>>The cybersecurity landscape continues to be one characterized by a series of point tools designed to do a very specific job, often pretty well, but the mosaic of tooling is grown over the years causing complexity in driving up costs and increasing exposures. So the game of Whackamole continues. Moreover, the way organizations approach security is changing quite dramatically. The cloud, while offering so many advantages, has also created new complexities. The shared responsibility model redefines what the cloud provider secures, for example, the S three bucket and what the customer is responsible for eg properly configuring the bucket. You know, this is all well and good, but because virtually no organization of any size can go all in on a single cloud, that shared responsibility model now spans multiple clouds and with different protocols. Now that of course includes on-prem and edge deployments, making things even more complex. Moreover, the DevOps team is being asked to be the point of execution to implement many aspects of an organization's security strategy. >>This extends to securing the runtime, the platform, and even now containers which can end up anywhere. There's a real need for consolidation in the security industry, and that's part of the answer. We've seen this both in terms of mergers and acquisitions as well as platform plays that cover more and more ground. But the diversity of alternatives and infrastructure implementations continues to boggle the mind with more and more entry points for the attackers. This includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and how secure those components actually are. The number one challenge CISOs face in today's complex world is lack of talent to address these challenges. And I'm not saying that SecOps pros are not talented, They are. There just aren't enough of them to go around and the adversary is also talented and very creative, and there are more and more of them every day. >>Now, one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of SEC off teams. Specifically we're talking about shifting much of the heavy lifting around securing servers, storage, networking, and other infrastructure and their components onto the technology vendor via r and d and other best practices like supply chain management. And that's what we're here to talk about. Welcome to the second part in our series, A Blueprint for Trusted Infrastructure Made Possible by Dell Technologies and produced by the Cube. My name is Dave Ante and I'm your host now. Previously we looked at what trusted infrastructure means and the role that storage and data protection play in the equation. In this part two of the series, we explore the changing nature of technology infrastructure, how the industry generally in Dell specifically, are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams. >>Now today, we continue the discussion and look more deeply into servers networking and hyper-converged infrastructure to better understand the critical aspects of how one company Dell is securing these elements so that dev sec op teams can focus on the myriad new attack vectors and challenges that they faced. First up is Deepak rang Garage Power Edge security product manager at Dell Technologies. And after that we're gonna bring on Mahesh Nagar oim, who was consultant in the networking product management area at Dell. And finally, we're close with Jerome West, who is the product management security lead for HCI hyperconverged infrastructure and converged infrastructure at Dell. Thanks for joining us today. We're thrilled to have you here and hope you enjoy the program. Deepak Arage shoes powered security product manager at Dell Technologies. Deepak, great to have you on the program. Thank you. >>Thank you for having me. >>So we're going through the infrastructure stack and in part one of this series we looked at the landscape overall and how cyber has changed and specifically how Dell thinks about data protection in, in security in a manner that both secures infrastructure and minimizes organizational friction. We also hit on the storage part of the portfolio. So now we want to dig into servers. So my first question is, what are the critical aspects of securing server infrastructure that our audience should be aware of? >>Sure. So if you look at compute in general, right, it has rapidly evolved over the past couple of years, especially with trends toward software defined data centers and with also organizations having to deal with hybrid environments where they have private clouds, public cloud locations, remote offices, and also remote workers. So on top of this, there's also an increase in the complexity of the supply chain itself, right? There are companies who are dealing with hundreds of suppliers as part of their supply chain. So all of this complexity provides a lot of opportunity for attackers because it's expanding the threat surface of what can be attacked, and attacks are becoming more frequent, more severe and more sophisticated. And this has also triggered around in the regulatory and mandates around the security needs. >>And these regulations are not just in the government sector, right? So it extends to critical infrastructure and eventually it also get into the private sector. In addition to this, organizations are also looking at their own internal compliance mandates. And this could be based on the industry in which they're operating in, or it could be their own security postures. And this is the landscape in which servers they're operating today. And given that servers are the foundational blocks of the data center, it becomes extremely important to protect them. And given how complex the modern server platforms are, it's also extremely difficult and it takes a lot of effort. And this means protecting everything from the supply chain to the manufacturing and then eventually the assuring the hardware and software integrity of the platforms and also the operations. And there are very few companies that go to the lens that Dell does in order to secure the server. We truly believe in the notion and the security mentality that, you know, security should enable our customers to go focus on their business and proactively innovate on their business and it should not be a burden to them. And we heavily invest to make that possible for our customers. >>So this is really important because the premise that I set up at the beginning of this was really that I, as of security pro, I'm not a security pro, but if I were, I wouldn't want to be doing all this infrastructure stuff because I now have all these new things I gotta deal with. I want a company like Dell who has the resources to build that security in to deal with the supply chain to ensure the providence, et cetera. So I'm glad you you, you hit on that, but so given what you just said, what does cybersecurity resilience mean from a server perspective? For example, are there specific principles that Dell adheres to that are non-negotiable? Let's say, how does Dell ensure that its customers can trust your server infrastructure? >>Yeah, like when, when it comes to security at Dell, right? It's ingrained in our product, so that's the best way to put it. And security is nonnegotiable, right? It's never an afterthought where we come up with a design and then later on figure out how to go make it secure, right? Our security development life cycle, the products are being designed to counter these threats right from the big. And in addition to that, we are also testing and evaluating these products continuously to identify vulnerabilities. We also have external third party audits which supplement this process. And in addition to this, Dell makes the commitment that we will rapidly respond to any mitigations and vulnerability, any vulnerabilities and exposures found out in the field and provide mitigations and patches for in attacking manner. So this security principle is also built into our server life cycle, right? Every phase of it. >>So we want our products to provide cutting edge capabilities when it comes to security. So as part of that, we are constantly evaluating what our security model is done. We are building on it and continuously improving it. So till a few years ago, our model was primarily based on the N framework of protect, detect and rigor. And it's still aligns really well to that framework, but over the past couple of years, we have seen how computers evolved, how the threads have evolved, and we have also seen the regulatory trends and we recognize the fact that the best security strategy for the modern world is a zero trust approach. And so now when we are building our infrastructure and tools and offerings for customers, first and foremost, they're cyber resilient, right? What we mean by that is they're capable of anticipating threats, withstanding attacks and rapidly recurring from attacks and also adapting to the adverse conditions in which they're deployed. The process of designing these capabilities and identifying these capabilities however, is done through the zero press framework. And that's very important because now we are also anticipating how our customers will end up using these capabilities at there and to enable their own zero trust IT environments and IT zero trusts deployments. We have completely adapted our security approach to make it easier for customers to work with us no matter where they are in their journey towards zero trust option. >>So thank you for that. You mentioned the, this framework, you talked about zero trust. When I think about n I think as well about layered approaches. And when I think about zero trust, I think about if you, if you don't have access to it, you're not getting access, you've gotta earn that, that access and you've got layers and then you still assume that bad guys are gonna get in. So you've gotta detect that and you've gotta response. So server infrastructure security is so fundamental. So my question is, what is Dell providing specifically to, for example, detect anomalies and breaches from unauthorized activity? How do you enable fast and easy or facile recovery from malicious incidents, >>Right? What is that is exactly right, right? Breachers are bound to happen and given how complex our current environment is, it's extremely distributed and extremely connected, right? Data and users are no longer contained with an offices where we can set up a perimeter firewall and say, Yeah, everything within that is good. We can trust everything within it. That's no longer true. The best approach to protect data and infrastructure in the current world is to use a zero trust approach, which uses the principles. Nothing is ever trusted, right? Nothing is trusted implicitly. You're constantly verifying every single user, every single device, and every single access in your system at every single level of your ID environment. And this is the principles that we use on power Edge, right? But with an increased focus on providing granular controls and checks based on the principles of these privileged access. >>So the idea is that service first and foremost need to make sure that the threats never enter and they're rejected at the point of entry, but we recognize breaches are going to occur and if they do, they need to be minimized such that the sphere of damage cost by attacker is minimized so they're not able to move from one part of the network to something else laterally or escalate their privileges and cause more damage, right? So the impact radius for instance, has to be radius. And this is done through features like automated detection capabilities and automation, automated remediation capabilities. So some examples are as part of our end to end boot resilience process, we have what they call a system lockdown, right? We can lock down the configuration of the system and lock on the form versions and all changes to the system. And we have capabilities which automatically detect any drift from that lockdown configuration and we can figure out if the drift was caused to authorized changes or unauthorized changes. >>And if it is an unauthorize change can log it, generate security alerts, and we even have capabilities to automatically roll the firm where, and always versions back to a known good version and also the configurations, right? And this becomes extremely important because as part of zero trust, we need to respond to these things at machine speed and we cannot do it at a human speed. And having these automated capabilities is a big deal when achieving that zero trust strategy. And in addition to this, we also have chassis inclusion detection where if the chassis, the box, the several box is opened up, it logs alerts, and you can figure out even later if there's an AC power cycle, you can go look at the logs to see that the box is opened up and figure out if there was a, like a known authorized access or some malicious actor opening and chain something in your system. >>Great, thank you for that lot. Lot of detail and and appreciate that. I want to go somewhere else now cuz Dell has a renowned supply chain reputation. So what about securing the, the supply chain and the server bill of materials? What does Dell specifically do to track the providence of components it uses in its systems so that when the systems arrive, a customer can be a hundred percent certain that that system hasn't been compromised, >>Right? And we've talked about how complex the modern supply chain is, right? And that's no different for service. We have hundreds of confidence on the server and a lot of these form where in order to be configured and run and this former competence could be coming from third parties suppliers. So now the complexity that we are dealing with like was the end to end approach and that's where Dell pays a lot of attention into assuring the security approach approaching and it starts all the way from sourcing competence, right? And then through the design and then even the manufacturing process where we are wetting the personnel leather factories and wetting the factories itself. And the factories also have physical controls, physical security controls built into them and even shipping, right? We have GPS tagging of packages. So all of this is built to ensure supply chain security. >>But a critical aspect of this is also making sure that the systems which are built in the factories are delivered to the customers without any changes or any tapper. And we have a feature called the secure component verification, which is capable of doing this. What the feature does this, when the system gets built in a factory, it generates an inventory of all the competence in the system and it creates a cryptographic certificate based on the signatures presented to this by the competence. And this certificate is stored separately and sent to the customers separately from the system itself. So once the customers receive the system at their end, they can run out to, it generates an inventory of the competence on the system at their end and then compare it to the golden certificate to make sure nothing was changed. And if any changes are detected, we can figure out if there's an authorized change or unauthorize change. >>Again, authorized changes could be like, you know, upgrades to the drives or memory and ized changes could be any sort of temper. So that's the supply chain aspect of it and bill of metal use is also an important aspect to galing security, right? And we provide a software bill of materials, which is basically a list of ingredients of all the software pieces in the platform. So what it allows our customers to do is quickly take a look at all the different pieces and compare it to the vulnerability database and see if any of the vulner which have been discovered out in the wild affected platform. So that's a quick way of figuring out if the platform has any known vulnerabilities and it has not been patched. >>Excellent. That's really good. My last question is, I wonder if you, you know, give us the sort of summary from your perspective, what are the key strengths of Dell server portfolio from a security standpoint? I'm really interested in, you know, the uniqueness and the strong suit that Dell brings to the table, >>Right? Yeah. We have talked enough about the complexity of the environment and how zero risk is necessary for the modern ID environment, right? And this is integral to Dell powered service. And as part of that like you know, security starts with the supply chain. We already talked about the second component verification, which is a beneath feature that Dell platforms have. And on top of it we also have a silicon place platform mode of trust. So this is a key which is programmed into the silicon on the black service during manufacturing and can never be changed after. And this immutable key is what forms the anchor for creating the chain of trust that is used to verify everything in the platform from the hardware and software integrity to the boot, all pieces of it, right? In addition to that, we also have a host of data protection features. >>Whether it is protecting data at risk in news or inflight, we have self encrypting drives which provides scalable and flexible encryption options. And this couple with external key management provides really good protection for your data address. External key management is important because you know, somebody could physically steam the server walk away, but then the keys are not stored on the server, it stood separately. So that provides your action layer of security. And we also have dual layer encryption where you can compliment the hardware encryption on the secure encrypted drives with software level encryption. Inion to this we have identity and access management features like multifactor authentication, single sign on roles, scope and time based access controls, all of which are critical to enable that granular control and checks for zero trust approach. So I would say like, you know, if you look at the Dell feature set, it's pretty comprehensive and we also have the flexibility built in to meet the needs of all customers no matter where they fall in the spectrum of, you know, risk tolerance and security sensitivity. And we also have the capabilities to meet all the regulatory requirements and compliance requirements. So in a nutshell, I would say that you know, Dell Power Service cyber resident infrastructure helps accelerate zero tested option for customers. >>Got it. So you've really thought this through all the various things that that you would do to sort of make sure that your server infrastructure is secure, not compromised, that your supply chain is secure so that your customers can focus on some of the other things that they have to worry about, which are numerous. Thanks Deepak, appreciate you coming on the cube and participating in the program. >>Thank you for having >>You're welcome. In a moment I'll be back to dig into the networking portion of the infrastructure. Stay with us for more coverage of a blueprint for trusted infrastructure and collaboration with Dell Technologies on the cube, your leader in enterprise and emerging tech coverage. We're back with a blueprint for trusted infrastructure and partnership with Dell Technologies in the cube. And we're here with Mahesh Nager, who is a consultant in the area of networking product management at Dell Technologies. Mahesh, welcome, good to see you. >>Hey, good morning Dell's, nice to meet, meet to you as well. >>Hey, so we've been digging into all the parts of the infrastructure stack and now we're gonna look at the all important networking components. Mahesh, when we think about networking in today's environment, we think about the core data center and we're connecting out to various locations including the cloud and both the near and the far edge. So the question is from Dell's perspective, what's unique and challenging about securing network infrastructure that we should know about? >>Yeah, so few years ago IT security and an enterprise was primarily putting a wrapper around data center out because it was constrained to an infrastructure owned and operated by the enterprise for the most part. So putting a rapid around it like a parameter or a firewall was a sufficient response because you could basically control the environment and data small enough control today with the distributed data, intelligent software, different systems, multi-cloud environment and asset service delivery, you know, the infrastructure for the modern era changes the way to secure the network infrastructure In today's, you know, data driven world, it operates everywhere and data has created and accessed everywhere so far from, you know, the centralized monolithic data centers of the past. The biggest challenge is how do we build the network infrastructure of the modern era that are intelligent with automation enabling maximum flexibility and business agility without any compromise on the security. We believe that in this data era, the security transformation must accompany digital transformation. >>Yeah, that's very good. You talked about a couple of things there. Data by its very nature is distributed. There is no perimeter anymore, so you can't just, as you say, put a rapper around it. I like the way you phrase that. So when you think about cyber security resilience from a networking perspective, how do you define that? In other words, what are the basic principles that you adhere to when thinking about securing network infrastructure for your customers? >>So our belief is that cybersecurity and cybersecurity resilience, they need to be holistic, they need to be integrated, scalable, one that span the entire enterprise and with a co and objective and policy implementation. So cybersecurity needs to span across all the devices and running across any application, whether the application resets on the cloud or anywhere else in the infrastructure. From a networking standpoint, what does it mean? It's again, the same principles, right? You know, in order to prevent the threat actors from accessing changing best destroy or stealing sensitive data, this definition holds good for networking as well. So if you look at it from a networking perspective, it's the ability to protect from and withstand attacks on the networking systems as we continue to evolve. This will also include the ability to adapt and recover from these attacks, which is what cyber resilience aspect is all about. So cybersecurity best practices, as you know, is continuously changing the landscape primarily because the cyber threats also continue to evolve. >>Yeah, got it. So I like that. So it's gotta be integrated, it's gotta be scalable, it's gotta be comprehensive, comprehensive and adaptable. You're saying it can't be static, >>Right? Right. So I think, you know, you had a second part of a question, you know, that says what do we, you know, what are the basic principles? You know, when you think about securing network infrastructure, when you're looking at securing the network infrastructure, it revolves around core security capability of the devices that form the network. And what are these security capabilities? These are access control, software integrity and vulnerability response. When you look at access control, it's to ensure that only the authenticated users are able to access the platform and they're able to access only the kind of the assets that they're authorized to based on their user level. Now accessing a network platform like a switch or a rotor for example, is typically used for say, configuration and management of the networking switch. So user access is based on say roles for that matter in a role based access control, whether you are a security admin or a network admin or a storage admin. >>And it's imperative that logging is enable because any of the change to the configuration is actually logged and monitored as that. Talking about software's integrity, it's the ability to ensure that the software that's running on the system has not been compromised. And, and you know, this is important because it could actually, you know, get hold of the system and you know, you could get UND desire results in terms of say validation of the images. It's, it needs to be done through say digital signature. So, so it's important that when you're talking about say, software integrity, a, you are ensuring that the platform is not compromised, you know, is not compromised and be that any upgrades, you know, that happens to the platform is happening through say validated signature. >>Okay. And now, now you've now, so there's access control, software integrity, and I think you, you've got a third element which is i I think response, but please continue. >>Yeah, so you know, the third one is about civil notability. So we follow the same process that's been followed by the rest of the products within the Dell product family. That's to report or identify, you know, any kind of a vulnerability that's being addressed by the Dell product security incident response team. So the networking portfolio is no different, you know, it follows the same process for identification for tri and for resolution of these vulnerabilities. And these are addressed either through patches or through new reasons via networking software. >>Yeah, got it. Okay. So I mean, you didn't say zero trust, but when you were talking about access control, you're really talking about access to only those assets that people are authorized to access. I know zero trust sometimes is a buzzword, but, but you I think gave it, you know, some clarity there. Software integrity, it's about assurance validation, your digital signature you mentioned and, and that there's been no compromise. And then how you respond to incidents in a standard way that can fit into a security framework. So outstanding description, thank you for that. But then the next question is, how does Dell networking fit into the construct of what we've been talking about Dell trusted infrastructure? >>Okay, so networking is the key element in the Dell trusted infrastructure. It provides the interconnect between the service and the storage world. And you know, it's part of any data center configuration for a trusted infrastructure. The network needs to have access control in place where only the authorized nels are able to make change to the network configuration and logging off any of those changes is also done through the logging capabilities. Additionally, we should also ensure that the configuration should provide network isolation between say the management network and the data traffic network because they need to be separate and distinct from each other. And furthermore, even if you look at the data traffic network and now you have things like segmentation isolated segments and via VRF or, or some micro segmentation via partners, this allows various level of security for each of those segments. So it's important you know, that, that the network infrastructure has the ability, you know, to provide all this, this services from a Dell networking security perspective, right? >>You know, there are multiple layer of defense, you know, both at the edge and in the network in this hardware and in the software and essentially, you know, a set of rules and a configuration that's designed to sort of protect the integrity, confidentiality, and accessibility of the network assets. So each network security layer, it implements policies and controls as I said, you know, including send network segmentation. We do have capabilities sources, centralized management automation and capability and scalability for that matter. Now you add all of these things, you know, with the open networking standards or software, different principles and you essentially, you know, reach to the point where you know, you're looking at zero trust network access, which is essentially sort of a building block for increased cloud adoption. If you look at say that you know the different pillars of a zero trust architecture, you know, if you look at the device aspect, you know, we do have support for security for example, we do have say trust platform in a trusted platform models tpms on certain offer products and you know, the physical security know plain, simple old one love port enable from a user trust perspective, we know it's all done via access control days via role based access control and say capability in order to provide say remote authentication or things like say sticky Mac or Mac learning limit and so on. >>If you look at say a transport and decision trust layer, these are essentially, you know, how do you access, you know, this switch, you know, is it by plain hotel net or is it like secure ssh, right? And you know, when a host communicates, you know, to the switch, we do have things like self-signed or is certificate authority based certification. And one of the important aspect is, you know, in terms of, you know, the routing protocol, the routing protocol, say for example BGP for example, we do have the capability to support MD five authentication between the b g peers so that there is no, you know, manages attack, you know, to the network where the routing table is compromised. And the other aspect is about second control plane is here, you know, you know, it's, it's typical that if you don't have a control plane here, you know, it could be flooded and you know, you know, the switch could be compromised by city denial service attacks. >>From an application test perspective, as I mentioned, you know, we do have, you know, the application specific security rules where you could actually define, you know, the specific security rules based on the specific applications, you know, that are running within the system. And I did talk about, say the digital signature and the cryptographic check that we do for authentication and for, I mean rather for the authenticity and the validation of, you know, of the image and the BS and so on and so forth. Finally, you know, the data trust, we are looking at, you know, the network separation, you know, the network separation could happen or VRF plain old wheel Ls, you know, which can bring about sales multi 10 aspects. We talk about some microsegmentation as it applies to nsx for example. The other aspect is, you know, we do have, with our own smart fabric services that's enabled in a fabric, we have a concept of c cluster security. So all of this, you know, the different pillars, they sort of make up for the zero trust infrastructure for the networking assets of an infrastructure. >>Yeah. So thank you for that. There's a, there's a lot to unpack there. You know, one of the premise, the premise really of this, this, this, this segment that we're setting up in this series is really that everything you just mentioned, or a lot of things you just mentioned used to be the responsibility of the security team. And, and the premise that we're putting forth is that because security teams are so stretched thin, you, you gotta shift the vendor community. Dell specifically is shifting a lot of those tasks to their own r and d and taking care of a lot of that. So, cuz scop teams got a lot of other stuff to, to worry about. So my question relates to things like automation, which can help and scalability, what about those topics as it relates to networking infrastructure? >>Okay, our >>Portfolio, it enables state of the automation software, you know, that enables simplifying of the design. So for example, we do have, you know, you know the fabric design center, you know, a tool that automates the design of the fabric and you know, from a deployment and you know, the management of the network infrastructure that are simplicities, you know, using like Ansible s for Sonic for example are, you know, for a better sit and tell story. You know, we do have smart fabric services that can automate the entire fabric, you know, for a storage solution or for, you know, for one of the workloads for example. Now we do help reduce the complexity by closely integrating the management of the physical and the virtual networking infrastructure. And again, you know, we have those capabilities using Sonic or Smart Traffic services. If you look at Sonic for example, right? >>It delivers automated intent based secure containerized network and it has the ability to provide some network visibility and Avan has and, and all of these things are actually valid, you know, for a modern networking infrastructure. So now if you look at Sonic, you know, it's, you know, the usage of those tools, you know, that are available, you know, within the Sonic no is not restricted, you know, just to the data center infrastructure is, it's a unified no, you know, that's well applicable beyond the data center, you know, right up to the edge. Now if you look at our north from a smart traffic OS 10 perspective, you know, as I mentioned, we do have smart traffic services which essentially, you know, simplifies the deployment day zero, I mean rather day one, day two deployment expansion plans and the lifecycle management of our conversion infrastructure and hyper and hyper conversion infrastructure solutions. And finally, in order to enable say, zero touch deployment, we do have, you know, a VP solution with our SD van capability. So these are, you know, ways by which we bring down the complexity by, you know, enhancing the automation capability using, you know, a singular loss that can expand from a data center now right to the edge. >>Great, thank you for that. Last question real quick, just pitch me, what can you summarize from your point of view, what's the strength of the Dell networking portfolio? >>Okay, so from a Dell networking portfolio, we support capabilities at multiple layers. As I mentioned, we're talking about the physical security for examples, say disabling of the unused interface. Sticky Mac and trusted platform modules are the things that to go after. And when you're talking about say secure boot for example, it delivers the authenticity and the integrity of the OS 10 images at the startup. And Secure Boot also protects the startup configuration so that, you know, the startup configuration file is not compromised. And Secure port also enables the workload of prediction, for example, that is at another aspect of software image integrity validation, you know, wherein the image is data for the digital signature, you know, prior to any upgrade process. And if you are looking at secure access control, we do have things like role based access control, SSH to the switches, control plane access control that pre do tags and say access control from multifactor authentication. >>We do have various tech ads for entry control to the network and things like CSE and PRV support, you know, from a federal perspective we do have say logging wherein, you know, any event, any auditing capabilities can be possible by say looking at the clog service, you know, which are pretty much in our transmitter from the devices overts for example, and last we talked about say network segment, you know, say network separation and you know, these, you know, separation, you know, ensures that are, that is, you know, a contained say segment, you know, for a specific purpose or for the specific zone and, you know, just can be implemented by a, a micro segmentation, you know, just a plain old wheel or using virtual route of framework VR for example. >>A lot there. I mean I think frankly, you know, my takeaway is you guys do the heavy lifting in a very complicated topic. So thank you so much for, for coming on the cube and explaining that in in quite some depth. Really appreciate it. >>Thank you indeed. >>Oh, you're very welcome. Okay, in a moment I'll be back to dig into the hyper-converged infrastructure part of the portfolio and look at how when you enter the world of software defined where you're controlling servers and storage and networks via software led system, you could be sure that your infrastructure is trusted and secure. You're watching a blueprint for trusted infrastructure made possible by Dell Technologies and collaboration with the cube, your leader in enterprise and emerging tech coverage, your own west product management security lead at for HCI at Dell Technologies hyper-converged infrastructure. Jerome, welcome. >>Thank you Dave. >>Hey Jerome, in this series of blueprint for trusted infrastructure, we've been digging into the different parts of the infrastructure stack, including storage servers and networking, and now we want to cover hyperconverged infrastructure. So my first question is, what's unique about HCI that presents specific security challenges? What do we need to know? >>So what's unique about hyper-converge infrastructure is the breadth of the security challenge. We can't simply focus on a single type of IT system. So like a server or storage system or a virtualization piece of software, software. I mean HCI is all of those things. So luckily we have excellent partners like VMware, Microsoft, and internal partners like the Dell Power Edge team, the Dell storage team, the Dell networking team, and on and on. These partnerships in these collaborations are what make us successful from a security standpoint. So let me give you an example to illustrate. In the recent past we're seeing growing scope and sophistication in supply chain attacks. This mean an attacker is going to attack your software supply chain upstream so that hopefully a piece of code, malicious code that wasn't identified early in the software supply chain is distributed like a large player, like a VMware or Microsoft or a Dell. So to confront this kind of sophisticated hard to defeat problem, we need short term solutions and we need long term solutions as well. >>So for the short term solution, the obvious thing to do is to patch the vulnerability. The complexity is for our HCI portfolio. We build our software on VMware, so we would have to consume a patch that VMware would produce and provide it to our customers in a timely manner. Luckily VX rail's engineering team has co engineered a release process with VMware that significantly shortens our development life cycle so that VMware would produce a patch and within 14 days we will integrate our own code with the VMware release we will have tested and validated the update and we will give an update to our customers within 14 days of that VMware release. That as a result of this kind of rapid development process, VHA had over 40 releases of software updates last year for a longer term solution. We're partnering with VMware and others to develop a software bill of materials. We work with VMware to consume their software manifest, including their upstream vendors and their open source providers to have a comprehensive list of software components. Then we aren't caught off guard by an unforeseen vulnerability and we're more able to easily detect where the software problem lies so that we can quickly address it. So these are the kind of relationships and solutions that we can co engineer with effective collaborations with our, with our partners. >>Great, thank you for that. That description. So if I had to define what cybersecurity resilience means to HCI or converged infrastructure, and to me my takeaway was you gotta have a short term instant patch solution and then you gotta do an integration in a very short time, you know, two weeks to then have that integration done. And then longer term you have to have a software bill of materials so that you can ensure the providence of all the components help us. Is that a right way to think about cybersecurity resilience? Do you have, you know, a additives to that definition? >>I do. I really think that's site cybersecurity and resilience for hci because like I said, it has sort of unprecedented breadth across our portfolio. It's not a single thing, it's a bit of everything. So really the strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer. So let me, let me give you an example. So hci, it's a, basically taking a software abstraction of hardware functionality and implementing it into something called the virtualized layer. It's basically the virtual virtualizing hardware functionality, like say a storage controller, you could implement it in hardware, but for hci, for example, in our VX rail portfolio, we, our Vxl product, we integrated it into a product called vsan, which is provided by our partner VMware. So that portfolio of strength is still, you know, through our, through our partnerships. >>So what we do, we integrate these, these security functionality and features in into our product. So our partnership grows to our ecosystem through products like VMware, products like nsx, Horizon, Carbon Black and vSphere. All of them integrate seamlessly with VMware and we also leverage VMware's software, part software partnerships on top of that. So for example, VX supports multifactor authentication through vSphere integration with something called Active Directory Federation services for adfs. So there's a lot of providers that support adfs including Microsoft Azure. So now we can support a wide array of identity providers such as Off Zero or I mentioned Azure or Active Directory through that partnership. So we can leverage all of our partners partnerships as well. So there's sort of a second layer. So being able to secure all of that, that provides a lot of options and flexibility for our customers. So basically to summarize my my answer, we consume all of the security advantages of our partners, but we also expand on them to make a product that is comprehensively secured at multiple layers from the hardware layer that's provided by Dell through Power Edge to the hyper-converged software that we build ourselves to the virtualization layer that we get through our partnerships with Microsoft and VMware. >>Great, I mean that's super helpful. You've mentioned nsx, Horizon, Carbon Black, all the, you know, the VMware component OTH zero, which the developers are gonna love. You got Azure identity, so it's really an ecosystem. So you may have actually answered my next question, but I'm gonna ask it anyway cuz you've got this software defined environment and you're managing servers and networking and storage with this software led approach, how do you ensure that the entire system is secure end to end? >>That's a really great question. So the, the answer is we do testing and validation as part of the engineering process. It's not just bolted on at the end. So when we do, for example, VxRail is the market's only co engineered solution with VMware, other vendors sell VMware as a hyper converged solution, but we actually include security as part of the co-engineering process with VMware. So it's considered when VMware builds their code and their process dovetails with ours because we have a secure development life cycle, which other products might talk about in their discussions with you that we integrate into our engineering life cycle. So because we follow the same framework, all of the, all of the codes should interoperate from a security standpoint. And so when we do our final validation testing when we do a software release, we're already halfway there in ensuring that all these features will give the customers what we promised. >>That's great. All right, let's, let's close pitch me, what would you say is the strong suit summarize the, the strengths of the Dell hyper-converged infrastructure and converged infrastructure portfolio specifically from a security perspective? Jerome? >>So I talked about how hyper hyper-converged infrastructure simplifies security management because basically you're gonna take all of these features that are abstracted in in hardware, they're now abstracted in the virtualization layer. Now you can manage them from a single point of view, whether it would be, say, you know, in for VX rail would be b be center, for example. So by abstracting all this, you make it very easy to manage security and highly flexible because now you don't have limitations around a single vendor. You have a multiple array of choices and partnerships to select. So I would say that is the, the key to making it to hci. Now, what makes Dell the market leader in HCI is not only do we have that functionality, but we also make it exceptionally useful to you because it's co engineered, it's not bolted on. So I gave the example of spo, I gave the example of how we, we modify our software release process with VMware to make it very responsive. >>A couple of other features that we have specific just to HCI are digitally signed LCM updates. This is an example of a feature that we have that's only exclusive to Dell that's not done through a partnership. So we digitally signed our software updates so the user can be sure that the, the update that they're installing into their system is an authentic and unmodified product. So we give it a Dell signature that's invalidated prior to installation. So not only do we consume the features that others develop in a seamless and fully validated way, but we also bolt on our own a specific HCI security features that work with all the other partnerships and give the user an exceptional security experience. So for, for example, the benefit to the customer is you don't have to create a complicated security framework that's hard for your users to use and it's hard for your system administrators to manage it all comes in a package. So it, it can be all managed through vCenter, for example, or, and then the specific hyper, hyper-converged functions can be managed through VxRail manager or through STDC manager. So there's very few pains of glass that the, the administrator or user ever has to worry about. It's all self contained and manageable. >>That makes a lot of sense. So you've got your own infrastructure, you're applying your best practices to that, like the digital signatures, you've got your ecosystem, you're doing co-engineering with the ecosystems, delivering security in a package, minimizing the complexity at the infrastructure level. The reason Jerome, this is so important is because SecOps teams, you know, they gotta deal with cloud security, they gotta deal with multiple clouds. Now they have their shared responsibility model going across multiple cl. They got all this other stuff that they have to worry, they gotta secure the containers and the run time and and, and, and, and the platform and so forth. So they're being asked to do other things. If they have to worry about all the things that you just mentioned, they'll never get, you know, the, the securities is gonna get worse. So what my takeaway is, you're removing that infrastructure piece and saying, Okay guys, you now can focus on those other things that is not necessarily Dell's, you know, domain, but you, you know, you can work with other partners to and your own teams to really nail that. Is that a fair summary? >>I think that is a fair summary because absolutely the worst thing you can do from a security perspective is provide a feature that's so unusable that the administrator disables it or other key security features. So when I work with my partners to define, to define and develop a new security feature, the thing I keep foremost in mind is, will this be something our users want to use and our administrators want to administer? Because if it's not, if it's something that's too difficult or onerous or complex, then I try to find ways to make it more user friendly and practical. And this is a challenge sometimes because we are, our products operate in highly regulated environments and sometimes they have to have certain rules and certain configurations that aren't the most user friendly or management friendly. So I, I put a lot of effort into thinking about how can we make this feature useful while still complying with all the regulations that we have to comply with. And by the way, we're very successful in a highly regulated space. We sell a lot of VxRail, for example, into the Department of Defense and banks and, and other highly regulated environments and we're very successful there. >>Excellent. Okay, Jerome, thanks. We're gonna leave it there for now. I'd love to have you back to talk about the progress that you're making down the road. Things always, you know, advance in the tech industry and so would appreciate that. >>I would look forward to it. Thank you very much, Dave. >>You're really welcome. In a moment I'll be back to summarize the program and offer some resources that can help you on your journey to secure your enterprise infrastructure. I wanna thank our guests for their contributions in helping us understand how investments by a company like Dell can both reduce the need for dev sec up teams to worry about some of the more fundamental security issues around infrastructure and have greater confidence in the quality providence and data protection designed in to core infrastructure like servers, storage, networking, and hyper-converged systems. You know, at the end of the day, whether your workloads are in the cloud, on prem or at the edge, you are responsible for your own security. But vendor r and d and vendor process must play an important role in easing the burden faced by security devs and operation teams. And on behalf of the cube production content and social teams as well as Dell Technologies, we want to thank you for watching a blueprint for trusted infrastructure. Remember part one of this series as well as all the videos associated with this program and of course today's program are available on demand@thecube.net with additional coverage@siliconangle.com. And you can go to dell.com/security solutions dell.com/security solutions to learn more about Dell's approach to securing infrastructure. And there's tons of additional resources that can help you on your journey. This is Dave Valante for the Cube, your leader in enterprise and emerging tech coverage. We'll see you next time.

the cyber security landscape has changed dramatically over the past 24 to 36 months rapid cloud migration has created a new layer of security defense sure but that doesn't mean csos can relax in many respects it further complicates or at least changes the ciso's scope of responsibilities in particular the threat surface has expanded and that creates more seams and cisos have to make sure their teams pick up where the hyperscaler clouds leave off application developers have become a critical execution point for cyber assurance shift left is the kind of new buzz phrase for devs but organizations still have to shield right meaning the operational teams must continue to partner with secops to make sure infrastructure is resilient so it's no wonder that in etr's latest survey of nearly 1500 cios and it buyers that business technology executives cite security as their number one priority well ahead of other critical technology initiatives including collaboration software cloud computing and analytics rounding out the top four but budgets are under pressure and csos have to prioritize it's not like they have an open checkbook they have to contend with other key initiatives like those just mentioned to secure the funding and what about zero trust can you go out and buy xero trust or is it a framework a mindset in a series of best practices applied to create a security consciousness throughout the organization can you implement zero trust in other words if a machine or human is not explicitly allowed access then access is denied can you implement that policy without constricting organizational agility the question is what's the most practical way to apply that premise and what role does infrastructure play as the enforcer how does automation play in the equation the fact is that today's approach to cyber resilient type resilience can't be an either or it has to be an and conversation meaning you have to ensure data protection while at the same time advancing the mission of the organization with as little friction as possible and don't even talk to me about the edge that's really going to keep you up at night hello and welcome to the special cube presentation a blueprint for trusted infrastructure made possible by dell technologies in this program we explore the critical role that trusted infrastructure plays in cyber security strategies how organizations should think about the infrastructure side of the cyber security equation and how dell specifically approaches securing infrastructure for your business we'll dig into what it means to transform and evolve toward a modern security infrastructure that's both trusted and agile first up are pete gear and steve kenniston they're both senior cyber security consultants at dell technologies and they're going to talk about the company's philosophy and approach to trusted infrastructure and then we're going to speak to paris arcadi who's a senior consultant for storage at dell technologies to understand where and how storage plays in this trusted infrastructure world and then finally rob emsley who heads product marketing for data protection and cyber security he's going to take a deeper dive with rob into data protection and explain how it has become a critical component of a comprehensive cyber security strategy okay let's get started pete gear steve kenniston welcome to the cube thanks for coming into the marlboro studios today great to be here dave thanks dave good to see you great to see you guys pete start by talking about the security landscape you heard my little rap up front what are you seeing i thought you wrapped it up really well and you touched on all the key points right technology is ubiquitous today it's everywhere it's no longer confined to a monolithic data center it lives at the edge it lives in front of us it lives in our pockets and smartphones along with that is data and as you said organizations are managing sometimes 10 to 20 times the amount of data that they were just five years ago and along with that cyber crime has become a very profitable enterprise in fact it's been more than 10 years since uh the nsa chief actually called cyber crime the biggest transfer of wealth in history that was 10 years ago and we've seen nothing but accelerating cyber crime and really sophistication of how those attacks are perpetrated and so the new security landscape is really more of an evolution we're finally seeing security catch up with all of the technology adoption all the build out the work from home and work from anywhere that we've seen over the last couple of years we're finally seeing organizations and really it goes beyond the i t directors it's a board level discussion today security's become a board level discussion yeah i think that's true as well it's like it used to be the security was okay the secops team you're responsible for security now you've got the developers are involved the business lines are involved it's part of onboarding for most companies you know steve this concept of zero trust it was kind of a buzzword before the pandemic and i feel like i've often said it's now become a mandate but it's it's it's still fuzzy to a lot of people how do you guys think about zero trust what does it mean to you how does it fit yeah i thought again i thought your opening was fantastic in in this whole lead into to what is zero trust it had been a buzzword for a long time and now ever since the federal government came out with their implementation or or desire to drive zero trust a lot more people are taking a lot more seriously because i don't think they've seen the government do this but ultimately let's see ultimately it's just like you said right if if you don't have trust to those particular devices uh applications or data you can't get at it the question is and and you phrase it perfectly can you implement that as well as allow the business to be as agile as it needs to be in order to be competitive because we're seeing with your whole notion around devops and the ability to kind of build make deploy build make deploy right they still need that functionality but it also needs to be trusted it needs to be secure and things can't get away from you yeah so it's interesting we attended every uh reinforce since 2019 and the narrative there is hey everything in this in the cloud is great you know and this narrative around oh security is a big problem is you know doesn't help the industry the fact is that the big hyperscalers they're not strapped for talent but csos are they don't have the the capabilities to really apply all these best practices they're they're playing whack-a-mole so they look to companies like yours to take their r your r d and bake it into security products and solutions so what are the critical aspects of the so-called dell trusted infrastructure that we should be thinking about yeah well dell trusted infrastructure for us is a way for us to describe uh the the work that we do through design development and even delivery of our it system so dell trusted infrastructure includes our storage it includes our servers our networking our data protection our hyper converged everything that infrastructure always has been it's just that today customers consume that infrastructure at the edge as a service in a multi-cloud environment i mean i view the cloud as really a way for organizations to become more agile and to become more flexible and also to control costs i don't think organizations move to the cloud or move to a multi-cloud environment to enhance security so i don't see cloud computing as a panacea for security i see it as another attack surface and another uh aspect in front that organizations and and security organizations and departments have to manage it's part of their infrastructure today whether it's in their data center in a cloud or at the edge i mean i think it's a huge point because a lot of people think oh data's in the cloud i'm good it's like steve we've talked about oh why do i have to back up my data it's in the cloud well you might have to recover it someday so i don't know if you have anything to add to that or any additional thoughts on it no i mean i think i think like what pete was saying when it comes to when it comes to all these new vectors for attack surfaces you know people did choose the cloud in order to be more agile more flexible and all that did was open up to the csos who need to pay attention to now okay where can i possibly be attacked i need to be thinking about is that secure and part of the part of that is dell now also understands and thinks about as we're building solutions is it is it a trusted development life cycle so we have our own trusted development life cycle how many times in the past did you used to hear about vendors saying you got to patch your software because of this we think about what changes to our software and what implementations and what enhancements we deliver can actually cause from a security perspective and make sure we don't give up or or have security become a whole just in order to implement a feature we got to think about those things yeah and as pete alluded to our secure supply chain so all the way through knowing what you're going to get when you actually receive it is going to be secure and not be tampered with becomes vitally important and pete and i were talking earlier when you have tens of thousands of devices that need to be delivered whether it be storage or laptops or pcs or or whatever it is you want to be you want to know that that that those devices are can be trusted okay guys maybe pete you could talk about the how dell thinks about it's its framework and its philosophy of cyber security and then specifically what dell's advantages are relative to the competition yeah definitely dave thank you so we've talked a lot about dell as a technology provider but one thing dell also is is a partner in this larger ecosystem we realize that security whether it's a zero trust paradigm or any other kind of security environment is an ecosystem uh with a lot of different vendors so we look at three areas one is protecting data in systems we know that it starts with and ends with data that helps organizations combat threats across their entire infrastructure and what it means is dell's embedding security features consistently across our portfolios of storage servers networking the second is enhancing cyber resiliency over the last decade a lot of the funding and spending has been in protecting or trying to prevent cyber threats not necessarily in responding to and recovering from threats right we call that resiliency organizations need to build resiliency across their organization so not only can they withstand a threat but they can respond recover and continue with their operations and the third is overcoming security complexity security is hard it's more difficult because of the things we've talked about about distributed data distributed technology and and attack surfaces everywhere and so we're enabling organizations to scale confidently to continue their business but know that all all the i.t decisions that they're making um have these intrinsic security features and are built and delivered in a consistent security so those are kind of the three pillars maybe we could end on what you guys see as the key differentiators that people should know about that that dell brings to the table maybe each of you could take take a shot at that yeah i think first of all from from a holistic portfolio perspective right the uh secure supply chain and the secure development life cycle permeate through everything dell does when building things so we build things with security in mind all the way from as pete mentioned from from creation to delivery we want to make sure you have that that secure device or or asset that permeates everything from servers networking storage data protection through hyper converge through everything that to me is really a key asset because that means you can you understand when you receive something it's a trusted piece of your infrastructure i think the other core component to think about and pete mentioned as dell being a partner for making sure you can deliver these things is that even though those are that's part of our framework these pillars are our framework of how we want to deliver security it's also important to understand that we are partners and that you don't need to rip and replace but as you start to put in new components you can be you can be assured that the components that you're replacing as you're evolving as you're growing as you're moving to the cloud as you're moving to a more on-prem type services or whatever that your environment is secure i think those are two key things got it okay pete bring us home yeah i think one of one of the big advantages of dell is our scope and our scale right we're a large technology vendor that's been around for decades and we develop and sell almost every piece of technology we also know that organizations are might make different decisions and so we have a large services organization with a lot of experienced services people that can help customers along their security journey depending on whatever type of infrastructure or solutions that they're looking at the other thing we do is make it very easy to consume our technology whether that's traditional on-premise in a multi-cloud environment uh or as a service and so the best of breed technology can be consumed in any variety of fashion and know that you're getting that consistent secure infrastructure that dell provides well and dell's forgot the probably top supply chain not only in the tech business but probably any business and so you can actually take take your dog food and then and allow other billionaire champagne sorry allow other people to you know share share best practices with your with your customers all right guys thanks so much for coming thank you appreciate it okay keep it right there after this short break we'll be back to drill into the storage domain you're watching a blueprint for trusted infrastructure on the cube the leader in enterprise and emerging tech coverage be right back concern over cyber attacks is now the norm for organizations of all sizes the impact of these attacks can be operationally crippling expensive and have long-term ramifications organizations have accepted the reality of not if but when from boardrooms to i.t departments and are now moving to increase their cyber security preparedness they know that security transformation is foundational to digital transformation and while no one can do it alone dell technologies can help you fortify with modern security modern security is built on three pillars protect your data and systems by modernizing your security approach with intrinsic features and hardware and processes from a provider with a holistic presence across the entire it ecosystem enhance your cyber resiliency by understanding your current level of resiliency for defending your data and preparing for business continuity and availability in the face of attacks overcome security complexity by simplifying and automating your security operations to enable scale insights and extend resources through service partnerships from advanced capabilities that intelligently scale a holistic presence throughout it and decades as a leading global technology provider we'll stop at nothing to help keep you secure okay we're back digging into trusted infrastructure with paris sarcadi he's a senior consultant for product marketing and storage at dell technologies parasaur welcome to the cube good to see you great to be with you dave yeah coming from hyderabad awesome so i really appreciate you uh coming on the program let's start with talking about your point of view on what cyber security resilience means to to dell generally but storage specifically yeah so for something like storage you know we are talking about the data layer name and if you look at cyber security it's all about securing your data applications and infrastructure it has been a very mature field at the network and application layers and there are a lot of great technologies right from you know enabling zero trust advanced authentications uh identity management systems and so on and and in fact you know with the advent of you know the the use of artificial intelligence and machine learning really these detection tools for cyber securities have really evolved in the network and the application spaces so for storage what it means is how can you bring them to the data layer right how can you bring you know the principles of zero trust to the data layer uh how can you leverage artificial intelligence and machine learning to look at you know access patterns and make intelligent decisions about maybe an indicator of a compromise and identify them ahead of time just like you know how it's happening and other ways of applications and when it comes to cyber resilience it's it's basically a strategy which assumes that a threat is imminent and it's a good assumption with the severity of the frequency of the attacks that are happening and the question is how do we fortify the infrastructure in the switch infrastructure to withstand those attacks and have a plan a response plan where we can recover the data and make sure the business continuity is not affected so that's uh really cyber security and cyber resiliency and storage layer and of course there are technologies like you know network isolation immutability and all these principles need to be applied at the storage level as well let me have a follow up on that if i may the intelligence that you talked about that ai and machine learning is that do you do you build that into the infrastructure or is that sort of a separate software module that that points at various you know infrastructure components how does that work both dave right at the data storage level um we have come with various data characteristics depending on the nature of data we developed a lot of signals to see what could be a good indicator of a compromise um and there are also additional applications like cloud iq is the best example which is like an infrastructure wide health monitoring system for dell infrastructure and now we have elevated that to include cyber security as well so these signals are being gathered at cloud iq level and other applications as well so that we can make those decisions about compromise and we can either cascade that intelligence and alert stream upstream for uh security teams um so that they can take actions in platforms like sign systems xtr systems and so on but when it comes to which layer the intelligence is it has to be at every layer where it makes sense where we have the information to make a decision and being closest to the data we have we are basically monitoring you know the various parallels data access who is accessing um are they crossing across any geo fencing uh is there any mass deletion that is happening or a mass encryption that is happening and we are able to uh detect uh those uh patterns and flag them as indicators of compromise and in allowing automated response manual control and so on for it teams yeah thank you for that explanation so at dell technologies world we were there in may it was one of the first you know live shows that that we did in the spring certainly one of the largest and i interviewed shannon champion and a huge takeaway from the storage side was the degree to which you guys emphasized security uh within the operating systems i mean really i mean powermax more than half i think of the features were security related but also the rest of the portfolio so can you talk about the the security aspects of the dell storage portfolio specifically yeah yeah so when it comes to data security and broadly data availability right in the context of cyber resiliency dell storage this you know these elements have been at the core of our um a core strength for the portfolio and the source of differentiation for the storage portfolio you know with almost decades of collective experience of building highly resilient architectures for mission critical data something like power max system which is the most secure storage platform for high-end enterprises and now with the increased focus on cyber security we are extending those core technologies of high availability and adding modern detection systems modern data isolation techniques to offer a comprehensive solution to the customer so that they don't have to piece together multiple things to ensure data security or data resiliency but a well-designed and well-architected solution by design is delivered to them to ensure cyber protection at the data layer got it um you know we were talking earlier to steve kenniston and pete gear about this notion of dell trusted infrastructure how does storage fit into that as a component of that sort of overall you know theme yeah and you know and let me say this if you could adjust because a lot of people might be skeptical that i can actually have security and at the same time not constrict my organizational agility that's old you know not an ore it's an end how do you actually do that if you could address both of those that would be great definitely so for dell trusted infrastructure cyber resiliency is a key component of that and just as i mentioned you know uh air gap isolation it really started with you know power protect cyber recovery you know that was the solution more than three years ago we launched and that was first in the industry which paved way to you know kind of data isolation being a core element of data management and uh for data infrastructure and since then we have implemented these technologies within different storage platforms as well so that customers have the flexibility depending on their data landscape they can approach they can do the right data isolation architecture right either natively from the storage platform or consolidate things into the backup platform and isolate from there and and the other key thing we focus in trusted infrastructure dell infra dell trusted infrastructure is you know the goal of simplifying security for the customers so one good example here is uh you know being able to respond to these cyber threats or indicators of compromise is one thing but an i.t security team may not be looking at the dashboard of the storage systems constantly right storage administration admins may be looking at it so how can we build this intelligence and provide this upstream platforms so that they have a single pane of glass to understand security landscape across applications across networks firewalls as well as storage infrastructure and in compute infrastructure so that's one of the key ways where how we are helping simplify the um kind of the ability to uh respond ability to detect and respond these threads uh in real time for security teams and you mentioned you know about zero trust and how it's a balance of you know not uh kind of restricting users or put heavy burden on you know multi-factor authentication and so on and this really starts with you know what we're doing is provide all the tools you know when it comes to advanced authentication uh supporting external identity management systems multi-factor authentication encryption all these things are intrinsically built into these platforms now the question is the customers are actually one of the key steps is to identify uh what are the most critical parts of their business or what are the applications uh that the most critical business operations depend on and similarly identify uh mission critical data where part of your response plan where it cannot be compromised where you need to have a way to recover once you do this identification then the level of security can be really determined uh by uh by the security teams by the infrastructure teams and you know another you know intelligence that gives a lot of flexibility uh for for even developers to do this is today we have apis um that so you can not only track these alerts at the data infrastructure level but you can use our apis to take concrete actions like blocking a certain user or increasing the level of authentication based on the threat level that has been perceived at the application layer or at the network layer so there is a lot of flexibility that is built into this by design so that depending on the criticality of the data criticality of the application number of users affected these decisions have to be made from time to time and it's as you mentioned it's it's a balance right and sometimes you know if if an organization had a recent attack you know the level of awareness is very high against cyber attacks so for a time you know these these settings may be a bit difficult to deal with but then it's a decision that has to be made by security teams as well got it so you're surfacing what may be hidden kpis that are being buried inside for instance the storage system through apis upstream into a dashboard so that somebody could you know dig into the storage tunnel extract that data and then somehow you know populate that dashboard you're saying you're automating that that that workflow that's a great example and you may have others but is that the correct understanding absolutely and it's a two-way integration let's say a detector an attack has been detected at a completely different layer right in the application layer or at a firewall we can respond to those as well so it's a two-way integration we can cascade things up as well as respond to threats that have been detected elsewhere um uh through the api that's great all right hey api for power skill is the best example for that uh excellent so thank you appreciate that give us the last word put a bow on this and and bring this segment home please absolutely so a dell storage portfolio um using advanced data isolation um with air gap having machine learning based algorithms to detect uh indicators of compromise and having rigor mechanisms with granular snapshots being able to recover data and restore applications to maintain business continuity is what we deliver to customers uh and these are areas where a lot of innovation is happening a lot of product focus as well as you know if you look at the professional services all the way from engineering to professional services the way we build these systems the way we we configure and architect these systems um cyber security and protection is a key focus uh for all these activities and dell.com securities is where you can learn a lot about these initiatives that's great thank you you know at the recent uh reinforce uh event in in boston we heard a lot uh from aws about you know detent and response and devops and machine learning and some really cool stuff we heard a little bit about ransomware but i'm glad you brought up air gaps because we heard virtually nothing in the keynotes about air gaps that's an example of where you know this the cso has to pick up from where the cloud leaves off but that was in front and so number one and number two we didn't hear a ton about how the cloud is making the life of the cso simpler and that's really my takeaway is is in part anyway your job and companies like dell so paris i really appreciate the insights thank you for coming on thecube thank you very much dave it's always great to be in these uh conversations all right keep it right there we'll be right back with rob emsley to talk about data protection strategies and what's in the dell portfolio you're watching thecube data is the currency of the global economy it has value to your organization and cyber criminals in the age of ransomware attacks companies need secure and resilient it infrastructure to safeguard their data from aggressive cyber attacks [Music] as part of the dell technologies infrastructure portfolio powerstor and powermax combine storage innovation with advanced security that adheres to stringent government regulations and corporate compliance requirements security starts with multi-factor authentication enabling only authorized admins to access your system using assigned roles tamper-proof audit logs track system usage and changes so it admins can identify suspicious activity and act with snapshot policies you can quickly automate the protection and recovery process for your data powermax secure snapshots cannot be deleted by any user prior to the retention time expiration dell technologies also make sure your data at rest stays safe with power store and powermax data encryption protects your flash drive media from unauthorized access if it's removed from the data center while adhering to stringent fips 140-2 security requirements cloud iq brings together predictive analytics anomaly detection and machine learning with proactive policy-based security assessments monitoring and alerting the result intelligent insights that help you maintain the security health status of your storage environment and if a security breach does occur power protect cyber recovery isolates critical data identifies suspicious activity and accelerates data recovery using the automated data copy feature unchangeable data is duplicated in a secure digital vault then an operational air gap isolates the vault from the production and backup environments [Music] architected with security in mind dell emc power store and powermax provides storage innovation so your data is always available and always secure wherever and whenever you need it [Music] welcome back to a blueprint for trusted infrastructure we're here with rob emsley who's the director of product marketing for data protection and cyber security rob good to see a new role yeah good to be back dave good to see you yeah it's been a while since we chatted last and you know one of the changes in in my world is that i've expanded my responsibilities beyond data protection marketing to also focus on uh cyber security marketing specifically for our infrastructure solutions group so certainly that's you know something that really has driven us to you know to come and have this conversation with you today so data protection obviously has become an increasingly important component of the cyber security space i i don't think necessarily of you know traditional backup and recovery as security it's to me it's an adjacency i know some companies have said oh yeah now we're a security company they're kind of chasing the valuation for sure bubble um dell's interesting because you you have you know data protection in the form of backup and recovery and data management but you also have security you know direct security capability so you're sort of bringing those two worlds together and it sounds like your responsibility is to to connect those those dots is that right absolutely yeah i mean i think that uh the reality is is that security is a a multi-layer discipline um i think the the days of thinking that it's one uh or another um technology that you can use or process that you can use to make your organization secure uh are long gone i mean certainly um you actually correct if you think about the backup and recovery space i mean people have been doing that for years you know certainly backup and recovery is all about the recovery it's all about getting yourself back up and running when bad things happen and one of the realities unfortunately today is that one of the worst things that can happen is cyber attacks you know ransomware malware are all things that are top of mind for all organizations today and that's why you see a lot of technology and a lot of innovation going into the backup and recovery space because if you have a copy a good copy of your data then that is really the the first place you go to recover from a cyber attack and that's why it's so important the reality is is that unfortunately the cyber criminals keep on getting smarter i don't know how it happens but one of the things that is happening is that the days of them just going after your production data are no longer the only challenge that you have they go after your your backup data as well so over the last half a decade dell technologies with its backup and recovery portfolio has introduced the concept of isolated cyber recovery vaults and that is really the you know we've had many conversations about that over the years um and that's really a big tenant of what we do in the data protection portfolio so this idea of of cyber security resilience that definition is evolving what does it mean to you yeah i think the the analyst team over at gartner they wrote a very insightful paper called you will be hacked embrace the breach and the whole basis of this analysis is so much money has been spent on prevention is that what's out of balance is the amount of budget that companies have spent on cyber resilience and cyber resilience is based upon the premise that you will be hacked you have to embrace that fact and be ready and prepared to bring yourself back into business you know and that's really where cyber resiliency is very very different than cyber security and prevention you know and i think that balance of get your security disciplines well-funded get your defenses as good as you can get them but make sure that if the inevitable happens and you find yourself compromised that you have a great recovery plan and certainly a great recovery plan is really the basis of any good solid data protection backup and recovery uh philosophy so if i had to do a swot analysis we don't have to do the wot but let's focus on the s um what would you say are dell's strengths in this you know cyber security space as it relates to data protection um one is we've been doing it a long time you know we talk a lot about dell's data protection being proven and modern you know certainly the experience that we've had over literally three decades of providing enterprise scale data protection solutions to our customers has really allowed us to have a lot of insight into what works and what doesn't as i mentioned to you one of the unique differentiators of our solution is the cyber recovery vaulting solution that we introduced a little over five years ago five six years parapatek cyber recovery is something which has become a unique capability for customers to adopt uh on top of their investment in dell technologies data protection you know the the unique elements of our solution already threefold and it's we call them the three eyes it's isolation it's immutability and it's intelligence and the the isolation part is really so important because you need to reduce the attack surface of your good known copies of data you know you need to put it in a location that the bad actors can't get to it and that really is the the the the essence of a cyber recovery vault interestingly enough you're starting to see the market throw out that word um you know from many other places but really it comes down to having a real discipline that you don't allow the security of your cyber recovery vault to be compromised insofar as allowing it to be controlled from outside of the vault you know allowing it to be controlled by your backup application our cyber recovery vaulting technology is independent of the backup infrastructure it uses it but it controls its own security and that is so so important it's like having a vault that the only way to open it is from the inside you know and think about that if you think about you know volts in banks or volts in your home normally you have a keypad on the outside think of our cyber recovery vault as having its security controlled from inside of the vault so nobody can get in nothing can get in unless it's already in and if it's already in then it's trusted exactly yeah exactly yeah so isolation is the key and then you mentioned immutability is the second piece yeah so immutability is is also something which has been around for a long time people talk about uh backup immunoability or immutable backup copies so immutability is just the the the additional um technology that allows the data that's inside of the vault to be unchangeable you know but again that immutability you know your mileage varies you know when you look across the uh the different offers that are out there in the market especially in the backup industry you make a very valid point earlier that the backup vendors in the market seems to be security washing their marketing messages i mean everybody is leaning into the ever-present danger of cyber security not a bad thing but the reality is is that you have to have the technology to back it up you know quite literally yeah no pun intended and then actually pun intended now what about the intelligence piece of it uh that's that's ai ml where does that fit for sure so the intelligence piece is delivered by um a solution called cybersense and cybersense for us is what really gives you the confidence that what you have in your cyber recovery vault is a good clean copy of data so it's looking at the backup copies that get driven into the cyber vault and it's looking for anomalies so it's not looking for signatures of malware you know that's what your antivirus software does that's what your endpoint protection software does that's on the prevention side of the equation but what we're looking for is we're looking to ensure that the data that you need when all hell breaks loose is good and that when you get a request to restore and recover your business you go right let's go and do it and you don't have any concern that what you have in the vault has been compromised so cyber sense is really a unique analytic solution in the market based upon the fact that it isn't looking at cursory indicators of of um of of of malware infection or or ransomware introduction it's doing full content analytics you know looking at you know has the data um in any way changed has it suddenly become encrypted has it suddenly become different to how it was in the previous scan so that anomaly detection is very very different it's looking for um you know like different characteristics that really are an indicator that something is going on and of course if it sees it you immediately get flagged but the good news is is that you always have in the vault the previous copy of good known data which now becomes your restore point so we're talking to rob emsley about how data protection fits into what dell calls dti dell trusted infrastructure and and i want to come back rob to this notion of and not or because i think a lot of people are skeptical like how can i have great security and not introduce friction into my organization is that an automation play how does dell tackle that problem i mean i think a lot of it is across our infrastructure is is security has to be built in i mean intrinsic security within our servers within our storage devices uh within our elements of our backup infrastructure i mean security multi-factor authentication you know elements that make the overall infrastructure secure you know we have capabilities that you know allow us to identify whether or not configurations have changed you know we'll probably be talking about that a little bit more to you later in the segment but the the essence is is um security is not a bolt-on it has to be part of the overall infrastructure and that's so true um certainly in the data protection space give us the the bottom line on on how you see dell's key differentiators maybe you could talk about dell of course always talks about its portfolio but but why should customers you know lead in to dell in in this whole cyber resilience space um you know staying on the data protection space as i mentioned the the the work we've been doing um to introduce this cyber resiliency solution for data protection is in our opinion as good as it gets you know the you know you've spoken to a number of our of our best customers whether it be bob bender from founders federal or more recently at delton allergies world you spoke to tony bryson from the town of gilbert and these are customers that we've had for many years that have implemented cyber recovery vaults and at the end of the day they can now sleep at night you know that's really the the peace of mind that they have is that the insurance that a data protection from dell cyber recovery vault a parapatex cyber recovery solution gives them you know really allows them to you know just have the assurance that they don't have to pay a ransom if they have a an insider threat issue and you know all the way down to data deletion is they know that what's in the cyber recovery vault is good and ready for them to recover from great well rob congratulations on the new scope of responsibility i like how you know your organization is expanding as the threat surface is expanding as we said data protection becoming an adjacency to security not security in and of itself a key component of a comprehensive security strategy rob emsley thank you for coming back in the cube good to see you again you too dave thanks all right in a moment i'll be back to wrap up a blueprint for trusted infrastructure you're watching the cube every day it seems there's a new headline about the devastating financial impacts or trust that's lost due to ransomware or other sophisticated cyber attacks but with our help dell technologies customers are taking action by becoming more cyber resilient and deterring attacks so they can greet students daily with a smile they're ensuring that a range of essential government services remain available 24 7 to citizens wherever they're needed from swiftly dispatching public safety personnel or sending an inspector to sign off on a homeowner's dream to protecting restoring and sustaining our precious natural resources for future generations with ever-changing cyber attacks targeting organizations in every industry our cyber resiliency solutions are right on the money providing the security and controls you need we help customers protect and isolate critical data from ransomware and other cyber threats delivering the highest data integrity to keep your doors open and ensuring that hospitals and healthcare providers have access to the data they need so patients get life-saving treatment without fail if a cyber incident does occur our intelligence analytics and responsive team are in a class by themselves helping you reliably recover your data and applications so you can quickly get your organization back up and running with dell technologies behind you you can stay ahead of cybercrime safeguarding your business and your customers vital information learn more about how dell technology's cyber resiliency solutions can provide true peace of mind for you the adversary is highly capable motivated and well equipped and is not standing still your job is to partner with technology vendors and increase the cost of the bad guys getting to your data so that their roi is reduced and they go elsewhere the growing issues around cyber security will continue to drive forward thinking in cyber resilience we heard today that it is actually possible to achieve infrastructure security while at the same time minimizing friction to enable organizations to move quickly in their digital transformations a xero trust framework must include vendor r d and innovation that builds security designs it into infrastructure products and services from the start not as a bolt-on but as a fundamental ingredient of the cloud hybrid cloud private cloud to edge operational model the bottom line is if you can't trust your infrastructure your security posture is weakened remember this program is available on demand in its entirety at thecube.net and the individual interviews are also available and you can go to dell security solutions landing page for for more information go to dell.com security solutions that's dell.com security solutions this is dave vellante thecube thanks for watching a blueprint for trusted infrastructure made possible by dell we'll see you next time

>>The cybersecurity landscape continues to be one characterized by a series of point tools designed to do a very specific job, often pretty well, but the mosaic of tooling is grown over the years causing complexity in driving up costs and increasing exposures. So the game of Whackamole continues. Moreover, the way organizations approach security is changing quite dramatically. The cloud, while offering so many advantages, has also created new complexities. The shared responsibility model redefines what the cloud provider secures, for example, the S three bucket and what the customer is responsible for, eg properly configuring the bucket. You know, this is all well and good, but because virtually no organization of any size can go all in on a single cloud, that shared responsibility model now spans multiple clouds and with different protocols. Now, that of course includes on-prem and edge deployments, making things even more complex. Moreover, the DevOps team is being asked to be the point of execution to implement many aspects of an organization's security strategy. >>This extends to securing the runtime, the platform, and even now containers, which can end up anywhere. There's a real need for consolidation in the security industry, and that's part of the answer. We've seen this both in terms of mergers and acquisitions as well as platform plays that cover more and more ground. But the diversity of alternatives and infrastructure implementations continues to boggle the mind with more and more entry points for the attackers. This includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and how secure those components actually are. The number one challenge CISOs face in today's complex world is lack of talent to address these challenges, and I'm not saying that SecOps pros are now talented. They are. There just aren't enough of them to go around, and the adversary is also talented and very creative, and there are more and more of them every day. >>Now, one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of SEC off teams. Specifically, we're talking about shifting much of the heavy lifting around securing servers, storage, networking, and other infrastructure and their components onto the technology vendor via r and d and other best practices like supply chain management. And that's what we're here to talk about. Welcome to the second part in our series, A Blueprint for Trusted Infrastructure Made Possible by Dell Technologies and produced by the Cube. My name is Dave Ante, and I'm your host now. Previously, we looked at what trusted infrastructure means >>And the role that storage and data protection play in the equation. In this part two of the series, we explore the changing nature of technology infrastructure, how the industry generally in Dell specifically, are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams. Now today, we continue the discussion and look more deeply into servers networking and hyper-converged infrastructure to better understand the critical aspects of how one company Dell is securing these elements so that devs SEC op teams can focus on the myriad new attack vectors and challenges that they faced. First up is Deepak rang Garage Power Edge security product manager at Dell Technologies, and after that we're gonna bring on Mahesh Naar oim, who was a consultant in the networking product management area at Dell. And finally, we're closed with Jerome West, who is the product management security lead for HCI hyperconverged infrastructure and converged infrastructure at Dell. Thanks for joining us today. We're thrilled to have you here and hope you enjoy the program.

>>The cybersecurity landscape continues to be one characterized by a series of point tools designed to do a very specific job, often pretty well, but the mosaic of tooling is grown over the years causing complexity in driving up costs and increasing exposures. So the game of Whackamole continues. Moreover, the way organizations approach security is changing quite dramatically. The cloud, while offering so many advantages, has also created new complexities. The shared responsibility model redefines what the cloud provider secures, for example, the S three bucket and what the customer is responsible for eg properly configuring the bucket. You know, this is all well and good, but because virtually no organization of any size can go all in on a single cloud, that shared responsibility model now spans multiple clouds and with different protocols. Now that of course includes on-prem and edge deployments, making things even more complex. Moreover, the DevOps team is being asked to be the point of execution to implement many aspects of an organization's security strategy. >>This extends to securing the runtime, the platform, and even now containers which can end up anywhere. There's a real need for consolidation in the security industry, and that's part of the answer. We've seen this both in terms of mergers and acquisitions as well as platform plays that cover more and more ground. But the diversity of alternatives and infrastructure implementations continues to boggle the mind with more and more entry points for the attackers. This includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and how secure those components actually are. The number one challenge CISOs face in today's complex world is lack of talent to address these challenges. And I'm not saying that SecOps pros are not talented. They are. There just aren't enough of them to go around and the adversary is also talented and very creative and there are more and more of them every day. >>Now, one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of SEC off teams. Specifically we're talking about shifting much of the heavy lifting around securing servers, storage, networking, and other infrastructure and their components onto the technology vendor via r and d and other best practices like supply chain management. And that's what we're here to talk about. Welcome to the second part in our series, A Blueprint for Trusted Infrastructure Made Possible by Dell Technologies and produced by the Cube. My name is Dave Ante and I'm your host now. Previously we looked at what trusted infrastructure means and the role that storage and data protection play in the equation. In this part two of the series, we explore the changing nature of technology infrastructure, how the industry generally in Dell specifically, are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams. >>Now today, we continue the discussion and look more deeply into servers networking and hyper-converged infrastructure to better understand the critical aspects of how one company Dell is securing these elements so that dev sec op teams can focus on the myriad new attack vectors and challenges that they faced. First up is Deepak rang Garage Power Edge security product manager at Dell Technologies. And after that we're gonna bring on Mahesh Nagar oim, who was consultant in the networking product management area at Dell. And finally, we're close with Jerome West, who is the product management security lead for HCI hyperconverged infrastructure and converged infrastructure at Dell. Thanks for joining us today. We're thrilled to have you here and hope you enjoy the program. Deepak Arage shoes powered security product manager at Dell Technologies. Deepak, great to have you on the program. Thank you. >>Thank you for having me. >>So we're going through the infrastructure stack and in part one of this series we looked at the landscape overall and how cyber has changed and specifically how Dell thinks about data protection in, in security in a manner that both secures infrastructure and minimizes organizational friction. We also hit on the storage part of the portfolio. So now we want to dig into servers. So my first question is, what are the critical aspects of securing server infrastructure that our audience should be aware of? >>Sure. So if you look at compute in general, right, it has rapidly evolved over the past couple of years, especially with trends toward software defined data centers and with also organizations having to deal with hybrid environments where they have private clouds, public cloud locations, remote offices, and also remote workers. So on top of this, there's also an increase in the complexity of the supply chain itself, right? There are companies who are dealing with hundreds of suppliers as part of their supply chain. So all of this complexity provides a lot of opportunity for attackers because it's expanding the threat surface of what can be attacked, and attacks are becoming more frequent, more severe and more sophisticated. And this has also triggered around in the regulatory and mandates around the security needs. >>And these regulations are not just in the government sector, right? So it extends to critical infrastructure and eventually it also get into the private sector. In addition to this, organizations are also looking at their own internal compliance mandates. And this could be based on the industry in which they're operating in, or it could be their own security postures. And this is the landscape in which servers they're operating today. And given that servers are the foundational blocks of the data center, it becomes extremely important to protect them. And given how complex the modern server platforms are, it's also extremely difficult and it takes a lot of effort. And this means protecting everything from the supply chain to the manufacturing and then eventually the assuring the hardware and software integrity of the platforms and also the operations. And there are very few companies that go to the lens that Dell does in order to secure the server. We truly believe in the notion and the security mentality that, you know, security should enable our customers to go focus on their business and proactively innovate on their business and it should not be a burden to them. And we heavily invest to make that possible for our customers. >>So this is really important because the premise that I set up at the beginning of this was really that I, as of security pro, I'm not a security pro, but if I were, I wouldn't want to be doing all this infrastructure stuff because I now have all these new things I gotta deal with. I want a company like Dell who has the resources to build that security in to deal with the supply chain to ensure the providence, et cetera. So I'm glad you you, you hit on that, but so given what you just said, what does cybersecurity resilience mean from a server perspective? For example, are there specific principles that Dell adheres to that are non-negotiable? Let's say, how does Dell ensure that its customers can trust your server infrastructure? >>Yeah, like when, when it comes to security at Dell, right? It's ingrained in our product, so that's the best way to put it. And security is nonnegotiable, right? It's never an afterthought where we come up with a design and then later on figure out how to go make it secure, right? Our security development life cycle, the products are being designed to counter these threats right from the big. And in addition to that, we are also testing and evaluating these products continuously to identify vulnerabilities. We also have external third party audits which supplement this process. And in addition to this, Dell makes the commitment that we will rapidly respond to any mitigations and vulnerability, any vulnerabilities and exposures found out in the field and provide mitigations and patches for in attacking manner. So this security principle is also built into our server life cycle, right? Every phase of it. >>So we want our products to provide cutting edge capabilities when it comes to security. So as part of that, we are constantly evaluating what our security model is done. We are building on it and continuously improving it. So till a few years ago, our model was primarily based on the N framework of protect, detect and rigor. And it's still aligns really well to that framework, but over the past couple of years we have seen how computers evolved, how the threads have evolved, and we have also seen the regulatory trends and we recognize the fact that the best security strategy for the modern world is a zero trust approach. And so now when we are building our infrastructure and tools and offerings for customers, first and foremost, they're cyber resilient, right? What we mean by that is they're capable of anticipating threats, withstanding attacks and rapidly recurring from attacks and also adapting to the adverse conditions in which they're deployed. The process of designing these capabilities and identifying these capabilities however, is done through the zero press framework. And that's very important because now we are also anticipating how our customers will end up using these capabilities at there and to enable their own zero trust IT environments and IT zero trusts deployments. We have completely adapted our security approach to make it easier for customers to work with us no matter where they are in their journey towards zero trust option. >>So thank you for that. You mentioned the, this framework, you talked about zero trust. When I think about n I think as well about layered approaches. And when I think about zero trust, I think about if you, if you don't have access to it, you're not getting access, you've gotta earn that, that access and you've got layers and then you still assume that bad guys are gonna get in. So you've gotta detect that and you've gotta response. So server infrastructure security is so fundamental. So my question is, what is Dell providing specifically to, for example, detect anomalies and breaches from unauthorized activity? How do you enable fast and easy or facile recovery from malicious incidents? >>Right? What is that is exactly right, right? Breachers are bound to happen. And given how complex our current environment is, it's extremely distributed and extremely connected, right? Data and users are no longer contained with an offices where we can set up a perimeter firewall and say, Yeah, everything within that is good. We can trust everything within it. That's no longer true. The best approach to protect data and infrastructure in the current world is to use a zero trust approach, which uses the principles. Nothing is ever trusted, right? Nothing is trusted implicitly. You're constantly verifying every single user, every single device, and every single access in your system at every single level of your ID environment. And this is the principles that we use on power Edge, right? But with an increased focus on providing granular controls and checks based on the principles of these privileged access. >>So the idea is that service first and foremost need to make sure that the threats never enter and they're rejected at the point of entry. But we recognize breaches are going to occur and if they do, they need to be minimized such that the sphere of damage cost by attacker is minimized. So they're not able to move from one part of the network to something else laterally or escalate their privileges and cause more damage, right? So the impact radius for instance, has to be radius. And this is done through features like automated detection capabilities and automation, automated remediation capabilities. So some examples are as part of our end to end boot resilience process, we have what they call a system lockdown, right? We can lock down the configuration of the system and lock on the form versions and all changes to the system. And we have capabilities which automatically detect any drift from that lockdown configuration and we can figure out if the drift was caused to authorized changes or unauthorized changes. >>And if it is an unauthorize change can log it, generate security alerts, and we even have capabilities to automatically roll the firm where, and always versions back to a known good version and also the configurations, right? And this becomes extremely important because as part of zero trust, we need to respond to these things at machine speed and we cannot do it at a human speed. And having these automated capabilities is a big deal when achieving that zero trust strategy. And in addition to this, we also have chassis inclusion detection where if the chassis, the box, the several box is opened up, it logs alerts, and you can figure out even later if there's an AC power cycle, you can go look at the logs to see that the box is opened up and figure out if there was a, like a known authorized access or some malicious actor opening and chain something in your system. >>Great, thank you for that lot. Lot of detail and and appreciate that. I want to go somewhere else now cuz Dell has a renowned supply chain reputation. So what about securing the, the supply chain and the server bill of materials? What does Dell specifically do to track the providence of components it uses in its systems so that when the systems arrive, a customer can be a hundred percent certain that that system hasn't been compromised, >>Right? And we've talked about how complex the modern supply chain is, right? And that's no different for service. We have hundreds of confidence on the server and a lot of these form where in order to be configured and run and this former competence could be coming from third parties suppliers. So now the complexity that we are dealing with like was the end to end approach. And that's where Dell pays a lot of attention into assuring the security approach approaching. And it starts all the way from sourcing competence, right? And then through the design and then even the manufacturing process where we are wetting the personnel leather factories and wetting the factories itself. And the factories also have physical controls, physical security controls built into them and even shipping, right? We have GPS tagging of packages. So all of this is built to ensure supply chain security. >>But a critical aspect of this is also making sure that the systems which are built in the factories are delivered to the customers without any changes or any tapper. And we have a feature called the secure component verification, which is capable of doing this. What the feature does this, when the system gets built in a factory, it generates an inventory of all the competence in the system and it creates a cryptographic certificate based on the signatures presented to this by the competence. And this certificate is stored separately and sent to the customers separately from the system itself. So once the customers receive the system at their end, they can run out to, it generates an inventory of the competence on the system at their end and then compare it to the golden certificate to make sure nothing was changed. And if any changes are detected, we can figure out if there's an authorized change or unauthorize change. >>Again, authorized changes could be like, you know, upgrades to the drives or memory and ized changes could be any sort of temper. So that's the supply chain aspect of it. And bill of metal use is also an important aspect to galing security, right? And we provide a software bill of materials, which is basically a list of ingredients of all the software pieces in the platform. So what it allows our customers to do is quickly take a look at all the different pieces and compare it to the vulnerability database and see if any of the vulner, which have been discovered out in the wild affected platform. So that's a quick way of figuring out if the platform has any known vulnerabilities and it has not been patched. >>Excellent. That's really good. My last question is, I wonder if you, you know, give us the sort of summary from your perspective, what are the key strengths of Dell server portfolio from a security standpoint? I'm really interested in, you know, the uniqueness and the strong suit that Dell brings to the table, >>Right? Yeah. We have talked enough about the complexity of the environment and how zero risk is necessary for the modern ID environment, right? And this is integral to Dell powered service. And as part of that like you know, security starts with the supply chain. We already talked about the second component verification, which is a beneath feature that Dell platforms have. And on top of it we also have a silicon place platform mode of trust. So this is a key which is programmed into the silicon on the black service during manufacturing and can never be changed after. And this immutable key is what forms the anchor for creating the chain of trust that is used to verify everything in the platform from the hardware and software integrity to the boot, all pieces of it, right? In addition to that, we also have a host of data protection features. >>Whether it is protecting data at risk in news or inflight, we have self encrypting drives, which provides scalable and flexible encryption options. And this couple with external key management provides really good protection for your data address. External key management is important because you know, somebody could physically steam the server, walk away, but then the keys are not stored on the server, it stood separately. So that provides your action layer of security. And we also have dual layer encryption where you can compliment the hardware encryption on the secure encrypted drives with software level encryption. Inion to this we have identity and access management features like multifactor authentication, single sign on roles, scope and time based access controls, all of which are critical to enable that granular control and checks for zero trust approach. So I would say like, you know, if you look at the Dell feature set, it's pretty comprehensive and we also have the flexibility built in to meet the needs of all customers no matter where they fall in the spectrum of, you know, risk tolerance and security sensitivity. And we also have the capabilities to meet all the regulatory requirements and compliance requirements. So in a nutshell, I would say that, you know, Dell Power Service cyber resident infrastructure helps accelerate zero tested option for customers. >>Got it. So you've really thought this through all the various things that that you would do to sort of make sure that your server infrastructure is secure, not compromised, that your supply chain is secure so that your customers can focus on some of the other things that they have to worry about, which are numerous. Thanks Deepak, appreciate you coming on the cube and participating in the program. >>Thank you for having >>You're welcome. In a moment I'll be back to dig into the networking portion of the infrastructure. Stay with us for more coverage of a blueprint for trusted infrastructure and collaboration with Dell Technologies on the cube. Your leader in enterprise and emerging tech coverage.

>> Whenever you're ready. >> Okay, I'm Dave, in five, four, three. I want to thank our guests for their contributions in helping us understand how investments by a company like Dell can both reduce the need for DevSecOp teams to worry about some of the more fundamental security issues around infrastructure, and have greater confidence in the quality, provenance and data protection designed in to core infrastructure like servers, storage, networking, and hyperconverged systems. At the end of the day, whether your workloads are in the cloud, on prem or at the edge, you are responsible for your own security but vendor R&D and vendor process must play an important role in easing the burden faced by security, devs and operation teams. And on behalf of theCUBE production, content and social teams, as well as Dell Technologies, we want to thank you for watching A Blueprint for Trusted Infrastructure. Remember, part one of this series, as well as all the videos associated with this program and of course, today's program are available on demand at thecube.net with additional coverage at siliconangle.com. And you can go to dell.com/securitysolutions, dell.com/dell.com/securitysolutions to learn more about Dell's approach to securing infrastructure and there's tons of additional resources that can help you on your journey. This is Dave Vellante for theCUBE, your leader in enterprise and emerging tech coverage. We'll see you next time.

(upbeat music) >> We're back with a Blueprint for Trusted Infrastructure in partnership with Dell Technologies and theCUBE. And we're here with Mahesh Nagarathnam who is a consultant in the area of networking product management at Dell technologies. Mahesh, welcome, good to see you. >> Hey, good morning, Dave. It's nice to meet you as well. >> Hey, so we've been digging into all the parts of the infrastructure stack, and now we're going to look at the all important networking components. Mahesh, when we think about networking in today's environment, we think about the core data center and we're connecting out to various locations including the cloud and both the near and the far edge. So the question is from Dell's perspective what's unique and challenging about securing network infrastructure that we should know about? >> Yeah, so a few years ago, IT security in an enterprise was primarily putting a wrapper around the data center because IT was constrained to an infrastructure owned and operated by the enterprise for the most part. So putting a wrapper around it like a perimeter or a firewall was a sufficient response because you could basically control the enormous data into small enough control. Today, with the distributed data intelligent software different systems, multi-cloud environment and asset service delivery. The infrastructure for the modern era changes the way to secure the network infrastructure. In today's data driven world, IT operates everywhere and data is created and accessed everywhere. So far from the centralized mono data centers of the past. The biggest challenge is how do we build the network infrastructure of the modern era that are intelligent, with automation, enabling maximum flexibility and business agility without any compromise on the security. We believe that in this data era, the security transformation must accompany digital transformation. >> Yeah, that's very good. You talked about a couple of things there. Data by its very nature is distributed, there is no perimeter anymore. So you can't just, as you say, put a wrapper around it, I like the way you phrase that. So when you think about cyber security resilience from a networking perspective, how do you define that? In other words, what are the basic principles that you adhere to when thinking about securing network infrastructure for your customers? >> So our belief is that cybersecurity and cybersecurity resilience, they need to be holistic. They need to be integrated, scalable, one that spans the enterprise and with a consistent and objective and policy implementation. So cybersecurity needs to span across all the devices and running across any application whether the application resets on the cloud or anywhere else in the infrastructure. From a networking standpoint, what does it mean? It's again, the same principles. In order to prevent the threat actors from accessing, changing, destroying or stealing sensitive data, this definition holds good for networking as well. So if you look at it from a networking perspective it's the ability to protect from and withstand attacks on the networking systems. As we continue to evolve, this will also include the ability to adapt and recover from these attacks which is what cyber resilience aspect is all about. So cybersecurity, best practices as you know is continuously changing the landscape primarily because the cyber threats also continue to evolve. >> Yeah, got it. I like that. So, it's got to be integrated. It's got to be scalable. It's got to be comprehensive and adaptable. You're saying it can't be static. >> Right. So I think, you had a second part of the question that says, what are the basic principles when you're thinking about securing network infrastructure. When you are looking at securing the network infrastructure it revolves around core security capability of the devices that form the network. And what are these security capabilities? These are access control, software integrity and vulnerability response. When you look at access control it's to ensure that only the authenticated users are able to access the platform and they're able to access only the kind of the assets that they're authorized to, based on their user level. Now accessing a network platform like a switch or a router, for example, is typically used for configuration and management of the networking switch. So user access is based on roles for that matter role based access control, whether you are security admin or a network admin or a storage admin. And it's imperative that logging is enabled because any of the change to the configuration is actually logged and monitored as well. When we're talking about software's integrity, it's the ability to ensure that the software that's running on the system has not been compromised. And this is important because it could actually get hold of the system and you could get undesired results. In terms of validation of the images, it needs to be done through digital signature. So it's important that when you're talking about software integrity, A, you are ensuring that the platform is not compromised and B, that any upgrades that happens to the platform is happening through validated signature. >> Okay. And now you've, so there's access control, software integrity and I think you got a third element, which is, I think response, but please continue. >> Yeah. So, the third one about vulnerability. So we follow the same process that's been followed by the rest of the products within the Dell Product family that's to report or identify any kind of vulnerability that's being addressed by the Dell Product Security Incident Response Team. So the networking portfolio is no different. It follows the same process for identification for triage and for resolution of these vulnerabilities. And this address either through patches or through new resource via networking software. >> Yeah, got it. I mean, you didn't say zero trust but when you were talking about access control you're really talking about access to only those assets that people are authorized to access. I know zero trust sometimes is a buzzword, but you, I think gave it some clarity there. Software integrity, it's about assurance, validation, your digital signature, you mentioned, and that there's been no compromise. And then how you respond to incidents in a standard way that can fit into a security framework. So outstanding description. Thank you for that. But then the next question is how does Dell Networking fit into the construct of what we've been talking about, Dell Trusted Infrastructure? >> So networking is the key element in the Dell Trusted Infrastructure. It provides the interconnect between the server and the storage world and it's part of any data center configuration. For a trusted infrastructure, the network needs to have access control in place where only the authorized personals are able to make change to the network configuration and logging of any of those changes is also done through the logging capabilities. Additionally, we should also ensure that the configuration should provide network isolation between the management network and the data traffic network because they need to be separate and distinct from each other. And furthermore, even if you look at the data traffic network, you have things like segmentation, isolated segments and via VRFs or micro-segmentation via partners. This allows various level of security for each of those segments. So it's important that the network infrastructure has the ability to provide all these services. From a Dell networking security perspective, there are multiple layers of defense, both at the edge and in the network, in the hardware and in the software. And essentially, a set of rules and a configuration that's designed to sort of protect the integrity, confidentiality and accessibility of the network assets. So each network security layer, it implements policies and controls, as I said, including network segmentation, we do have capabilities, resources, centralized management, automation, and capability and scalability for that matter. Now you add all of these things with the open networking standards or software different principles, and you essentially reach to the point where you're looking at zero trust network access which is essentially sort of a building block for increased cloud adoption. If you look at the different pillars of a zero touch architecture, if you look at the device aspect, we do have support for secure boot, for example, we do have trusted platform, trusted platform models, TPMs on certain offer products. And the physical security, plain simple old WLAN port enable disable. From a user trust perspective, we know it's all done via access control base via role based access control and capability in order to provide remote authentication or things like sticky MAC or MAC learning limit and so on. If you look at a transport and a session trust layer, these are essentially, how do you access this switch. Is it by plain old Telnet, or is it like secure SSH. And when a host communicates to the switch, we do have things like self-signed or a certificate authority based certification. And one of the important aspect is, in terms of the routing protocol the routing protocol, for example, BGP, for example, we do have the capability to support MD5 authentication between the BGP peers so that there is no malicious attack to the network where the routing table is compromised. And the other aspect is about control plain ESL. It's typical that if you don't have a control plane Azure, it could be flooded and the switch could be compromised by denial of service attacks. From an application test perspective, as I mentioned, we do have the application specific security rules where you could actually define the specific security rules based on the specific applications that are running within the system. And I did talk about the digital signature and the cryptographic checks and that we do for authentication and, I mean rather for the authenticity and the validation of the image and the boundary and so on and so forth. Finally the data trust, we are looking at the network separation. The network separation could happen over VRF, plain old VLANs which can bring about multitenancy aspects. We talk about micro-segmentation as it applies to NSX, for example. The other aspect is we do have with our own smart fabric services, that's enabled in a fabric, we have a concept of cluster security. So all of this, the different pillars, they sort of make up for the zero trust infrastructure for the networking assets of an infrastructure. >> Yeah, so thank you for that. There's a lot to unpack there. One of the premise, the premise really this segment that we're setting up in this series, is really that everything you just mentioned, or a lot of things you just mentioned used to be the responsibility of the security team and the premise that we're putting forth is that because security teams are so stretched thin, you got to shift a vendor community, Dell specifically is shifting a lot of those tasks to their own R&D and taking care of a lot of that. 'cause SecOps teams got a lot of other stuff to worry about. So my question relates to things like automation which can help and scalability. What about those topics as it relates to networking infrastructure? >> Our portfolio, it enables state of the automation software that enables simplifying of the design. So for example, we do have the fabric design center, a tool that automates the design of the entire fabric and from a deployment and the management of the network infrastructure, there are simplicities using like Ansible playbooks for SONiC, for example. Or for a better storage, we do have smart fabric services that can automate the entire fabric for a storage solution or for one of the workloads, for example. Now we do help reduce the complexity by closely integrating the management of the physical and the virtual networking infrastructure. And again, we have those capabilities using SONiC or smart traffic services. If you look at SONiC for example, it delivers automated intent based secure containerized network. And it has the ability to provide network visibility and awareness and of these things are actually valid for a modern networking infrastructure. So now if you look at SONiC, the usage of those tools that are available within the SONiC NAS is not restricted just to the data center infrastructure, it's a unified NAS that's well applicable beyond the data center, right up to the edge. Now, if you look at our NAS from a smart traffic OS10 perspective, as I mentioned, we do have smart traffic services, which essentially simplifies the deployment, day one day two deployment expansion plans and the life cycle management of our converged infrastructure and hyperconverged infrastructure solutions. And finally, in order to enable zero touch deployment, we do have a VEP solution with our SD-WAN capability. So these are in a ways by which we bring down the complexity by enhancing the automation capability using a singular NAS that can expand from a data center now, right to the edge. >> Great, thank you for that. Last question real quick. Pitch me, can you summarize from your point of view what's the strength of the Dell networking portfolio? >> So from a Dell networking portfolio we support the capabilities at multiple layers, as I mentioned. We've talking about the physical security, for example, let's say disabling of the unused interface, sticky MAC and trusted platform modules are the things that to go after. And when you're talking about secure boot, for example, it delivers the authenticity and the integrity of the OS10 images at the startup. And secure boot also protects the startup configuration so that the startup configuration file is not compromised. And secure boot also enables the bootloader protection, for example. That is at another aspect of software image, integrity validation, wherein the image is validated for the digital signature prior to any upgrade process. And if you are looking at secure access control we do have things like role-based access control, SSH to the switches, control plane, access control, that pre-onset attacks and access control through multifactor authentication. We do have Radius Tech ads for entry control to the network and things like CSE and PRV support from a federal perspective. We do have logging wherein any event, any auditing capabilities can be possible by looking at the syslog servers which are pretty much in our transmitter from the devices ORTS, for example. And last we talked about network separation. And this separation ensures that that is a contained segment for a specific purpose or for the specific zone. And this can be implemented by a micro-segmentation, just a plain old WLAN or using virtual route of framework VRF, for example. >> A lot there. I mean, I think frankly, my takeaway is you guys do the heavy lifting in a very complicated topic. So thank you so much for coming on theCUBE and explaining that in quite some depth. Really appreciate it. >> Thank you, Dave. >> Oh, you're very welcome. Okay in a moment, I'll be back to dig into the hyperconverged infrastructure part of the portfolio, and look at how, when you enter the world of software defined where you're controlling servers and storage and networks via software led system, you could be sure that your infrastructure is trusted and secure. You're watching a Blueprint for Trusted Infrastructure made possible by Dell technologies and collaboration with theCUBE, your leader in enterprise and emerging tech coverage. (soft upbeat music)

(upbeat music) >> We're back with Jerome West, the Product Management Security Lead for HCI at Dell Technologies Hyper-Converged Infrastructure. Jerome, welcome. >> Thank you, Dave. >> Hey, Jerome, in this series "A Blueprint for Trusted Infrastructure," we've been digging into the different parts of the infrastructure stack, including storage servers and networking, and now we want to cover hyper-converged infrastructure. So my first question is what's unique about HCI that presents specific security challenges? What do we need to know? >> So what's unique about hyper-converged infrastructure is the breadth of the security challenge. We can't simply focus on a single type of IT system, so like a server or a storage system or a virtualization piece of software. I mean, HCI is all of those things. So luckily we have excellent partners like VMware, Microsoft and internal partners, like the Dell Power Edge Team, the Dell Storage Team, the Dell Networking Team, and on and on. These partnerships and these collaborations are what make us successful from a security standpoint. So let me give you an example to illustrate. In the recent past, we're seeing growing scope and sophistication in supply chain attacks. This means an attacker is going to attack your software supply chain upstream, so that hopefully a piece of code, malicious code that wasn't identified early in the software supply chain is distributed like a large player, like a VMware or a Microsoft or a Dell. So to confront this kind of sophisticated hard to defeat problem, we need short-term solutions and we need long-term solutions as well. So for the short-term solution, the obvious thing to do is to patch the vulnerability. The complexity is for our HCI portfolio, we build our software on VMware. So we would have to consume a patch that VMware would produce and provide it to our customers in a timely manner. Luckily, VxRail's engineering team has co engineered a release process with VMware that significantly shortens our development life cycle, so that VMware will produce a patch, and within 14 days we will integrate our own code with the VMware release. We will have tested and validated the update, and we will give an update to our customers within 14 days of that VMware release. That as a result of this kind of rapid development process, VxRail had over 40 releases of software updates last year. For a longer term solution, we're partnering with VMware and others to develop a software bill of materials. We work with VMware to consume their software manifest including their upstream vendors and their open source providers to have a comprehensive list of software components. Then we aren't caught off guard by an unforeseen vulnerability, and we're more able to easily detect where the software problem lies so that we can quickly address it. So these are the kind of relationships and solutions that we can co-engineer with effective collaborations with our partners. >> Great, thank you for that description. So if I had to define what cybersecurity resilience means to HCI or converged infrastructure, to me, my takeaway was you got to have a short-term instant patch solution and then you got to do an integration in a very short time, you know, two weeks to then have that integration done. And then longer-term, you have to have a software bill of materials so that you can ensure the provenance of all the components. Help us, is that a right way to think about cybersecurity resilience? Do you have, you know, additives to that definition? >> I do. I really think that cybersecurity and resilience for HCI, because like I said it has sort of unprecedented breadth across our portfolio. It's not a single thing. It's a bit of everything. So really the strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer. So let me give you an example. So HCI, it's a basically taking a software abstraction of hardware functionality and implementing it into something called the virtualized layer. It's basically the virtualizing hardware functionality, like say a storage controller. You could implement it in the hardware, but for HCI, for example, in our VxRail portfolio, our VxRail product, we integrated it into a product called vSan which is provided by our partner VMware. So that portfolio strength is still, you know, through our partnerships. So what we do, we integrate these security functionality and features into our product. So our partnership grows through our ecosystem through products like VMware products, like NSX, Horizon, Carbon Black and vSphere. All of them integrate seamlessly with VMware. And we also leverage VMware's software partnerships on top of that. So for example, VxRail supports multifactor authentication through vSphere's integration with something called Active Directory Federation Services or ADFS. So there is a lot of providers that support ADFS, including Microsoft Azure. So now we can support a wide array of identity providers such as Auth0, or I mentioned Azure or Active Directory through that partnership. So we can leverage all of our partners' partnerships as well. So there's sort of a second layer. So being able to secure all of that, that provides a lot of options and flexibility for our customers. So basically to summarize my answer, we consume all of the security advantages of our partners, but we also expand on them to make a product that is comprehensively secured at multiple layers from the hardware layer that's provided by Dell through Power Edge to the hyper-converged software that we build ourselves to the virtualization layer that we get through our partnerships with Microsoft and VMware. >> Great, I mean, that's super helpful. You've mentioned NSX, Horizon, Carbon Black, all the you know, the VMware component, Auth0, which the developers are going to love. You got Azure Identity. So it's really an ecosystem. So you may have actually answered my next question, but I'm going to ask it anyway cause you've got this software-defined environment, and you're managing servers and networking and storage with this software-led approach. How do you ensure that the entire system is secure end to end? >> That's a really great question. So the answer is we do testing and validation as part of the engineering process. It's not just bolted on at the end. So when we do, for example VxRail is the market's only co-engineered solution with VMware. Other vendors sell VMware as a hyper-converged solution, but we actually include security as part of the co-engineering process with VMware. So it's considered when VMware builds their code, and their process dovetails with ours because we have a secure development lifecycle which other products might talk about in their discussions with you, that we integrate into our engineering lifecycle. So because we follow the same framework, all of the code should inter-operate from a security standpoint. And so when we do our final validation testing, when we do a software release, we're already halfway there in ensuring that all these features will give the customers what we promised. >> That's great. All right, let's close. Pitch me. What would you say is the strong suit, summarize the the strengths of the Dell hyper-converged infrastructure and converged infrastructure portfolio, specifically from a security perspective, Jerome? >> So I talked about how hyper-converged infrastructure simplifies security management because basically you're going to take all of these features that are abstracted in hardware. They're not abstracted in the virtualization layer. Now you can manage them from a single point of view, whether it would be say, you know, for VxRail it would be vCenter, for example. So by abstracting all this, you make it very easy to manage security and highly flexible because now you don't have limitations around a single vendor. You have a multiple array of choices and partnerships to select. So I would say that is the key to making, to HCI. Now what makes Dell the market leader in HCI is not only do we have that functionality, but we also make it exceptionally useful to you because it's co-engineered. It's not bolted on. So I gave the example of SBOM. I gave the example of how we modify our software release process with VMware to make it very responsive. A couple of other features that we have specific just to HCI are digitally signed LCM updates. This is an example of a feature that we have that's only exclusive to Dell. It's not done through a partnership. So we digitally sign our software updates. So the user can be sure that the update that they're installing into their system is an authentic and unmodified product. So we give it a Dell signature that's invalidated prior to installation. So not only do we consume the features that others develop in a seamless and fully validated way, but we also bolt on our own specific HCI security features that work with all the other partnerships and give the user an exceptional security experience. So for example, the benefit to the customer is you don't have to create a complicated security framework. That's hard for your users to use, and it's hard for your system administrators to manage. It all comes in a package, so it can be all managed through vCenter, for example. And then the specific hyper-converged functions can be managed through VxRail manager or through STDC manager. So there's very few panes of glass that the administrator or user ever has to worry about. It's all self-contained and manageable. >> That makes a lot of sense. So you've got your own infrastructure. You're applying your best practices to that like the digital signatures. You've got your ecosystem. You're doing co-engineering with the ecosystems, delivering security in a package, minimizing the complexity at the infrastructure level. The reason, Jerome, this is so important is because SecOps teams, you know, they got to deal with Cloud security. They got to deal with multiple Clouds. Now they have their shared responsibility model going across multiple. They got all this other stuff that they have to worry. They got to secure the containers and the run time and the platform and so forth. So they're being asked to do other things. If they have to worry about all the things that you just mentioned, they'll never get, you know, the security is just going to get worse. So my takeaway is you're removing that infrastructure piece and saying, okay, guys, you now can focus on those other things that is not necessarily Dell's, you know, domain, but you, you know, you can work with other partners and your own teams to really nail that. Is that a fair summary? >> I think that is a fair summary because absolutely the worst thing you can do from a security perspective is provide a feature that's so unusable that the administrator disables it or other key security features. So when I work with my partners to define and develop a new security feature, the thing I keep foremost in mind is will this be something our users want to use and our administrators want to administer? Because if it's not, if it's something that's too difficult or onerous or complex, then I try to find ways to make it more user-friendly and practical. And this is a challenge sometimes because our products operate in highly regulated environments, and sometimes they have to have certain rules and certain configurations that aren't the most user friendly or management friendly. So I put a lot of effort into thinking about how can we make this feature useful while still complying with all the regulations that we have to comply with. And by the way, we're very successful in a highly regulated space. We sell a lot of VxRail, for example, into the Department of Defense and banks and other highly regulated environments. And we're very successful there. >> Excellent, okay, Jerome, thanks. We're going to leave it there for now. I'd love to have you back to talk about the progress that you're making down the road. Things always, you know, advance in the tech industry, and so would appreciate that >> I would look forward to it. Thank you very much, Dave. >> You're really welcome. In a moment, I'll be back to summarize the program and offer some resources that can help you on your journey to secure your enterprise infrastructure. (upbeat music)

(upbeat music) >> Welcome back to a Blueprint For Trusted Infrastructure. We're here with Rob Emsley. Who's the director of product marketing for data protection and cyber security. Rob, good to see you. A new role. >> Yeah. Good to be back, Dave. Good to see you. Yeah, it's been a while since we chatted last and, you know, one of the changes in my world is that I've expanded my responsibilities beyond data protection marketing to also focus on cybersecurity marketing specifically for our infrastructure solutions group. So certainly that's, you know, something that really has driven us, you know, to come and have this conversation with you today. >> So data protection obviously has become an increasingly important component of the cyber security space. I don't think necessarily of, you know, traditional backup and recovery as security, to me, it's an adjacency. I know some companies have said, oh, yeah. Now we're a security company. They're kind of chasing the valuation bubble. >> For sure. >> Dell's interesting because you have, you know, data protection in the form of backup and recovery and data management, but you also have security, you know, direct security capabilities. So you're sort of bringing those two worlds together and it sounds like your responsibility is to connect those dots. Is that right? >> Absolutely. Yeah. I mean, I think that the reality is is that security is a multi-layer discipline. I think the days of thinking that it's one or another technology that you can use or process that you can use to make your organization secure are long gone. I mean, certainly you actually correct. If you think about the backup and recovery space, I mean, people have been doing that for years, you know, certainly backup and recovery, it's all about the recovery. It's all about getting yourself backup and running when bad things happen. And one of the realities, unfortunately today is that one of the worst things that can happen is cyber attacks. You know, ransomware, malware are all things that are top of mind for all organizations today. And that's why you see a lot of technology and a lot of innovation going into the backup and recovery space because if you have a copy, a good copy of your data, then that is really the first place you go to recover from a cyber attack. And that's why it's so important. The reality is is that unfortunately the cyber criminals keep on getting smarter. I don't know how it happens, but one of the things that is happening is that the days of them just going after your production data are no longer the only challenge that you have, they go after your backup data as well. So over the last half a decade, Dell Technologies with its backup and recovery portfolio has introduced the concept of isolated cyber recovery vaults. We've had many conversations about that over the years and that's really a big tenant of what we do in the data protection portfolio. >> So this idea of cybersecurity resilience that definition is evolving. What does it mean to you? >> Yeah, I think the analyst team over at Gartner, they wrote a very insightful paper called you will be hacked embrace the breach. And the whole basis of this analysis is so much money's been spent on prevention is that what's out of balance is the amount of budget that companies have spent on cyber resilience and cyber resilience is based upon the premise that you will be hacked. You have to embrace that fact and be ready and prepared to bring yourself back into business. You know, and that's really where cyber resiliency is very, very different than cyber security and prevention, you know, and I think that balance of get your security disciplines well funded, get your defenses as good as you can get them but make sure that if the inevitable happens and you find yourself compromised that you have a great recovery plan and certainly a great recovery plan, it's really the basis of any good, solid data protection backup from recovery philosophy. >> So if I had to do a SWOT analysis, we don't have to do the WOT, but let's focus on the S. What would you say are Dell's strengths in this, you know, cyber security space as it relates to data protection? >> One is we've been doing it a long time. You know, we talk a lot about Dell's data protection being proven and modern. You know, certainly the experience that we've had over literally three decades of providing enterprise scale data protection solutions to our customers has really allowed us to have a lot of insight into what works and what doesn't. As I mentioned to you, one of the unique differentiators of our solution is the cyber recovery vaulting solution that we introduce a little over five years ago, five, six years. Power protect cyber recovery is something which has become a unique capability for customers to adopt on top of their investment in Dell Technologies data protection, you know, the unique elements of our solution already threefold, and we call them the three Is. It's isolation, it's a immutability and it's intelligence. And the, the isolation part is really so important because you need to reduce the attack surface of your good known copies of data. You know, you need to put it in a location that the bad actors can't get to it. And that really is the essence of a cyber recovery vault. Interestingly enough, you're starting to see the market throw out that word, you know, from many other places, but really it comes down to having a real discipline that you don't allow the security of your cyber recovery vault to be compromised insofar as allowing it to be controlled from outside of the vault, you know, allowing it to be controlled by your backup application. Our cyber recovery vaulting technology is independent of the backup infrastructure. It uses it, but it controls its own security. And that is so, so important. It's like having a vault that the only way to open it is from the inside, you know, and think about that. If you think about, you know, vaults in banks or vaults in your home, normally you have a key pad on the outside. Think of our cyber recovery vault as having its security controlled from inside of the vault. >> So nobody can get in, nothing can get in unless it's already in. And if it's already in, then it's trusted. >> Exactly, exactly. >> Yeah. So isolation's the key. And then you mentioned immutability is the second piece. >> Yeah, so immutability is also something which has been around for a long time. People talk about backup mutability or immutable backup copies. So I mutability is just the additional technology that allows the data that's inside of the vault to be unchangeable, you know, but again that immutability, you know, your mileage varies, you know, when you look across the different offers that are out there in the market especially in the backup industry. You made a very valid point earlier that the backup vendors in the market seem to be security washing their marketing messages. I mean, everybody is leaning into the ever present danger of cybersecurity, not a bad thing, but the reality is is that you have to have the technology to back it up, you know, quite literally >> Yeah, no pun intended. Right. Actually pun intended. Now what about the intelligence piece of it? That's that's AI, ML, where does that fit? >> For sure. So the intelligence piece is delivered by a solution called CyberSense. And CyberSense for us is what really gives you the confidence that what you have in your cyber recovery vault is a good clean copy of data. So it's looking at the backup copies that get driven into the cyber vault, and it's looking for anomalies. So it's not looking for signatures of malware. You know, that's what your antivirus software does. That's what your endpoint protection software does. That's on the prevention side of the equation. But what we're looking for is we're looking to ensure that the data that you need when all hell breaks loose is good and that when you get a request to restore and recover your business, you go, right, let's go and do it. And you don't have any concern that what you have in the vault has been compromised. So cyber sense is really a unique analytic solution in the market based upon the fact that it isn't looking at at cursory indicators of malware infection or ransomware introduction, it's doing full content analytics, you know, looking at, you know, has the data in any way changed, has it suddenly become encrypted? Has it suddenly become different to how it was in the previous scan? So that anomaly detection is very, very different. It's looking for, you know, like different characteristics that really are an indicator that something is going on. And, of course, if it sees it, you immediately get flagged. But the good news is is that you always have in the vault the previous copy of good known data which now becomes your restore point. >> So we're talking to Rob Emsley about how data protection fits into what Dell calls DTI, Dell Trusted Infrastructure. And I want to come back, Rob, to this notion of, and not or cause I think a lot of people are skeptical. Like how can I have great security and not introduce friction into my organization? Is that an automation play? How does Dell tackle that problem? >> I mean, I think a lot of it is across our infrastructure is is security has to be built in, I mean, intrinsic security within our servers, within our storage devices, within our elements of our backup infrastructure. I mean, security, multifactor authentication, you know, elements that make the overall infrastructure secure. You know, we have capabilities that, you know, allow us to identify whether or not configurations have changed. You know, we'll probably be talking about that a little bit more to you later in the segment, but the essence is security is not a Bolton. It has to be part of the overall infrastructure. And that's so true, certainly in the data protection space >> Give us the bottom line on how you see Dell's key differentiators. Maybe you could talk about Dell, of course, always talks about its portfolio, but why should customers, you know, lead in to Dell in this whole cyber resilience space? >> You know, staying on the data protection space as I mentioned, the work we've been doing to introduce this cyber resiliency solution for data protection is in our opinion, as good as it gets. You know, you've spoken to a number of our best customers whether it be Bob Bender from Founders Federal or more recently at (indistinct) you spoke to Tony Bryson from the Town of Gilbert. And these are customers that we've had for many years that have implemented cyber recovery vaults. And at the end of the day, they can now sleep at night. You know, that's really the peace of mind that they have is that the insurance that a data protection from Dell cyber recovery vault, a power protect cyber recovery solution gives them, you know, really allows them to, you know, just have the assurance that they don't have to pay a ransom. If they have an insider threat issue and, you know, all the way down to data deletion is they know that what's in the cyber recovery vault is good and ready for them to recover from. >> Great. Well, Rob, congratulations on the new scope of responsibility. I like how, you know, your organization is expanding as the threat surface is expanding. As we said, data protection becoming an adjacency to security, not security in and of itself. A key component of a comprehensive security strategy. Rob Emsley, thank you for coming back in theCUBE. Good to see you again. >> You too, Dave. Thanks. >> All right, in a moment, I'll be back to wrap up a blueprint for trusted infrastructure. You are watching theCUBE. (upbeat music)

(upbeat music) >> The cybersecurity landscape has changed dramatically over the past 24 to 36 months. Rapid cloud migration has created a new layer of security defense, sure, but that doesn't mean CISOs can relax. In many respects, it further complicates, or at least changes, the CISO's scope of responsibilities. In particular, the threat surface has expanded. And that creates more seams, and CISOs have to make sure their teams pick up where the hyperscaler clouds leave off. Application developers have become a critical execution point for cyber assurance. "Shift left" is the kind of new buzz phrase for devs, but organizations still have to "shield right," meaning the operational teams must continue to partner with SecOps to make sure infrastructure is resilient. So it's no wonder that in ETR's latest survey of nearly 1500 CIOs and IT buyers, that business technology executives cite security as their number one priority, well ahead of other critical technology initiatives including collaboration software, cloud computing, and analytics rounding out the top four. But budgets are under pressure and CISOs have to prioritize. It's not like they have an open checkbook. They have to contend with other key initiatives like those just mentioned, to secure the funding. And what about zero trust? Can you go out and buy zero trust or is it a framework, a mindset in a series of best practices applied to create a security consciousness throughout the organization? Can you implement zero trust? In other words, if a machine or human is not explicitly allowed access, then access is denied. Can you implement that policy without constricting organizational agility? The question is, what's the most practical way to apply that premise? And what role does infrastructure play as the enforcer? How does automation play in the equation? The fact is, that today's approach to cyber resilience can't be an "either/or," it has to be an "and" conversation. Meaning, you have to ensure data protection while at the same time advancing the mission of the organization with as little friction as possible. And don't even talk to me about the edge. That's really going to keep you up at night. Hello and welcome to this special CUBE presentation, "A Blueprint for Trusted Infrastructure," made possible by Dell Technologies. In this program, we explore the critical role that trusted infrastructure plays in cybersecurity strategies, how organizations should think about the infrastructure side of the cybersecurity equation, and how Dell specifically approaches securing infrastructure for your business. We'll dig into what it means to transform and evolve toward a modern security infrastructure that's both trusted and agile. First up are Pete Gerr and Steve Kenniston, they're both senior cyber security consultants at Dell Technologies. And they're going to talk about the company's philosophy and approach to trusted infrastructure. And then we're going to speak to Parasar Kodati, who's a senior consultant for storage at Dell Technologies to understand where and how storage plays in this trusted infrastructure world. And then finally, Rob Emsley who heads product marketing for data protection and cyber security. We're going to going to take a deeper dive with Rob into data protection and explain how it has become a critical component of a comprehensive cyber security strategy. Okay, let's get started. Pete Gerr, Steve Kenniston, welcome to theCUBE. Thanks for coming into the Marlborough studios today. >> Great to be here, Dave. Thanks. >> Thanks, Dave. Good to see you. >> Great to see you guys. Pete, start by talking about the security landscape. You heard my little wrap up front. What are you seeing? >> I thought you wrapped it up really well. And you touched on all the key points, right? Technology is ubiquitous today. It's everywhere. It's no longer confined to a monolithic data center. It lives at the edge. It lives in front of us. It lives in our pockets and smartphones. Along with that is data. And as you said, organizations are managing sometimes 10 to 20 times the amount of data that they were just five years ago. And along with that, cyber crime has become a very profitable enterprise. In fact, it's been more than 10 years since the NSA chief actually called cyber crime the biggest transfer of wealth in history. That was 10 years ago. And we've seen nothing but accelerating cyber crime and really sophistication of how those attacks are perpetrated. And so the new security landscape is really more of an evolution. We're finally seeing security catch up with all of the technology adoption, all the build out, the work from home and work from anywhere that we've seen over the last couple of years. We're finally seeing organizations, and really it goes beyond the IT directors, it's a board level discussion today. Security's become a board level discussion. >> Yeah, I think that's true as well. It's like it used to be that security was, "Okay, the SecOps team. You're responsible for security." Now you've got, the developers are involved, the business lines are involved, it's part of onboarding for most companies. You know, Steve, this concept of zero trust. It was kind of a buzzword before the pandemic. And I feel like I've often said it's now become a mandate. But it's still fuzzy to a lot of people. How do you guys think about zero trust? What does it mean to you? How does it fit? >> Yeah. Again, I thought your opening was fantastic. And this whole lead in to, what is zero trust? It had been a buzzword for a long time. And now, ever since the federal government came out with their implementation or desire to drive zero trust, a lot more people are taking it a lot more seriously, 'cause I don't think they've seen the government do this. But ultimately, it's just like you said, right? If you don't have trust to those particular devices, applications, or data, you can't get at it. The question is, and you phrase it perfectly, can you implement that as well as allow the business to be as agile as it needs to be in order to be competitive? 'Cause we're seeing, with your whole notion around DevOps and the ability to kind of build, make, deploy, build, make, deploy, right? They still need that functionality but it also needs to be trusted. It needs to be secure and things can't get away from you. >> Yeah. So it's interesting. I've attended every Reinforce since 2019, and the narrative there is, "Hey, everything in the cloud is great. And this narrative around, 'Oh, security is a big problem.' doesn't help the industry." The fact is that the big hyperscalers, they're not strapped for talent, but CISOs are. They don't have the capabilities to really apply all these best practices. They're playing Whac-A-Mole. So they look to companies like yours, to take your R&D and bake it into security products and solutions. So what are the critical aspects of the so-called Dell Trusted Infrastructure that we should be thinking about? >> Yeah, well, Dell Trusted Infrastructure, for us, is a way for us to describe the the work that we do through design, development, and even delivery of our IT system. So Dell Trusted Infrastructure includes our storage, it includes our servers, our networking, our data protection, our hyper-converged, everything that infrastructure always has been. It's just that today customers consume that infrastructure at the edge, as a service, in a multi-cloud environment. I mean, I view the cloud as really a way for organizations to become more agile and to become more flexible, and also to control costs. I don't think organizations move to the cloud, or move to a multi-cloud environment, to enhance security. So I don't see cloud computing as a panacea for security, I see it as another attack surface. And another aspect in front that organizations and security organizations and departments have to manage. It's part of their infrastructure today, whether it's in their data center, in a cloud, or at the edge. >> I mean, I think that's a huge point. Because a lot of people think, "Oh, my data's in the cloud. I'm good." It's like Steve, we've talked about, "Oh, why do I have to back up my data? It's in the cloud?" Well, you might have to recover it someday. So I don't know if you have anything to add to that or any additional thoughts on it? >> No, I mean, I think like what Pete was saying, when it comes to all these new vectors for attack surfaces, you know, people did choose the cloud in order to be more agile, more flexible. And all that did was open up to the CISOs who need to pay attention to now, okay, "Where can I possibly be attacked? I need to be thinking about is that secure?" And part of that is Dell now also understands and thinks about, as we're building solutions, is it a trusted development life cycle? So we have our own trusted development life cycle. How many times in the past did you used to hear about vendors saying you got to patch your software because of this? We think about what changes to our software and what implementations and what enhancements we deliver can actually cause from a security perspective, and make sure we don't give up or have security become a hole just in order to implement a feature. We got to think about those things. And as Pete alluded to, our secure supply chain. So all the way through, knowing what you're going to get when you actually receive it is going to be secure and not be tampered with, becomes vitally important. And then Pete and I were talking earlier, when you have tens of thousands of devices that need to be delivered, whether it be storage or laptops or PCs, or whatever it is, you want to be know that those devices can be trusted. >> Okay, guys, maybe Pete, you could talk about how Dell thinks about its framework and its philosophy of cyber security, and then specifically what Dell's advantages are relative to the competition. >> Yeah, definitely, Dave. Thank you. So we've talked a lot about Dell as a technology provider. But one thing Dell also is is a partner in this larger ecosystem. We realize that security, whether it's a zero trust paradigm or any other kind of security environment, is an ecosystem with a lot of different vendors. So we look at three areas. One is protecting data in systems. We know that it starts with and ends with data. That helps organizations combat threats across their entire infrastructure. And what it means is Dell's embedding security features consistently across our portfolios of storage, servers, networking. The second is enhancing cyber resiliency. Over the last decade, a lot of the funding and spending has been in protecting or trying to prevent cyber threats, not necessarily in responding to and recovering from threats. We call that resiliency. Organizations need to build resiliency across their organization, so not only can they withstand a threat, but they can respond, recover, and continue with their operations. And the third is overcoming security complexity. Security is hard. It's more difficult because of the things we've talked about, about distributed data, distributed technology, and attack surfaces everywhere. And so we're enabling organizations to scale confidently, to continue their business, but know that all the IT decisions that they're making have these intrinsic security features and are built and delivered in a consistent, secure way. >> So those are kind of the three pillars. Maybe we could end on what you guys see as the key differentiators that people should know about that Dell brings to the table. Maybe each of you could take a shot at that. >> Yeah, I think, first of all, from a holistic portfolio perspective, right? The secure supply chain and the secure development life cycle permeate through everything Dell does when building things. So we build things with security in mind, all the way from, as Pete mentioned, from creation to delivery, we want to make sure you have that secure device or asset. That permeates everything from servers, networking, storage, data protection, through hyperconverged, through everything. That to me is really a key asset. Because that means you understand when you receive something it's a trusted piece of your infrastructure. I think the other core component to think about, and Pete mentioned, as Dell being a partner for making sure you can deliver these things, is that even though that's part of our framework, these pillars are our framework of how we want to deliver security, it's also important to understand that we are partners and that you don't need to rip and replace. But as you start to put in new components, you can be assured that the components that you're replacing as you're evolving, as you're growing, as you're moving to the cloud, as you're moving to more on-prem type services or whatever, that your environment is secure. I think those are two key things. >> Got it. Okay. Pete, bring us home. >> Yeah, I think one of the big advantages of Dell is our scope and our scale, right? We're a large technology vendor that's been around for decades, and we develop and sell almost every piece of technology. We also know that organizations might make different decisions. And so we have a large services organization with a lot of experienced services people that can help customers along their security journey, depending on whatever type of infrastructure or solutions that they're looking at. The other thing we do is make it very easy to consume our technology, whether that's traditional on premise, in a multi-cloud environment, or as a service. And so the best-of-breed technology can be consumed in any variety of fashion, and know that you're getting that consistent, secure infrastructure that Dell provides. >> Well, and Dell's got probably the top supply chain, not only in the tech business, but probably any business. And so you can actually take your dog food, or your champagne, sorry, (laughter) allow other people to share best practices with your customers. All right, guys, thanks so much for coming up. I appreciate it. >> Great. Thank you. >> Thanks, Dave. >> Okay, keep it right there. After this short break, we'll be back to drill into the storage domain. You're watching "A Blueprint for Trusted Infrastructure" on theCUBE, the leader in enterprise and emerging tech coverage. Be right back. (upbeat music)

>>From around the globe. It's the cube with digital coverage of AWS reinvent executive summit 2020, sponsored by Accenture and AWS. >>Okay. Welcome back to the cubes coverage of 80 us. Re-invent 2020 virtual ecentric executive summit. The two great guests here to break down the analysis of the relationship with cloud and essential. Brian bowhead director ahead of Accenture. 80 was a business group at Amazon web services. And Andy T a B G the M is essentially Amazon business group lead managing director at Accenture. Uh, I'm sure you're super busy and dealing with all the action, Brian. Great to see you. Thanks for coming on. So thank you. You guys essentially has been in the spotlight this week and all through the conference around this whole digital transformation, essentially as business group is celebrating its 50th anniversary. What's new, obviously the emphasis of next gen post COVID generation, highly accelerated digital transformation, a lot happening. You got your five-year anniversary, what's new. >>Yeah, it, you know, so if you look back it's exciting. Um, you know, so it was five years ago. Uh, it was actually October where we, where we launched the Accenture AWS business group. And if we think back five years, I think we're still at the point where a lot of customers were making that transition from, you know, should I move to cloud to how do I move to cloud? Right? And so that was one of the reasons why we launched the business group. And since, since then, certainly we've seen that transition, right? Our conversations today are very much around how do I move to cloud, help me move, help me figure out the business case and then pull together all the different pieces so I can move more quickly, uh, you know, with less risk and really achieve my business outcomes. And I would say, you know, one of the things too, that's, that's really changed over the five years. >>And what we're seeing now is when we started, right, we were focused on migration data and IOT as the big three pillars that we launched with. And those are still incredibly important to us, but just the breadth of capability and frankly, the, the, the breadth of need that we're seeing from customers. And obviously as AWS has matured over the years and launched our new capabilities, we're Eva with Accenture. Um, and in the business group, we've broadened our capabilities and deepened our capabilities over the, over the last five years as well. For instance, this year with, with COVID, especially, it's really forced our customers to think differently about their own customers or their citizens, and how do they serve as those citizens. So we've seen a huge acceleration around customer engagement, right? And we powered that with Accenture customer engagement platform powered by ADA, Amazon connect. And so that's been a really big trend this year. And then, you know, that broadens our capability from just a technical discussion to one where we're now really reaching out and, and, um, and helping transform and modernize that customer and citizen experience as well, which has been exciting to say, Andy want to get your thoughts here. We've >>Been reporting and covering essential for years. It's not like it's new to you guys. I mean, five years is a great anniversary. You know, check is good relationship, but you guys have been doing the work you've been on the trend line. And then this hits and Andy said on his keynote, and I thought he said it beautifully. And he even said it to me, my one-on-one interview with them was it's on full display right now, the whole digital transformation, everything about it is on full display and you're either were prepared for it or you kind of word, and you can see who's there. You guys have been prepared. This is not new. So give us the update from your perspective, how you're taking advantage of this, of this massive shift, highly accelerated digital transformation. >>Well, I think, I think you can be prepared, but you've also got to be prepared to always sort of, I think what we're seeing in, in, um, in, in, in, in recent times and particularly in two 20, what, what is it I think today there are, um, 4% of the enterprise workloads sits at the cloud. Um, you know, that leaves 96% out there on prem. Um, and I think over the next four to five years, um, we're going to see that sort of, uh, acceleration to the, to the cloud pick up, um, this year as Andy touched on, I think, uh, uh, on Tuesday in his, I think the pandemic is a forcing function, uh, for companies to, to, to really pause and think about everything from, from, you know, how they, um, manage that technology, their infrastructure, to, to clarity to where that data sets to what insights and intelligence that getting from that data. >>And then eventually even to, to the talent, the talent they have in the organization and how they can be competitive, um, that culture, that culture of innovation, of invention and reinvention. And so I think, I think, you know, when you, when you think of companies out there faced with these challenges, it forces us, it forces AWS's forces, AEG to come together and think through how can we help create value for them? How can we help help them move from sort of just causing and rethinking to having real plans in action and that taking them, uh, into, into implementation. And so that's, that's what we're working on. Um, I think over the next five years, we're looking to just continue to come together and, and help these companies get to the cloud and get the value from the cloud. Cause it's, it's beyond just getting to the cloud attached to me and living in the cloud and getting the value from it. >>It's interesting. Andy was saying, don't just put your toe in the water. You've got to go beyond the toe in the water kind of approach. Um, I want to get to that large scale cause that's the big pickup this week that I kind of walked away with was it's large scale. Acceleration's not just toe in the water experimentation. Can you guys share, what's causing this large scale end to end enterprise transformation and what are some of the success criteria have you seen for the folks who have done that? Yeah. And I'll, I'll start in the end. >>You can buy a lawn. So you, it's interesting if I look >>Back a year ago at reinvent and when I did the cube interview, then we were talking about how ABG we're >>Starting to see that shift of customers. You know, we've been working with customers for years on a single of what I call a single-threaded programs, right? We can do a migration, we can do SAP, we can do a data program. And then even last year we were really starting to see customers ask. The question is like, what kind of synergies and what kind of economies of scale do I get when I start bringing these different threads together and also realizing that it's, you know, to innovate for the business and build new applications, new capabilities, well, that, that is going to inform what data you need to, to hydrate those applications, right? Which then informs your data strategy while a lot of that data is then also embedded in your underlying applications that sit on premises. So you should be thinking through how do you get those applications into the cloud? >>So you need to draw that line through all of those layers. And that was already starting last year. And so last year we launched the joint transformation program with AEG. And then, so we were ready when this year happened and then it was just an acceleration. So things have been happening faster than we anticipated, but we knew this was going to be happening. And luckily we've been in a really good position to help some of our customers really think through all those different layers of kind of the pyramid as we've been calling it along with the talent and change pieces, which are also so important as you make this transformation to cloud >>Andy, what's the success factors. Andy Jassy came on stage during the partner day, a surprise fireside chat with Doug Hume and talking about this is really an opportunity for partners to, to change the business landscape with enablement from Amazon. You guys are in a pole position to do that in the marketplace. What's the success factors that you see, >>Um, really from three, three fronts, I'd say, um, w you know, one is the, the people. Um, and, and I, I, again, I think Andy touched on sort of a, uh, success factors, uh, early in the week. And for me, it's these three areas that it sort of boils down to, to these three areas. Um, one is the, the, the, the people, uh, from the leaders that it's really important to set those big, bold visions point the way. And then, and then, you know, set top down goals. How are we going to measure you almost do get what you measure, um, to be, you know, beyond the leaders, to, to the right people in the right position across the company. We're finding a key success factor for these end to end transformations is not just the leaders, but you haven't poached across the company, working in a, in a collaborative, shared, shared success model, um, and people who are not afraid to, to invent and fail. >>And so that takes me to perhaps the second point, which is the culture. Um, it's important, uh, with finding food for the right conditions to be set in the company, not enable people to move at pace, move at speed, be able to fail fast, um, keep things very, very simple, and just keep iterating and that sort of culture of iteration, um, and improvement versus seeking perfection is, is super important for, for success. And then the third part of maybe touch on is, is partners. Um, I think, you know, as we move forward over the next five years, we're going to see an increasing number of players in the ecosystem in the enterprises state. Um, you're going to see more and more SAS providers. And so it's important for companies and our joint clients out there to pick partners like, um, like AWS or, or Accenture or others, but to pick partners who have all worked together and built solutions together. And that allows them to get speed to value quicker. It allows them to bring in pre-assembled solutions, um, and really just drive that transformation in a quicker, it sorts of manner. >>Yeah, that's a great point worth calling out, having that partnership model that's additive and has synergy in the cloud, because one of the things that came out of this this week, this year is reinvented, is there's new things going on in the public cloud, even though hybrid is an operating model, outpost and super relevant. There, there are benefits for being in the cloud and you've got partners, APIs, for instance, and have microservices working together. This is all new, but I got, I got to ask that on that thread, Andy, where did you see your customers going? Because I think, you know, as you work backwards from the customers, you guys do, what's their needs, how do you see them? You know, where's the puck going? Where can they skate to where the puck's going? Because you can almost look forward and say, okay, I've got to build modern apps. I got to do the digital transformation. Everything is a service. I get that, but what do they, what, what solutions are you building for them right now to get there? >>Yeah. And, and of course, with, with, you know, industries blurring and multiple companies, it's always hard to boil down to the exact situations, but you can probably look at it from a sort of a thematic lens. And what we're seeing is as the cloud transformation journey picks up from us perspective, we've seen a material shift in the solutions and problems that we're trying to address with clients that they are asking for us, uh, to, to help, uh, address is no longer just the back office where you're sort of looking at cost and efficiency and, um, uh, driving gains from that perspective. It's beyond that, it's now materially the top line. It's, how'd you get the driving to the, you know, speed to insights, how'd you get them decomposing, uh, their application set in order to derive those insights. Um, how'd you get them, um, to, to, um, uh, sort of adopt leading edge industry solutions that give them that jump start, uh, and that accelerant to winning the customers, winning the eyeballs. >>Um, and then, and then how'd you help drive the customer experience. We're seeing a lot of push from clients, um, or ask for help on how do I optimize my customer experience in order to retain my eyeballs. And then how do I make sure I've got a soft self-learning ecosystem at play, um, where I, you know, it's not just a practical experience, but I can sort of keep learning and iterating, um, how treat my, eat, my customers, um, and a lot of that, um, that's still self-learning that comes from, you know, putting in, uh, intelligence into your, into your systems, getting an AI and ML, uh, in that. And so as a result of that, where it was seeing a lot of push and a lot of what we're doing, uh, is pouring investments into those areas. And then finally, maybe beyond the bottom line and the top line is how do you harden that and protect that with, um, security and resilience? Uh, so I'll probably say those are the three areas. John >>Brian on the business model side, obviously the enablement is what Amazon has. Um, we see things like SAS factory coming on board and the partner network I've see a, is a big, huge partner of you guys. Um, the business models there. You've got I, as, as doing great with chips, you have this data modeling this data opportunity to enable these modern apps. We heard about the partner strategy from Andy. I'm talking about yesterday now about how can partners within even a center. What's the business model side on your side that you're enabling this. Can you just share your thoughts on that? >>Yeah. And so it's, it's interesting. And again, I'm kind of build it in a build a little bit on some of the things that Andy really talked about there, right? And that we, if you think of that from the partnership, we are absolutely helping our customers with kind of that it modernization piece and we're investing a lot and that there's hard work that needs to get done there. And we're investing a lot as a partnership around the tools, the assets and the methodology. So in AWS and Accenture show up together as AEG, we are executing off a single blueprint with a single set of assets so we can move fast. So we're going to continue to do that with all the hybrid announcements from this past week, those get baked into that, that migration modernization theme, but the other really important piece here as we go up the stack, Andy mentioned it, right? >>The data piece, like so much of what we're talking about here is around data and insights. Right? I did a cube interview last week with, uh, Carl hick. Um, who's the CIO from Takeda. And if you hear Christophe Weber from Takeda talk, he talks about Takeda being a data company, data and insights company. So how do we, as a partnership, again, build the capabilities and the platforms like with Accenture's applied insights platform so that we can bootstrap and really accelerate our client's journey. And then finally, on the innovation on the business front, and Andy was touching on some of these, we are investing in industry solutions and accelerators, right? Because we know that at the end of the day, a lot of these are very similar. We're talking about ingesting data, using machine learning to provide insights and then taking action. So for instance, the cognitive insurance platform that we're working together on with Accenture, if they get about property and casualty claims and think about how do we enable touchless claims using machine learning and computer vision that can assess based on an image damage, and then be able to triage that and process it accordingly, right? >>Using all the latest machine learning capabilities from AWS >>With that deep, um, AI machine learning data science capability from Accenture, who knows all those algorithms that need to get built and build that library by doing that, we can really help these insurance companies accelerate their transformation around how they think about claims and how they can speed those claims on behalf of their policy holder. So that's, what's an example of a, kind of like a bottom to top view of what we're doing in the partnership to address these new needs. >>That's awesome. Andy, I want to get back to your point about culture. You mentioned it twice now. Um, challenge is a big part of the game here. Andy Jassy referenced Lambda. Next generation developers were using Lambda. He talked about CIO stories around, they didn't move fast enough. They lost three years. A new person came in and made it go faster. This is a new, this is a time for a certain kind of, um, uh, professional and individual, um, to, to be part of, um, this next generation. What's the talent strategy you guys have to attract and attain the best and retain the best people. How do you do it? >>Um, you know, it's, it's, um, it's an interesting one. It's, it's, it's oftentimes a, it's, it's a significant point and often overlooked. Um, you know, people, people really matter and getting the right people, um, in not just in AWS or, but then on our customers is super important. We often find that much of our discussions with, with our clients is centered around that. And it's really a key ingredient. As you touched on, you need people who are willing to embrace change, but also people who are willing to create new, um, to invent new, to reinvent, um, and to keep it very simple. Um, w we're we're we're seeing increasingly that you need people who have a sort of deep learning and a deep, uh, or deep desire to keep learning and to be very curious as, as they go along. Most of all, though, I find that, um, having people who are not willing or not afraid to fail is critical, absolutely critical. Um, and I think that that's, that's, uh, a necessary ingredient that we're seeing, um, our clients needing more off, um, because if you can't start and, and, and you can't iterate, um, you know, for fear of failure, you're in trouble. And I think Andy touched on that you, you know, where that CIO, that you referred to last three years, um, and so you really do need people who are willing to start not afraid to start, um, and, uh, and not afraid to lead. Yeah. >>It takes a gut-check there. I just said, you guys have a great team over there. Everyone at the center I've interviewed strong, talented, and not afraid to lean in and, and into the trends. Um, I got to ask on that front cloud first was something that was a big strategic focus for Accenture. How does that fit into your business group? That's, uh, Amazon focus, obviously their cloud, and now hybrid everywhere, as I say, um, how does that all work it out? >>We're super excited about our cloud first initiative, and I think it fits it, um, really, uh, perfectly it's it's, it's what we needed. It's, it's, it's a, it's another accelerant. Um, if you think of first, what we're doing is we're, we're putting together, um, a capability set that will help enable him to and translations as Brian touched on your help companies move, you know, from just, you know, migrating to, to, to modernizing, to driving insights, to bringing in change, um, and, and, and helping on that, on that talent. So that's sort of component number one is how does Accenture bring the best, uh, end to end transformation capabilities to our clients? Number two is perhaps, you know, how do we, um, uh, bring together pre-assembled as Brian touched on preassembled industry offerings to help as an accelerant, uh, for our, for our customers three, as, as we touched on earlier, is, is that sort of partnership with the ecosystem. >>We're going to see an increasing number of SAS providers in an estate in the enterprises States out there. And so, you know, parts of our cloud first and our AEG strategy is to increase our touchpoints and our integrations and our solutions and our offerings where the ecosystem partners out there, the ISV partners out there, and the SAS providers out there. And then number four is really about, you know, how do we, um, extend the definition of the cloud? I think oftentimes people thought of the cloud just as sort of on-prem and prem. Um, but, but as Andy touched on earlier this week, you know, you've, you've got this, the concept of hybrid cloud and that in itself, um, uh, is, is, is, uh, you know, being redefined as well, you know, where you've got the intelligent edge and you've got various forms of the edge. Um, so that's the fourth part of, of our, of our cloud first strategy. And, and, and for us was super excited because all of that is highly relevant for ABG, as we look to build those capabilities as industry solutions and others, and as we look to enable our customers, but also how we, you know, as we, as we look to extend how we go to market, uh, I joined tally PS, uh, in, uh, in our respective skews and products. >>Well, what's clear now is that people now realize that if you contain that complexity, the upside is massive. And that's great opportunity for you guys. We got to get to the final question for you guys to weigh in on, as we wrap up next five years, Brian, Andy weigh in, how do you see that playing out? What do you see this exciting, um, for the partnership and the cloud first cloud, everywhere cloud opportunities share some perspective. >>Yeah, I, I, they, you know, just kinda building on that cloud first, right? What cloud first. And we were super excited when cloud first was announced and you know, what it signals to the market and what we're seeing in our customers, which is cloud really permeates everything that we're doing now. Um, and, and so all aspects of the business will get infused with cloud in some ways, you know, it, it touches on all pieces. And I think what we're going to see is just a continued acceleration and getting much more efficient about pulling together the disparate, what had been disparate pieces of these transformations, and then using automation using machine learning to go faster. Right? And so, as we start thinking about the stack, right, well, we're going to get, I know we are, as a partnership is we're already investing there and getting better and more efficient every day as the migration pieces and the moving assets, the cloud are just going to continue to get more automated, more efficient, and those will become the economic engines that allow us to fund the differentiated, innovative app activities up the stack. >>So I'm excited to see us, you know, kind of invest to make those, those, um, those bits accelerated for customers so that we can free up capital and resources to invest where it's going to drive the most outcome for their end customers. Um, and I think that's going to be a big focus and that's going to have the industry, um, you know, focus. It's going to be making sure that we can consume the latest and greatest of AWS has capabilities and, you know, in the areas of machine learning and analytics, but then Andy's also touched on it bringing in ecosystem partners, right? I mean, one of the most exciting wins we had this year, and this year of COVID is looking at the universe, uh, looking at Massachusetts, the COVID track and trace solution that we put in place is a partnership between Accenture, AWS, and Salesforce, right? So again, bringing together three really leading partners who can deliver value for our customers. I think we're going to see a lot more of that. As customers look to partnerships like this, to help them figure out how to bring together the best of the ecosystem to drive solutions. So I think we're going to see more of that as well. >>All right, Andy final word, your take >>Of innovation is, is picking up. Um, the split things are just going faster and faster. I'm just super excited and looking forward to the next five years as, as you know, the technology invention, um, comes out and continues to sort of set new standards from AWS. Um, and as we, as Accenture bringing our industry capabilities, we marry the two, we, we go and help our customers super exciting times. >>Well, congratulations on the partnership. I want to say thank you to you guys, because I've reported a few times some stories around real successes around this COVID pandemic that you guys worked together on with Amazon that really changed people's lives. Uh, so congratulations on that too as well. I want to call that out. Thanks for coming >>Up. Thank you. Thanks for coming on. >>Okay. This is the cubes coverage, Accenture AWS partnership, part of the center's executive summit at Avis reinvent 2020. I'm John for your host. Thanks for watching.

>> Announcer: From around the globe, it's theCUBE! With coverage of KubeCon and CloudNativeCon Europe 2020, virtual. Brought to you by Red Hat, the Cloud Native Computing Foundation, and ecosystem partners. >> Hi, and welcome back, I'm Stu Miniman, and this is theCUBE's coverage of KubeCon CloudNativeCon 2020 in Europe, the virtual edition of course. We're talking to practitioners, we're talking to contributors, we're talking to end users from around the globe where they are, and of course when we talk about the CNCF, it's not just Kubernetes, there's a lot of projects in there, and it's not just for building things in the cloud, one of the interesting use cases that we've been talking about the last year or two has been about how edge computing fits into this whole ecosystem. To help us dig in a little bit deeper into that conversation, welcome on board one of our CUBE alumni, Nick Barcet, he is a senior director of technology strategy at Red Hat. Nick, great to see you again, thanks so much for joining us. >> Thanks for inviting me again. >> All right, so as I teed up, containerization and Kubernetes, a lot of times people think about it's the big public cloud that's my data center, but of course, cloud is not a destination, there's so much happening with the containerized world, and of course these lightweight environments, when we can make them lightweight, makes sense to go to the edge, so if you could, just tell us where we are with the state of containerization and the cloud-native ecosystem, and where does that fit with edge computing today? >> So what we're seeing currently is every ISV, every customer we talk with, are converting to developing their application with container as a target. This is making it so much simpler for them to be able to establish their application wherever they want. Of course, when we add, for example, the operator framework that we just got accepted into the CNCF, and normalize how you're going to do day one and day two of the life cycle of this container, this is making things a lot simpler. And this is allowing us to have the same principle reapplied for deployments happening in the cloud, on your private data center, and anywhere at the edge. And that's really the core of our strategy, whether in the open source community, or as a commercial company. It is to make all these different footprints absolutely equal when you are writing code, when you're deploying code, when you're managing it. >> Yeah, Nick, we talk about the edge from my standpoint, tend to think that it is going to need a lighter weight, smaller footprint than if I'm thinking about my data center or the environment, reminds me some ways of of course Red Hat, but CoreOS was how do we build something that can be updated faster and be a thinner operating system. When we think of Kubernetes, Kubernetes today isn't as simple, there's obviously a lot of managed services out there, of course with OpenShift you've got an industry leading solution out there, but is there something different I need to do to be able to do containerization and Kubernetes at the edge? How does that fit? >> As a developer, as a user, I hope you have nothing different to do. It's our job to make our platform suit the requirement that are very specific to the edge. For example, if you're going to put Kubernetes inside of a plane, you're not going to be able to use all the space you want. You're very space-constrained. Or if you put it in a train, or if you put it in a boat, you're going to have different types of constraints. And we need to be able to have a implementation of Kubernetes that fits the smallest requirement, but still has the components that enables you as a developer or you as the administrator to feel at home regardless of the implementation of it. And that's the real beauty of what we are trying to do, and that's why we are not rushing it. We are trying to do it upstream so that we have something that is as smooth as possible across different points. >> All right, when we talk about going to the edge, one of the considerations of course is the network to get there. So help us connect what the impact is of 5G, where we are with the rollout, and are there any industries maybe that are leading the pack when it comes to this discussion? >> Yeah, so when I talk about 5G, I like to distinguish two things. There is 5G as the network that the carriers are currently deploying to support all kinds of terminal endpoints. And it happens that in order to have an efficient 5G deployment, operators use edge technology to deploy computing power as close as possible to the tower. So that the latency between your device and what is connecting you to the internet, the time packets take to go across that last mile, is as short as possible. There is a second case, which is also very interesting in the edge part. Which is private 5G, because private 5G enables the customer to establish his, let's say his own antenna, his own local 5G network completely secure, that will enable connecting sensors or devices of all kinds, without having to run wire, and in a much more reliable way than if you're using Wi-Fi or similar kinds of connectivity. So these two aspects are crucial to edge, one because edge is enabling the deployment of it, the other one because it's enabling the growth of the number of sensors without multiplying the cost like crazy. In terms of deployments, well, you know our largest reference is Verizon, and Verizon is moving forward with its plan. This is going very well, I believe they have communicated around this so I will point you around what Verizon has stated on their deployment, but we have multiple other customers starting their journey and clearly, the fact that we have the ability to deploy the stack on the version of Kubernetes that is basically the same regardless of where you're deploying it. That has the ability to support both containers and VM for those applications that are not yet containerized, makes a huge difference in the simplicity of this transition. >> Yeah, it's interesting, you talk about the conversion between virtual machines and containers. One of the big use cases often talked about for edge computing is in industrial manufacturing, and there you've got the boundary between IT and OT, and OT traditionally doesn't want to even think about all those IT conversions and challenges that they've got their proprietary systems for the most part, so is that something, speak to what you're seeing in that segment. >> So, it's interesting, because we just released last week our first inclination about the industrial blueprint that we are proposing. And for us, the convergence between IT and OT comes at when you have automation in the interpretation of data provided by sensors. This automation generally takes the form of machine learning algorithms, that are deployed on the factory floors, that analyzes the sensor data in real time, and will be able to predict failure, or will be able to look at video feed to verify that employees are respecting safety measures, and many many other applications. So because of the value this brings to the operational people, this bridge is very easily closed once you've resolved the technical difficulty, and the technical difficulty are mostly what I call plumbing. Plumbing that takes the form of norms being widely different between the industrial world and the IT world so far. Difficulties because you don't speak the same language. Let's take an example. In the industrial world, CAN is the way you're synchronizing time resources. In the IT world, we have been using other protocol, and more recently, especially in the telco space, we're using PTP. But it seems that PTP is now crossing over to the industrial world, so things are slowly but very safely evolving with something that is enabling this next wave of revolution into the factories. >> Yeah, Nick, it's been fascinating always to watch when you have some of those silos, and when is the right time that things pull together. Curious, one of the big questions in 2020 of course is with the global pandemic going on, which projects get accelerated, and which ones might be pushed off a little bit, where does edge computing fall in the conversations you're having with customers, is that something mission-critical that they need to accelerate, or is it something that might take a little bit longer, possibly even a delay with the current pandemic? >> So it's quite hard to answer this question because we are in an up slope. Is the slope less up now than it would have been without the pandemic, I have no way to tell. What I'm seeing is a constant uptick of people moving forward with their projects, in fact some projects are made, for example for worker safety, are made even more urgent than they were before, because by just analyzing video feed, you can ensure that your processes prevents too close contact between coworkers, and making them vulnerable in this way. So it really depends on the industry, I imagine, but right now we see the demand growing regardless of the pandemic. >> All right, Nick, you mentioned earlier that when I think about the edge, it should be the same code, I hopefully shouldn't have to think about it differently no matter where it is. That begs the question, help connect OpenShift for us as to what is Red Hat offering when it comes to the edge solution with OpenShift? >> So, you have, what we say is the edge is like an onion, where you have different layers. And every time I look at the onion in the perspective of a given customer, the layers are very different. But what we are finding is, similar requirements in terms of security, in terms of power consumption, in terms of space allocated for the hardware, and in order to satisfy these requirements, we found out that we need to build three new ways of deploying OpenShift, so that we can match all of these potential layers. The first one that we have released and are announcing this week is OpenShift deployable on three nodes, that means that you have your supervisors, your controllers, and your workers, on the same three physical machines. That's not the smallest footprint that we need, but it's a pretty good footprint to solve the case of a factory. In this environment, with these three nodes, we have something that is capable of being fully connected or working disconnected with. The second footprint that we need to be able to satisfy for is what we call single node deployment. And single node deployment from our perspective need to come in two flavors. The easy way, the one we're going to be releasing next quarter, is what we call remote worker node. So you have your controllers in a central site, and you can have up to 2000 remote worker nodes spread across as many site as you want. The caveat with this is that you need to have full time connectivity. So in order to solve for this connected site, then we need something that is a standalone single node deployment, and that's something that a lot of people have prototypes so far, and we are currently working on delivering a version that we hope is going to be satisfying 99% of the requirement, and is going to be fully upstream. >> All right, last piece on this, Nick, how should I be thinking about managing my environment when it comes to the edge, seen a lot of course from Red Hat at Red Hat Summit and talked to some of your peers, some recent announcements, so how do we plug in what's happening at the edge and make sure we've got full visibility and management across all of my environments? >> So if I had one word to explain what we need to do, it's GitOps. Basically, you need immutable deployments, you need to be pulling configuration and all information from a central site and adapt it to the local site, without manual intervention. You need full automation. And you need a tool to manage your policies on top of it, and of course aggregate information on how things are going. What we don't want is to have to sit one administrator per site. What we do not want is to have to send people on each site at the time of deployment. So you need to be abiding by this completely automated model in order to be edge compliant. Does that make sense? >> It does, and I'm assuming the ACM solution, Advanced Cluster Management, is a piece of that overall offer. >> Absolutely, ACM is the way we present, we organize policies, the way we get reporting information, and the way we do our GitOps automation. >> All right, so Nick, final question for you, give us a little bit of a look forward, you just mentioned earlier one of the things that's getting worked on is that single node disconnected type of solution. What else should we be looking at in the maturity of edge solutions in this containerizing Kubernetes world? >> So it's not only about the architecture that we need to support. It's a lot more about the workloads that we are going to have running there. And in order to help our customer make their choice, in how they design the network, we need to provide them with what we call blueprints. And in our mind, a blueprint is more than just a piece of paper. It's actually a complete set of instruction, abiding with this GitOps model that I described, that you can pull from a Git repository, that enables automation of the deployment of something. So for example, the first blueprint we are going to be releasing is the one for industrial manufacturing using AIML, and this is going to be something that we are going to be maintaining over time, accepting contribution from outside, and is an end to end example of how to do it in a factory. We are going to follow up with that with other blueprints for 5G, for private 5G, for how do you deploy that in maybe a healthcare environment, et cetera, et cetera, the idea here is to exemplify and help people make the right choices and also ensuring that the stack we provide at one point in time remains compatible given the complexity of the components we have in there over time, and that's really the thing that we think we need to be providing to our customers. >> All right, well Nick, thank you so much for giving us the update, in regards to edge computing, really important and exciting segment of the market. >> Thank you very much, 'twas a pleasure being with you once again. >> All right, and stay with us, lots more coverage from KubeCon CloudNativeCon 2020 in Europe, the virtual edition. I'm Stu Miniman and thank you for watching theCUBE. (calm music)

>> From theCUBE studios in Palo Alto in Boston, connecting with thought leaders around the globe, these are cloud native insights. >> Welcome to another episode of Cloud Native Insights. I'm your host Stu Miniman and of course with Cloud Native Insights will really help understand you know, where we have gone from cloud, how we are taking advantage of innovation, a real driver for what happens in the spaces of course developers. You think back to the early days, it was often developers that were grabbing a credit card, using cloud services and then it had to be integrated into what was being done and the rest of the organization saw the large rise of DevOps and all the other pieces around that, that help bring in things like security and finance and the like. Happy to welcome to the program first time guest, William Janssen. He is the CEO of DeltaBlue. Deep in this discussion of cloud native DeltaBlue is a European company helping with continuous deployment across cross cloud providers in the space. William, thanks so much for joining us, nice to see you. >> Glad to be on the show, thank you Stu. >> All right, so one of the reasons I'm glad to have you on is because of some of the early episodes here, you know we were discussing really what cloud native is and what it should be. I had my first interview on the program, Joep Piscaer, who you know, had given the analogy and said when you talked about DevOps, DevOps isn't something you could buy. But it's something that lots of vendors would try to sell you. And we're trying to dispel, lots of companies out there, they're like, "Oh, cloud native, well we support Kubernetes. "And we have this tool and you should buy our cloud native, "you know, A, B, C or D." So, want to start a little first with what you see out there and what you think the ultimate goal and outcome of cloud native should be? >> I think cloud native, to start with your last question, I think cloud native should make life fun again. We have a lot of technical problems, we solve them in technical things. You mentioned Kubernetes but Kubernetes is solving a technical problem. And introducing another technical problem. So what I think cloud native should do is focus on what you're actually good at. So a developer should develop. Someone from the infrastructure, an operator, should focus on their key points and not try to mix it up. So, not Kubernetes, Kubernetes is again introducing another technical issue. Our view on cloud native is that people should have fun again and should be focusing on what they're good at. And so it's not about technology, it's about getting the procedures right and focusing on the things you love to do. And not to talk to the cross border, talk to a lot of developers and solve operational kind of things. That's what we try to solve and that's our view of cloud native. >> Yeah, I'll poke that a little bit because one thing you say, people should do what they're good at. It's really what is important for the business, what do we need to get done? There's often new skills that we need to do. So it's really great if we could just keep doing the same thing we're doing. We know how to do it. We optimize it, we play with all of our geek knobs. But the drumbeat that I hear is, we need to be agile, we need to be able to create new applications. IT needs to be responsive for the business and rather than in the past it was about, building this beautiful stack that we could optimize and build these pieces together. Today, the analogy I hear more is, there's layers out there, there's lots of different tooling, especially if you look at the developer world. There is just too many options out there. So, maybe bring us a little bit as to you know, what DeltaBlue does. How you look at allowing developers to build what they, new things that they need but not be, I guess the word, locked into a certain place or certain technology. >> Yes, I've been on IT for 20 years. So I've seen a lot of things go around. And when we started out with DeltaBlue, the only thing we had in mind is how could we make the lifecycle of applications and all the things you had to do, the government around applications way more easy. Back in the days, we already saw that containerization solved some of the issues. But it solves technical issues. So like when you start coding, you don't need to go to the network card anymore. We took the same approach to our cloud native approach. So we started on the top level. We started with applications in mind. And the things back in the day you had Bitnami already had the option to have a VM or standard installation of an application. So what we see is that nowadays, many developers and many organizations try to focus on that specific part, how to get your code into some kind of under configuration solution. We take that for granted. There are so many great solutions out there, already tried to solve that problem. So instead of reinventing that wheel again, we take that for granted. But we take another approach. We think that if the application is there, you need to test it. You need to take it into production. You want to have several versions of a specific application into the production environment. So what we've tried to solve with our platform is to make that part of the life cycle, let's call it horizontal version of your application lifecycle, not getting an application built or running up different stuff, we take that for granted. We take the horizontal approach. How to get your traditional application from your development environment to your testing, acceptance. That's a different kind of people test your application, security testing before you take it into production. And that should be all be done from a logical point of view. So we built one web interface, a logical portal. And you can simply drag and drop any type of application, not just a more than micro service oriented or Kubernetes based application but any type of application from your acceptance environment to your production environment. That's going to solve the real problem. So now, any business can have 10 different acceptance environments for even your old legacy SAP or your Intershop environment. That's going to get your business value. So going back to your definition of cloud native, getting that kind of abstraction between getting your and code your application and get it get somewhere up and running and all the stuff that's needs to be done from your development environment into the production environment. That's going to add to your business value. That's going to speed up your time to market, that's going to make sure that you have a better cloud quality because now you can test even your legacy application from 10 different points of view and 10 different types of different branches, all in a parallel environment. So, when we started with DeltaBlue, we took a different approach, took the technical stuff for granted, and focus on all the government around applications and the governance that's the thing, I think that's the most important part in the cloud native discussion. >> So governance, especially in Europe, has a lot of importance there. If you could, bring us inside a little bit, customers you're talking to, where they are in this journey. If you've got an example of something you're doing specifically we'd love to hear how that happens in real world. >> Yes we have many different customers but I think one of our best examples, for example is Wunderman Thompson, a big eCommerce party across the globe but also here in the Netherlands. And we made a blueprint of their development environment the way they develop application and the way they host applications. So, now they started a new project, 40 developers go to the new big eCommerce application. In the past, everyone had to install their own Intershop environment on their own laptop, Java, Oracle, that kind of stuff. It took me a day and a half. Since we abstracted that into like a simple cell, like you would do in any serverless environment nowadays, they can now simply click on a button. And since they made their laptop or their development environment part of our platform, they can now simply drag and drop the complete initial environment to the laptop and they can send development in 10 minutes instead of a day and a half. That's just the first step that makes their life easier. But also imagine, we have an application up and running for two, three months and our security patch, we all know the trouble of getting a patch installed in production but also then install it into the acceptance environment, test environment, development environment, all those kind of different versions. With our platform, since we have the application in mind, we can, with simple one simple click of the button, we can propagate that security patch across all the different environments. So from a developer point of view, there's no need to have any kind of knowledge of course they need to configure a port or something like that but no need of knowledge of any type of infrastructure anymore. We have made the same blueprint for the complete development environment. So with a single click of the button, they have a complete detail environment, known over the need to go to their infrastructure to get the service to their operating guys, they have them installed, industrial Nexus, very book of repository, all that kind of stuff. It's all within one blueprint. So again, we think that the application should come first. That should be abstracted, and not abstracted just in a single spin up a container or spinning up a VM. Now, the complete business case, application, complete environment should be up and running with a single click of a button. So now they can start if they have a demo tomorrow, for example, and they want to have a demo setup. With a single click, they have a complete environment up and running, instead of having to wait three weeks, four weeks before they can start coding. And the same comes with a production environment. We now have an intelligent proxy in front of it. So they can have three different versions of the same shot in their production environment. And based on business rules, we can spread the load against the different versions of a business application, eCommerce application. We signed a new contract with New Relic last week. And the next thing we're going to do, and it's going to be there in two weeks, is fit New Relic data, I mean, an eCommerce application is about performance. A longer response time of a page page load time will drop your drop your revenue. So what we're going to do with New Relic is feed it's performance data back into that the intelligent proxy in front of their application. So now they're going to drop the new version of their intershop application on a Thursday evening, they go to sleep. Friday morning, they wake up and from the three versions, and the best performing website will be up and running. That's the kind of intelligence and that's the kind of feedback we can put into our platform since we started with applications in mind first. It's getting better quality, because you can do better testing. I mean, we all want to test, but we never want to wait for those different kinds of setups, they want to have fast development cycles. That kind of flexibility where you do the functional deployment, the functional release, not the technical stuff. What we now see in the market is that most people, when they go to the cloud, try to solve the technical release problems of getting the application up and running in a technical way into the production time, we try to focus on the functional level. >> So, William, being data driven, a very important piece of what you talked about there. What I want to help our audience understand is concerns about if you talk about abstractions, or if you want to be able to live across different environments, is can you take advantage of the full capabilities of the underlying platform? Because, that is, one of the reasons we go to cloud isn't just because it's got limitless compute Pricing comes down. But there's only new features coming out, or I want to be able to go to, a cloud provider and take advantage of some specific feature. So help us understand how I can live across these environments, but still take advantage of those cloud native features and innovations as they come out. >> Great. There are actually two ways. For most alternatives, we also have an alternative component in our platform as well. We have complete marketplace with all kinds of functionality like AWS has, but I can imagine that people want to develop an AWS and get our AWS lambda functions or s3 buckets or that that kind of specific functionality. And going back to the Intershop example, they run their application as a CaaS solution on Azure. So when you went to Azure DevOps, or that kind of specific functionality included, our platform connects over 130 different data centers across the globe and Azure and AWS, and Oviedo Digital Ocean are all part of the huge mix of different cloud providers. For every provider, we have what we call gateway components. We deploy natively, mostly bare metal or equivalents of bare metal within those cloud providers. And we made an abstraction layer on the network layer. So now we can include those kind of specific services like they were part of our platform natively. Because if we would have just build a layer and couldn't use the specific components of an AWS or an Azure or that kind of stuff, we would just be another hosting provider. I haven't liked VMware. So that kind of stuff. We want to and we are aware that we need to include a specific stuff, functionality. And what we do with this with what we call gateway components. So we have AWS, gay components, educators, but also for IBM, or Google specific environment. So we can combine the network of AWS, with our specific network. And that's possible, because we made a complete abstraction layer between the network of the infrastructure provider and our network. So we can complete IP subnets DNS resolver as if it was running on their local environment. And thereby, since we have that abstraction layer, we can even move the workloads on AWS to Azure. And since we have the abstraction layer network, we can even make sure that you don't need to reconfigure your application. I think that's the flexibility that people are looking for. And if they have a specific workload and Azure and it's getting too expensive, for the ones that includes AWS stuff, they want to shift the workload to different kind of cloud providers based on the characteristics of a specific worker, or even if you want to have the cheapest option, you can even use your on premise data center. >> William, do that there absolutely is interest in doing that. One of the barriers to being able to just go between environments is of course that the skills required to do this. So, there's something to be said about, if I use a single provider, I understand how to do it, I understand how to optimize it, I understand the finances of it. And while there may be very similar things in another cloud, or in my own data center, the management tools are different and everything. So how do we overcome, that skill set challenge, between different environments. >> We had a different approach the same as we do it on application level, we took it also in data center level, so we're going to handle most cannot say all because there's always specific components. But from our interface, you can simply go to a specific application and select the type of data center you want to run on your application. And if your application is running on an AWS, you get the gateway components with the components, like an s3 bucket or a lambda or an RDS, based on the data center you're running in. So we took that abstraction layer even on that level. But I got to be honest, I think 80% of our customers is not interested in the data center, they run their application in unless they have specific functionality, and which is not available on our platform, or they have a long running application, or use a specific or they bought a specific application. Otherwise, they don't care. Because from a traditional application, there is no difference between running on Azure or Google Cloud or an IBM cloud or whatever. The main difference is that we can make a guarantee about the SLA. I mean, IBM has a better uptime guarantee. A better performance and a better network compared to let's say, digitalocean. Kind of set this up. But there is a huge difference. But it's more like the guarantee that we can give them. So we have this abstraction layers, and we try to put as many as possible as much as possible into our portal interface. There will no way that we're going to redesign and we work about the complete AWS interface, or we're not going to include 100% of their functionality. That's not possible. We're, small company. AWS is somewhat more developers in place. But the main components and people are asking for like RDS or these kind of specific setups, that's where we have the gateway components for available and they can include them into their own application. But we also going to advise them why they were looking for those specific AWS components. Is it within the application architecture or is it something gauges right? Isn't there a better solution or an other solution? And I think, since we have that objection that one of the biggest benefits is, and what we see our customers also do is we incorporate that data center into our platform. And we have one huge network across all the cloud providers and including their own data center. So in the past, they had to have two different development teams, one specialized in AWS development, with all that kind of specific stuff. And all one development team which had more like a traditional point of view, because their internal system and data which was not allowed to go outside the company or had to stay within the firewall. And since we have now one big network, which is transparent to them, we can make sure that their code for their internal systems stays internal and is running on internal systems. But we could still use some kind of functionality from the outside. We do it all unencrypted today, and we have one big platform available. So with our gateway components, we can make sure that that data and application data is really staying internally. And only is allowed to grow internal data access and that kind of stuff, but still use external functionality or price. But again, I would say 80% of our customers, they don't care because they just want to get rid of the burden. I think going back to what we think cloud native means is just getting rid of the burden. And you shouldn't be concerned about what type of cloud we're actually using. >> Absolutely, William, the goal of infrastructure support, my applications and my data and we want companies to be able to focus on what is important for the business and not get bogged down and certain technical arguments introduction. So William, thank you so much for joining us. Really great to hear about Delta blue. Looking forward to hearing more in the future. >> Thank you. >> I'm Stu Miniman. And look forward to hearing more of your cloud native insights.

(Upbeat music) >> Announcer: Live from Orlando Florida, It's theCUBE covering PentahoWorld 2017. Brought to you by Hitachi Vantara. >> Welcome back to theCUBE's coverage of PentahoWorld, brought to you, of course, by Hitachi Vantara, I'm your host Rebecca Knight along with my cohost James Kobielius. We're joined by Charles Gaddy, he is the Business Development Manager at Melissa Data. Thanks so much for joining us. >> Great, thank you for having me. >> So tell us, tell our viewers a little bit about Melissa Data and what you do there. >> Well, Melissa is a data quality and identity assurance company, so we have been around for 30 years. And we're a 30 year old start up you might say. Very innovative in what we do, and the way we address our problems. We are the strategic partner for Pentaho as it relates to data quality. So most of our data quality solutions are embedded and available within the Pentaho stack. So my particular role there is to facilitate global sales and alliances, and Pentaho is one of our global alliances. >> Okay, so that's the, it's a strategic alliance, and so what is your relationship now with Hitachi Vantara? >> That's a great question, because now that we're with Hitachi Vantara, one of the things we're focusing on is a strategy around data quality blue prints. Data quality blueprints are something that Pentaho brought in to that relationship, or that new company, right? And it's a powerful way that they sell their solutions, and craft the message around their solutions in a way that sounds less technical and more engaging, I think. And I'll give you a bit of an opinion there, and so we're very excited to be one of the first companies, from a partner perspective, to do a blueprint that's not strictly Pentaho based. >> Is it, you're talking about blueprints, is it a consultative marketing and sales tool? Or is it a solution accelerator template, or a bit of both? >> You stole my thunder, I was going to say I think it's a bit of both actually, yes. The nice thing that I've seen about the other ones they've done and the one that we're crafting is, you're taking a use case, effectively, and you're breaking down what you're bringing to that use case, with a sprinkle of technology, so that they know it is a technical solution, as well as a consultative sale. Then you're telling them about the problem you're going to solve with it, and the expected outcomes after you've solved that problem. So, the first use case is around customer data quality, within online retail, right. So, everything from preventing packages from being misplaced by using address verification, and geocoding in order to improve the quality of address data that you're shipping, all the way through to customer demographics, so you can understand and overlay demographic information about the customers you're targeting online. All of these solutions, we bring the data piece of that, and Pentaho brings the other elements to make that combined blueprint. >> So just in hearing you say those things, I'm thinking back to what we heard on the main stage today, about the potential of the dark side, in the sense of the models maybe being used for nefarious reasons, I mean, how do you guard against that? >> Well, you know, there's that AI component, which was very much of the Skynet comment I believe, and then there's data quality, which, having been around data quality for quite a while, there's a rules based element to that, that isn't necessarily AI based, so you don't necessarily have as much of that dark side to deal with, what you are rightfully pointing out, is the idea that you're using elements of data that represent someone's identity potentially, right. And how do you protect and safeguard that? And our 30 years in the business really gives us an insight on how to protect the data in ways that insure the quality of it, but then also insure that it's not used for nefarious purposes, like you said. >> Okay, so as you know, Pentaho co-founder James Dixon coined the term "the data lake". So how has Melissa partnered and integrated with Pentaho in that way? >> And how does data governance and quality ride upon and leverage the data lake to be effective? >> Okay, so it's a two part question. Looking at it from the perspective of what was described in the data lake, things are going in to the data lake. Well, you can take two approaches to it, I guess. You can try to boil that data lake, which is very challenging, you know. Or you can extract quality information out of it, and so, data quality, whether you're pushing data quality into the lake, or whether you're trying to extract actionable intelligence out of the lake, fits on both sides and gives you that step towards analytics and intelligence that you need. Right, otherwise it's a lake. The other side you mentioned is the governance side of it. So, our components that run, and our services that run as a part of what is offered with Pentaho, give elements of a feature like profiling, so you're able to profile the data as it's moving between these different places, see the anomalies, potentially address the anomalies, if that's something you need to do, or at least be aware of them so you know what's going on, right, and you're constantly monitoring. >> Does that involve AI or machine learning on your end to do that, the anomaly detection within the data lake? >> There's elements of our technology that leverage pieces of that for sure. I wouldn't call it full blown AI from that perspective, but there are some patents and some proprietary technology that we have, that gives us a unique approach on how to profile that data, and how to make that profiled information actionable within Pentaho. >> So, you talked about the retailer use case, and that's how we can make sure the packages are delivered to the right places, and the demographic. What are some other examples of ways that we can use Melissa Data? >> Okay, so as luck would have it, the first blueprint we're doing is the customer one I just mentioned, but we're already talking with Hitachi Vantara about the idea of doing a financial services one, right. And so in that fin tech space, not only would you be able to leverage matching deduplication, which they call more of an identity resolution in that element, but you'd also be able to leverage the elements of data that we bring to bear to say that you are who you say you are. So you bundle those together in a fin tech, or a financial services model, and you've got a different use case from customers and online retail, but you still have a very compelling joint offering as you're pushing data through. >> Which is particularly relevant in light of the Equifax breach, which will haunt us for the rest of our lives, we keep hearing about this. >> Yes, you have to be very careful with the data that you utilize, absolutely. >> One of the terms we keep hearing a lot is future proofing. What does that mean to you at Melissa Data? How do you describe your approach to future proofing your business? >> So, it's interesting because, as I mentioned, we're pretty much a 30 year old start up, so as a function of that, we future proofed ourselves. Because we've evolved and adapted, you have to be nimble, you have to be agile, as well as embracing agile concepts, which, there's two different meanings there, if you will. And so, in looking at that, you want to make sure that you've got the right technology set, and that that technology set can be easily adapted and evolve over time, right. I think those are they key things we've done as a company, with the solutions we've built, and much like, I heard today on the keynote, that Hitachi had focused to do, we've done a very similar thing, because we started in direct marketing, with a database of zip codes. And now we offer matching, and we offer these cloud solutions and identity. So we've had a very similar track to that story you heard earlier. >> You've said it a couple of times, you're a 30 year old start up. How do you stay innovative? I mean, you're a 30 year old start up that now has employees in four locations across the U.S. dealing in huge businesses. How do you keep that start up mentality? The hungry mentality, and the hack-y mentality, I guess I should say too? >> One of the real advantages we've got there, is our CEO and founder has always innovated. From the first company before Melissa, all the way up through today, he's always been one to say we need to try that next thing, right. Pentaho, five or six years ago, was that next thing that he and our VP of strategy said we should try, and now I'm sitting here with you today. There's a top down, bottom up approach, if that makes sense to you, because if you have an idea, you can bring that idea forward as well. >> You consider the next thing, and Hitachi Vantara's been saying that in spades today here at this event, it's also a Wikibon research focus, the Edge, Edge computing, Edge analytics, data, machine data coming from Edge devices, how is Melissa Data, in partnership with Pentaho, moving towards this Edge to outcome frame of reference, or frame for building innovative solutions, where does that fit with your roadmap going forward? >> So our perspective on that, much like when we first engaged with them, data was going into the data lake, let's just get it all in there, get it all in there, get it all in there, get it all in there, right. Well, eventually you have to make that data actionable. You're going to have a reverse scenario with the Edge. There's a lot of data, small amounts, small chunks, that are going to be everywhere, I think it was talked about being on cell phones, and everywhere else. The idea that you can extend the reach of data quality along with the reach of analytics, to actually make sure you're getting the best data you can, to feed those microanalytics, to feed that, that's a critical part that we see as potential. >> Looking ahead, what are some of the problems that you want to solve, just sort of in the next year, the next five years, what are some of the things that you're thinking about and keeping you up at night right now. >> We're doing some very interesting things with globally unique identifiers, I'll call them that, not a GUID in that sense, but the idea that every address on the planet could be indexed, right. And then the idea beyond that was every email and every phone and every identity around that could be indexed. Then when you're dealing with a massive amount of indexes, becomes a lot faster and a lot easier to match, to dedupe, to do other data quality tasks. So, it's one of the projects that our CEO is very interested in, is this sort of indexing or massive indexing table concept. And so that's one of the things I know we're very focused on as an organization, and how that can feed all of our other technologies. >> How would that work, I mean, I know it's a research process in motion, but >> And keep in mind I am the head of global sales and alliances, so don't bust out all the too technical a question. (laughter) >> Yeah, so this is identity resolution at a massive scale, does it involve an internet of things, almost like a, slap me on the wrist, a graph, a social graph of you and all the identities you may have running on various Edge devices? You meaning a user. >> I think there is the potential for pieces. >> Remember, I'm a geek here so. >> Yeah, yeah there's a potential for pieces of that to be used in that way. Like an example we got approached about was, someone who wanted to have a cookie that represented the address that they just captured from this particular interaction on the web, right. Well, imagine if you could use this table of addresses that was indexed, right, to get that number back, and you just store that number constantly with that cookie, you'd never have to store that address data again, you could match that index against other indexes, and the uses go on and on and on. >> James: Right. >> So it's not complete in any way, so I wouldn't want to venture to answer the implete part of your question, but the idea that you can represent things with a series of numbers is how the internet got started, effectively, right, so you could look at something similar. >> Right. >> So you're here at PentahoWorld, and you said you're a biz dev manager, what is your, what do you hope to take away from it? I mean, are you talking? >> You mean outside of business? (laughter) >> Get some deals done, exactly. But what are you learning, what are you hearing, are you sharing best practices, and how do you do that here? >> Well, we're pretty tightly connected into different elements of what is now Hitachi Vantara, right, so we work with their office in Singapore, we work with them engaged all over the world, on many different fronts, and so it's nice to be here one, so you can literally put some faces with some names, right. And as you look at some of their different initiatives, like cyber security that I've seen, over there somewhere, and some of the other initiatives they've got going, they march a bit in lock step with what we're doing, and the nice thing about being here, is the ability to sort of reconcile that and see and talk about how we can go forward together with those elements, if that makes sense. >> James: Right. >> Absolutely. Well Charles, thanks so much for coming on theCUBE, it's been a great talking to you. >> James: Yeah absolutely. >> Thank you for having me, I appreciate it. >> We will have more from theCUBE's live coverage of PentahoWorld in just a little bit. (upbeat music)

>> Voiceover: Live from Las Vegas. It's The Cube. Covering Dell EMC World 2017. Brought to you by Dell EMC. >> And the band played on. You might be able to hear the guitar player off in the distance. It's that time of day here at Dell EMC World 2017, along with John Furrier. I'm John Walls. Glad to have you here on The Cube. We are officially, John and I now, Node-O-Ramas. (laughing) We have joined the blue button club. We'll explain that in just a little bit. Tell you what it's all about. Here with me to do that is Armughan Ahmad, who is the SVP of Blueprint Solutions and Alliances of Dell EMC. Just had a launch. >> Yeah. Had to be one of the two. And Brian Payne who is the VP of Product Management in the server division at Dell EMC. Brian, thank you for being with us. >> Absolutely. Thanks for having me >> All right, so first off, let's talk 14G. Big server news, you guys make. I'm sure that's really had a lot of your attention this week. A lot of people want to know, Brian, what's up? Tell me about the excitement you generate with that announcement. >> Absolutely, it's generated a ton of excitement and it's not just been this week. It's been a lot of build up for driving a new generation of servers into the market. We start with what our customers are telling us that they're interested in, and with this generation we focused on the typical things you would expect, like how can we run workloads more effectively than the current generation of technology. However, as we look into the landscape as people drive digital transformation, the workloads are changing, right? There are a lot of new workloads. There's a lot of new technology that our customers need to sort out and figure out, where do I apply where in order to run things more effectively? And so we're focused on that in terms of delivering portfolio breadth so that our customers will have the capability when they need it to run their applications well. So that's one thing that is exciting and new. But aside from that, which is running our customers' applications, we're also focused on how can we make our customers more agile and effective through the automation tools that we've designed into this generation of servers? And then, lastly, security has been a big focus. And it's not bolted on security; it's integrated security built into the server throughout the supply chain and throughout the life cycle of the server. Those are the big things that have resonated with our customers as we've announced the next generation of servers. >> I was kind of kidding on the top there talking about the Node-O-Rama buttons. Both of you are wearing yours. So tell us what is that all about? What's Node-O-Rama going on there? >> So Janet Moore, who's actually in our product marketing group, came up with Node-O-Rama because as we were getting ready to launch 14G, awesome servers, Poweredge 14 Generation, we wanted to be ready for VSAN ready nodes 'cause customers really wanted to take storage and take that software-defined storage and ensuring when you take software-defined storage you want to really run it on a server platform to drive the next generation of IT transformation and digital transformation eventually. But we also wanted to the same thing with Microsoft Spaces Direct. We also wanted to do the same thing with our ScaleIO, software-defined scale out storage capability. But then not just stop there. We also have SAP HANA ready node, which is our SAP HANA for commercial and midsize customers. So that's where Node-O-Rama really came in. We've got a lot of nodes. So right now we're launching our Microsoft Spaces Direct ready node that got launched on Monday. So we're totally excited. We have the most ready nodes in the industry right now. >> So we were talking in our intro this morning on our other set, David Floyer, analyst at Wikibon, and Keith Townsend, another analyst. We were kind of looking at this announcement here. The big takeaways were really, really strong hyper-converged ACI message. Seeing that across the board. VMware is the glue layer between all this. And then finally, reality of hybrid cloud. So we were just talking about the ready systems. How does this all work? Because now, those are three nice areas developing. How does Node-O-Rama fit in that? How should they think about ready nodes, the context of that scene? >> Well, one thing that I mentioned a moment ago is just this idea of complexity that customers are dealing with. We still have, through our ready systems, we're able to offer simplicity for customers that want to buy a full system-level solution, but not everyone is, for a variety of reason, is ready to do that. However, they're left with saying, "Okay, I can buy servers from Dell, Poweredge Servers "and go run my workload, "but what do I pick? "I want to move to a software-defined storage. "I want to run something like SAP HANA. "Can somebody simplify that process for me?" And that's where ready nodes come in. It really streamlines the selection of technology where we've done the testing. We've done the validation to figure out what's going to run well and then we can point customers in that direction. And we can also streamline the services, the service offering around that. So it's really about making it simpler for out customers throughout the lifecycle of picking the technology and then deploying and managing. >> What about operational support? Efficiency, ease of use there? What's your position on that? >> Absolutely, operational support is streamlined and then if you have an issue with a ready node and you call up Dell services, they're going to immediately recognize what you have and be able to get you back up and running and working more effectively, more quickly. >> So where's the Nexus here, alliances and then what you're doing there? How's that coming together? >> Yes, so I lead our solutions business unit that is powered by our technology alliance partners, so VMware VSAN ready node, Microsoft Spaces Direct ready node. ScaleIO happens to be our own IP, so that's a ready node, and then SAP. So those are the alliance partnerships. And then what my group does is we work very close with Brian Payne and Ashley Gorakhpurwalla, whose at GM, for our server division, and Robbie Penaganti. That server division, it's all about the server right in the center of it so if you are going to drive a software-defined data center, you have to get a server right in the middle and make sure that server's not only scalable, it's intelligent, but it's also secure. So what we do is we actually take that server that's ready from their side and they certify it. We then take that in my group. We validate it, we make sure that the firmware that needs to be changed, the buyout that needs to be changed. The service capability, the sales enablement that we have to put out there. So it becomes a ready node, right? >> So tell me about the old days. I'm just kind of going, "Wow! "That sounds really easy" but it's not. They, in essence, have to build a server that's going to be ready for whatever composed solution you put together, whether it's VMware, Edge, or whatever. >> Armughan: Yeah. >> They have to then make the enablement happen. >> Armughan: Yeah. >> So in the old days, what was it like? Compare and contrast what it was in the old days. Go to the server guy and say, "I need these servers to support this, this and this" and then they go do it. >> Brian: Yeah. >> And months later. Take us through why is this different for the customer? >> It actually starts very early in the process as we look at the technology landscape, working with Armughan's team to figure out what technologies are going to change and transform the efficiency of how we run applications. It starts with defining the servers arm-in-arm with the team that's responsible for delivering those applications, figuring out what's going to work, develop it, and then bring it to market. And then it's really about streamlining that selection process for our customers. How can we make it easy for them to pick the right things and then quickly procure that and deploy that in their environment and start getting the business results that they're after? >> So time to market for the solution is optimized in that scenario? >> Brian: Oh yeah. >> You call in for the server, 14G. (finger snap) You have it all prepared, ready for you to go. >> So John, in the past, let's go back a few years, right? Our 13G servers at that time, or any other servers in the industry, were really developed for multi-workloads. They weren't developed for specific workloads. What we have now done at Dell EMC, and this is the synergy that Marius was talking about earlier that you were mentioning, which is we take our server group, we work hand-in-hand in our server group right up front, so that's 14G, as our 14th generation of Poweredge servers were being designed, Brian Payne and I, and our teams work very close together to say, "Okay, what are the top workload orientations "that we want to go after?" So software-defined storage, definitely top priority. Now, who should we be working with? VMware VSAN, of course. Microsoft Hyper-v Spaces Direct. Our ScaleIO business, because we know a lot of the customers want to do that. But then, in addition to that, we said, "Okay, ready nodes is good. "That's fantastic." But we know customers go from build to buy continue. So they'll be customers who would want SAP workload orientation, they would want Oracle workload orientation. They want Sequel workload orientation. But then those are your traditional apps. But now you're moving into the next generation apps of machine learning, AI, which is starting with high-due clusters and analytics clusters. So our partnership between server product group and our solutions product group. My product group does not exist without server product group. We have to ensure, and by the way, same thing goes for storage product group, our data protection product group, and our networking product group, as well as our CI and ACI product group. What we do is we, essentially, work right up front and make sure that that workload orientation is start through right in the beginning. >> John: What's the customer reaction? >> You want to take that. >> Yeah, sure, I was just going to add one piece and I'll address that. Conversely, the server isn't going to do anything without the application running on top of it. So that's where we go hand-in-glove here. Customers are very pleased with it. The adoption rates have been very strong of what's been in the market and then as we're bringing a breath of fresh air with the next generation technology, customers are very eager to begin adopting. >> John: What's the reaction to this announcement because the 14G had the fanfare yesterday when it was talked about, but what is the reaction to the 14G and the ready server nodes now? >> I'll give you an example, first of all, on our revenue growth. So we actually picked some major workload so VSAN ready node. We'd announced that about six months ago and our VSAN ready node business is through the roof right now on 13G. 14G launches as soon as the summer. Ashley Gorakhpurwalla mentioned on stage sometime this summer. As soon as that launches, we will be ready with 14G. But right now we have ready nodes already in the market on our 13th generation platforms. And as soon as we started launching these solutions we're finding that our customers, more importantly our channel partners as well, because they find that it's much easier, John, for them to deploy that. We're also seeing that same 13G to now 14G migration related to high-performance computing. A lot of customers are taking that on and the growth has been really fabulous. >> Yeah, I think if you rewind the clock before ready nodes and say, "What was the world like?" We had customers that were deploying and trying to deploy things like VSAN or other software-defined storage, and they were running into problems and us, VMware, we're trying to help customers navigate that, but what we found was there were dependencies in that stack in the underlying infrastructure, and so the ready nodes really came out of that how can we improve that customer experience and make sure that what we deliver is going to be trusted and reliable. >> And shipping around the summer, which is right around the corner. >> That is 14G is going to ship but right at the same time, our ready nodes for VSAN ready node and Microsoft Spaces Direct ready node and ScaleIO ready node will ship at the exact same time 14G Poweredge servers ship, right? But keep in mind, we're already selling all of the 13G-based platforms for ready nodes, ready bundles, and ready systems. >> John: I tell you, just knowing the channel partners, they're going to love this. >> Oh yeah. >> Because it's so peaked and not a lot of training involved and they can pick up the training and services (finger snap) right out of the gate, target workloads, good engagement of customers. Makes a lot of sense. Hangs together in my mind. Congratulations. >> Brian: Thank you. >> All right, so Node-O-Rama, this is the button here. >> Armughan: It's right here. >> Check out the ready nodes. It just sounds great. Ready, alert, fire jets go. (laughter) Take off in the aircraft carrier. >> There is nothing like being an honorary Node-O-Rama. So thank you very much for the pleasure. >> Getting ready to Rama. >> Always good seeing you guys. >> Thanks for being with us. >> Armughan: Thank you. >> Back with more coming up here. Dell EMC World 2017 Live from Las Vegas. You're watching The Cube. (techno music)

(hip-hop music) (electronic music) >> Announcer: Live from Fisherman's Wharf in San Francisco, it's theCUBE, covering IBM Chief Data Officer Strategy Summit Spring 2017. Brought to you by IBM. (crowd) >> Hey welcome back everybody, Jeff Fricke here with Peter Burris. We're wrapping up a very full day here at the IBM Chief Data Officer Strategy Summit Spring 2017, Fisherman's Wharf, San Francisco. An all-day affair, really an intimate affair, 170 people, but Chief Data Officers with their peers, sharing information, getting good information from IBM. And it's an interesting event. They're doing a lot of them around the country, and eventually around the world. And we're excited to have kind of the power behind the whole thing. (laughing) Caitlin Lepech, she's the one who's driving the train. Don't believe the guys in the front. She's the one behind the curtain that's pulling all the levers. So we wanted to wrap the day. It's been a really good day, some fantastic conversations, great practitioners. >> Right. >> Want to get your impression of the day? Right, it's been great. The thing I love about this event the most is this is all client-led discussion, client-led conversation. And we're quite fortunate in that we get a lot leading CDOs to come join us. I've seen quite a number this time. We tried something new. We expanded to this 170 attendees, by far the largest group that we've ever had, so we ran these four breakout session tracks. And I am hearing some good feedback about some of the discussions. So I think it's been a good and full day (laughing). >> Yes, it has been. Any surprises? Anything that kind of jumped out to you that you didn't expect? >> Yeah, a couple of things. So we structure these breakout sessions... Pointed feedback from last session was, Hey, we want the opportunity to network with peers, share use cases, learn from each other, so I've got my notes here, and that we did a function builder. So these are all our CDOs that are starting to build the CDO office. They're new in the journey, right. We've got our data integrators, so they're really our data management, data wranglers, the business optimizers, thinking about how do I make sure I've got the impact throughout the business, and then market innovators. And one of the surprises is how many people are doing really innovative things, and they don't realize it. They tell me-- >> Jeff: Oh, really. >> Ahhh, I'm just in the early stages of setting up the office. I don't have the good use cases to share. And they absolutely do! They absolutely do! So that's always the surprise, is how many are actually quite more innovative than I think they give themselves credit. >> Well, that was a pretty consistent theme that came out today, is that you can't do all the foundational work, and then wait to get that finished before you start actually innovating delivering value. >> If you want to be successful. >> (laughing) Right, and keep your job (laughing) If you're one of the 41%. So you have to be parallel tracking, that first process'll never finish, but you've got to find some short-term wins that you can execute on right away. >> And that was one of our major objectives and sort of convening this event, and continuing to invest in the CDO community, is how do I improve the failure rate? We all agree, growth in the role, okay. But over half are going to fail. >> Right. >> And we start to see some of these folks now that they're four, six years in having some challenges. And so, what we're trying to do is reduce that failure rate. >> Jeff: Yeah, hopefully they-- >> But still four to six years in is still not a bad start. >> Caitlin: Yeah, yeah. >> There's most functions that fail quick... That fail tend to fail pretty quickly. >> Yeah. >> So one of the things that I was struck by, and I want to get your feedback on this, is that 170 people, sounds like a lot. >> Caitlin: Yeah, yeah. >> But it's not so much if there is a unity of purpose. >> Caitlin: Correct, correct! >> If there's pretty clear understanding of what it is they do and how they do it, and I think the CDO's role is still evolving very rapidly. So everybody's coming at this from a different perspective. And you mentioned the four tracks. But they seem to be honing in on the same end-state. >> Absolutely. >> So talk about what you think that end-state is. Where is the CDO in five years? >> Absolutely, so I did some live polling, as we kicked off the morning, and asked a couple of questions along those lines. Where do folks report? I think we mentioned this-- >> Right. >> When we kicked off. >> Right. >> A third to the CEO, a third to CIO, and a third to a CXO-type role, functional role. And reflected in the room was about that split. I saw about a third, third, third. And, yet, regardless of where in the organization, it's how do we get data governance, right? How do we get data management, right? And then there's this, I think, reflection around, okay, machine learning, deep learning, some of these new opportunities, new technologies. What sort of skills do we need to deliver? I had an interesting conversation with a CDO that said, We make a call across the board. We're not investing to build these technical skills in-house because we know in two years the guys I had doing Python and all that stuff, it's on to the next thing. And now I've got to get machine learning, deep learning, two years I need to move to the next. So it's more identifying technologies in partnership bringing those and bringing us through, and driving the business results. >> And we heard also very frequently the role the politics played. >> Caitlin: Oh, absolutely. >> And, in fact, Fow-wad Boot from-- >> Kaiser. >> Kaiser Permanente, yeah. >> Specifically talked about this... He's looking in the stewards that he's hiring in his function. He's looking for people that have learned the fine art of influencing others. >> And I think it's a stretch for a lot of these folks. Another poll we did is, who comes from an engineering, technical background. A lot of hands in the room. And we're seeing more and more come from line of business, and more and more emphasize the relationship component of it, relationship skills, which is I think is very interesting. We also see a high number of women in CDO roles, as compared to other C-suite roles. And I like to think, perhaps, it has to do-- >> Jeff: Right, right. >> With the relationship component of it as well because it is... >> Jeff: Yeah, well-- >> Peter: That's interesting. I'm not going to touch it, but it's interesting (laughing). >> Well, no, we were-- >> (laughing) I threw it out there. >> We were at the Stanford-- >> No, no, we-- >> Women in Data Science event, which is a phenomenal event. We've covered it for a couple years, and Jayna George from Western Digital, phenomenal, super smart lady, so it is an opportunity, and I don't think it's got so much of the legacy stuff that maybe some of the other things had that people can jump in. Diane Green kicked it off-- >> Yeah. >> So I think there is a lot of examples women doing their own thing in data science. >> Yeah, I agree, and I'll give you another context. In another CUBE, another event, I actually raised that issue, relationships, because men walk into a room, they get very competitive very quickly, who's the smartest guy in the room. And on what days is blah, blah, blah. And we're talking about the need to forge relationships that facilitate influence. >> Absolutely. >> And sharing of insight and sharing of knowledge. And it was a woman guest, and she... And I said, Do you see that women are better at this than others? And she looked at me, she said, Well, that's sexist. (laughing). And it was! I guess it kind of was. >> Right, right. >> But do you... You're saying that it's a place where, perhaps, women can actually take a step into senior roles in a technology-oriented space. >> Yeah. >> And have enormous success because of some of the things that they bring to the table. >> Yeah, one quote stuck with me is, when someone comes in with great experience, really smart, Are they here to hurt me or help me? And the trust component of it and building the trust, And I think there is one event we do here, the second day of all of our CDO summits, so women in breakfast, the data divas' breakfast. And we explore some opportunities for women leaders, and it was well-attended by men and women. And I think there really is when you're establishing a data strategy for your entire organization, and you need lines of business to contribute money and funding and resources, and sign off, there is I feel sometimes like we're on the Hill. I'm back in D.C., working on Capitol Hill (laughing), and we're shopping around to deliver, so absolutely. Another tying back to what you mentioned about something that was surprising today, we started building out this trust as a service idea. And a couple people on panels mentioned thinking about the value of trust and how you instill trust. I'm hearing more and more about that, so that was interesting. >> We actually brought that up. >> Caitlin: Oh, did you! >> Yeah, we actually brought it up here in theCUBE. And it was specifically and I made an observation that when you start thinking about Watson and you start thinking about potentially-competitive offerings at some point in time they're going to offer alternative opinions-- >> Absolutely. >> And find ways to learn to offer their opinions better than their's just for competitive purposes. >> Absolutely. >> And so, this notion of trust becomes essential to the brand. >> Absolutely. >> My system is working in your best interest. >> Absolutely. >> Not my best interest. And that's not something that people have spent a lot of time thinking about. >> Exactly, and what it means when we say, when we work with clients and say, It's your data, your insight. So we certainly tap that information-- >> Sure. >> And that data to train Watson, but it's not... We don't to keep that, right. It's back to you, but how do you design that engagement model to fulfill the privacy concerns, the ethical use of data, establish that trust. >> Right. >> I think it's something we're just starting to really dig into. >> But also if you think about something like... I don't know if you ever heard of this, but this notion of principal agent theory. >> Umm-hmm. >> Where the principal being the owner, in typical-- >> Right. >> Economic terms. The agent being the manager that's working on behalf of the owner. >> Right. >> And how do their agendas align or misalign. >> Right. >> The same thing is just here. We're not talking about systems that have... Are able to undertake very, very complex problems. >> Right. >> Sometimes will do so, and people will sit back and say, I'm not sure how it actually worked. >> Yeah. >> So they have to be a good agent for the business. >> Absolutely, absolutely, definitely. >> And this notion of trust is essential to that. >> Absolutely, and it's both... It originated internally, right, trying to trust the answers you're getting-- >> Sure! >> On a client. Who's our largest... Where's our largest client opportunity, you get multiple answers, so it's kind of trusting the voracity of the data, but now it's also a competitive differentiator. As a brand you can offer that to your client. >> Right, the other big thing that came up is you guys doing it internally, and trying to drive your own internal transformation at IBM, which is interesting in of itself, but more interesting is the fact that (laughing) you actually want to publish what you're doing and how you did it-- >> Yeah. >> As a road map. I think you guys are calling it the Blueprint-- >> Yes. >> For your customers. And talk about publishing that actually in October, so I wonder if you can share a little bit more color around what exactly is this Blueprint-- >> Sure. >> How's it's going to be exposed? >> What should people look forward to? >> Sure, I'm very fortunate in that Inderpal Bhandari when he came on board as IBM's First Chief Data Officer, said, I want to be completely transparent with clients on what we're doing. And it started with the data strategy, here's how we arrived at the data strategy, here's how we're setting up our organization internally, here's how we're prioritizing selecting use cases, so client prefixes is important to us, here's why. Down at every level we've been very transparent about what we're doing internally. Here's the skill sets I'm bringing on board and why. One thing we've talked a lot about is the Business Unit Data Officer, so having someone that sits in the business unit responsible for requirements from the unit, but also ensuring that there's some level of consistency at the enterprise level. >> Right. >> So, we've had some Business Unit Data Officers that we've plucked (laughing) from other organizations that have come and joined IBM last year, which is great. And so, what we wanted to do is follow that up with an actual Blueprint, so I own the Blueprint for Inderpal, and what we want to do is deliver it along three components, so one, the technology component, what technology can you leverage. Two, the business processes both the CDO processes and the enterprise, like HR, finance, supply chain, procurement, et cetera. And then finally the organizational considerations, so what sort of strategy, culture, what talent do you need to recruit, how do you retain your existing workforce to meet some of these new technology needs. And then all the sort of relationship piece we were talking about earlier, the culture changes required. >> Right. >> How do you go out and solicit that buy-in. And so, our intent is to come back around in October and deliver that Blueprint in a way that can be implemented within organization. And, oh, one thing we were saying is the homework assignment from this event (laughing), we're going to send out the template. >> Right. And our version of it, and be very transparent, here's how we're doing it internally. And inviting clients to come back to say-- >> Right. >> You need to dig in deeper here, this part's relevant to me, along the information governance, the master data management, et cetera. And then hopefully come back in October and deliver something that's really of value and usable for our clients across the industry. >> So for folks who didn't make it today, too bad for them. >> Exactly, we missed them, (laughing) but... >> So what's the next summit? Where's it's going to be, how do people get involved? Give us a kind of a plug for the other people that wished they were here, but weren't able to make it today. >> Sure, so we will come back around in the fall, September, October timeframe, in Boston, and do our east coast version of this summit. So I hope to see you guys there. >> Jeff: Sure, we'll be there. >> It should be a lot of fun. And at that point we'll deliver the Blueprint, and I think that will be a fantastic event. We committed to 170 data executives here, which fortunately we were able to get to that point, and are targeting a little over 200 for the fall, so looking to, again, expand, continue to expand and invite folks to join us. >> Be careful, you're going to be interconnected before you know. >> (laughing) No, no, no, I want it small! >> (laughing) Okay. >> And then also as I mentioned earlier, we're starting to see more industry-specific financial services, government. We have a government CDO summit coming up, June six, seven, in Washington D.C. So I think that'll be another great event. And then we're starting to see outside of the U.S., outside of North America, more of the GO summits as well, so... >> Very exciting times. Well, thanks for inviting us along. >> Sure, it's been a great day! It's been a lot of fun. Thank you so much! >> (laughing) Alright, thank you, Caitlin. I'm Jeff Fricke with Peter Burris. You're watching theCUBE. We've been here all day at the IBM Chief Data Officer Strategy Summit, that's right the Spring version, 2017, in Fisherman's Wharf, San Francisco. Thanks for watching. We'll see you next time. (electronic music) (upbeat music)