(upbeat music) >> We're back in Boston, theCUBE's coverage of Re:Inforce 2022. My name is Dave Vellante. Dave Hatfield is here. He's the co-CEO of Lacework. Dave, great to see again. Hat. >> Thanks Dave. >> Do you still go by Hat? >> Hat is good for me. (Dave V laughing) >> All right cool. >> When you call me David, I'm in trouble for something. (Dave V Laughing) So just call me Hat for now. >> Yeah, like my mom, David Paul. >> Exactly. >> All right. So give us the update. I mean, you guys have been on a tear. Obviously the Techlash, >> Yep. >> I mean, a company like yours, that has raised so much money. You got to be careful. But still, I'm sure you're not taking the foot off the gas. What's the update? >> Yeah no. We were super focused on our mission. We want to de deliver a cloud security for everybody. Make it easier for developers and builders, to do their thing. And we're fortunate to be in a situation, where people are in the early innings of moving into the cloud, you know. So our customers, largely digital natives. And now increasingly cloud migrants, are recognizing that in order to build fast, you know, in the cloud, they need to have a different approach to security. And, you know, it used to be that you're either going be really secure or really fast. And we wanted to create a platform that allowed you to have both. >> Yeah. So when you first came to theCUBE, you described it. We are the first company. And at the time, I think you were the only company, thinking about security as a data problem. >> Yeah. >> Explain what that means. >> Well, when you move to the cloud, you know, there's literally a quintillion data sets, that are out there. And it's doubling every several days or whatever. And so it creates a massive problem, in that the attack surface grows. And different than when you're securing a data center or device, where you have a very fixed asset, and you kind of put things around it and you kind of know how to do it. When you move to the shared ephemeral massive scale environment, you can't write rules, and do security the way you used to do it, for a data centers and devices. And so the insight for us was, the risk was the data, the upside was the data, you know? And so if you can harness all of this data, ingest it, process it, contextualize it, in the context of creating a baseline of what normal is for a company. And then monitor it constantly in real time. Figure out, you know, identify abnormal activity. You can deliver a security posture for a company, unlike anything else before. Because it used to be, you'd write a rule. You have a known adversary or a bad guy that's out there, and you constantly try and keep up with them for a very specific attack service. But when you move to the cloud, the attack service is too broad. And so, the risk of the massive amount of data, is also the solution. Which is how do you harness it and use it with machine learning and AI, to solve these problems. >> So I feel like for CISOs, the cloud is now becoming the first line of defense. >> Yep. The CISOs is now the second line. Maybe the auditing is the third line. I don't know. >> Yeah. >> But, so how do you work with AWS? You mentioned, you know, quadrillion. We heard, I think it was Steven Schmidt, who talked about in his keynote. A quadrillion, you know, data points of a month or whatever it was. That's 15 zeros. Mind boggling. >> Yeah. >> How do you interact with AWS? You know, where's your data come from? Are you able to inspect that AWS data? Is it all your own kind of first party data? How does that all work? >> Yeah, so we love AWS. I mean we ultimately, we started out our company building our own service, you know, on AWS. We're the first cloud native built on the cloud, for the cloud, leveraging data and harnessing it. So AWS enabled us to do that. And partners like Snowflake and others, allowed us to do that. But we are a multi-cloud solution too. So we allow builders and customers, to be able to have choice. But we'd go deep with AWS and say, the shared responsibility model they came up with. With partners and themselves to say, all right, who ultimately owns security? Like where is the responsibility? And AWS does a great job on database storage, compute networking. The customer is responsible for the OS, the platform, the workloads, the applications, et cetera, and the data. And that's really where we come in. And kind of help customers secure their posture, across all of their cloud environments. And so we take a cloud trail data. We look at all of the network data. We look at configuration data. We look at rules based data and policies, that customers might have. Anything we can get our hands on, to be able to ingest into our machine learning models. And everybody knows, the more data you put into a machine learning model, the finer grain it's going to be. The more insightful and the more impactful it's going to be. So the really hard computer science problem that we set out to go do seven years ago, when we founded the company, was figure out a way to ingest, process, and contextualize mass amounts of data, from multiple streams. And the make sense out of it. And in the traditional way of protecting customers' environments, you know, you write a rule, and you have this linear sort of connection to alerts. And so you know, if you really want to tighten it down and be really secure, you have thousands of alerts per day. If you want to move really fast and create more risk and exposure, turn the dial the other way. And you know, we wanted to say, let's turn it all the way over, but maintain the amount of alerts, that really are only the ones that they need to go focus on. And so by using machine learning and artificial intelligence, and pulling all these different disparate data systems into making sense of them, we can take, you know, your alert volume from thousands per day, to one or two high fidelity critical alerts per day. And because we know the trail, because we're mapping it through our data graph, our polygraph data platform, the time to remediate a problem. So figure out the needle in the haystack. And the time to remediate is 90, 95% faster, than what you have to do on your own. So we want to work with AWS, and make it really easy for builders to use AWS services, and accelerate their consumption of them. So we were one of the first to really embrace Fargate and Graviton. We're embedded in Security Hub. We're, you know, embedded in all of the core platforms. We focus on competencies, you know. So, you know, we got container competency. We've got security and compliance competencies. And we really just want to continue to jointly invest with AWS. To deliver a great customer outcome and a really integrated seamless solution. >> I got a lot to unpack there. >> Okay. >> My first question is, what you just described, that needle in the haystack. You're essentially doing that in near real time? >> Yep. >> Or real time even, with using AI inferencing. >> Yeah. >> Describe it a little better. >> You're processing all of this data, you know, how do you do so efficiently? You know. And so we're the fastest. We do it in near real time for everything. And you know, compared to our competitors, that are doing, you know, some lightweight side scanning technology, and maybe they'll do a check or a scan once a day or twice a day. Well, the adversaries aren't sleeping, you know, over the other period of time. So you want to make it as near real time as you can. For certain applications, you know, you get it down into minutes. And ideally over time, you want to get it to actual real time. And so there's a number of different technologies that we're deploying, and that we're putting patents around. To be able to do as much data as you possibly can, as fast as you possibly can. But it varies on the application of the workload. >> And double click in the technology. >> Yeah. >> Like tell me more about it. What is it? Is it a purpose-built data store? >> Yeah. Is it a special engine? >> Yeah. There's two primary elements to it. The first part is the polygraph data platform. And this is this ingestion engine, the processing engine, you know, correlation engine. That has two way APIs, integrates into your workflows, ingests as much data as we possibly can, et cetera. And unifies all the data feeds that you've got. So you can actually correlate and provide context. And security now in the cloud, and certainly in the future, the real value is being able to create context and correlate data across the board. And when you're out buying a bunch of different companies, that have different architectures, that are all rules based engines, and trying to stitch them together, they don't talk to each other. And so the hard part first, that we wanted to go do, was build a cloud native platform, that was going to allow us to build applications, that set on top of it. And that, you know, handled a number of different security requirements. You know, behavior based threat detection, obviously is one of the first services that we offered, because we're correlating all this data, and we're creating a baseline, and we're figuring out what normal is. Okay, well, if your normal behavior is this. What's abnormal? So you can catch not only a known bad threat, you know, with rules, et cetera, that are embedded into our engines, but zero day threats and unknown unknowns. Which are the really scary stuff, when you're in the cloud. So, you know, we've got, you know, application, you know, for behavioral threat detection. You have vulnerability management, you know. Where you're just constantly figuring out, what vulnerabilities do I have across my development cycle and my run time cycle, that I need to be able to keep up on, and sort of patch and remediate, et cetera. And then compliance. And as you're pulling all these data points in, you want to be able to deliver compliance reports really efficiently. And the Biden Administration, you know, is issuing, you know, all of these, you know, new edicts for regulations. >> Sure. Obviously countries in, you know, in Europe. They have been way ahead of the US, in some of these regulations. And so they all point to a need for continuous monitoring of your cloud environment, to ensure that you're, you know, in real time, or near real time complying with the environments. And so being able to hit a button based on all of this data and, you know, deliver a compliance report for X regulation or Y regulation, saves a lot of time. But also ensures customers are secure. >> And you mentioned your multi-cloud, so you started on AWS. >> Yeah. >> My observation is that AWS isn't out trying to directly, I mean, they do some monetization of their security, >> Yep. >> But it's more like security here it is, you know. Use it. >> Yeah. >> It comes with the package. Whereas for instance, take Microsoft for example, I mean, they have a big security business. I mean, they show up in the spending surveys. >> Yeah. >> Like wow, off the charts. So sort of different philosophies there. But when you say you're Multicloud, you're saying, okay, you run on AWS. Obviously you run on Azure. You run on GCP as well. >> Yeah. Yep. >> We coin this term, Supercloud, Dave. It's it's like Multicloud 2.0. The idea is it's a layer above the clouds, that hides the underlying complexity. >> Yep. >> You mentioned Graviton. >> Yep. >> You worry about Graviton. Your customer don't, necessarily. >> We should be able to extract that. >> Right. But that's going to be different than what goes on Microsoft. With Microsoft primitives or Google primitives. Are you essentially building a Supercloud, that adds value. A layer, >> Yeah. >> on top of those Hyperscalers. >> Yeah. >> Or is it more, we're just going to run within each of those individual environments. >> Yeah. No we definitely want to build the Security OS, you know, that sort of goes across the Supercloud, as you talk about. >> Yeah. >> I would go back on one thing that you said, you know, if you listen to Andy or Adam now, talk about AWS services, and all the future growth that they have. I mean, security is job one. >> Yeah. Right, so AWS takes security incredibly seriously. They need to. You know, they want to be able to provide confidence to their customers, that they're going to be able to migrate over safely. So I think they do care deeply it. >> Oh, big time. >> And are delivering a number of services, to be able to do it for their customers,. Which is great. We want to enhance that, and provide Multicloud flexibility, deeper dives on Kubernetes and containers, and just want to stay ahead, and provide an option for companies. You know, when you're operating in AWS, to have better or deeper, more valuable, more impactful services to go layer on top. >> I see. >> And then provide the flexibility, like you said, of, hey look, I want to have a consistent security posture across all of my clouds. If I choose to use other clouds. And you don't, the schema are different on all three. You know, all of the protocols are different, et cetera. And so removing all of that complexity. I was just talking with the CISO at our event last night, we had like 300 people at this kind of cocktail event. Boston's pretty cool in the summertime. >> Yeah. Boston in July is great. >> It's pretty great. They're like going, look, we don't want to hire a Azure specialist, and a AWS specialist, and you know, a GCP specialist. We don't want to have somebody that is deep on just doing container security, or Kubernetes security. Like we want you to abstract all of that. Make sense of it. Stay above it. Continue to innovate. So we can actually do what we want to do. Which is, we want to build. We want to build fast. Like the whole point here, is to enable developers to do their job without restriction. And they intuitively want to have, and build secure applications. And, you know, because they recognize the importance of it. But if it slows them down. They're not going to do it. >> Right. >> And so we want to make that as seamless as possible, on top of AWS. So their developers feel confident. They can move more and more applications over. >> So to your point about AWS, I totally agree. I mean, security's job one. I guess the way I would say it is, from a monetization standpoint. >> Yeah. >> My sense is AWS, right now anyway, is saying we want the ecosystem, >> Yeah. >> to be able to monetize. >> Yeah. >> We're going to leave that meat on the bone for those guys. Whereas Microsoft is, they sometimes, they're certainly competitive with the ecosystem, sometimes. End point. >> Yeah. >> They compete with CrowdStrike. There's no question about it. >> Yeah. >> Are they competitive with you in some cases? Or they're not there yet. Are you different. >> Go talk to George, about what he thinks about CrowdStrike and I, versus Microsoft. (Dave V laughing) >> Well, yeah. (Dave H laughing) A good point in terms of the depth of capability. >> Yeah. >> But there's definitely opportunities for the ecosystem there as well. >> Yeah. But I think on certain parts of that, there are more, there's higher competitiveness, than less. I think in the cloud, you know, having flexibility and being open, is kind of core to the cloud's premise. And I think all three of the Hyperscalers, want to provide a choice for customers. >> Sure. >> And they want to provide flexibility. They obviously, want to monetize as much as they possibly can too. And I think they have varying strategies of those. And I do think AWS is the most open. And they're also the biggest. And I think that bodes well for what the marketplace really wants. You know, if you are a customer, and you want to go all in for everything, with one cloud. All right, well then maybe you use their security stack exclusively. But that's not the trend on where we're going. And we're talking about a $154 billion market, growing at, you know, 15% for you. It's a $360 billion market. And one of the most fragmented in tech. Customers do want to consolidate on platforms. >> Absolutely. >> If they can consolidate on CSPs, or they consolidate on the Supercloud, I'm going to steal that from you, with the super cloud. You know, to be able to, you know, have a consistent clarity posture, for all of your workloads, containers, Kubernetes, applications, across multiple clouds. That's what we think customers want. That's what we think customers need. There's opportunity for us to build a really big, iconic security business as well. >> I'm going to make you laugh. Because, so AWS doesn't like the term Supercloud. And the reason is, because it implies that they're the infrastructure, kind of commodity layer. And my response is, you'll appreciate this, is Pure Storage has 70% gross margin. >> Yeah. Yep. >> Right. Look at Intel. You've got Graviton. You control, you can have Intel, like gross margin. So maybe, your infrastructure. But it's not necessarily commodity, >> Yeah. >> But it leaves, to me, it leaves the ecosystem value. Companies like Lacework. >> Amazon offers 220 something services, for customers to make their lives easier. There's all kinds of ways, where they're actually focusing on delivering value, to their customers that, you know, is far from commodity and always will be. >> Right. >> I think when it comes to security, you're going to have, you're going to need security in your database. Your storage. Your network compute. They do all of that, you know, monetize all of that. But customers also want to, you know, be able to have a consistent security posture, across the Supercloud. You know, I mean, they don't have time. I think security practitioners, and security hiring in general, hasn't had unemployment for like seven or 10 years. It's the hardest place to find quality people. >> Right. >> And so our goal, is if we can up level and enable security practitioners, and DevSecOps teams, to be able to do their job more efficiently, it's a good thing for them. It's a win for them. And not having to be experts, on all of these different environments, that they're operating in. I think is really important. >> Here's the other thing about Supercloud. And I think you'll appreciate this. You know, Andreesen says, all companies are software companies. Well, all companies are becoming SAS and Cloud companies. >> Yeah. >> So you look at Capital One. What they're doing with on Snowflake. You know, Goldman what they're doing with AWS. Oracle by Cerner, you know that. So industries, incumbents, are building their own Superclouds. They don't want to deal with all this crap. >> Yeah. >> They want to add their own value. Their own tools. Their own software. And their own data. >> Yeah. >> And actually serve their specific vertical markets. >> Yeah. A hundred percent. And they also don't want tools, you know. >> Right. >> I think when you're in the security business. It's so fragmented, because you had to write a rule for everything, and they were super nuanced. When you move to a data driven approach, and you actually have a platform, that removes the need to actually have very nuanced, specific expertise across all these different. Because you're combining it into your baseline and understanding it. And so, customers want to move from, you know, one of the biggest banks in North America, has 550 different point solutions for security. Thousands of employees to go manage all of this. They would love to be able to consolidate around a few platforms, that integrate the data flows, so they can correlate value across it. And this platform piece is really what differentiates our approach. Is that we already have that built. And everybody else is sort of working backwards from Legacy approaches, or from a acquired companies. We built it natively from the ground up. Which we believe gives us an advantage for our customers. An advantage of time to market speed, efficacy, and a much lower cost. Because you can get rid of a bunch of point solutions in the process. >> You mentioned Devs. Did you, you know, that continuous experience across clouds. >> Yep. >> Do you have like the equivalent of a Super PAs layer, that is specific to your use case? Or are you kind of using, I mean, I know you use off the shelf tooling, >> Yep. >> you allow your developers to do so, but is, is the developer experience consistent across the clouds? That's really what I'm asking? >> Well, I think it is. I mean, I was talking to another CEO of a company, you know, on the floor here, and it's focusing on the build side. You know we focus on both the build and the run time. >> Right. >> And we were talking about, you know, how many different applications, or how fragmented the developer experience is, with all the different tools that they have. And it's phenomenal. I mean, like this, either through acquisition or by business unit. And developers, like to have choice. Like they don't like to be told what to do or be standardized, you know, by anybody. Especially some compliance organization or security organization. And so, it's hard for them to have a consistent experience, that they're using a bunch of different tools. And so, yeah. We want to be able to integrate into whatever workload, a workflow a customer uses, in their Dev cycle, and then provide consistent security on top of it. I mean, for our own company, you know, we got about a thousand people. And a lot of them are developers. We want to make it as consistent as we possibly can, so they can build code, to deliver security efficacy, and new applications and new tools for us. So I think where you can standardize and leverage a platform approach, it's always going to be better. But the reality is, especially in large existing companies. You know, they've got lots of different tools. And so you need to be able to set above it. Integrate with it and make it consistent. And security is one of those areas, where having a consistent view, a consistent posture, a consistent read, that you can report to the board, and know that your efficacy is there. Whatever environment you're in. Whatever cloud you're on. Is super, super critical. >> And in your swim lane, you're providing that consistency, >> Yep. >> for Devs. But you're right. You've got to worry about containers. You got to worry about the run time. You got to worry about the platform. The DevSecOps team is, you know, becoming the new line of defense, right? I mean, security experts. >> Absolutely. Well, we have one customer, that we just have been working with for four years ago. And it's, you know, a Fortune, a Global 2000 company. Bunch of different industries grew through acquisition, et cetera. And four years ago, their CTO said, we're moving to the cloud. Because we want to drive efficiency and agility, and better service offerings across the board. And so he has engineering. So he has Dev, you know. He has operations. And he has security teams. And so organizationally, I think that'll be the model, as companies do follow entries in to sort of, you know, quote. Become software companies and move on their digital journeys. Integrating the functions of DevSecOps organizationally, and then providing a platform, and enabling platform, that makes their jobs easier for each of those personas. >> Right. >> Is what we do. You want to enable companies to shift left. And if you can solve the problems in the code, on the front end, you know, before it gets out on the run time. You're going to solve, you know, a lot of issues that exist. Correlating the data, between what's happening in your runtime, and what's happening in your build time, and being able to fix it in near realtime. And integrate with those joint workflows. We think is the right answer. >> Yeah. >> Over the long haul. So it's a pretty exciting time. >> Yeah. Shift left, ops team shield right. Hat, great to see you again. >> Good to see you, Dave. >> Thanks so much for coming on theCUBE. >> Thanks a lot. >> All Right. Keep it right there. We'll be back. Re:Inforce 2022. You're watching theCUBE from Boston. (calming music)

(upbeat music) >> Good evening, guys. Welcome back to Las Vegas, theCUBE is here live at AWS re:Invent 2021. I'm Lisa Martin. We have two live sets, two remote sets, over 100 guests on theCUBE talking with AWS, and its massive ecosystem of partners bringing you this hybrid tech event, probably the biggest of the year, and I'm pleased to welcome Stephen Kovac next, the Chief Compliance Officer at Zscaler. Stephen, how's it going? >> Well, it's going well, Lisa. Thank you for asking, enjoying Vegas, loving the conference, unbelievable. >> Isn't it great to be back in person? >> Oh, it's so great, I've seen people. >> Conversations you can't replicate on video conferencing, you just can't. >> Can't, and you see people you haven't seen in two years, and it's like all of a sudden you're best buddies again. It's just wonderful, it's so great to back. >> It is, and AWS in typical fashion has done a great job of getting everybody in here safely. I'm not at all surprised, that's what I expected, but it's been great. And I hope that this can demonstrate to other companies, you can do this safely. >> You can, I think so. I mean, there's a lot of effort going into this, but as usual AWS does it right. So, you expect that. >> They do. Talk to me about the Zscaler-AWS partnership. What's going on? >> Well, it's a great partnership. So AWS and Zscaler have been partners since the beginning of Zscaler. We are the largest security cloud in the world. We're born and bred in the cloud security company. So literally we wrote one application that does global security, everything from firewall to proxy, secure web gateway, to DLP, to all this in one piece of software. So, in the past where people would buy appliances for all these devices and put them in their own data center, we wrote a software that allows us to put that in the cloud, run it on the cloud globally around the world. And our partnership with AWS is, we originally built that on AWS, and today still AWS is our prime partner, especially in the zero trust side of our business. So, great relationship, long-term and great I think for both of us, it's been a very, very... >> Fruitful partnership, synergistic? >> Synergistic, love that, so yes. >> You mentioned zero trust, and we have seen such massive changes to the security and the threat landscape the last 20, 22 months. Talk to me about the recent executive order calling for zero trust, how does Zscaler's partnership with AWS help you enable organizations, fed, SLED, DoD, to be able to actually bring in and apply zero trust? >> Yeah, great question. Five years ago I was tasked to bring Zscaler into the government side of the business. So I was employee one to do that. It was a great honor to do it. And the first thing we did is we partnered with AWS because we needed to get FedRAMP compliant. We knew we were going to go into DoD. So we needed to go to the Impact Level five. And eventually we'll be able to go up level six with AWS. And so it was our partnership started there. And as you've seen in five years with all the change that's happened, that obviously the breaches like SolarWinds, and the people up here talking about them all week with you I'm sure. The executive order came down from the Biden Administration, who I completely salute for being just tremendous leaders in the cybersecurity space. And the executive order, one of the big pieces of the executive order was every agency must produce a plan for zero trust. So our cloud platform that is on AWS is a zero trust platform. It is the first and only zero trust platform to get authorized by the federal government at the FedRAMP level, and now the IL five level. So, together we are literally capturing and taking over the, being the leader in the zero trust space for the federal government. And I'm going to get a sip of water, so forgive me, I've been here all week talking to a lot of people, so forgive me for that. >> That's one thing that we don't have to deal with when we're on Zoom, right, is you don't really have the risk of losing your voice. >> Stephen: There you go. >> But in terms of the executive order, something that you mentioned, SolarWinds, Colonial Pipeline, we only hear about some of the big ones. The fact that ransomware happens one attack every 10, 11 seconds, it's a matter of when we get hit, not if. >> As you know, the story coming up from me, coming up on stage with you today, I just got myself breached just this morning, just individually. So yes, it's going to get all of us. And especially, I think when you look at zero trust and ransomware and how they worked out how zero trust can prevent it, you look at the SLED market, you know, state, local governments, they don't have the dollars to go spend like DHS does, or say, some of the DoD does. So, our partnership with AWS allows us to produce a product that is very cost-effective on a per user basis, consumption model, which is what AWS has been famous for since day one, right, the consumption model, use it when you need it, don't use it when you don't. We built our software the same way. So, at some point in a year, in a school year, we'll ramp up with some schools up to a hundred thousand users in the district, and over the summer we'll ramp down to a thousand, and we just bill them for that. So it's a beautiful relationship that we partner in not just the executive order, but being a partner in SLED, fed in the sense that matches making our business together, match the government's business. And that makes us a true leader and makes us a cost-effective solution. And if you think about it just for a moment, yesterday, I told you I was testifying in front of the Senate. And one of the questions I got asked was, oh, how many security updates do you guys see a year? I said, a year, well, we do over 200,000 a day. 200,000 security updates from potential hackers every single day. And we're doing that over 200 billion transactions a day run on AWS. So it's tremendous partnership, and to be able to work like that, and at that kind of volume, and be able to go up and down with the, and you got AWS able to scope up and down, and us to be able to ride that wave with them. It's been great. >> One of the things that we always talk about when we talk AWS is they're customer focused or customer obsession that, hey, we start backwards, we work backwards from the customer. Same thing, synergistic from a cultural perspective? >> Absolutely, I mean, one of the things I always love about AWS and I've been a customer of AWS for many years, even prior to my Zscaler days, I love the way they approach things, right? If they're not trying to go out and sell it, they're trying to meet with the customer and find out what the customer needs, and then build a solution. We're the same way. I always tell, you know, when you think of our solutions, Zscaler, I always tell my sales teams, I say it takes four sales calls for people to really understand what we do. And AWS, in the beginning of AWS, it was kind of the same thing. In the old days, you know, we all just built data centers and we had all these racks, and all this expense and mesh is what you did. It was unusual back in the day, 10 years ago, and I've been to every single re:Invent. I mean, the first one there was like, you're actually going to put all your stuff in this unknown cloud thing, and it will be available when you need it? So yes, you know, the way that they did it is the same way we do it together today. And we do it together today. We partner on many deals today where we're both, our teams are in there together, selling together, whether it's the DoD, federal agencies, SLED agencies, and commercial, you know, selling it hand-in-hand because it's that same philosophy is we're going to build what a customer needs. We're not going to tell the customer what they need. We're going to hear what they need, and that's the same relationship. So I'm going to get another sip real quick. >> Go for it. One of the things that has been a theme that we've heard the last couple of days is every company needs to be a data company or private sector, public sector, and if they're not, they're probably not going to be around much longer. How do you help customers get their handle around that? Because the security threats are only increasing. I mean, it's ransomware as a service. The fact that these criminals are getting much more brazen, you just had this happen to yourself, but enabling them to become data-driven organizations and use the data, extract the value from it securely, that's hard. >> It is, I mean, if you think back in the day, I mean, companies didn't have chief compliance officers that worked in the space that we do. Their chief compliance officer back in the day was the guy that was writing your HR issues and what OSHA issues, and of course, I still deal with some of that stuff, but my true job is really around the data, right? You know, how do we build our platforms, what decisions we make on our platforms, how we're going to certify them to support that, and I mean, chief data officers, chief security officers, I mean, you go into companies today, even car dealerships today. I mean, I'm picking one, you never thought of them having a security officer, but they do, they have to, they have to. And I mean, basic school districts, I mean, I don't about you, when I was a kid and went to school, they didn't have computers, but when my kid went to school, they did, but they didn't have a security officer. Now today, every single school district has security officers. I mean, I love how you said it, that data-driven, that data thought is there. It has to be, it's a real threat. And the sad thing is of these ransomware attacks, how many don't get reported. >> Oh, right, we're only hearing about a select few. >> The numbers are something like 88% don't get reported. It's that big. So that just tells you, we hear the big ones, right, Colonial Pipeline, things like that. We don't hear about West Texas or Middle Illinois school district that paid five grand because somebody had something on the school. That's how, as you said, this ransomware as a service security, we call it a security as a service, there's SaaS, which is software as a service, we're security software as a service, and AWS is the infrastructure as a service that we run on. And that's how it works well together. >> Do you guys go into accounts together from a go-to-market perspective? >> We, do, we can always do a better job. And my good friend here at AWS, who's probably listening, we can always do better. But yeah, so it is become something that, especially in the government space we do, in federal, DoD, because the certifications are really important, certifications are important everywhere, and we have many, we talked about all the certifications we have in federal, FedRAMP and IL five, and we have a plethora of those certifications in the commercial space. But they mean in a federal space, they're really the ticket. They call them the ENERGY STAR of approval, good housekeeping piece. So, you know, having that, teaming up with AWS who we partner together and because AWS has the same certs, we can sell at the same levels. And we do a really great job of co-selling in that space together. And I think when they look at us and they say, well, you're AWS, they've got their FedRAMP high, IL five, and you're Zscaler, you got your FedRAMP high, IL five. Yes, we can do business with these guys, and that's important. >> So you guys both open doors for each other. >> We do, we do in many cases, yeah. As a matter of fact, re:Invent five years ago, a buddy of mine here opened a big, big account for us, which is today our largest account in federal came from re:Invent, where came up to me and said, hey, my customer wants to, he's looking to do something, they're an agency that has global footprint, and they're like, we want to do something as a security as a service. They don't want to ship boxes all over the place. And we just met the customer for a coffee, and next thing you know, became our, still today, our probably largest customer in federal. >> Wow, well, this is the 10th re:Invent, you said you've been to all of them. >> Stephen: I have been to all of them. I can't lie, but I can't say I did all the virtual ones. I mean, I was logged in. (laughs) >> That's okay, we'll wink on that one. But, one of the things then, we've just got about a minute left here, is in new leadership, Andy Jassy being promoted to the CEO of Amazon, we've got Adam Selipsky, heard lot of announcements and news from Adam yesterday, but some of the things that we've been talking about on theCUBE is the first 15 years of innovation at AWS, that's going to accelerate. Do you see that also, like if you look forward to the next decade, do you see things moving much faster than they did the past decade? >> I don't think they can't. I mean, I shouldn't say they have to. And the change of the guard as you might call it here, is it's always good to have a change of the guard I think. You know, the question is when's Andy going to go to space? I mean, that's the next. (Lisa laughs) I think you have the guys who got AWS to the dance, and now the dance, who's going to become the belle of the ball. And this next generation of leadership coming in is fabulous. I think they've made great decisions, and I think they're going to do really well. And we're behind them, we support it. I got a chance to meet with most of them, love a chance to meet with Andy, I haven't met with him yet. So Andy, I'd love to meet you sometime soon. But I'm very impressed with what they've done. And yes, I think it's going to be, the last 10 years of growth is going to be a year next year. I think literally, you take 10 years be compressed to a year, and then next year it will be compressed to a day. So it's moving that fast. >> Yep, get your neck brace on, prepare for that whiplash. >> Yeah, right? That's what I said to Jeff when Jeff went to space, that's how fast we're about to travel, right? But it's really relative. >> It is, there is no limit. Well, Stephen, thank you for joining me, talking about Zscaler, AWS, what you guys are doing, how you're helping to revolutionize the public sector, fed, SLED, a lot of great stuff there. Security is an ever-evolving topic, and we appreciate all of your insights. >> Well, it was wonderful to be here. Great to see you again. And great to be back with all our friends at re:Invent. >> All of our friends, exactly. >> Stephen: Thank you so much for the time today. >> My pleasure. For Stephen Kovac, I'm Lisa Martin. You're watching theCUBE, the global leader in live tech coverage. (pleasant music)

>>Welcome to the cubes, continuing coverage of AWS reinvent 2021. I'm your host, Lisa Martin. We are running one of the industry's most important and largest hybrid tech events of the year. This year with AWS and its ecosystem partners. We have two life studios, two remote studios, and over 100 guests. So stick around as we talk about the next 10 years of cloud innovation, I'm very excited to be joined by another Lisa from Zscaler. Lisa Lorenzen is here with me, the field CTO for the Americas. She's here to talk about ZScaler's mission to make doing business and navigating change a simpler, faster, and more productive experience. Lisa, welcome to the program. >>Thank you. It's a pleasure to be here. >>So let's talk about Zscaler in AWS. Talk to me about the partnership, what you guys are doing together. >>Yeah, definitely. Z scaler is a strategic security ISV partner with AWS. So we provide AWS customers with zero trust, secure remote access to AWS, and this can improve their security posture as well as their user experience with AWS. These scaler recently announced that we are the first and only cloud security service to achieve the FedRAMP PI authorization to operate. And that FedRAMP ZPA service is built on AWS gov cloud. ZScaler's also an AWS marketplace seller where our customers can purchase our zero trust exchange services as well as request or high value security assessments. We're excited about that as we're seeing a rapid increase in customer adoption as these scaler via the AWS marketplace, we vetted our software on AWS edge services that support emerging use cases, including 5g, IOT, and OT. So for example, Zscaler runs on wavelength, outposts, snowball and snowcones, and Zscaler has strategic partnerships with leading AWS service providers and system integration partners, including Verizon NTT, BT, Accenture, Deloitte, and many of the leading national and regional AWS consulting partners. >>Great summary there. So you mentioned something I want to get more understanding on this. It sounds like it's a differentiator for CSO scale. You said that you guys recently announced to the first and only cloud security service to achieve FedRAMP high. Uh, ATO built on AWS gov cloud. Talk to me about and what the significance of that is. >>I L five authorization to operate means that we are able to protect federal assets for the department of defense, as well as for the civilian agencies. It just extends the certification of our cloud by the government to ensure that we meet all of the requirements to protect that military side of the house, as well as the civilian side of the house. >>Got it super important there, let's talk about zero trust. It's a super hot topic. We've seen so many changes to the threat landscape during the pandemic. How are some of the ways that Z scaler and AWS are helping customers tackle this together? >>Well, I'd actually like to answer that by telling a little bit of a story. Um, Growmark is one of our Z scaler and AWS success stories when they had to send everyone home to work from home overnight, the quote that we had from is the users just went home and nothing changed. ZPA made work from anywhere, just work, and they were able to maintain complete business continuity. So even though their employers might have had poor internet service at home, or, you know, 80 challenging infrastructure, if you've got kids on your wifi bunch of kids in the neighborhood doing remote school, everyone's working from home, you don't have the reliability or the, maybe the bandwidth capacity that you would when you're sitting in an office. And Zscaler private access is a cloud delivered zero trust solution that leverages dynamic resilient, TLS encrypted tunnels to connect the user to an application rather than putting an end point on a network. >>And the reason that's important is it makes for a much more reliable and resilient service, even in environments that may not have the best connectivity I live out in the county. I really, some days think that there's a hamster on a wheel somewhere in my cable modem network, and I am a consumer of this, right. I connect to Z scaler over Zscaler private access, I'm protected by Zscaler internet access. And so I access our internal applications that are running in AWS as well this way. And it makes a huge difference. Growmark really started with an SAP migration to AWS, and this was long before the pandemic. So they started out looking for that better user experience and the zero trust capability. They were able to ensure that their SAP environment was dark to the internet, even though it was running in the cloud. And that put them in this position to leverage that zero trust service when the pandemic was upon us, >>That ability or that quote that you mentioned, it just worked was absolutely critical for all of us in every industry. And I'm sure a lot of folks who were trying to manage working from home, the spouses from home kids doing, you know, school online also felt like you with the hamster on the wheel, I'm sure their internet access, but being able to have that business continuity was table-stakes especially early on for most organizations. We saw a lot of digital transformation, a lot of acceleration of it in the last 20 months during the pandemic. Talk to me about how Z scaler helps customers from a digital transformation perspective and maybe what some of the things were that you saw in the last 20 months that have accelerated >>Absolutely. Um, another example, there would be Jefferson health, and really, as we saw during the pandemic, as you say, it accelerated a lot of the existing trends of mobility, but also migration to the cloud. And when you move applications to the cloud, honestly, it's a complex environment and maybe the controls and the risk landscape is not as well. Understood. So Z scaler also has another solution, which is our cloud security posture management. And this is really ensuring that your configuration on your environment, that those workloads run in is controlled, understood correctly, coordinated and configured. So as deference and health migrated to the cloud first model, they were able to leverage the scalers workload posture to measure and control that risk. Again, it's environment where the combination of AWS and Z scaler together gives them a flexible, resilient solution that they can be confident is correctly configured and thoroughly locked down. >>And that's critical for businesses in any organization, especially as quickly as how quickly things changed in the last 20 months or so I do wonder how your customer conversations have has changed as I introduced you as the field CTO of the America's proceeds killer. I'm sure you talk with a lot of customers. How has the security posture, um, zero trust? How has that risen up within the organizational chain? Is that something that the board is concerned about? >>My gosh, yes. And zero trust really has gone through the Gartner hype cycle. You've got the introduction, the peak of interest, the trough of despair, and then really rising back into what's actually feasible. Only zero trust has done that on a timeline of over a decade. When the term was first introduced, I was working with firewall VPN enact technology, and frankly, we didn't necessarily have the flexibility, the scalability, or the resilience to offer true zero trust. You can try to do that with network security controls, but when you're really protecting a user connecting to an application, you've got an abstraction layer mismatch. What we're seeing now is the reemergence of zero trust as a priority. And this was greatly accelerated honestly by the cybersecurity executive order that came out a few months ago from the Biden administration, which made zero trust a priority for the federal government and the public sector, but also raised visibility on zero trust for the private sector as well. >>When we're looking at zero trust as a way to perhaps ward off some of these high profile breaches and outages like the colonial pipeline, whole situation that was based on some legacy technology for remote access that was exploited and led to a breach that they had to take their entire infrastructure offline to mitigate. If we can look at more modern delivery mechanisms and more sophisticated controls for zero trust, that helps the board address a number of challenges ranging from obviously risk management, but also agility and cost reduction in an environment where more than ever belts are being tightened. New ways of delivering applications are being considered. But the ability to innovate is more important than ever. >>It is more important than ever the ability to innovate, but it really changing security landscape. I'm glad to hear that you're seeing, uh, this change as a result of the executive order that president Biden put down in the summer. That's good news. It sounds like there's some progress being made there, but we saw, you mentioned colonial pipeline. We saw a lot in the last 20, 22 months or so with ransomware becoming a household word, also becoming something that is a matter of when companies in any industry get hit and versus if it's no longer kind of that choice anymore. So talk to me about some of the threats and some of the stats that Z scaler has seen particularly in the last 20, 22 months. >>Oh gosh. Well, let's see. I'm just going to focus on the last 12 months, cause that's really where we've got some of the best data. We've seen a 500% increase in ransomware delivered over encrypted channels. And what that means is it's really critical to have scalable SSL inspection that can operate at wire speed without impeding the user experience or delay in critical projects, server communications, activities that need to happen without any introduced in any additional latency. So if you think about what that takes the Z scaler internet access solution is protecting users, outbound access in the same way that Zscaler private access protects access to private resources. So we're really seeing more and more organizations seeing that both of these services are necessary to deliver a comprehensive zero trust. You have to protect and control the outbound traffic to make sure that nothing good leaks out, nothing bad sneaks in. >>And at the same time, you have to protect and control the inbound traffic and inbound is, you know, a much broader definition with apps in the data center in the cloud these days. We're also seeing that 30% of malware is delivered through trusted applications like file shares or collaboration tools. So it's no longer enough to only inspect web traffic. Now you have to be able to really inspect all flavors of traffic when you're doing that outbound protection. So another good example where Z scaler and AWS work together here is in Amazon workspaces. And there's a huge trend towards desktop as a service, for example, and organizations are starting to recognize that they need to protect both the user experience and also the connectivity onward in Amazon workspaces, the same way that they would for a traditional end user device. So we see Z scaler running in the Amazon workspaces instances to protect that outbound traffic and control that inbound traffic as well. >>Another big area is the ransomware infections are not the problem. It's the result. So over half of the ransomware infections include data theft or leakage. And that is a double whammy because you get what's called double extortion where not only do you have to pay to unlock your machines, but you have to pay not to have that stolen data exposed to the rest of the world. So it's more important than ever to be able to break that kill chain as early as possible to ensure that the or the server traffic itself isn't exposed to the initial infection vector. If you do happen to get an infection vector that sneaks through, you need to be able to control the lateral movement so that it doesn't spread in your environment. And then if both of those controls fail, you also need the outbound protection such as CASBY and DLP to ensure that even if they get into the environment, they can't exfiltrate any of the data that they find as a result. We're seeing that the largest security risk today is lateral movement inside the corporate network. And that's one of the things that makes these ransomware double extortion situations, such a problem. >>Last question for you. And we've got about a minute left. I'm curious, you said over 50% of ransomware attacks are now double extortion. How do you guys help customers combat that? So >>We really deliver a solution that eliminates a lot of the attack surface and a lot of the risks. We have no inbound listener, unlike a traditional VPN. So the outbound only connections mean you don't have the external attack surface. You can write these granular policy controls to eliminate lateral movement. And because we integrate with customer's existing identity and access management, we can eliminate the credential exposure that can lead to a larger spread in a compromised environment. We also can eliminate the problem of unpatched gateways, which led to things like colonial pipeline or some of the other major breaches we've seen recently. And we can remove that single point of failure. So you can rely on dynamic optimized traffic distribution for all of these secure services. Basically, what we're trying to do is make it simpler and more secure at the same time, >>Simpler and more secure at the same time is what everyone needs regardless of industry. Lisa, thank you for joining me today, talking about Zscaler in AWS, zero trust the threat landscape that you're seeing, and also how's the scaler and AWS together can help customers mitigate those growing risks. We appreciate your insights and your thoughtfulness. >>Thank you >>For Lisa Lorenzen. I'm Lisa Martin. You're watching the cubes coverage of AWS reinvent stick around more great content coming up next.

>>Well, hi everybody, John Walls here, continuing our coverage on the cube of splunk.com 21. And then we talked a lot about data these days of companies and enterprise all the way down to small business and the importance of day to day to security data protection. But the public sector also has those very same concerns and some unique worries as well. And with me to talk about the public sector and its data transformation, and of course what's going on in that space is Jeremy Reesey, who was the group vice president of the public sector at Splunk. Jeremy. Good to see you today. Thanks for joining us. Thank you. >>Thanks for making time for me, John. You bet. >>Glad to have you. Well, let's, let's just, if first off, let's just paint the picture for those watching who are kind of focused on the private sector a little bit, just share with some general thoughts about the public sector and what's going on in terms of its digital transformation and what kind of concerns or, um, I guess, challenges you think there are broadly speaking first in the public sector around. >>Thanks, John. There's quite a bit of transformation going on right now in our government. And just like in industry, we've seen the pandemic as a catalyst for a lot of that transformation. Uh, you may have seen that Splunk recently released a report on the state of data innovation. And what we found is that, um, a lot of good things are happening, but the government still has a lot of work to do. And so there were pockets of excellence that we saw in the last 18 months where agencies really responded to things like the requirement for vaccinations and the requirement for monitoring, uh, health status in general. Uh, and we saw tremendous, um, speed in rolling out things like tele-health across, uh, the veterans affairs administration. But, uh, we also saw in our report that there were many agencies that haven't yet been able to modernize in the way that they want. And one of the inhibitors to that, frankly, John is their ability to adopt software as a service. And so we've seen a lot of things happening in the last year that, um, moved agency customers towards software as a service, but there's work yet. >>So, and why is that? So when you're talking about SAS, is it, is it, um, bureaucratic, uh, red tape as a regulatory issues? Or is it just about, uh, this is a large, huge institution that makes independent decisions, you know, HHS might make decisions separate from state separate from deity, uh, and then it's fragmented. I mean, what are those challenges? >>Sure. Well, I think there are two sides of a John. I think that our government is inherently designed to move cautiously and to move in such a way that we don't make mistakes. Uh, you use the word re bureaucratic. I'm not a huge fan of that word, but I understand the sentiment. Uh, I think that there are layers to any decision that any part of the government makes and certainly that support of, um, inhibiting speed. But I think the other part of it is our acquisition rules and regulations. And I think we've seen a number of positive changes made, uh, not only in the last administration, but even in this current administration that are helping our government agencies to take advantage of software as a service. Um, but there's still work to do there as well. Uh, we've seen the rise of things like, uh, other transactional authorities, OTAs. Uh, we've seen the establishment of an agile procurement office inside the general services administration, GSA, uh, but uh, other parts have heritage systems, systems that are working really well. And you don't want to change something that's not broken just for the sake of changing it. You want to change it in such a way, uh, that you really do transform and deliver new capabilities. >>Yeah. And I guess, um, you know, it's a matter of obviously of developing an expertise and, and maybe confidence too, right? Because this is, this is a new world, a new tech world, if you will here in the 21st century. And, um, and maybe I misused the word bureaucratic. Um, and I know you said you don't like it, but, but there's a certain kind of institutional energy or whatever you want to call it that kind of prohibits fast changes and, and is cautious and is conservative because, I mean, these are big dollar decisions and they're important decisions to based on security. So, I mean, how do you wrap your arms around that from a Splunk perspective to deal with the government, you know, at large, uh, when they have those kinds of, um, uh, I guess considerations >>Certainly, well, the beauty of where we find ourselves today is that data is incredibly powerful and there's more data available to our agency customers or to any company than ever before. So Splunk is inherently a data platform. We allow our customers be the agency customers, or be the industry customers to ask questions of data that they collect from any source, be it a structured data or unstructured data using Splunk, a customer can say, what's happening. Why is it happening? Where is it happening? And that's incredibly powerful. And I think, um, in this current age where, uh, the pandemic is forcing us to rethink how we deliver services and citizen services specifically, uh, having a data platform is incredibly powerful because the way that we're answering questions today is different than the way we answered questions last year. And it may be very different the way we have to ask questions a year from now. Uh, and that's really what Splunk's is delivering to our customers is that flexibility to be able to ask any question of any data set, uh, and to ask those questions in the context of today, not just the context that they knew yesterday. >>Yeah. W w and you mentioned the pandemic, what has that impact then? Um, obviously the need of, uh, I think about, you know, vaccination of disease, monitoring of outbreak monitoring, uh, emergency care, ICU units, all these things, um, critically important to the government's role right now, um, and continue to be, so what kind of impact has the, the pandemic had in terms of their modernization plans? Um, I'm guessing some of these had to be put on hold, right? Because you've, you've got, uh, you've got an emergency and so you can't conduct business as usual. >>Sure. So it's caused a shift in priorities as you know, John, and then it's also caused us to rethink what has to be done in person and what can be done remotely. And when we think about what can be done remotely, we're seeing a proliferation of devices. Um, we're seeing a proliferation of, uh, the, the level of network access, uh, that is enabled and supported. And with that, we see new security concerns, right? We are seeing, uh, uh, really, uh, an intriguing rise of thought around authentication and making sure that the right person is coming in from the right device, uh, using the right applications at the right time, that is incredibly challenging for our agency customers. Uh, and they have to think about what's happening in, in ways that they didn't have to last year. >>Let's talk about certification a little bit, and I know you announced a FedRAMP a couple of years ago, and now you've come out with a new iteration, if you will. Um, I hear about that. So walk me through that a little bit in our audience as well. And then just talk about the value of certification. Why does that really matter? What's the importance of that? >>Thanks, John. We did recently announced that we've received a provisional authority to operate, uh, in aisle five impact level five. And that's incredibly exciting. I've, I've never worked for a software company that had FedRAMP certification previously. And I think it demonstrates Splunk's commitment to this market, the public sector market. Uh, we are absolutely, um, committed to delivering our software in any environment at any level of classification that our customers need, and that allows them to rest assured that they can decide anything they want to about their data without worrying about the sanctity of that data itself, or the platform that they're using to process that data. That's incredibly exciting. I hope, >>Yeah. You mentioned, uh, the current administration just a little bit ago, you know, the Biden administration, um, no executive orders, you know, focusing in on, on, um, use of, of, uh, or I guess taking appropriate measures, right. To protect your data cyber from a cyber security perspective. Um, what exactly has that done to change the approach the government is taking now, uh, to protecting data and then how have you adapted to that executive order to provide the right services for governments looking to, to make sure they meet those standards and that criteria? >>Well, it's an exciting time as you, as you point out on May 12th, president Biden's son and executive order on improving the nation's cybersecurity. So, uh, from the highest levels, we're seeing the government sort of set a baseline for what makes sense. And they went further in a memo just released on August 27th, uh, by releasing what they call an enterprise logging maturity model. And it has four levels. And it, it indicates what sorts of data agencies should be storing from, and in their systems and for how long they should be storing it. And that's incredibly exciting because a lot of agencies are using Splunk, uh, to make sense of that data. And so this gives them sort of a baseline for what data do they need to collect? How long do they need to keep it collected for what questions do they need to ask of it? And as a result, um, we're making some offers to our customers about how they use Splunk, uh, how they take advantage of our cloud-based storage within our product, um, how they take advantage of our services in mapping their data strategy to this enterprise logging maturity model. And it represents a great opportunity to sort of take a step forward in cybersecurity for these agency customers. >>Yeah. I'm kind of curious here. I mean, I, I came from the wireless space and we had an active dialogue with the government in terms of, uh, communications, emergency communications, um, and, um, and also in, in services, the rural areas, that kind of thing. But sometimes that collaboration didn't go as smoothly as we would've liked, frankly. And, and so maybe lessons have been learned from that in terms of how the private sector melds with the public sector and works with the policy makers, you know, in that respect, what, how would you characterize just overall the relationship, you know, the public private sector relationship in terms of, you know, the sharing of resources and of information and collaboration? >>Well at the federal government level, uh, there's always been pretty incredible collaboration between industry and government, but I think, um, we at Splunk have been engaged through organizations like the Alliance for digital innovation, uh, the us chamber of commerce, um, act by act the American council for technology and the industry advisory council. And we're seeing a rise actually in university partnerships as well, particularly at the state level where, uh, let's say local governments are saying, Hey, we don't have the capacity to do some of these things that we now know we need to do. And we know that, uh, some of those things could be done in collaboration with our university partners and with our state partners. Um, and that's exciting. I think that it is an era where everyone realizes there are new threats. Uh, there are threats that are, um, hard to handle in a silo and that the more we collaborate, whether it's government industry collaboration, or whether it's cross government collaboration, or whether it's cross industry collaboration, the better, and the more effectively, uh, we'll solve some of these problems that face us as a nation. >>What do you make a great point too? Because, uh, it is about pulling resources at some point, and everybody pulling together, uh, in order to combat what has become a certainly vaccine, uh, challenge to say the least Jeremy, thanks for the time. Uh, I appreciate it. And, uh, wish you all the success down the road. >>Thanks for having me, John, you >>Bet Jeremy Risa joining us, talking about the public sector and sparks just exemplary work in that respect. You're watching the cube. Our coverage continues here of.com for 21.

(soft music) >> There are many constants in the storage business, relentlessly declining cost per bit, innovations that perpetually battled the laws of physics, a seemingly endless flow of venture capital, despite the intense competition. And there's one other constant in the storage business, Eric Hertzog, and he joins us today in this CUBE video exclusive to talk about IBM's recent storage announcements. Eric, welcome back to theCUBE. >> Great, Dave, thanks very much, we love being on theCUBE and you guys do a great job of informing the industry about what's going on in storage and IT in general. >> Well, thank you for that. >> Great job. >> We're going to cover a lot of ground today. IBM Storage, made a number of announcements the past month around data resilience, a new as-a-service model, which a lot of folks are doing in the industry, you've made performance enhancements. Can you give us the top line summary of the hard news, Eric? >> Sure, the top line summary is of course cyber security is on top of mind for everybody in the recent Fortune 500 list that came out, you probably saw, there was a survey of CEOs of Fortune 500 companies, they named cybersecurity as their number one concern, not war, not pandemic, but cybersecurity. So we've got an announcement around data resilience and cyber resiliency built on our FlashSystem family with our new offering, Safeguarded Copy. And the second thing is the move to a new method of storage consumption. Storage-as-a-Service, a pay-as-you-go model, cloud-like the way people buy cloud storage, that's what you can do now from IBM Storage with our Storage-as-a-Service. Those are the key, two takeaways, Dave. >> Yeah and I want to stay on the trends that we're seeing in cyber for a moment, the work from home pivot in the hybrid work approach has really created a new exposures, people aren't as secure outside of the walled garden of the offices and we've seen a dramatic escalation in the adversaries capabilities and techniques, another least of which is island hopping, in other words, putting code fragments in the digital supply chain, they reform once they're inside the company and it's almost like this organic creepy thing that occurs. They're also living as you know, stealthily for many, many months, sometimes years, exfiltrating data, and then just waiting and then when companies respond, the incidents response trigger a ransomware incident. So they escalate the cyber crime and it's just a really, really bad situation for victims. What are you seeing in that regard and the trends? >> Well, one of the key things we see as everyone is very concerned about cybersecurity. The Biden administration has issued (indistinct) not only to the government sector, but to the private sector, cyber security is a big issue. Other governments across the world have done the same thing. So at IBM Storage, what we see is taking a comprehensive view. Many people think that cybersecurity is moat with the alligators, the castle wall and then of course the sheriff of Nottingham to catch the bad guys. And we know the sheriff of Nottingham doesn't do a good job of catching Robin Hood. So it takes a while as you just pointed out, sitting there for months or even longer. So one of the key things you need to do in an overall cybersecurity strategy is don't forget storage. Now our announcement around Safeguarded Copy is very much about rapid recovery after an attack for malware or ransomware. We have a much broader set of cyber security technology inside of IBM Storage. For example, with our FlashSystem family, we can encrypt data at rest with no performance penalty. So if someone steals that data, guess what? It's encrypted. We can do anomalous pattern detection with our backup product, Spectrum Protect Plus, why would you care? Well, if theCUBE's backup was taking two hours on particular datasets and all of a sudden it was taking four hours, Hmm maybe someone is encrypting those backup data sets. And so we notify. So what we believe at IBM is that an overarching cybersecurity strategy has to keep the bad guys out, threat detection, anomalous pattern behavior on the network, on the servers, on the storage and all of that, chasing the bad guy down once they breach the wall, 'cause that does happen, but if you don't have cyber and data resilience built into your storage technology, you are leaving a gap that the bad guys can explain, whether that be the malware ransomware guys oh by the way, Dave, there still is internal IT theft that there was a case about 10 years ago now where 10 IT guys stole $175 million. I kid you not, $175 million from a bunch of large banks across the country, and that was an internal IT theft. So between the internal IT issues that could approach you malware and ransomware, a comprehensive cybersecurity strategy, must include storage. >> So I want to ask you about come back to Safeguarded Copy and you mentioned some features and capabilities, encrypting data at rest, your anomalous pattern recognition inferring, you're taking a holistic approach, but of course you've got a storage centricity, what's different about your cyber solution? What's your unique value probability to your (indistinct) . >> Well, when you look at Safeguarded Copy, what it does is it creates immutable copies that are logically air-gapped, but logically air-gapped locally. So what that means is if you have a malware or ransomware attack and you need to do a recovery, whether it be a surgical recovery or a full-on recovery, because they attacked everything, then we can do recovery in a couple hours versus a couple of days or a couple of weeks. Now, in addition to the logical local air-gapping with Safeguarded Copy, you also could do remote logical air-gapping by snapping out to the cloud, which we also have on our FlashSystem products and you also of course, could take our FlashSystem products and back up to tape, giving you a physical air gap. In short, we give our customers three different ways to help with malware and ransomware. >> Let me ask you- >> Are air-gapped locally. >> Yeah, please continue, I'm sorry. >> So our air-gapping locally for rapid recovery, air-gapping remotely, which again, then puts it on the cloud provider network, so hopefully they can't breach that. And then clearly a physical air gap going out to tape all three and on the mainframe, we have Safeguarded Copy already, Dave and several of our mainframe customers actually do two of those things, they'll do Safeguarded Copy or rapid recovery locally, but they'll also take that Safeguarded Copy and either put it out to tape or put it out to a cloud provider with a remote logical air-gap using a snapshot. >> I want to ask you a question about management 'cause when you ask CSOs, what's your number one challenge, they'll say lack of talent, We've got all these tools and all this lack of skills to really do all this stuff. Can't hire people fast enough and they don't have the skills. So when you think about it, and so what you do is you bring a lot of automation into the orchestration and management. My question is this, when you set up air gaps, do you recommend, or what do you see in terms of not, of logically and physically not only physically separating the data, but also the management and orchestration and automation does that have to be logically air-gapped as well or can you use the same management system? What's best practice there? >> Ah, so what we do is we work with our copy management software, which will manage regular copies as well, but Safeguarded Copies are immutable. You can't write to them, you can't get rid of them and they're logically air-gapped from the local hosts. So the hosts, for the Safeguarded Copies that immutable copy, you just made, the hosts don't even know that it's there. So you manage that with our copy management software, which by the way, we'll manage regular snapshots and replicas as well, but what that allows you to do is allows you to automate, for example, you can automate recovery across multiple FlashSystem arrays, the copy services manager will allow you to set different parameters for different Safeguarded Copies. So a certain Safeguarded Copy, you could say, make me a copy every four hours. And then on another volume on a different data set, you could say, make me a copy every 12 hours. Once you set all that stuff update, it's completely automated, completely automated. >> So, I want to come back to something you mentioned about anomalous pattern recognition and how you help with threat detection. So a couple of a couple of quick multi-part question here. First of all, the backup corpus is an obvious target. So that's an area that you have to protect. And so can, and you're saying, you've used the example if your backups taking too long, but so how do you do that? What's the technology behind that? And then can you go beyond, should you go beyond just the backup corpus, with primary data or copies on-prem, et cetera? Two part questions. >> So when we look at it, the anomalous pattern detection is part of our backup software, say Spectrum Protect and what it does it uses AI-based technology, it recognizes a pattern. So it knows that the backup dataset for the queue takes two hours and it recognizes that, and it sees that as the normal state of events. So if all of a sudden that backup that theCUBE was doing used to take two hours and starts taking four, what it does is that's an anomalous pattern, it's not a normal pattern. It'll send a note to the backup admin, the storage admin, whoever you designate it to and say the backup data set for theCUBE that used to take two hours, it's taken four hours, you probably ought to check that. So when we view cyber resiliency from a storage perspective, it's broad. We just talked about anomalous pattern detection in Spectrum Protect. We were talking most of the conversation about our Safeguarded Copy, which is available on the mainframe for several years and is now available on FlashSystems, making immutable local air-gap copies, that can be rapidly recovered and are immutable and can help you recover for a malware or ransomware attack. Our data at rest encryption happens to be with no performance penalty. So when you look at it, you need to create an overarching strategy for cybersecurity and then when you look at your storage estate, you need to look at your secondary storage, backup, replicas, snaps, archive, and have a strategy there to protect that and then you need a strategy to protect your primary storage, which would be things like Safeguarded Copy and encryption. So then you put it all together and in fact, Dave, one of the things we offer is a free cyber resilience assessment. It's not only for IBM Storage, but it happens to be a cyber resilience assessment that conforms to the NIST Framework and it's heterogeneous. So if you're a big company, you've got IBM EMC and HP Storage, guess what? It's all about the data sets not about the storage. So we say, you said these 10 data sets are critical, why are you not encrypting them? These data sets are XYZ, why are you not air-gapping them? So we come up based on the NIST Framework, a set of recommendations that are not IBM specific, but they are storage specific. Here's how you make your storage more resilient, both your secondary storage and your primary storage. That's how we see the big thing and Safeguarded Copy of course fits in on the primary storage side, A on the mainframe, which we've had for several years now and B in the Linux world, the Unix world and the Windows Server world on our FlashSystem portfolio with the announcement we did on July 20th. >> Great, thank you for painting that picture. Eric, are you seeing any use case patterns emerge in this space? >> Well, we see a couple of things. First of all, is A most resellers and most end-users, don't see storage an overarching part of the cybersecurity strategy, and that's starting to change. Second thing we're seeing is more and more storage companies are trying to get into this bailiwick of offering cyber and data resilience. The value IBM brings of course is much longer experience to that and we even integrate with other products. So for example, IBM offers a product called QRadar from the security divisions not a storage product, a security product, and it helps you with early data breach recognition. So it looks at servers, network access, it looks at the storage and it actually integrates now with our Safeguarded Copy. So, part of the value that we bring is this overarching strategy of a comprehensive data and cyber resilience across our whole portfolio, including Safeguarded Copy our July 20th announcement. But also integration beyond storage now with our QRadar product from IBM security division. And there will be future announcements coming in both Q4 and Q1 of additional integration with other security technologies, so you can see how storage can be a vital COD in the corporate cybersecurity strategy. >> Got it, thank you. Let's pivot to the, as-a-service it's, cloud obviously is brought in that as-a-service. Now, it seems like everybody has one now. You guys have announced obviously HPE, Dell, Lenovo, Cisco, Pure, everybody's gotten out there as-a-service model, what do we need to know about your as-a-service solution and why is it different from the others? >> Sure. Well, one of the big differences is we actually go on actual storage, not effective. So when you look at effective storage, which most of them do that includes creating the (indistinct) data sets and other things, so you're basically paying for that. Second thing we do is we have a bigger margin. So for example, if theCUBE says we want SLA-3 and we sell it by the SLA, Dave, SLA-1, two and three. So let's say theCUBE needs SLA-3 and the minimum capacity is a 100 terabytes, but let's say you think you need 300 terabytes. No problem. You also have a variable. One of the key differences is unlike many of our competitors, the rate for the base and the rate for the variable are identical. Several of our competitors, when you're in the base, you pay a certain amount, when you go into the variable, they charge you a premium. The other key differentiator is around data reduction. Some of our competitors and all storage companies have data reduction technology. Block-level D do thin provisioning, compression, we all offer those features. The difference is with IBM's pay-as-you-grow, Storage-as-a-Service model, if you have certain data sets that are not very deducible, not very compressible, we absorbed that with our competitors, most of them, if the dataset is not easily deducible, compressible, and they don't see the value, they actually charge you a premium for that. So that is a huge difference. And then the last big difference is our a 100% availability guarantee. We have that on our FlashSystem product line, we're the only one offering 100% availability guarantee. We also against many of the competitors offer a better base nines, as you know, availability characteristics. We offer six nines of availability, which is five minutes and 26 seconds of downtime and a 100% availability of offering. Some of our competitors only offer four nines of availability and if you want five or six, they charge you extra. We give you six nines base in which has only five minutes and change of downtime in a year. So those are the key difference between us and the other as-a-service models out there. >> So, the basic concept I think, is if you commit to more and buy more, you pay less per. I mean, that's the basic philosophy of these things, right? So, if- >> Yes. >> I commit to you X, let's say, I want to just sort of start small and I commit to you to X and great. I'm in now in, maybe I sign up for a multi-year term, I commit this much, whatever, a 100 terabytes or whatever the minimum is. And then I can say, Hey, you know what? This is working for me. The CFO likes it and the IT guys can provision more seamlessly, we got our chargeback or showback model goes, I want to now make a bigger commitment and I can, and I want to sort of, can I break my three-year term and come back and then renegotiate, kind of like reserved instances, maybe bigger and pay less? How do you approach that? >> Well, what you do is we do a couple of things. First of all, you could always add additional capacity, and you just call up. We assign a technical account manager to every account. So in addition to what you get from the regular sales team and what you get from our value business partners, by the way, we did factor in the business partners, Dave, into this, so business partners will have a great pay-as-you-go Storage-as-a-Service solution, that includes partners and their ability to leverage. In fact, several of our partners that do have both MSP and MHP businesses are working right now to leverage our Storage-as-a-Service, and then add on their own value with their own MSP and MHP capability. >> And they can white label that? Is that right or? >> Well, you'd still have Storage-as-a-Service from IBM. They would resell that to theCUBE and then they'd add in their own MHP or MSP. >> Got it. >> That said partners interested in doing a white label, we would certainly entertain that capability. >> Got it. I interrupted you, carry on please. >> Yeah, you can go ahead and add more capacity, not a problem. You also can change the SLA. So theCUBE, one of the leading an industry analyst firms, you bought every analyst firm in the world, and you're using IBM Storage-as-a-Service, pay-as-you-go cloud-like model. So what you do is you call up the technical account manager and say, Eric, we bought all these other companies they're using on-prem storage, we'd like to move to Storage-as-a-Service for all the companies we acquire. We can do that, so that would up your capacity. And then you could say, now we've been at SLA-2, but because we're adding all these new applications of workloads from our acquired companies, we want some of it to be at SLA-1. So we can have some of your workloads on SLA-2, others on SLA-1, you could switch everything to SLA-1, and you just call your technical account manager and they'll make that happen for you or your business partner, obviously, if you bought through the channel. >> I get it, the hard question is what if all those other companies theCUBE acquired are also IBM Storage-as-a-Service customers? Can I, what's that discussion like? Hey, can I consolidate those and get a better deal? >> Yeah, there are all Storage-as-a-Service customers and Dave I love that thought, we would just figure out a way to consolidate the agreement. The agreements are one through five years. What I think also that's very unique is let's say for whatever reason, and we all love finance people. Let's say the IT guys have called the finance and say, we did a one-year contract, we now like to do a three-year contract. The one year is coming up and guess what? Finance's delayed for whatever reason, the PO doesn't go through. So the ITI calls up the technical account manager, we love your service, it's delayed in finance. We will let them stay on their Storage-as-a-Service, even though they don't have a contract. Now, of course they've told us they want to do one, but if they exceed the contract by a quarter or two, because they can't get the finance guys are messing with the IT guys, that's fine. What the key differentiators? Exactly the same price. Several of our competitors will also extend without a contract, but until you do a contract, they charge you a premium, we do not, whatever, if you're an SLA-3, you're SLA-3, we'll extend you and no big deal. And then you do your contract, when the finance guys get their act together and you're ready to go. So that is something we can do and we'll do on a continual basis. >> Last question. Let's go way out. So, we're not doing any time, near-term forecasts, I'm trying to understand how popular you think as-a-service is going to be. I mean, if you think about the end of the decade, let's think industry total, IBM specific, how popular do you think as-a-service models will be? Do you think it will be the majority of the transacted business or it's kind of more of a, just one of many? >> So I think there will be many, some people will still have bare metal on-premises. Some people will still do virtualization on-premises or in a hybrid cloud configuration. What I do think though is Storage-as-a-Service will be over 50% by the end. Remember, we're sitting at 2021. So we're talking now 2029. >> Right. >> So I think Storage-as-a-Service will be over 50%. I think most of that Storage-as-a-Service will be in a hybrid cloud model. I think the days of a 100% cloud, which is the way it started. I think a lot of people realize that a 100% cloud actually is more expensive than a hybrid cloud or fully on-prem. I was at a major university in New York, they are in the healthcare space and I know their CIO from one of my past lives. I was talking to him, they did a full on analysis of all the cloud providers going a 100% cloud. And their analysis showed that a 100% cloud, particularly for highly transactional workloads was 50% more expensive than buying it, paying the maintenance and paying their employees. So we did an all in view. So what I think it's going to be is Storage-as-a-Service will be over 50%. I think most of that Storage-as-a-Service will be in a hybrid cloud configuration with storage on-prem or in a colo, like what our IBM pay-as-you-go service will do and then it will be accessed and available through a hybrid cloud configuration with IBM Cloud, Google, Amazon as or whoever the cloud provider is. So I do think that you're looking at over 50% of the storage being as-a-service, but I do think the bulk of that as-a-service will be as-a-service through someone like IBM or our competitors and then part of it will be from the cloud providers. But I do think you're going to see a mix because right now the expense of going a 100% cloud cloud storage is dramatically understated and when someone does an analysis like that major university in New York did, they had a guy from finance, help them do the analysis and it was 50% more expensive than doing on-premise either on-prem or on-prem as-a-service, both were way cheaper. >> But you own the asset, right? >> Yes. >> As-a-service model. >> We, right, we own the asset. >> And I would bet, >> I would bet that over the lifetime value of the spend and it as-a-service model, just like the cloud, if you do this with IBM or any of your competitors, I would bet that overall you're going to spend more just like you've seen in the cloud, but you get the benefit is the flexibility that you get. >> Yeah, yeah. If you compare it to the, so obviously the number one model would be to buy. That's probably going to be the least expensive. >> Right. >> But it's also the least flexible. Then you also have leasing, more flexibility, but leasing usually is more expensive. Just like when you lease your car, if you add up all the lease payments and then you, at the end, pay that balloon payment to buy, it's cheaper to buy the car up front than it is to lease a car. Same thing with any IT asset, now storage network servers, all are available on leasing, the net is at the bottom line, that's more than buying it upfront. And then Storage-as-a-Service will also be more expensive than buying it, my friend, but ultimate capability, altering SLAs, adding new capacity, being able to handle an app very quickly. We can provision the storage, as you mentioned, the IT guys can easily provision. We provision, the storage in 10 minutes, if you bought from IBM Storage or any competitor you bought and you need more storage, A you got to put a PO through your system and if you're not theCUBE, but you're a giant global Fortune 500, sometimes it takes weeks to get the PO done. Then the PO has to go to the business partner, the business partner has got to give a PO to the distributor and a PO to IBM. So it can take you weeks to actually get the additional storage that you need. With Storage-as-a-Service from IBM with our pay-as-you-go, cloud-like model, all you have to do is provision and you're done. And by the way, we provide a 50% overage for free. So if they end up needing more storage, that 50% is actually sitting on-prem already and if they get to 75% utilization of the total amount of storage, we then call them up, the technical account manager would call them up and their business partner and say, Dave, do you know that you guys are at 75% full? We'd like to come add some additional storage to get you back down to a 50% margin. And by the way, most of our competitors only do a 25% margin. So again, another differentiator for IBM Storage-as-a-Service. >> What about, I said, last question, but I have another question. What about day one? Like how long does it take, if I want to start fresh with as-a-service? >> Get it. >> How long does it take to get up and running? >> Basically you put the PO through, whatever it takes on your side or through your business partner, we then we'll sign the technical account manager, will call you up because you need to tell us, do you want to, in a colo facility that you're working with or do you want to put it on on-prem? And then once we do that, we just schedule a time for your IT guys do the install. So, probably two weeks. >> Yeah. >> It all depends because you've got to call back and say, Eric, we'd like it at our colo partner, our colo partners, ABC, we got to call ABC and then get back to you or on-prem , we're going to have guys in the office, a good day when it's not going to be too busy. Could you come two weeks from Thursday? Which now would be three weeks for sake of argument. But that would be, we interface with the customer, with the technical account manager to do it on your schedule on your time, whether you do it in your own facility or use a colo provider. >> Yeah, but once you tell, once I tell you, once we get through all that stuff, it's two weeks from when that's all agreed. >> Yeah. >> It's like the Xerox copier salesman, (Dave chuckles) Where are you going to put it? Once you decide where you're going to put it, then it's a couple of weeks. It's not a month or two months or yeah. >> Yeah, it's not. And we need additional capacity, remember there's a 50% margin sitting there. So if you need to go into the variable and use it, and when we hit a 75%, we actually track it with our storage insights pro. So we'll call you up and say, Dave, you're at 76%. We'd like to add more storage to give you better margin of extra storage and you would say, great, when can we do it? So, yeah, we're proactive about that to make sure that you stay at that 50% margin. Again, our competitors, all do only have 25% margin. So we're giving you that better margin, a larger margin in case you really have a high capacity demand for that quarter and we proactively will call you up, if we think you need more based on monitoring your storage usage. >> Great. Eric got to go, thank you so much for taking us through that great detail, I really appreciate it. Always good to see you. >> Great, thanks Dave, really appreciate it. >> Alright, thank you for watching this CUBE conversation, this is Dave Vellante and we'll see you next time. (soft music)