Supercloud. You know, and I talked to him, he really helped me hone in on the deployment models. Yes. Where, where, where the cohesive deployment model is instantiating that technology stack into each cloud region and each cloud, which gives you latency advantages and other advantages >>And single code based same platform. >>And then bringing it, tying it together with a unified, you know, interface. That was he, he was, he was key. In fact, I, I wrote about it recently and, and gave him and the other 29 >>Quite a bit in that session, he went deep with you. I >>Mean, with Mohi, when you get a guy who developed a Google file system, you know, who can technically say, okay, this is technically correct or no, Dave, your way off be. So I that's why I had to >>Go. I, I thought you did a great job in that interview because you probed him pretty deep. And I'm glad we could do that together with him next time. Well, maybe do that together here too, but it was really helpful. He's the, he's the, he's the key reason I'm here. >>So you say data management is ripe for disrupt disruption. Talk about that. You talked about this Switzerland effect. That sounds to me like a massive differentiator for cohesive. Why is data management right for disruption and why is cohesive the right partner to do it? >>Yeah, I think, listen, everyone in this sort of data protection backup from years ago have been saying the S Switzerland argument 18 years ago, I was a at Veras an executive there. We used the Switzerland argument, but what's changed is the cloud. And what's changed as a threat vector in security. That's, what's changed. And in that the proposition of a, a Switzerland player has just become more magnified because you didn't have a sales force or Workday service now then, but now you do, you didn't have multi-cloud. You had hardware vendors, you know, Dell, HPE sun at the time. IBM, it's now Lenovo. So that heterogeneity of, of on-premise service, storage, networking, HyperCloud, and, and the apps world has gotten more and more diverse. And I think you really need scale out architectures. Every one of the legacy players were not built with scale out architectures. >>If you take that fundamental notion of bringing compute to storage, you could almost paralyze. Imagine you could paralyze backup recovery and bring so much scale and speed that, and that's what Mo invented. So he took that idea of how he had invented and built Nutanix and applied that to secondary storage. So now everything gets faster and cheaper at scale. And that's a disruptive technology ally. What snowflake did to ator? I mean, the advantage of snowflake is when you took that same concept data, warehousing is not a new concept it's existed from since Ralph Kimball and bill Inman and the people who are fathers of data warehousing, they took that to Webscale. And in that came a disruptive force toter data, right on snowflake. And then of course now data bricks and big query, similar things. So we're doing the same thing. We just have to showcase the customers, which we do. And when large customers see that they're replacing the legacy solutions, I have a lot of respect for legacy solutions, but at some point in time of a solution was invented in 1995 or 2000, 2005. It's right. For change. >>So you use snowflake as an example, Frank SL doesn't like when I say playbook, cuz I says, Dave, I'm a situational CEO, no playbook, but there are patterns here. And one of the things he did is to your point go after, you know, Terra data with a better data warehouse, simplify scale, et cetera. And now he's, he's a constructing a Tam expansion strategy, same way he did at ServiceNow. And I see you guys following a similar pattern. Okay. You get your foot in the door. Let's face it. I mean, a lot of this started with, you know, just straight back. Okay, great. Now it's extending into data management now extending to multi-cloud that's like concentric circles in a Tam expansion strategy. How, how do you, as, as a CEO, that's part of your job is Tam expansion. >>So yeah, I think the way to think about the Tam is, I mean, people say it's 20, 30 billion, but let me tell you how you can piece it apart in size, Dave and Lisa number one, I estimate there's probably about 10 to 20 exabytes of data managed by these legacy players of on-prem stores that they back up to. Okay. So you add them all up in the market shares that they respectively are. And by the way, at the peak, the biggest of these companies got to 2 billion and then shrunk. That was Verto when I was there in 2004, 2 billion, every one of them is small and they stopped growing. You look at the IDC charts. Many of them are shrinking. We are the fastest growing in the last two years, but I estimate there's about 20 exabytes of data that collectively among the legacy players, that's either gonna stay on prem or move to the cloud. Okay. So the opportunity as they replace one of those legacy tools with us is first off to manage that 20 X by cheaper, faster with the Webscale glass offer the cloud guys, we could tip that into the cloud. Okay. >>But you can't stop there. >>Okay. No, we are not doing just backup recovery. We have a platform that can do files. We can do test dev analytics and now security. Okay. That data is potentially at a risk, not so much in the past, but for ransomware, right? How do we classify that? How do we govern that data? How do we run potential? You know, the same way you did antivirus some kind of XDR algorithms on the data to potentially not just catch the recovery process, which is after fact, but maybe the predictive act of before to know, Hey, there's somebody loitering around this data. So if I'm basically managing in the exabytes of data and I can proactively tell you what, this is, one CIO described this very simply to me a few weeks ago that I, and she said, I have 3000 applications, okay. I wanna be prepared for a black Swan event, except it's not a nine 11 planes getting the, the buildings. >>It is an extortion event. And I want to know when that happens, which of my 3000 apps I recover within one hour within one day within one week, no later than one month. Okay. And I don't wanna pay the bad guys at penny. That's what we do. So that's security discussions. We didn't have that discussion in 2004 when I was at another company, because we were talking about flood floods and earthquakes as a disaster recovery. Now you have a lot more security opportunity to be able to describe that. And that's a boardroom discussion. She needs to have that >>Digital risk. O O okay, go ahead please. I >>Was just gonna say, ransomware attack happens every what? One, every 11, 9, 11 seconds. >>And the dollar amount are going up, you know, dollar are going up. Yep. >>And, and when you pay the ransom, you don't always get your data back. So you that's not. >>And listen, there's always an ethical component. Should you do it or not do it? If you, if you don't do it and you're threatened, they may have left an Easter egg there. Listen, I, I feel very fortunate that I've been doing a lot in security, right? I mean, I built the business at, at, at VMware. We got it to over a billion I'm on the board of sneak. I've been doing security and then at SAP ran. So I know a lot about security. So what we do in security and the ecosystem that supports us in security, we will have a very carefully crafted stay tuned. Next three weeks months, you'll see us really rolling out a very kind of disciplined aspect, but we're not gonna pivot this company and become a cyber security company. Some others in our space have done that. I think that's not who we are. We are a data management and a data security company. We're not just a pure security company. We're doing both. And we do it well, intelligently, thoughtfully security is gonna be built into our platform, not voted on. Okay. And there'll be certain security things that we do organically. There's gonna be a lot that we do through partnerships, this >>Security market that's coming to you. You don't have to go claim that you're now a security vendor, right? The market very naturally saying, wow, a comprehensive security strategy has to incorporate a data protection strategy and a recovery, you know, and the things that we've talking about Mount ransomware, I want to ask you, you I've been around a long time, longer than you actually Sanjay. So, but you you've, you've seen a lot. You look, >>Thank you. That's all good. Oh, >>Shucks. So the market, I've never seen a market like this, right? I okay. After the.com crash, we said, and I know you can't talk about IPO. That's not what I'm talking about, but everything was bad after that. Right. 2008, 2000, everything was bad. I've never seen a market. That's half full, half empty, you know, snowflake beats and raises the stock, goes through the roof. Dev if it, if the area announced today, Mongo, DB, beat and Ray, that things getting crushed and, and after market never seen anything like this. It's so fed, driven and, and hard to protect. And, and of course, I know it's a marathon, you know, it's not a sprint, but have you ever seen anything like this? >>Listen, I walk worked through 18 quarters as COO of VMware. You've seen where I've seen public quarters there and you know, was very fortunate. Thanks to the team. I don't think I missed my numbers in 18 quarters except maybe once close. But we, it was, it's tough. Being a public company of the company is tough. I did that also at SAP. So the journey from 10 to 20 billion at SAP, the journey from six to 12 at VMware, that I was able to be fortunate. It's humbling because you, you really, you know, we used to have this, we do the earnings call and then we kind of ask ourselves, what, what do you think the stock price was gonna be a day and a half later? And we'd all take bets as to where this, I think you just basically, as a, as a sea level executive, you try to build a culture of beaten, raise, beaten, raise, beaten, raise, and you wanna set expectations in a way that you're not setting them up for failure. >>And you know, it's you, there's, Dave's a wonderful CEO as is Frank Salman. So it's hard for me to dissect. And sometimes the market are fickle on some small piece of it. But I think also the, when I, I encourage people say, take the long term view. When you take the long term view, you're not bothered about the ups and downs. If you're building a great company over the length of time, now it will be very clear over the arc of many, many quarters that you're business is trouble. If you're starting to see a decay in growth. And like, for example, when you start to see a growth, start to decay significantly by five, 10 percentage points, okay, there's something macro going on at this company. And that's what you won't avoid. But these, you know, ups and downs, my view is like, if you've got both Mongo D and snowflake are fantastic companies, they're CEOs of people I respect. They've actually kind of an, a, you know, advisor to us as a company, you knows moat very well. So we respect him, respect Frank, and you, there have been other quarters where Frank's, you know, the Snowflake's had a down result after that. So you build a long term and they are on the right side of history, snowflake, and both of them in terms of being a modern cloud relevant in the case of MongoDB, open source, two data technology, that's, you know, winning, I, I, we would like to be like them one day >>As, as the new CEO of cohesive, what are you most ask? What are you most anxious about and what are you most excited about? >>I think, listen, you know, you know, everything starts with the employee. You, I always believe I wrote my first memo to all employees. There was an article in Harvard business review called service profit chains that had a seminal impact on my leadership, which is when they studied companies who had been consistently profitable over a long period of time. They found that not just did those companies serve their customers well, but behind happy engaged customers were happy, engaged employees. So I always believe you start with the employee and you ensure that they're engaged, not just recruiting new employees. You know, I put on a tweet today, we're hiring reps and engineers. That's okay. But retaining. So I wanna start with ensuring that everybody, sometimes we have to make some unfortunate decisions with employees. We've, we've got a part company with, but if we can keep the best and brightest retained first, then of course, you know, recruiting machine, I'm trying to recruit the best and brightest to this company, people all over the place. >>I want to get them here. It's been, so I mean, heartwarming to come Tom world and just see people from all walks, kind of giving me hugs. I feel incredibly blessed. And then, you know, after employees, it's customers and partners, I feel like the tech is in really good hands. I don't have to worry about that. Cuz Mo it's in charge. He's got this thing. I can go to bed knowing that he's gonna keep innovating the future. Maybe in some of the companies I've worried about the tech innovation piece, but most doing a great job there. I can kind of leave that in his cap of hands, but employees, customers, partners, that's kind of what I'm focused on. None of them are for me, like a keep up at night, but there are are opportunities, right? And sometimes there's somebody you're trying to salvage to make sure or somebody you're trying to convince to join. >>But you know, customers, I love pursuing customers. I love the win. I hate to lose. So fortune 1000 global, 2000 companies, small companies, big companies, I wanna win every one of them. And it's not, it's not like, I mean, I know all these CEOs in my competitors. I texted him the day I joined and said, listen, I'll compete, honorably, whatever have you, but it's like Kobe and LeBron Kobe's passed away now. So maybe it's Steph Curry. LeBron, whoever your favorite athlete is you put your best on the court and you win. And that's how I am. That's nothing I've known no other gear than to put my best on the court and win, but do it honorably. It should not be the one that you're doing it. Unethically. You're doing it personally. You're not calling people's names. You're competing honorably. And when you win the team celebrates, it's not a victory for me. It's a victory for the team. >>I always think I'm glad that you brought up the employee experience and we're almost out of time, but I always think the employee experience and the customer experience are inextricably linked. This employees have to be empowered. They have to have the data that they need to do their job so that they can deliver to the customer. You can't do one without the other. >>That's so true. I mean, I, it's my belief. And I've talked also on this show and others about servant leadership. You know, one of my favorite poems is Brenda Naor. I went to bed in life. I dreamt that life was joy. I woke up and realized life was service. I acted in service was joy. So when you have a leadership model, which is it's about, I mean, there's lots of layers between me and the individual contributor, but I really care about that sales rep and the engineer. That's the leaf level of the organization. What can I get obstacle outta their way? I love skipping levels of going right. That sales rep let's go and crack this deal. You know? So you have that mindset. Yeah. I mean, you, you empower, you invert the pyramid and you realize the power is at the leaf level of an organization. >>So that's what I'm trying to do. It's a little easier to do it with 2000 people than I dunno, either 20, 20, 2000 people or 35,000 reported me at VMware. And I mean a similar number at SAP, which was even bigger, but you can shape this. Now we are, we're not a startup anymore. We're a midsize company. We'll see. Maybe along the way, there's an IP on the path. We'll wait for that. When it comes, it's a milestone. It's not the destination. So we do that and we are, we, I told people we are gonna build this green company. Cohesive is gonna be a great company like VMware one day, like Amazon. And there's always a day of early beginnings, but we have to work harder. This is kind of like the, you know, eight year old version of your kid, as opposed to the 18 year old version of the kid. And you gotta work a little harder. So I love it. Yeah. >>Good luck. Awesome. Thank you. Best of luck. Congratulations. On the role, it sounds like there's a tremendous amount of adrenaline, a momentum carrying you forward Sanjay. We always appreciate having you. Thank >>You for having in your show. >>Thank you. Our pleasure, Lisa. Thank you for Sanja poin and Dave ante. I'm Lisa Martin. You're watching the cube live from VMware Explorer, 2022, stick around our next guest. Join us momentarily.

>>Good afternoon, everyone. And welcome back to the Cube's day two coverage of VMware Explorer, 2022 live from San Francisco. Lisa Martin, here with Dave. Valante good to be sitting next to you, sir. >>Yeah, the big >>Set and we're very excited to be welcoming back. One of our esteemed alumni Sanja poin joins us, the CEO and president of cohesive. Nice to see >>You. Thank you, Lisa. Thank you, Dave. It's great to meet with you all the time and the new sort of setting here, but >>First time we've been in west, is that right? We've been in north. We've been in south. We've been in Las Vegas, right. But west >>Nice. Well, I mean, it's also good to be back with live shows with absolutely, you know, after sort of the two or three or high. And it was a hard time for the whole world, but I'm kind of driving a little bit of adrenaline just being here with people. So >>You've also got some adrenaline, sorry, Dave. Yeah, you're good because you are new in the role at cohesive. You wrote a great blog that you are identified. The four reasons I came to cohesive. Tell the audience, just give 'em a little bit of a teaser about that. >>Yeah, I think you should all read it. You can Google and, and Google find that article. I talked about the people Mohi is a fantastic founder. You know, he was the, you know, the architect of the Google file system. And you know, one of the senior Google executives who was on my board, bill Corrin said one of the smartest engineers. He was the true father of hyperconverge infrastructure. A lot of the code of Nutanix. He wrote, I consider him really the father of that technology, which brought computer storage. And when he took that same idea of bringing compute to secondary storage, which is really what made the scale out architect unique. And we were at your super cloud event talking about that, Dave. Yeah. Right. So it's a people I really got to respect his smarts, his integrity and the genius, what he is done. >>I think the customer base, I called a couple of customers. One of them, a fortune 100 customer. I, I can't tell you who it was, but a very important customer. I've known him. He said, I haven't seen tech like this since VMware, 20 years ago, Amazon 10 years ago. And now COER so that's special league. We're winning very much in the enterprise and that type of segment, the partners, you know, we have HPE, Cisco as investors, Amazon's an investors. So, you know, and then finally the opportunity, I think this whole area of data management and data security now with threats, like ransomware big opportunity. >>Sure. Okay. So when you were number two at VMware, you would come on and say, we'd love all our partners and of course, okay. So you know, a little bit about how to work with, with VMware. So, so when you now think about the partnership between cohesive and VMware, what are the things that you're gonna stress to your constituents on the VMware side to convince them that Hey, partnering with cohesive is gonna gonna drive more value for customers, you know, put your thumb on the scale a little bit. You know, you gotta, you gotta unfair advantage somewhat, but you should use it. So what's the narrative gonna be like? >>Yeah. I think listen with VMware and Amazon, that probably their top two partners, Dave, you know, like one of the first calls I made was to Raghu and he knew about this decision before. That's the level of trust I have in him. I even called Michael Dell, you know, before I made the decision, there's a little bit of an overlap with Dell, but it's really small compared to the overlap, the potential with Dell hardware that we could compliment. And then I called four CEOs. I was, as I was making this decision, Andy Jassy at Amazon, he was formerly AWS CEO sat Nadela at Microsoft Thomas cor at Google and Arvin Christian at IBM to say, I'm thinking about this making decision. They are many of the mentors and friends to me. So I believe in an ecosystem. And you know, even Chuck Robbins, who the CEO of Cisco is an investor, I texted him and said, Hey, finally, we can be friends. >>It was harder to us to be friends with Cisco, given the overlap of NEX. So I have a big tent towards everybody in our ecosystem with VMware. I think the simple answer is there's no overlap okay. With, with the kind of the primary storage capabilities with VSAN. And by the same thing with Nutanix, we will be friends and, and extend that to be the best data protection solution. But given also what we could do with security, I think this is gonna go a lot further. And then it's all about meet in the field. We have common partners. I think, you know, sort of the narrative I talked about in that blog is just like snowflake was replacing Terada and ServiceNow replace remedy and CrowdStrike, replacing Symantec, we're replacing legacy vendors. We are viewed as the modern solution cloud optimized for private and public cloud. We can help you and make VMware and VSAN and VCF very relevant to that part of the data management and data security continuum, which I think could enhance VMware. And by the way, the same thing into the public cloud. So most of the places where we're being successful is clearly withs, but increasingly there's this discussion also about playing into the cloud. So I think both with VMware and Amazon, and of course the other partners in the hyperscaler service, storage, networking place and security, we have some big plans. >>How, how much do you see this? How do you see this multi-cloud narrative that we're hearing here from, from VMware evolving? How much of an opportunity is it? How are customers, you know, we heard about cloud chaos yesterday at the keynote, are customers, do they, do they admit that there's cloud chaos? Some probably do some probably don't how much of an opportunity is that for cohesive, >>It's tremendous opportunity. And I think that's why you need a Switzerland type player in this space to be successful. And you know, and you can't explicitly rule out the fact that the big guys get into this space, but I think it's, if you're gonna back up office 365 or what they call now, Microsoft 365 into AWS or Google workspace into Azure or Salesforce into one of those clouds, you need a Switzerland player it's gonna be out. And in many cases, if you're gonna back up data or you protect that data into AWS banks need a second copy of that either on premise or Azure. So it's very hard, even if they have their own native data protection for them to be dual cloud. So I think a multi-cloud story and the fact that there's at least three big vendors of cloud in, in the us, you know, one in China, if include Alibaba creates a Switzerland opportunity for us, that could be fairly big. >>And I think, you know, what we have to do is make sure while we'll be optimized, our preferred cloud is AWS. Our control plane runs there. We can't take an all in AWS stack with the control plane and the data planes at AWS to Walmart. So what I've explained to both Microsoft and AWS is that data plane will need to be multicloud. So I can go to an a Walmart and say, I can back up your data into Azure if you choose to, but the control, plane's still gonna be an AWS, same thing with Google. Maybe they have another account. That's very Google centric. So that's how we're gonna play the, the control plane will be in AWS. We'll optimize it there, but the data plane will be multi-cloud. >>Yeah. And that's what Mo had explained at Supercloud. You know, and I talked to, he really helped me hone in on the deployment models. Yes. Where, where, where the cohesive deployment model is instantiating that technology stack into each cloud region and each cloud, which gives you latency advantages and other advantages >>And single code based same platform, >>And then bringing it, tying it together with a unified, you know, interface. That was he, he was, he was key. In fact, I, I wrote about it recently and, and gave him and the other 20, >>Quite a bit in that session. Yeah. So he went deep with you. I >>Mean, with Mohi, when you get a guy who developed a Google file system, you know, who can technically say, okay, this is technically correct or no, Dave, your way off be so I that's why I had to >>Go. I, I thought you did a great job in that interview because you probed him pretty deep and I'm glad we could do that together with him next time. Well, maybe do that together here too, but it was really helpful. He's the, he's the, he's the key reason I'm here. >>So you say data management is ripe for disrupt disruption. Talk about that. You talked about this Switzerland effect. That sounds to me like a massive differentiator for cohesive. Why is data management right. For disruption and why is cohesive the right partner to do it? >>Yeah, I think, listen, everyone in this sort of data protection backup from years ago have been saying the S Switzerland argument 18 years ago, I was a at Veras an executive there. We used the Switzerland argument, but what's changed is the cloud. And what's changed as a threat vector in security. That's, what's changed. And in that the proposition of a, a Switzerland player has just become more magnified because you didn't have a sales force or Workday service now then, but now you do, you didn't have multi-cloud. You had hardware vendors, you know, Dell, HPE sun at the time. IBM, it's now Lenovo. So that heterogeneity of, of on-premise service, storage, networking, HyperCloud, and, and the apps world has gotten more and more diverse. And I think you really need scale out architectures. Every one of the legacy players were not built with scale out architectures. >>If you take that fundamental notion of bringing compute to storage, you could almost paralyze. Imagine you could paralyze backup recovery and bring so much scale and speed that, and that's what Mo invented. So he took that idea of how he had invented and built Nutanix and applied that to secondary storage. So now everything gets faster and cheaper at scale. And that's a disruptive technology ally. What snowflake did to ator? I mean, the advantage of snowflake is when you took that same concept data, warehousing is not a new concept it's existed from since Ralph Kimble and bill Inman and the people who are fathers of data warehousing, they took that to Webscale. And in that came a disruptive force toter data, right? And snowflake. And then of course now data bricks and big query, similar things. So we're doing the same thing. We just have to showcase the customers, which we do. And when large customers see that they're replacing the legacy solutions, I have a lot of respect for legacy solutions, but at some point in time of a solution was invented in 1995 or 2000, 2005. It's right. For change. >>So you use snowflake as an example, Frank sluman doesn't like when I say playbook, cuz I says, Dave, I'm a situational. See you no playbook, but there are patterns here. And one of the things he did is to your point go after, you know, Terra data with a better data warehouse, simplify scale, et cetera. And now he's, he's a constructing a Tam expansion strategy, same way he did at ServiceNow. And I, you guys following a similar pattern. Okay. You get your foot in the door. Let's face it. I mean, a lot of this started with, you know, just straight back. Okay, great. Now it's extending into data management now extending to multi-cloud that's like concentric circles in a Tam expansion strategy. How, how do as, as a CEO, that's part of your job is Tam expansion. >>So yeah, I think the way to think about the Tam is, I mean, people say it's 20, 30 billion, but let me tell you how you can piece it apart in size, Dave and Lisa number one, I estimate there's probably about 10 to 20 exabytes of data managed by these legacy players of on-prem stores that they back up to. Okay. So you add them all up in the market shares that they respectively are. And by the way, at the peak, the biggest of these companies got to 2 billion and then shrunk. That was Verto when I was there in 2004, 2 billion, every one of them is small and they stopped growing. You look at the IDC charts. Many of them are shrinking. We are the fastest growing in the last two years, but I estimate there's about 20 exabytes of data that collectively among the legacy players, that's either gonna stay on prem or move to the cloud. Okay. So the opportunity as they replace one of those legacy tools with us is first off to manage that 20 X bike cheaper, faster with the Webscale, a glass or for the cloud guys, we could tip that into the cloud. Okay. >>But you can't stop there. >>Okay. No, we are not doing just back recovery. Right. We have a platform that can do files. We can do test dev analytics and now security. Okay. That data is potentially at a risk, not so much in the past, but for ransomware, right? How do we classify that? How do we govern that data? How do we run potential? You know, the same way you did antivirus some kind of XDR algorithms on the data to potentially not just catch the recovery process, which is after fact, but maybe the predictive act of before to know, Hey, there's somebody loitering around this data. So if I'm basically managing in the exabytes of data and I can proactively tell you what, this is, one CIO described this very simply to me a few weeks ago that I, and she said, I have 3000 applications, okay. I wanna be prepared for a black Swan event, except it's not a nine 11 planes hitting the, the buildings. >>It is an extortion event. And I want to know when that happens, which of my 3000 apps I recover within one hour within one day within one week, no lay than one month. Okay. And I don't wanna pay the bad guys of penny. That's what we do. So that's security discussions. We didn't have that discussion in 2004 when I was at another company, because we were talking about flood floods and earthquakes as a disaster recovery. Now you have a lot more security opportunity to be able to describe that. And that's a boardroom discussion. She needs to have that >>Digital risk. O O okay, go ahead please. I >>Was just gonna say, ransomware attack happens every what? One, every 11, 9, 11 seconds. >>And the dollar amount are going up, you know, dollar of what? >>Yep. And, and when you pay the ransom, you don't always get your data back. So you that's >>Not. And listen, there's always an ethical component. Should you do it or not do it? If you, if you don't do it and you're threatened, they may have left an Easter egg there. Listen, I, I feel very fortunate that I've been doing a lot in security, right? I mean, I built the business at, at, at VMware. We got it to over a billion I'm on the board of sneak. I've been doing security and then at SAP ran. So I know a lot about security. So what we do in security and the ecosystem that supports us in security, we will have a very carefully crafted stay tuned. Next three weeks months, you'll see us really rolling out a very kind of disciplined aspect, but we're not gonna pivot this company and become a cyber security company. Some others in our space have done that. I think that's not who we are. We are a data management and a data security company. We're not just a pure security company. We're doing both. And we do it well, intelligently, thoughtfully security is gonna be built into our platform, not bolted on, okay. And there'll be certain security things that we do organically. There's gonna be a lot that we do through partnerships, >>This security market that's coming to you. You don't have to go claim that you're now a security vendor, right? The market very naturally saying, wow, a comprehensive security strategy has to incorporate a data protection strategy and a recovery, you know, and the things we've talking about, Mount ransomware, I want to ask you, you know, I've been around a long time, longer than you actually Sanjay. So, but you you've, you've seen a lot. You look incredibly, >>Thank you. That's all good. Oh, >>Shocks. So the market, I've never seen a market like this, right? I okay. After the.com crash, we said, and I know you can't talk about IPO. That's not what I'm talking about, but everything was bad after that. Right. 2008, 2000, everything was bad. I've never seen a market. That's half full, half empty, you know, snowflake beats and raises the stock, goes through the roof. Dev if it, the area announced today, Mongo, DB, beat and Ray, that things getting crushed. And, and after market never seen anything like this. It's so fed, driven and, and hard to protect. And, and of course, I know it's a marathon, you know, it's not a sprint, but have you ever seen anything like this? >>Listen, I walk worked through 18 quarters as COO of VMware. You seen, I've seen public quarters there and you know, was very fortunate. Thanks to the team. I don't think I missed my numbers in 18 quarters except maybe once close. But we, it was, it's tough. Being a public company. Officer of the company is tough. I did that also at SAP. So the journey from 10 to 20 billion at SAP, the journey from six to 12 at VMware, that I was able to be fortunate. It's humbling because you, you really, you know, we used to have this, we do the earnings call and then we kind of ask ourselves, what, what do you think the stock price was gonna be a day and a half later? And we'd all take bets as to wear this. I think you just basically, as a, as a sea level executive, you try to build a culture of beaten, raise, beaten, raise, beaten, raise, and you wanna set expectations in a way that you're not setting them up for failure. >>And you know, it's you, there's, Dave's a wonderful CEO as is Frank movement. So it's hard for me to dissect. And sometimes the market are fickle on some small piece of it. But I think also the, when I, I encourage people say, take the long term view. When you take the long term view, you're not bothered about the ups and downs. If you're building a great company over the length of time, now it will be very clear over the arc of many, many quarters that you're business is trouble. If you're starting to see a decay in growth. And like, for example, when you start to see a growth, start to decay significantly by five, 10 percentage points, okay, there's something macro going on at this company. And that's what you won't avoid. But these, you know, ups and downs, my view is like, if you've got both Mongo, DIA and snowflake are fantastic companies, they're CEOs of people I respect. They've actually a kind of an, a, you know, advisor to us as a company, you knows mot very well. So we respect him, respect Frank, and you, there have been other quarters where Frank's, you know, the snowflakes had a down result after that. So you build a long term and they are on the right side of history, snowflake, and both of them in terms of being a modern cloud relevant in the case of MongoDB open source to data technology, that's, you know, winning, I, we would like to be like them one day >>As, as the new CEO of cohesive, what are you most, what are you most anxious about? And what are you most excited about? >>I think, listen, you know, you know, everything starts with the employee. You, I always believe I wrote my first memo to all employees. There was an article in Harvard business review called service profit chains that had a seminal impact on my leadership, which is when they studied companies who had been consistently profitable over a long period of time. They found that not just did those companies serve their customers well, but behind happy engaged customers were happy, engaged employees. So I always believe you start with the employee and you ensure that they're engaged, not just recruiting new employees. You know, I put on a tweet today, we're hiring reps and engineers. That's okay. But retaining. So I wanna start with ensuring that everybody, sometimes we have to make some unfortunate decisions with employees. We've, we've got a part company with, but if we can keep the best and brightest retained first, then of course, you know, recruiting machine, I'm trying to recruit the best and brightest to this company, people all over the place. >>I want to get them here. It's been, so I mean, heartwarming to come to world and just see people from all walks, kind of giving me hugs. I feel incredibly blessed. And then, you know, after employees, it's customers and partners, I feel like the tech is in really good hands. I don't have to worry about that. Cuz Mo it's in charge. He's got this thing. I can go to bed knowing that he's gonna keep innovating the future. Maybe in some of the companies, I would worried about the tech innovation piece, but most doing a great job there. I can kind of leave that in his cap of hands, but employees, customers, partners, that's kind of what I'm focused on. None of them are for me, like a keep up at night, but they're are opportunities, right? And sometimes there's somebody you're trying to salvage to make sure or somebody you're trying to convince to join. >>But you know, customers, I love pursuing customers. I love the win. I hate to lose. So fortune 1000 global, 2000 companies, small companies, big companies, I wanna win every one of 'em and it's not, it's not like, I mean, I know all these CEOs in my competitors. I texted him the day I joined and said, listen, I'll compete, honorably, whatever have you, but it's like Kobe and LeBron Kobe's passed away now. So maybe it's step Curry. LeBron, whoever your favorite athlete is you put your best on the court and you win. And that's how I am. That's nothing I've known no other gear than to put my best on the court and win, but do it honorably. It should not be the one that you're doing it. Unethically. You're doing it personally. You're not calling people's names. You're competing honorably. And when you win the team celebrates, it's not a victory for me, it's a victory for the team. >>I always think I'm glad that you brought out the employee experience and we're almost out of time, but I always think the employee experience and the customer experience are inextricably linked. This employees have to be empowered. They have to have the data that they need to do their job so that they can deliver to the customer. You can't do one without the other. >>That's so true. I mean, I, it's my belief. And I've talked also on this show and others about servant leadership. You know, one of my favorite poems is Brenda NA Tago. I went to bed in life. I dreamt that life was joy. I woke up and realized life was service. I acted in service was joy. So when you have a leadership model, which is it's about, I mean, there's lots of layers between me and the individual contributor, but I really care about that sales rep and the engineer. That's the leaf level of the organization. What can I get obstacle outta their way? I love skipping levels and going write that sales rep let's go and crack this deal. You know? So you have that mindset. Yeah. I mean, you, you empower, you invert the pyramid and you realize the power is at the leaf level of an organization. >>So that's what I'm trying to do. It's a little easier to do it with 2000 people than I dunno, either 20, 20, 2000 people or 35,000 reported me at VMware. And I mean a similar number at SAP, which was even bigger, but you can shape this. Now we are, we're not a startup anymore. We're a mid-size company. We'll see. Maybe along the way, there's an IP on the path. We'll wait for that. When it comes, it's a milestone. It's not the destination. So we do that and we are, we, I told people we are gonna build this green company. Cohesive is gonna be a great company like VMware one day, like Amazon. And there's always a day of early beginnings, but we have to work harder. This is kind of like the, you know, eight year old version of your kid, as opposed to the 18 year old version of the kid. And you gotta work a little harder. So I love it. Yeah. >>Good luck. Awesome. Thank you too. Best of luck. Congratulations on the role, it sounds like there's a tremendous amount of adrenaline, a momentum carrying you forward Sanja. We always appreciate having thank >>You for having in your show. >>Thank you. Our pleasure, Lisa. Thank you for Sanjay poin and Dave ante. I'm Lisa Martin. You're watching the cube live from VMware Explorer, 2022, stick around our next guest. Join us momentarily.

(bright intro music) >> Welcome back everyone to VMware Explore '22. I'm John Furrier, host of the key with David Lante, our 12th year covering VMware's user conference, formerly known as VM-World now rebranded as VMware Explore. You got two great Cube alumni coming on the Cube. Ricky Cooper, SVP worldwide partner commercial VMware. Great to see you, thanks for coming on. >> Thank you. >> We just had a great chat-- >> Good to see you again. >> At HPE discover. And of course, Joseph George, Vice President of Compute Industry Alliances. Great to have you on. Great to see you. >> Great to see you, John. >> So guys, this year is very curious, VMware, a lot going on. The name change of the event. Big move, Bold move. And then they changed the name of the event. Then Broadcom buys them. A lot of speculation, but at the end of the day, this conference... Kind of people were wondering what would be the barometer of the event. We were reporting this morning on the keynote analysis. Very good mojo in the keynote. Very transparent about the Broadcom relationship. The expo floor last night was buzzing. I mean, this is not a show that's looking like it's going to be, you know, going down. This is clearly a wave. We're calling it super cloud, multi-cloud's their theme. Clearly the cloud's happening. Not to date ourselves, but 2013 we were discussing on the-- >> We talked about that, yeah. >> HPE Discover about DevOps infrastructure as code. We're full realization now of that. This is where we're at. You guys had a great partnership with VMware and HPE. Talk about where you guys see this coming together because the customers are refactoring, they are looking at cloud native, the whole Broadcom visibility to the VMware customer bases activated them. They're here and they're leaning in. What's going on? >> Yeah absolutely, we're seeing a renewed interest now as customers are looking at their entire infrastructure, bottoms up all the way up the stack and the notion of a hybrid cloud, where you've got some visibility and control of your data and your infrastructure and applications. Customers want to live in that sort of a cloud environment. And so we're seeing a renewed interest, a lot of conversations we're having with customers now, a lot of customers committing to that model, where they have applications and workloads running at the edge in their data center and in the public cloud in a lot of cases. But having that mobility, having that control, being able to have security in their own control. There's a lot that you can do there. And obviously partnering with VMware. We've been partners for so long. >> 20 years, at least. >> At least 20 years. Back when they invented stuff. They were inventing way-- >> VMware's got a very technical culture, but Ricky, I got to say that we commented earlier when Ragu was on the CEO now CEO, I mean legendary product guy, set the trajectory to VMware, everyone knows that. I can't know whether it was VMware or HP, HP before HPE coined Hybrid. Cause you guys were both on, I can't recall Dave, which company coined it first, but it was either one of you guys. Nobody else was there. >> It was the partnership. (men chuckle) >> Hybrid Cloud I had a big thing with Pat Gelsinger, Dave. Remember when he said he got in my grill on theCube, live, but now you see. >> You focus on that multi-cloud aspect. So you've got a situation where our customers are looking at multi-cloud and they're looking at it, not just as a flash in the pan. This is here for five years, 10 years, 20 years. Okay. So what does that mean then to our partners and to our distributors, you're seeing a whole seed change. You're seeing partners now looking at this. So look at the OEMs, the ones that have historically been vSphere customers and now saying they're coming in, drove saying, okay, what is the next step? Well, how can I be a multi-cloud partner with you? How can I look at other aspects that we're driving here together? So GreenLake is a great example. We keep going back to GreenLake and we are partaking in GreenLake at the moment. The real big thing for us is going to be right. Let's make sure that we've got the agreements in place that support this Sasson subscription motion going forward. And then the sky's the limit for us. >> You're plugging that right into. >> Well, here's why, here's why, so customers are loving the fact that they can go to a public cloud and they can get an SLA. They come to an on-premise, you've got the hardware, you've got the software, you've got the guys on board to maintain this through its life cycle. I mean, this is complicated stuff. Now we've got a situation where you can say, Hey, we can get an SLA on premise. >> And I think what you're seeing is it's very analogous to having a financial advisor, just manage your portfolio. You're taking care of just submitting money. That's really a lot of what a lot of the customers have done with the public cloud. But now a lot of these customers are getting savvy. They have been working with VMware technologies and HPE for so long. they've got expertise. They know how they want their workloads architected. Now we've given them a model where they can leverage the cloud platform to be able to do this, whether it's on premise, the edge or in the public cloud, leveraging HPE GreenLake and VMware. >> Is it predominantly or exclusively a managed service or do you find some customers saying, hey, we want to manage ourself. What are you seeing is the mix there? >> It is not predominantly managed services right now. We're actually, as we are growing last time we talked at HPE discover. We talked about a whole bunch of new services that we've added to our catalog. It's growing by leaps and bounds. A lot of folks are definitely interested in the pay as you go, obviously the financial model, but are now getting exposed to all the other management that can happen. There are managed services capabilities, but actually running it as a service with your systems on-prem is a phenomenal idea for all these customers. And they're opening their eyes to some new ways to service their customers better. >> And another phenomenon we're seeing there is where partners such as HPA, using other partners for various areas of the services implementation as well. So that's another phenomenon. You're seeing the resale motion now going into a lot more of the services motion. >> It's interesting too. I mean the digital modernization that's going on, the transformation whatever you want to call it, is complicated, that's clear. One of the things I liked about the keynote today was the concept of cloud chaos, because we've been saying quoting Andy Grove, Next Intel, let chaos rain and rain in the chaos. And when you have inflection points, complexity, which is the chaos, needs to be solved and whoever solves it and kicks the inflection point, that's up and to the right. >> So prime idea right here. So. >> GreenLake is, well. >> Also look at the distribution model and how that's changed a couple of points on a deal. Now they're saying I'll be your aggregator. I'll take the strain and I'll give you scale. I'll give you VMware scale for all of the various different partners, et cetera. >> Yeah. So let's break this down because this is, I think a key point. So complexity is good, but the old model in the enterprise market was, you solve complexity with more complexity and everybody wins. Oh yeah, we're locked in. That's not what the market wants. They want self- service, they want as a service, they want easy, developer first security data ops. DevOps is already in the cycle. So they're going to want simpler, easier, faster. >> And this is kind of why I I'll say for the big announcement today here at VMware Explorer around the VMware vSphere distributed services engine, project Monterey that we've talked about for so long, HPE and VMware and AMD with the Pensando DPU actually work together to engineer a solution for exactly that. The capabilities are fairly straightforward in terms of the technologies, but actually doing the work to do integration, joint engineering, make sure that this is simple and easy and able to be running HPE GreenLake. >> We invested in Pensando right, we are investors. >> What's the benefit of that. That's a great point. You made what's the value to the customer bottom line, that deep, co-engineering, co-partnering, what is it deliver that others don't do? >> Yeah. Well, I think one example would be a lot of vendors can say we support it. >> Yep. That's great. That's actually a really good move, supporting it. It can be resold. That's another great move. I'm not mechanically inclined to where I would go build my own car. I'll go to a dealership and actually buy one that I can press the button and I can start it and I can do what I need to do with my car. And that's really what this does is the engineering work that's gone on between our two companies and AMD Pensando as well as the business work to make that simple and easy that transaction to work. And then to be able to make it available as a service is really what made, that's why it's such a winner here... >> But, it's also a lower cost out of the box. Yes. So you get in whatever it's called a 20%. Okay. But there's nuance because you're also on a new technology curve and you're able to absorb modern apps. We use that term as a promo, but when I say modern apps, I mean data, rich apps, things that are more AI driven. Not the conventional, not that people aren't doing, you know, SAP and CRM, they are. But, there's a whole slew of new apps that are coming in that traditional architectures aren't well suited to handle from a price performance standpoint. This changes that doesn't it? >> Well, you think also of going to the next stage, which is the go to market between the two organizations that before at the moment, HPE is running off doing various different things. We were running off to. Again, that chaos that you're talking about in cloud chaos, you got to go to market chaos, but by simplifying four or five things, what are we going to do really well together? How do we embed those in GreenLake and be known in the marketplace for these solutions? Then you get an organization that's really behind the go to market. You can help with sales, activation, the enablement. And then we benefit from the scale of HPE. >> Yeah. What are those solutions, I mean... Is it just, is it IS? Is it compute storage? Is it specific SAP? Is it VDI? What are you seeing out there? >> So right now for this specific technology, we're educating our customers on what that could be. And at its core, this solution allows customers to take services that normally and traditionally run on the compute system and run on a DPU now with project Monterey. And this is now allowing customers to think about where are their use cases. So I'm rather than going and say, use it for this. We're allowing our customers to explore and say, okay, here's where it makes sense. Where do I have workloads that are using a lot of compute cycles on services at the compute level? That could be somewhere else like networking as a great example, and allowing more of those compute cycles to be available. So where there are performance requirements for an application where there are timely response that's needed for results to be able to take action on, to be able to get insight from data really quick. Those are places where we're starting to see the services moving onto something like a DPU. And that's where this makes a whole lot more sense. >> Okay, so to get this right? You got the hybrid cloud, right? You got GreenLake and you got the distributed engine. What's that called? >> It's HPE Proliant Proliant with the VMware, VSphere. >> VSphere. That's the compute distributed. Okay. So does the customer, how do you guys implement that with the customer all three at the same time or they mix and match? How's that work? >> All three of those components. So the beauty of the HP Proliant with VMware vSphere distributed services engine also now is project Monterey for those that are keeping notes at home. Again already pre-engineered so we've already worked through all the mechanics of how you would have to do this. So it's not something you have to go figure out how you build, get deployment, work through those details. That's already done. It is available through HPE GreenLake. So you can go and actually get it as a service in partnership with our customer, our friends here at VMware. And because if you're familiar and comfortable with all the things that HP Proliant has done from a security perspective, from a reliability perspective, trusted supply chain, all those sorts of things, you're getting all of that with this particular solution. >> Sumit Dhawan had a great quote on theCube just a hour or so ago. He said you have to be early to be first. Love that quote. Okay. So you were first, you were probably a little early, but do you have a lead? I know you're going to say yes. Okay. Let's just assume that okay. Relative to the competition, how do you know? How do you determine that? >> If we have a lead or not? >> Yeah, if you lead, if you're the best. >> We go to the source of the truth, which is our customers. >> And what do they tell you? What do you look at and say, okay, now, I mean, when you have that honest conversation and say, okay, we are, we're first, we're early, we're keeping our lead. What are the things that you look at, as indicators? >> I'll say it this way. We've been in a lot of businesses where we do compete head-to-head in a lot of places and we know how that sales process normally works. We're seeing a different motion from our customers. When we talk about HPE GreenLake, there's not a lot of back and forth on, okay, well let me go shop around. It is HP GreenLake, let's talk about how we actually build this solution. >> And I can tell you from a VMware perspective, our customers are asking us for this the other way around. So that's a great sign. Is that, Hey, we need to see this partnership come together in GreenLake. >> Yeah. Okay. So you would concur with that? >> Absolutely. So third party validation. >> From Switzerland. Yeah. >> Bring it with you over here. >> We're talking about this earlier on, I mean, of course with I mentioned earlier on there's some contractual things that you've got to get in place as you are going through this migration into Sasson subscription, et cetera. And so we are working as hard as we can to make sure, Hey, let's really get this contract in place as quickly as possible, it's what the customers are asking us. >> We've been talking about this for years, you know, see containers being so popular. Now, Kubernetes becoming that layer of bringing people to bringing things together. It's the old adage that Amazon used to coin and Andy Jassy, they do the undifferentiated, heavy lifting. A lot of that's now that's now cloud operations. Underneath is infrastructure's code to the developer, right. That's at scale. >> That's right. >> And so you got a lot of heavy lifting being done with GreenLake. Which is why there's no objections probably. >> Right absolutely. >> What's the choice. What do you even shop? >> Yeah. There's nothing to shop around. >> Yeah, exactly. And then we've, that is really icing on the cake that we've, we've been building for quite some time. There is an understanding in the market that what we do with our infrastructure is hardened from a reliability and quality perspective. Times are tough right now, supply chain issues, all that stuff, we've talked about it. But at HPE, we don't skimp on quality. We're going to spend the dollars and time on making sure we got reliability and security built in. It's really important to us. >> We get a great use case, the storage team, they were provisioning with containers. Storage is a service, instantly. We're seeing with you guys with VMware, your customers bringing in a lot of that into the mix as well. I got to ask. Cause every event we talk about AI and machine learning, automation and DevOps are now infiltrating in with the Ci/CD pipeline security and data become a big conversation. >> Agreed. >> Okay. So how do you guys look at that? Okay. You sold me on green. I've been a big fan from day one. Now it's got maturity on it. I know it's going to get a lot more headroom to do there. It's still a lot of work to do, but directionally it's pretty accurate. It's going to be going to be success. There's still concerns about security, the data layer. That's agnostic of environment, private cloud hybrid, public and edge. So that's important and security has got a huge service area. These are a work in progress. How do you guys view those? >> I think you've just hit the nail on the head. I mean, I was in the press and journalist meetings yesterday and our answer was exactly the same. There is still so much work that can be done here. And I don't think anybody is really emerging as a true leader. It's just a continuation of trying to get that right. Because it is what is the most important thing to our customers. And the industry is really sort of catching up to that. >> And when you start talking about privacy and when you... It's not just about company information, it's about individuals information. It's about information that if exposed actually could have real impact on people. So it's more than just an IT problem. It is actually, and from HP's perspective, security starts from when we're picking our suppliers for our components. There are processes that we put into our entire trusted supply chain from the factory on the way up. I liken it to my golf swing, my golf swinging. I slice, right lik you wouldn't believe. But when I go to the golf pros, they start me back at the mechanics, the foundational pieces, here's where the problems are and start working on that. So my view is our view is if your infrastructure is not secure, you're going to have troubles with security as you go further up. >> Stay in the sandbox, so to speak, they're driving range on the golf analogy there. I love that. Talk about supply chain security real quick. Because you mentioned supply chain on the hardware side, you're seeing a lot of open source and supply chain in software trusted software. How does GreenLake look at that? How do you guys view that piece of it? That's an important part. >> Yeah, security is one of the key pillars that we're actually driving as a company right now. As I said, it's important to our customers as they're making purchasing decisions. And we're looking at it from the infrastructure all the way up to the actual service itself. And that's the beauty of having something like HP GreenLake, we don't have to pick is the infrastructure or the middle where, or the top of stack application, we can look at all of it. Yeah. It's all of it. That matters. >> Question on the ecosystem posture, so, I remember when HP was one company and then the GSIs were a little weird with HP because of EDS, you know, had data protector. So we weren't really chatting up Veeam at the time. And as soon as the split happened, ecosystem exploded. Now you have a situation where your Broadcom is acquiring VMware. You guys big Broadcom customer, has your attitude changed or has it not because, oh, we meet where the customers are. You've always said that, but have you have leaned in more? I mean, culturally is HPE, HPE now saying, hmm, now we have some real opportunities to partner in new ways that we don't have to sleep with one eye open, maybe. >> So I would some first of all, VMware and HPE, we've got a variety of different partners, we always have. If well, before any Broadcom announcement came along. We've been working with a variety of partners and that hasn't changed and that hasn't changed. And if your question is, has our posture toward VMware changed that all the answers absolutely not. We believe in what VMware is doing. We believe in what our customers are doing with VMware, and we're going to continue to work with VMware and partner with you. >> And of course we had to spin out ourselves in November of last year, which I worked on the whole Dell, whole Dell piece. >> But, you still had the same chairman. >> But since then, I think what's really become very apparent. And it's not just with HPE, but with many of our partners, many of the OEM partners, the opportunity in front of us is vast. And we need to rely on each other to help us solve the customer problems that are out there. So there's a willingness to overlook some things that in the past may have been barriers. >> But it's important to note also that it's not that we have not had history, right? Over... We've got over 200,000 customers join. >> Hundreds of millions of dollars of business. >> 100,000, over 10,000 or a 100,000 channel partners that we have in common. Numerous , numerous... >> And independent of the whole Broadcom overhang there, there's the ecosystem floor. Yeah, the expo floor. I mean, it's vibrant. I mean, there's clearly a wave coming. Ricky, we talked about this briefly at HPE Discover. I want to get an update from your perspective, both of you, if you don't mind weighing in on this, clearly the wave we calling it super cloud. Cause it's not just, multi-cloud completely different looking successes, >> Smart Cloud. >> It's not just vendors. It's also the customers turning into clouds themselves. You look at Goldman Sachs. I think every vertical will have its own power law of cloud players in the future. We believe that to be true. We're still testing that assumption, but it's trending in when you got OPEX has to go to in fund statement. CapEx goes to thanks for the cloud. All that's good, but there's a wave coming and we're trying to identify it. What do you guys see as this wave cause beyond multi-cloud and the obvious nature of that will end up happening as a state and what happens beyond that interoperability piece? That's a whole nother story and that's what everyone's fighting for. But everyone out in that ecosystem, it's a big wave coming. They got their surfboards. They're ready to go. So what do you guys see? What is the next wave that everyone's jacked up about here? >> Well, I think the multi-cloud is obviously at the epicenter. If you look at the results that are coming in, a lot of our customers, this is what's leading the discussion. And now we're in a position where we've brought many companies over the last few years, they're starting to come to fruition. They're starting to play a role in how we're moving forward. Some of those are a bit more applicable to the commercial space. We're finding commercial customers are never bought from us before never hundreds and hundreds are coming through our partner networks every single quarter. So brand new to VMware, the trick then is how do you nurture them? How do you encourage them? >> So new logos are coming in? >> New logos are coming in all the time, all the time from across the ecosystem. It's not just the OEMs, it's all the way back. >> So the ecosystem's back for VMware. >> Unbelievably. So what are we doing to help that? There's two big things that we've announced in the recent weeks is that partner connect 2.0. When I talk to you about multi-cloud and multicardt the customers are doing, you see that trend. Four, five different separate clouds that we've got here. The next piece is that they're changing their business models with the partners. Their services is becoming more and more apparent, etc. And the use of other partners to do other services deployment or this stuff is becoming prevalent. Then you've got the distributors that I talked about were there. Then you route to market, then you route to business. So how do you encapsulate all of that and ensure your rewarding partners on all aspects of that? Whether it's deployment, whether it's test and debt, it's a points based system we've put in place now. >> It's a big pie. That's developing the market's getting bigger. >> It's getting so much bigger and then help. >> You agree obviously with that. >> Yeah, absolutely, in fact, I think for a long time we were asking the question of, is it going to be there or is it going to be here? Which was the wrong question now it's everything. Yes. And what I think that what we're seeing in the ecosystem is people are finding the spots where they're going play. Am I going to be on the edge? Am I going to be an analytics play? Am I going to be a cloud transition play? A lot of players are now emerging and saying, we now have a place, a part to play. And having that industry view, not just of a commercial customer at that level, but the two of us are looking at Telco, are looking at financial services, at healthcare, at manufacturing. How do these new ecosystem players fit into it? >> ... is lifting, everyone can see their position there. >> We're now being asked for simplicity and talk to me about partner profitability. How do I know where to focus my efforts? Am I've spread too thin? And my advice that a partner ecosystem out there is, Hey, let's pick out spots together. Let's really go to, and then strategic solutions that we were talking about is good example of that. >> Sounds like composability to me, but not to go back guys. Thanks for coming on. I think there's a big market there. I think the fog is lifted, people seeing their spot there's value there. Value creation equals reward. Yeah. Simplicity, ease of use. This is the new normal great job. Thanks for coming on sharing. Okay. Back live coverage after this short break with more day one coverage here from the blue set here in Moscone.

(upbeat music) >> Welcome back everyone to theCUBE's coverage of VMware Explore '22, formerly VMworld. This is our 12th year covering it. I'm John Furrier with Dave Vellente. Two sets, three days of wall-to-wall coverage. We're starting to get the execs rolling in from VMware. Sumit Dhawan, president of VMware's here. Great to see you. Great keynote, day one. >> Great to be here, John. Great to see you, Dave. Day one, super exciting. We're pumped. >> And you had no problem with the keynotes. We're back in person. Smooth as silk up there. >> We were talking about it. We had to like dust off a cobweb to make some of these inputs. >> It's not like riding a bike. >> No, it's not. We had about 40% of our agencies that we had to change out because they're no longer in business. So, I have to give kudos to the team who pulled it together. They did a fabulous job. >> You do a great check, great presentation. I know you had a lot to crack in there. Raghu set the table. I know this is for him, this was a big moment to lay out the narrative, address the Broadcom thing right out of the gate, wave from Hock Tan in the audience, and then got into the top big news. Still a lot of meat on the bone. You get up there, you got to talk about the use cases, vSphere 8, big release, a lot of stuff. Take us through the keynote. What was the important highlights for you to share, the folks watching that didn't see the keynote or wanted to get your perspective? >> Well, first of all, did any of you notice that Raghu was running on the stage? He did not do that in rehearsal. (John chuckles) I was a little bit worried, but he really did it. >> I said, I betcha that was real. (everyone chuckles) >> Anyways, the jokes aside, he did fabulous. Lays out the strategy. My thinking, as you said, was to first of all speak with their customers and explain how every enterprise is facing with this concept of cloud chaos that Raghu laid out and CVS Health story sort of exemplifies the situation that every customer is facing. They go in, they start with cloud first, which is needed, I think that's the absolutely right approach. Very quickly build out a model of getting a cloud ops team and a platform engineering team which oftentimes be a parallel work stream to a private cloud infrastructure. Great start. But as Roshan, the CIO at CVS Health laid out, there's an inflection point. And that's when you have to converge these because the use cases are where stakeholders, this is the lines of businesses, app developers, finance teams, and security teams, they don't need this stove piped information coming at 'em. And the converge model is how he opted to organize his team. So we called it a multi-cloud team, just like a workspace team. And listen, our commitment and innovations are to solve the problems of those teams so that the stakeholders get what they need. That's the rest of the keynote. >> Yeah, first of all, great point. I want to call out that inflection point comment because we've been reporting coming into VMworld with super cloud and other things across open source and down into the weeds and into the hood. The chaos is real. So, good call. I love how you guys brought that up there. But all industry inflection points, if you go back in history of the tech industry, at every single major inflection point, there was chaos, complexity, or an enemy proprietary. However you want to look at it, there was a situation where you needed to kind of reign in the chaos as Andy Grove would say. So we're at that inflection point, I think that's consistent. And also the ecosystem floor yesterday, the expo floor here in San Francisco with your partners, it was vibrant. They're all on this wave. There is a wave and an inflection point. So, okay. I buy that. So, if you buy the inflection point, what has to happen next? Because this is where we're at. People are feeling it. Some say, I don't have a problem but they're cut chaos such is the problem. So, where do you see that? How does VMware's team organizing in the industry and for customers specifically to solve the chaos, to reign it in and cross over? >> Yeah, you're a 100% right. Every inflection point is associated with some kind of a chaos that had to be reigned in. So we are focused on two major things right now which we have made progress in. And maybe third, we are still work in-progress. Number one is technology. Today's technology announcements are directly to address how that streamlining of chaos can be done through a cloud smart approach that we laid out. Our Aria, a brand new solution for management, significant enhancements to Tanzu, all of these for public cloud based workloads that also extend to private cloud. And then our cloud infrastructure with newer capabilities with AWS, Azure, as well as with new innovations on vSphere 8 and vSAN 8. And then last but not the least, our continuous automation to enable anywhere workspace. All these are simple innovation that have to address because without those innovations, the problem is that the chaos oftentimes is created because lack of technology and as a result structure has to be put in place because tooling and technology is not there. So, number one goal we see is providing that. Second is we have to be independent, provide support for every possible cloud but not without being a partner of theirs. That's not an easy thing to do but we have the DNA as a company, we have done that with data centers in the past, even though being part of Dell we did that in the data center in the past, we have done that in mobility. And so we have taken the challenge of doing that with the cloud. So we are continually building newer innovation and stronger and stronger partnerships with cloud provider which is the basis of our commercial relationships with Microsoft Azure too, where we have brought Azure VMware solution into VMware cloud universal. Again, that strengthens the value of us being neutral because it's very important to have a Switzerland party that can provide these multi-cloud solutions that doesn't have an agenda of a specific cloud, yet an ecosystem, or at least an influence with the ecosystem that can bring going forward. >> Okay, so technology, I get that. Open, not going to be too competitive, but more open. So the question I got to ask you is what is the disruptive enabler to make that happen? 'Cause you got customers, partners and team of VMware, what's the disruptive enabler that's going to get you to that level? >> Over the hump. I mean, listen, our value is this community. All this community has one of two paths to go. Either, they become stove piped into just the public-private cloud infrastructure or they step up as this convergence that's happening around them to say, "You know what? I have the solution to tame this multi-cloud complexity, to reign the chaos," as you mentioned because tooling and technologies are available. And I know they work with the ecosystem. And our objective is to bring this community to that point. And to me, that is the best path to overcome it. >> You are the connective tissue. I was able to sit into the analyst meeting today. You were sort of the proxy for CVS Health where you talked about the private that's where you started, the public cloud ops team, bringing that together. The platform is the glue. That is the connective tissue. That's where Tanzu comes in. That's where Aria comes in. And that is the disruptive technology which it's hard to build that. >> From a technology perspective, it's an enabler of something that has never been done before in that level of comprehensiveness, from a more of a infrastructure side thinking perspective. Yes, infrastructure teams have enabled self-service portals. Yes, infrastructure teams have given APIs to developers, but what we are enabling through Tanzu is completely next level where you have a lot richer experience for developers so that they never ever have to think about the infrastructure at all. Because even when you enable infrastructure as API, that's still an API of the infrastructure. We go straight to the application tier where they're just thinking about authorized set of microservices. Containers can be orchestrated and built automatically, shifting security left where we're truly checking them or enabling them to check the security vulnerabilities as they're developing the application, not going into the production when they have to touch the infrastructure. To me, that's an enabler of a special power that this new multi-cloud team can have across cloud which they haven't had in the past. >> Yeah, it's funny, John, I'd say very challenging technically. The challenge in 2010 was the software mainframe, remember the marketing people killed that term. >> Yeah, exactly. >> But you think about that. We're going to make virtualization and the overhead associated with that irrelevant. We're going to be able to run any workload and VMware achieved that. Now you're saying we run anything anywhere, any Kubernete, any container. >> That's the reality. That's the chaos. >> And the cloud and that's a new, real problem. Real challenging problem that requires serious engineering. >> Well, I mean it's aspirational, right? Let's get the reality, right? So true spanning cloud, not yet there. You guys, I think your vision is definitely right on in the sense that we'd like the chaos and multicloud's a reality. The question is AWS, Azure, Google Cloud, other clouds, they're not going to sit still. No one's going to let VMware just come up and take everything. You got to enable so the market- >> True, true. I don't think this is the case of us versus them because there is so much that they have to express in terms of the value of every cloud. And this happened in the case of, by the way, whether you go into infrastructure or even workspace solutions, as long as the richest of the experience and richest of the controls are provided, for their cloud to the developers that makes the adoption of their cloud simpler. It's a win-win for every party. >> That's the key. I think the simplest. So, I want to ask you, this comes up a lot and I love that you brought that up, simple and self-service has proven developers who are driving the change, cloud DevOps developers. They're driving the change. They're in charge more than ever. They want self-service, easier to deploy. I want a test, if I don't like it, I want to throw it away. But if I like something, I want to stick with it. So it's got to be self-service. Now that's antithetical to the old enterprise model of solve complexity with more complexity. >> Yeah, yeah. >> So the question for you is as the president of VMware, do you feel good that you guys are looking out over the landscape where you're riding into the valley of the future with the demand being automation, completely invisible, abstraction layer, new use case scenarios for IT and whatever IT becomes. Take us through your mindset there, because I think that's what I'm hearing here at this year, VMware Explorer is that you guys have recognized the shift in demographics on the developer side, but ops isn't going away either. They're connecting. >> They're connected. Yeah, so our vision is, if you think about the role of developers, they have a huge influence. And most importantly they're the ones who are driving innovation, just the amount of application development, the number of developers that have emerged, yet remains the scarcest resource for the enterprise are critical. So developers often time have taken control over decision on infrastructure and ops. Why? Because infrastructure and ops haven't shown up. Not because they like it. In fact, they hate it. (John chuckles) Developers like being developers. They like writing code. They don't really want to get into the day to day operations. In fact, here's what we see with almost all our customers. They start taking control of the ops until they go into production. And at that point in time, they start requesting one by one functions of ops, move to ops because they don't like it. So with our approach and this sort of, as we are driving into the beautiful valley of multi-cloud like you laid out, in our approach with the cross cloud services, what we are saying is that why don't we enable this new team which is a reformatted version of the traditional ops, it has the platform engineering in it, the key skill that enables the developer in it, through a platform that becomes an interface to the developers. It creates that secure workflows that developers need. So that developers think and do what they really love. And the infrastructure is seamless and invisible. It's bound to happen, John. Think about it this way. >> Infrastructure is code. >> Infrastructure has code, and even next year, it's invisible because they're just dealing with the services that they need. >> So it's self-service infrastructure. And then you've got to have that capability to simplified, I'll even say automated or computational governance and security. So Chris Wolf is coming on Thursday. >> Yeah. >> Unfortunately I won't be here. And he's going to talk about all the future projects. 'Cause you're not done yet. The project narrows, it's kind of one of these boring, but important. >> Yeah, there's a lot of stuff in the oven coming out. >> There's really critical projects coming down the pipeline that support this multi-cloud vision, is it's early days. >> Well, this is the thing that we were talking about. I want to get your thoughts on. And we were commenting on the keynote review, Hock Tan bought VMware. He's a lot more there than he thought. I mean, I got to imagine him sitting in the front row going there's some stuff coming out of the oven. I didn't even, might not have known. >> He'd be like, "Hmm, this extra value." (everyone chuckles) >> He's got to be pretty stoked, don't you think? >> He is, he is. >> There's a lot of headroom on the margin. >> I mean, independent to that, I think the strategy that he sees is something that's compelling to customers which is what, in my assessment, speaking with him, he bought VMware because it's strategic to customers and the strategic value of VMware becomes even higher as we take our multi-cloud portfolio. So it's all great. >> Well, plus the ecosystem is now re-energize. It's always been energized, but energized cuz it's sort of had to be, cuz it's such a strong- >> And there was the Dell history there too. >> But, yeah it was always EMC, and then Dell, and now it's like, wow, the ecosystem's- >> Really it's released almost. I like this new team, we've been calling this new ops kind of vibe going refactored ops, as you said, that's where the action's happening because the developers want to go faster. >> They want to go faster. >> They want to go fast cuz the velocity's paying off of them. They don't want to have to wait. They don't want security reviews. They want policy. They want some guardrails. Show me the track. >> That's it. >> And let me drive this car. >> That's it because I mean think about it, if you were a developer, listen, I've been a developer. I never really wanted to see how to operate the code in production because it took time away for developing. I like developing and I like to spend my time building the applications and that's the goal of Aria and Tanzu. >> And then I got to mention the props of seeing project Monterey actually come out to fruition is huge because that's the future of computing architecture. >> I mean at this stage, if a customer from here on is modernizing their infrastructure and they're not investing in a holistic new infrastructure from a hardware and software perspective, they're missing out an opportunity on leveraging the numbers that we were showing, 20% increase in calls. Why would you not just make that investment on both the hardware and the software layer now to get the benefits for the next five-six years. >> You would and if I don't have to make any changes and I get 20% automatically. And the other thing, I don't know if people really appreciate the new curve that the Silicon industry is on. It blows away the history of Moore's law which was whatever, 35-40% a year, we're talking about 100% a year price performance or performance improvements. >> I think when you have an inflection point as we said earlier, there's going to be some things that you know is going to happen, but I think there's going to be a lot that's going to surprise people. New brands will emerge, new startups, new talent, new functionality, new use cases. So, we're going to watch that carefully. And for the folks watching that know that theCUBE's been 12 years with covering VMware VMworld, now VMware Explore, we've kind of met everybody over the years, but I want to point out a little nuance, Raghu thing in the keynote. During the end, before the collective responsibility sustainment commitment he had, he made a comment, "As proud as we are," which is a word he used, there's a lot of pride here at VMware. Raghu kind of weaved that in there, I noticed that, I want to call that out there because Raghu's proud. He's a proud product guy. He said, "I'm a product guy." He's delivering keynote. >> Almost 20 years. >> As proud as we are, there's a lot of pride at VMware, Sumit, talk about that dynamic because you mentioned customers, your customer is not a lot of churn. They've been there for a long time. They're embedded in every single company out there, pretty much VMware is in every enterprise, if not all, I mean 99%, whatever percentage it is, it's huge penetration. >> We are proud of three things. It comes down to number one, we are proud of our innovations. You can see it, you can see the tone from Raghu or myself, or other executives changes with excitement when we're talking about our technologies, we're just proud. We're just proud of it. We are a technology and product centric company. The second thing that sort of gets us excited and be proud of is exactly what you mentioned, which is the customers. The customers like us. It's a pleasure when I bring Roshan on stage and he talks about how he's expecting certain relationship and what he's viewing VMware in this new world of multi-cloud, that makes us proud. And then third, we're proud of our talent. I mean, I was jokingly talking to just the events team alone. Of course our engineers do amazing job, our sellers do amazing job, our support teams do amazing job, but we brought this team and we said, "We are going to get you to run an event after three years from not they doing one, we're going to change the name on you, we're going to change the attendees you're going to invite, we're going to change the fact that it's going to be new speakers who have never been on the stage and done that kind of presentation. >> You're also going to serve a virtual audience. >> And we're going to have a virtual audience. And you know what? They embraced it and they surprised us and it looks beautiful. So I'm proud of the talent. >> The VMware team always steps up. You never slight it, you've got great talent over there. The big thing I want to highlight as we end this day, the segment, and I'll get your thoughts and reactions, Sumit, is again, you guys were early on hybrid. We have theCUBE tape to go back into the video data lake and find the word hybrid mentioned 2013, 2014, 2015. Even when nobody was talking about hybrid. >> Yeah, yeah. >> Multicloud, Raghu, I talked to Raghu in 2016 when he did the Pat Gelsinger, I mean Raghu, Pat and Andy Jassy. >> Yeah. >> When that cloud thing got cleared up, he cleared that up. He mentioned multicloud, even then 2016, so this is not new. >> Yeah. >> You had the vision, there's a lot of stuff in the oven. You guys make announcements directionally, and then start chipping away at it. Now you got Broadcom buys VMware, what's in the oven? How much goodness is coming out that's like just hitting the fruits are starting to bear on the tree. There's a lot of good stuff and just put that, contextualize and scale that for us. What's in the oven? >> First of all, I think the vision, you have to be early to be first and we believe in it. Okay, so that's number one. Now having said that what's in the oven, you would see us actually do more controls across cloud. We are not done on networking side. Okay, we announced something as project Northstar with networking portfolio, that's not generally available. That's in the oven. We are going to come up with more capability on supporting any Kubernetes on any cloud. We did some previews of supporting, for example, EKS. You're going to see more of those cluster controls across any Kubernetes. We have more work happening on our telco partners for enablement of O-RAN as well as our edge solutions, along with the ecosystem. So more to come on those fronts. But they're all aligned with enabling customers multi-cloud through these five cross cloud services. They're all really, some of them where we have put a big sort of a version one of solution out there such as Aria continuation, some of them where even the version one's not out and you're going to see that very soon. >> All right. Sumit, what's next for you as the president? You're proud of your team, we got that. Great oven description of what's coming out for the next meal. What's next for you guys, the team? >> I think for us, two things, first of all, this is our momentum season as we call it. So for the first time, after three years, we are now being in, I think we've expanded, explored to five cities. So getting this orchestrated properly, we are expecting nearly 50,000 customers to be engaging in person and maybe a same number virtually. So a significant touchpoint, cuz we have been missing. Our customers have departed their strategy formulation and we have departed our strategy formulation. Getting them connected together is our number one priority. And number two, we are focused on getting better and better at making customers successful. There is work needed for us. We learn, then we code it and then we repeat it. And to me, those are the two key things here in the next six months. >> Sumit, thank you for coming on theCUBE. Thanks for your valuable time, sharing what's going on. Appreciate it. >> Always great to have chatting. >> Here with the president, the CEO's coming up next in theCUBE. Of course, we're John and Dave. More coverage after the short breaks, stay with us. (upbeat music)

[Music] hello everyone welcome back to the live coverage here in monaco for the monaco crypto summit i'm john furrier host of thecube uh we have a great great guest lineup here already in nine interviews small gathering of the influencers and the people making it happen powered by digital bits sponsored by digital bits presented by digital bits of course a lot happening around decentralization web 3 the metaverse we've got a a powerhouse influencer on the qb ryan gills the founder of openmeta been in the issue for a while ryan great to see you thanks for coming on great to be here thank you you know one of the things that we were observing earlier conversations is you have young and old coming together the best and brightest right now in the front line it's been there for a couple years you know get some hype cycles going on but that's normal in these early growth markets but still true north star is in play that is democratize remove the intermediaries create immutable power to the people the same kind of theme has been drum beating on now come the metaverse wave which is the nfts now the meta verses you know at the beginning of this next wave yeah this is where we're at right now what are you working on tell us what's what's open meta working on yeah i mean so there is a reason for all of this right i think we go through all these different cycles and there's an economic incentive engine and it's designed in because people really like making money but there's a deeper reason for it all and the words the buzzwords the terms they change based off of different cycles this one is a metaverse i just saw it a little early you know so i recognized the importance of an open metaverse probably in 2017 and really decided to dedicate 10 years to that um so we're very early into that decade and we're starting to see more of a movement building and uh you know i've catalyzed a lot of that from from the beginning and making sure that while everything moves to a closed corporate side of things there's also an equal bottom-up approach which i think is just more important and more interesting well first of all i want to give you a lot of props for seeing it early and recognizing the impact and potential collateral damage of not not having open and i was joking earlier about the facebook little snafu with the the exercise app and ftc getting involved and you know i kind of common new york times guy comment online like hey i remember aol wanted to monopolize dial up internet and look the open web obviously changed all that they went to sign an extinction not the same comparable here but you know everyone wants to have their own little walled guard and they feel comfortable first-party data the data business so balancing the benefit of data and all the ip that could come into whether it's a visualization or platform it has to be open without open then you're going to have fragmentation you're going to have all kinds of perverse incentives how does the metaverse continue with such big players like meta themselves x that new name for facebook you know big bully tons of cash you know looking to you know get their sins forgiven um so to speak i mean you got google probably will come in apple's right around the corner amazon you get the whales out there how do is it proprietary is walled garden the new proprietary how do you view all that because it's it's still early and so there's a lot of change can happen well it's an interesting story that's really playing out in three acts right we had the first act which was really truly open right there was this idea that the internet is for the end user this is all just networking and then web 2 came and we got a lot of really great business models from it and it got closed up you know and now as we enter this sort of third act we have the opportunity to learn from both of those right and so i think web 3 needs to go back to the values of web one with the lessons in hindsight of web 2. and all of the winners from web 2 are clearly going to want to keep winning in web 3. so you can probably guess every single company and corporation on earth will move into this i think most governments will move into it as well and um but they're not the ones that are leading it the ones that are leading it are are just it's a culture of people it's a movement that's building and accumulating over time you know it's weird it's uh the whole web 2 thing is the history is interesting because you know when i started my podcasting company in 2004 there's only like three of us you know the dave weiner me evan williams and jack dorsey and we thought and the blogging just was getting going and the dream was democratization at the time mainstream media was the enemy and then now blogs are media so and then all sudden it like maybe it was the 2008 area with the that recession it stopped and then like facebook came in obviously twitter was formed from the death of odio podcasting company so the moment in time in history was a glimmic glimmer of hope well we went under my company went under we all went under but then that ended and then you had the era of twitter facebook linkedin reddit was still around so it kind of stopped where did it where did it pick up was it the ethereum bitcoin and ethereum brought that back where'd the open come back well it's a generational thing if you if you go back to like you know apple as a startup they were trying to take down ibm right it was always there's always the bigger thing that was that we we're trying to sort of unbundle or unpackage because they have too much power they have too much influence and now you know facebook and apple and these big tech companies they are that on on the planet and they're doing it bigger than it's ever been done but when they were startups they existed to try to take that from a bigger company so i think you know it's not an it's not a fact that like facebook or zuckerberg is is the villain here it's just the fact that we're reaching peak centralization anything past this point it becomes more and more unhealthy right and an open metaverse is just a way to build a solution instead of more of a problem and i think if we do just allow corporations to build and own them on the metaverse these problems will get bigger and larger more significant they will touch more people on earth and we know what that looks like so why not try something different so what's the playbook what's the current architecture of the open meta verse that you see and how do people get involved is there protocols to be developed is there new things that are needed how does the architecture layout take us through that your mindset vision on that and then how can people get involved yeah so the the entity structure of what i do is a company called crucible out of the uk um but i i found out very quickly that just a purely for-profit closed company a commercial company won't achieve this objective there's limitations to that so i run a dao as well out of switzerland it's called open meta we actually we named it this six months before facebook changed their name and so this is just the track we're on right and what we develop is a protocol uh we believe that the internet built by game developers is how you define the metaverse and that protocol is in the dao it is in the dow it's that's crucial crucible protocol open meta okay you can think of crucible as labs okay no we're building we're building everything so incubator kind of r d kind of thing exactly yeah and i'm making the choice to develop things and open them up create public goods out of them harness things that are more of a bottom-up approach you know and what we're developing is the emergence protocol which is basically defining the interface between the wallets and the game engines right so you have unity and unreal which all the game developers are sort of building with and we have built software that drops into those game engines to map ownership between the wallet and the experience in the game so integration layer basically between the wallet kind of how stripe is viewed from a software developer's campaign exactly but done on open rails and being done for a skill set of world building that is coming and game developers are the best suited for this world building and i like to own what i built yeah i don't like other people to own what i build and i think there's an entire generation that's that's really how do you feel about the owning and sharing component is that where you see the scale coming into play here i can own it and scale it through the relationship of the open rails yeah i mean i think the truth is that the open metaverse will be a smaller network than even one corporate virtual world for a while because these companies have billions of people right yeah every room you've ever been in on earth people are using two or three of facebook's products right they just have that adoption but they don't have trust they don't have passion they don't have the movement that you see in web3 they don't have the talent the level of creative talent those people care about owning what they create on the on what can someone get involved with question is that developer is that a sponsor what do people do to get involved with do you and your team and to make it bigger i mean it shouldn't be too small so if this tracks you can assume it gets bigger if you care about an open metaverse you have a seat at the table if you become a member of the dao you have a voice at the table you can make decisions with us we are building developing technology that can be used openly so if you're a game developer and you use unity or unreal we will open the beta this month later and then we move directly into what's called a game jam so a global hackathon for game developers where we just go through a giant exploration of what is possible i mean you think about gaming i always said the early adopters of all technology and the old web one was porn and that was because they were they were agnostic of vendor pitches or whatever is it made money they've worked we don't tell them we've always been first we don't tolerate vaporware gaming is now the new area where it is so the audience doesn't want vapor they want it to work they want technology to be solid they want community so it's now the new arbiter so gaming is the pretext to metaverse clearly gaming is swallowing all of media and probably most of the world and this game mechanics under the hood and all kinds of underlying stuff now how does that shape the developer community so like take the classic software developer may not be a game developer how do they translate over you seeing crossover from the software developers that are out there to be game developers what's your take on that it's an interesting question because i come to a lot of these events and the entire web 3 movement is web developers it's in the name yeah right and we have a whole wave of exploration and nfts being sold of people who really love games they're they're players they're gamers and they're fans of games but they are not in the skill set of game development this is a whole discipline yeah it's a whole expertise right you have to understand ik retargeting rigging bone meshes and mapping of all of that stuff and environment building and rendering and all these things it's it's a stacked skill set and we haven't gone through any exploration yet with them that is the next cycle that we're going to and that's what i've spent the last three or four years preparing for yeah and getting the low code is going to be good i was saying earlier to the young gun we had on his name was um oscar belly he's argo versus he's 25 years old he's like he made a quote i'm too old to get into esports like 22 old 25 come on i'd love to be in esports i was commenting that there could be someone sitting next to us in the metaverse here on tv on our digital tv program in the future that's going to be possible the first party citizenship between physical experience absolutely and meta versus these cameras all are a layer in which you can blend the two yeah so that that's that's going to be coming sooner and it's really more of the innovation around these engines to make it look real and have someone actually moving their body not like a stick figure yes or a lego block this is where most people have overlooked because what you have is you have two worlds you have web 3 web developers who see this opportunity and are really going for it and then you have game developers who are resistant to it for the most part they have not acclimated to this but the game developers are more of the keys to it because they understand how to build worlds yeah they do they understand how to build they know what success looks like they know what success looks like if you if you talk about the metaverse with anyone the most you'll hear is ready player one yeah maybe snow crash but those things feel like games yeah right so the metaverse and gaming are so why are game developers um like holding back is because they're like ah it's too not ready yet i'm two more elite or is it more this is you know this is an episode on its own yeah um i'm actually a part of a documentary if you go to youtube and you say why gamers hate nfts there's a two-part documentary about an hour long that robin schmidt from the defiant did and it's really a very good deep dive into this but i think we're just in a moment in time right now if you remember henry ford when he he produced the car everybody wanted faster horses yeah they didn't understand the cultural shift that was happening they just wanted an incremental improvement right and you can't say that right now because it sounds arrogant but i do believe that this is a moment in time and i think once we get through this cultural shift it will be much more clear why it's important it's not pure speculation yeah it's not clout it's not purely money there's something happening that's important for humanity yeah and if we don't do it openly it will be more of a problem yeah i totally agree with you on that silent impact is number one and people some people just don't see it because it's around the corner visionaries do like yourselves we do my objective over the next say three to six months is to identify which game developers see the value in web 3 and are leaning into it because we've built technology that solves interoperability between engines mapping ownership from wallets all the sort of blueprints that are needed in order for a game developer to build this way we've developed that we just need to identify where are they right because the loudest voices are the ones that are pushing back against this yeah and if you're not on twitter you don't see how many people really see this opportunity and i talked to epic and unity and nvidia and they all agree that this is where the future is going but the one question mark is who wants it where are they you know it's interesting i talked to lauren besel earlier she's from the music background we were talking about open source and how music i found that is not open it's proprietary i was talking about when i was in college i used to deal software you'd be like what do you mean deal well at t source code was proprietary and that started the linux movement in the 80s that became a systems revolution and then open source then just started to accelerate now people like it's free software is like not a big deal everyone knows it's what it was never proprietary but we were fighting the big proprietary code bases you mentioned that earlier is there a proprietary thing for music well not really because it's licensed rights right so in the metaverse who's the proprietary is it the walled garden is the is it is it the gamers so is it the consoles is it the investment that these gaming companies have in the software itself so i find that that open source vibe is very much circulating around your world actually open maps in the word open but open source software has a trajectory you know foundations contributors community building same kind of mindset music not so much because no one's it's not direct comparable but i think here it's interesting the gaming culture could be that that proprietary ibm the the state the playstation the xbox you know if you dive into the modding community right the modding community has sort of been this like gray area of of gaming and they will modify games that already exist but they do it with the values of open source they do it with composability and there's been a few breakthroughs counter-strike is a mod right some of the largest games of all time came from mods of other games look at quake had a comeback i played first multiplayer doom when it came out in the 90s and that was all mod based exactly yeah quake and quake was better but you know i remember the first time on a 1.5 cable mode and playing with my friends remember vividly now the graphics weren't that good but that was mod it's mod so then you go i mean and then you go into these other subcultures like dungeons and dragons which was considered to be such a nerdy thing but it's just a deeply human thing it's a narrative building collective experience like these are all the bottom-up type approaches modding uh world building so you're going to connect so i'm just kind of thinking out loud here you're going to connect the open concept of source with open meta bring game developers and software drills together create a fabric of a baseline somewhat somewhat collected platform tooling and components and let it just sell form see what happens better self form that's your imposing composability is much faster yeah than a closed system and you got what are your current building blocks you have now you have the wallet and you have so we built an sdk on both unity and unreal okay as a part of a system that is a protocol that plugs into those two engines and we have an inventory service we have an avatar system we basically kind of leaned into this idea of a persona being the next step after a pfp so so folks that are out there girls and boys who are sitting there playing games they could build their own game on this thing absolutely this is the opportunity for them entrepreneurs to circumvent the system and go directly with open meta and build their own open environment like i said before i i like to own the things i built i've had that entrepreneurial lesson but i don't think in the future you should be so okay with other companies or other intermediaries owning you and what you build i think i mean opportunity to build value yeah and i think i think your point the mod culture is not so much going to be the answer it's what that was like the the the the dynamic of modding yes is developing yes and then therefore you get the benefit of sovereign identity yeah you get the benefit of unbanking that's not the way we market this but those are benefits that come along with it and it allows you to live a different life and may the better product win yeah i mean that's what you're enabling yeah ryan thanks so much for coming on real final question what's going on here why are we here in monaco what's going on this is the inaugural event presented by digital bits why are we here monaco crypto summit i'm here uh some friends of mine brittany kaiser and and lauren bissell invited me here yeah i've known al for for a number of years and i'm just here to support awesome congratulations and uh we'll keep in touch we'll follow up on the open meta great story we love it thanks for coming on okay cube coverage continues here live in monaco i'm john furrier and all the action here on the monaco crypto summit love the dame come back next year it'll be great back with more coverage to wrap up here on the ground then the yacht club event we're going to go right there as well that's in a few hours so we're going to be right back [Music] you