(upbeat music) >> Instructor: From around the globe. It's theCUBE covering Google Cloud Next OnAir 20. >> Welcome to theCUBE's coverage, virtual coverage of Google Next OnAir. I'm John for host theCUBE, We're here in Palo Alto California, for our remote interviews, part of our quarantine crew, getting all the stories that matter, Google Next OnAir, continuous event through the summer. We're calling it the summer of cloud. We've got two great guests here. Sunil Potti general manager and vice president of cloud security at Google Cloud. and Orion Hindawi co founder and CEO of Tanium. Gentlemen, thank you for coming on today, appreciate it. Great event you guys have on the continue. I'll call it the summer cloud. It's a lot of events that Google's having, So you guys and your team are doing a great job, but there's some hard news. You guys are announcing an expanded partnership together. Sunil tell us what is the news today. >> John, first of all, great to see you again, love being on theCUBE any time, and it's my honor to actually share the stage this time around with Orion and the Tanium team. So essentially what we're announcing today, is the fact that, as most of you know, especially in the new normal with a distributed workforce, and potentially it being the safer normal, down the road it presents, an unprecedented opportunity, I think in our opinion, that we can use this to accelerate potentially safer posture that otherwise would have taken years to build into the enterprise ecosystem that we could now bring forward, in a potentially, you know, in the year 2020 or 2021. So the primary announcement, is based on the fact that, Tanium's, you know, core enterprise offering and Google clouds, chronicle offering are coming together, to build a full stack offering for endpoint detection and response so that customers can have an end to end offering. That's both powerful, and you know, easy to use. All the way from the detection, response, remediation and analytics, all built together into one seamless, easy to consume offering for the global enterprise and being delivered in such a way that it can take into account organizations of thousands of employees or hundreds of thousands of employees. All by the same cloud native solution. >> All right how about why you're excited about this deal. What's different about it. Obviously there's a relationship here, what's so exciting about this story. >> Yeah, I think, you know, Orion to comment as well, but look, I think the key thing that we sort of partnered on initially was a customer driven, you know, technology centric integrations, where, you know, we went deep from a chronical perspective, to ensure native integration, between Tanium products to send signals, out of the box, as well as curated, enhanced, enriched, so that they could be actionable responses taken by Tanium solutions as well on behalf of security analysts, as part of our journey, to kind of reinvent the SOC of the future. Right? And so essentially, it's been a deliberate effort by both teams to not provide incremental integrations, but something that offers a reimagined safety posture, especially that's enhanced, I would say amplified, in a world where pretty much every employee, is essentially a tech director now. But otherwise was not the case, when they were working in a normal enterprise office. >> All right, what's your take on this? I'll say what's different I'll say big news. >> Sure, yeah. I mean, if you look at why we decided that Google would have been the perfect partner for us, we have very large enterprises. We work with about 70 of the fortune 100, the USOD, a lot of these very large environments, and many of them were coming to us and telling us two things. The first one was the amount of data, that they were generating, that they needed to be able to process and analyze and be able to find insight from, was going exponentially up. And the second one was, in the new kind of post COVID world, the amount of work from home risks that they were seeing, and the kind of perfection they needed to achieve, on finding threats quickly and neutralizing them was actually also going up. And so between those two things, we started really looking for a partner, that we could accelerate with, to provide our customers with true world-class data analytics, retention, being able to visualize that data and then being able to act on that data through Tanium. And I think that the partnership that we've struck with Google and the work we've done with them, to make this seamless for our customers, to make it scale really well, even for the largest managed networks, is something we're really proud of. >> What's the history between Chronicle and Tanium. What's the, how far back does it go, and how would you guys categorize this time and point in time in terms of evolution of that partnership? >> So maybe I'll take a stab Sunil, then you can take one as well, you know. We've been working with Chronicle now for over a year. And we've got customers, who kind of pointed us in this direction, which is how we love to start partnerships. We had some customers who had a lot of faith, that Google was going to be able to crack this nut. And honestly many of our customers had been really struggling with this, with their current vendors at the time, for years. And we're really looking for Google, because Google was the company, that they saw as having the most credibility with massive, massive data sets. What we got surprised by actually, was that there were a bunch of different legs of the stool, that we could work with Google on. So not only data retention of Chronicle, but things like zero trust, which I think many people know Google actually invented the concept of. When we start thinking about thin client management. So we actually found that, there's a really expansive partnership here. And what we're doing with Chronicle, I think is the first kind of instantiation of that. But we expect that over the next even years, we've got a lot of room to run with Google, to really secure and help our customers. >> Sunil talk about the wave that you're riding on right now. 'Cause obviously the reality is, I won't use the term new normal, but the new reality is, COVID has forced everyone to look at basically an unexpected disruption that no one saw coming. Yeah, we can prepare for disasters and floods and hurricanes and whatnot, but this is unforeseen everybody working at home. I mean, I can imagine all the VPN vendors, freaking out who even needs a VPN. So, you know, the access methods is everything, it's mobile, home, home is the new office. It's not just, you know, connect to an access point, my son's gaming, my daughter is watching Netflix. I'm trying to do some video conferencing and it's a mix of consumer business all happening. This is a complex environment now. What does this mean? This relation, how does this connect the dots? Can you, can you expand on that. >> Yeah, I mean I think I hinted on this a little bit at the beginning John, is that, we think, you know, this is an, you know, an unprecedented opportunity to help accelerate digital transformation, that otherwise would have taken a few years for many enterprises to get to. That can now be done potentially in months and for some customers maybe even in weeks. And some examples of that, that we've seen are that, look, if you just took, if you just take Google as an company, to Orion's point, look, we invested many years worth of technology and IP that now we're slowly bringing out in the form of BeyondCorp product sets. But essentially of the fact that look, we should treat every employee as if they were a remote worker. We don't trust the network, we basically break transitive properties, which was one of the foundational issues with security in the enterprise, where I trust a network and the network is trusted by a desktop. And then if you penetrate one, you can penetrate everything else in the chain. And so when COVID hit, we went from essentially pretty much, a hundred thousand plus employees, working in distributed headquarters, but within the Google environment, to working from home within a week later, but retained the same sort of like, not productive the levels just, but actually the same safety levels that were much stronger. And so in many cases, what we are announcing, is that even though enterprises have come forward and said, look, yeah, we have some PaaS work solutions, just because this is a major change for us. Now that we are in it, for not just three months or six months, but potentially a longer period of time. Why not take the opportunity to replatform our security environments, so that we can actually be in a better state, when we actually exit out of this. We might actually never go back full time, but it can actually be a hybrid environment. So that's part of the reason, why I think we are so jazzed about the partnership, is that these are two examples, of products coming together to help replatform, at least one sets of, you know, traditional, if I can call it weaklings in the security ecosystem, that can now be sort of like replatformed. >> I was doing an interview actually last week, and I was kind of riffing on this idea. This is one big IoT experiment. I mean, people are devices here and everyone's connected, but it's all remote. It's changed the patterns of work and traffic and all kinds of paradigms. But this brings up the issue of the customer challenge. Everyone's going to look up their environment saying, look at, we now know the benefit of cloud it's clear. But I got to rethink the projects that are on the table, and get rid of the ones, that aren't going to be relevant, to where the world has shifted. It's not even a question of digital transfer. It's like, okay, what am I doubling down on. And what am I going to eliminate from the picture. So I've got to ask you guys, if you guys can comment, if I'm a customer that's what's going through my head, I got to survive, reinvent the foundation, and come out with a growth strategy, with a workforce, workplace, workloads, and workflows that are completely different. What's in it for me. What does this mean to me. This partnership, so how do you help me. What's in it for me. >> So I might take a stab at that, you know, I think that a lot of our customers, if we look at where they were at the beginning of the year, they'd been building on a pretty creaky foundation and just adding more and more layers to it. So, you know, in the security side, many of our customers have 20 or 30 or 50 different tools. And many of them are there, because they were there yesterday. They're not actually, if you were going to zero base budget, the way you were going to do security, they wouldn't be the tools you'd choose. And the interesting thing about this whole work from home transition, it is effectively a zero based budget for security, because a lot of the tools just basically don't work. So you think about a lot of the network tools, and when everybody's working from home, you don't own the network. You think about a lot of even the endpoint tools, that assumed that devices would be behind that network perimeter, and now just don't work over the internet. And so when we look at our customers, they're realizing they have to replatform, their security model, anyway. And what they're doing is they're now picking again. And what they get to do is they get to pick the platforms that they now trust in 2020, with the work from home environment as it is. And I think what it gives you as a customer, is a huge simplification of your environment. I mean, we talk to people every day, who were used to operating those 20 or 30, 50 tools, and they were spending 90% of their energy just operating those tools, not actually improving security and they were falling behind. If you look at what they're able to do now, they actually can go back to a starting point, where they think about what is the real threat I'm facing. What are the real platforms, I should be choosing today. And we're actually seeing huge increases, in our customer kind of adoption of our platform because that resistance to change, has been removed. People can't resist change anymore, change has come, and as a result of that, they get to choose what they would like now. >> That's a huge point, I want to just double down on that and redirect, and then we'll go to Sunil and his commentary, but I think you just hit the nail on the head. We're seeing the same kind of commentary. You said it really eloquently, but the thing is that, okay, let's just, if you believe what you just said, which I do going into zero base budgeting decisions, fresh look and everything. The problem is people are looking at the decisions and comparing what the bells and whistles were from the tools. So how do you advise customers to rethink like, okay, if it's a fresh look, it's a fresh look. It's not like, okay, the way we did it before, so a lot of times when you were evaluating products, a group gets to say, it doesn't have this bell or this whistle, 'cause that's the way we did it before. So you got to kind of separate out, this idea of you're got to go that direction. It's a full, fresh look. So how are customers doing that, 'cause that's really difficult. >> It's a super relevant question for today's world, because I think you're absolutely right. If you talk to the person who operated the compliance tool in a big bank, and you ask them, what do you need from that tool? They very quickly get the things, that if you just take the question, which is, I need to do compliance for the bank, what do I need to do compliance effectively? And you look at the answer that they give you, which is I need this check box here. I need this button here. I need this kind of minutiae that I'm used to, to be consistent with what I've been used to, for the last 10 years. Those two things are not the same. And what we've really been encouraging our customers to do is take a look back at your requirements. So you are processing credit cards, you need to be PCI regulated. You need to be able to answer to your vendors, how many copies of their software you're using. You need to be able to find an attacker, who's moving around your environment, and do that as quickly as possible. And then let's build from there what capabilities you need. And let's forget about whether the color scheme, of the logo at the top of the report is the same. Let's talk about the core capabilities. And it's a very freeing conversation actually, because what a lot of people start realizing, is they've been maintaining the status quo, for reasons that actually have nothing to do with efficacy, they have to do with comfort. And the curse and the beauty of the last six months, is no one's comfortable. So I don't care how comfortable you are with your tools. No one I know is comfortable today. And what it's giving us, is an opportunity to look past the old school comfort and think about how do we transition to the future. And I think it's actually going to galvanize a lot of positive change. You know, I was saying this before we went on air, but I don't think anybody wished, that COVID was the way, that we would end up in a position, where people have the appetite for change. But if there's a silver lining in the situation, that's it. And I really think that the CIOs and CEOs and CFOs and CSOs, really across the board, need to take advantage of the fact, that there's a discontinuity here, that allows us to throw out the old, and bring in things that are much more effective. >> Sunil that's some great tea up for you, because what he's saying basically saying is if you don't focus on the check boxes, because it was reasons why, and they'll give you, there's a long list, probably RFPs are the same way, we check in the boxes, okay, throw that out. And then you can, by the way, you can innovate on those check boxes differently, but still achieve the same outcome. I get that. But for Google Cloud, you guys have a great network. It's well known in the industry. Google's got a phenomenal network, hence powering Android and all the servers. We know that, with a cloud player, this is a great opportunity for you guys to be a fresh candidate for this kind of change. How are you guys talking about this internally? Because this really is, the goalposts have been moved and in favor of who can deliver. >> I think as both of you have been talking about, I think, look, I think the way I will, you know, maybe color this is, you know, when consumers got to a safer posture with the advent of iPhone, right? Even though it was much more productive, delightful, and there's a bunch of other things, ultimately though, if anything, things became safer, when you actually did computing on a phone. Just because it was an opinionated stack. Ultimately we believe, whether you come to cloud completely or you consume some stacks, the more opinionated they are, that's ultimately the only way, to reduce these moving parts that expose us to security issues. And that principle applied by the way in reliability too, right? I mean, you have to simplify stuff for things to actually work at six nines and so forth. So same things, apply in security. So imagine a world, where every employee now is sitting at home, maybe two years from now, they come back, they work in the Starbucks, but we had a virtual Chromebook experience, because a physical Chromebook of course, it's a goal to kind of get that out there, because on one hand we have the cloud, which is a full stack opinionated offering, but there's various elements of computing, still dispersed in the environment. And you were talking about IoT. Eventually we will get there, but just look at the employee's laptop, but productivity station and imagine the construct of a virtual Chromebook off, and that's an opinionated stack. And that's essentially a variant of what the joint offering between the two companies is essentially, you know, sort of aspiring to, is to provide that level of, you know, clarity and opinionation, that actually genuinely solves for some foundational security issues. And in doing so, you now have, an opinionated stack close to the user, the enterprise user is an opinion stack via mobile phones, close to the consumer user. And for all enterprises from a computing side, there's an opinion stack, whether it be Google or some of the other public clouds, right? And ultimately I think the world will move, into these few sets of these opinionated stacks at various points of control. And at least this particular partnership, is around making the first step towards, potentially one of those opinionated stacks, virtual Chromebook like experience, for the enterprise use. >> And I think this is the beginning, of the wave of the reality, that the edge of the network, whatever you want to call it. And you see this with end point detection, right I mean, everything's an endpoint now. I mean, I still think every, this is one big IoT device, and everything is just moving around. So zero trust is a big part of it, Google cloud, and this relationship kind of brings that to the next level. How does zero trust, attaining a mission intersect here. Because I mean, I see some obvious ones, we just talked about it, but what's the connection. >> Yeah, I think we'll hopefully, you know, talk more about it later in the year, as well as we can to come out with more integrations. But at the high level, I think the way to think about this would be, imagine that device as you were talking about, having an ability to actually send a strong set of signals, not just for detection and response, but for actually enforcing, you know, authentication and authorization as well, because ultimately identity needs to intersect, with the current stack, that we currently have between the two companies. And so when identity of the user, identity of the device, identity of you know, the context in which, you know, someone actually allows a user to access an application, these are all net new things, that need to be brought into the solution. We cannot then provide both the, you know, not just a safe way to kind of provide an, you know, an endpoint detection and response kind of opinion stack, but also essentially meet that part of an uber zero trust offering, that a customer can consume to ensure that look, you know, ultimately look, it doesn't really matter whether the employees at home they're using their own laptop. They're at Starbucks. They can come back to work, but ultimately they have this virtualized, sort of security ring, that protects and always constantly authorizes authenticates and provides a bunch of this security operations capabilities. So anyway, the simple answer is, you know, once we intersect identity, and a slew of BeyondCorp capabilities, into the current offering, that's how the next step towards, a more formidable zero trust offering force. >> Okay, Orion I'd love to get your thoughts, but if you both can answer question, that'd be great. I'd love to get your thoughts, a little gamification here. If you had to put the headline out on this news. Not the one on the press release, that's like perfectly written, like, I mean, bumper sticker. what is the real meaning, of this relationship in this news? If you had to put a headline out there, I think Washington, think New York post style maybe, or you know, something that can describe the news. >> I mean, I will admit, I am not known for being good at soundbites, so, I'll give you the one sentence, and you can help me pare it down. But I mean, really what it is, is I think Tanium got, the highest fidelity and point visibility and control out there. And I think Google's got the best data storage analytics retention cross-referencing we've ever seen. And when you combine those two things, it's incredibly powerful, for our enterprise users, and we've already seen customers, where it's been transformative. >> So you need a headline, that's good though , that's fine. You know, point projection solid. >> I think it's a much more descriptive nature, frankly, but I think my logical tagline, that I just keep, you know, sort of like the sound, but soundbite that I keep referring to is. Looking out the world needs a virtual Chromebook, to really feel safe at an end point level. And this is sort of like the first instantiation, of that core stack, that can at least get enterprise to start on that journey. >> You know, I think you guys run something really big here. And one of my personal observations, is one is the complexity of the telemetry coming, and I can see how you would go in there and connecting the dots between Google's backend, and your stuff coming together. You need to have that high powered energy, from the resource, but also there's a human element. People are working at home, whether you're a teacher, you're getting fished their spear fish, to targeted social engineering. So as people come home, and there's now multiple access points, there's more surface area. So every single endpoint needs to be protected. And I think people are kind of in the normal world, or outside of the tech industry saying, Oh, I get it now. We're not really protected. And this is not just sensor networks, or, you know, OT technology, you know, OT, it's really humans. And this is really where it's going. Isn't it guys? >> Okay. >> You should take it there, look, I think we do have a foundational principle here, which says, look as demonstrated in a postcode world, but your point John, or whether it be IoT, just distributed computing in general continues to expand. We should just assume, that the surface area for security issues only expense, right? And rather than trying to kind, of do a vacuum all of the surface area, what if you could take a foundational approach, that actually breaks the relationship, between expanded surface area means expanded exposure to PaaS. And so essentially the same approach that we took, with zero trust, which is, look, we just know we're going to get broken into. So just don't assume that your network is not safe, but still have a secure posture. Right? How did that come to be? I think if we can just apply that, more generally into this construct of a distributed enterprise, which says, look, the surface area is going to keep going, but let's break that correlation between surface area. Let's buy a more foundational construct, that says, look, it doesn't matter, if today, as you said this your device, tomorrow, it could be, you know, your son's laptop, that you use to actually log into your network and so forth. But ultimately though, it doesn't matter who you are, where you're accessing it from, what device you're using, or what network you're using, or which location, the safety posture is still very strong. >> That's awesome. >> Yeah. I will just add you're absolutely right. I mean, if you look at a customer, I'm thinking about today and I just heard this from their CIO, a couple of days ago, but they have one and a half million things, they're protecting today. They expect to have over 150 million in five years. And so you look at containerization, cloud mobility, all the work from home stuff. It's just going to make this a more and more complex, highly variant problem. We need to expect that. And I think a lot of people are very frustrated, that at the time, that expansion is happening, the network essentially did become a control point. You couldn't trust anymore. So the thesis that Google had around zero trust, actually became our entire world for most enterprises. When you look at that, we do owe our customers quantum jumps in capability, or they're just not going to catch up. And I think that the theoretical approach that we're taking here between Google and Tanium, lets our customers take one of those quantum jumps, where they're going to be seeing a lot more, they're going to be able to trust it a lot more. They're going to be able to allow devices, to have access to things, based on their current state and based on believing that we can extrapolate, whether their security on that device accurately. And that's something that I think a lot of customers have just never been able to do before. And frankly, I think it takes companies like this, to pair up and really invest in joining their technologies to be able to get that fabric that will get our customers materially forward. And you know, I'll just say one other thing, many of our customers have to literally like, you know, three or four months ago, we're in a position, where they were spending 60 or 70% of their security budgets on network. There's nowhere to spend that money today. That's actually productive. It gives them the ability to refactor what they're doing and the obligation to do it, because if they don't do it, I think is, you know, I was describing with the amount of increased assets, the amount of complexity, the lack of network control. If they don't do it, looking at the amount, of threat our customers are facing today, they're going to be under water really quickly. And so, you know, I'm proud that we get to get together here and give them a big step forward. And you know, I think there's an obligation on our industry, not to try and rewarm the same stuff, we've been doing for the last 20 years, and try and serve it to our customers again, but to really rethink the approach because it is a different world. >> Sunil you've been involved in a very, a lot of entrepreneurial ventures. You've been on these waves, that were misunderstood and then became understood. This is what we're getting at here. And what he's saying, essentially new expectations. We're going to drive that experience and then ultimately drive the demand, and people will either be out of business or in business. If you're a supplier, I'll give you the final word, you guys are in good positions. >> Especially in security John, more so than maybe any other infrastructure space, that I've been involved in. Most products have been built to solve problems with other products. And Orion just pointed out, I think this opportunity gives enterprises, clarity and vendors, clarity that look, you really have to take, you know, foundationally original approach, to solve problems, that can get customers to, if I can call it a function change, in their current safety posture. Right? And so that's really the core essence of the partnership is to sort of, rather than worrying about solving problems, with other products and so forth, is to use this opportunity, like I said, you have an opinionated view, to fundamentally change, the security posture of the endpoint once and for all. >> Well gentlemen, congratulations, on a great partnership, expanded partnership. Again, the world has changed. I love this fresh look. I think that's totally right on the money. New reality we're here. Thanks for you taking the time, to remote in from Seattle and the Bay area. Great to see you again at Google cloud. Thanks for coming in or a nice to meet you, and good luck with everything. >> Thank you. >> Thank you. >> Okay, this is theCUBE coverage, CUBE virtual coverage of Google OnAir next 2020. It's all virtual, virtualization has come in, and don't trust the network. You know, you got to watch those end points. Here with Google and Tanium great partnership news. I'm John for your host of theCUBE. Thanks for watching. (upbeat music)

>> Live from San Francisco. It's the Cube. Covering Google Cloud Next '19. Brought to you by Google Cloud and its ecosystem partners. >> Hey welcome back, everyone, we're your live coverage with the Cube here in San Francisco for Google Cloud Next 2019. I'm John Furrier, my co-host Stu Miniman. I've got two great guests here from Google. Guemmy Kim, who's a group product manager for Google, Google Security Access and Christiaan Brand, Product Manager at Google. Talking about the security key, fallen as your security key and security in general. Thanks for joining us. >> Of course, thanks for having us. >> So, actually security's the hottest topic in Cloud and any world these days, but you guys have innovation and news, so first let's get the news out of the way. All the work, giz, mottos, all of the blogs have picked it up. >> [Christiaan Brand] Right. >> Security key, titan, tell us. >> [Christiaan Brand] Okay, sure. Uh, high votes on Christiaan. So uh, last year and next we introduced the Titan Security Key which is the strongest form of multifactor certification we offer at Google. Uh, this little kind of gizmo protects you against most of the common phishing threats online. We think that's the number one problem these days. About 81% of account breaches was as a result of phishing or bad passwords. So passwords are really becoming a problem. This old man stat uh making sure that not only do you enter your password, you also need to present this little thing at the point in time when you're logging in. But it does something more, this also makes sure that you're interacting with a legitimate website at the point in time when you're trying to log in. Easy for users to fool victim to phishing, because the site looks legitimate, you enter your username and password, bad guy gets all of it. Security key makes sure that you're interacting with a legitimate website and it will not give away it's secrets, without that assurance that you're not interacting with a phishing website. >> [Christiaan Brand] News this week though is saying that these things are really cool and we recommend users use them. Uh, especially if you're like a high-risk individual or maybe an enterprise user or acts sensitive data you know Google call admin. But what we're really doing this week is we are saying "okay this is cool" but the convenience aspect has been a bit lacking right? Uh, I have to carry this with me if I want to sign in. This week we are saying this mobile phone, now also does the exact same thing as the Security Key. Gives you that level of assurance, making sure you're not interacting with the phishing website and the way we do that is by establishing a local Bluetooth link between the device you're signing in on and the mobile phone. It works on any Android N so Android 7 and later devices this week. Uh and essentially all you need is a Google account and a device with Bluetooth capability to make that work. >> Alright, so, we come to a show like this and a lot of people we geek out as like okay what are the security places that we are going to button, the cloud, and all of these environments. We are actually going to talk about something that I think most people understand is okay I don't care what policies and software you put in place, but the actual person actually needs to be responsible and did you think about things? Explain a little bit what you do, and the security pieces that you know individuals need to be thinking about and how you help them and recommend for them that they can be more secure. >> In general, yeah, I think one of the things that we see from talking to real users and customers is that people tend to underestimate the risks that they are under. And so, we've talked to people like people in the admin space or people who are in the political space and other customers of Google cloud. And they are like, why do I even need to protect my account? And like, we actually had to go and do a lot of education to actually show them that they're actually in much higher risk than they think they are. One of the things that we've seen over time, is phishing obviously is one of the most effective ways that people's accounts get compromised and you have over 70% of organizations saying that they have been victims of phishing in the last year. Then the question is, how do we actually then reduce the phishing that's happening? Because at the end of the day, the humans that are in your organization are going to be your weakest link. And over time, I think that the phishers do recognize that and they'll employ very sophisticated techniques and to try to do that. And so what we tried to do on our end is what can we do on from an algorithmic and automatic and machine side to actually catch things that human eye can't catch and Security Key is definitely one of those things. Also employed with a bunch of other like anti-phishing, anti-spear phishing type things that we will do as well. >> This is important because one of the big cloud admin problems has been human misconfiguration. >> Yeah. >> And we've seen that a lot on Amazon S3 Buckets, and they now passed practices for that but this has become just a human problem. Talk about what you guys are doing to help solve that because if I got router, server access I can't, I don't want to be sharing passwords, that's kind of of a past practices but what other tech can I put in place? What are you guys offering to give me some confidence if I'm going to be using Google cloud. >> Yeah well, I think one of the things is that as much as you can educate your workforce to do the right things like do they recognize phishing emails? Do they recognize that uh, you know this email that is coming from somebody who claims is the CEO, isn't and some of these other techniques people are using. Uh again, like there's human fallacy, there's also things that are just impossible for humans to detect. But fortunately, especially with our Cloud Services, we have very advanced techniques that administrators can actually turn on and enforce for all of the users. And this includes everything from advanced, you know malware and phishing detection techniques to things like enforcing security keys across your organization. And so we're giving administrators that power to actually say, it's not actually up to individual users, I'm actually going to put on these much stronger controls and make it available to everybody at my organization. >> And you guys see a lot of data so you have a lot of collective intelligence across a lot of signals. I mean spear phishing is the worst, it's like phishing is hard to solve. >> [Christiaan Brand] If you think about we have a demo over here just a couple of steps to the right here uh, where we take users through kind of what phishing looks like. Uh, we say that over 99.99% of kind of those types of attack will never even make it through right? The problem is spear phishing as you said, when someone is targeting a specific individual at one company. At that point, we might have not seen those signals before uh that's really where something like a Security Key kind of comes in. >> That's totally right. >> [Christiaan Brand] At that very last line of defense and that's basically what we are targeting here that .1% of users. >> Spear phishing is the most effective because it's highly targeted, no patter recognition. >> Yeah >> So question, one of the things I like we are talking about here is we need to make it easier for users to stay secure. You see, too often, it's like we have all these policies in place and use the VPN and it's like uh forget it, I'm going to use my second phone or log in over here or let me take my files over here and work on them over here and oh my gosh I've just bypassed all of the policy we put in place because you know, how do you just fundamentally think about the product needs to be simple, and it needs to be what the user needs not just the corporate security mandate? >> Yeah, I mean that's a great question. At Google we actually try a nearly completely different way of like kind of access to organizational networks. Like, for example Google kind of deprecated the VPN. Right? So for our employees if we want to access data uh on the company network, we don't use VPNs anymore we have something called kind of BeyondCorp that's like more of a kind of overarching principle than a specific technology. Although we see a lot of companies, even at the show this year that doing kind of technology and product based on that principle of zero trust or BeyondCorp. That makes it really easy for users to interact with services wherever they are and it's all based on trust on the endpoint rather than trust on the network, right? What we've seen is data breaches and things happen you know? Malicious software crawls into a network and from that point it has access to all of the crown jewels. What we are trying to say is like nowhere in being at a privilege point in the network gives you any elevated access. The elevated access is in the context that your device has, the fact that is has a screen lock, the fact that it's maybe issued by your corporation, the fact that it's approved, I don't know, the fact that is has drive instruction turned on, uh you know it's coming from a certain you know location. Those are all kind of contextual signals that we use to make up this uh, you know, our installation of BeyondCorp. This is being offered to customers today, Security Keys again, plays a vital part in all of that. Uh, you know there's trust in the end point, but there's also trust in authentication. If the user is really who they say they are, uh and this kind of gives us that elevated level of trust. >> I think this is a modern approach, that I think is worth highlighting because the old days we had a parameter, access methods were simply, you know, access servers authenticated in and you're in. But you nailed, I think the key point which is: If you don't trust anything and you just say everything is not trustworthy, you need multi-factor authentication. Now, this is the big topic in the industry because architecturally you have to be set up for it, culturally you got to buy into it. So kind of two dimensions of complexity, plus you're going down a whole new road. So you guys must do a lot more than just two factor, three factor, you got to imbed it into the phone. It could be facial recognition, it could be your patterns. So talk about what MFA, Multi-factor Authentication, how's it evolving and how fast is MFA evolving? >> Well, I think the point that you brought up earlier, that it actually has to be usable. And when I look at usability, it has to work for both your end users as well as the idea administrators who are uh putting these on for the systems and we look at both. Uh, so that's actually why we are very excited about things like the built in security key that's on your phone that we launched because it actually is that step to saying how can you take the phone that you already have that users are already familiar using, and then put it into this technology that's like super secure and that most users weren't familiar with before. And so it's concepts like that were we try to merry. Uh, that being said, we've also developed other kind of second factors specific for enterprises in the last year. For example, we are looking at things like your employee ID, like how can an organization actually use that were an outside attacker doesn't have access to that kind of information and it helps to keep you secure. So we are constantly looking at, especially for enterprises, like how do we actually do more and more things that are tailored for usability for both support cause, for the IT organization, as well as the end users themselves. >> Maybe just to add to that, I think the technology, security keys, even in the way that it's being configured today which is built into your phone, that's going into the right direction, it's making things easier. But, I think we still think there's a lot that can be done uh to really bring this technology to the end consumer at some point. So, we kind of have our own interval roadmap, we are working towards in making it even easier. So hopefully, by the time we sit here next year, we can share some more innovations on how this has just become part of everyday life for most users, without them really realizing it. >> More aware of all brain waves, whatever. >> Full story. Yup, yup, yup. >> One of the things that really I think struck a cord with a lot of people in the Keynote was Google Cloud's policy on privacy. Talk about, you on your data, we don't uh you know, some might look and say well uh I'm familiar with some of the consumer you know, ads and search and things like that. And if I think about the discussion of security as a corporate employee is oh my gosh they're going to track everything I am doing, and monitoring everything I need to have my privacy but I still want to be secure. How do you strike that balance and product and working with customers to make sure that they're not living in some authoritarian state, where every second they're monitored? >> That's a good question. Kim if you want to take that, if not I'm happy to do. >> Go ahead. >> Alright, so that is a great question. And I think this year we've really try to emphasize that point and take it home. Google has a big advertising business as everyone knows. We are trying to make the point this year, to say that these two things are separate. If you bring your data to Google Cloud, it's your data, you put that in there. The only way that data would kind of be I guess used is with the terms of service that you signed up for. And those terms of service states: it's your data, it'll be access the way that you want it to be access. And we are going one step further with access transparency this year alright. We have known something where we say well even if a Google user or Googler or Google employee needs access to that data on your behalf, lets say you have a problem with storage buckets, right, something is corrupted. You call uh support and say hey please help me fix this. There will be a near real time log that you can look at which will tell you every single access and basically this is the technology uh we've had in production for quite some time internally at Google. If someone needs to look... >> Look at the data. >> Right, exactly right if I need to look at some you know customers data, because they followed the ticket and there's some problem. These things are stringently long, access is extremely oriented, it's not that someone can just go in and look at data anywhere and the same thing applies to Cloud. It has always applied to Cloud but this year we are exposing that to the user in these kind of transparency reports making sure that the user is absolutely aware of who's accessing their data and for which reason. >> And that's a trust issue as well, it's not just using the check and giving them the benefit... >> [Christiaan Brand] Absolutely. >> But it's basically giving them a trust equation saying look they'll be no God handle access... >> Right, right, exactly. >> You heard with Uber and these other stories that are on the web, and that's huge for you guys. I mean internally just you guys are hardcore on this and you hear this all the time. >> Yeah uh >> Separate building, Sunnyvale... >> No, not separate building. But you know uh, so I've worked in privacy as well for a number of years and I'm actually very proud like as a company I feel like we actually have pushed the floor front on how privacy principles actually should be applied to the technology uh and for examples we have been working very collaboratively with regulators around the world, cause their interest is in protecting the businesses and the citizens kind of for their various countries. And uh we definitely have a commitment to make sure that you know, whether it's organization's or individuals like their privacy actually is protected, the data is secure, and certainly the whole process of how we develop products at Google like there's definitely privacy checkpoints in place so that we're doing the right thing with that data. >> Yeah, I can say I've been following Google for a long time. You guys sometimes got a bad rep because it's easy to attack Google and you guys to a great job with privacy. You pay attention to it and you have the technology, you don't just kind of talk about it. You actually implement it and you dog food it as to or you eat and drink your own champagne. I mean that's how bore became, started became Kubernetes you know? And Spanner was internal first and then became out here. This is the trend that Google, the same trend that you guys are doing with the phones, testing it out internally to see if it works. >> Yeah, yeah. >> Absolutely right, so Security Keys will start there like we uh Krebs published an article last year, just before the event saying we had zero incidents of possible phishers with Googlers since they deploying the technology. We had this inside Google for a long time, and it was kind of born out of necessity, right. We knew there was positive phishing was a problem, even Googlers fall for this kind of thing. It's impossible to train your users not to fall for this type of scam, it just is right. We can view any location all we want, but in the end like we need technology to better protect the user, even your employees. So that's were we started deploying this technology, then we said we want to go one step further. We want to kind of implement this on the mobile phone, so we've been testing this technology internally uh for quite a few months. Uh, kind of making sure that things are shaping out. We released this new beta this week uh so it's not a J product quite yet. Uh, you know as you know there is Bluetooth, there is Chrome, there is Android, there's quite a few things involved. Android Ecosystem is kind of a little bit fragmented, right, there is many OEMs. We want to make this technology available to everyone, everyone who has an Android phone, so we are kind of working on the last little things but we think the technology is in a pretty good place after doing this "drinking of champagne." >> So it's got to be bulletproof. So now, on the current news just to get back to the current news, the phone, the Android phone that has a security key is available or is it data that is available? >> [Christiaan Brand] So it's interesting. In on the Cloud side, the way that we normally launch products there is we do an alpha, which is kind of like a closed liked selection. The moment that we move and do beta, beta is open, anyone can deploy it but it has certain like terms of service limitation and other things. Which says hey don't rely on this as your sole way of accessing an account. For example, if you happening to try and sign in on a device that doesn't have Bluetooth the technology clearly will not work. So we're saying please make sure you have a backup, please keep a physical security key for the time being. But start using this technology, we think for the most popular platforms it should be well shaken out. But beta is more of a designation that we kind of reserve for saying we're starting... >> You're setting expectations. >> But also, one thing I want to clarify that just because it's in beta it doesn't mean it less secure. The worst thing that will happen is that you can be locked out of your account because you know, the Bluetooth could fail to communicate or other things like that. So I want to assure people, even though it's beta you can use it, your account is secure. >> Google has the beta kind of uh which means you either take it out to a select group of people or set expectations on terms of service. >> Right. >> Just to kind of keep an eye on it. But just to clarify, which phones again are available for the Android? >> [Christiaan Brand] Uh, we wanted to make sure that we cover as large a population as possible, so we kind of have to look at the trade offs, you know at which point in time we make this available going forward. Uh, we wanted to make sure that we cover more than 50% of the Android devices out there today. That level that we wanted to reach, kind of coincided with the Android 7, Android Nougat, is kind of the line that we've drawn. Anything Android 7 and above, it doesn't have to be a Pixel phone, it doesn't have to a Nexus phone, it doesn't have to a Samsung phone, any phone 7 and up should work with the technology. Uh and there's a little special treat for folks that have a Pixel 3 as you alluded to earlier we have the Titan M chip that we announced last year in Pixel. There we actually make use of this cryptographic chip but on other devices you have the same technology and you have the same assurance. >> Well certainly an exciting area both on from a device standpoint, everybody loves to geek out on the new phones as Google I know is coming up I'm sure it'll be a fun time to talk about that. But overall, on Cloud security is number one, access, human, errors, fixing those, automating, a very important area. So we're going to be keeping track of what's going on, thanks for coming on. >> Thanks. >> And sharing your insight, I appreciate it. >> Of course, thanks for having us. >> Okay, live Cube coverage here in San Francisco. More after this short break. Here Day 3 of 3 days of wall-to-wall coverage. I'm John Furrier and Stu Miniman, stay with us, we'll be back after this short break. (energetic music)

>> Live from San Francisco. It's theCUBE covering Google Cloud Next 2018. Brought to you by Google Cloud and its ecosystem partners. >> Hey welcome back everyone. It's theCUBE live here in San Francisco for Google Next 2018. I'm John Furrier with Dave Vellante. This is day one of wall to wall three days of live coach here on the floor. Our next guest is Karthik Lakshminarayanan who is the director of product manage for cloud identity, one of the core products at the edge authenticating users, people, and applications and devices. Karthik thanks for coming on. >> Yeah thank you, it's great to be here. >> So take a minute to explain because obviously cloud identity, we've seen identity systems in the enterprise, anyone who's dealt in the enterprise who have been buying I.T., who have been buying I.T. stuff. >> Yes. >> That's around identity and then something new comes out and I got to refresh that, I got to buy this, rip this out, replace this. So identity has been super important but it's been kind of stovepiped within applications. The cloud is horizontally scaled but the benefit of the cloud is that you kind of do it once, if you do it right, architecturally you can scale it. >> Absolutely. >> Take a minute to explain how cloud identity works, and how does it fit into the future of what people expect from the cloud. >> Yeah, absolutely, thank you. And cloud identity, our solution is to help organizations securely manage people, applications, and devices in the cloud. So it's exactly like what you're talking about. User identity is evolving because organizations are now coming in and saying "What is this mobile cloud thing? "How do I adjust?" Because users are getting increasingly trained on continual like behavior they just want to turn on, connect to their cloud services, use their mobile devices and be up and running. Organizations have been trained for years to think about the corporate network as their security parameter, so how does that happen in the cloud when the data is no longer on premises? So that's what we do with cloud identity where we look at signals from your users, from your devices, and other things that we're trying to do and give you a different way of accessing the cloud. >> For the folks watching who might have missed the keynote it's going to be on demand, go to YouTube, but I'm sure it's on the Google Cloud channel. Now one of the things Diane Green said, and then also we saw in the demos, we were talking before we came on camera was, you showed a demo of basically cloud and on-prem solution, looked just like one dashboard just the note and the network, and everything's kind of clean. Diane Green then mentioned that when she came to Google Cloud 20 years ago, was to just share what was already built over 25 years or 20 years to the masses. So okay, that's cool. But the question I want to ask you is, people don't want to be like Google or buy Google stuff to implement it in their non Google environment. They want to use the Google services. So they want the benefits of what you guys have experienced, so this is kind of a cultural nuance within Google Cloud where it's like you don't have to tell them be like Google, just use the services. Identity is super important. You have all this institutional knowledge, and low latency signals, from whether it's Android, Chrome, search, user experience. How are you guys putting that into.. Does that help your product? Is that a benefit of the cusp? Or is that more of a future thing? Because when you're at a service I can almost see identity as a service scaling to a point where all these things are kind of taken care of. What's your vision? >> Yeah, absolutely. A couple things. One is something called BeyondCorp. I think a lot of folks are familiar with, it stands for beyond the corporate network. And I want to touch on a couple things. One, is that today we make the access decisions based on who you are as a user, the state of your device, and then context. And context is really king now in a cloud based world. Where we look at signals, signals around the data that we can get even from our consumer services, but carefully curated and making sure we meet all of the compliance policies. Where we can now look at these signals and we do what we call context server access. So the idea that, what are you trying to access? Where are you accessing from? And who are you as a user and what kind of device are you at? That's the perfect combination of what you just said and we call that context server access and that is absolutely central to how we offer cloud identity. >> That's the classic example I've seen that we are Gmail customers, with Gsuite So when I log in from Paris, "Hey wait a minute, you're not in Paris." So you guys, is this an example of that? >> Yeah, it's funny, I feel like you're part of our team because we call this the superman scenario. Because if you just logged in from say California, then a moment later we see an access request coming in from Paris, we know it's not just because you have the valid username or password, we know that's not right. That's just a trivial example. Like Google does a great job of crawling the web. So we don't just know what the good sides are, we know what the bad sides are. So you even try to access a bad site we can stop you. There's all kinds of things we do with this. >> So I wonder if I can ask you about enterprise I.T. John at our kick off this morning said Google's 10 or maybe even 15 years ahead. And as he was just saying, people can't go that fast to be like Google. So how do you.. I think of a caravan with the fastest truck in the military caravan, has to slow down so the whole caravan can keep up. How do you manage the fact that you're going so fast but enterprises move, we sometimes joke, they move at the speed of the CIO. What's your perspective on that and how do you deal with that challenge? >> No, absolutely. So I think our core philosophy and design philosophy is how we built the product is meeting customers from where they are that's key. So meeting customers where they are, so we recognize, take some of our advanced technology. And we recognize that organizations are still building a lot of applications on premises, so we took the power and made that available on premises. You just saw that today. Another example, we connect to systems of record. We know Microsoft Active directly is largely the identity record of choice in large organizations. So we connect very seamlessly with them, we sync with them, and we use a federated identity story so you don't have to move to all in Google Cloud, you connect Google Cloud, you augment your existing infrastructure and that's how we make it all work. So, really making sure that we are inclusive, and meeting customers where they are is how we've designed everything including cloud identity. >> And I follow up with, is architecturally, how do you future proof it? Now part of it is you have a lead on the rest of the world. You have visibility on things that others aren't going to see for years. But at the same time, you don't know, you can't predict the future, right? So how do you future proof your system architecturally? Maybe talk about that. >> Yeah, I think that a couple things for us, we are big on open systems, so we make sure that the cloud as we all know is built on standards. So as an example, the security keys that we talked about was largely invented at Google but we made sure we contributed that back into the standards community. That's an example. We are big on APIs, making sure all our APIs are out there and we support federated standards like Skim and those others things. So we make sure that an organization can use not just us, but whatever identity system of choice, and we interconnect to standards and APIs and I think that's the way forward. >> So I asked you since you do product management which is you're building products, I mean, I used to run a product group at a big company and products are built differently now, than they are with the cloud. So how has the role in building a product change? Product management, you got to have the right features, you got to have customers. We're living in a services world, where you have a service as the product or the platform is the product in a cloud centric world. How do you guys do that product and share some insights for the folks watching, customers get an insight into how you guys work because it's not your classic product management, or is it? How are you guys doing things differently because business models are being built as a service. Things are changing so fast that a new service like Istio can literally change someone's business overnight, leveraging some of these core services that you guys have. >> So let me share a couple things. I think some things are always going to be the same if we do our jobs right. Which is that customers, customer needs, and making sure the solutions we provide, not features, but solutions, meet customer needs. I think in that regard, whether you deliver it as a service, or as a on-prem, does not matter, that's a delivery model. But we want to make sure we take care of our customers. I think one of the challenges we find on the cloud side is the piece of which we are delivering features and a lot of times the I.T. person or the decision maker in an organization want to make sure they stay in the loop on this, they are getting ahead of planning. You don't want to change that vent out so rapidly that the users are confused, they're getting help desk calls and things like that. So we are have a very structured communications mechanism that we work with, we share roadmaps and timelines so it helps organizations really think about what's coming. I think the service delivery and service consumption is more of a partnership now, even though on the consumer side you might think it's just as a service we push a change. I think its really a partnership. >> And it's faster too, I imagine. >> Absolutely faster. >> Your acceleration of service is faster. >> I think we can meet needs exactly, we can meet needs a lot faster. I wanted to call out that Google consciously takes into account the fact that we don't want our changes to be so fast and so disruptive, we want them to be well received so we really partner with our partners in the custom organizations. >> Its interesting Dave mentioned the caravan example, I would say that enterprises move at a glacial pace. >> Any users feel that way. >> But they're buying I.T. in the past, now they're essentially leveraging scaled services that are prebuilt so they can get things going faster. This is the new normal where they'll be buying services not I.T. products. >> Correct. >> You mentioned solutions, solutions and services. Is that kind of what you're getting at? >> Yeah, I think absolutely. If you think about what's happened as mentioned earlier today, I.T. was a cost center, now they're moving into like, hey how do we get ahead and build a competitive advantage? So I think absolutely, you said it well so plus one. >> Karthik you talked about some of the standards that built up the internet, and now you're seeing with blockchain a spate of new protocols being developed, all this innovation, a lot of talk about K.Y.C. know your customer, and antimoney laundering, AML. Perspectives on what's happening in that blockchain world. Obviously it's relevant to identity, what are you thoughts on what's happening there? >> Yeah, a couple things. One is that we think blockchain is very interesting, it's something that we continue to look at. I personally look at blockchain as amazing technology but we go back to what are the use cases and needs that we need to solve. So let me throw something out there, it's not very well thought out, it's just an idea. But we think about one of the things we've tossed around is bring your own identity. There's a time when identity was think about your cell phone number, if you remember was once tied to your provider, you change your provider, you had to get a new number. And now you have portability you don't think about it. So if you think about you as a user you are who you are, and then there is an identity or a profile that exists on a personal side. There's identity that happens so there is protection in this context that is accessed things like that that blockchain can now enable 'cause you now take your identity and you go with you whether you are in the consumer context, you are in the work context, or even switching from one job to another or one role to another within the organization. So I think blockchain could be technology that is very foundational and fundamental to decentralize notions where I as an organization manage your policies and lots of other things but who you are as a person stays with you. >> The old model was bring your device to work. >> Yes. >> Your base was bring your identity to the world under one immutable own your own data, trustful way. Enabling, identity as a service on a whole 'nother level. >> Very different level. I think were not dead today because right now I think organizations are shifting mainly from wrap their arms around the user and the identity and they're super paranoid about moving to the cloud. I think the first step is making them fundamentally comfortable with everything they need. But once we build I think your trust point is key once you have that governance and that secure platform we can start shifting towards bring your own identity and how can that all coexist. >> And why do you think the consternation about moving to the cloud. Is it because it's still unknown? It's still somewhat new? Because I mean by all accounts when you talk to the experts, they'll admit the cloud is more secure than what I can do on prem. Why the consternation? >> Absolutely, I think the key part is the simplicity that comes and I think it's a new model that has not yet been mastered, so cloud is secure, yes, but when my users start doing things that I don't really want them to do, what we call is shadow I.T., they're very worried about it. And then on the flip side they've been trained for years, decades on this whole old model of corporate network and now were saying the cloud is open and the internet is your new network. So that I think scares a lot of people but customers when they come to Google and they see our BeyondCorp story and our cloud identity story, then they know that they can achieve both. Higher access for employees and advanced security for organizations. >> I think the Beyond Corporate is very relevant. We've been tracking that we find that super fascinating. On the shadow I.T., we've been reporting on shadow I.T., it's our ninth year today. But shadow I.T. though, is just an early adopter form of DevOps, so I think shadow I.T. has kind of regulated itself to as a stepping stone for cloud. SAP used to do shadow I.T. as presales and then customers moved everything to the cloud so I think shadow I.T. is much more of a kind of kindergarten or first step to DevOps. >> I think DevOps is where a lot of organizations are moving. I think depending on where the organization is going back they like the I.T. admin led model, they're experimenting with DevOps, there's a lot of experimentation going on. I think what I like about shadow I.T. and not from a security risk perspective but it's signal that clear intent from the user to the organization saying I want access to these services fast and make it simple. >> It's like an R and D sand box the way I look at it. Final question for you I know you got to go. Thanks for coming on, I appreciate your time. How are you guys going to roll out this identity as a service, who's your competition, how do you guys compare, what's the story, what's the vision? Share some of the competitive strengths and weakness. What's going on? >> Yeah, I think three things for us. It's already available today, you can go to cloud.google.com/identity. Sign up for a free trial and we give you everything from identity as a service to device management and all of that. The things that we focus on is like smart, secure, and simple. The idea that we can use ML based security to automatically protect, no longer can an I.T. admin go in and set reactive policies. We just have to use data and set proactive policies and protect them. To your points earlier about end points and other data coming into that's the smart piece. We also have a unified single pane of glass, unified administration, one admin controlled to manage everything because people are complaining about the complexity of these solutions that they got to put together. So you get cloud identity you get one thing everything from not just the administration but also the licensing. One price and you're done. You never have to worry about it. And the last but not the least, it has to be secure. The things we talked about from security keys, I've never changed my password for the two years I've been at Google. I use security keys and never typed an RSA key or anything like that. It's fascinating how simple we can make it so that's really what we like smart, secure, and simple. >> Awesome, well congratulations. Looking forward to see how this scales out certainly foundationally identity is super important. Identity is one of the bedrock of cloud. It's part of that system that scales theCUBE. Bringing you all the best content scaling here at Moscone with all the great content from Google Next. I'm John Furrier and Dave Vellante. Stay with us from day one coverage of three days of live coverage here in San Francisco. We'll be right back.

(upbeat electronic music) >> Narrator: Live from San Francisco, it's The Cube, covering Red Hat Summit 2018. Brought to you by Red Hat. >> Hey, welcome back, everyone. We are here live, The Cube in San Francisco, Moscone West for the Red Hat Summit 2018 exclusive coverage. I'm John Furrier, the cohost of The Cube. I'm here with my cohost, John Troyer, who is the co-founder of Tech Reckoning, an advisory and community development firm. Our next guest is Jonathan Donaldson, Technical Director, Office of the CTO, Google Cloud. Former Cube Alumni. Formerly was Intel, been on before, now at Google Cloud for almost two years. Welcome back, good to see you. >> Good to see you too, it's great to be back. >> So, had a great time last week with the Google Cloud folks at KubeCon in Denmark. Kubernetes, rocking the world. Really, when I hear the word de facto standard and abstraction layers, I start to get, my bells go off, let me look at that. Some interesting stuff. You guys have been part of that from the beginning, with the CNCF, Google, Intel, among others. Really created a movement, congratulations. >> Yeah, thank you. It really comes down to the fact that we've been running containers for almost a dozen years. Four billion a week, we launch and collapse. And we know that at some point, as Docker and containers really started to take over the new way of developing things, that everyone is going to run into that scalability wall that we had run into years and years and years ago. And so Craig and the team at Google, again, I wasn't at Google at this time, but they had a really, let's take what we know from internally here and let's take those patterns and let's put them out there for the world to use, and that became Kubernetes. And so I think that's really the massive growth there, is that people are like, "Wow, you've solved a problem, "but not from a science project. "It's actually from something "that's been running for a decade." >> Internally, that's called bore. That's tools that Google used, that their SRE cyber lab engineers used to massively provision manage. And they're all software engineers, so it's not like they're operators. They're all Google engineers. But I want to take a minute, if you can, to explain. 'Cause you're new to Google Cloud. You're in the industry, you've been around, you helped form the CNCF, which is the Cloud Native Foundation. You know cloud, you know tech. Google's changed a lot, and Google Cloud specifically has a narrative of, they're one big cloud and they have an application called Google stuff and enterprises are different. You've been there now for almost a year or more. >> Jonathan: Little over a year, yeah. >> What's Google Cloud like right now? Break the myths down around Google Cloud. What's the current status? I know personally, a lot of cloud DNA is coming in from the industry. They've been hiring, making some great progress. Take a minute to explain the Google Cloud. >> Yeah, so it's really interesting. So again, it comes back from where you started from. So Google itself started from a scale consumer SAS type of business. And so that, they understood really well. And we still understand, obviously, uptime and scalability really, really well. And I would say if you backtrack several years ago, as the enterprise really started to look at public clouds and Google Cloud itself started to spin up, that was probably not, they probably didn't understand exactly all of the things that an enterprise would need. Really, at that point in time, no one cloud understood any of the enterprise specifically. And so what they did is they started hiring in people like myself and others that are in the group that I'm in. They're former CIOs of large enterprise companies or former VPs of engineering, and really our job in the Office of the CTO for Google Cloud is to help with the product teams, to help them build the products that enterprises need to be able to use the public cloud. And then also work with some of those top enterprise customers to help them adopt those technologies. And so I think now that if you look at Google Cloud, they understand enterprise really, really well, certainly from the product and the technology perspective. And I think it's just going to get better. >> I interviewed Jennifer Lynn, I had a one-on-one with her. I didn't publish it, it was more of a briefing. She runs Product Management, all on security side. >> Jonathan: Yeah, she's fantastic. >> So she's checking the boxes. So the table stakes are set for Google. I know you got to do some basic things to catch up to get in the cloud. But also you have partnerships. Google Next is coming up, The Cube will be there. Red Hat's a partner. Talk about that relationship with Red Hat and partners. So you're very partner-centric with Google Cloud. >> Jonathan: We are. >> And that's important in the enterprise, but so what-- >> Well, there tends to be two main ares that we focus on, from what we consider the right way to do cloud. One of them is open source. So having, which again, aligns perfectly with Red Hat, is putting the technologies that we want customers to use and that we think customers should use in open source. Kubernetes is an example, there's Istio and others that we've put out that are examples of those. A lot of the open source projects that we all take for granted today were started from white papers that we had put out at one point in time, explaining how we did those things. Red Hat, from a partner perspective, I think that that follows along. We think that the way that customers are going to consume these technologies, certainly enterprise customers are, through those partners that they know and trust. And so having a good, flourishing ecosystem of partners that surround Google Cloud is absolutely key to what we do. >> And they love multicloud too. >> They love multicloud. >> Can't go wrong with it. >> And we do too. The idea is that we want customers to come to Google Cloud and stay there because they want to stay there, because they like us for who we are and for what we offer them, not because they're locked into a specific service or technology. And things like Kubernetes, things like containers, being open sourced allows them to take their tool chains all the way from their laptop to their own cloud inside their own data center to any cloud provider they want. And we think hopefully they'll naturally gravitate towards us over time. >> One of the things I like about the cloud is that there's a flywheel, if you will, of expertise. Like I look at Amazon, for instance. They're getting a lot of metadata of the kinds of workloads that are on their cloud, so they can learn from that and turn that into an advantage for them, or not, or for their customers, and how they could do that. That's their business decision. Google has a lot of flywheel action going on. A lot of Android devices connected in the Google system. You have a lot of services that you can bring to bear in the cloud. How are you guys looking at, say, from a security standpoint alone, that would be a very valuable service to have. I can tap into all the security goodness of Google around what spear phishing is out there, things of that nature. So are you guys thinking like that, in terms of services for customers? How does that play out? >> So where we, we're very consistent on what we consider is, privacy is number one for our customers, whether they're consumer customers or whether they're enterprise customers. Where we would use data, you had mentioned a lot of things, but where we would use some data across customer bases are typically for security things, so where we would see some sort of security impact or an attack or something like that that started to impact many customers. And we would then aggregate that information. It's not really customer information. It's just like you said, metadata, themes, or trends. >> John Furrier: You're not monetizing it. >> Yeah, we're not monetizing it, but we're actually using it to protect customers. But when a customer actually uses Google Cloud, that instance is their hermetically sealed environment. In fact, I think we just came out recently with even the transparency aspects of it, where it's almost like the two key type of access, for if our engineers have to help the customer with a troubleshooting ticket, that ticket actually has to be opened. That kind of unlocks one door. The customer has to say, "Yes," that unlocks the other door. And then they can go in there and help the customer do things to solve whatever the problem is. And each one of those is transparently and permanently logged. And then the customer can, at any point in time, go in and see those things. So we are taking customer privacy from an enterprise perspective-- >> And you guys are also a whole building from Google proper, like it's a completely different campus. So that's important to note. >> It is. And a lot of it just chains on from Google proper itself. If you understood just how crazy and fanatical they are about keeping things inside and secret and proprietary. Not proprietary, but not allowing that customer data out, even on the consumer side, it would give a whole-- >> Well, you got to amplify that, I understand. But what I also see, a good side of that, which is there's a lot of resources you're bringing to bear or learnings. >> Yeah, absolutely. >> The SRE concept, for instance, is to me, really powerful, because Google had to build that out themselves. This is now a paradigm, we're seeing a cloud scale here, with the Cloud Native market bringing in all-new capabilities at scale. Horizontally scalable, fully synchronous, microservices architecture. This future is a complete game-changer on functionality at the different scale points. So there's no longer the operator's room, provisioning storage here. >> And this is what we've been doing for years and years and years. That's how all of Google itself, that's how search and ads and Gmail and everything runs, in containers all orchestrated by Borg, which is our version of Kubernetes. And so we're really just bringing those leanings into the Google Cloud, or learnings into Google Cloud and to our customers. >> Jonathan, machine learning and AI have been the big topic this week on OpenShift. Obviously that's a big strength of Google Cloud as well. Can you drill down on that story, and talk about what Google Cloud is bringing on, and machine learning on OpenShift in general? Give us a little picture of what's running. >> Yeah, so I think they showed some of the service broker stuff. And I think, did they show some of the Kubeflow stuff, which is taking some machine learning and Kubernetes underneath OpenShift. I think those are very, very interesting for people that want to start getting into using AutoML, which is kind of roll-your-own machine learning, or even the voice or vision APIs to enhance their products. And I think that those are going to be keys. Easing the adoption of those, making them really, really easy to consume, is what's going to drive the significant ramp on using those types of technologies. >> One of the key touchpoints here has been the fact that this stuff is real-world and production-ready. The fact that the enterprise architecture now rolling out apps within days or weeks. One of those things that's now real is ML. And even in the opening keynote, they talked about using a little bit of it to optimize the scheduling and what sessions were in which rooms. As you talk to enterprises, it does seem like this stuff is being baked into real enterprise apps today. Can you talk a little bit about that? >> Sure, so I certainly can't give any specific examples, because what I think what you're saying is that a lot of enterprises or a lot of companies are looking at that like, "Oh, this is our new secret sauce." It always used to be like they had some interesting feature before, that a competitor would have to keep up with or catch up with. But I think they're looking at machine learning as a way to enhance that customer experience, so that it's a much more intimate experience. It feels much more tailored to whomever is using their product. And I think that you're seeing a lot of those types of things that people are starting to bake into their products. We've, again, this is one of these things where we've been using machine learning for almost 10 years inside Google. Things like for Gmail, even in the early days, like spam filtering, something just mundane like that. Or we even used it, turned it on in our data centers, 'cause it does a really good job of lowering the PUE, which is the power efficiency in data centers. And those are very mundane things. But we have a lot of experience with that. And we're exposing that through these products. And we're starting to see people, customers gravitate to grab onto those. Instead of having to hard code something that is a one to many kind of thing, I may get it right or I may have to tweak it over time, but I'm still kind of generalizing what the use cases are that my customers want to see, once they turn on machine learning inside their applications, it feels much more tailored to the customer's use cases. >> Machine learning as a service seems to be a big hot button that's coming out. How are you guys looking at the technical direction from the cloud within the enterprise? 'Cause you have three classes of enterprise. You have the early adopters, the power, front, cutting-edge. Then you have the fast followers, then you have everybody else. The everybody else and fast followers, they know about Kubernetes, some might not even, "What is Kubernetes?" So you have kind of-- >> Jonathan: "What containers?" >> A level of progress where people are. How are you guys looking at addressing those three areas, because you could blow them away with TensorFlow as a service. "Whoa, wowee, I'm just trying to get my storage LUNs "moving to a cloud operation system." There's different parts of this journey. Is there a technical direction that addresses these? What are you guys doing? >> So typically we'll work with those customers to help them chart the path through all those things, and making it easy for them to use and consume. Machine learning is still, unless you are a stats major or you're a math major, a lot of the algorithms and understanding linear algebra and things like that are still very complex topics. But then again, so is networking and BGP and things like OSPF back a few years ago. So technology always evolves, and the thing that you can do is you can just help pull people along the continuum there, by making it easy for them to use and to provide a lot of education. And so we work with customers on all ends of the spectrum. Even if it's just like, "How do I modernize my applications, "or how do I even just put them into the cloud?" We have teams that can help do that or can educate on that. If there are customers that are like, "I really want to go do something special "with maybe refactoring my applications. "I really want to get the Cloud Native experience." We help with that. And those customers that say, "I really want to find out this machine learning thing. "How can I actually make that an impactful portion of my company's portfolio?" We can certainly help with that. And there's no one, and typically you'll find in any large enterprise, because there'll be some people on each one of those camps. >> Yeah, and they'll also want to put their toe in the water here and there. The question I have for you guys is you got a lot of goodness going on. You're not trying to match Amazon speed for speed, feature for feature, you guys are picking your shots. That is core to Google, that's clear. Is there a use case or a set of building blocks that are highly adopted with you guys now, in that as Google gets out there and gets some penetration in the enterprise, what's the use, what are the key things you see with successes for you guys, out of the gate? Is there a basic building? Amazon's got EC2 and S3. What are you guys seeing as the core building blocks of Google Cloud, from a product standpoint, that's getting the most traction today? >> So I think we're seeing the same types of building blocks that the other cloud providers are, I think. Some of the differences is we look at security differently, because of, again, where we grew up. We do things like live migration of virtual machines, if you're using virtual machines, because we've had to do that internally. So I think there are some differences on just even some of the basic block and tackling type of things. But I do think that if you look at just moving to the cloud, in and of itself is not enough. That's a stepping stone. We truly believe that artificial intelligence and machine learning, Cloud Native style of applications, containers, things like service meshes, those things that reduce the operational burdens and improve the rate of new feature introduction, as well as the machine learning things, I think that that's what people tend to come to Google for. And we think that that's a lot of what people are going to stay with us for. >> I overheard a quote I want to get your reaction to. I wrote it down, it says, "I need to get away from VPNs and firewalls. "I need user and application layer security "with un-phishable access, otherwise I'm never safe." So this is kind of a user perspective or customer perspective. Also with cloud there's no perimeters, so you got phishing problems. Spear phishing's one big problem. Security, you mentioned that. And then another quote I had was, "Kubernetes is about running frameworks, "and it's about changing the way "applications are going to be built over time." That's where, I think, SRE and Istio is very interesting, and Kubeflow. This is a modern architecture for-- >> There's even KubeVirt out there, where you can run a VM inside a container, which is actually what we do internally too. So there's a lot of different ways to slice and dice. >> Yeah, how relevant is that, those concepts? Because are you hearing that as well on the customers? 'Cause that's pain point, but also the new modern software development's future way to do things. So there's pain point, I need some aspirin for that. And then I need some growth with the new applications being built and hiring talent. Is that consistent with how you guys see it? >> So which one should I tackle? So you're talking about. >> John Furrier: VPN, do the VPNs first. >> The VPNs first, okay. >> John Furrier: That's my favorite one. >> So one of the most, kind of to give you the backstory, so one of the most interesting things when I came to Google, having come from other large enterprise vendors before this, was there's no VPNs. We don't even have it on our laptop. They have this thing called BeyondCorp, which is essentially now productized as the Identity-Aware Proxy. Which is, it actually takes, we trust no one or nothing with anything. It's not the walled garden style of approach of firewall-type VPN security. What we do is, based upon the resource you're going to request access for, and are you on a trusted machine? So on one that corporate has given you? And do you have two-factor authentication that corporate, not only your, so what you have and what you know. And so they take all of those things into awareness. Is this the laptop that's registered to you? Do you have your two-factor authentication? Have you authenticated to it and it's a trusted platform? Boom, then I can gain access to the resources. But they will also look for things like if all of a sudden you were sitting here and I'm in San Francisco, but something from some country in Asia pops up with my credentials on it, they're going to slam the door shut, going, "There's no way that you can be in two places at one time." And so that's what the Identity-Aware Proxy or BeyondCorp does, kind of in a nutshell. And so we use that everywhere, internally, externally. And so that's one of the ways that we do security differently is without VPNs. And that's actually in front of a lot of the GCP technologies today, that you can actually leverage that. So I would say we take-- >> Just rethinking security. >> It's rethinking security, again, based upon a long history. And not only that, but what we use internally, from our corporate perspective. And now to get to the second question, yeah. >> Istio, Kubeflow, is more of the way software gets run. One quote from one of the ex-Googlers who left Google then went out to another company, she goes, she was blown away, "This is the way you people ship software?" Like she was a fish out of water. She was like, "Oh my god, where's Borg?" "We do Waterfall." So there's a new approach that opens doors between these, and people expect. That's this notion of Kubeflow and orchestration. So that's kind of a modern, it requires training and commitment. That's the upside. Fix the aspirin, so Identity Proxy, cool. Future of software development architecture. >> I think one of the strong things that you're going to see in software development is I think the days of people running it differently in development, and then sandbox and testing, QA, and then in prod, are over. They want to basically have that same experience, no matter where they are. They want to not have to do the crossing your fingers if it, remember, now it gets reddited or you got slash-dotted way back in the past and things would collapse. Those days of people being able to put up with those types of issues are over. And so I think that you're going to continue to see the development and the style of microservices, containers, orchestrated by something that can do auto scaling and healing, like Kubernetes. You're going to see them then start to use that base layer to add new capabilities on top, which is where we see Kubeflow, which is like, hey, how can I go put scalable machine learning on top of containers and on top of Kubernetes? And you even see, like I said, you see people saying, "Well, I don't really want to run "two different data planes and do the inception model. "If I can lay down a base layer "of Kubernetes and containers, then I can run "bare metal workloads against the bare metal. "If I need to launch a virtual machine, "I'll just launch that inside the container." And that's what KubeVirt's doing. So we're seeing a lot of this very interesting stuff pop. >> John Furrier: Yeah, creativity. >> Creativity. >> Great, talk about your role in the Office of the CTO. I know we got a couple of minutes left. I want to get out there, what is the role of the CTO? Bryan Stevens, formerly a Red Hat executive. >> Yeah, Bryan's our CTO. He used to run a big chunk of the engineering for Google Cloud, absolutely. >> And so what is the office's charter? You mentioned some CIOs, former CIOs are in there. Is it the think tank? Is it the command and control ivory tower? What's the role of the office? >> So I think a couple of years ago, Diane Greene and Bryan Stevens and other executives decided if we want to really understand what the enterprise needs from us, from a cloud perspective, we really need to have some people that have walked in those shoes, and they can't just be Diane or can't just be Bryan, who also had a big breadth of experience there. But two people can't do that for every customer for every product. And so they instituted the Office of the CTO. They tapped Will Grannis, again, had been in Boeing before, been in the military, and so tapped him to build this thing. And they went and they looked for people that had experience. Former VPs of Engineering, former CIOs. We have people from GE Oil and Gas, we have people from Boeing, we have people from Pixar. You name it, across each of the different verticals. Healthcare, we have those in the Office of the CTO. And about, probably, I think 25 to 30 of us now. I can't remember the exact numbers. And really, what our day to day life is like is working significantly with the product managers and the engineering teams to help facilitate more and more enterprise-focused engineering into the products. And then working with enterprise customers, kind of the big enterprise customers that we want to see successful, and helping drive their success as they consume Google Cloud. So being the conduit, directly into engineering. >> So in market with customers, big, known customers, getting requirements, helping facilitate product management function as well. >> Yeah, and from an engineering perspective. So we actually sit in the engineering organization. >> John Furrier: Making sure you're making the good bets. >> Jonathan: Yes, exactly. >> Great, well thanks for coming on The Cube. Thanks for sharing the insight. >> Jonathan: Thanks for having me again. >> Great to have you on, great insight, again. Google, always great technology, great enterprise mojo going on right now. Of course, The Cube will be at Google Next this July, so we'll be having live coverage from Google Next here in San Francisco at that time. Thanks for coming on, Jonathan. Really appreciate it, looking forward to more coverage. Stay with us for more of day three, as we start to wrap up our live coverage of Red Hat Summit 2018. We'll be back after this short break. (upbeat electronic music)

>> Announcer: Live from Copenhagen, Denmark, it's theCUBE covering KubeCon and CloudNativeCon Europe 2018. Brought to you by the Cloud Native Computing Foundation and its ecosystem partners. >> Hello, everyone, welcome back to theCUBE's exclusive coverage here in Copenhagen, Denmark for coverage of KubeCon 2018, part of the CNCF CloudNative Compute Foundation, part of the Linux Foundation, I'm John Furrier with my cohost, Lauren Cooney, the founder of Spark Labs. We're here with Kelsey Hightower, co-chair of the program as well as a staff engineer, developer, advocate, at Google Cloud Platform, a celebrity in the industry, dynamic, always great to have you on, welcome back. >> Awesome, good to be back. >> How are you feeling, tired? You've got the energy, day two? >> I'm good, I finished my keynote yesterday. My duties are done, so I get to enjoy the conference like most attendees. >> Great. Keynote was phenomenal, got good props. Great content format, very tight, moving things along. A little bit of a jab at some of the cloud providers. Someone said, "Oh, Kelsey took a jab at the cloud guys." What was that about, I mean, there was some good comments on Twitter, but, keeping it real. >> Honestly, so I work at a cloud provider, so I'm part of the cloud guys, right? So I'm at Google Cloud, and what I like to do is, and I was using Amazon's S3 in my presentation, and I was showing people basically like the dream of, in this case, serverless, here's how this stuff actually works together right now. We don't really need anything else from the cloud providers. Here's what you can do right now, so, I like to take a community perspective, When I'm on the stage, so I'm not here only to represent Google and sell for Google. I'm here to say, "Hey, here's what's possible," and my job is to kind of up-level the thinking. So that was kind of the goal of that particular presentation is like, here's all this stuff, let's not lock it all down to one particular provider, 'cause this is what we're here for, KubeCon, CloudNativeCon, is about taking all of that stuff and standardizing it and making it accessible. >> And then obviously, people are talking about the outcome, that that's preferred right now in the future, which is a multi-cloud workload portability. Kubernetes is playing a very key role in obviously the dev ops, people who have been doing it for many many years, have eaten glass, spit nails, custom stuff, have put, reaped the benefits, but now they want to make it easy. They don't want to repeat that, so with Kubernetes nice formation, a lot of people saying here on theCUBE and in the hallways that a de facto standard, the word actually said multiple times here. Interesting. >> Yeah, so you got Kubernetes becoming the de facto standard for computes, but not events, not data, not the way you want to compute those events or data, so the job isn't complete. So I think Kubernetes will solve a large portion of compute needs, thumbs up, we're good to go. Linux has done this for the virtualization layer, Kubernetes is doing it for the containerization, but we don't quite have that on the serverless side. So it's important for us all to think about where the industry is going and so it's like, hey, where the industry is moving to, where we are now, but it's also important for us to get ahead of it, and also be a part of defining what the next de facto standard should be. >> And you mentioned community, which is important, because I want to just bring this up, there's a lot of startups in the membership of CNCF, and when you have that first piece done, you mentioned the other work to be done, that's an opportunity to differentiate. This is the commercialization opportunity to strike that balance. Your reaction to that, how do you see that playing out? Because it is an opportunity to create some value. >> Honestly I'm wearing a serverless.com T-shirt right now, right, that's the startup in the space. They're trying to make serverless easy to use for everyone, regardless of the platform. I think no matter what side of the field you stand on, we need these groups to be successful. They're independent companies, they're going for ambition, they're trying to fill the gaps in what we're all doing, so if they're successful, they just make a bigger market for everyone else, so this is why not only do we try to celebrate them, we try to give them this feedback, like, "Hey, here's what we're doing, "here's what the opportunities are," so I think we need them to be successful. If they all die out every time they start something, then we may not have people trying anymore. >> And I think there's actually a serverless seg in the CNCF, right? And I think that they're doing a lot of great work to kind of start to figure out what's going on. I mean, are you aware what those guys are up to? >> Exactly, so the keynote yesterday was largely about some of the work they're doing. So you mentioned the serverless seg, and CNCF. So some of the work that they're doing is called cloud events. But they wanted to standardize the way we take these events from the various providers, we're not going to make them all work the same way, but what we can do is capture those events in a standard way, and then help define a way to transport those between different providers if you will, and then how those responses come back. So at least we can start to standardize at least that part of the layer, and if Google offers you value, or Amazon offers you value, you own the data, and that data generates events, you can actually move it wherever you want, so that's the other piece, and I'm glad that they're getting in front of it. >> Well I think goal is, obviously, if I'm using AWS, and then I want to use Asher, and then I want to go to Google Cloud, or I want my development teams are using different components, and features, in all of them, right? You want to be able to have that portability across the cloud-- >> And we say together, so the key part of that demo was, if you're using one cloud provider for a certain service, in this case, I was using Google Translate to translate some data, but maybe your data lives in Amazon, the whole point was that, be notified that your data's in Amazon, so that it can be fired off an event into Google, function runs a translation, and writes the data back to Amazon. There are customers that actually do this today, right? There are different pieces of stacks that they want to be able to access, our goal is to make sure they can actually do that in a standard way, and then, show them how to do it. >> A lot of big buzz too also going on around Kubeflow, that Google co-chaired, or co-founded, and now part of the CNCF, Istio service meshes, again, this points to the dots that are connecting, which is okay, I got Kubernetes, we got containers, now Istio, what's your vision on that, how did that play out? An opportunity certainly to abstract the weights of complexity, what's your thoughts on Istio? >> So I think there's going to be certain things, things like Istio, there are parts of Istio that are very low level, that if done right, you may never see them. That's a good thing, so Istio comes in, and says, "Look, it's one thing to connect applications together, "which Kubernetes can help you do "with this built-in service discovery, "how does one app find the other app," but then it's another thing to lock down security and implement policy, this app can talk to this app under these conditions. Istio comes in, brings that to the playing field. Great, that's a great addition. Most people will probably wrap that in some higher-level platform, and you may never see it! Great! Then you mention Kubeflow, now this is a workflow, or at least an opinionated workflow, for doing machine-learning, or some analytics work. There's too many pieces! So if we start naming every single piece that you have to do, or we can say, "Look, we know there's a way that works, "we'll give it a name, we'll call it Kubeflow," and then what's going to happen there is the community's going to rally around actually more workflow, we have lots of great technology wrapped underneath all of that, but how should people use it? And I think that's what I'm actually happy to see now that we're in like year four or five of this thing, as people are actually talking about how to people leverage all of these things that fall below? >> As the IQ starts to increase with cloud-native, you're seeing enterprises, and there's levels of adoption, the early adopters, you know, the shiny new toy, are pushing the envelope, fast followers coming in, then you got the mainstream coming in, so mainstream, there's a lot of usage and consumption of containers, very comfortable with that, now they're bumping into Kubernetes, "Oh wow, this is great," different positions of the adoption. What's your message to each one, mainstream, fast followers, early adoptives, the early adoptives keep pushing, keep bringing that community together, form the community, fast forward. What's the position, what's the Kelsey Hightower view of each one of those points of the evolution? >> So I think we need a new model. So I think that model is kind of out now. Because if you look at the vendor relationships now, so the enterprise typically buys off the shelf when it's mature and ready to go. But at this point now, a lot of the library is all in the programming languages, if you see a language or library that you need, if it's on GitHub, you look around, it's like, "We're going to use this open-source library, "'cause we got to ship," right? So, they started doing early adoption maybe at the library level. Now you're starting to see it at the service level. So if I go to my partner or my vendor, and they say, "Hey, the new version of our software requires Kubernetes." Now, that's a little bit early for some of these enterprises to adopt, but now you're having the vendor relationship saying, "We will help you with Kubernetes." And also, a lot of these enterprises, it's early? Guess what, they have contributors to these projects. They helped design them. I remember back in the day, when I was in financial services, JPMC came out with their own messaging standard, so banks could communicate with each other. They gave that to Red Hat, and Red Hat turns it into a product, and now there's a new messaging standard. That kicked off ten years ago, and now we're starting to see these same enterprises contribute to Kubernetes. So I think now, there's a new model where, if it's early, enterprises are becoming the contributors, donating to the foundations, becoming members of things like CNCF, and on the flip side, they may still use their product, but they want a say in their future. >> So you can jump in at any level as a company, you don't need to wait for the mainstream, you can have a contributor, and in the front wave, to help shepherd through. >> Yeah, you need more say, I think when people bought typical enterprise software, if there wasn't a feature in there, you waited for the vendor to do it, the vendor comes up with their feature, and tells you it's going to cost another 200 million dollars for this add-on, and you have no say into the progress of it, or the speed of it. And then we moved to a world where there was APIs. Look, here's APIs, you can kind of build your own thing on top, now, the vendor's like, "You know what? "I'm going to help actually build the product that I rely on," so if vendor A is not my best partner right now, I could pick a different vendor and say, "Hey, I want a relationship, around this open-source "ecosystem, you have some features I like right now, "but I may want to able to modify them later." I think that's where we are right now. >> Well I think also the emergence of open-source offices, and things like that, and, you know, enterprises that are more monolithic, have really helped to move things forward with their users and their developers. I'm seeing a lot of folks here that are actually coming from larger companies inside of Europe, and they're actually trying to learn Kubernetes now, and they are here to bring that back into their companies, that they want to know about what's going on, right? >> That's a good observation-- >> It's great. >> That open-source office is replacing the I'm the vendor management person. >> Well you need legal-- >> Exactly. >> And you need all of those folks to just get the checkmarks, and get the approval, so that folks can actually take code in, and if it's under the right license, which is super important, or put code back out. >> And it seemed to be some of the same people that were managing the IBM relationship. The people that were managing the big vendor relationship, right? This thing's going to cost us all this cash, we got to make sure that we're getting the right, we're complying with the licensing model, that we're not using more than we paid for, in case we get an audit, the same group has some of the similar skills needed to shepherd their way through the open-source landscape, and then, in many cases, hiring in some of those core developers, to sit right in the organization, to give back, and to kind of have that first-tier support. >> That's a really good point, Lauren. I think this is why I think CNCF has been so successful is, they've kind of established the guardrails, and kind of the cultural notion of commercializing, while not foregoing the principles of open-source, so the operationalizing of open-source is really huge-- >> I'm kind of laughing over here, because, I started the open-source organization at Cisco, and Cisco was not, was new to open-source, and we had to put open data into the Linux Foundation, and I just remember the months of calls I was on, and the lawyers that I got to know, and-- >> You got scar tissue to prove it, too. >> I do, and I think when we did CNCF, I was talking to Craig years ago when we kind of kicked that off, it was really something that we wanted to do differently, we wanted to fast track it, we had the exact license that we wanted, we had the players that we wanted, and we really wanted to have this be something community-based, which I think, Kelsey, you've said it right there. It's really the communities that are coming together that you're seeing here. What else are you seeing here? What are the interesting projects that you see, that are kind of popping up, we have some, but are there others that you see? >> Well, so now, these same enterprises, now they have the talent, or at least not letting the talent leave, the talent now is like, "Well, we have an idea, and it's not core "to our business, let's open-source it." So, Intuit just inquired this workflow, small little start-up project, Argo, they're Intuit now, and maybe they had a need internally, suck in the right people, let the project continue, throw that Intuit logo there, and then sometimes you just see tools that are just being built internally, also be product ties from this open-source perspective, and it's a good way for these companies to stay engaged, and also to say, "Hey, if we're having this problem, "so are other people," so this is new, right? This open-source usually comes from the vendors, maybe a small group of developers, but now you're starting to see the companies say, "You know what, let's open-source our tool as well," and it's really interesting, because also they're pretty mature. They've been banked, they've been used, they're real, someone depends on them, and they're out. Interesting to see where that goes. >> Well yeah, Derek Hondell, from VMware, former Linux early guy, brought the same question. He says, "Don't confuse project with product." And to your point about being involved in the project, you can still productize, and then still have that dual relationship in a positive way, that's really a key point. >> Exactly, we're all learning how to share, and we're learning what to share. >> Okay, well let's do some self awareness here, well, for you, program's great, give you some props on that, you did a great job, you guys are the team, lot of high marks, question marks that are here that we've heard is security. Obviously, love Kubernetes, everyone's high-fiving each other, got to get back to work to reality, security is a conversation. Your thoughts on how that's evolving, obviously, this is front and center conversation, with all this service meshes and all these new services coming up, security is now being fought in the front end of this. What's your view? >> So I think the problem with security from certain people is that they believe that a product will come out that they can buy, to do security. Every time some new platform, oh, virtualization security. Java security. Any buzzword, then someone tries to attach security. >> It's a bolt-on. >> It's, yeah. So, I mean, most people think it's a practice. The last stuff that I seen on security space still applies to the new stack, it's not that the practice changed. Some of the threat models are the same, maybe some new threat models come up, or new threat models are aggravated because of the way people are using these platforms. But I think a lot of companies have never understood that. It's a practice, it will never be solved, there's nothing you can buy or subscribe to-- >> Not a silver bullet. >> Like antivirus, right? I'm only going to buy antivirus, as long as I run it, I should never get a virus. It's like, "No!" That's not how that works. The antivirus will be able to find things it knows about. And then you have to have good behavior to prevent having a problem in the first place. And I think security should be the same way, so I think what people need to do now, is they're being forced back into the practice of security. >> John: Security everywhere, basically. >> It's just a thing you have to do no matter what, and I think what people have to start doing with this conversation is saying, "If I adopt Kubernetes, does my threat model change?" "Does the container change the way I've locked down the VM?" In some cases, no, in some cases, yes. So I think when we start to have these conversations, everyone needs to understand the question you should ask of everyone, "What threat model should I be worried about, "and if it's something that I don't understand or know," that's when you might want to go look for a vendor, or go get some more training to figure out how you can solve it. >> And I think, Tyler Jewell was on from Ballerina, and he was talking about that yesterday, in terms of how they actually won't, they assume that the code is not secure. That is the first thing that they do when they're looking at Ballerina in their programming language, and how they actually accept code into it, is just they assume it's not secure. >> Oh exactly, like at Google we had a thing, we called it BeyondCorp. And there's other aspects to that, if you assume that it's going to be bad if someone was inside of your network, then pretend that someone is already inside your network and act accordingly. >> Yep, exactly, it's almost the reverse of the whitelisting. Alright, so let me ask you a question, you're in a unique position, glad to have you here on theCUBE, thanks for coming on and sharing your insights and perspective, but you also are the co-chair of this progress, so you get to see the landscape, you see the 20 mile stare, you have to have that long view, you also work at Google, which gives a perspective of things like BeyondCorp, and all of the large-scale work at Google, a lot of people want to, they're buying into the cloud-native, no doubt about it, there's still some educational work on the peoples' side, and process, and operationalizing it, with open-source, et cetera, but they want to know where the headroom is, they want to know, as you said, where's the directionally correct vector of the industry. So I got to ask you, in your perspective, where's all this going? For the folks watching who just want to have a navigation, paint the picture, what's coming directionally, shoot the arrow forward, as service meshes, as you start having this service layer, highly valuable, creative freedom to do things, what's the Kelsey vision on-- >> So I think this world of computing, after the mainframe, the mainframe, you want to process census data, you walk up, give it, it spits it back out. To me, that is beautiful. That's like almost the ultimate developer workflow. In, out. Then everyone's like, "I want my own computer, "and I want my own programming language, "and I want to write it in my basement, "without the proper power, or cords, or everything, "and we're all going to learn how "to do computing from scratch." And we all learnt, and we have what we call a legacy. All the mistakes I've made, but I maintain, and that's what we have! But the ultimate goal of computing is like the calculator, I want to be able to have a very simple interface, and the computer should give me an answer back. So where all this is going, Istio, service mesh, Kubernetes, cloud-native, all these patterns. Here's my app, run it for me. Don't ask me about auto scale groups, and all, run it for me. Give me a security certificate by default. Let's encrypt. Makes it super easy for anyone to get a tailored certificate rotated to all the right things. So we're slowly getting to a world where you can ask the question, "Here's my app, run it for me," and they say, "Here's the URL, "and when you hit this URL, we're going to do "everything that we've learned in the past "to make it secure, scalable, work for you." So that may be called open-shift, in its current implementation with Red Hat, Amazon may call it Lambda, Google Cloud may call it GKE plus some services, and we're never going to stop until the experience becomes, "Here's my app, run it for me." >> A resource pool, just programmability. And it's good, I think the enterprises are used to lifting and shifting, I mean, we've been through the evolution of IT, as we build the legacy, okay, consolidation, server consolidation, oh, hello VMs, now you have lift and shift. This is not a lift and shift kind of concept, cloud-native. It is a-- >> It doesn't have to be a lift and shift. So some people are trying to make it a lift and shift thing, where they say, "Look, you can bolt-on some of the stuff "that you're seeing in the new," and some consultants are like, "Hey, we'll sit their and roll up the sleeves, "and give you what we can," and I think that's an independent thing from where we're pushing towards. If you're ready, there's going to be a world, where you give us your code, and we run it, and it's scary for a lot of people, because they're going to be like, "Well, what do I do?" "What knobs do I twist in that world?" So I think that's just, that's where it's going. >> Well, in a world of millions of services coming out on the line, it's in operating, automation's got to be key, these are principles that have to go get bought into. I mean, you got to understand, administration is the exception, not the rule. This is the new world. It's kind of the Google world, and large-scale world, so it could be scary for some. I mean, you just bump into people all the time, "Hey Kelsey, what do I do?" And what do you say to them? You say, "Hey, what do I do?" What's the playbook? >> Often, so, it's early enough. I wasn't born in the mainframe time. So I'm born in this time. And right now when you look at this, it's like, well, this is your actual opportunity to contribute to what it should do. So if you want to sit on the sidelines, 'cause we're in that period now, where that isn't the case. And everyone right now is trying to figure out how to make it the case, so they're going to come up with their ways of doing things, and their standards, and then maybe in about ten years, you'll be asked to just use what we've all produced. Or, since you're actually around early enough, you can participate. That's what I tell people, so if you don't want to participate, then you get the checkpoints along the way. Here's what we offer, here's what they offer, you pick one, and then you stay on this digital transformation to the end of time. Or, you jump in, and realize that you're going to have a little bit more control over the way you operate in this landscape. >> Well, jumping in the deep end of the pool has always been the philosophy, get in and learn, and you'll survive, with a lot of community support, Kelsey, thanks for coming on, final question for you, surprise is, you're no longer going to be the co-chair, you've co-chaired up to this point, you've done a great job, what surprised you about KubeCon, the growth, the people? What are some of the things that have jumped out at you, either good, surprise, what you did expect, not expect, share some commentary on this movement, KubeCon and CloudNative. >> Definitely surprised that it's probably this big this fast, right? I thought people, definitely when I saw the technology earlier on, I was like, "This is definitely a winner," "regardless of who agrees." So, I knew that early on. But to be this big, this fast, and all the cloud providers agreeing to use it and sell it, that is a surprise, I figured one or two would do it. But to have all of them, if you go to their website, and you read the words Kubernetes' strong competitors, well alright, we all agree that Kubernetes is okay. That to me is a surprise that they're here, they have booths, they're celebrating it, they're all innovating on it, and honestly, this is one of those situations that, no matter how fast they move, everyone ends up winning on this particular deal, just the way Kubernetes was set up, and the foundation as a whole, that to me is surprising that it's still true, four years later. >> Yeah, I mean rising tide floats all boats, when you have an enabling, disruptive technology like Kubernetes, that enables people to be successful, there's enough cake to be eating for everybody. >> Awesome. >> Kelsey Hightower, big time influencer here, inside theCUBE cloud, computing influencer, also works at Google as a developer advocate, also co-chair of KubeCon 2018, I wish you luck in the next chapter, stepping down from the co-chair role-- >> Stepping down from the co-chair, but always in the community. >> Always in the community. Great voice, great guy to have on theCUBE, check him out online, his great Twitter feed, check him out on Twitter, Kelsey Hightower, here on theCUBE, I'm joined here by Lauren Cooney, be right back with more coverage here at KubeCon 2018, stay with us, we'll be right back. (bright electronic music)

>> Announcer: Live, from Copenhagen, Denmark. It's theCUBE! Covering KubeCon and CloudNativeCon Europe 2018. Brought to you by the Cloud Native Computing Foundation, and its Ecosystem partners. >> Hi everyone, welcome back, this is theCUBE's exclusive coverage of the Linux Foundation's Cloud Native Compute Foundation KubeCon 2018 in Europe. I'm John Furrier, host of theCUBE and we're here with two Google folks. JD Velazquez who's the Product Manager for Stackdriver, got some news on that we're going to cover, and David Aronchick, who's the co-founder of Kubeflow, also with Google, news here on that. Guys, welcome to theCUBE, thanks for coming on. >> Thank you John. >> Thank you very much. >> So we're going to have Google Next coming out, theCUBE will be there this summer, looking forward to digging in to all the enterprise traction you guys have, and we had some good briefings at Google. Ton of movement on the Cloud for Google, so congratulations. >> JD: Thank you. >> Open source is not new to Google. This is a big show for you guys. What's the focus, you've got some news on Stackdriver, and Kubeflow. Kubeflow, not Cube flow, that's our flow. (laughing) David, share some of the news and then we'll get into Stackdriver. >> Absolutely, so Kubeflow is a brand new project. We launched it in December, and it is basically how to make machine learning stacks easy to use and deploy and maintain on Kubernetes. So we're not launching anything new. We support TensorFlow and PyTorch, Caffe, all the tools that you're familiar with today. But we use all the native APIs and constructs that Kubernetes rides to make it very easy and to let data scientists and researchers focus on what they do great, and let the I.T. Ops people deploy and manage these stacks. >> So simplifying the interactions and cross-functionality of the apps. Using Kubernetes. >> Exactly, when you go and talk to any researcher out there or data scientist, what you'll find is that while the model, TensorFlow, or Pytorch or whatever, that gets a little bit of the attention. 95% of the time is spent in all the other elements of the pipeline. Transforming your data, ingesting it, experimenting, visualizing. And then rolling it out toward production. What we want to do with Kubeflow is give everyone a standard way to interact with those, to interact with all those components. And give them a great workflow for doing so. >> That's great, and the Stackdriver news, what's the news we got going on? >> We're excited, we just announced the beta release of Stackdriver Kubernetes monitoring, which provides very rich and comprehensive observability for Kubernetes. So this is essentially simplifying operations for developers and operators. It's a very cool solution, it integrates many signals across the Kubernetes environment, including metrics, logs, events, as well as metadata. So what it allows is for you to really inspect your Kubernetes environment, regardless of the role, and regardless of where your deployment is running it. >> David is bringing up just the use cases. I just, my mind is exploding, 'cause you think about what Tensorflow is to a developer, and all the goodness that's going on with the app layer. The monitoring and the instrumentation is a critical piece, because Kubernetes is going to bring the people what is thousands and thousands of new services. So, how do you instrument that? I mean, you got to know, I want to provision this service dynamically, that didn't exist. How do you measure that, I mean this is, is this the challenge you guys are trying to figure out here? >> Yeah, for sure John. The great thing here is that we, and at Google primarily, many of our ancillary practices go beyond monitoring. It really is about observability, which I would describe more as a property of a system. How do you, are able to collect all these many signals to help you diagnose the production failure, and to get information about usage and so forth. So we do all of that for you in your Kubernetes environment, right. We take that toil away from the developer or the operator. Now, a cool thing is that you can also instrument your application in open source. You can use Prometheus, and we have an integration for that, so anything you've done in a Prometheus instrumentation, now you can bring into the cloud as needed. >> Tell about this notion, everyone gets that, oh my God, Google's huge. You guys are very open, you're integrating well. Talk about the guiding principles you guys have when you think about Prometheus as an example. Integrating in with these other projects. How are you guys treating these other projects? What's the standard practice? API Base? Is there integration plans? How do you guys address that question? >> Yeah, at a high level I would say, at Google, we really believe in contributing and helping grow open communities. I think that the best way to maintain a community open and portable is to help it grow. And Prometheus particularly, and Kubernetes of course, is a very vibrant community in that sense. So we are, from the start, designing our systems to be able to have integration, via APIs and so on, but also contributing directly to the projects. >> And I think that one thing that's just leveraging off that exact point, y'know, we realize what the world looks like. There's literally zero customers out there, like, "Well, I want be all in on one cloud. "Y'know, that 25 million dollar data center "I spent last year building. "Yeah, I'll toss that out so that I can get, "y'know, some special thing." The reality is, people are multi-cloud. And the only way to solve any problem is with these very open standards that work wherever people are. And that's very much core to our philosophy. >> Well, I mean, I've been critical of multi-cloud, by the definition. Statistically, if I'm on Azure, with 365, that's Azure. If I'm running something on Amazon, those are two clouds, they're not multi-cloud, by my definition. Which brings up where this is going, which is latency and portability, which you guys are really behind. How are you guys looking at that, because you mentioned observation. Let's talk about the observation space of clouds. How are you guys looking at, 'cause that's what people are talking about. When are we going to get to the future state, which is, I need to have workload portability, in real time, if I want to move something from Azure to AWS or Google Cloud, that would be cool. Can't do that today. >> That is actually the core of what we did around Kubeflow. What we are able to do is describe in code all the layers of your pipeline, all the steps of your pipeline. That works based on any conformant Kubernetes cluster. So, you have a Kubernetes conformant cluster on Azure, or on AWS, or on Google Cloud, or on your laptop, or in your private data center, that's great. And to be clear, I totally agree. I don't think that having single workloads spread across cloud, that's not just unrealistic, because of all the things you identified. Latency, variability, unknown failures, y'know. Cap theorem is a thing because, y'know, it's well-known. But what people want to do is, they want to take advantage of different clouds for the efforts that they provide. Maybe my data is here, maybe I have a legal reason, maybe this particular cloud has a unique chip, or unique service-- >> Use cases can drive it. >> Exactly, and then I can take my workload, which has been described in code and deploy it to that place where it makes sense. Keeping it within a single cloud, but as an organization I'll use multiple clouds together. >> Yeah, I agree, and the data's key, because if you can have data moving between clouds, I think that's something I would like to see, because that's going to be, because the metadata you mentioned is a real critical piece of all these apps. Whether it's instrumentation logging, and/or, y'know, provisioning new services. >> Yeah, and as soon as you have, as David is mentioning, if you have deployments on, y'know, with public or private clouds, then the difficult part is that of severability, that we were talking before. Because now you're trying to stitch together data, and tools to help you get that diagnosed, or get signals when you need them. This is what we're doing with Stackdriver Kubernetes monitoring, precisely. >> Y'know, we're early days in the cloud. It stills feels like we're 10 years in, but, y'know, a lot of people are now coming to realize cloud native, so. Y'know, I'm not a big fan of the whole, y'know, Amazon, although they do say Amazon's winning, they are doing quite well with the cloud, 'cause they're a cloud. It's early days, and you guys are doing some really specific good things with the cloud, but you don't have the breadth of services, say, Amazon has. And you guys are above board about that. You're like, "Hey, we're not trying to meet them "speed for speed on services." But you do certain things really, really well. You mentioned SRE. Site Reliability Engineers. This is a scale best practice that you guys have bringing to the table. But yet the customers are learning about Kubernetes. Some people who have never heard of it before say, "Hey, what's this Kubernetes thing?" >> Right. >> What is your perspectives on the relevance of Kubernetes at this point in history? Because it really feels like a critical mass, de facto, standard movement where everyone's getting behind Kubernetes, for all the right reasons. It feels a lot like interoperability is here. Thoughts on Kubernetes' relevance. >> Well I think that Alexis Richardson summed it up great today, the chairperson of the technical oversight committee. The reality is that what we're looking for, what operators and software engineers have been looking for forever, is clean lines between the various concerns. So as you think about the underlying infrastructure, and then you think about the applications that run on top of that, potentially services that run on top of that, then you think about applications, then you think about how that shows up to end users. Before, if you're old like me, you remember that you buy a $50,000 machine and stick it in the corner, and you'd stack everything on there, right? That never works, right? The power supply goes out, the memory goes out, this particular database goes out. Failure will happen. The only way to actually build a system that is reliable, that can meet your business needs, is by adopting something more cloud native, where if any particular component fails, your system can recover. If you have business requirements that change, you can move very quickly and adapt. Kubernetes provides a rich, portable, common set of APIs, that do work everywhere. And as a result, you're starting to see a lot of adoption, because it gives people that opportunity. But I think, y'know and let me hand off to JD here, y'know, the next layer up is about observability. Because without observing what's going on in each of those stacks, you're not going to have any kind of-- >> Well, programmability comes behind it, to your point. Talk about that, that's a huge point. >> Yeah, and just to build on what David is saying, one thing that is unique about Google is that we've been doing for more than a decade now, we've been very good at being able to provide innovative services without compromising reliability. Right, and so what we're doing is in that commitment, and you see that with Kubernetes and Istio, we're externalizing many of our, y'know, opinionated infrastructure, and platforms in that sense, but it's not just the platforms. You need those methodologies and best practices. And now the toolset. So that's what we're doing now, precisely. >> And you guys have made great strides, just to kind of point out to the folks watching, in the enterprise, I know you've got a lot more work to do but you're pedaling as fast as you can. I want to ask you specifically around this, because again, we're still early days with the cloud, if you think about it, there are now table stakes that are on the table that you got to get done. Check boxes if you will. Certainly on the government side there's like, compliance issues, and you guys are now checking those boxes. What is the key thing, 'cause you guys are operating at a scale that enterprises can't even fathom. I mean, millions of services, on and on up a huge scale. That's going to be helpful for them down the road, no doubt about it. But today, what is the Google table stakes that are done, and what are enterprises need to have for table stakes to do cloud native right, from your perspective? >> Well, I think more than anything, y'know, I agree with you. The reality is all the hyperscale cloud providers have the same table stakes, all the check boxes are checked, we're ready to go. I think what will really differentiate and move the ball forward for so many people is this adoption of cloud native. And really, how cloud native is your cloud, right? How much do you need to spin up an entire SRE team like Netflix in order to operate in the Netflix model of, y'know, complete automation and building your own services and things like that. Does your cloud help you get cloud native? And I think that's where we really want to lean in. It's not about IAS anymore, it's about does your cloud support the reliability, support the distribution, all the various services, in order to help you move even faster and achieve higher velocity. >> And standing up that is critical, because now these applications are the business model of companies, when you talk about digital. So I tweeted, I want to get your reaction to this, yesterday I got a quote I overheard from a person here in the hallways. "I need to get away from VPNs and firewalls. "I need user application layer security "with unphishable access, otherwise I'm never safe." Again this talks about the perimeterless cloud, spearphishing is really hot right now, people are getting killed with security concerns. So, I'm going to stop if I'm enterprise, I'm going to say, "Hold on, I'm not going," Y'know, I'm going to proceed with caution. What are you guys doing to take away the fear, and also the reality that as you provision all these, stand up all this infrastructure, services for customers, what are you guys doing to prevent phishing attacks from happening, security concerns, what's the Google story? >> So I think that more than anything, what we're trying to do is exactly what JD just said, which is externalize all the practices that we have. So, for example, at Google we have all sorts of internal tools that we've used, and internal practices. For example, we just published a whitepaper about our security practices where you need to have two vulnerabilities in order to break out of any system. We have all that written up there. We just published a whitepaper about encryption and how to do encryption by default, encryption between machines and so on. But I think what we're really doing is, we're helping people to operate like Google without having to spin up an entire SRE team as big as Google's to do it. An example is, we just released something internally, we have something called BeyondCorp. It's a non-firewall, non-VPN based way for you to authenticate against any Google system, using two-factor authentication, for our internal employees. Externally, we just released it, it's called, Internet, excuse me, IdentityAware proxy. You can use with literally any service that you have. You can provision a domain name, you can integrate with OAuth, you can, including Google OAuth or your own private OAuth. All those various things. That's simply a service that we offer, and so, really, y'know, I think-- >> And there's also multi, more than two-factor coming down the road, right? >> Exactly, actually IdentityAware proxy already supports two-factor. But I will say, one of the things that I always tell people, is a lot of enterprises say exactly what you said. "Jeez, this new world looks very scary to me. "I'm going to slow down." The problem is they're mistaken, under the mistaken impression that they're secure today. More than likely, they're not. They already have firewall, they already have VPN, and it's not great. In many ways, the enterprises that are going to win are the ones that lean in and move faster to the new world. >> Well, they have to, otherwise they're going to die, with IOT and all these benefits, they're exposed even as they are, just operationally. >> Yep. >> Just to support it. Okay, I want to get your thoughts, guys, on Google's role here at the Linux Foundation's CNCF KubeCon event. You guys do a lot of work in open source. You've got a lot of great fan base. I'm a fan of what you guys do, love the tech Google brings to the table. How do people get involved, what are you guys connecting with here, what's going on at the show, and how does someone get on board with the Google train? Certainly TensorFlow has been, it's like, great open source goodness, developers are loving it, what's going on? >> Well we have over almost 200 people from Google here at the show, helping and connecting with people, we have a Google booth which I invite people to stop by and tell about the different project we have. >> Yeah, and exactly like you said, we have an entire repo on Github. Anyone can jump in, all our things are open source and available for everyone to use no matter where they are. Obviously I've been on Kubernetes for a while. The Kubernetes project is on fire, Tensorflow is on fire, KubeFlow that we mentioned earlier is completely open source, we're integrating with Prometheus, which is a CNCF project. We are huge fans of these open source foundations and we think that's the direction that most software projects are going to go. >> Well congratulations, I know you guys invested a lot. I just want to highlight that. Again, to show my age, y'know these younger generation have no idea how hard open source was in the early days. I call it open bar and open source, you guys are bringing so much, y'know, everyone's drunk on all this goodness. Y'know, just these libraries you guys bringing to the table. >> David: Right. >> I mean Tensorflow is just the classic poster-child example. I mean, you're bringing a lot of stuff to the table. I mean, you invented Kubernetes. So much good stuff coming in. >> Yeah, I couldn't agree more. I hesitate to say we invented it. It really was a community effort, but yeah, absolutely-- >> But you opened it up, and you did it right, and did a good job. Congratulations. Thanks for coming on theCUBE, I'm going to see you at Google Next. theCUBE will be broadcasting live at Google Next in July. Of course we'll do a big drill-down on Google Cloud platform at that show. It's theCUBE here at KubeCon 2018 in Copenhagen, Denmark. More live coverage after this short break, stay with us. (upbeat music)

>> Narrator: From downtown San Francisco it's TheCUBE covering RSA North American 2018. >> Hey, welcome back everybody. Jeff Frick from TheCUBE. We're on the floor at the RSA Conference 2018. 40,000 plus people packed in Moscone North, South, West, and we're excited to be here. It's a crazy conference, Security's top of mind obviously and everybody is aware of this. And our next guest, he's Bill Mann, chief product officer from Centrify. Bill, great to see you. >> Great to see you. >> So you guys have a lot of stuff going on but what I think what's interesting to me is you guys have this kind of no trust as your starting foundation. Don't trust anybody, anything, any device. How do you work from there? Why is that the strategy? >> Well that strategy is because we've got a really new environment now. A new environment where we have to appreciate that the bad actors are already within our environment. And if you stop believing that bad actors are already in your environment, you have to start changing the way you think about security. So it's a really different way of thinking about security. So what we call this new way of thinking about security is zero trust security. And you might have heard this from Google with BeyondCorp and so forth. And with that as the overarching kind of way we are thinking about security, we're focusing on something called NextGenAccess. So how do you give people access to applications and services where they're remote. They're not on the network and they're not behind a firewall because who cares about the firewall anymore because it's not secure. >> Right. So there's four tenants of NextGenAccess. One is verify the user, verify the device that they are coming from so they're not coming from a compromised device. Then give them limited access to what they are trying to access or what we call Limit Privilege and Access. And that last one is learn and adapt which is this kind of pragmatic viewpoint which is we're never going to get security right day one, right? To learn and adapt and what we're doing look at auto tune logs and session logs to change your policy and adapt to get a better environment. >> So are you doing that every time they access the system? As they go from app to app? I mean how granular is it? Where you're consistently checking all these factors? >> We're always checking the end factor and where we use an actual machine learning to check what's happening in the environment and that machine learning is able to give that user a better experience when they are logging in. Let's say Bill's logging into Salesforce.com from the same location, from the same laptop all the time. Let's not get in the way right? But if Bill the IT worker is going from a different location and logging into a different server that's prompting for another factor of authentication because you want to make sure that this is really Bill. Because fundamentally you don't trust anybody in the network. >> And that's really what you guys call this NextGenAccess, right? [Bill]- That right, that's right, that's right. >> It's not just I got a VPN. You trust my VPN. I got my machine. Those days are long gone. >> Well VPNs, no no to VPNs as well, right? We do not trust VPNs either. >> So a bit topic ever since the election, right, has been people kind of infiltrating the election. Influencing you know how people think. And you guys are trying to do some proactive stuff even out here today for the 2018 election to try to minimize that. Tell us a little bit more about it. >> Yeah we call it Secure The Vote. And if the audience has looked at the recent 60 Minutes episode that came on. That did a really good that walked everybody through what was really happening with the elections. The way you know the Russians really got onto the servers that are storing our databases for the registration systems and changed data and created chaos in the environment. But the fundamental problem was compromised credentials. I mean 80% of all breaches believe it or not have to do with compromised credentials. They are not around all the things we think are the problem. So what we're doing here with Secure The Vote is giving our technology to state and local governments for eight months for free. And essentially they can then upgrade their systems, right? So they can secure the vote. So fundamentally securing who has access to what and why and when. And if you look at the people who are working on election boards, they're volunteers, there are a lot of temporary staff and so forth. >> Right, right. >> So you can imagine how the bad guys get into the environment. Now we've got a lot of experience on this. We sell to state and local governments. We've seen our technology being used in this kind of environment. So we're really making sure that we can do our part in terms of securing the election by providing our technology for free for eight months so election boards can use our technology and secure the vote. >> So how hard is it though for them to put it in for temporary kind of situation like that? You made it pretty easy for them to put it in if they are not an existing customer? >> Absolutely I mean one of the things, one of the fallacies around this whole NextGenAccess space is the fact that it's complicated. It's all SAS-Space, it's easy to use, and it's all in bite-sized chunks, right? So some customers can focus on the MFA aspects, right? Some customers can focus on making sure the privileged users who have access to the databases, right, are limiting their access right? So there's aspects of this that you can implement based upon where you want to be able to, what problem you want to be able to solve. We do provide a very pragmatic best practices way of implementing zero trust. So we are really providing that zero trust platform for the election boards. [Jeff]- Alright well that's great work Bill and certainly appreciated by everybody. We don't want crazy stuff going on in the elections. >> Absolutely. >> Jeff: So we'll have to leave it there. We'll catch up back in the office. It's a little chaotic here so thanks for taking a few minutes. >> Thank you very much. >> Alright, he's Bill Mann and I'm Jeff Frick. You're watching TheCUBE from RSCA 2018. Thanks for watching. (bright music)

(upbeat music) >> Welcome to this special CUBEConversation here in the Palo Alto CUBE studio. I'm John Furrier, the co-host, theCUBE co-founder of SiliconANGLE Media. In theCUBE we're here with Alan Cohen, CUBE alumni, joining us today for a special segment on the future of technology and the impact to society. Always good to get Alan's commentary, he's the Chief Commercial Officer for Illumio, industry veteran, has been through many waves of innovation and now more than ever, this next wave of technology and the democratization of the global world is upon us. We're seeing signals out there like cryptocurrency and blockchain and bitcoin to the disruption of industries from media and entertainment, biotech among others. Technology is not just a corner industry, it's now pervasive and it's having some significant impacts and you're seeing that in the news whether it's Facebook trying to figure out who they are from a data standpoint to across the board every company. Alan, great to see you. >> Always great to be here, I always feel like, I can't tell whether I'm at the big desk at ESPN or I've got the desk chair at CNBC, but that's what it's like being on theCUBE. >> Great to have you on extracting the signal noises, a ton of noise out there, but one of things of the most important stories that we're tracking is, that's becoming very obvious, and you're seeing it everywhere from Meed to all aspects of technology. Is the impact of technology to people in society, okay you're seeing the election, we all know what that is, that's now a front and center in the big global conversation, the Russian's role of hacking, the weaponizing of data, Facebook's taking huge brand hits on that, to emerging startups, and the startup game that we're used to in Silicon Valley is changing. Just the dynamics, I mean cryptocurrency raises billions of dollars but yet (laughs) something like 10, 20% of it's been hacked and stolen. It's a really wild west kind of environment. >> Well it's a very different environment. John, you and I have been in the technology industry certainly for a whole bunch of lines under our eyes over the years have gone there. My friend Tom Friedman has this phrase that he says, "Everybody's connected and nobody's in control," so the difference is that, as you just said, the tech industry is not a separate industry. The tech industry is in every product and service. Cryptocurrency is like, the concept of that money is just code. You know, our products and services are just code, it raises a couple of really core issues. Like for us on the security point of view, if I don't trust people with the products they're selling me, that I feel like they're going to be hacked, including my personal data, so your product now includes my personal information, that's a real problem because that could actually melt down commerce in a real way. Obviously the election is if I don't trust the social systems around it, so I think we're all at an, and I'd like to say world is still kind of like iRobot moment, and if you remember iRobot, it's like, people build all these robots to serve humankind and then one day the robots wake up and they go, "We have our own point of view on how things are going to work" and they take over, and I think whether it's the debate about AI, whether cryptocurrency's good or bad, or more importantly, the products and services I use, which are now all digitally connected to me, whether I trust them or not is an issue that I think everyone in our industry has to take a step back because without that trust, a lot of these systems are going to stop growing. >> Chaos is an opportunity, I think that's been quoted many times, a variety-- >> You sound like Jeff Goldblum in like Jurassic Park, yeah. (laughing) >> So chaos is upon us, but this is an opportunity. The winds are shifting, and that's an opportunity for entrepreneurs. The technology industry has to start working for us but we've got to be mindful of these blind spots and the blind spots are technology for good not necessarily just for profits, so that also is a big story right now. We see things like AI for good, Intel has been doing a lot of work on that area, and you see stars dedicated to societal impact, then young millennials, you see the demographic shift where they want to work on stuff that empowers people and changes society so a whole kind of new generation revolution and kind of hippie moment, if you look at the 60s, what the 60s were, right? >> Well there's people out in the street protesting, right? There were a couple of million women out in the street this weekend, so we are in that kind of moment again, people are not happy with things. >> And I believe this is a signal of a renaissance, a change, a sea change at enormous levels, so I want to get your thoughts on this. As technology goes out in mainstream, certainly from a security standpoint, your business Illumio is in that now where there's not a lot of control, just like you were mentioning before we came on that all the spends happening but no one has more than 4% market share. These are dynamics and this is not just within one vertical. What's your take on this, how do you view this sea change that's upon us, this tech revolution? >> Well, you know, think about it. You and I grew up in the era where clients server took over from main frame, right? So remember there was this big company called IBM and they owned a lot of the industry, and then it blew up for client server and then there were thousands of companies and it consolidated its way down, but when those thousands of new companies, like you didn't know what was going to be Apollo and what was going to be Oracle right? Like you didn't know how that was going to work out, there was a lot of change and a lot of uncertainty. I think now we're seeing this on a scale like that's 10x of this that there's so much innovation and there's so much connectedness going on very rapidly, but no one is in control. In the security market, you know, what's happening in our world is like, people said, okay I have to reestablish control over my data, I've lost that control, and I've lost it for good reasons, meaning I've evolved to the cloud, I've evolved to the app economy, I've done all of these things, and I've lost it for bad reasons because like am I, like I'm not really running my data center the way I should. We're in the beginning of a move in of people kind of reasserting that control, but it's very hard to put the genie back in the bottle because the world itself is so much more dynamic and more distributed. >> It's interesting, I've been studying communities and online communities for over a decade in terms of dynamics. You know, from the infrastructural level, how packets move to a human interaction. It's interesting, you mentioned that we're all connected and no one's in control, but you now see a ground swell of organic self-forming networks where communities are starting to work together. You kind of think about the analog world when we grew up without computers and networks, you kind of knew everyone, you knew your neighbor, you knew who the town loony was, you kind of knew things and people watch each other's kids and parents sat from the porch, let the kid play, that's the way that I grew up, but it was still chaotic but yet somewhat controlled by the group. So I got to ask you, when you see things like cryptocurrency, things like KYC, know your customer, anti money laundering, which is, you know these are policy based things, but we're in a world now where, you know, people don't know who their neighbors are. You're starting to see a dynamic where people are-- >> Put the phone down. >> Asserting themselves to know their neighbor, to know their customer, to have a connected tissue with context and so your trust and reputation become super important. >> Well I think people are really, so like every time there is a shift in technology, there's scary stuff. There's the fuddy-duddy moment where people are saying, "Oh we can't use that," or "I don't know that," and you know, clearly we're in this kind of new kam-ree and explosion of this cloud mobile blah blah blah type of computing thing and ... Blah blah blah is always a good intersection when you don't have a term. Then things form around it, and just as you said, so if you think about 25 years ago, right, people created The WELL and there was community writing first bulletin boards and like now we have Facebook and you go through a couple of generations and for a while, things feel out of control and then it reforms. I personally am an optimist. Ultimately I believe in the inherent goodness of people, but inherent goodness leaves you open and then, you know, could be manipulated, and people figure these things out. Whether it's cryptocurrency or AI, they are really exciting technologies that don't have any ground rules, right? What's going to happen I believe is that people are going to reestablish ground rules, they're going to figure out some of the core issues, and some of these things may make it, and some of these things may not make it. Like cryptocurrency, like I don't know whether it makes it or not, but certainly the blockchain as a technology we're going to be incorporating in what we do, and maybe the blockchain replaces VPNs and last generation's way of protecting zeros and ones. If AI is figuring out how to read an MRI in five minutes, it's a good thing, and if the AI is teaching you how to exclude old folks for me finding jobs, it's a bad thing. I think as technology forms, there's always Spectre and 007, right? There's always good and bad sides and you know, I think if you believe-- >> I'm with you on that. I think value shifts and I think ultimately it's like however you want to look at it will shift to something, value activity will be somewhere else. Behind me in the bookshelf is a book called The World is Flat and you're quoted in it a lot as a futurist because you have inherently that kind of view, well that's not what you do for a living, but you're kind of in an opt-- >> Alan: Marketing, futurist, kind of same thing. >> Thomas Friedman, the book, that was a great book and at that time, it was game changing. If you take that premise into today where we are living in a flat world and look at cryptocurrency, and then over with the geo political landscape, I mean I just can't see why the Federal Reserve wouldn't reign in this cryptocurrency because if Japan's going to control a bunch of, or China, it's going to be some interesting conversations. I mean I would be like all over that if I was in the Federal Reserve. >> I think people-- Look, cryptocurrency's really interesting and I think people a little over-rotated. If you look at the amount of GDP that's invested in cryptocurrency, it's like, I don't know, there might've been, you know 20 years ago the same amount involved invested in Beanie Babies, right? I mean things show up for a while and the question is is it sustainable over time? Now I'm trained as an economist, you and I have had this conversation, so I don't know how you have a series of monetary without kind of governmental backing, I just don't understand. But I do understand that people find all kinds of interesting ways to trade, and if it's an exchange, like I mean what's the difference between gold and cryptocurrency? Somebody has ascribed a value to something that really has no efficacy outside of its usage. Yeah I mean you can make a filling or bracelets out of gold but it doesn't really mean anything except people agree to a unit of value. If people do that with cryptocurrency, it does have the ability to become a real currency. >> I want to pick your perspective on this being an economist, this is is the hottest area of cryptocurrency, it's also known as token economics, is a concept. >> Alan: Token economics. >> You know that's an area that theCUBE, with CUBE coins, experimenting with tokens. Tokens technically are used for things in mobile and whatnot but having a token as a utility in a network is kind of the whole concept, so the big trend that we're seeing and no one's really talking about this yet is instead of having a CTO, Chief Technology Officer, they're looking for a CEO, a Chief Economist Officer, because what you're seeing with the MVP economy we're living in and this gamification which became growth hack which didn't really help users, the notion of decentralized applications and token economics can open the door for some innovation around value and it's an economic problem, how you have a fiscal policy of your token, there's a monetary policy, what's it tied to? A product and a technology, so you now have a now a new, twisted, intertwined mechanism. >> Well you have it as part of this explosion, right? We're at a period of time, it feels like there's a great amount of uncertainly because everything's, you know, there's a lot of different forces and not everybody's in control of them, and you know, it's interesting. Google has this architecture, they call it BeyondCorp, where the concept is like networks are not trusted so I will just put my trust in this device, Duo Security's a great example of a company that's built a technology, a security technology around it which is completely antithetical to everything we know about networks and security. They're saying everything's the internet, I'll just protect the device that it's on. It's a kind of perfect architecture for a world like where nobody is in charge, so just isolate those, buy this, what is a device? It's a token too, it's a person, your iPhone's your personal token. Then over time, systems will form around it. I think we just have to, we always have to learn how to function in a different type of economy. I mean democracy was a new economy 250 years ago that kind of screwed around with most of the world, and a lot of people didn't think it would make it, in fact we went through two World War wars that it was a little on the edge whether democracy was going to make it and it seems to have done okay, like it was pretty good IPO to buy into. You know, in 1776. But it's always got risks and struggles with it. I think if, ultimately it comes together, it's whether a large group of people can find a way to function socially, economically, and with their personal safety in these systems. >> You bring up a great point, so I want to go to the next level in this conversation which is around-- >> Alan: You've got the wrong guy if you're going to the next level because I just tapped out. >> No, no, no we'll get you there. It's my job to get you there. The question is that everyone always wants to look at, whether it's someone looking at the industry or actors inside the industries across the board, mainly the tech and we'll talk about tech, is the question of are we innovating? You brought up some interesting nuances that we talk about with token economics. I mean Steve Jobs had the classic presentation where he had street signs, technology meets liberal arts. That's a mental image that people who know Steve Jobs, know Apple, was a key positioning point for Apple at that time which was let's make computers and technology connect with society, liberal arts. But we were just talking about is the business impact of technology, the economics, and that's just not like just some hand waving, making technology integrate with business. You're in the security business, There are some gamification technology, gamification that's business built into the products. So the question is, if we have the integration of business, technology, economics, policy, society rolling into the product definitions of innovation, does that change the lens and the aperture of what innovation is? >> I think it does, right? The IT industry's somewhere between three and four trillion dollars depends on how it counts in. It grows pretty slowly, it grows by a low single digit. That tells me as composite, like is that, that slow growth is a structural signal about how consumers of technology think in a macro sense. On a micro sense, things shift very rapidly, right? New platforms show up, new applications show up, all kinds of things show up. What I don't think we have done yet, to your point, is in this new integrated world, the role of technology is not just technology anymore. I don't think, you know you said you need Chief Economical Officer, what about Chief Political Officer? What about a Chief Social Officer? How many heads of HR make decisions about the insertion of systems into their business? And that's what this kind of iRobot concept is in my mind which is that you know, we are exceeding control of things that used to be done by human beings to systems and when you see control, the social mores, the political mores, the cultural mores, and the human emotional mores have to move with it. We don't tend to think about things like that. We're like, "I win and my competitors lose." Like technology used to be much more of a zero sum, my tech's better than yours. But the question is not just is my tech better than yours, is my customer better off in their industry for the consumption of my technology of inserting it into their offering or their service? You know what, that is probably going to be the next area of study. The other thing that's very important in whether, any of you have read Peter Thiel's book Zero to One, the nature of competition technology used to feel like a flat playing field and now the other thing that's rising is do you have super winners? And then what is the power of the super winners? So you mentioned whether it's Facebook or Google or Amazon or you know, or Microsoft, the FANG companies right? Their roles are so much more significant now than the Four Horsemen of the Nasdaq were in 2000 when you had Intel and Cisco and Oracle and Saht-in it's a different game. >> You're seeing that now. That's a good point, so you're reinforcing kind of this notion that the super players if you will are having an impact, you're mentioning the confluence of these new sectors, you know, government, policy, social are new areas. The question is, this sounds like a strategic imperative for the industry, and we're early so it's not like there's a silver bullet or is there, it doesn't sound like there, so to me that's not really in place yet, I mean. >> Oh no. We're not even in alpha. We have demo code for the new economy and we're trying to get the new model funded. >> John: That's the demo version, not the real version. It's the classic joke. >> Yeah this not the alpha or the beta version that like you're going to go launch it. If people think they're launching it, I think it's a little preliminary and you know, it's not just financial investment, it's like do I buy in? I'll tell you something that's really interesting. I've been visiting a bunch of our customers lately and the biggest change I'd say in the last two years is they now have to prove to their customers they're going to be good custodians of their data. Think about that, like you could go to any digital commerce you do, any website you use and you give them basically the ticket to the Furrier family privacy, you do, but you don't spend a lot of time questioning whether they're really going to protect your data. That has changed. And it's really changing in B2B and in government organizations. >> The role of data to us is regulation, GDPR in Europe, but this is a whole new dynamic. >> It's not just my data because I'm worried about my credit card getting hacked, I'm worried about my identity. Like am I going to show up as a meme in some social media feed that's substituted for the news? I don't want to use the FN word, but you know what I mean? It is a really brave new world. It's like a hyper-democracy and a hyper-risky state at the same time. >> We're living in an area of massive pioneering, new grounds, this is new territory so there's a lot of strategic imperatives that are yet not defined. So now let's take it to how people compete. We were talking before we came on camera, you mentioned the word we're in an MVP economy, minimum viable product concept, and you're seeing that being a standard operating procedure for essentially de-risking this challenge. The old way of you know, build it, ship it, will it work? We're seeing the impact from Hollywood to big tech companies to every industry. >> Well you've got a coffee mug for a company that does both. Amazon does MVP in entertainment, like we'll create one pilot and see if it goes as opposed to ordering a season for 17 million dollars to hey, let's try this feature and put it out on AWS. What's interesting is I don't think we've completely tilted but the question is will buyers of technology, of entertainment products, of any product start to say, "I'll try it." You know like, look, I've done four startups and I always know there's somebody I can go to get and try my early product. There are people that just have an appetite, right? The Jeffrey Moores, early adapter, all the way to the left of the-- >> They'll buy anything new. >> They'll try it, they're interested, they have the time and the resources, or they're just intellectually curious. But it was always a very small group of people in the IT industry. What I think that the MVP economy is starting to do is look, I Kickstarted my wallet. I don't know if I'm the only person who bought that skinny little wallet on Kickstarter, it doesn't matter to me, it had appeal. >> What's the impact of the MVP economy? Is it going to change to the competitive landscape like Peter Thiel was suggesting? Does it change the economics? Does it change the makeup of the team? All of the above? What's your thoughts on how this is going to impact? Certainly the encumbrance will seem to be impacted or not. >> I think two things happen. One, it attacks the structural way markets work. If you go back to classical economics, land, labor, and capital, and people who own those assets, now you add information as a fourth. If those guys were around now they would say that would be the fourth core asset, production, I'm sorry, means of production is the term. The people who can dominate that would dominate a market. Now that that's flattened out, you know, I think it pushes against the traditional structures and it allows new giants to kind of show up overnight. I mean the e-commerce market is rife with companies that have, like look at Stich Fix. A company driven by AI, fashions, tries to figure out what you like, sends it to you every month, just had a monster IPO. We invented, by the way the Spiegal Catalog, except like with a personal assistant and you know, it's changed that in just a short number of years. I think two things happen. One is you'll get new potential giants but certainly new players in the market quickly. Two, it'll force a change in the business model of every company. If you're in a cab in any city in the world, I'm not saying whether the app works there or not, Uber and Lyft has forced every cab company to show you here's the app to call the cab. They haven't quite caught up to the rest of the experience. What I think happens is ultimately, the larger players in an industry have to accommodate that model. For people like me, people who build companies or large technology companies, we may have to start thinking about MVPing of features early on, working with a small group, which is a little what the beta process is but now think about it as a commercial process. Nobody does it, but I bet sure a lot of people will be doing it in five years. >> I want to get your take on that approach because you're talking about really disrupting, re-imagining industry, the Spiegal catalog now becomes digital with technology, so the role of technology in business, we kind of talked about the intertwine of that and its nuance, it's going to get better in my opinion. But specifically the IT, the information technology industry is being disrupted. Used to be like a department, and the IT department will give you your phone on your desk, your PC on your desk or whatever, now that's being shattered and everyone that's participating in that IT industry is evolving. What's your take on the IT industry's disruption? >> Well look, it started 20 years ago when Marc Benioff and Salesforce decided to sell the sales forces instead of IT people, right? They went around to the end buyer. I don't think it's a new trend, I think a lot of technology leaders now figure out how to go to the business buyer directly and make their pitch and interestingly enough, the business buyer, if the IT team doesn't get on board, will do that. >> John: Because of cloud computing and ... >> Because of everything. The modern analog I think in our world is that the developers are increasingly in control. Like my friend Martin Casado up in Andreessen talks about this a lot. The traditional model on our industry is you build a product, you launch it, you launch your company, you work with the traditional analyst firms, you try to get a little bit of halo, you get customer references, those are the things you do and there was a very wall structured, for example, enterprise buying cycle. >> And playbook. >> Playbook, and there's the challenger sale and there's Jeffrey Moore and there's like seeing God. You've got your textbooks on how it's been done. As everything turns into code, the people who work with code for a living increasingly become the front end of your cycle and if you can get to them, that changes. Like I mean think about like, you know, Tom wrote about this actually in The World is Flat, like Linux started as a patchy. It didn't start with the IT department, it started with developers and there was the Linux foundation and now Linux is everything. >> There's a big enemy called the big mini computer, and not operating systems and work stations. >> Wiped out whole parts of Boston and other parts of the world, right? >> Exactly, that's why I moved out here. >> You filed client's server out here. >> I filed a smell of innovation. No but this is interesting because this location of industries is happening, so with that, so they also on the analog, so Martin's at Andreessen, so we'll do a little VC poke there at the VCs because we love them of course, they're being dislocated-- >> I don't (mumbles) my investors. >> Well no, their playbook is being challenged. Here's an example, go big or go home investment thesis seems not to be working. Where if you get too much cash on the front end, with the MVP economy we were just riffing on and with the big super powers, the Amazons and the Googles, you can't just go big or go home, you're going to be going home more than going big. >> I think they know that. I mean Dee-nuh Suss-man who's I think Chief Investment Officer at Nasdaq has a very well known talking line that there are half as many public companies as there were 10 years ago, so the exit scenario for our industry is a little bit different. We now have things like acqui-hires, right we have other models for monetization, but I think what the flip side of it is, we're in the-- >> Adapt or die because the value will shift. Liquidity's changing, which acqui-hires-- >> I think the investment community gets it completely and they spend a lot more time with the developer mindset. In fact I think there's been a doubling down focus on technical founders versus business founders for companies for just that reason because as everything turns to code, you got to hang out with the code community. I think there are actually-- >> You think there'll be more doubling down on technical founders? You do, okay. >> Yeah I think because that is ultimately the shift. There are business model shifts, but it's, you know, I mean like Uber was a business model shift, I mean the technology was the iPhone and GPS and they wrote an app for it, but it was a business model shift, so it can be a business model shift. >> And then scale. >> And then scale and then all of those other things. But I think if you don't think about developers when you're in our, and it's like we built Illumio because a developer could take the product and get started. I mean you can, developers actually can write security policy with our product because there's a class of customers, where as not everyone where that matters. There's other people where the security team is in charge or the infrastructure team is in charge but I think everything is based on zeros and ones and everything is based on code and if you're not sensitive to how code gets bought, consumed, I mean there's a GitHub economy which is I don't even have to write the code, I'll go look at your code and maybe use pieces of it, which has always been around. >> Software disruption is clear. Cloud computing is scale. Agile is fast, and with de-risking capabilities, but the craft is coming back and some will argue, we've talked about on theCUBE before is that, you know, the craftsmanship of software is moving to up the stack in every industry, so-- >> I think it's more like a sports league. I love the NBA, right? In the old days, your professional team, you'd scout people in college. Now they used to scout them in high school, now they're scouting kids in middle school. >> (laughs) That's sad. >> Well what it says is that you have to-- >> How can you tell? >> You know but they can, right? I think you know, your point about it craft, you're going to start tracking developers as they go through their career and invest and bet on them. >> Don't reveal our secrets to theCUBE. We have scouts everywhere, be careful out there. (laughs) >> But think about that, imagine it's like there's such a core focus on hiring from college, but we had an intern from high school two years ago. We hire freshman. >> Okay so let's go, I want to do a whole segment on this but I want to just get this point because we're both sports fans and we can riff on sports all day long. >> I'm just not getting the chance >> And the greatness of Tom Brady >> to talk about the Patriots. >> And Tom Brady's gotten his sixth finger attached to his hands for his sixth ring coming up. No but this is interesting. Sports is highly data driven. >> Alan: Yep. >> Okay and so what you're getting at here, with an MVP economy, token economics is more of a signal, not yet mainstream, but you can almost go there and think okay data driven gives you more accuracy so if you can bring data driven to the tech world, that's kind of an interesting point. What's your thoughts on that? >> Yeah I mean look, I think you have to track everything. You have to follow things, and by the way, we have great tools now, you can track people through LinkedIn. There's all kinds of vehicles to tracking individuals, you track products, you track everything, and you know look, we were talking about this before we went on the show right, people make decisions based on analytics increasingly. Now the craft part is what's interesting and I'm not the complete expert, I'm on the business side, I'm not an engineer by training, but look a lot of people understand a great developer is better than five bad developers. >> Well Mark Andris' 10x is a classic example of that. >> There's clearly a star system involved, so if I think in middle school or in high school, you're going to be a good developer, and I'm going to track your career through college and I'm going to try to figure out how to attach. That's why we started hiring freshmen. >> Well my good friend Dave Girouard started a company that does that, will fund the college education for people that they want to bet on. >> Sure, they're just taking an option in them. >> Yeah, option on their earnings. Exactly. >> They are. >> It sounds like token economics to me. (laughs) >> You know you can sell anything. We are in that economy, you can sell those pieces. The good news is I think it can be a great flattener, meaning that it can move things back more to a meritocracy because if I'm tracking people in high school, I'm not worrying whether they're going to go to Stanford or Harvard or Northwestern, right? I'm going to track their abilities in an era and it's interesting, speaking about craft, you know, what are internships? They're apprenticeships. I mean it is a little bit like a craft, right? Because you're basically apprenticing somebody for a future payout for them coming to work for you and being skilled because they don't know anything when they come and work, I shouldn't say that, they actually know a lot of things. >> Alan, great to have you on theCUBE as always, great to come in and get the update. We'll certainly do more but I'd like to do a segment on you on the startup scene and sort of the venture capital dynamics, we were tracking that as well, we've been putting a lot of content out there. We believe Silicon Valley's a great place. This mission's out there, we've been addressing them, but we really want to point the camera this year at some of the great stuff, so we're looking forward to having you come back in. My final question for you is a personal one. I love having these conversations because we can look back and also look forward. You do a lot of mentoring and you're also helping a lot of folks in the industry within just your realm but also startups and peers. What's your advice these days? Because there's a lot of things, we just kind of talked a lot of it. When people come to you for advice and say, "Alan, I got a career change," or "I'm looking at this new opportunity," or "Hey, I want to start a company," or "I started a company," how is your mentoring and your advisory roles going on these days? Can you share things that you're advising? Key points that people should be aware of. >> Well look, ultimately ... I never really thought about it, you just asked the question so, ultimately, I think to me it comes down to own your own fate. What it means is like do something that you're really passionate about, do something that's going to be unique. Don't be the 15th in any category. Jack Welch taught us a long time ago that the number one player in a market gets 70% of the economic value, so you don't want to play for sixth place. It's like Ricky Bobby said, if you're not first, you're last. (John chuckles) I mean you can't always be first, but you should play for that. I think for a lot of companies now, I think they have to make sure that, and people participating, make sure that you're not playing the old playbook, you're not fighting yesterday's battle. Rhett Butler in Gone With the Wind said, "There's a lot of money in building up an empire, "and there's even more money in tearing it down." There are people who enter markets to basically punish encumbrance, take share because of innovation, but I think the really inspirational is you know, look forward five years and find a practical but aggressive path to being part of that side of history. >> So are we building up or are we taking down? I mean it seems to me, if I'm not-- >> You're always doing both. The ocean is always fighting the mountains, right? That is the course of, right? And then new mountains come up and the water goes someplace else. We are taking down parts of the client server industry, the stack that you and I built a lot of our personal career of it, but we're building this new cloud and mobile stack at the same time. And you're point is we're building a new currency stack and we're going to have to build a new privacy stack. It's never, the greatest thing about our industry is there's always something to do. >> How has the environment of social media, things out there, we're theCUBE, we do our thing with events, and just in general, change the growth plans for individuals if you were, could speak to your 23 year old self right now, knowing what you know-- >> Oh I have one piece of advice I give everybody. Take as much risk as humanly possible in your career earlier on. There's a lot of people that have worked with me or worked for me over the years, you know people when they get into their 40s and they go, "I'm thinking about doing a startup," I go, "You know when you got two kids in college "and you're trying to fund your 401K, "working for less cash and more equity may not be "the most comfortable conversation in your household." It didn't work well in my household. I mean I'm like Benjamin Button. I started in big companies, I'm going to smaller companies. Some day it's just going to be me and a dog and one other guy. >> You went the wrong way. >> Yeah I went the wrong way and I took all the risk later. Now I was lucky in part that the transition worked. When I see younger folks, it's always like, do the riskiest thing humanly possible because the penalty is really small. You have to find a job in a year, right? But you know, you don't have the mortgage, and you don't have the kids to support. I think people have to build an arc around their careers that's suitable with their risk profile. Like maybe you don't buy into bitcoin at 19,000. Could be wrong, could be 50,000 sometime, but you know it's kind of 11 now and it's like-- >> Yeah don't go all in on 19, maybe take a little bit in. It's the play and run-- >> Dollar cost averaging over the years, that's my best fidelity advice. I think that's what's really important for people. >> What about the 45 year old executive out there, male or female obviously, the challenges of ageism? We're in economy, a gig economy, whatever you want to call, MVP economics, token economics, this is a new thing. Your advice to someone who's 45 who just says "Hey you're too old for our little hot startup." What should they do? >> Well being on the other side of that history I understand it firsthand. I think that you have an incumbent role in your career to constantly re-educate yourself. If you show up, whether you're a 25, 35, 45, 55, or 65, I hope I'm not working when I'm 75, but you never know right? (mumbles) >> You'll never stop working, that's my prediction. >> But you know have you mastered the new skills? Have you reinvented yourself along the way? I feel like I have a responsibility to feed the common household. My favorite part of my LinkedIn profile, it says, "Obedient worker bee at the Cohen household," because when I go home, I'm not in charge. I've always felt that it's up to me to make sure I'm not going to be irrelevant. That to me is, you know, that to me, I don't worry about ageism, I worry about did I-- >> John: Relevance. >> Yeah did I make myself self-obsolescent? I think if you're going to look at your career and you haven't looked at your career in 15 years and you're trying to do something, you may be starting from a deficit. So the question, what can I do? Before I make that jump, can I get involved, can I advise some small companies? Could I work part time and on the weekends and do some things so that when you finally make that transition, you have something to offer and you're relevant in the dialogue. I think that's, you know, nobody trains you, right? We're not good as an industry-- >> Having a good community, self-learning, growth mindset, always be relevant is not a bad strategy. >> Yeah, I mean because I find increasingly, I see people of all ages in companies. There is ageism, there is no doubt. There's financial ageism and then there's kind of psychological bias ageism, but if you keep yourself relevant and you are the up to speed in your thing, people will beat a path to want to work for you because there's still a skill gap in our industry-- >> And that's the key. >> Yeah, make sure that you're on the right side of that skill gap, and you will always have something to offer to people. >> Alan, great to have you come in the studio, great to see you, thanks for the commentary. It's a special CUBEConversation, we're talking about the future of technology impact the society and a range of topics that are emerging, we're on a pioneering, new generational shift and theCUBE is obviously covering the most important stories in Silicon Valley from figuring out what fake news is to impact to the humans around the world and again, we're doing our part to cover it. Alan Cohen, CUBEConversation, I'm John Furrier, thanks for watching. (upbeat music)