>>from the bellagio Hotel >>in Las Vegas. >>It's the >>cube covering >>Ui Path forward. >>Four brought to >>you by Ui Path. >>Welcome back to Las Vegas. The cube is here. We've been here for two days covering Ui Path Forward for lisa martin here with David Monty. We've talked about automation and many industries. Now this segment is going to focus on automation and healthcare. We've got two guests joining us Jim Petrosea Cto of Blue Cross, Blue Shield and Gadget. Dhaliwal. The global C. I. O. Industry lead at you. I pass guys welcome to the program. Thank you. So let's start unpacking from the CTO level and the ceo level the agenda for automation. Jim let's start with you. What does that look like >>for us. It's actually pretty strategic and part of as we think about digital and what digital transformation means, it actually plays a pretty key role. Um There are a lot of processes that can be very manual within a big organization like Blue cross and Blue shield and to be able to streamline that and take away kind of what I would call the mundane work. Right? The the you know, going through a spreadsheet and then typing it into the screen, there are a lot of processes like that that are legacy. But what if you could take that away um and actually create a better work experience for the people that work there right? And and focus on higher value type uh type things and it's really key. And it really It goes down to our our business folks right? There are a lot of things we can drive with automation. We started a program um in 2019. Um that's been quite successful. We now have 250 box, we measure what we call annualized efficiency gains. So how much efficiency are we getting by these bots? So the bots are doing um this repetitive work that people would do. Um And what we're finding is, you know, we've got about $11 million in any wise efficiency gain through the process and we're just getting started. Um But we're all we're not stopping there too though, we're enabling citizen developers. So we're saying, hey business, if you want to automate, you know, parts of your job, we're gonna help you do that. So we've got about 60 people that were training. Um We run bad Ethan's where they come together and they actually create bots uh And it's really really creating some some impact and buzz in our business >>anywhere from your lens, where does automation fit within the C. I. O. S. Agenda? And how do you work together in unison with the C. T. O. To help roll this out across the enterprise? >>Yeah, no, definitely. And in fact as a part of introduction, I can actually share that. How I'm wearing a Ceo had within your path since I'm just joining join path and I'm actually now helping a client ceos in their automation strategy but I was a deputy ceo in my prior role at L. A. County where actually I ran the automation strategy. So if we look at from our organization perspective B complex as L. A County which is such a Federated organization. From a Ceo perspective, the way we look at the strategy is it's always driven by the business goals of the city or a county and we typically drive into three different areas. One is how we can transform our operational processes so that we can save the tax dollars. It's all about doing more with the less dollars. And then second is about how we can transform our residents experience because end of the day it is all about how we can improve the quality of life for our residents. So we've got 10 million people for L. A. County, the largest populous county in us. So it was an uphill task to serve that such a diverse population need and that the third area is about how to transform the new business models because as we are moving away from a government centric approach to the residents centric approach, you really need to come up with a new digital solutions. And Ceo is in the center of all these three elements when you look at it. So it's a very appear to us to keep keep improving your efficiency and then at a time keep adding the new digital solutions and that's where automation strategy is kind of a horizontal strategy which enables all these components. So what I hear from >>that is alignment with the business. Yeah. Right. Change management. Absolutely. That's like really fundamental and then see IOS this this agent of transformation uh you can see or she has a horizontal purview across the organization now now jim the cto role is the automation at blue cross blue shield lead by you or you there to make sure the technology plugs into your enterprise architecture. What's your shoulder? >>You know? Uh my my role is really to drive uh what I'll call technology enabled business change. Right. So I actually uh started our our automation journey uh at hc sc and I did that by partnering with our business. Um There was actually a lot of buzz around automation and there were actually some small pockets of it, none of it was enterprise scale. Um Right. And we really wanted to go big in this and and working with the business sponsors, they saw value in it. Um and we've you know, we've generated um a lot of uh efficiency, better quality of work because of it but but I very closely had a partner with our business, we have a committee that is lead of business folks that I facilitate. So I view my role as an enabler, um we have to communicate the change management pieces is huge. Uh the education just having a common vernacular on what is automation mean, Right, because everybody interpreted it differently um and then being able to do it at an enterprise scale is quite challenging. Um You know, I I really enjoyed um one of the key notes, I don't know if you had a chance to see shankar by Duncan from the hidden brain, right? But he talked a lot about the brain aspect and how do you get people to change? And and that's a large part of it. There's a lot about technology, but there's really a lot about being a change agent um and and really working very closely with your business, >>how does one measure? I'm hearing a lot time saved. Our saved. How does one measure that and quantify the dollar impact, which by the way, I'm on record as saying the soft dollars are way bigger. And but when you're talking to the, you know, the bottom line CFO and it's all about, you know, the cash flow, whatever is, how do you measure that? >>I can take it. So we, what we do is as we define these use cases right? We we go through an actual structure product process where we we gather them. Um we then rate them and we actually prioritize them based on those that are going to have the greatest impact. Um and we can tell based on, you know, what is the manual effort today. So we understand there are X number of people that do this X number of days and we think this body can take that some load off of them. Right? Um So we we go in with the business case. Um And then the Ui Path platform actually allows us to measure well, how much is that pot running? Right. So we can actually sit there and say, well we wanted that thing to run 10 hours a day and it did and it's generated this kind of efficiency because otherwise the human would have had to do that work. >>So the business case is kind of redeploying >>human. It really is is really maximizing human capital and make and and you know really using because the bots do repetitive stuff really well. They don't do higher level thinking and and we don't view it as replacing people, we view it as augmenting and actually making them more efficient and more effective at what, how do you get the dollars out of that? Well, a couple of ways. Right. And so one of the things we've we've done is we we create and measure the efficiency our business users and financed by the way is one of our bigger ones. And the CFO is one of the sponsors of the program, um can decide how to reinvest it in a lot of cases it is actually cost avoidance as we grow, literally being able to grow without adding staff. I mean that's very measurable. Um in some cases it is actually taking, you know cost out um in in certain cases, but a lot of times that's just through attrition, right? You don't back fill positions, you let it happen naturally. Um and and then there's just things that happen to your business that you have to respond to give you a great example, state of texas, um passes what's the equivalent of the no surprise attack. But they did it there before the federal government did it. Um but it requires a lot of processes to be put in place, because now you have providers and payers having to deal with disputes, right? It actually generates a boatload of work. And we thought there might be, you know, 5000 of these in the first year, where there were 21,000 in the first year. And so far this year we're doubling that amount, right. We were able to use automation to respond to that without having to add a bunch of stuff. If we had to add staff for that, it would have literally been, you know, maybe hundreds of people, right? And but now, you know, there's, you can clearly put a value on it and it's millions of dollars a year, that we would have otherwise had to expect. >>The reason I'm harping on this lease is because I've been through a lot of cycles, as you know, and after the dot com boom, the the cost avoidance meant not writing the check to the software company, right? And that's what nick Carr wrote this, i. T matter. And then, and then, you know, post the financial crisis, we've entered uh a decade plus of awareness on the impact of technology. And I wonder if it's, I think this, I think this the cycle is changing I think. And I wonder if you have an opinion here where people, I think organizations are going to look at Technology completely different than they did like in the early 2000s when it was just easy to cut. >>No, I think the other point I will add to it. I agree with the gym. So we typically look at our away but it doesn't always have to be the cost. Right? If you look from the outcomes of the value, there are other measures also right? If you look at the how automation was able to help in the Covid generate. It was never about costs at that time. It was about a human lives. So you always may not be able to quantify it what you look at. Okay. What how are we maximizing the value or what kind of situations where we are and where we may not even have a human power to do that work. And we are running against the time. It could be the compliance needs. I'll give example of our covid use case which was pretty big success uh within L. A. County we deployed bots for the covid contact tracing program. So we were actually interviewing all the people who were testing positive so that we actually can keep track of them and then bring back that data within our HR so that our criminologists actually can look at the trends and see how we are doing as a county as compared to other counties and nationally. And we were in the peak, we were interviewing about 5000 people a day And we had to process that data manually into our nature and we deployed 15 members to do that. And they were doing like about 600 interviews a day. So every day we had a backlog of 2500 interviews. So it is not about a cost saving or a dollar value here because nobody planned for these unplanned events and now we don't have a time and money to find more data entry operators and parts were able to actually clear up all the backlog. So the value which we were able to bring it is way beyond the cost element. >>I I believe that 100% and I've been fighting this battle for a long time and it's easier to fight now because we're in this economic cycle even despite the pandemic, but I think it can be quantified. I honestly believe it can be tied to the income statement or in the case of a public sector, it could be tied to the budget and the mission how that budget supports the mission of the company. But I really believe it. And and I've always said that those soft factors are dwarf the cost savings, but sometimes, you know, sometimes the CFO doesn't listen, you know, because he or she has to cut. I think automation could change that >>for public sector. We look at how we can do more about it. So it's because we don't look at bottom line, it's about the tax dollars, we have limited dollars, but how we can maximize the value which we are giving to residents, it is not about a profit for us. We look at the different lens when it comes to the commercial >>Side, it's similar for us. So as a as a health care pair, because we're a mutual right? Our members and we have 17 million of them are really the folks that own the company and we're very purpose driven. Our our purpose is to do everything in our power to stand by members in sickness and in health. So how do you get the highest quality, cost effective health care for them? So if automation allows you to be more effective and actually keep that cost down, that means you can cover more people and provide higher quality care to our members. So that's really the driver for mission driven, >>I was gonna ask you as a member as one of your 17 million members, what are some of the ways in which automation is benefiting me? >>Um you know, a number of different ways. First off, you know, um it lowers our administrative costs, right? So that means we can actually lower our rights as as we go out and and and work with folks? That's probably the the the the bottom line impact, but we're also automating processes uh to to make it easier for the member. Right? Uh the example I used earlier was the equivalent of no surprises. Right. How do we take the member out of the middle of this dispute between, you know, out of network providers and the payer and just make it go away. Right, and we take care of it. Um but that that creates potentially administrative burden on our side, but we want to keep their costs down and we do it efficiently using it. So there's a number of use cases that we've we've done across, you know, different parts of our business. We automate a lot of our customer service, right? When you call um there's bots in the background that are helping that that agent do their job. And what that means is you're on the show, you're on the phone a lot shorter of a period of time. And that agent can be more concise and more accurate in answering your question. >>So your employee experience is dramatically improved, as is the member experience? >>Yes, they go hand in hand. They do go hand, unhappy members means unhappy employees, 100% >>mentioned scale before, you said you can't scale in this particular, the departmental pockets. Talk about scale a little bit. I'm curious as to how important cloud is to scale. Is it not matter. Can you scale without cloud? What are the other dimensions of scale? >>Well, you know, especially with my CTO had, we're we're pushing very heavily to cloud. We view ourselves as a cloud first. We want to do things in a cloud versus our own data centers, partially because of the scale that it gives us. But because we're healthcare, we have to do it very securely. So. We are very meticulous about guarding our data, how we encrypt information um, not only in our data center but in the cloud and controlling the keys and having all the controls in place. You know, the C. So and I are probably the best friends right now in the company because we have to do it together and you have to take that that security mind set up front. Right cloud first. Put security first with it. Um, so we're moving what we can to the cloud because we think it's just going to give us better scale as we grow and better economics overall, >>Any thoughts on that? I think a similar thoughts but if we look from L. A. county because of the sheer volume itself because the data which we are talking about. We had 40 departments within the county. Each department is serving a different business purpose for the resident beit voting or B justice or being social services and all and the amount of data which we are generating for 10 million residents and the amount of duplicate asi which it comes out because it's a very government centering model. You have a different systems and they may not be talking to each other. The amount of diplomacy and identity delicacy which we are creating and as we are enabling the interoperability between these functions to give us seamless experience keeping security in mind so fully agree on that because the end of the day we have to ensure that customer guarantee but it's a sheer volume that as and when we are adding these data sets and the patient's data as well as the residents data and now we have started adding a machine data because we have deployed so many IOT solutions so the data which is coming from those machines, the logs and all its exponential so that's where the scale comes into picture and how we can ensure that we are future ready for the upscale which we need and that's where cloud ability definitely helps a lot. >>What do you mean by future ready? >>So if you look at from a future smart city or a smart community perspective, imagine when machines are everywhere machines and IOT solutions are deployed, beat even healthcare, your bad information, you're even patient information, everything is interconnected and amount of data which is getting generated in that your automobile they're going to start talking to entertainment or we have to potentially track a single resident might be going same person going to the justice or maybe same person might be having a mental health issues, A same person might be looking for a social services, how we're going to connect those dots and what all systems they are touching. So all that interconnections needs to happen. So that exponential increase of data is a future readiness, which I'm talking about. Are we future ready from a technology perspective? Are we future ready from the other ecosystem perspective and how and how we're gonna manage those situations? Uh, so those are the things which we >>look at it and it's a it's a multiplier to, right? We all have this influx of information and you need to figure out what to do with it. Right. This is where artificial intelligence, machine learning is so important. But you also have interoperability standards that are coming. So now we're we have this massive data that each of our organizations have. But now you have interoperability which is a good thing for the member saying now I need to be able to share that data. Yeah, I wanted to ask you about >>that because a lot of changes in health care, um, are meaningful use. You have to show that to get paid but the standards weren't mature. Right? And so now that's changing what role does automation play in facilitating those standards. >>So, you know, we're big, big supporters of the fire standard that's out there um to in order to be able to support the standards and and create a P. I. S. And and pull together the information. What what will happen sometimes in the background is there's actually um artificial intelligence, machine learning models that create algorithms right? The output of that though often has to be active. Now a person can do something with that information or a vodka. Right? So when you start taking the ideal of artificial intelligence and now you have a robotic process that can use that to pull together the information and assimilated in a way to make it higher quality. But now it's available. It's kind of in the background. You don't see it but it's there helping. >>What are some of the things that you see? I know we're out of time but I just have a couple more questions. Some of the things that you see here we are you I path forward for we're in person. This is a bold company that's growing very quickly. Some of the announcements that were made, what are what are some of your reaction to that? And how do you see it helping move blue crush blue shield forward even >>faster. Well you know a lot of the announcements in terms of some of the features that that they've added around their robotics processing are great right? The fact that they're in the cloud and and some of the capabilities and and and better ability to to support that the process mining is key. Right. In order for abouts to be effective, you have to understand your process and you just don't want to necessarily automate the bad practices. Right? So you want to take a look at those processes to figure out how you can automate things smartly. Um and some of their capabilities around that are very interesting. We're going to explore that quite a bit but but I think they're the ambition here is beyond robotics. Right. It's actually creating um you know, applications that actually are using bots in the background which is very intriguing and has a lot of potential potentially to drive even more digital transformation. This can really affect all of our workers and allow us to take digital solutions out to the market a lot faster >>and to see what was going to ask you, you are here for four weeks at UI Path, you got to meet a lot of your colleagues, which is great. But what about this company attracted you to leave your former role and come over here to the technology vendor side. >>Well, I think I was able to achieve the similar role within L. A. County, able to establish the automation practice and achieve the maturity, able to stand up things and I feel that this is the same practitioner activity which I can actually take it back to the other clients ceos because of one thing which I really like about your hypothesis. RP is just a small component of it. I really want to change that mindset that we have to start looking ui path as an end to end full automation enterprise solution and it is not only the business automation, it's the idea automation and it's a plus combination and whether we are developing a new industry solutions with our partners to help the different industry segments and we actually helping Ceo in the center of it because Ceo is the one who is driving the automation, enabling the business automation and actually managing the automation ceo and the governess. So CEO is in left and center of it and my role is to ensure that I actually help those Ceos to make successful and get that maturity and you will path as a platform is giving that ability of length and breath and that's what is really fascinating me and I'm really looking forward that how that spectrum is changing that we are getting matured in a process mining area and how we are expanding our horizons to look at the whole automation suit, not just the R. P. Product and that's something which I'm really looking forward and seeing that how we're going to continue expanding other magic quadrants and we're actually going to give the seamless experience so the client doesn't have to worry about okay for this, I have to pick this and further, I have to pick something else >>that's seamless experience is absolutely table stakes these days. Guys, we're out of time. But thank you so much for joining. David me, talking about automation and health care. Your recommendations for best practices, how to go about doing that and and the change management piece. That's a critical piece. We appreciate your time. >>Thanks for having. Thank >>you. Our pleasure for day Volonte. I'm lisa martin live in las Vegas. The cubes coverage of you a path forward for continues next. Mhm. Mhm mm.

>> Announcer: Live from Las Vegas, it's theCUBE. Covering VMworld 2017, brought to you by VMware and its ecosystem partners. (techno music) >> Good morning, welcome to day three of VMworld 2017. This is theCUBE's continuing coverage of this big event in Las Vegas. I am Lisa Martin with my co-host, Stu Miniman, and we're very excited to be joined by a couple of gals in tech. We have Phoummala Schmitt, you are the infrastructure lead for Independence Blue Cross, and Theresa Miller, the founder of the 24x7 IT Connection. Welcome. >> Thank you. >> Thank you for having us. >> So, Phoummala, let's start with you. You are a very leading female in the technology and software space. Tell us about yourself. What do you do, what inspires you as a female leader in technology? >> I'm currently in infrastructure lead at Independence Blue Cross. I manage unified communications applications, Exchange, Skype for Business. What excites me is the ability to show young women that you can do anything. When I was younger, I was told that I didn't understand math very well, so I couldn't be in IT, well, look at me here. So, it's inspiring. I feel inspired when little girls tell me, I want to do something technical. >> That's awesome, Theresa, what about you? What's your journey been like? >> My journey started over 20 years ago by accident, while I was studying at the University of Wisconsin-Whitewater. There was an opportunity to study IT. It made sense to me, and I dropped my accounting major just like that as soon as IT came to the forefront. I've been doing technology ever since, and today, now, I have 24x7 IT Connection. We do writing, we do webinars, and we also do IT consulting. >> So, you guys work together with the 24x7 IT Connection. Tell us a little bit more about that. I know that, Phoummala, you mentioned Microsoft, and here we are at VMworld. Tell us about what kind of topics you cover on that 24x7 IT Connection. >> We cover a broad range of topics. I usually cover the Microsoft, Exchange, Skype world. I actually blog for Theresa, but we do a podcast together, the Current Status, and we talk about all sorts of technology, storage, networking, and just the current trends. And we actually do it on video, through YouTube, and we have a glass of wine. We make it so it's like a casual conversation with your friends, you know, you're just chattin' and talkin' tech, like here at the conference. >> Uh-- >> Just to add to that, so, from the blogging and like the approach we use, it really is about what's relevant to us. So, like she said, we're covering end-user computing, it might be Microsoft, it might be Linux. It just depends. We have several female writers and one male, and it's really about what's relevant, what's going on in their world, because then you know it's going on in someone else's. >> Yeah, Phoummala, you've been in the center of a really interesting transition we've been seeing in the marketplace. You know, I think about my career in tech, you know, deploying servers for email, and that whole push. Microsoft, huge push to get everybody onto Office 365. >> Phoummala: Yes. >> You know, where that lives, we talk about, you know, software's eating the world. You know, so, give us that journey of applications for you. How's that change your role, some of the dynamics? Sounds like you might need a glass of wine after talking through some of these topics, yeah. >> Yeah, I actually started in the server world, server and infrastructure. I was racking and stacking servers, deploying VMs, and then, at the same time, I was also managing Exchange, but as my career progressed, I kind of left that storage and server background and decided, you know what, applications. I wanted to focus a little bit more and really embrace the application world. Since I had that server background, that was my job, it just seems I could actually deploy these applications a lot better, because I understand the underlying foundations behind it, Exchange, and the cloud, so, right now, you know the push is to be in the cloud. Where I work, and a lot of organizations like ourselves, we don't go to the cloud yet. We're just not there. So, there is a very strong push. Eventually, I suspect we'll all be in the cloud. I mean, that's just, it's not if, it's when. >> Yeah, so, but I want to dig down just a tiny bit more, because, you know, most people in the VMware community know Microsoft pretty well. The relationship with Microsoft and their applications with virtualization, and now with cloud, is a really interest dynamic, so you've gone against some of what Microsoft said in the past, kind of do what's best for your organization, why don't you explain some of that to our audience, yeah. >> Yeah, so, Exchange. The preferred architecture for Exchange is, or Exchange 2016, 2013, is to be physical servers, with DAS, direct-attached storage, which is, you know, not what most people are. I mean, it's a virtualized world now. I don't know any company that isn't virtualized. So, I've taken the approach, what is the best situation or deployment for your organization. Yes, there is the preferred architecture, but it's not, I don't look at it as the Holy Grail, or the Bible. I look at what is best for the organization. What are your requirements? So, if the requirement is to reduce data center cost, reduce some rack space, and you can't go to the cloud yet, due to other requirements, let's look at alternative solutions that still follow some of the guidance. So, you know, yes, I break away from it, but it's what's best for your business, because not everybody can deploy physical. >> Yeah, Theresa, I have to imagine you cover a lot of this. You know, what's really happening with customers versus, you know, no offense to our friends on the vendor side, but, you know, they always think its what's right, as opposed to the person doing it, knows what is right for their environment. That's one of the challenges of IT, right? There is no one way to do things, so. >> Every organization is going to take a different path and journey, and that might be to the cloud, that might not be yet. That might be a combination, that could be hybrid IT, I think is another term that we keep hearing where, maybe I have some applications in the cloud, and some that will always remain on prem, but it has to match the culture and the fit of the business, or you won't be successful with any IT project. >> So, ladies, we're at VMworld 2017, given both of your thoughts in terms of, we need to do what's best for the business, Phoummala, let me start with you. What are some of the things that you're hearing, are you hearing other peers of yours echo the same feelings and sentiments? >> Yes, when we're out in the field, you know, I'm talkin' to people, and it's, yeah, it's we're not there yet, we want to go there, yeah, but we can't do it, we don't have the infrastructure, we don't have the resources. And oftentimes, you know, our vendors, they, they forget that budgets, there's constraints, you know, resourcing. So, you know, my word to them is be patient with us. We want to go there, we like your products, but there's so many other factors in play, especially when you work for a large enterprise. You know, there's politics, and large enterprises just take time to do things, especially certain industries, healthcare, financial sectors. You have certain regulations that you have to follow, and in order to get to the cloud, or whatever, you know, the latest trend is, we may have to modify certain policies that are in place and then there's a downward effect, because let's say we want to go to the cloud, then you have to go to, you know, your security department. What regulations or what retention policies do you have to change? And that may, you know, that may take time. So, it's not like it's going to' happen today. >> Theresa, same question, but I guess, maybe, no, maybe a different question. In terms of your podcast, have you heard anything here that's inspired the next conversation that you guys want to have with your glass of wine? >> So, I really think, it's probably going to revolve around cloud again, and in terms of, the other thing I keep seeing is analytics. Everybody's talking about analytics. >> Lisa: Yes. >> And I think that's a really interesting conversation, 'cause it means so many different things. The depth, what are you going to analyze? How do you manage that data? So I could see it being a combination of those topics, and even maybe separate. >> Yeah, yeah, Phoummala, you and I were talking before the interview. Think about this community here. It used to be, you know, it was like hypervisor, virtualizing, we were all in this journey to virtualize. Now, it's a little bit fragmented because there's so many different areas. Analytics, absolutely huge people. Security, lots of people going there. This whole cloud discussion, on all the different apps. What are you seeing in the community? What are the topic areas? Is that, you know, is that a challenge to the community? VMware, the VMworld community was a pretty tight-knit community, and now it feels, you know, while there's great connections and great people, it's broken into a few different pieces. What's your reaction to that? >> I mean, I do feel there's sort of a, not a disconnect, but there's so many different aspects, and I think that's just the evolution of IT. We've evolved to the point where it's beyond IT, it's beyond the technical approaches. It is, um, it's almost like it's, IT's just another business department. We're a business. We provide services to the other business units, and it's just that evolution of, we're service providers, all of us. Whether we are in the data center, or we are an apps develop, we are providing a service to somebody, and we have customers. >> Do you find that that's an advantage? We were talking to some guests earlier this week that, I think it was an analyst from ESG that was saying, you know, you can show that certain problems with storage, certain costs, aren't IT's problem, it's a business problem. Is that an advantage what you just kind of talked about, Phoummala, in terms of getting eyes and ears of the business to provide, okay, this is a business challenge, we need to provide the right expertise, the right funding, to support these services that are needed? >> I definitely think so. I mean, just from my own experience. Understanding what the business wants and needs is huge. And then just puttin' yourself in their shoes. What do they need, what can we do to make their jobs better? So that person, you know, clicking the button of submitting our payroll, or, you know, putting a purchase order in, what can we do to make that better? So, you know, it's one of the things I always do when I'm looking at projects. What value is this going to bring for our business? And, I think, that's just the way IT has evolved to. We're not the programmers in the basement anymore, you know, with the lights turned off and just coding away. We're all business analysts now. Because, at the end of the day, it's our paycheck, too. So, these products that we're hearing about, at the end of the day, it affects us, it affects our business, and the bottom line. >> And what is the website of 24x7 IT Connection that people can see and hear the value that you bring to the community? >> It's 24x7, so that's the 24 by 7, and then itconnection.com. And so, like I said, we share a lot of really great stuff. We have something new every week, so it's definitely worth checking out. >> Well, ladies, thank you so much for joining Stu and myself this morning and sharing your journeys into IT, as well as your insights, what you've learned from the show, what excites you, and where people can go to find more information about the expertise that you bring to the community. We want to thank you for watching again. We are theCUBE live from day three of VMworld 2017. I am Lisa Martin, for my esteemed co-host, Stu Miniman, thanks for watching. We'll be right back. (techno music)

>>Welcome to this IBM Watson health client conversation here. We're probing the dynamics of the relationship between IBM and its clients. And we're looking back, we're exploring the present situation and discussing the future state of healthcare. My name is Dave Volante from the cube and with me are Alex Dillard. Who's a senior director data analysis at blue choice, blue choice health plan, and Darryl decode, who is IBM with IBM Watson health. Of course. Welcome gentlemen. Good to see you. Thanks for coming on. >>Hey, >>So, you know, you think about lasting relationships. They're the foundation to any partnership and this past year, and it's tested all of us. We've had to rely on both personal and professional relationships to get us through the pandemic. So Alex, let me start with you. How has the partnership with IBM supported you in 2020? >>Well, uh, I've just a piece of a larger puzzle. Uh, the relationship that Darrell and I have had is confined to IBM Watson health, but blue cross blue shield, South Carolina, which food choice is a wholly owned subsidiary of has had a standing relationship with IBM on the it side. Uh, we are a mainframe shop, uh, about 70% of our it infrastructure is on a mainframe. And, uh, that puts us as a segment one client for IBM, we're in the top 300 of all of their clients in the Americans. And more specifically we're the fourth largest, um, uh, Linux on Z shop in the world. So, uh, we've got a lot of diversification at blue cross blue shield of South Carolina and the mainframe and the vastness of that. It infrastructure reflects that, uh, diversification. We are more than just a crossing the shield. Uh, that's typically what people think of is insurance when they think of crossing shield, but we also have a division that does a lot of subcontract work for government programs, uh, track air, which is the military healthcare, uh, claims processing and Medicare claims processing. >>We were a subcontractor of other folks that use our back office, it infrastructure to, to run their claims through. So that's, that's the larger, um, aspect of our relationship that, that blue cross blue shield of South Carolina house with IBM, uh, as it relates to Watson health, we have been a client since 1994 and obviously that predates the IBM proper. Uh, we were a client of med stat and then Truven, who then, uh, was bought by IBM. So we have used the products from Watson health throughout our system to support provider profiling, uh, count group reporting, um, and ad hoc analysis and to some extent to, uh, support our value-based products with, uh, ACO and PCMH, >>Uh, products. >>Awesome. Thank you for that. So Daryl is very long-term relationship. Obviously, if people forget sometimes that, uh, how IBM has modernized the Z Alex talked about, uh, Linux on the mainframe. That's pretty cool. I wonder if you could talk about specifically the things that, that you've done with Alex in his, in his, in his team, you know, thinking back last year, what were your accomplishments that you really stand out? >>Yeah, so, so one thing that jumps to mind is, uh, given the long standing relationship, I relied heavily on Alex to help us work through a multi-year renewal. And it was, it was a, um, a good adventure for us. We, we were able to laugh along the way. We certainly had some, some phone calls that, that were a little bit challenging, but the great thing about it was that the relationship that Alex and I had, he really views it as a partnership. And that was just so encouraging and uplifting. So to me, from my perspective, that was absolutely, uh, one of the highlights of my year and working through even through the pandemic and all that, we figured it out. >>So you guys, when you get together, go ahead, please. >>That's what I had as well. Um, you know, the, the unique thing about the Watson health contract is because it involves data. Uh, we take the stance that it's an it contract, so I'm on the business side. So I've got to just, as Daryl has to navigate it with me, we've got to navigate a large of your it bureaucracy. Um, and, uh, it, it was challenging. Um, you know, the business people kind of smooth the tracks and then you get the lawyers involved in, it just goes haywire. So, um, we were able to navigate that. Um, uh, so yeah, so it was a big accomplishment. So Alex, it's not real sexy to talk about, but we got it done >>Well. So Alex you're, you're in sales, so you're, you're used to role playing. So imagine you're, you're, you're sitting down, uh, sorry, Darryl. You're used to, role-playing out. Imagine you're sitting down with Alex and you're thinking about 20, 21 planning, so, you know, take it away. W what do you, what would you ask, what would you talk about or share with us? >>Yeah, yeah, absolutely. So, so I, I know that, you know, one of the key objectives is, uh, continued to ingest, engage with your members and you have key business strategies. I know you recently migrated over to a new PBM, and so there, there's some complexities that come with that. Um, but just, you know, Alex, if you don't mind, why don't you share a little bit about kind of your, your perspective on what 2020 would hold for you in your organization? Well, I think that due to the pandemic, we are, I personally kick the, can down the road on a couple of things, particularly >>Having a strategic roadmap discussion, um, you know, uh, I was going to get into this later, but I enjoy doing things face-to-face rather than, uh, over the phone or, or virtually. And so, uh, I guess I was a little too optimistic about maybe being able to get together late 2020 to have that strategic roadmap discussion. Um, I think, uh, given what has developed with, um, the pandemic and vaccines and stuff, I may, I may be able to get everybody on the same page later this year, hopefully. Uh, but certainly we want to have a strategic roadmap discussion. Um, we license, uh, Watson Hills, uh, cat group insights, uh, tool, which we use for employer group reporting. And we are currently in the beginning stages of rolling that out to our external clients, whether it's agents, brokers, um, those types of folks. And then it vanished we as our core product that we use for analysis, and that product is transitioning to what is called health insights. And so from an analytical standpoint, my staff and the staff of our cluster areas will need to sort of move to health insights since that's where it's going, uh, from an analytic standpoint. So we're going to work on that as well. Um, and then some more detailed things around database rebuilds and stuff like that. Those are all sort of on the roadmap for 2021. >>Yeah. So, you know, you talk about strategic planning and you think about the way planning used to be. I mean, sometimes you take a longer term horizon, maybe that's five years, you know, technology cycles, you know, even though they go very fast, but you see major technology shifts, they're like go through these seven year cycles, you see that in financial world. And then with the, with the pandemic, we're talking about seven day cycles, you know, how do I support people work from home? Do I open the store or not? You know, it's a day-to-day type of thing. So I wonder if you could each talk about personally and professionally w how, how is 2020, you know, changed you and maybe position you for, for what's ahead, maybe Alex, you could start, >>Well, you know, I'm an analyst, so I always fall back to the numbers. What are the numbers show us, um, you know, people can have four perceptions, but, uh, the numbers give us a reality. So the reality is that a year ago, pre pandemic, uh, just 13% of blue cross blue shield employees were working from home a hundred percent, uh fast-forward to today. And that number is now 87%. So think about, uh, just the lift from a it infrastructure to support that we almost, all of those people are using Citrix to get in to our network. Uh, we're using a remote desktop. So you've got this pipeline that probably had to go from, you know, this small, to huge, to get all this bandwidth, all this data and everything. So you've got that huge lift. Um, and then it affects different areas, um, differently. Uh, I don't have any first-line staff, any staff that are member facing, so I didn't really have to navigate, you know, how do these people talk to our member? >>How does staff talk to our members on the phone when they're at home, as opposed to in the office, and, you know, is there background noise, things like that. So I've got analysts, uh, they're just crunching numbers. Um, but my, my, my personal, uh, feeling was I like doing managing by walking around, you know, stopping and talking to other, working on. So that went away and I like face-to-face meetings, as I've mentioned, and that went away. So it was really a culture change for me personally, it was a culture change for our organization. Uh, and, and now we're having conversations with executive management that, you know, if you've got staff who have been doing a good job and they remain productive, you know, give me a reason they got to come back in, which is just, as you told me that I'm going to be the case a year ago, I would have been, you know, flabbergasted, but that's where we are right now. >>And so on a personal standpoint, you know, I went home for a little while and then came back. And so my wife also works for blue cross blue shield of South Carolina. Um, so, you know, she set up in the dining room working, uh, I have my own book in our living room working, and then we've got a great side, you know, the school is not in session, you know, in person. So he's doing virtual learning. So combine all those things, and you've got all kinds of crazy things that could happen. Uh, and then you've got staff who are in the same situation. Um, so it was a lot to handle. And the longer it goes on the novelty of working from home wears off, and you kind of realize, you know, I can't go do this. I can't go out to eat. I can't do all types of things that I used to do. And so that affects your mental health. So as, as a leader, um, of my small area, and then our executives really had to become more, uh, uh, in, in people's faces. So we've got, we've done a lot more video, uh, messages, a lot more emails. Um, I have been tasked with being very deliberate about checking on how everything is going at their house. Are they getting what they need? Um, you know, how are they feeling? Are they getting up and exercising, all those things that you took for granted, uh, beforehand. >>Yeah. So Daryl, anything you'd add to that in terms of specifically in terms of how you might, how you might change the way in which you interact with your clients generally, uh, an Alex specifically, Alex likes, face to face, you know, we can't wait. All right. >>Yeah, yeah. It's funny. We never quite got to do it Alex, but we were talking about doing a virtual happy hour at one point too, to just celebrate the success. Um, but for me, you know, typically I would travel and visit Alex face-to-face on maybe a monthly basis. And so it it's been really hard for me. I didn't realize how, how much I enjoyed that in-person interaction. And so that, that was something that I I've been, you know, working through and finding ways to, to still interact with people. And I'm certainly making, making the best of, of the video phone calls and, you know, that sort of thing. So, uh, just work working to maintain those relationships. >>I wonder if I could ask you when, when, when this thing, when we're through the pandemic, what do you expect the work from home percentage? I think I heard 13% prior to the pandemic, 87% today. What do you think is going to be post pandemic? >>That is a good question. Um, it, it may go back to maybe 60% at home. I think, I think there will be a simple majority, uh, working from home. Um, that's, that's from our planning, uh, space planning standpoint. That's, that's what we are, uh, what we're expecting, um, if, if production stays, um, at acceptable levels, um, >>Do you feel like productivity was negatively impacted positive? It will be impacted or it's kind of weird. >>Yeah. All the metrics that we track show that it was, it was sustained and in some areas even better. Uh, and if you really think about, um, sort of your typical day when you work from home, I found, uh, that I was logged on an hour earlier. That's probably what's happening with other staff as well is they're, they're motivated to get up and, and get online, uh, earlier. >>Yeah. Mostly tech leaders that I talk to share that sentiment, that the productivity is actually improved. So Darryl, I presume you see the same thing in your observation space. Yeah. >>Yeah. I, I do. And, and I have other clients too, and, and, and they are definitely looking at ways to continue to work remotely. I know that for a lot of people who are in the office all the time, uh, having a little bit more flexibility when you work from home can be a good thing. And, and like you said, you, you have to make sure that the productivity is still there and the productivity is up. Um, but I, I could see that the trend continuing absolutely >>I'd love for you to, to look at Darryl and say, and tell him what the kinds of things that IBM can do to help you both today, immediately 20, 21, and in the future and a Darryl, how, how your, how you'll respond. >>Well, I'll tell you that. Um, so in 2020, what, what changed most dramatically for us as a health plan? Uh, and, and I, it echoes what we see across the country is the gigantic shift in telehealth. Um, you know, if, if, again, if you look at the numbers, uh, our telehealth visits per thousand, so that's the number of visits per thousand members in a given month, went up 1472%. And so, you know, the common response to that is, well, you know, your visits overall probably, you know, were flat because, uh, you know, they just weren't happening in that. And that's not necessarily true for us. So if you look at visits overall, they written down four and a half percent. Um, so there was a shift, but it, it was not a big enough shift to account for, uh, visits overall sustaining the level that they were pre pandemic. >>Um, so as we look into 2021, uh, we will be investigating how we can maintain, uh, the, uh, the accessibility of our healthcare providers via telehealth. Um, you know, one of the projects that we started in 2020, uh, was based upon the choosing wisely campaign. So if you're not familiar with choosing wisely, it's a very well thought out process. It involves many, many provider specialties and its sole target is to reduce low value care. Uh, so we took it upon ourselves to Institute sort of a mirror of that plan or that program at, at blue cross here in South Carolina. And so as we moved to 2021, obviously those low value services just because of the pandemic were reduced, uh, and some of the high-value care was reduced as well. And so what we are going to try to do is bring back habit, bring back that high value care, but not bring back that low value care and so low value care or things like vitamin D testing. Uh, it can be other things like, um, uh, CT for head headaches, um, imaging for low abdominal pain, things like that. So, uh, we want to focus on low, uh, eliminating what value care, bringing back high value care, >>Okay, Dale, you're up? How are you going to help Alex achieve that? So, so good news is, is that we've got the analytic warehouse and the database where all of the data is captured. And so we we've got the treasure trove of information and data. And so what we'll do is we'll come alongside Alex and his team will do the analytics, we'll provide the analytic methods measures, and we'll also help him uncover where perhaps those individuals may be, who had postponed care, um, because of the pandemic. And so we can put together strategies to help make sure that they get the care that they need. Uh, I also a hundred percent agree that tele-health hopefully is something that will continue because I do think that that is a good way and efficient way to get care for people. Um, and, you know, as a, as, as a way to, to address some of their needs and, and in, in a safe way too. >>So, um, I, I look forward to working with Alec and his team over this coming year. I think there is, uh, knowing Alex and, and the partnership and his readiness to be a client reference for us. You know, those are all great, um, recognition of how he partners with us. And we really value and appreciate, uh, the relationship that we have with blue cross blue shield, South Carolina and, and blue choice. Excellent. Daryl's right. The, the, the database we use already has some of that low value care measures baked into it. And so throughout 2020, I've worked with our analytic consulting team. Uh, it's under Daryl too, to talk about what's on the product product roadmap for adding to the cadre of live low value care measures inside advantage suite. Uh, so that's something that we'll actively be, um, uh, discussing because certainly, you know, we're, we're obviously not the only client only health plan clients. So there may be other plans that have priorities that very different made very differently than ours. Uh, so we want to give them what we're studying, what we're interested in, so they can just add it in to all their other client feedback, uh, for advantage suites, roadmap. Excellent. >>Look, my last question, Alex is how would you grade IBM, if you had to take a bundle of sort of attributes, you know, uh, delivery, uh, value for service relationship, uh, et cetera, how would you grade the job that IBM is doing? >>I, the thing that I enjoy most about working with IBM and Darryl specifically, is that they're always challenging us to look at different things. Um, things that sometimes we hadn't considered, because obviously it may be an issue for another health plan client or an employer client that they've got. Uh, they tell us, this is what we're seeing. You know, you should look at it. Uh, a lot of times they do some of the foundational work in producing a report to show us what they're seeing in our data that is similar to what is in some of their other clients data. So that's refreshing to be, uh, challenged by IBM to look at things that we may not be, uh, looking at, uh, or maybe missing, because we've got our eye on the ball on something else you >>Care to put a letter grade on that. >>Oh, definitely. Definitely. Thank you. >>Well, Darryl, congratulations, that says a lot and, uh, we have to leave it there and one at a time, but, but Daryl, anything that I didn't ask Alex, that you, you wanted me to, >>So, um, Alex re able to keep your tennis game up during the pandemic? Uh, I, yes, I tried as, as often as my wife would let me good. I would play every time I was asked, but, uh, yeah, so I, I did have to temper it a little bit, although when you spend all day with her and, and my son, you know, she may be a little more, uh, lenient on letting me leave the house. Well, maybe she's >>Yeah. The tribute to the late great comedian Mitch Hedberg, who says, uh, you know, when I, I played tennis, I played against the wall walls. Really good, hard to beat if it's pandemic appropriate. >>Oh, that's good. That's a true statement. And there was a lot of that going on, a lot of that play and playing against the wall. >>Hey, thanks so much, stay safe and really appreciate the time. Thank you. >>Thank you. Thank you. You're >>Really welcome. It was a great conversation and thank you for watching and spending some time with client conversations with IBM Watson health.

>> Go on my lead. >> Dan: All right, very good. >> Five, four. Hello, everyone, and welcome back to the special presentation from theCUBE, where we're exploring the future of cloud and its business impact in the coming decade, kind of where we've come from and where we're going. My name is Dave Vellante, and with me is a CIO/CTO/COO, and longtime colleague, Dan Sheehan. Hello, Dan, how're you doing? >> Hey, Dave, how are you doing? Thank you for having me. >> Yeah, you're very welcome. So folks, Dan has been in the technology industry for a number of years. He's overseen, you know, large-multi, tens of millions of dollar ERP application development efforts, He was a CIO of a marketing, you know, direct mail company. Dan, we met at ADVO, it seems like such a (snickers) long time ago. >> Yeah, that was a long time ago, back in Connecticut. Back in the early 2000s. >> Yeah, ancient days. But pretty serious data for back then, you know, the early 2000s, and then you did a six-year stint as a EVP and CIO at Dunkin' Brands. I remember I came out to see you when I was starting Wikibon and trying to understand. >> Oh yeah. >> You know, what the CIOs cared about. You were so helpful and thanks for that. And that was a big deal. I mean, Dunkin', 17,000 points of distribution. I mean, that was sort of a complicated situation, right? >> Oh yeah. >> So, great experience. >> I mean, when you get involved with franchisees and trying to make everybody happy, yes, that was a lot of fun. >> And then you had a number of other roles, one was as COO at Modell's, and then to fast-forward, Beacon Health. You were EVP and CIO there. And you also, it looked like you had a kind of a business and operational role. You helped the company get acquired by Anthem Blue Cross. So awesome, congrats on that. That must've been a great experience. >> It was. A year of my life, yes. (both laugh) >> You're still standing. So anyway, you can see Dan, he's like this multi-tool star, he's seen a lot of changes in the technology business. So Dan, again, welcome back. Dan Sheehan. >> Oh, thank you. >> So when you started in your career, you know, there was no cloud, right? I mean, you had to do everything. It's funny, I remember I was... You probably know Bill Rucci, CIO of Hartford Steam Boiler. I remember we were talking one day, and this again was pre-cloud and he said, you know, I'm thinking, do I really need to manage my own email? I mean, back then, we did everything. So you had to provision infrastructure so you could write apps, and that was important. That frustrated CFOs, but it was a necessary piece of the value chain. So how have you seen that sort of IT value contribution shift over the years? Let's start there. >> Ah, well, I think it comes down to demand versus capacity. If you look at where companies want to go, they want to do a lot with technology. Technology has taken on a larger role. It's no longer and has not been a, so to speak, cost center. So I think the demand for making change and driving a company forward or reducing costs, there are other executives, peers to the CIO, to the CTO that are looking to do more, and when it comes to doing more, that means more demand, and you step back and you look at what the CIO has for capacity. Looking at Quick Solution's data, solutions in the cloud is appealing, and there are, you know, times where other functions talk to a vendor and see that they can get a vertical solution done pretty quickly. They go off and take that on, or it could be, you know, a ServiceNow capability that you want to implement across the company, and you do that just like an ERP type of roll up. But the bottom line is there are solutions out there that have pushed, I would say the IT organization to look at their capacity versus demand, and sometimes you can get things done quicker with a cloud type of solution. >> So how did you look at that shadow IT as a CIO? Was it something that kind of ticked you off or like you're sort of implying that it made you better? >> Well, I think it does ultimately make you better, but I think you have to partner with the functions because if you don't, you get these types of scenarios, and I've been involved in these just as well. You are busy with, you know, fulfilling your objectives as the leader of IT, and then you get a knock on the door from, let's say marketing or operations, and they say, hey, we just purchased this X solution and we want to integrate it with A, B and C. Well, that was not on the budget or on the IT roadmap or the IT strategy that was linked to the IT, I'm sorry, to the business strategy, and all of a sudden now you have more demand versus the capacity, and then you have to go start reprioritizing. So it's more of, yeah, kind of disrupted, but at the same time, it pushed, you know, the needle of the company forward. But it's all about just working together to make it happen. And that's a lot of, you know, hard conversations when you have to start reprioritizing capacity. >> Well, so let's talk about that alignment. I mean, there's always been a sort of a schism between IT and its ability to deliver, manage demand, and the business will always want you to go faster. They want IT to develop the systems, you know, of course, for less and then they want you to eat the cost of maintaining them, so (chuckles) there's been that tension. But in many ways, that CIO's job is alignment. I mean, it seems to me anyway that schism has certainly narrowed and the cloud's been been part of that, but what do you see as that trajectory over the years and where do you see it going? >> Well, I think it's going to continue to move forward, and depending upon the service, you know, companies are going to take advantage of those services. So yes, some of the non-mission critical capabilities that you would want to move out to the cloud or have somebody else do it, so to speak, that's going to continue to happen because they should be able to do it a lot cheaper than you can, just like use you mentioned a few moments ago about email. I did not want to maintain, you know, exchange service and keeping that all up and running. I moved quickly to Microsoft 365 and that's been a world of difference, but that's just one example. But when you have mission critical apps, you're going to have to make a decision if you want to continue to house them in-house or push them out to an AWS and house them there. So maybe you don't need a large data center and you can utilize some of the best and brightest around security, around managing size of the infrastructure and getting some of their engineering help, which can help. So it just depends upon the application, so to speak, or a function that you're trying to support. And you got to really look at your enterprise architecture and see where that makes sense. So you got to have a hybrid. I see and I have, you know, managed towards a hybrid way of looking at your architecture. >> Okay, so obviously the cloud played a role in that change, and of course, you were in healthcare too so you had to be somewhat careful, >> Yep. >> With the cloud. But you mentioned this hybrid architecture. I mean, from a technologist standpoint and a business standpoint, what do you want out of, you know, you hear a hybrid, multi, all the buzz words. What are you looking for then? Is it a consistent experience? Is it a consistent security? Or is it sort of more horses for courses, where you're trying to run a workload in the right place? What's your philosophy on that? >> Well, I mean, all those things matter, but you're looking at obviously, cost, you're looking at engagement. How does these services engage? Whether it's internal employees or external clients who you're servicing, and you want to get to a cost structure that makes sense in terms of managing those services as well as those mission critical apps. So it comes down to looking at the dollars and cents, as well as what type of services you can provide. In many cases, if you can provide a cheaper and increase the overall services, you're going to go down that path. And just like we did with ServiceNow, I did that at Beacon and also at DentaQuest two healthcare companies. We were able to, you know, remove duplicated, so to speak, ticketing systems and move to one and allow a better experience for the internal employee. They can do self-service, they can look at metrics, they can see status, real-time status on where their request was. So that made a bigger difference. So you engaged the employee differently, better, and then you also reduce your costs. >> Well, how about the economics? I mean, your experience that cloud is cheaper. You hear a lot of the, you know, a lot of the legacy players are saying, oh, no cloud's super expensive. Wait till you get that Amazon bill. (laughs) What's the truth? >> Well, I think there's still a lot of maturing that needs to go on, because unfortunately, depending upon the company, so let's use a couple of examples. So let's look at a startup. You look at a startup, they're probably going to look at all their services being in the cloud and being delivered through a SaaS model, and that's going to be an expense, that's going to be most likely a per user expense per month or per year, however, they structure the contract. And right out of the gate, that's going to be a top line expense that has to be managed going forward. Now you look at companies that have been around for a while, and two of the last companies I worked with, had a lot of technical debt, had on-prem applications. And when you started to look at how to move forward, you know, you had CFOs that were used to going to buy software, capitalize in that software over, you know, five years, sometimes three years, and using that investment to be capitalized, and that would sit below the line, so to speak. Now, don't get me wrong, you still have to pay for it, it's just a matter of where it sits. And when you're running a company and you're looking at the financials, not having that cost on your operational expenses, so to speak, if you're not looking at the depreciation through those numbers, that was advantageous to a CFO many years ago. Now you come to them and say, hey, we're going to move forward with a new HR system, and it's all increasing the expense because there's nothing else to capitalize. Those are different conversations, and all of a sudden your expenses have increased, and yes, you have to make sure that the businesses behind you, with respects to an ROI and supporting it. >> Yeah, so as long as the value is there, and that's a part of the alignment. I want to ask you about cloud pricing strategies because you mentioned ServiceNow, you know, Salesforce is in there, Workday. If you look at the way these guys price, it's really not true cloud pricing in a way, cause they're going to have you sign up for an annual license, you know, a lot of times you got pay up front, or if you want a discount, you're going to have to sign up for two years or three years. But now you see guys like Snowflake coming in, you know, big high-profile IPO. They actually charge you on a consumption-based model. What are your thoughts on that? Do you see that as sort of a trend in the coming decade? >> No, I absolutely think it's going to be on a trend, because consumption means more transactions and more transactions means more computing, and they're going to look at charging it just like any other utility charges. So yes, I see that trend continuing. Did a big deal with UltiPro HR, and yeah, that was all based upon user head count, but they were talking about looking at their payroll and changing their costing on payroll down the road. With their merger, or they went from being a public company to a private company, and now looking to merge with Kronos. I can see where time and attendance and payroll will stop being looked at as a transaction, right? It's a weekly or bi-weekly or monthly, however the company pays, and yes, there is dollars to be made there. >> Well, so let me ask you as a CIO and a business, you know, COO. One of the challenges that you hear with the cloud is okay, if I get my Amazon bill, it's something that Snowflake has talked about, where you know, to me, it's the ideal model, but on the other hand, the transparency is not necessarily there. You don't know what it's going to be at the end of (mumbles) Would you rather have more certainty as to what that bill's going to look like? Or would you rather have it aligned with consumption and the value to the business? >> Well, you know, that's a great question, because yes, I mean, budgets are usually built upon a number that's fixed. Now, no, don't get me wrong. I mean, when I look at the wide area network, the cost for internet services, yes, sometimes we need to increase and that means an increase in the overall cost, but that consumption, that transactional, that's going to be a different way of having to go ahead and budget. You have to budget now for the maximum transactions you anticipate with a growth of a company, and then you need to take a look at that you know, if you're budgeting. I know we were on a calendar fiscal year, so we started up budgeting process in August and we finalized at sometime in the end of October, November for the proceeding year, and if that's the case, you need to get a little bit better on what your consumptions are going to be, because especially if you're a public company, going out on the street with some numbers, those numbers could vary based upon a high transaction volume and the cost, and maybe you're not getting the results on the top end, on the revenue side. So I think, yeah, it's going to be an interesting dilemma as we move forward. >> Yeah. So, I mean, it comes back to alignment, doesn't it? I mean, I know in our small example, you know, we're doing now, we were used to be physical events with theCUBE, now it's all virtual events and our Amazon bill is going through the roof because we're supporting all these users on these virtual events, and our CFO's like, well, look at this Amazon bill, and you say, yeah, but look at the revenue, it's supporting. And so to your point, if the revenue is there, if the ROI is there, then it makes sense. You can kind of live with it because you're growing with it, but if not, then you really got to question it. >> Yeah. So you got to need to partner with your financial folks and come up with better modeling around some of these transactional services and build that into your modeling for your budget and for your, you know, your top line and your expenses. >> So what do you think of some of these SaaS companies? I mean, you've had a lot of experience. They're really coming at it from largely an application perspective, although you've managed a lot of infrastructure too. But we've talked about ServiceNow. They've kind of mopped up in the ITSM. I mean, there's nobody left. I mean, ServiceNow has sort of taken over the whole (mumbles) You know, Salesforce, >> Yeah. >> I guess, sort of similarly, sort of dominating the CRM space. You hear a lot of complaints now about, you know, ServiceNow pricing. There is somebody the other day called them the Oracle of ITSM. Do you see that potentially getting disrupted by maybe some cloud native developers who are developing tools on top? You see in, like, for instance, Datadog going after Splunk and LogRhythm. And there seem to be examples popping up. Well, what's your take on all this? >> No, absolutely. I think cause, you know, when we were talking about back when I first met you, when I was at the ADVO, I mean, Oracle was on it's, you know, rise with their suite of capabilities, and then before you know it, other companies were popping up and took over, whether it was Firstbeat, PeopleSoft, Workday, and then other companies that just came into play, cause it's going to happen because people are going to get, you know, frustrated. And yes, I did get a little frustrated with ServiceNow when I was looking at a couple of new modules because the pricing was a little bit higher than it was when I first started out. So yes, when you're good and you're able to provide the right services, they're going to start pricing it that way. But yes, I think you're going to get smaller players, and then those smaller players will start grabbing up, so to speak, market share and get into it. I mean, look at Salesforce. I mean, there are some pretty good CRMs. I mean, even, ServiceNow is getting into the CRM space big time, as well as a company like Sugar and a few others that will continue to push Salesforce to look at their pricing as well as their services. I mean, they're out there buying up companies, but you just can't automatically assume that they're going to, you know, integrate day one, and it's going to take time for some of their services to come and become reality, so to speak. So yes, I agree that there will be players out there that will push these lager SaaS companies, and hopefully get the right behaviors and right pricing. >> I've said for years, Dan, that I've predicted that ServiceNow and Salesforce are on a collision course. It didn't really happen, but it's starting to, because ServiceNow, the valuation is so huge. They have to grow into other markets much in the same way that Salesforce has. So maybe we'll see McDermott start doing some acquisitions. It's maybe a little tougher for ServiceNow given their whole multi-instance architecture and sort of their own cloud. That's going to be interesting to see how that plays out. >> Yeah. Yeah. You got to play in that type of architecture, let's put it that way. Yes, it'll be interesting to see how that does play out. >> What are your thoughts on the big hyperscalers; Amazon, Microsoft, Google? What's the right strategy there? Do you go all in on one cloud like AWS or are you more worried about lock-in? Do you want to spread your bets across clouds? How real is multi-cloud? Is it a strategy or more sort of a reality that you get M and A and you got shadow IT? What's your take on all that? >> Yeah, that's a great question because it does make you think a little differently around you know, where to put all your eggs. And it's getting tougher because you do want to distribute those eggs out to multiple vendors, if you would, service providers. But, you know, for instance we had a situation where we were building a brand new business intelligence data warehouse, and we decided to go with Microsoft as its core database. And we did a bake-off on business analytic tools. We had like seven of them at Beacon and we ended up choosing Microsoft's Power BI, and a good part of that reason, not all of it, but a good part of it was because we felt they did everything else that the Tableau's and others did, but, you know, Microsoft would work to give, you know, additional capabilities to Power BI if it's sitting on their database. So we had to take that into consideration, and we did and we ended up going with Power BI. With Amazon, I think Amazon's a little bit more, I'll put it horizontal, whereby they can help you out because of the database and just kind of be in that data center, if you would, and be able to move some of your homegrown applications, some of your technical debt over to that, I'll say cloud. But it'll get interesting because when you talk about integration, when you talk about moving forward with a new functionality, yeah, you have to put your architecture in a somewhat of a center point, and then look to see what is easier, cheaper, cost-effective, but, you know, what's happening to my functionality over the next three to five years. >> But it sounds like you'd subscribe to a horses for courses approach, where you put the right workload in the right cloud, as opposed to saying, I'm going to go all in on one cloud and it's going to be, you know, same skillset, same security, et cetera. It sounds like you'd lean toward the former versus going all in with, you know, MANO cloud. >> Yeah, I guess again, when I look at the architecture. There will be major, you know, breaks if you would. So yes, there is somewhat of a, you know, movement to you know, go with one horse. But, you know, I could see looking back at the Beacon architecture that we could, you know, lift and put the claims adjudication capabilities up in Amazon and then have that conduct, you know, the left to right claims processing, and then those transactions could then be moved into Microsoft's data warehouse. So, you know, there is ways to go about spreading it out so that you don't have all those eggs in one basket and that you reduce the amount of risk, but that weighed heavily on my mind. >> So I was going to ask you, how much of a factor lock-in is it? It sounds like it's more, you know, spreading your eggs around, as you say and reducing your risk as opposed to, you know, worried about lock-in, but as a CIO, how worried are you about lock-in? Where is that fit in the sort of decision tree? >> Ah, I mean, I would say it's up there, but unfortunately, there's no number one, there's like five number ones, if you would. So it's definitely up there and it's something to consider when you're looking at, like you said, the cost, risk integration, and then time. You know, sometimes you're up against the time. And again, security, like I said. Security is a big key in healthcare. And actually security overall, whether you're retail, you're going to always have situations no matter what industry, you got to protect the business. >> Yeah, so I want to ask you about security. That's the other number one. Well, you might've been a defacto CSO, but kind of when we started in this business security was the problem of the security teams, and you know, it's now a team sport. But in thinking about the cloud and security, how big of a concern is the cloud? Is it just more, you're looking for consistency and be able to apply the corporate edicts? Are there other concerns like the shared responsibility model? What are your thoughts on security in the cloud? >> Well, it probably goes back to again, the industry, but when I looked at the past five years in healthcare, doing a lot of work with the CMS and Medicaid, Medicare, they had certain requirements and certain restrictions. So we had to make sure that we follow those requirements. And when you got audited, you needed to make sure that you can show that you are adhering to their requirements. So over the past, probably two years with Amazon's government capabilities that those restrictions have changed, but we were always looking to make sure that we owned and managed how we manage the provider and member data, because yes, we did not want to have obviously a breach, but we wanted to make sure we were following the guidelines, whether it's state or federal, and then and even some cases healthcare guidelines around managing that data. So yes, top of mind, making sure that we're protecting, you know, in my case so we had 37 million members, patients, and we needed to make sure that if we did put it in the cloud or if it was on-prem, that it was being protected. And as you mentioned, recently come off of, I was going to say Amazon, but it was an acquisition. That company that was looking at us doing the due diligence, they gave us thumbs up because of how we were managing the data at the lowest point and all the different levels within the architecture. So Anthem who did the acquisition, had a breach back in, I think it was 2015. That was top of mind for them. We had more questions during the due diligence around security than any other functional area. So it is critical, and I think slowly, some of that type of data will get up into the cloud, but again, it's going to go through some massive risk management and security measures, and audits, because how fragile that is. >> Yeah, I mean, that could be a deal breaker in an acquisition. I got two other questions for you. One is, you know, I know you follow the technologies very closely, but there's all the buzz words, the digital transformation, the AI, these new SaaS models that we talked about. You know, a lot of CIOs tell me, look, Dave, get the business right and the technology is the easy part. It's people, it's process. But what are you seeing in terms of some of this new stuff coming out, there's machine learning, you know, obviously massive scale, new cloud workloads. Anything out there that really excites you and that you could see on the horizon that could be, you know, really change agents for the next decade? >> Yeah, I think we did some RPA, robotics on some of the tasks that, you know, where, you know, if the analysis types of situations. So I think RPA is going to be a game changer as it continues to evolve. But I agree with what you just said. Doing this for quite a while now, it still comes down to the people. I can get the technology to do what it needs to do as long as I have the right requirements, so that goes back to people. Making sure we have the partnership that goes back to leadership and the people. And then the change management aspects. Right out of the gate, you should be worrying about how is it going to affect and then the adoption and engagement. Because adoption is critical, because you can go create the best thing you think from a technology perspective, but if it doesn't get used correctly, it's not worth the investment. So I agree, whether it's digital transformation or innovation, it still comes down to understanding the business model and injecting and utilizing technology to grow or reduce costs, grow the business or reduce costs. >> Yeah, usage really means value. Sorry, my last question. What's the one thing that vendors shouldn't do? What's the vendor no-no that'll alienate CIO's? >> To this day, I still don't like, there's a company out there that starts with an O. I still don't like it to that, every single technology module, if you would, has a separate sales rep. I want to work with my strategic partners and have one relationship and that single point of contact that spark and go back into their company and bring me whatever it is that we're looking at so that I don't get, you know, for instance from that company that starts with an O, you know, 17 calls from 17 different sales reps trying to sell me 17 different things. So what irritates me is, you know, you have a company that has a lot of breadth, a lot of, you know, capability and functional, you know that I may want. Give me one person that I can deal with. So a single point of contact, then that makes my life a lot easier. >> Well, Dan Sheehan, I really appreciate you spending some time on theCUBE, it's always a pleasure catching up with you and really appreciate you sharing your insights with our audience. Thank you. >> Oh, thank you, David. I appreciate the opportunity. You have a great day. >> All right. You too. And thank you for watching everybody. This is Dave Vellante for theCUBE on Cloud. Keep it right there. We'll be back with our next guest right after the short break. Awesome, Dan.

>> Hello, my name is Petar Bojovic, director of technology infrastructure from Blue Cross Blue Shield of North Carolina. I have been with this organization for over three years and I own system engineering across private and public cloud, virtualization, OS, backup, storage, OpenShift platform, and automation. I have been implementing significant change improving our operating model since I arrived. Blue Cross Blue Shield North Carolina is transforming healthcare by changing the current model. We are focusing on something called value-based healthcare. Traditionally, healthcare model is typically a fee for service or capitated approach in which providers are paid based on the amount of health care services they deliver. Fee for service versus outcome. So when you go to a doctor and you do an office visit, they charge you for every item that they see you with. Based on that, they send that to my organization to adjudicate those claims. Value-based healthcare, on the other hand is a healthcare delivery model in which providers, including hospitals and physicians, are paid based on patient health outcomes. The value in value-based healthcare is derived from measuring health outcomes against the cost of delivering those outcomes. Well, we want to do the same and derive value out of IT as well. Significant value can be attained through automation on all levels. Just like most journeys, mine began with motivation. Let's talk about how I got here, how did I get started and how you can do it too. But first let's talk about Ansible. The automation engine is designed to provide an easy, reusable and platform-independent vehicle to automate complex and repetitive tasks. First off, Ansible is an open-source tool. It is very simple to use and set up. Even better, it's extremely powerful and flexible. You can orchestrate the entire application environment, no matter where it's deployed. You can also customize it based on your needs. Back in 2018, we had to build 150 jump server VMs in under 24 hours. Well, we leveraged some of the cobbled automation tools and scripts to get this done within that timeline. Without leveraging these tools and automation, this would have taken at least a week to facilitate the build. So a couple key takeaways from that exercise. Number one, this was awesome. All right, number two. We saw amazing potential in automation. Number three, we ran into network and other related build issues. Number four, we were unsure what to do next and where to focus within the realm of automation. So fast forward to May, 2019. My infrastructure engineering team introduced infrastructure automation software, you guessed it, Ansible to Blue Cross North Carolina to reduce overall IT costs, increase agility, productivity, and delivery while reducing delays and reliance on outside managed service providers or those repetitive manual tasks. So in the past, to provision a single server or virtual machine would take a minimum of 10 business days. That's not the overall process. That is just the deployment, would take 10 business days and over 20 hours of work, resulting in a cost of approximately $3,300 in charges per build. That's over $3,000 per build per server. However, with the automation platform provided by Ansible, this effort was significantly reduced. Reduced to under one business day, a half-hour worth of work and zero managed service provider charges. Let's fast forward a bit, to middle to late 2019. Blue Cross North Carolina decided to re-host the Facets application platform in-house within our co-locations. Well, Facets is a claim adjudication platform. After a medical claim is submitted, the insurance company Blue Cross determines their financial responsibility for the payment to the provider. This process is referred to as claims adjudication. Blue Cross was faced with the requirement to create roughly 1000 virtual machines as quickly as possible across all regions. Development, tests, training, QA, UAT, P stage, a staging environment, production, NDR. Well, our current managed service provider projected requiring 12 dedicated staff members and 16 weeks to process this request. Nope. There had to be a better way. By leveraging automation, the existing infrastructure engineering team was able to successfully provision all the required servers across three business days, in a total of 16 hours as well as nine weeks ahead of the project plan schedule, resulting in a cost avoidance of over $850,000. That's amazing, isn't it? Well, since then, the infrastructure engineering team has continued to use automation to assist teams both inside and outside of IT by reducing hours spent on repetitive tasks. Automation has increased the speed and accuracy of account creation, security hardening, and remediations, environment-wide configuration changes and software agent installations, just to name a few. This implementation had a significant positive impact on cost savings and cost avoidance and how quickly we can deliver and deploy infrastructure for projects. How were we able to implement this meaningful change? Well, I'll tell you, we started to evangelize and convert those naysayers to the wonderful world of automation. "Automate everything" was our mantra, even automate the automation. We'll eventually get there. It took a top-down approach to really accelerate use and adoptions. I spoke to anyone and everyone I could, my VP did the same, and even my CIO, Jo Abernathy. She started touting how important automation will be to the organization, its value, and how we can stay competitive and deploy faster and deliver at the speed of innovation. Wow, just wow. With a top-down approach for automation, we are empowering teams throughout the business to focus on those areas that are ripe for automation. Repetitive mundane tasks, those that are time delays are ideal candidates and allow these teams to focus on their core workload, versus time spent on those repetitive tasks. We are flaunting our automation successes within IT infrastructure to other departments in IT and the business at large. These conversations are opening up new possibilities to empower team members to leverage automation to deploy and deliver more quickly to meet the demand of enterprise projects and initiatives. Since its inception, the team has delivered on every project request ahead of schedule for infrastructure build, think about that. Every project request has been delivered ahead of schedule from an infrastructure perspective. That's fantastic. Well, automation is not new to the company, my company, nor yours. There's many tools, we use scripting, there's a lot available, but with Ansible and the way we've been able to implement it and make meaningful impact quickly, is new to the industry. We have been able to automate and reap significant cost avoidance in a short amount of time. Other similarly-sized companies are leveraging the same tool for longer and are not able to accomplish as much as we did in a short of time. We had motivation. Since starting this initiative, we are averaging cost avoidances in excess of $250,000 monthly. As difficult as it is to implement something new in most companies, the team implemented this capability and way of thinking within months. The sheer dedication to the business objective and the can-do attitude allowed us to be extremely successful. Thank you very much for your time and allowing me to tell my story.

from the cube studios in Palo Alto in Boston connecting with thought leaders all around the world this is a cube conversation hi everybody this is Dave Volante and welcome to this special digital cube presentation sponsored by IBM we're going to focus in on data op data ops in action a lot of practitioners tell us that they really have challenges operationalizing in infusing AI into the data pipeline we're going to talk to some practitioners and really understand how they're solving this problem and really pleased to bring Victoria stayshia vich who's the Global Information Systems Manager for information management at harley-davidson Vik thanks for coming to the cube great to see you wish we were face to face but really appreciate your coming on in this manner that's okay that's why technology's great right so you you are steeped in a data role at harley-davidson can you describe a little bit about what you're doing and what that role is like definitely so obviously a manager of information management >> governance at harley-davidson and what my team is charged with is building out data governance at an enterprise level as well as supporting the AI and machine learning technologies within my function right so I have a portfolio that portfolio really includes DNA I and governance and also our master data and reference data and data quality function if you're familiar with the dama wheel of course what I can tell you is that my team did an excellent job within this last year in 2019 standing up the infrastructure so those technologies right specific to governance as well as their newer more modern warehouse on cloud technologies and cloud objects tour which also included Watson Studio and Watson Explorer so many of the IBM errs of the world might hear about obviously IBM ISEE or work on it directly we stood that up in the cloud as well as db2 warehouse and cloud like I said in cloud object store we spent about the first five months of last year standing that infrastructure up working on the workflow ensuring that access security management was all set up and can within the platform and what we did the last half of the year right was really start to collect that metadata as well as the data itself and bring the metadata into our metadata repository which is rx metadata base without a tie FCE and then also bring that into our db2 warehouse on cloud environment so we were able to start with what we would consider our dealer domain for harley-davidson and bring those dimensions within to db2 warehouse on cloud which was never done before a lot of the information that we were collecting and bringing together for the analytics team lived in disparate data sources throughout the enterprise so the goal right was to stop with redundant data across the enterprise eliminate some of those disparity to source data resources right and bring it into a centralized repository for reporting okay Wow we got a lot to unpack here Victoria so but let me start with sort of the macro picture I mean years ago you see the data was this thing that had to be managed and it still does but it was a cost was largely a liability you know governance was sort of front and center sometimes you know it was the tail that wagged the value dog and then the whole Big Data movement comes in and everybody wants to be data-driven and so you saw some pretty big changes in just the way in which people looked at data they wanted to you know mine that data and make it an asset versus just a straight liability so what what are the changes that you discerned in in data and in your organization over the last let's say half a decade we to tell you the truth we started looking at access management and the ability to allow some of our users to do some rapid prototyping that they could never do before so what more and more we're seeing as far as data citizens or data scientists right or even analysts throughout most enterprises is it well they want access to the information they want it now they want speed to insight at this moment using pretty much minimal Viable Product they may not need the entire data set and they don't want to have to go through leaps and bounds right to just get access to that information or to bring that information into necessarily a centralized location so while I talk about our db2 warehouse on cloud and that's an excellent example of one we actually need to model data we know that this is data that we trust right that's going to be called upon many many times from many many analysts right there's other information out there that people are collecting because there's so much big data right there's so many ways to enrich your data within your organization for your customer reporting the people are really trying to tap into those third-party datasets so what my team has done what we're seeing right change throughout the industry is that a lot of teams and a lot of enterprises are looking at s technologists how can we enable our scientists and our analysts right the ability to access data virtually so instead of repeating right recuperating redundant data sources we're actually ambling data virtualization at harley-davidson and we've been doing that first working with our db2 warehouse on cloud and connecting to some of our other trusted versions of data warehouses that we have throughout the enterprise that being our dealer warehouse as well to enable obviously analysts to do some quick reporting without having to bring all that data together that is a big change I see the fact that we were able to tackle that that's allowed technology to get back ahead because most backup Furnish say most organizations right have given IT the bad rap wrap up it takes too long to get what we need my technologists cannot give me my data at my fingertips in a timely manner to not allow for speed to insight and answers the business questions at point of time of delivery most and we've supplied data to our analysts right they're able to calculate aggregate brief the reporting metrics to get those answers back to the business but they're a week two weeks too late the information is no longer relevant so data virtualization through data Ops is one of the ways and we've been able to speed that up and act as a catalyst for data delivery but we've also done though and I see this quite a bit is well that's excellent we still need to start classifying our information and labeling that at the system level we've seen most most enterprises right I worked at Blue Cross as well with IBM tool had the same struggle they were trying to eliminate their technology debt reduce their spend reduce the time it takes for resources working on technologies to maintain technologies they want to reduce their their IT portfolio of assets and capabilities that they license today so what do they do to do that it's time to start taking a look at what systems should be classified as essential systems versus those systems that are disparate and could be eliminated and that starts with data governance right so okay so your your main focus is on governance and you talked about real people want answers now they don't want to have to wait they don't want to go big waterfall process so what was what would you say was sort of some of the top challenges in terms of just operationalizing your data pipelining getting to the point that you are today you know I have to be quite honest um standing up the governance framework the methodology behind it right to get it data owners data stewards at a catalog established that was not necessarily the heavy lifting the heavy lifting really came with I'm setting up a brand new infrastructure in the cloud for us to be quite honest um we with IBM partnered and said you know what we're going to the cloud and these tools had never been implemented in the cloud before we were kind of the first do it so some of the struggles that we aren't they or took on and we're actually um standing up the infrastructure security and access management network pipeline access right VPN issues things of that nature I would say is some of the initial roadblocks we went through but after we overcame those challenges with the help of IBM and the patience of both the Harley and IBM team it became quite easy to roll out these technologies to other users the nice thing is right we at harley-davidson have been taking the time to educate our users today up for example we had what we call the data bytes a Lunch and Learn and so in that Lunch and Learn what we did is we took our entire GIS team our global information services team which is all of IT through these new technologies it was a form of over 250 people with our CIO and CTO on and taking them through how do we use these tools what are the purpose of schools why do we need governance to maintain these pools why is metadata management important to the organization that piece of it seems to be much easier than just our initial scanning it up so it's good enough to start letting users in well sounds like you had real sponsorship from from leadership and input from leadership and they were kind of leaning into the whole process first of all is that true and how important is that for success oh it's essential we often said when we were first standing up the tools to be quite honest is our CIO really understand what it is that were for standing up as our CIO really understand governance because we didn't have the time to really get that face-to-face interaction with our leadership so I myself made it a mandate having done this previously at Blue Cross to get in front of my CIO and my CTO and educate them on what it is we are exactly standing up and once we did that it was very easy to get at an executive steering committee as well as an executive membership Council right I'm boarded with our governance council and now they're the champions of that it's never easy that was selling governance to leadership and the ROI is never easy because it's not something that you can easily calculate it's something that has to show its return on investment over time and that means that you're bringing dashboards you're educating your CIO and CTO and how you're bringing people together how groups are now talking about solutions and technologies in a domain like environment right where you have people from at an international level we have people from Asia from Europe from China that join calls every Thursday to talk about the data quality issue specific to dealer for example what systems were using what solutions on there are on the horizon to solve them so that now instead of having people from other countries that work for Harley as well as just even within the US right creating one-off solutions that are answering the same business questions using the same data but creating multiple solutions right to solve the same problem we're now bringing them together and we're solving together and we're prioritizing those as well so that return on investment necessarily down the line you can show that is you know what instead of this printing into five projects we've now turned this into one and instead of implementing four systems we've now implemented one and guess what we have the business rules and we have the classification I to this system so that you CIO or CTO right you now go in and reference this information a glossary a user interface something that a c-level can read interpret understand quickly write dissect the information for their own need without having to take the long lengthy time to talk to a technologist about what does this information mean and how do i how do I use it you know what's interesting is take away based on what you just said is you know harley-davidson is an iconic brand cool company with fuckin motorcycles right and but you came out of an insurance background which is a regulated industry where you know governance is sort of de rigueur right I mean it's it's a table steak so how are you able that arleigh to balance the sort of tension between governance and the sort of business flexibility so there's different there's different lovers I would call them right obviously within healthcare in insurance the importance becomes compliance and risk and regulatory right they're big pushes gosh I don't want to pay millions of dollars for fines start classifying this information enabling security reducing risk all that good stuff right for Harley Davidson it was much different it was more or less we have a mission right we want to invest in our technologies yet we want to save money how do we cut down the technologies that we have today reduce our technology spend yet and able our users have access to more information in a timely manner that's not an easy that's not an easy pass right um so what we did is I took that my married governance part-time model and our time model is specific worried they're gonna tolerate an application we're going to invest in an application we're gonna migrate an application or we're gonna eliminate that so I'm talking to my CIO said you know we can use governance the classifier system help act as a catalyst when we start to implement what it is we're doing with our technologies which technologies are we going to eliminate tomorrow we as IG cannot do that unless we discuss some sort of business impact unless you look at a system and say how many users are using us what reports are essential the business teams do they need this system is this something that's critical for users today to eat is this duplicate 'iv right we have many systems that are solving the same capability that is how I sold that off my CIO and it made it important to the rest of the organization they knew we had a mandate in front of us we had to reduce technology spend and that really for me made it quite easy and talking to other technologists as well as business users on why if governance is important why it's going to help harley-davidson and their mission to save money going forward I will tell you though that the businesses of biggest value right is the fact that they now owns the data they're more likely right to use your master data management systems like I said I'm the owner of our MDM services today as well as our customer knowledge center today they're more likely to access and reference those systems if they feel that they built the rule and they own the rules in those systems so that's another big value add to write as many business users will say ok you know you think I need access to this system I don't know I'm not sure I don't know what the data looks like within it is it easily accessible is it gonna give me the reporting metrics that I need that's where governance will help them for example like our state a scientist beam using a catalog right you can browse your metadata you can look at your server your database your tables your fields understand what those mean understand the classifications the formulas within them right they're all documented in a glossary versus having to go and ask for access to six different systems throughout the enterprise hoping right that's Sally next few that told you you needed access to these systems was right just to find out that you don't need the access and hence it took you three days to get the access anyway that's why a glossary is really a catalyst a lot of that well it's really interesting what you just said about you went through essentially an application rationalization exercise which which saved your organization money that's not always easy because you know businesses even though the you know IIT may be spending money on these systems businesses don't want to give them up but you were able to use it sounds like you're able to use data to actually inform which applications you should invest in versus you know sunset as well you'd sounds like you were giving the business a real incentive to go through this exercise because they ended up as you said owning the data well then what's great right who wants pepper what's using the old power and driving a new car if they can buy the I'm sorry bull owning the old car right driving the old park if they can truly own a new car for a cheaper price nobody wants to do that I've even looked at Tesla's right I can buy a Tesla for the same prices I can buy a minivan these days I think I might buy the Tesla but what I will say is that we also use that we built out a capabilities model with our enterprise architecture team and building that capabilities model we started to bucket our technologies within those capabilities models right like AI machine learning warehouse on cloud technologies are even warehousing technologies governance technologies you know those types of classifications today integrations technologies reporting technologies by kind of grouping all those into a capabilities matrix right and was Eve it was easy for us to then start identifying alright we're the system owners for these when it comes to technologies who are the business users for these based on that right let's go talk to this team the dealer management team about access to this new profiling capability with an IBM or this new catalog with an IBM right that they can use stay versus this sharepoint excel spreadsheets they were using for their metadata management right or the profiling tools that were old you know ten years old some of our sa peoples that they were using before right let's sell them on the noodles and start migrating them that becomes pretty easy because I mean unless you're buying some really old technology when you give people a purview into those new tools and those new capabilities especially with some of the IBM's new tools we have today there the buy-in is pretty quick it's pretty easy to sell somebody on something shiny and it's much easier to use than some of the older technologies let's talk about the business impact in my understanding is you were trying to increase the improve the effectiveness of the dealers not not just go out and brute force sign up more dealers were you able to achieve that outcome and what does it meant for your business yes actually we were so right now what we did is we slipped something called a CDR and that's our consumer dealer and development repository right that's where a lot of our dealer information resides today it's actually argue ler warehouse we had some other systems that we're collecting that information Kalinin like speed for example we were able to bring all that reporting man to one location sunset some of those other technologies but then also enable for that centralized reporting layer which we've also used data virtualization to start to marry submit information to db2 warehouse on cloud for users so we're allowing basically those that want to access CDR and our db2 warehouse and called dealer information to do that within one reporting layer um in doing so we were able to create something called a dealer harmonized ID really which is our version of we have so many dealers today right and some of those dealers actually sell bytes some of those dealers sell just apparel material some of those dealers just sell parts of those dealers right can we have certain you IDs kind of a golden record mastered information if you will right bought back in reporting so that we can accurately assess the dealer performance up to two years ago right it was really hard to do that we had information spread out all over it was really hard to get a good handle on what dealers were performing and what dealers weren't because was it was tough right for our analysts to wrangle that information and bring it together it took time many times we you would get multiple answers to one business question which is never good right one one question should have one answer if it's accurate um that is what we worked on within us last year and that's where really our CEO so the value at is now we can start to act on what dealers are performing at an optimal level versus what dealers are struggling and that's allowed even our account reps or field steel fields that right to go work with those struggling dealers and start to share with them the information of you know these are what some of our stronger dealer performing dealers are doing today that is making them more affecting it inside sorry effective is selling bikes you know these are some of the best practices you can implement that's where we make right our field staff smarter and our dealers smarter we're not looking to shut down dealers we just want to educate them on how to do better well and to your point about a single version of the truth if you will the the lines of business kind of owning their own data that's critical because you're not spending all your time you know pointing at fingers trying to understand the data if the if the users own it then they own it I and so how does self-service fit in were you able to achieve you know some level of self-service how far could you and you go there we were we did use some other tools I'll be quite honest aside from just the IBM tools today that's enabled some of that self-service analytics si PSAC was one of them Alteryx is another big one that we like to that our analyst team likes to use today to wrangle and bring that data together but that really allowed for our analysts spread in our reporting teams to start to build their own derivations their transformations for reporting themselves because they're more user interface space versus going in the backend systems and having to write straight pull right sequel queries things of that nature it usually takes time then requires a deeper level of knowledge then what we'd like to allow for our analysts right to have today I can say the same thing with the data scientist scheme you know they use a lot of the R and Python coding today what we've tried to do is make sure that the tools are available so that they can do everything they need to do without us really having to touch anything and I will be quite honest we have not had to touch much of anything we have a very skilled data scientist team so I will tell you that the tools that we put in place today Watson explore some of the other tools as well they haven't that has enabled the data scientists to really quickly move do what they need to do for reporting and even in cases where maybe Watson or Explorer may not be the optimal technology right for them to use we've also allowed for them to use some of our other resources are open source resources to build some of the models that they're that they were looking to build well I'm glad you brought that up Victoria because IBM makes a big deal out of you know being open and so you're kind of confirming that you can use third-party tools and and if you like you know tool vendor ABC you can use them as part of this framework yeah it's really about TCO right so take a look at what you have today if it's giving you at least 80% of what you need for the business or for your data scientists or reporting analysts right to do what they need to do it's to me it's good enough right it's giving you what you need it's pretty hard to find anything that's exactly 100 percent it's about being open though to when you're scientists or your analysts find another reporting tool right that requires minimal maintenance or let's just say did a scientist flow that requires minimal maintenance it's free right because it's open source IBM can integrate with that and we can enable that to be a quicker way for them to do what they need to do versus telling them no right you can't use the other technologies or the other open source information out there for you today you've got to use just these spools that's pretty tough to do and I think that would shut most IT shops down pretty quick within larger enterprises because it would really act as a roadblock to allow most of our teams right to do what they need to do reporting well last question so a big part of this the data ops you know borrowing from DevOps is this continuous integration continuous improvement you know kind of ongoing MOOC raising the bar if you will what do you see going from here oh I definitely see I see a world I see a world of where we're allowing for that rapid prototyping like I was talking about earlier I see a very big change in the data industry you said it yourself right we are in the brink of big data and it's only gonna get bigger there are organizations right right now that have literally understood how much of an asset their data really is today but they're starting to sell their data ah to other of their similar people are smaller industries right similar vendors within the industry similar spaces right so they can make money off of it because data truly is an asset now the key to it that was obviously making sure that it's curated that it's cleanse that it's rusted so that when you are selling that back you can't really make money off of it but we've seen though and what I really see on the horizon is the ability to vet that data right is in the past what have you been doing the past decade or just buying big data sets we're trusting that it's you know good information we're not doing a lot of profiling at most organizations arts you're gonna pay this big top dollar you're gonna receive this third-party data set and you're not gonna be able to use it the way you need to what I see on the horizon is us being able to do that you know we're building data Lake houses if you will right we're building um really those Hadoop link environments those data lakes right where we can land information we can quickly access it we can quickly profile it with tools that it would take hours for an ALICE write a bunch of queries do to understand what the profile of that data look like we did that recently at harley-davidson we bought and some third-party data evaluated it quickly through our agile scrum team right within a week we determined that the data was not as good as it as the vendor selling it right pretty much sold it to be and so we told the vendor we want our money back the data is not what we thought it would be please take the data sets back now that's just one use case right but to me that was golden it's a way to save money and start betting the data that we're buying otherwise what I would see in the past or what I've seen in the past is many organizations are just buying up big third-party data sets and just saying okay now it's good enough we think that you know just because it comes from the motorcycle and council right for motorcycles and operation Council then it's good enough it may not be it's up to us to start vetting that and that's where technology is going to change data is going to change analytics is going to change is a great example you're really in the cutting edge of this whole data op trend really appreciate you coming on the cube and sharing your insights and there's more in the crowd chatter crowd chatter off the Thank You Victoria for coming on the cube well thank you Dave nice to meet you it was a pleasure speaking with you yeah really a pleasure was all ours and thank you for watching everybody as I say crowd chatting at flash data op or more detail more Q&A this is Dave Volante for the cube keep it right there but right back right after this short break [Music]

>> Announcer: Live from New York City, it's theCube covering Cyber Connect 2017. Brought to you by Centrify and The Institute for Critical Infrastructure Technology. >> Okay, welcome back everyone, this is a live Cube coverage here in New York City at the Grand Hyatt Ballroom. I'm John Furrier with my co-host Dave Vellante. This is Cyber Connect 2017, the inaugural conference of a new kind of conference bringing industry and government and practitioners together to solve the crisis of this generation, according to Keith Alexander, who was on stage earlier. Our next guest is the CEO of the company that's under running this event, Tom Kemp, co-founder and CEO of Centrify. Congratulations, Tom, we met, we saw you last week, came in the studio in Palo Alto. Day one was coming to a close. Great day. >> Yeah, it's been amazing, we've had over 500 people here. We've been webcasting this, we have 1,000 people. And, of course, we've got your audience as well. So, clearly, over 2,000 people participating in this event, so we're really pleased with the first day turn-out. >> So, I would say this is, like, a new kind of event, a little bit different than most events in the business. Response has been very well received, sold out, packed house, I couldn't get a chair, strolled in, not late, but, I mean, you know, towards the end of your Keynote. This is the dynamic, there's demand for this. Why is this so popular? You guys had a good hunch here, what's been the feedback? >> Well, the feedback's been great, first of all. But, the reality is, is that, organizations are spending 10% more per year on security but the reality is the breaches are growing 40 to 70% per year. So, no matter how much money they're throwing at it, the problem's getting worse, and so people are, for the most part, kind of throwing up their hands and saying, how can we re-think security as well? So, I think there's just a complete hunger to hear best practices from some of the top CSO's. You know we had US bank CSO, we had Etna, Blue Cross Blue Shield, etcetera. What are these guys doing to keep their data secure and make sure that they don't make headlines? >> So, I want to ask you a question on the business front, obviously we saw last week, Alphabet, AKA Google, Twitter and Facebook in front of the Setna committee, around this influence thing going on with the media, still an exploit, but a little bit different than pay load based stuff we're normally seeing with security hacks, still relevant, causes some problems, you guys have been very successful in Washington. I'm not saying you're lobbying, but as a start up, you ingratiated yourself into the community there, took a different approach. A lot of people are saying that the tech companies could do a better job in D.C., and a lot of the times Google and these treasure troves of data, they're trying to figure it out. You took a different approach and the feedback we heard on theCube is working. You guys are well received in there, obviously the product, good timing to have an identity solution, and zero trust philosophy you have. Well, you did something different. What was the strategy? Why so much success in D.C. for Centrify? >> Well, we actually partnered with the IT folks and the security people. I mean, we actually spent a lot of time on site, talking with them, and actually, we built a lot of capabilities for what the government was looking to address from an identity access security perspective. That's just the reality of the situation. And so, we took a long haul view, we've done very great in the, two of our largest customers are intelligence agencies, but we actually have over 20% of our sales that goes to the federal government, state and local as well. So, you really can't just go in there, spend a lot of money, do a lot of hype. You actually have to roll up your sleeves and help them solve the mission. They call it the mission, right, they have mission, and you got to be focused on how you can address them and work with the technologist out there to make sure, so it was just, really just blocking and tackling the ground game, >> So common sense sounds like, just do the work. >> Yeah, do the work, really listen. And think about it as a multi-year investment, right? I mean, in a lot of start ups, they just, like, oh, can't get the sale, move on, right. But you actually have to realize, especially in security, that most tech companies that have a big security presence, they should get 15-20% of their business from the US government. >> That's a big bet for you guys, were you nervous at first? I mean, obviously, you have confidence now looking back, I mean, it must've been pretty nerve wracking because it's a big bet. >> It's a big bet because you also have to meet certain government standards and requirements. You got to get FIP certification, you got to get common criteria, in the cloud, you got to get FedRAMP, and that means you also have to have customers in the federal government approve you and bring you in and then you have to go through the lengthy audit process. And we're actually about to get our FedRAMP certification, just passed the audit and that's going to be coming up pretty soon as well. So, yeah, to go get common criteria, to get FedRAMP, you have to spend a million dollars for those types of certifications. At the same time, working with the large federal agencies. >> So Tom, you gave us the numbers, 10% more spending every year on security but breaches are up 40 to 70%, you said in your talk that's two trillion dollars in lost dollars, productivity, IP, etcetera, so obviously it's not working, you've mentioned a number of folks in here talking today. What's their mindset? Is their mindset this is a do-over? Or, is it, just we got to do a better job? >> I think we're getting to the point where its' going to be a do-over. And I think, first of all, people realize that the legacy technology that they have have historically focused on premises. But, the world's rapidly moving to the cloud, right? And so, you need to have cloud-based scale, a cloud-based architecture, to deliver security nowadays because the perimeter is completely going away. That's the first thing. And, I think there's also realization that there needs to be Big Data machine learning applied to this. And you guys talk about this all the time, the whole rise of Big Data. But, security is probably the best vertical. >> Data application. >> Exactly, it's probably the best vertical, because you need real-time instantaneous should I let this person come into the system or not, right? Or, over time, is this, does this represent malicious activity as well? So, I think people are realizing that what they've been doing's not working, they realize they're moving to the cloud, they need to adopt cloud, to, not only secure cloud, but have their technology be based in the cloud and they need to apply machine learning to the problem as well. >> So, in your talk, you talked about a paradigm shift, which I inferred as a mindset shift in how security practices in technologies should be applied, you got to lot of content in there. But could you summarize for our audience sort of the fundamentals? >> Well, the first fundamental is, is that the attack vector is completely changed, right? Before, it was all about vulnerabilities that someone hadn't patched this latest version of Windows, etcetera. Those problems are really solved, for the most part. I mean, occasionally it kind of pops in now and then, but for the most part, enterprises and governments are good about patching systems etcetera. You don't hear about sequel injections anymore. So, a lot of those problems have been resolved. But, where the attackers are going, they're going after the actual users, and so, I know you had the Verizon folks here on theCube, and if you look at the latest Verizon data breacher port, eight out of 10 breaches involve stolen and compromised credentials, right? And that has grown over the last few years from 50% to 60% now to over 80%. Look at the election, right? You talk about all this Twitter stuff and Facebook and all that stuff, it's John Podesta's emails getting stolen, it's the democrat's emails getting stolen, and you know, now that people have the Equifax data, they've got even more information to help figure out-- >> Social engineering is a big theme here. >> Absolutely. >> They have this data out on the dark web, this methodologies and there's also, you know, we talked with the critical interset guys that you're partnering with about all the terrorism activity, so, there's influence campaigns going on that are influencing through social engineering, but that data's being cross connected for, you know, radicalizing people to kill people in the United States. >> Well, there's that. And then there's nation states, there's insiders. So, the reality is, is that, it turns out from a security perspective, that we, the humans, we're the weakest link in this. And so, yes, there needs to be process, there needs to be technology, there needs to be education here as well. But the reality is that the vast majority of spin on security is for the old stuff, it's like we're trying to fight a land war in Asia, and that's how we're investing, we're still investing in M1 tanks in security, but the reality is that 80% of the breaches are occurring because they're attacking the individuals. They're either fooling them, or stealing it by some means or mechanisms, and so the attack vector is now the user. And that's this, and people are probably spending less than 10% securing the users, but it represents 80% of the actual attack vector. >> Talk about the general, you've had some one-on-one times with him, he's giving a keynote here, gave a keynote this morning, very inspiring. I mean, I basically heard him pounding on the table, "we don't fix this mess, You know, we're going to be in trouble, it's going to be worse than it is!" Think differently, almost re-imagining, his vibe was almost about let's re-imagine, let's partner, let's be a community. What else can you share with you interaction with him? I know he's a very rare to get to speak, but you know, running the cyber command for the NSA, great on offense, we need work on defense. What have you learned from him that industry could take away? >> Yeah, I think you hit it, which is, and I didn't realize that there's a bigger opportunity here, which is, is that in real time, there needs to be more sharing among like constituents. For example, in the energy industry, these organizations, they need to come together and they need to share, not only in terms of round tables, but they actually need to share data. And it probably needs to happen in the cloud, where there's the threats, the attacks that are happening in real time, need to be shared with their peers in the industry as well. And so, and I think government needs to also play a part in that as well. Because each of us, we're trying to fight the Russians, right? And the Chinese and the North Koreans, etcetera and a enterprise just can't deal with that alone and so they need to band together, share information, not only from an educational, like we have today, but actually real time information. And then again, leverage that machine learning. That artificial intelligence to say, "wait a minute, we've detected this of our peers and so we should apply some preventative controls to stop it." >> And tech is at the center of the government transformation more than ever. And again, Twitter, Facebook, and Alphabet in front of the senate, watching them, watching the senators kind of fumbling with the marbles. You know, hey, what's Facebook again? I mean, the magnitude of the data and the impact of these new technologies and with Centrify, the collision between government and industry is happening very rapidly. So, the question is that, you know, how will you guys, seeing this going forward, is it going to be, you know, the partnership as they come together fast or will more mandates come and regulations, which could stifle innovations, so, there's this dimension going on now where I see the formation of either faster partnership with industry and government, or, hey industry, if you don't move fast enough poof, more regulations. >> And that's also what the general brought up as well, is that if you guys don't do something on your own, if you don't fix your own problems, right, then the government's going to step in. Actually, that's what's already starting to happen right now, that if Facebook, Twitter, all these other social networks are not going to do something about foreign governments advertising on their platform, they're going to get regulated. So, if they don't start doing something. So, it's better to be in front of these things right here, the reality is that, yes, from a cyber security in terms of protecting users, protecting data, enterprise needs to do more. But, you know what, regulations are starting to already occur, so, there's a major regulation that came out of New York with the financial services that a lot of these financial firms are talking about. And then in Europe, you got GDPR, right? And that goes into effect I think in May of next year. And there's some serious finds. It could be up to four percent of your revenue as well, while, in the past, the kind of, the hand slaps that have happened here, so if you do business in Europe, if you're a financial services firm doing business in New York. >> People are going to run from there, Europe. I mean, regulation, I'm not a big fan of more regulation, I like regulation at the right balance, cause innovation's key. What have you heard here from talks? Share, cause we haven't had a chance 'cause we've been broadcasting all day, share some highlights from today's sessions after, you know, Jim from Etna was on there, which, I'm sure you got a kick out of his history comment, you're a history buff. Weren't you a history major and computer science? >> I was a history major and computer science, you got that right. >> You'd be a great dean of the sciences by today's standards. But I mean, he had a good point. Civilization crumbles when there's no trust. That comment, he made that interesting comment. >> So, it's interesting what Etna's done, from his presentation, was they've invested heavily in models, they've modeled this. And I think that kind of goes back to the whole Big Data, so I think Etna is ahead of the game, and it's very impressive what he's put forth as well. And just think about the information that Etna has about their customers etcetera. That is not something that you want. >> He was also saying that he modeled, you don't model for model's sake because stuff's going on in real time, you know what I'm saying? So, the data lake wasn't the answer. >> Well, he said his mistake was, so they were operationalizing the real time, you know, security Big Data activity, and he didn't realize it, he said that was the real answer, not just, sort of, analyzing the data swamp, so. >> Yeah, absolutely. >> So, that was the epiphany that he realized. You know, that is where the opportunity was. >> John: It was unconventional tactics, too. >> What can businesses expect, Tom? What's the business outcome they can expect if they, sort of, follow the prescription that you talked about and, sort of, understand that humans are the weakest link and take actions to remediate that. What kind of business impact can that have? >> Yeah, so, we actually, we spent a lot of time on this and we partnered with Forrester, a well known analyst group, and we did this study with them, and they went out and they interviewed 120 large enterprises. And it was really interesting that one group, group A, was getting breached left and right and group B, about half the number of breaches, right? And we were like, what is group B doing versus group A? And it had to do with implementing a maturity model as it relates to identity which is, first and foremost, implementing identity assurance, getting, reducing the number of logins, delivering single sign-in, multi factor authentication. Which we should all do as consumers as well, turn on that MFA button for Twitter, and your Gmail etcetera. Then, from there, the organizations that were able to limit lateral movement and break down, make sure that people don't have too much access to too many things as well. There was an incident, it was Saudi Generale that there was a backend IT guy, he became a traitor, he started making some losses, and so he tried to, he doubled down, he leveraged the credentials that he had as a former IT person to continue trading even though he kind of turned off all the the guardrails right there, and he should have been shut down. When he made that move into that new position, so, there's just too much lateral movement aloud. And then, from there, you got to implement the concept of least privilege and then finally you got to audit, and so if you can follow this maturity model, we have seen that organizations have seen significant reduction in the number of breaches out there as well. So, that was another thing that I talked about at my keynote, that I presented this study that Forrester did by talking to customers and there turned out to be a significant difference between group A and group B in terms of the number of breaches as well. And that actually tied very well with what Jim was talking about as well, which was, you know, I call it a maturity model, he called it just models, right, as well. But there is a path forward that you can better be smarter about security. >> But there's a playbook. >> There is a playbook, absolutely. >> And it revolves around not having a lot of moving parts where human error, and this is where passwords and these directories of stuff out there, are silos, is that right? Did I get that right? So you want to go level? >> That's the first step, I mean the first step is that we're drowning in a sea of passwords, right, and we need what's known as identity assurance, we need to reduce the number of passwords. With the fewer passwords we have, we need to better protect it by adding stronger authentication. Multi-factor authentication. The new face ID technology, which I've been hearing good reviews about, coming from Apple as well, I mean, stuff like that, and say, look, before I log into that, yes, I need to do my thumbprint and do the old face ID. >> And multi factor authentication I think is a good point, also known as MFA, that's not two factor, it's more than one, but two seems to be popular cause you get your phone, multi factor could be device, IOT device, card readers, it starts getting down into other mechanisms, is that right? >> Absolutely, it's something you have, and something you know, right? >> Answer five questions. >> Yeah, but at the same time you don't want to make it too, >> Too restrictive. >> Too restrictive, etcetera. But then here's where the machine learning comes in, then you add the word adaptive in front of multi factor authentication. If the access is coming from the corporate network, odds are that means that person was badged, got through. So, maybe you don't ask as much, for much information to actually allow the person on right there. But, what if that person was, five minutes ago, was in New York, and now he's trying to access from China? Well wait a minute, right? Or what if it's a device that he or she's never accessed from before as well? So, you need to start using that machine learning and look at what is normal behavior and what deviates from that behavior? And then, factor it into the multi factor authentication. >> Well, we've seen major advancements in the last couple years, even, in fraud detection, you know, real time. And is that seeping into the enterprise? >> Well, it should, that's the ironic thing is, is that with our credit card, I mean, we get blocked all the time, right? >> It is annoying sometimes, but you know at the end of the day you say, good. >> Yeah, thank you for doing that, you know. And so that's, in effect, the multi factor authentication is you calling up the credit card company, ironically my credit card, maybe I shouldn't reveal this, too much information, someone will hack me, but I use US bank, right there, and we had Jason the CSO of US bank right there, but, you know, calling in and actually saying, yes, I'm trying to do this transaction represents another form of authentication. Why aren't we doing similar things for people logging onto mission critical servers or applications? It's just shocking. >> I'm going to ask you a personal question, so, you mentioned history and computer science, a lot of security folks that I talk to, when they were little kids, they used to sort of dream about saving the world. Did you do that? (laughter) >> Well, I definitely want to do something that adds value to society, so, you know, this is not like the Steve Jobs telling Scully, do you want to make sugared water and all that stuff? >> Dave: No, but like, superhero stuff, were you into that as a kid, or? >> D.C. or Marvel? >> Good versus evil? >> Don't answer that question, you like 'em both. >> But the nice thing about security is, when you're a security vendor, you're actually, the value that you have is real. It's not like, you know, some app or whatever where you get a bunch of teenagers to waste time and all that stuff. >> John: Serious business. >> Yeah, you're in serious business. You're protecting people, you're protecting individuals, their personal information, you're protecting corporations, their brand, look what happened to Equifax when their, when it was announced, the breach, their stock went down 13, 14%, Chipotle went down by 400 million, their market cap went. I mean, so, nowadays, if you have a, if there's a breach, you got to short that stock. >> Yeah, and security's now part of the product, cause the brand image, not just whatever the value is in the brand, I mean the product, the brand itself is the security. If you're a bank, security is the product. >> Absolutely, if you're known for being breached, who the heck's going to bank with you? >> Whole 'nother strategy there. Okay, final question from me is, this event, what are some of the hallway conversations, what's notable, what can you share for the folks watching? Some of the conversations, the interests, the kind of people here, what was the conversations? >> Yeah, I mean, the conference, we really did a great job working with our partner ICIT of attracting sea level folks, right? So, this was more of a business focus, this was not, you know, people gathered around a laptop and try to hack into the guy sitting right next to them as well. And, so, I think there, what has come out of the conversations is a better awareness of, as I said before, it's like, you know what, we got to completely, we got to like step back, completely rethink what we're trying to do here as well, cause what we're doing now is not working, right? And so I think it's, in effect, we're kind of forcing some soul searching here as well. And having others present what's been working for them, what technologies, cloud, machine learning, the zero trust concept, etcetera, where you only, you have to assume that your internal network is just as polluted as the outside. >> I know this might be early, but what's the current takeaway for you as you ruminate here on theCube that you're going to take back to the ranch in Palo Alto and Silicon Valley, what's the takeaway, personally, that you're now going to walk away with? Was there an epiphany, was there a moment of validation, what can you share about what you'll walk away with? >> There's just a hunger. I mean there's just a hunger to know more about the business of security etcetera. I mean, we're just, we were amazed with the turn out here, we're pleased with working with you guys and the level of interest with your viewership, our webcast, I mean, this is, you know, for the first time event to have both in-person and online, well over 2,000 people participating, that says a lot. That there's just this big hunger. So, we're going to work with you guys, we're going to work with ICIT and we're going to figure out how we're going to make this bigger and even better because there is an untapped need for a conference such as this. >> And a whole new generation's coming up though the ranks, our kids and the younger, new millennials , whatever they're called, Z or letters they're called, they're going to end up running the cyber. >> Yeah absolutely, absolutely. So there just needs to be a new way of going about it. >> Tom, congratulations. >> Thank you. >> Great event, you guys got a lot of credibility in D.C., you've earned it, it shows. The event, again, good timing lighting the bottle, The CyberConnect inaugural event, Cube exclusive coverage in Manhattan here, live in New York City at the Grand Hyatt Ballroom for the CyberConnect 2017 presented by Centrify, I'm here with the CEO and co-founder of Centrify, Tom Kemp, I'm John Furrier, Dave Vellante, more live coverage after this short break. (modern electronic music)

(upbeat music) >> Hello, everyone and welcome to this special CUBE conversation here in our studios in Palo Alto, California. I'm John Furrier, the co-founder of SiliconANGLE Media and cohost of theCUBE, with a special preview of CyberConnect 2017, a global security conference presented by Centrify, it's an industry-independent event. I'm here with the CEO and Founder of Centrify, Tom Kemp. Tom, thanks for joining me on this preview of CyberConnect 2017. >> It's great to be here again. >> So, you guys, obviously, as a company are no longer struggling, you're clearly clearing the runway on growth. Congratulations on the success. This event will be broadcasting live on theCUBE as folks should know on the site. CyberConnect 2017 is a different kind of event, it's really the first of its kind where it's an industry gathering, not just a Black Hat, I mean, RSA's got Black Hat and they try to weave a little business in. This is all about leadership in the industry. Is that right? >> Yeah, absolutely. You know, there's really a dearth of business-focused discussions with C-Level people discussing the issues around security. And so, what we found was, was that most of the conversations were about the hackers, you know, the methodology of goin' in and hacking in. And, that doesn't really help the business people, they have to understand what are the higher level strategies that should be deployed to make their organizations more secure. So, we kind of wanted to up-level the conversation regarding security and help C-Level people, board people, figure out what they should be doing. >> And, we've obviously been reporting at SiliconANGLE, obviously, the latest and greatest on hacks. You know, you've seen everything from cyber threats, where are real hacking, to nuanced things like the rushing dissidents campaign on Facebook around voter impressions. And we saw that in the hearings in the senate where Facebook got really grilled by, you know, "Is it a real threat," no, but it is a threat in the sense that they're putting opinion-shaping. So, there's a broad range of business issues, some are highly-nuanced, some are very specific business values, you're out of business if you get hacked. So, how do you see that, because is that the discussion point? Is it more policy, all of the above, what is the overall conversations going to be like at CyberConnect 2017? >> Yeah, I think it's, look, the reality is, is that breaches before were about potentially stealing your data. But, now it's an impact on your brand. Like, what if the Russians were doing that to Pepsi or Coca-Cola, et cetera? They could just completely setup a lot of negative sentiment about you, so there's a lot of different ways to impact organizations as well. And so, what we're doing at CyberConnect is, putting forth CIOs of Aetna, US Bank, and having them describe what they do. I mean, think about a major healthcare company, Aetna, US Bank, the list goes on, you know, Blue Cross Blue Shield. And we're having the major CSOs of these large organizations tell their peers what they're doing to protect their company, their brands, et cetera. >> Well, I want to get back to the business impact in a second, but some notable key notes here. Securing a Nation Amid Change, A Roadmap to Freedom, from Retired General Keith Alexander, Former Director of the NSA and Chief of the U.S. Cyber Command. Why is he there, what's the focus for his talk? >> Well, you can't ignore the government aspect. Well, first of all, government is a huge target and we obviously saw that with the election, we saw that with the hack of the Office of Personnel Management, et cetera. And so, you know, nation states are going after governments as well as criminal organizations, so General Alexander can talk about what he did to protect us as citizens and our government. But, he also has a great insight in terms of what hackers are doing to go after critical infrastructure. >> John: He's got some experience thinking about it, so he's going to bring that thinking in? >> Absolutely, and he's going to give us an update on the latest vectors of attacks that are happening, and give us some insight on what he experienced trying to protect the United States but also trying to protect our businesses and infrastructure. So, we wanted to have him kick things off to give, you know, what more, the NSA, the ex-NSA head telling us what's going on. >> And you got amazing guests here, again the CSO from Aetna, the Chief Security Officer from Cisco, The Global Value Chain, you got US Bank. You got Amazon Web Services here talking about the Best Practice of Running Workloads on an Amazon Service Cloud. So, you got the gamut of industry, as well as some government people who have experienced dealing with this from a practitioners standpoint? What's the convoluence of that, what's the trends that are coming out of those? What can people expect to hear and look forward to watching the videos for? >> You know, I think it's going to be some of the trends that you guys talk about. It's like, how can you leverage AI and machine learning to help better protect your organization as well? So, that's going to be one huge trend. I think the other trend, and that's why we have the folks from Amazon, is in a world in which we're increasingly using mobile and Cloud and leaving the perimeter, you know, in a world where there's no perimeter, how can you secure your users, your data, et cetera? So, I think the focus of the conference is going to be very much on leveraging modern and new technologies, AI, machine learning, discussing concepts like Zero Trust. And then, also, figuring out and helping people really get some good ideas as they make the move to Cloud, how can they secure themselves, make themselves, more secure than when they had the traditional perimeter set up? >> I mean, given the security landscape, you and I discussed this in and around the industry, go back seven years, "Oh, Cloud's un-secure," now Cloud seems to be more secure then on perim because of the work that Amazon, for instance, they upped their game significantly in security, haven't they? >> Absolutely, and you know, it's interesting, it's, I mean, you see it first hand, Google comes out with announcements, Microsoft, Oracle, et cetera, and security is a key issue. And they're trying to provide a more secure platform to get people comfortable moving with the Cloud. At the same time, there's vendors such as Centrify, that's there's value-add that we can provide and one area that we specifically provide is in the area of identity and controlling who can access what, as well. So, yeah, it completely reshapes how you do security, and the vendors are contributing. What's so important that the solutions that we had before are being completely disruptive and they need to be completely adopted for the new Cloud world. >> I know it's your first event, you guys are underwriting this, it's presented by Centrify, it's not sponsored by, it's not your show. Although you're doing a lot of heavy lifting in supporting this, but your vision for this CyberConnect is really more of a gathering amongst industry folks. We're certainly glad to be a part of it, thanks for inviting us, we're glad to be there. But, this is not a Centrify-only thing, explain the presented by Centrify vis-a-vis CyberConnect. >> So, and we've also put forth another organization that we've worked with. It's an organization called ICIT, the Institute for Critical Information Technology. And, what they are, is they're a think tank. And they are very much about how can we support and secure the infrastructure of the United States, as well? We didn't want this to be a vendor fest, we wanted to be able to have all parties, no matter what technologies they use, to be able to come together and get value of this. It benefits Centrify because it raises awareness and visibility for us, but even more important, that we wanted to give back to the community and offer something unique and different. That this is not just another vendor fest show, et cetera, this is something where it's a bringing together of really smart people that are on the front-lines of securing their organizations. And we just felt that so much value could be driven from it. Because, all the other shows are always about how you can hack and ATM and all that stuff, and that's great, that's great for a hacker but that doesn't really help business people. >> Or vendors trying to sell something, right? >> Exactly. >> Another platform to measure something? >> Yeah, exactly. >> This is more of a laid-back approach. Well, I think that's great leadership, I want to give you some props for that. Knowing that you guys are very, as you say, community-centric. Now you mentioned community, this is about giving back and that's certainly going to be helpful. But, security has always been kind of a community thing, but now you're starting to see the business and industry community coming together. What's your vision for the security community at this CSO level? What's needed, what's your vision? >> I think what's needed is better sharing of best practices, and really, more collaboration because the same attacks that are going to happen for, say one healthcare organization, the hackers are going to use the same means and methods, as well. And so, if you get the CSOs in the room together and hear what the others are experiencing, it's just going to make them more better. So, the first thing, is to open up the communication. The second thing is, is that could we figure out a way, from a platform or a technology perspective, to share that information and share that knowledge? But, the first step is to get the people in the room to hear from their peers of what's going on. And, frankly, government at one point was supposed to be doing it, it's not really doing it, so, I think an event like this could really help in that regard. >> Well, and also, I would just point out the growth in GovCloud and following some of the stuff going on at Amazon, as an example, had been skyrocketing. So, you're starting to see industry and government coming together? >> Yeah. >> And now you got a global landscape, you know, this is interesting times and I want to get your reaction to some of the things that have been said here on theCUBE but also, out in the marketplace where, you know, it used to be state-actor game, not state on state. And then, if they revealed their cards, then they're out in the open. But now, the states are sponsoring, through open source, and also, in these public domains, whether it's a WikiLeaks or whatever, you're starting to see actors being subsidized or sponsored. And so that opens up the democratization capability for people to organize and attack the United States. And companies. >> Oh, absolutely, and you could right now, they have a help desk, and it's like ordering a service. "Oh, you want 500 bots going after this?" >> John: Smear a journalist for $10k. >> (laughing) Exactly, it's like as a service. Hacking as a service, they have help desk, et cetera. And, the interesting thing is. >> It's a business model. >> It's a business model, you're absolutely right. The people, it's all pay to play, right? And, just the number of resources being devoted and dedicated, and we're talking about thousands of people in Russia, thousands of people in North Korea, and thousands of people in China. And, what came out just recently, is now that they're shifting their target to individuals, and so, now you may have an individual that there may be a person just dedicated to them in China, or Russia or North Korea, trying to hack into them as well. So, it's getting really scary. >> It's almost too hard for one company with brute force, this is where the collective intelligence of the community really plays a big difference on the best practices because when you thought you had one model nailed, not just tech, but business model, it might shift. So, it seems like a moving train. >> Yeah, and we're having Mist show up, and so we're getting the government. But, I really think that there does need to be, kind of, more of an open-sourcing of knowledge and information to help better fine tune the machine learning that's needed and required to prevent these type of breaches. >> So, what can we expect? Obviously, this is a preview to the show, we'll be there Monday broadcasting live all day. What can people expect of the event, content-wise, what are your favorites? >> Well, I mean, first of all, just the people that we have there. We're going to get the two CCOs from two of the biggest healthcare companies, we're going to get the former head of the NSA, we're going to get the CSO of US Bank, I mean, we're talking the biggest financial services organizations. We're going to have the biggest healthcare organizations. We're going to have the people doing cyber. >> John: MasterCard's there. >> Yeah, MasterCard, we have the German government there as well, so we've got government, both U.S. as well as European. We've got all the big people in terms of, that have to secure the largest banks, the largest healthcare, et cetera. And then, we also have, as you talked about, obviously Centrify's going to be there, but we're going to have AWS, and we're going to have some other folks from some of the top vendors in the industry as well. So, it's going to be a great mixture of government, business, as well as vendors. Participating and contributing and talking about these problems. >> So, it's an inaugural event? >> Yes. >> So, you're looking for some success, we'll see how it goes, we'll be there. What can you expect, are you going to do this every year? Twice a year, what's the thoughts on the even itself? >> It's been amazing, the response. So, we just thought we were going to have 400 people, we sold out, we're getting close to 600 people. And now, we're going to have over 1,000 people that are going to be doing the live streaming. There's just a huge, pent-up demand for this, as well. So, we actually had to shut down registration and said sold out a week or two ago. And, so far, it looks really good, let's see how it goes. It looks like we can easily double this. We're already thinking about next year, we'll see how the event goes. If you just look at the line-up, look at the interest, or whatever, there's a pent-up demand to better secure government and enterprises. >> And leadership, like you guys are taking this as an issue, plus, others coming together. We're certainly super glad to be a part of the community, and we look forward to the coverage. This is really, kind of, what the industry needs. >> Absolutely. >> All right, Tom Kemp, the CEO and Founder of Centrify, really fast growing start up, doing an event for the community. Very strong approach, I love the posture, I think that's the way to go than these vendor shows. You know how I feel about that. It's all about the community, this is a community. I mean, look at the Bitcoin, the Blockchain, know you're customer isn't into money laundering. It's an identity game. >> Yeah, absolutely. >> Now, by the way, quick, is there going to be any Blockchain action there? >> Oh, I don't know about that, I don't think so. >> Next year. (laughing) >> Next year, exactly. >> It's certainly coming, Blockchain security, as well as a lot of great topics. Check out CyberConnect 2017. If you can't make it to New York, they're sold out, theCUBE.net is where you can watch it live. And, of course, we'll have all the video coverage on demand, on theCUBE.net, as well. So, we'll have all the sessions and some great stuff. Tom Kemp, CEO. I'm John Furrier from theCUBE, here in Palo Alto, thanks for watching. (upbeat music)

(clicking noise) >> Hello, I'm John Furrier, SiliconANGLE media, co-host of theCUBE. We are here on the ground in, here in Santa Clara, California, Centrify's headquarters, with Tom Kemp, the CEO of Centrify, and Parham Eftekhari, who's the co-founder and senior fellow of ICIT, which is the Institute of Critical Infrastructure Technologies, here to talk about security conversation. Guys, welcome to theCUBE's On the Ground. >> Thank you. >> Great to be here. >> Great to see you again, Tom. >> Yeah, absolutely. >> And congratulations on all your success. And Parham, GovCloud is hot. We were just in D.C. with Amazon Web Services Public Sector Summit. It's gotten more and more to the point where cyber is in the front conversation, and the political conversation, but on the commercial side as well. There's incidents happening every day. Just this past month, HBO, Game of Thrones has been hijacked and ransomed. I guess that's ransom, or technically, and a hack. That's high-profile, but case after case of high-profile incidents. >> Yeah, yeah. >> Okay, on the commercial side. Public sector side, nobody knows what's happening. Why is security evolving slow right now? Why isn't it going faster? Can you guys talk about the state of the security market? >> Yeah, well, ya know, I think first of all, you have to look at the landscape. I mean, our public and private sector organizations are being pummeled every day by nation states, mercenaries, cyber criminals, script kiddies, cyber jihadists, and they're exploiting vulnerabilities that are inherent in our antiquated legacy systems that are put together by, ya know, with a Frankenstein network as well as devices and systems and apps that are built without security by design. And we're seeing the results, as you said, right? We're seeing an inundation of breaches on a daily basis, and many more that we don't hear about. We're seeing weaponized data that's being weaponized and used against us to make us question the integrity of our democratic process and we're seeing, now, a rise in the focus on what could be the outcome of a cyberkinetic incident, which, ultimately, in the worst case scenario, could have a loss of life. And so I think as we talk about cyber and what it is we're trying to accomplish as a community, we ultimately have a responsibility to elevate the conversation and make sure that it's not an option, but it is a priority. >> Yeah, no, look, I mean, here we are in a situation in which the industry is spending close to 80 billion dollars a year, and it's growing 10 percent, but the number of attacks are increasing much more than 10 percent, and as Parham said, you know, we literally had an election impacted by cyber security. It's on the front page with HBO, et cetera. And I really think that we're now in a situation where we really need to rethink how we do security in, as enterprises and as even individuals. >> And it's seems, talking about HBO, talking about the government, you mentioned, just the chaos that's going on here in America, you almost don't know what you don't know. And with the whole news cycle going on around this, but this gets back to this notion of critical infrastructure. I love that name, and you have in your title 'ICIT,' Institute of Critical Infrastructure, because, ya know, and certainly the government has had critical infrastructure. There's been bridges, and roads, and whatnot, they've had the DNS servers, there's been some critical infrastructure at the airports and whatnot, but for corporations, the critical infrastructure used to be the front door. And then their data center. Now with cloud, no perimeter, we've talked about this on theCUBE before, you start to change the notion of what critical infrastructure is. So, I guess, Parham, what does critical infrastructure mean, from a public and commercial perspective? Tell me, you can talk about it. And what's the priorities for the businesses and governments to figure out what's the order of operations to get to the bottom of making sure everything's secure? >> Yeah, it's interesting, that's a great question, you know, when most people think about critical infrastructure as legacy technology, or legacy's, you know, its roads, its bridges, its dams. But if you look at the Department of Homeland Security, they have 16 sectors that they're tasked with protecting. Includes healthcare, finance, energy, communications, right? So as we see technology start to become more and more ingrained in all these different sectors, and we're not just talking about data, we're talking about ICS data systems. A digital attack against any one of these critical infrastructure sectors is going to have different types of outcomes, whether you're talking about a commercial sector organization, or the government. You know, one of the things that we always talk about is really the importance of elevating the conversation, as I mentioned earlier, and putting security before profits. I think, ultimately, we've gotten to this situation because a lot of companies do a cost-benefit analysis, say, "You know what? I may be in the healthcare sector, "and ultimately it'll be cheaper for me to be breached, "pay my fines, and deal with potentially even the "loss to brand, to my brand, in terms of brand value, "and that'll cheaper than investing what "I need to to protect my patients and their information." And that's the wrong way to look at it. I think now, as we were talking about this week, the cost of all this is going higher, which is going to help, but I think we need to start seeing this fundamental mind-shift in how we are prioritizing security, as I mentioned earlier. It's not an option, it must be a requisite. >> Yeah, I think what we're seeing now, is in the years past, the hackers would get at some bits of information, but now we're seeing with HBO, with Sony, they can strip mine an entire company. >> They put them out of business. >> Exactly. >> The money that they're doing with ransomeware, which is a little bit higher profile, ransomware, I mean, there's a specific business outcome, here, and it's not looking good, they go out of business. >> Oh, absolutely, and so Centrify, we just recently sponsored a survey, and nowadays, if you announce that you got breached, and you have to, now. It's 'cause you have to tell your shareholders, you have to tell your customers. Your stock drops, on average, five percent in a day. And so we're talking about billions of dollars of market capitalization that can disappear with a breach as well. So we're beyond, it's like, "Oh, they stole some data, "we'll send out a letter to our customers, "and we'll give 'em free Experian for a year." Or something like that." Now, it's like, all your IP, all the content, and John, I think you raised a very good point, as well. In the case of the federal government, it's still about the infrastructure being physical items, and of course, with internet a thing since now it's connected to the internet, so it's really scary that a bridge can flip open by some guy in the Ukraine or Russia fiddling with it. But now with enterprises, it's less and less physical, the store, and we're now going through this massive shift to the cloud, and more and more of your IP is controlled and run. It's the complete deperimeterization that makes things every more complicated. >> Well it's interesting you mentioned the industrial aspect of it, with the bridge, because this is actually a real issue with self-driving cars, this was on everyone's mind, we were just covering some content, covering Ford's event yesterday in San Francisco. They got this huge problem. Ya know, hacking of the cars. So, industrial IOT opens up, again, the surface area, but this kind of brings the question down to customers, that you guys have or companies or governments. How do they become resilient? How do they put steps in place? Because, you know, I was just talking to someone who runs a major port in the U.S., and the issues there are maritime, right? So you talk about infrastructure, container ships, obviously worry about terrorists and other things happening. But just the general IT infrastructure is neanderthal, it's like, 30 years old. >> Yeah. >> So you have legacy infrastructure, as you mentioned, but businesses also have legacy, so how do you balance where you are? How do you know the progress bar of your protection? How do you know the things you need to put in place? How do you get to resilience? >> Yeah, but see, I think there also needs to be a rethink of security. Because the traditional ways that people did it, was protecting the perimeter, having antivirus, firewalls, et cetera. But things have really changed and so now what we're seeing is that an entity has become the top attack vector going in. And so if you look at all these hacks and breaches, it's the stealing of usernames and passwords, so people are doing a good job of, the hackers are social engineering the actual users, and so, kind of a focus needs to shift of securing the old perimeter, to focusing on securing the user. Is it really John Furrier trying to access e-mail? Can we leverage biometrics in this? And trying to move to the concept of a zero-trust model, and where you have to, can't trust the network, can't trust the IP address, but you need to factor in a lot of different aspects. >> It's interesting, I was just following this blog chain because we've been covering a lot of the blog chains, immutable and encrypted, the wallets were targets. (laughing) Hey, this Greta the Wall, where they store the money. Now we own that encrypted data. So, again, this is the, hackers are fast, so, again, back to companies because they have to put if they have shareholder issues, or they have some corporate governance issues. But at the end of the day, it's a moving train. How does the government offer support? How do companies put it in place? What do they need to do? >> Yeah, well, there's a couple of things you can look at. First of all, you know, as a think tank, we're active on Capital Hill, working with members of both minority and majority sides, we're actively proposing bipartisan legislation, which provides a meaningful movement forward to secure and address some of the issues you're talking about. Senator Markey recently put out the Cyber Shield Act, which creates a type of score, right? For a device, kind of like the ENERGY STAR in the energy sector. So just this week, ICIT put out a paper in support of an amendment by Senator Lindsey Graham, which actually addresses the inherent vulnerabilities in our election systems, right? So there's a lot of good work being done. And that really goes to the core of what we do, and the reasons that we're partnering together. ICIT is in the business of educating and advising. We put out research, we make it freely available, we don't believe in com`moditizing information, we believe in liberating it. So we get it in the hands of as many people as possible, and then we get this objective research, and use it as a stepping stone to educate and to advise. And it could be through meetings, it could be through events, it could be through conversation with the media. But I think this educational process is really critical to start to change the minds of-- >> You know, if I can add to that, I think what really needs to be done with security, is better information sharing. And it's with other governments and enterprises that are under attack. Sharing that information as opposed to only having it for themselves and their advantage, and then also what's required is better knowledge of what are the best practices that need to be done to better protect both government and enterprises. >> Well, guys, I want to shift gears and talk about the CyberConnect event, which is coming up in November, an industry event. You guys are sponsoring, Centrify, but you guys are also on the ball, there's a brand new content program. It's an independent event, it's targeted to the industry, not a Centrify user group. Parham, I want to put you on the spot before we get to the CyberConnect event. You mentioned the elections. What's the general, and I'm Silicon Valley and so I had to ask the question 'cause you're in the trenches down in D.C. What is the general sentiment in D.C. right now on the hacking? Because, I was explaining it to my son the other day, like, "Yeah, the Russians probably hacked everybody, "so technically the election "fell into that market basket of hats." So maybe they did hack you. So I'm just handwaving that, but it probably makes sense. The question is, how real is the hacking threat in the minds of the folks in D.C. around Russia and potentially China and these areas? >> Yeah, I think the threat is absolutely real, but I think there has to be a difference between media, on both sides, politicizing the conversation. There's a difference between somebody going in and actually, you know, changing your vote from one side to the other. There's also the conversation about the weaponization of data and what we do know that Russia is doing with regards to having armies of trolls out there or with fake profiles, and are creating faux conversations and steering public sentiment of perception in directions that maybe wasn't already there. And so I think part of the hysteria that we see, I think we're fearful and we have a right to be fearful, but I think taking the emotion and the politics out of it, and actually doing forensic assessments from an objective perspective to understanding what truly is going on. We are having our information stolen, there is a risk that a nation state could execute a very high-impact, digital attack that has a loss of life. We do know that foreign states are trying to impact the outcomes of our democratic processes. I think it's important to understand, though, how are they doing it and is what we're reading about truly what's happening kind of on the streets. >> And that's where the industrial thing you were kind of tying together, that's the loss of life potential, using digital as an attack vector into something that could have a physical, and ultimately deadly outcome. Yeah, we covered, also that story that was put out, about the fake news infrastructure. It's not just the content that they're making up, it's actually the infrastructure fake news. Bionets, and whatnot. And I think Mike Rowe wrote a story on this, where they actually detailed, you can smear a journalist for 40K. >> Yeah. >> These are actually out there, that are billed for specifically these counter... Programs. >> As a service. You know, go on a forum on the Deep Web and you can contract these types of things out. And it's absolutely out there. >> And then what do you say to your average American friends, that you're saying, hey, having a cocktail with, you're at a dinner. What's going on with security? What do you say to them? You should be worried, calm down, no we're on it. What's the message that you share with your friends that aren't in the industry? >> Personally, I think the message is that, you know, you need to vigilant, you need to, it may be annoying, but you do have to practice good cyber hygiene, think about your passwords, think about what you're sharing on social media. We'd also talk, and I personally believe that, some of these things will not change unless we as consumers change what is acceptable to us. If we stop buying devices or systems or apps based on the convenience that it brings to our lives, and we say, "I'm not going to spend money on that car, "because I don't know if it's secure enough for me." You will see industry change very quickly. So I think-- >> John: Consumer behavior is critical. >> Absolutely. That's definitely a piece of it. >> Alright, guys, so exciting event coming up, theCUBE will be covering the CyberConnect event in November. The dates, I think, November-- >> Sixth and seventh. >> Sixth and seventh in New York City at the Grand Hyatt. Talk about the curriculum, because this is a unique event, where you guys are bringing your sponsorship to the table, but providing an open industry event. What's the curriculum, what's the agenda, what's the purpose of the event? >> Yeah, Tom. >> Okay, I'll take it, yeah. I mean, historically, like other security vendors, we've had our users' conference, right? And what we've found is that, as you alluded to, that there just needs to be better education of what's going on. And so, instead of just limiting it to us talking to our customers about us, we really need to broaden the conversation. And so that's why we brought in ICIT, to really help us broaden the conversation, raise more awareness and visibility for what needs to be done. So this is a pretty unique conference in that we're having a lot of CSOs from some incredible enterprise, as well as government. General Alexander, the former of the Cyber Security Command is a keynote, but we have the CSO of Aetna, Blue Cross involved, as well. So we want to raise the awareness in terms of, what are the best practices? What are the leading minds thinking about security? And then parallel, also, for our customers, we're going to have a parallel track where, if they want to get more product-focused technology. So this is not a Centrify event. This is an industry event, ya know. Black Hat is great, RSA is great, but it's really more at the, kind of the bits and bytes-- >> They're very narrow, but you are only an identity player. There's a bigger issue. What about these other issues? Will you discuss-- >> Oh, absolutely. >> Yeah, well-- >> Is it an identity or is it more? >> It actually is more, and this is one of the reasons, at a macro level, the work that we've done at Centrify, for a number of years now. You know, we have shared the same philosophy that we have a responsibility, as experts in the cyberspace, to move the industry forward and to really usher in, almost a cyber security renaissance, if you will. And so, this is really the vision behind CyberConnect. So if you look at the curriculum, we're talking about, you know, corporate espionage, and how it's impacting commercial organizations. We're talking about the role of machine-learning based artificial intelligence. We'll be talking about the importance of encrypting your data. About security by design. About what's going on with the bot net epidemic that's out there. So there absolutely will be a very balanced program, and it is, again, driven and grounded in that research that ICIT is putting out in the relationships that we have with some of these key players. >> So you institute a critical infrastructure technology, the think tank that you're the co-founder of. You're bringing that broader agenda to CyberConnect. >> That's correct, absolutely. >> So this is awesome, congratulations, I got to ask, on the thought leadership side, you guys have been working together. Can you just talk about your relationship between Centrify and ICIT? So you're independent, you guys are a vendor. Talk about this relationship and why it's so important to this event. >> Well, absolutely. I mean, look, as a security vendor, you know, a lot of, a big percentage of security vendors sell into the U.S. federal government, and through those conversations that a lot of the CSOs at these governments were pointing at us to these ICIT guys, right? And we got awareness and visibility thought that. And it was like, they were just doing great stuff in terms of talking about, yes, Centrify is a leading identity provider, but people are looking for a complete solution, looking for a balanced way to look at it. And so we felt that it would be a great opportunity to partner with these guys. And so we sponsored an event that they did, Winter Summit. And then they did such a great job and the content was amazing, the people they had, that we said, "You know what? "Let's make this more of a general thing and "let's be in the background helping facilitate this, "but let the people hear about this good information." >> So you figured out the community model? (laughs) No, 'cause this is really what works. You got to enable, you're enabling this conversation, and more than ever in the security system, would love to get your perspective on this, is that there's an ethos developing, has been developed. And it's expanding aggressively. Kind of opens doors on one side, but security's all about data sharing. You mentioned that-- >> Yeah, absolutely. >> From a hacking standpoint, that's more of a statutory filing, but here, the security space is highly communicative. They talk to each other, and it's a trust relationship, so you're essentially bringing an independent event, you're funding it. >> Yeah, absolutely. >> It's not your event, this is an independent event. >> Absolutely. >> Yeah, and so Tom said it very well, as an institute, we rely on the financial capital that comes in from our partners, like Centrify. And so we would be unable to deliver at a large scale the value that we do to the legislative community, to federal agencies, and the commercial sector, and the institute's research is being shared on NATO libraries and embassies around the world. So this is really a global operation that we have. And so when we talk about layered security, right, we're not into a silver bullet solution. A lot of faux experts out there say, "I have the answer." We know that there's a layered approach that needs to be done. Centrify, they have the technology that plays a part in that, but, even more important than that for us is that they share that same philosophy and we do see ourselves as being able to usher in the changes required to move everything forward. And so it's been a great, you know, we have a lot of plans for the next few years. >> Yeah, that's great work, you're bringing in some great content to the table, and that's what people want, and they can see who's enabling it, that's a great business model for everyone. I got to ask one question, though, about your business. I love the critical infrastructure focus and I like your value you guys are bringing. But you guys have this fellow program. Can you just talk about this, 'cause your a part of the fellowship-- >> Yeah, absolutely. >> You're on a level, and I don't want to say credit 'cause you're not really going to get credit. But it's a badge, it's a bar. >> Yeah, yeah, no-- >> Explain the fellow program. >> That's a great question. At the institute, we have a core group of experts who represent different technology niches. They make up our fellow program, and so as I discussed earlier, when we're putting out research, when we're educating the media, when we're advising congress, when we're doing the work of the institute, we're constantly turning back to our fellow program members to provide some of that research and expertise. And sharing, you know, not just providing financial capital, but really bringing that thought leadership to the table. Centrify is a part of our fellows program, and so we've been working with them for a number of years. It's very exclusive and there's a process. You have to be referred in by an existing fellow program member. We have a lot of requests, but it really comes down to, do you understand what we're trying to accomplish? Do you share our same mission, our same values? And can you be part of this elite community that we've built? And so, you know, Centrify is a big part of that. >> And the cloud, obviously, is accelerating everything. You've got the cloud action, certainly, in your space, and we know what's going on in our world. >> Yeah, absolutely. >> The world is moving at a zillion miles an hour. It's like literally moving a train. So, congratulations, CyberConnect event in November. Great event, check it out, theCUBE will be there, we'll have live coverage, we broadcast, be documenting all the action and bringing it to you on theCUBE, obviously, (mumbles) John Furrier, here at Centrify's headquarters in California, in Silicon Valley, thanks for watching. (upbeat electronic music)

>> Narrator: Live from Boston, Massachusetts, it's the Cube. Covering Red Hat Summit 2017, brought to you by Red Hat. (techno music) >> Welcome back to Boston, everybody. And welcome back to Red Hat Summit. This is the Cube, the leader in live tech coverage. My name is Dave Vellante, and I'm here with my co-host, Stu Miniman. Stu, we were saying this is your 100th Red Hat Summit, so congratulations on reaching that milestone. Joe Dickman is here. He's the senior vice president of Vizuri. Cool name, love it. And Michael Quintero, or Quintero if you prefer, of LogistiCare. He's an enterprise solutions architect. Gentlemen, welcome to the Cube. >> Thank you. It's a pleasure to be here. >> So Vizuri. Love the name. It strikes a visualization. It's (mumbles) trendy. Tell us about Vizuri, and tell us about your relationship with LogistiCare, and we'll get into it. >> Vizuri is the private division of a company called AEM Corporation. We created the brand to serve the commercial market for research and development. We became partners with JBoss before Red Hat's acquisition, so we jumped into open source in like 2003. And since then, we've built a business around open source technologies, and market leading technologies that bring value. We found LogistiCare because they solicited us for some work to help them transform their organization. And it's worked out well. I mean, Michael and I have been working together for about 18 months. >> So, tell us a little bit about LogistiCare. >> So LogistiCare is the world's largest provider of non-emergency medical transportation. So, we service the health market around people have benefits. The insurance companies don't provide transportation, and the members come to us and we broker the transportation for them. Been in business for quite some time. Do about 70 million trips a year, a little bit more. And we have roughly 80% of that market. And we just want to stay on top of, and be recognized as the world leader in that capability with the best services and the care for our members. >> So JBoss of course was like the second pillar for Red Hat after Red Hat (mumbles) Rob Bearden, who was a CEO at the time, and Cube alum and friend. But so, how did you utilize that capability, the sort of whole middleware, and how does that affect your digital transformation? And where did you guys all fit together? >> So, well digital transformation is a business strategy, not a technology. So, we looked at our need to be more flexible, and dynamic, and innovate. Our legacy, our what we call classic internally, software stack is limiting. It's not service oriented. It's not extensible. It's a compiled, executable, distributed -- serves the business very well. In fact, we're still using it today in some aspects. We haven't fully replaced it. But it's long in the tooth, and it's difficult for us to reach that new business requirement and test and deliver it scale. So, I joined the company to help modernize that architecture. Very quickly recognized that in order to get to scale, and loosely coupling, and massive customization, that microservices was a good solution for us. And when we surveyed the market for a partner that could help take us there, software wise, Red Hat has the most complete stack. They offer everything we need to do, and then they have the things we think we're going to do in the future. So, we looked around for somebody who could help us get to the Red Hat, enable to that, with Docker, and get to an auto-scaling kind of solution so we have infrastructure on demand. And we found Vizuri as a partner. They were able to help us enable the technology and teach us how to do things that we weren't presently doing. Because we didn't have any kind of scale solution in-house, it was just put more web servers out there. >> We started small, it started with a Business Process Management System. If you think about all the logistics that are necessary for coordinating medical transport, "I'm a dialysis patient. I'm somebody that is home-bound. I need to get to a physician appointment." We took that domain knowledge, that's part of one of the pillars of digital transformation. It's infrastructure, it's integration, and it's knowledge management. We started with knowledge management. Think about all the complex business rules for manage care organizations, reimbursement, right? Which is what LogistiCare does. Quickly after we solved that problem, we looked at integration, and we said, "Well now we have all these trading partners." So we guided LogistiCare into their next purchase which was Fuse. So now we had an API strategy for publicly linking them to other consumer providers, because they are a logistics organization for reimbursement. And as Michael said, we started building data centers. Or LogistiCare did. But guess what? Containers and OpenShift came in and we started provisioning our development environments to Amazon Web Services. And when they saw the cost-savings, they abandoned building out on-prem data centers, and went Cloud-native. >> So there's also a revenue drive, or component, as well, right? >> It is. It is. It's an OpEx (mumbles) and the CapEx cost-savings. >> Let's unpack both of those. >> Joe: Sure. >> Where do you want to start? Cost or the telephone numbers? (laughs) >> So, we're mostly a call center based company in history. Right? We have 20-something call centers around the country. We service most of the U.S. And we have a variety of contracts with medical care providers, like Aetna, and Wellpoint, and Blue Cross, and those type people. And then the managed care organizations come in. So, we look to reduce our OpEx by diminishing the number and the interfaces that we have with our call centers. People don't have to call in to the call centers to do business with us. You know, something like one-minute reduction in call-time is about a six or seven million dollar a year benefit for us. And there's a lot of things that people can do for themselves. I mean, you can call in and cancel a trip that they've had scheduled. We figured that about 30% of the cancellation rate, if we could get that done through a service interface, through an IVR, where you can come in and say "I'm not going to go." and cancel it. That's a five or six million dollar savings for us right there. Just in 30%. >> Michael, I'm curious. Was there any hesitancy inside to say, "Okay. I'm going to kill data centers, going to go to a public Cloud." You know, how did that transition go? And anything, you know, kind of the good, the bad, and the ugly that you could share. >> So, well, we're a healthcare company. HIPA and HITRUST certified coming. And there's a certain amount of fear on Cloud migration. So we had to demonstrate the knowledge, skills, and abilities around getting secure, scalable solutions out to the Cloud. And this is our core application. If we don't do this well, we could become Blockbuster and go away. Right? So we don't want that. So, we had Vizuri come to the table and help us understand just how secure we can be, how OpenShift is helping us make sure our information is never violated. There's great integrity in it. And then we did prototyping, and we actually evaluated it, and we have third parties that come in and take a look at our solution and say, "Can I penetrate that? Can I get into your information?" So, and, we also are subject to audit, not only by the federal government, but by all of our payer partners. So we have to be above the line in every criteria, and we think that we are. >> The other thing that you mention was, when we talk about OpEx, right? That's human capital. He talked about the minute per time on a call. We also reduce tribal knowledge. Think about all these new managed care organizations in health care. Is it the call center representative, is it our responsibility to train them on this car, and this company requires a car service, this company requires an ambulance. That knowledge, if we could eliminate that and put that in the middle tier. Now what we do is we have given them a business scale. Now they have a business strategy for taking on new managed health care organizations. Do you have different compliance rules? Do you have different knowledge? It is no longer us having to go back out to those 20 call centers and re-train everybody, because you never know where the consumers are coming from. So, what they do is they answer the phone, they put their information into the system, and the system makes the deterministic call as to what car service, when, and how it's reimbursed. >> So, you say you automated essentially that tribal knowledge. >> Joe: We did. >> Eliminated it. >> And we reduced it so it not only reduced the calls per time frame, but it sped up our time of getting a call center agent from three weeks of training down to basically one. >> Yes, and we have the ability now to support all of our contracts from any call center. So if there's disaster recovery models, or, you know, Phoenix for instance is one of our larger call centers and they get heavy downpours of rain there. There are times when people can't get to work, or they have outages. We can't afford for that function to be offline. So those skills are very easily moved to another call center to support the members that would call in there. Just route the calls. And there's no local knowledge about, you know, my contract in Arizona does a certain thing, or in the Southwest, so it's very simple to support our population from any call center. That gives us the benefit of providing very high quality service, 'cause people when they call in, they expect us to service them. >> Joe, I want to follow up. We were talking about kind of, you know, hesitancy, healthcare tends to be a little bit conservative. I hear things like microservices, and containers. You know, these are still relatively new things. Is (mumbles) -- sorry, OpenShift the solution that allows you to deliver that with confidence to your customers? >> Yes. OpenShift. (laughs) >> Yeah, sorry about that. (laughs) >> No worries. (laughs) OpenShift does. What happens is the Docker container format enables us to pre-configure those servers and those workloads, and we talked about microservices. We wanted to reduce the business decisions or the integrations into the smallest component. What we also wanted to do was provide some taxonomy with them. These are for billing, these are for scheduling, these are for a different aspect of the business. By that, we can change, and we can change often. >> Mhm. >> How long did it take before if we wanted to make a change to some of the infrastructure? >> So. >> Weeks? Months? >> Well, even longer. I mean infrastructure is hard to acquire. And you only talk about CapEx expense. It's very easy, I mean there's a refresh cycle for equipment that you get. So even when you have it, you have to pay attention to maintenance and keeping that thing going forward. As you add scale to your business, you got to go acquire more storage. And it's not a dynamic thing. You have to plan -- the planning cycle is very difficult. We moved to the Cloud. Now we have infrastructure on demand. There's a myriad of choices of platforms and solutions that we can apply to our business model. Things we hadn't even thought of before. We're actually looking now at potentially moving our call centers away from our in-house standard, and moving to an Amazon provided call center solution. Because it can scale. And we can consolidate. And we can provide service from anywhere in the world. That's a big benefit to us. >> It is. So call center as a service, essentially. >> Michael: Yes. >> Is something you're evaluating. >> Think about how big they are. 80 million rides, right. What they didn't want to do is be disintermediated by the newcomers. Right? The Uber's, the Lyft's. They had a large footprint. So, he used the word Blockbuster before, and that's what they use a lot internally. >> Dave: There's one left, in Alaska, I heard. (laughs) >> Who remembers Blockbuster? And then they remember how Blockbuster was no longer in business. So what they wanted to do is to ensure that -- they agilely transformed not only the software engineering discipline, but their firm beliefs. So, everybody from business analysis through implementation has this new agile approach. And one of the features that we developed, we used to send people home after four hours of dialysis in taxi cabs. So, an executive, or team, at LogistiCare said, "We need dependency. We need certified drivers." They actually entered into a business relationship with Lyft. And you want to talk about an agile enterprise? We developed a custom interface into Lyft with a scheduling service that never existed, within five weeks. >> Michael: That's right. >> We would never have been able to do that. And we moved our first ride after five weeks, and since then, we're currently up to about five or six thousand. But it's going to scale to thousands. And the goal is to, again, as Michael said, let people interface with LogistiCare by their device of choice. If we don't have to have people call in to cancel rides, or call in to schedule, then the business scales, and it scales without human capital. >> And the enablers there, (mumbles) we always talk about it, people, process, and technology. So the technology behind that was, what, you're living this API economy that everybody talks about. >> Michael And Joe: We are. >> Joe: That is exactly what we did. >> And then you've got underneath that, OpenShift, what else is sort of there that you're leveraging? >> BPMS, BRMS. So, Business Process Management System. Business Rules Management System. JBoss fused for an integration strategy and Camel Routes. And then Openshift, and then we do Ansible for doing server provisioning. >> And I have to ask you about the security question again. Stu was (mumbles) poking at it before. We've heard from a lot of practitioners that the security in the Cloud is just fine, it is great actually. The challenge is, it doesn't necessarily exactly map the edicts of our organization. So, is that, did you find that? And did you have to maybe change the way in which you plugged into AWS, or was it just sort of out of the box for you? >> So, you have to understand the shared responsibility model when you move to the Cloud, right? I mean they're very good at the security in the Cloud, or of the Cloud, and you have to be good at the security in the Cloud. You can choose bad technology at Amazon and be insecure. But they have a published, HIPA standard, that if you use these technologies, then you can be HIPA certified. We applied our HITRUST certification standards to our choices. We're making very solid -- and this isn't willy nilly. I mean I've been in a HIPA solution for 20 years. So it's not like I don't know what is required, and what the auditors are going to ask us. So, but I do want to redress one point that we can't go past. Is that (mumbles) Our customers are getting better service from all this we're doing. >> Joe: I agree. >> When somebody calls us and says, "I'm ready to go home from the doctor." and they didn't know what time they were going to go home when they scheduled their ride to the doctor, we can get somebody there in 10 minutes now to come and get them and take them home. >> Dave: Wow. >> That's a great satisfier. Rather than having to wait 90 minutes for us to find somebody that can go pick them up. That world has changed, right? And that's a great customer satisfier and that is why they're going to love continuing to do business with us. >> Great business outcome from something that you probably couldn't have done, you know, five years ago? Even maybe two years ago. >> They're a social caring organization. One of the largest rides that they do is for kidney dialysis. And those people, I mean, I've never had it, but somebody sitting there after four hours of dialysis, the last thing you want to do is wait 90 minutes for a cab. You want to go home. You also want to have an authoritative source that the drivers are credentialed drivers. And that's something that we're working on so that not only do these older generations, right? And think about the baby boomers, which I'm actually part of. >> Michael: Me too. (laughs) >> The age population is growing. So the need for these types of services is growing too. And we become accustomed and we get set in our ways. And people might be fearful. Any taxi showing up, versus now, a Lyft shows up, you know who the driver is. You see the car, you see that. There's a high degree of confidence that LogistiCare has the best interests of their constituents. So they manage that type of business. So it's not just technology, it really is a caring and methodical organization. >> But we have the ability to follow patterns that are already established. We look at how Netflix handles their widely distributed kinds of interface devices. You know, how do they figure out what kind of data-stream to send back to what he's got in his hand versus what I have. We're following the same kind of model, and we're using the technology platform to our best advantage to make sure that we're talking to someone who's got a flip-phone differently than we are talking to someone who's got a (mumbles) Plus, right? (Dave laughs) Because the payload can't be the same, but the backend services don't need to know that. We built a solution here that can examine the request and return the right data-stream. So, "Where's my ride?" Might be "Just around the corner." or it might be a map with a breadcrumb trail and a picture of the driver and all of that. Like you get with a Lyft or an Uber. So, you know, we're building it. >> Great case study, gentlemen. Thanks very much for coming to the Cube and sharing it. >> Well, thank you very much for having, we enjoyed the time. >> Alright, keep it right there everybody. We'll be right back with our next guests. This is the Cube. We're live from Red Hat Summit in Boston. Be right back. (electronic music)