(upbeat music) >> Okay, welcome back everyone. The cube coverage of AWS re:Mars, 2022. I'm John Furrier, host of theCUBE. We got Eric Foellmer, vice president of marketing at Boston Dynamics. Famous for Spot. We all know, we've seen the videos, zillion views. Mega views all over the internet. The dog robotics, it's famous. Rolls over, bounces up and down. I mean, how many TikTok videos are out there? Probably a ton. >> Oh, Spot is- Spot is world famous (John laughs) at this point, right? So it's the dance videos, and all the application videos that we have out there. Spot is become has become world famous. >> Eric, thanks for joining us on theCUBE here at re:Mars. This show really is back. There was still a pandemic hiatus there. But it's not a part of the re's. It's re Mars, reinforcement of security, and then reinvent the flagship show for AWS. But this show is different. It brings together a lot of disciplines. But it's converging in on what we see as the next general- Industrial space is a big poster child for that. Obviously in space, it's highly industrial, highly secure. Machine learning's powering all the devices. You guys have been in this, I mean a leader, in a robotics area. What's this show about? I mean, what's really happening here. What if you had to boil the essence of the top story of what's happening here? What would it be? >> So the way that I look at this show is it really is a convergence of innovation. Like this is really just the cutting edge of the innovation that's really happening throughout robotics, but throughout technology in general. And you know, part of this cultural shift will be to adopt these types of technologies in our everyday life. And I think if you ask any technology specialist here or any innovator here or entrepreneur. They'll tell you that they want their technologies to become ubiquitous in society, right? I mean, that's really what everyone is sort of driving towards from the perspective of- >> And we, and we got some company behind it. Look at this. >> Oh, there we go. >> All right. >> There's a (Eric laughs) There's one of our Spots. >> It's got one of those back there. All right so sorry to interrupt, got a little distracted by the beautiful thing there. >> So they're literally walking around and literally engulfing the show. So when I look at the show, that's what I see. >> Let's see the picture of- >> I see the future of technology. >> Get a camera on our photo bomb here going on. Get a photo bomb action. (Eric chuckles) It's just super exciting because it really, it humanizes, it makes you- Everyone loves dogs. And, you know, I mean, people have more empathy if you kicked Spot than, you know, a human. Because there's so much empathy for just the innovation. But let's get into the innovation because let's- The IOT tech scene has been slow. Cloud computing Amazon web services, the leader hyper scaler. They dominated the back office you know, data centers, all the servers, digital transformation. Now that's coming to the edge. Where robotics is now in play. Space, material handling, devices for helping people who are sick or in healthcare. >> Eric: Mhm. >> So a whole surge of revolutionary or transitionary technologies coming. What's your take on that? >> So I think, you know, data has become the driving force behind technology innovation. And so robotics are an enabler for the tech, for the data collection that is going to drive IOT and manufacturing 4.0 and other important edge related and, you know, futuristic technology innovations, right? So the driver of all of that is data. And so robots like Spot are collectors of data. And so instead of trying to retrofit a manufacturing plant, you know, with 30, 40, 50 year old equipment in some cases. With IOT sensors and, you know, fixed sensors throughout the network. We're bringing the sensors to the equipment in the form of an agile mobile robot that brings that technology forward and is able to assess. >> So explain that a little slower for me. So the one method would be retrofitting all the devices. Or the hardware currently installed. >> Eric: Sure. >> Versus almost like having a mobile unit next to it, kind of thing. Or- >> Right. So, I mean, if you're looking at antiquated equipment which is what most, you know, manufacturing plants are running off of. It's not really practical or feasible to update them with fixed sensors. So sensors that specifically take measurements from that machine. So, we enable Spot with a variety of sensors from audio sensors to listen for audio anomalies. Thermal detectors, to look for thermal hotspots in equipment. Or visual detectors, where it's reading analog gauges, that sort of thing. So by doing that, we are bringing the sensors to the machines. >> Yeah. >> And to be able to walk anywhere where a human can walk throughout a manufacturing plant. To inspect the equipment, take that reading. And then most importantly upload that to the cloud, to the users >> It's a service dog. >> you can apply some- >> It's a service dog. >> It really is. And it serves data for the understanding of how that equipment is operated. >> This is big agility for the customer. Get that data, agile. Talk about the cost impact of that, just alone. What the alternative would be versus say, deploying that scenario. Because I'd imagine the time and cost would be huge. >> Well, if you think, you know, about how much manufacturing facilities put into the predictive maintenance and being able to forecast when their equipment needs maintenance. But also when pieces of equipment are going to fail. Unexpected downtime is one of the biggest money drains of any manufacturing facility. So the ability to be able to forecast and get some insight into when that equipment is starting to perform less than optimally and start to degrade. The ability to forecast that in advance is massive. >> Well I think you just win on just in retrofit cost alone, nevermind the downside scenarios of manufacturing problems. All right, let's zoom out. You guys have been pioneers for a long time. What's changed in your mind now versus just a few years ago. I mean, look at even 5, 10 years ago. The evolution, cost and capability. What's changed the most? >> Yeah, I think the accessibility of robots has really changed. And we're just on the beginning stages of that evolution. We really are. We're at the precipice right now of robots becoming much more ubiquitous in people's lives. And that's really our foundation as a company. Is we really want to bring robots to mankind for the good of humanity, right? So if you think about, you know, taking humans out of harm's way. Or, you know, putting robots in situations where, you know, where it's assessing damage for a building, for example, right. You're taking people out of the, out of that harm's way and really standardizing what you're able to do with technology. So we see it as really being on the very entry point of having not only robotics, but technology in general to become much more prevalent in people's lives. >> Yeah. >> I mean, what, you know. 30 years ago, did you ever think that you would have the power of a supercomputer in your pocket to, you know. Which also happens to allow you to talk to people but it is so much more, right? So the power of a cell phone has changed our lives forever. >> A computer that happens to be a phone. You know, it's like, come on. >> Right. >> What's going on with that. >> That's almost secondary at this point. (John laughing) It really is. So, I mean, when you think about that transition from you know, I think we're at the cusp of that right now. We're at the beginning stages of it. And it's really, it's an exciting time to be part of this. An entire industry. >> Before I get your views on integration and scale. Because that's the next level. We're seeing a lot of action and growth. Talk about the use case. You've mentioned a few of them, take people out of harms way. What have you guys seen as use cases within Boston Dynamics customer base and or your partner network around use cases. That either you knew would happen, or ones that might have surprised you? >> Yeah. One of the biggest use cases for us right now is what we're demonstrating here at re:MARS. Which is the ability to walk through a manufacturing plant and collect data off various pieces of equipment. Whether that's pump or a gauge or seeing whether a valve is open or closed. These are all simple mundane tasks that people are, that manufacturers are having difficulty finding people to be able to perform. So the ability for a robot to go over and do that and standardize that process is really valuable. As companies are trying to collect that data in a consistent way. So that's one of the most prevalent use cases that we're seeing right now. And certainly also in cases where, you know, Spot is going into buildings that have been structurally damaged. Or, you know, assessing situations where we don't want people to be in harm's way. >> John: Yeah. >> You know- >> Bomb scares, or any kind of situation with police or, you know, threatening or danger situations. >> Sure. And fire departments as well. I mean, fire departments are becoming a huge, you know, a huge user of the robots themselves. Fire department in New York recently just adopted some of our robots as well. For that purpose, for search and rescue applications. >> Yeah. Go in, go see what's in there. See what's around the corner. It gives a very tactical edge capability for say the firefighter or law enforcement. I see that- I see the military applications must be really insane. >> Sure. From a search and rescue perspective. Absolutely. I mean, Spot helps you put eyes on situations that will allow a human to be operating at a safe distance. So it's really a great value for protecting human life and making sure that people stay out of harm's way. >> Well Eric, I really appreciate you coming on theCUBE and sharing your insight. One other question I'd like to ask if you don't mind is, you know. The one of the things I see next to your booth is the university piece. And then you see the Amazon, you know, material management. I don't know what to call it, but it's pretty impressive. And then I saw some of the demos on the keynotes. Looking at the scale of synthetic data. Just it's mind blowing what's going on in manufacturing. Amazon is pretty state of the art. I'm sure there are a customer of yours already. But they look complex these manufacturing sites. I mean, it looks like a maze. So how do you... I mean, I could see the consequences of something breaking, to be catastrophic. Because it's almost like, it's so integrated. Is this where you guys see success and how do these manufacturers deal with this? What's the... Is it like one big OS? >> Yeah, so the robots, because the robots are able to act independently. They can traverse difficult terrain and collect data on their own. And then, you know, what happens to that data afterwards is really up to the manufacturing. It can be delivered from the cloud and you can, it can be delivered via the edge. You know, edge devices and really that's where some of the exciting work is being done right now. Because that's where data can scale. And that's where robot deployments can scale as well, right? So you've got instead of a single robot. Now you have an operator deploying multiple robots. Monitoring, controlling, and assessing the data from multiple robots throughout a facility. And it really helps to scale that investment. >> All right, final question for you. This is personal question. Okay, I know- Saw your booth over there. And you have a lot of fan base. Spot's got a huge fan base. What are some of the crazy things that these nerd fans do? I mean, everyone get selfies with the Spot. They want to- I jump over the fence. I see, "Don't touch the dog." signs everywhere. The fan base is off the charts. What are the crazy things that people do to get either access to it. There's probably, been probably some theft, probably. Attempts, or selfies. Share some funny stories. >> I'll say this. My team is responsible for fielding a lot of the inbound inquiries that we get. Much of which comes from the entertainment industry. And as you've seen Spot has been featured in some really prominent, you know, entertainment pieces. You know, we were in that Super Bowl ad with Sam Adams. We were on Jimmy Kimmel, you know, during the Super Bowl time period. So the amount of entertainment... >> Value >> Pitches. Or the amount of entertainment value is immeasurable. But the number of pitches that we turn down is staggering. And when you can think about how most companies would probably pull out all the stops to take, you know. To be able to execute half the things that we're just, from a time perspective, from a resource perspective >> Okay, so Spots an A- not always able to do. >> So Spots an A-lister, I get that. Is there a B-lister now? I mean, that sounds like there's a market developing for Spot two. Is there a Spot two? The B player coming in? Understudy? >> So, I mean, Spot is always evolving. I think, you know, the physical- the physical statue that you see of Spot right now, Is where we're going to be in terms of the hardware, but we continue to move the robot forward. It becomes more and more advanced and more and more capable to do more and more things for people. So. >> All right. Well, we'll roll some B roll on this, on theCUBE. Thanks for coming on theCUBE. Really appreciate it. Boston Dynamics here in theCUBE, famous for Spot. And then here, the show packed here in re:MARS featuring, you know, robotics. It's a big feature hall. It's a set piece here in the show floor. And of course theCUBE's covering it. Thanks for watching. More coverage. I'm John Furrier, your host. After the short break. (upbeat music)

>> Announcer: From Miami Beach, Florida, it's The Cube, covering Acronis Global Cyber Summit 2019. Brought to you by Acronis. >> Welcome back everyone. We are here with The Cube coverage for two days. We're wrapping up, getting down on day one in the books for the Acronis Global Cyber Summit 2019. I'm John Furrier, your host of The Cube. We are in Miami Beach, the Fontainebleau Hotel. I'm personally excited for this next guest because I'm a huge Red Sox fan, even though I got moved out to California. Giants is in a different area. National League is different than American League, still my heart with the Red Sox. And we're here with an industry veteran, seasoned professional in IT and data, Brian Shield. Boston Red Sox Vice President of Technology and IT. Welcome to The Cube, thanks for joining us. >> Thank you. It's great to be here. >> John: So congratulations on the rings. Since I moved out of town, Red sox win their World Series, break the curse of the Bambino. >> Hey we appreciate that. Thank you. >> My family doesn't want me back. You got to show >> Yeah, maybe I'll put this one up for the, maybe someone can zoom in on this. Which camera is the good one? This one here? So, there ya go. So, World Series champs for at least for another week. (laughter) >> Bummer about this year. Pitching just couldn't get it done. But, good team. >> Happens. >> Again, things move on, but you know. New regime, new GM going to come on board. >> Yup. >> So, but in general, Red Sox, storied franchise. Love it there. Fenway Park, the cathedral of baseball parks. >> Brian: Defnitely. >> And you're seeing that just play out now, standard. So just a great place to go. We have tickets there. So, I got to ask you. Technology, sports, really is modernized faster than I think any category. And certainly cyber security forced to modernize because of the threats. But sports, you got a business to run, not just IT and making the planes run on time. >> Sure. >> Scouts, money, whatever. >> Fans. >> You got fan experience. >> Stadium opportunities. >> Club management, scouts are out there. So you got business, team, fans. And data's a big part of it. That's part of your career. Tell us what the cutting edge innovation is at the Red Sox these days. >> I think baseball in general, as you indicated, it's a very evolving kind of environment. I mean historically I think people really sort of relish the nostalgia of sports and Fenway Park being as historic as it is, was probably the pinnacle of that, in some respects. But Red Sox have always been leaders and baseball analytics, you know. And everyone's pretty familiar with "Moneyball" and Brad Pitt. >> John: Is that a true story, he turned down the GM job? >> I'm told it is. (laughter) I don't know if I fully vetted that question. But over the last six, seven years, you know we've really turned our attention to sort of leveraging sort of technology across the businesses, right? Not just baseball and analytics and how we do scouting, which continues to evolve at a very rapid pace. But also as you pointed out, running a better business, understanding our fans, understanding fan behavior, understanding stadiums. There's a lot of challenges around running an effective stadium. First and foremost to all of us is really ensuring it's a great fan experience. Whether it's artificial intelligence, or IoT technologies or 5G or the latest Wifi, all those things are coming up at Fenway Park. You and I talked earlier about we're about to break ground for a new theater, so a live theater on the outside, beyond the bleachers type of thing. So that'll be a 5,400-seat arena, 200 live performances a year, and with e-sports, you know, complementing it. It just gives you an example of just how fast baseball is sort of transitioning. >> And the theater, is that going to be blown out from where that parking garage is, structure and going towards >> So the corner of Landsdown and Ipswich, if you think of that sort of corner back there, for those that are familiar with the Fenway area. So it's going to be a very big change and you'll see the difference too from within the ballpark. I think we'll lose a couple of rows of the bleachers. That'll be replaced with another gathering area for fans and things like that, on the back end of that theater. So build a great experience and I think it really speaks to sort of our ability to think of Fenway as more of a destination, as a venue, as a complementary experience. We want people to come to the area to enjoy sports and to enjoy entertainment and things. >> You know Brian, the consumerization of IT has been kicked around. Last decade, that was a big buzzword. Now the blending of a physical event and digital has certainly consumed the world. >> Absolutely. >> And we're starting to see that dynamic. You speak to a theater. That's a physical space. But digital is also a big part of kind of that complementary. It's not mutually exclusive for each other. They're integrated business models. >> Absolutely. >> So therefore, the technology has to be seamless. The data has to be available. >> Yup. >> And it's got to be secure. >> Well the data's got to be ubiquitous, right? I mean you don't want to, if we're going to have fans attending theater and then you're going to go to Fenway Park or they leave a game and then go to some other event or they attend a tour of Fenway Park, and beyond maybe the traditional what people might think about, is certainly when you think about baseball and Fenway Park. You know we have ten to twelve concerts a year. We'll host Spartan games, you know. This Christmas, I'm sorry, Christmas 2020 we now have sort of the Fenway Bowl. So we'll be hosting the AAC ACC championship games there with ESPN. >> John: Hockey games? >> Hockey games. Obviously we have Liverpool soccer being held there so it's much more of a destination, a venue for us. How we leverage all the wonderful things about Fenway Park and how we modernize, how we get basically the best of what makes Fenway Park as great as it is, yet as modern as we can make it, where appropriate to create a great fan experience. >> It's a tough balance between balancing the brand and having things on brand as well. >> Sure. >> Does that come into your job a lot around IT? Saying being on brand, not kind of tearing down the old. >> Yeah absolutely. I think our CEOs and leadership team, I mean it's not success for us if you pan to the audience and everyone is looking at their phone, right? That's not what we aspire to. We aspire to leverage technology to simplify people's experience of how do you get to the ballpark, how do I park, how do I get if I want to buy concessions or merchandise, how do I do it easily and simply? How do we supplement that experience with maybe additional data that you may not have had before. Things like that, so we're doing a lot of different testing right now whether it's 4D technologies or how we can understand, watch a play from different dimensions or AI and be able to perhaps see sort of the skyline of Boston since 1912, when Fenway Park launched... And so we sort of see all these technologies as supplemental materials, really kind of making it a holistic experience for fans. >> In Las Vegas, they have a section of Las Vegas where they have all their test beds. 5G, they call it 5G, it's really, you know, evolution, fake 5G but it's a sandbox. One of the challenges that you guys have in Boston, I know from a constraint standpoint physically, you don't have a lot of space. How do you sandbox new technologies and what are some of the things that are cool that people might not know about that are being sandboxed? So, one, how do you do it? >> Yeah. >> Effectively. And then what are some of the cool things that you guys are looking at or things they might not know about that would be interesting. >> Sure. Yeah so Fenway Park, we struggle as you know, a little bit with our footprint. You know, honestly, I walk into some of these large stadiums and I get instant jealousy, relative to just the amount of space that people have to work with and things. But we have a great relationship with our partners so we really partner, I think, particularly well with key partners like Verizon and others. So we now have 5G partially implemented at Fenway Park. We expect to have it sort of fully live come opening day next year. So we're really excited about that. We hope to have a new version of Wifi, the latest version of Wifi available, for the second half of the year. After the All-Star Break, probably after the season's over. But before our bowl game hopefully. We're looking at some really interesting ways that we can tease that out. That bowl game, we're really trying to use that as an opportunity, the Fenway Bowl, as an opportunity to make it kind of a high-tech bowl. So we're looking at ways of maybe doing everything from hack-a-thons to a pre-egaming sort of event to some interesting fan experiential opportunities and things like that. >> Got a lot of nerds at MIT, Northeastern, BU, Bentley, Babson, all the schools in the area. >> Yeah, so we'll be reaching out to colleges and we'll be reaching out to our, the ACC and AACs as well, and see what we can do to kind of create sort of a really fun experience and capitalize on the evolving role of e-sports and the role that technology can play in the future. >> I want to get to the e-sports in a second but I want to just get the plug in for Acronis. We're here at their Global Cyber Summit. You flew down for it, giving some keynote speeches and talks around security. It's a security company, data protection, to cyber protection. It is a data problem, not a storage appliance problem. It's a data problem holistically. You get that. >> Sure. Sure. >> You've been in the business for a long time. What is the security kind of posture that you guys have? Obviously you want to protect the data, protect privacy. But you got to business. You have people that work with you, supply chain, complex but yet dynamic, always on environment. >> That's a great question. It's evolving as you indicated. Major League Baseball, first and foremost, does an outstanding job. So the last, probably last four plus years, Major League Baseball has had a cyber security program that all the clubs partake in. So all 30 clubs are active participants in the program. They basically help build out a suite of tools as well as the ability to kind of monitor, help participate in the monitoring, sort of a lot of our cyber security assets and logs And that's really elevated significantly our posture in terms of security. We supplement that quite a bit and a good example of that is like Acronis. Acronis, for us, represents the ability for us to be able to respond to certain potential threats like ransom-ware and other things. As well as frankly, what's wonderful about a tool like this is that it allows us to also solve other problems. Making our scouts more efficient. We've got these 125 scouts scattered around the globe. These guys are the lifeblood of our, you know, the success of our business. When they have a problem, if they're in Venezuela or the Dominican or someplace else, in southeast Asia, getting them up and running as quickly as we can, being able to consume their video assets and other things as they're scouting prospects. We use Acronis for those solutions. It's great to kind of have a partner who can both double down as a cyber partner as well as someone who helps drive a more efficient business. >> People bring their phone into the stadiums too so those are end points now connecting to your network. >> Definitely. And as you pointed out before, we've got great partnerships. We've got a great concession relationship with Aramark and they operate, in the future they'll be operating off our infrastructure. So we're in the point of rolling out all new point-of-sale terminals this off-season. We're excited about that 'cause we think for the first time it really allows us to build a very comprehensive, very secure environment for both ourselves and for all the touchpoints to fans. >> You have a very stellar career. I noticed you were at Scudder Investments back in the '80s, very cutting-edge firm. FTD that set the whole standard for connecting retailers. Again, huge scale play. Can see the data kind of coming out, they way you've been a CIO, CTO. The EVP CIO at The Weather Channel and the weather.com again, first mover, kind of pioneer. And then now the Red Sox, pioneering. So I got to ask you the modernization question. Red Sox certainly have been cutting-edge, certainly under the last few owners, and the previous Henry is a good one, doing more and more, Has the business model of baseball evolved, 'cause you guys a franchise. >> Sure. >> You operate under the franchisor, Major League Baseball, and you have jurisdictions. So has digital blurred the lines between what Advanced Media unit can do. You got communities developing outside. I watch the games in California. I'm not in there but I'm present digitally. >> Sure. Sure. >> So how has the business model flexed with the innovation of baseball? >> That's a great question. So I mean, first off, the relationship between clubs like ours and MLB continue to evolve. We have a new commissioner, relatively new commissioner, and I think the whole one-baseball model that he's been promoting I think has been great. The boundaries sometimes between digital assets and how we innovate and things like that continues to evolve. Major League Baseball and technology groups and product groups that support Major League Baseball have been a fantastic partner of ours. If you look at some of the innovations with Statcast and some of the other types of things that fans are now becoming more familiar with. And when they see how fast a runner goes or how far a home run goes and all those sort of things, these kinds of capabilities are on the surface, but even like mobile applications, to make it easy for fans to come into ballparks and things like that really. What we see is really are platforms for the future touchpoints to all of our customers. But you're right, it gets complicated. Streaming videos and people hadn't thought of before. >> Latin America, huge audience for the Red Sox. Got great players down there. That's outside the jurisdiction, I think, of the franchise agreement, isn't it? (laughs) >> Well, it's complicated. As this past summer, we played two games in England, right? So we enjoy two games in London, sadly we lost to the Yankees in both of those, but amazing experience and Major League Baseball really hats off to those guys, what they did to kind of pull that together. >> You mentioned Statcast. Every year when I meet with Andy Jassy at AWS, he's a sports fan. We love to talk sports. That's a huge, kind of shows the power of data and cloud computing. >> No doubt. >> How do you guys interface with Statcast? Is that an Amazon thing? Do they come to you? Are they leveraging dimensions, camera angles? How does that all work? Are you guys involved in that or? >> Brian: Oh yeah, yeah. >> Is that separate? >> So Statcast is just one of many data feeds as you can imagine. One of the things that Major League Baseball does is all that type of data is readily available to every club. So every club has access to the data. The real competitive differentiator, if you will, is how you use it internally. Like how your analysts can consume that data. We have a baseball system we call Beacon. We retired Carmine, if you're familiar with the old days of Carmine. So we retired Carmine a few years ago with Beacon. And Beacon for us represents sort of our opportunity to effectively collapse all this information into a decision-making environment that allows us to hopefully to kind of make the best decisions to win the most games. >> I love that you're answering all these questions. I really appreciate it. The one I really want to get into is obviously the fan experience. We talked about that. No talent on the field means no World Series so you got to always be constantly replenishing the talent pool, farm system, recruiting, scouting, all these things go on. They're instrumental. Data's a key driver. What new innovations that the casual fan or IT person might be interested in what's going on around scouting and understanding the asset of a human being? >> Right. Sure. I mean some of this gets highly confidential and things, but I think at a macro level, as you start to see both in the minor leagues and in some portions of the major leagues, wearable technologies. I think beyond just sort of player performance information that you would see traditionally with you might associate it with like Billy Beane, and things like that with "Moneyball" which is evolved obviously considerably since those days. I mean understanding sort of player wellness, understanding sort of how to get the most out of a player and understanding sort of, be able to kind of predict potential injuries and accelerate recoveries and being able to use all of this technology where appropriate to really kind of help sort of maximize the value of player performance. I mean, David Ortiz, you know, I don't know where we would have been in 2018 without, you know, David. >> John: Yeah. >> But like, you know >> Longevity of a player. >> Absolutely. >> To when they're in the zone. You wear a ring now to tell you if you're sleeping well. Will managers have a visual, in-the-zone, don't pull 'em out, he can go an extra inning? >> Well, I mean they have a lot of data. We currently don't provide all that data to the clubhouse. I mean, you know, and so If you're in the dugout, that information isn't always readily available type of thing. But players know all this information. We continue to evolve it. At the end of the day though, it's finding the balancing act between data and the aptitudes of our coaching staff and our managers to really make the wise decisions. >> Brian, final question for you. What's the coolest thing you're working on right now? Besides the fan having a great experience, 'cause that's you kind of touched on that. What's the coolest thing that you're excited about that you're working on from a tech perspective that you think is going to be game-changing or interesting? >> I think our cloud strategy coming up in the future. It's still a little bit early stage, but our hope would be to kind of have clarity about that in the next couple months. I think is going to be a game-changer for us. I think having, you know, we enjoy a great relationship with Dell EMC and yet we also do work in the cloud and so being able to leverage the best of both of those to be able to kind of create sort of a compelling experience for both fans, for both player, baseball operations as well as sort of running an efficient business, I think is really what we're all about. >> I mean you guys are the poster child for hybrid cloud because you got core, data center, IoT, and >> No doubt. So it's exciting times. And we're very fortunate that with our relationship organizations like Dell and EMC, we have leading-edge technologies. So we're excited about where that can go and kind of what that can mean. It'll be a big step. >> Okay two personal questions from me as a fan. One is there really a money-counting room like in the movie "The Town"? Where they count a big stack of dollar bills. >> Well, I'm sure there is. I personally haven't visited it. (laughs) I know it's not in the room that they would tell you it is on the movie. (laughter) >> And finally, can The Cube get press passes to cover the games, next to NESN? Talk tech. >> Yeah, we'll see what we can do. >> They can talk baseball. We can talk about bandwidth. Right now, it's the level five conductivity. We're looking good on the pipes. >> Yeah we'll give you a tech tour. And you guys can sort of help us articulate all that to the fans. >> Thank you so much. Brian Shield, Vice President of Technology of the Boston Red Sox. Here talking about security and also the complications and challenges but the mega-opportunities around what digital and fan experiences are with the physical product like baseball, encapsulates kind of the digital revolution that's happening. So keep covering it. Here in Miami, I'm John Furrier. We'll be right back after this short break. (techno music)

from Boston Massachusetts it's the cube covering wtg transform 2018 brought to you by Winslow technology group welcome back I'm Stu minimun and you're watching the cube at wtg transform 2018 happy to welcome to the program two gentlemen from the Boston Architectural College to my left is Carl Jasperson who is the systems administrator and to his left is Jason O'Brien who's the director of IT gentlemen thanks so much for joining us thank you for having us all right so Jason why don't we start with you help us power up this conversation to tell us a little bit about the college so Boston Architectural college we started in the late 1800s it's a small design at school and we offer programs in landscape interior and traditional architecture yeah so I love that to talk to a little bit more about you know that the charter of the school and how IT fits into that so we we are a mission of the schools to provide excellent education to a diverse population technology factors in is very important and over the last ten years the Carll I've been at the school technology has use has increased immensely our students are using it more and more every year and meeting those needs has become you know difficult and it's a challenge we we strive to achieve every year well Design Thinking is is so important these days I I studied engineering as an undergrad in which I've learned more about design one of my favorite authors so I have an interview about a month ago Walter Isaacson you know the ones he studies are the ones that can take that design thinking and technology and bring them together Carles bring us up to speed on from from the IT standpoint you know how big of a team do you have what are you involved with I said you know things have been changing over the last few years yeah so I mean we've got Jason in addition to running the department he runs our online learning system I'm responsible for all the backend its infrastructure servers networking backup virtualization we recently hired a junior systems administrator to help me out we've got a web guy we've got a DBA to the woodshop is under IT because we have a fabrication guy so 3d printing laser cutting we have the help desk and the help desk manager who also does our purchasing and she and I will take escalations so it's there's not a lot of crossover you know skill crossover in the group but we managed to keep everything going yeah but as you said they've been you know woodworking not something you think of in Italy as you know an IT thing IT an OT or you know really converging a lot when you talk about manufacturing as you know we talk about sensors and IOT it's it's hitting everywhere yeah for us you know 3d printing and laser cutting and we also have a CNC router they all started as experiments at the school and have turned into a major factor in for our students it's a resource that they demand and the increasing use every single year and how we meet those demands is is becoming tricky to accomplish in our you know we're in the Back Bay real estate is very expensive and we have to make our space do amazing things Jason that's great points I mean I've talked to lots of higher education and even you talk to the K 2 through 12 it was you know what mobility has had a huge impact you know therefore stresses and strains on wireless you know how do I get devices into the classroom how do I manage it I had gentleman from bu who's here at the show last year we were talking a lot about MOOCs so you know it's that that role of i TS but it's expanding but luckily they're throwing way more money at you I'm sure well we've been flat headcount over the last eight years we lost someone last year and gain someone this year so you know we we basically have to do more with less every year like most IT departments so you know we've we redesign our spaces periodically to meet those our students needs you know and turn returning what was labs just computer labs into more flexible space where students are can move the tables around and you the computers are available sometimes there we have high end alien wares in a in a cabinet they pull out news or they can use it to make models we have they can put up their designs on a 3d TV they're using VR headsets to walk around their own designs it's really fascinating where the technologies okay I wish we could spend more time anywhere in VR stuff and everything like that our production crews gamers my son's into this stuff but but Karl I'm hearing things like space constrained we need to do more with less we need to simplify this environment wow that seems like a really good set up for kind of infrastructure modernization so how long have you guys been there about 10 years right yeah so it's a change don't want one in ten years so walk us back 10 years ago and give us that point when you went to modernize yeah well when we started there's no virtualization 3 server racks in a room in the basement for 10 years that we've been there there's been water in that room twice so that always gave us the warm fuzzies you're saying it wasn't water cooling I mean no we tried for that but it didn't you know it didn't work out last year we moved to Colo facility in Summerville so and by the time we did that move yeah we did we started virtualization with VMware like three five within a year or two of me starting and the racks got you know less and less full and now in the fall we rolled out VX rail and we're in a single rack in a data center and there's I think three physical servers in that rack that aren't the VX rail at this point so it's it's consolidation power savings stuffs in a much better physical location than it used to be moving that server room out we were able to free up that space for you know the students to be able to have it's a it's a meditation space now so it's it's been really interesting kind of going through all that great what I wanted you know we don't have a ton of time but let's talk about that VX rail was your team were you looking for HCI was it you know just time for a server refresh you know what what kind of led to that was there a specific application that you started with so this event two years ago we saw Brian from bu give this presentation on their tan and that really turns us on to the whole hyper-converged option we we worked with Winslow we actually talked to another vendor and we looked at Nutanix we looked at pivot three we looked at rolling our own you know visa non FX 2 and after kind of comparing everything and seeing the pros and cons VX rail made the most sense from management perspective and a price perspective our old cluster was coming up on the five-year mark things were going out of warranty we had ecologic sand with 7200 rpm drives one gig I scuzzy just flow for most of its life we were just doing lightweight servers and applications two years ago we needed to virtualize our database server and we threw her Knicks in there with 800 gig on VM e drives and that was a great stopgap but you know we we needed something more permanent more robust - that's how we got to be X ray from a management standpoint the hyper-converged model gave us more flexibility it's easier to expand and since we're small we're not talking about you know racks and racks working together ryote you started with just three hosts so from a overview standpoint it's easy for us as we grow to just add another node and we get the compute we get the storage and we get the memory all at once as an expansion so it's the model is just fantastic for our workload that we put on it we've got like 70 servers in there the only stuff that's not in there yet is our student file server and exchange and they're going in there in the next six months yeah yeah good great and that's so so it sounds like you're real happy with the solution you've been with Dell for four years so from an Operations standpoint was there you know a lot of steep learning curve or was this pretty straightforward and very easy I mean I was I was already really familiar with the VMware piece going into this so that you know that wasn't a big deal we were already on Ruby sphere 6 and we started in the it's row of B so 6px role manager is it's kind of a stupid easy interface you know you can go in you can see are there alerts is there an update you know can it see my hardware is all that good there's not a whole lot to learn from there if we were doing V San on our own my understanding is that some a lot more complicated to stand up once you have it going you're good until you try to make a change so the VX rail manager extract abstracts all that away and just kind of gives you the the VMware experience that you're used to yeah any commentary on the economic service you know we actually found it was very interesting because our original assessment of our own needs were there was no way we could afford all flash and we started we focused exclusively on hybrid solutions and after a certain point we saw I think a presentation from Rick on the external platform and we saw the VX rail as inline dedupe and compression with the all flash and we thought wait maybe we could make this work with all flash and so we actually had a very slight reduction in RAW storage in our new platform but the percentage that we're actually consuming is far less than on our old platform simply because of those gains and it is the performance is far far faster and it's a we've just been very pleased with the implementation from a cost perspective the all-flash VX rail came in under the hybrid pivot 3 and the hybrid Nutanix products so you know we it was a huge win from that perspective we were shocked we could be able to do it thrilled with it ok final word it sounds like you're real happy with the solution when it smoothly operates well economics were good what final takeaways would you give for your peers I mean I'd say the implementation was you know the VX rail platform the the installation is as advertised it was it's basically a wizard that walks you through the installation process the very few minor issues we encountered the winslow team and the is EMC no support support people had no problem solving for us it was really a pretty easy migration to the new platform and we were able to do it with essentially zero downtime yeah awesome well gentlemen thanks so much for joining that's the promise is to get that easy button for IT HD I definitely helping to move in that direction next time we'll get to talk a little bit more about cloud and everything like that be back with lots more coverage here from wtg transform 2018 I'm Stu minimun thanks for watching the Q

from Boston Massachusetts it's the cube covering wtg transform 2018 brought to you by Winslow technology group welcome back I'm Stu minimun and this is the cube coverage of wdg transform 2018 I'm happy to welcome back to the program probably an interesting who's come all the way from Boston University he said three blocks away about three blocks why yes all right Brian's the director of College of Arts and Sciences information technology great to see you again thank you all right back so good news is we spoke it was just about a year ago it was August last year it's June this year I'm sure nothing's changed in your environment you know students never change technology never changes there's a little bit of change on your end a little bit a little bit last year we'd spoke of quite a bit about hyperconvergence and what's that's gonna mean in terms of Education and how we deliver that and what the experience could be like for these students and I think at this point we're satisfied with everything that Nutanix has brought to us we've deployed VDI and a couple of large deployments for whole bunch of classes so we decided to reassess and reevaluate work what we're doing this year and now we move on to application development that's great so we get many ways they say you need to modernize your platform and then once you do that we can look at what the long haul 210 which is really at the application side right exactly once we knew what we had what we could possibly do with it we decided to move forward and figure out what else can we change and we had a lot of legacy applications for the business and so this past year we hired a developer who's focusing solely on docker izing our applications so we're deploying docker and a whole bunch of applications within the college and then we're going to be doing kubernetes deployment later this year ok and let's be clear where does this live you know is this on the Nutanix platform is it in you know service riders public clouds where does this span because kubernetes can live in all of those environments in the containerized stuff at Casa and currently it's all contained within a handful of VMs within our Nutanix server environment ok we're planning on looking at calm and use using natural blueprints to deploy kubernetes and docker down the road ok so I've got the Nutanix platform what hypervisor am i using HP ok so using the HP using which of courses Newt annexes comes on on the platform and then you know in the VMS you're using containers we are um have you looked at bare metal um you know because that's one of the discussions is like well if I'm doing containers you know do I just do that on Linux on bare metal or do I do it virtual is a virtualized and there's there's pluses and minuses for each of those we did a few of the pluses that my sis had means really enjoy is when our developer is going to go crazy and do new things we can make snapshot so if he happens to do something to the environment we can restore it in ten minutes and I think as far as my developer is concerned he doesn't want to have to rebuild the environment every time he makes a mistake he's had a few close calls so far and having HP and the ability to snapshot restore it's been awesome for him okay what insight can you give us about what you know what sort of applications are they building and you said Dockers in two minute Kruger burn Eddie's you know are they building their own stack are they leveraging you know how are they getting to that state well we're taking some business apps that were focusing on both student and faculty applications dealing with various components of each and he's pulling them apart to figure out what components go into the docker containers what do we have to still reside in VMs for security and long-term use and try to figure out how to reimagine the application stack to move forward we're starting to look at reusing components that he's developing and I'm hoping that we have a lot of pieces that we can do that with so we have a lot of applications to rewrite okay and just to drill in a little bit because I've got we've got a team of the cube that's gonna be at docker con next week I've been go to the kubernetes show for a while so when you say docker are you using just the free containers which is now called mobi or using the dr. CEO as part of that I actually can't tell you that because that's miss all my developers work I did so they're using docker as you said it's like the Kleenex and do you know from kubernetes standpoint have they just built their own do you have a distribution or a platform that you just do Tanic we just downloaded the distro from kubernetes instead of a small cluster himself we're going to be looking at using calm to do a deployment on their channels natively okay really interesting stuff what what is you know you talked a bit about you know you can give a little bit of stability and recovery and things like that for your developers to be able to play in that sandbox is what gives us a little bit of the roadmap as to you know how long do they play with this and then you know how does this roll out for the university so we're looking at probably a three to six month development cycle on a lot of new applications right now part of my developers job is to try to figure out how this environments going to work my sis admins are deeply engaged with him but since most of doctrine kubernetes is developed with faced he has to do most of the legwork and figure out how it's all gonna work and so we're hoping to leverage Nutanix to have multiple environments all with the same back-end so we have dev tests and production all in the same hardware but different pieces of actually physical clusters that'll be separated so he doesn't mess around the production all too much but set up a baseline that we can use to short that development cycle even further yeah one of the things we always look at is right you've got your developers doing their thing how does that fit with the operation side is it DevOps even I interviewed Solomon hikes last year that was the founder of docker and he said actually it was an operation mindset that I had when I created this container format how are you seeing it's actually great you're all working together you're you're in discussion there do you have a DevOps rollout and what you're doing or you do you keep it separate I still keep them somewhat separate but my administrators are writing a little bit more code and scripting than they used to and I think in general that's going to be the in the entire industry where you can't just look at and have your developer do everything in docker and not understand how it works Brian talk to us about your partners for doing this how involved are the likes of Nutanix and Winslet technology and you know in Dell in this discussion of the containers agent and your developers Nutanix we've been utilizing a lot of documentation and we're gonna be leveraging them a lot when we start to look at com Winslow's we haven't really talked to them about it to be honest we probably should because they might have some ideas and other partners we can talk to Dell in it there's really just a hardware to run everything on that's stable we don't have to worry about it I'm so happy with that yeah that's not in any you know oh I don't need to worry about them there's certain pieces we always look at and I'd love your feedback on this if you know when we virtualized first and now even when we containerize how much don't I need to worry about the infrastructure I mean remember back you know 15 years ago it's like oh I'll virtualized that well have you checked the BIOS because the BIOS might not work and the server could break things the OS could cause problem you know virtualization relatively stable these days how are you finding the container stuff it's really interesting and very very unique to virtualize a virtualized environment even further it's it's kind of mind-blowing just I've been doing this for twenty years and this is much further than I've ever expected the industry to go oh yeah just wait and it's you go even further than kubernetes it's like wait is it on top of underneath or side by side with the technologies you're doing from a Cooper nettie standpoint you said today it's all in the note annex what's the value of kubernetes for you is it just kind of the cluster orchestration of containers or you know are you is its portability a piece even part of the concern that you look at there oh it's it's mostly from portability part of the applications that we're looking at down the road are going to be vertical applications especially some student facing ones and certain times of the year we're gonna have to go from maybe a hundred people logged in to several thousand at the same time so we're hoping to stand up something that we can easily move to a cloud provider and still work the same way that we're expecting it to and so I think kubernetes along with the orchestration internally on-prem it's gonna be a huge benefit for us to know the environment it's gonna be exactly the same when we move it to Amazon or Google or adder all right so so Brian you're still kind of in the thick of it here but from what you've learned so far any any learnings or things that you'd recommend to your peers that oh wait if I could turn back the clock three months I might have adjusted or pointed things in a different direction yes yeah well when our developer started he focused more on getting an application up and running before starting to learn docker I would encourage anybody that's just starting down the road get your developer learning doctor and kubernetes first because they might want to rewrite what they're doing in the application okay well Brian this has been fascinating want to give you the final word is that you look out through the rest of the year so it's a lot you know so far since last time we talked but by the time we come around next year you'll be all serverless and you know deploying things off side the globe I'm assuming but I have no idea if you told me your ago that we're gonna be doing what we're doing now I wouldn't believe you it's it's a fantastic journey it's it's amazing what we learn every day all right well Brian appreciate you sharing some of the learnings as we go it's one of the reasons we come to events like this I know yourself to talk to your peers here what's going out thank you for moving forward with thank you all right plus more coverage here at wtg transform 2018 I'm Stu minimun and thanks for watching the Q

>> Announcer: From Gillette Stadium, in Foxborough, Massachusetts, it's theCUBE. Covering VTUG Winter Warmer, 2018. Presented by Silicon Angle. (upbeat music) >> Hi, I'm Stu Miniman, and this is the VTUG Winter Warmer 2018. Happy to welcome to the program Tom Rasmussen, who's an IT director, and an instructor at JATC of Greater Boston. Tom, thanks for joining me. >> Thank you. >> OK, so you wear a couple of hats, like many people in IT. Tell us a little bit about your background and your organization. >> So my background, I come from the electrical engineering, that's my degree, so I used to like the chip-level stuff. And then as time went, I got into computers, networking, and so I kind of, my background is in the server side of it, you know, the Novell, the Microsoft days. And as I became an instructor, because I actually had a service call to the school, and they said, "Oh, you know something "about computers and networking, "would you like to teach here?" And of course, 20-something years later, I'm now the IT director, and part-time instructor. >> Yeah, so I want to dig into both of those. Why don't we start with your IT hat, there? Tell us a little bit about the organization, what kinds of things you deal with, some of kind of the biggest challenges on your plate. >> Yeah, so we're the trade school for the local IBEW in Boston, we've got about 12 to 1,500 apprentices in the school, both electrician and telecommunication. And it's a five-year program, and one of the biggest challenges that kind of brought me on board was just the management of the computer systems. They need someone, you know, they had these computer labs that, as the students did things to them, they no longer worked, and so that machine went off, and that machine, and, you know, they didn't have a full-time IT person, so it was like, OK, this weekend, we're going to re-do everything and so on and so on. Part of me coming on was we implemented a VDI environment, where you might think of it as a cost-type thing, but it was really just a management, where we could manage the desktop, manage the experience. And we're about two years into it, and it's been successful, but it's challenging. >> Yeah, you bring up a real good point, though. When people tend to go in from a cost-savings, a lot of times, they'll be disappointed. There really needs to be some kind of transformational, solving some real business problems, and it sounds like you had that well identified, and while there's always, oh, I've got to fine-tune the performance, oh, the network's got issues, you know, so many devices, and what do I deal with, and churn of what's going on there, it's, you know, changing the paradigm of management, you no longer have, probably, you, running around from all of these places, constantly fiddling with all of these boxes too, I think it would centralize your job a little bit more. >> It did, and one of the kind of benefits was, well, we can't use this lab, because the machines aren't working, or it's not up to date, or we don't have this software, or we don't have the ability to get it up and running, to fighting for the labs now. You know, if a contractor wants to come in, and display, you know, demo a new piece of software, we can put that software on that for the period of time they're there, and then take it away. So we're getting much more utilization out of our systems, which benefits us in production, and it kind of, you know, the students as a whole. >> Yeah, another challenge I hear a lot from education people is, you know, just the wireless infrastructure, how you deal with all the devices, what people get access. Is that running well? You know, challenges, what are you seeing with the abundance of technology that everybody walks in with? >> One of the the things that, we do have a challenge with wireless, we don't have enough, we're not quite sure where we're going with it yet, right now we have a policy that our students aren't allowed to bring wireless devices in, but as we're rolling out new types of products or applications, we're seeing, like, oh, we actually need that tablet, we need you to bring your work, we need that, and so I see this changing very quickly, which is really going to affect us from the wireless management. We had a code update just the past weekend, and they're, again, implementing some type of, you know, OK guys, let's take a quiz. And everyone brings out the phone. Well, they gave out the wireless, and they saturated it, so, we're like, OK, we're going to fix that one too, now. >> Alright, let's flip over and talk about the training that you're working on. What kind of classes are you doing, you know, what skill set, what's kind of the... I know there's never a typical, the typical student look like? >> So, a typical apprentice would be anywhere from someone coming right out of high school, coming out of the military, just deciding to retool. So we could have a 20-something, up to a 40-something. So from an educational standpoint, it is challenging. Some people know things about computers, you know, they know a little bit about network, and it's a range. They know a lot more now than they say, did, five or six years ago, so it's a little easier. From the telcom side, traditional telephone and networking, those apprentices get a full-blown of, you know, this is computers, this is basic networking, this is advanced networking. We're finding that even in the electrical industry, that we need to train our electricians to know about networking, because the lighting system is now in Endpoint, the HVEA system is in Endpoint, the management of the security system, everything is going to be on the internet. So as I say, there's not going to be a lighting switch. You're going to walk in the door, and say, "computer, turn on the lights, mood level five." >> Or even, you have things like Nest, that I don't even have to, a lot of my settings, it's going to learn what's going on. All those IOT devices, does that come into the training today, or is that still kind of a future? >> It's starting to come in, because it has to. Those devices are there. Our heating system in our building went down the other day, and it turned out it was an IP address information, so the joke was, don't let electricians near IP addresses. >> When you said you'd been there 20 years now? >> Tom: Part-time. >> Part-time, but we talk about the rate of change, and there's always change going on, but it definitely feels that things are changing faster. How do you, as a trainer, keep up with it? You want to make sure that when they finish their apprenticeship, they're ready for the new job, how do you manage that? >> The curriculum is constantly changing, it's evolving. We're trying to fit more in, in a shorter period of time. I came out of, I came full time just two years ago, so I was in the thick of things. I'm now focused on VDI and educational resources, which, again, is kind of new to me. What tools, what are all these tools, what are the applications that work in the educational environment, which is kind of above and beyond the traditional IT piece. It is challenging, I read as much as I can, and get involved with places like VTUG, and the other groups, and you can only know so much. I can't be an expert in hardware, or software, or services, or applications, I kind of have to get in the middle, and then hopefully get someone to come and give me a hand. >> Tom, very good point, I think all of us know that there's nobody that can be an expert at everything. You set me up for the last question I have for you. What brings you to an event like the VTUG, what do you get out of it, what would you share to people that didn't come this week? >> I like coming and talking to the vendors, and seeing what's available, but the biggest thing I get is just seeing the other mes out there. Just at lunch today, I met a person that comes from a K to 12 school, and it turns out that we have very similar systems. So, to me, that was probably the best part of the event, there. Because now I have a relationship, because I am the IT guy, I am the IT director, and an instructor, and to have those types of resources is really useful and important to me. Absolutely, which is why, Tom, we appreciate you coming, and sharing with your peers that couldn't come here, what's happening in your environment. We'll be back with lots more coverage here from the VTUG Winter Warmer, 2018. I'm Stu Miniman, you're watching theCUBE. (upbeat music)

(shutter clicking) >> I'm Stu Miniman with theCUBE. We're here at the Winslow Technology Group Dell EMC User Group happy to have one of users here, Brian Anderson, who's the director for the College of Arts and Science Information Technology at Boston University, within a short stone's throw here. Brian, thanks so much for joining us. >> Oh, you're welcome. Thank you for being here and being here while Scott's doing this because it's kind of a fun event for us. >> Well, that's great. Tell us how many times have you been to this? >> It's my third event. I was actually a speaker last year. >> Excellent. >> This year, I'm just coming as a user, listening to the sessions, and being social with the rest of the people who do business with Winslow. >> Yeah, what do you get out of presenting and then attending an event like this? >> Feedback from my peers. I get to hear about what other people are doing, what their solutions are, how they solve some of the same problems we're trying to solve. And it's just a good networking event. >> That's awesome, Brian. And we love how peers can really share with other practitioners. So, the good news, Boston University, I think, we don't need to explain what the university is. But what are some of the drivers happening at the university level. Changes happening, changes happening in every industry. But what, specifically, is happening there that kind of impacts your world? >> Yeah, there's a huge push right now to look at cloud as a solution for a whole variety of areas, replacing infrastructure that's currently in place, trying to figure out how cloud solutions fit into the academics. We have a lot of faculty that want to use cloud solutions to teach. And we've been playing catch-up for the last few years. And we're really taking it seriously and trying to figure out how to provide those resources in both hybrid environments and cloud-only environments. >> Yeah, can you unpack that a little bit? >> Yeah. >> Where are you with cloud today? What are you looking at? What are the criteria? Obviously, cost is always a concern for everyone. But we know how fast in higher education the fees are going up. And therefore, you've got to be under a lot of pressure there. >> Oh we are, we are. We're already using a lot of cloud-based services for things like email, file storage. We now have a Dropbox implementation that we're pushing out to our faculty this year. So it's a combination of what services can we take from on campus and move them up to the cloud and is that feasible financially? It's a big transition to take the capital expenditure and transition over to OP-X. And it's really just the fine line of what services make sense to do so. >> I've talked to lots of, kind of, K through 12 environments. And the students there, obviously, have a lot of high demands there. I have to think it's even more when we get to higher education. You mentioned a little bit the faculty demands and what they're doing. Maybe expand a little bit, faculty and the students themselves, what are they looking for? What do they come into kind of expecting and how are you helping to deliver that? >> Well, I know a lot of students these days are coming from using services like Blackboard throughout most of their career until they get to university. We also have Blackboard, but it's not as widely distributed as students are expecting. We have about a 50% adoption rate of Blackboard in our courses. So it's an effort to try to get faculty to convert their curriculum for the last 20 years into something that's online and that students today can really relate to and want to learn from. There's a lot of integrations with really cool technologies that students like to use and have used in previous schools that we want to try to get up and running so faculty can take advantage of them. So we're fighting the tide between what faculty want to do and their inertia versus what students are expecting when they walk in the door. Knowing how much the university costs per year. And they get a great experience in the dorms and we want to make sure they get the same experience when they're in the classroom. >> Excellent. We heard in the opening remarks this morning really the kind of digital transformation that's going on. Scott Winslow talked about some of those emerging solutions that they're helping to drive. What solutions do you use from WTG? Where do you look to them as a solution partner? >> Well, they introduced us to the Nutanix platform, the Dell XD series, and we've been using that for the last three years to provide VDI solutions for our students. And that's enabling some of our faculty to be very creative in how they teach. We have one faculty who's trying to transform the chemistry lab experience to give the students hands-on experience without actually having to go to one of their prized rooms where all the research is actually done. So we're virtualizing instrumentation where they're able to play around with it and learn how to do it before they sit in front of it. And we're working with them to try to figure out how to expand that for training opportunities for their graduate students and Ph.D. Students. >> Brian, what's the impact of online education, MOOCs, and the like? Is that impacting your group yet? >> A little bit. BU has about ten MOOCs they host per year. They're widely attended at the beginning, and like every MOOC, it dwindles as the semester goes. But it's been a fine line. We haven't accredited them yet, so they're not really worth anything if students take them. But we want to get to that point where that is the case. We see the value. We see that's what the students want. We want to make sure we have the total MOOC experience available for our students and external students. But it's just a lot of distance between where we are now and getting to that point. >> Okay, I appreciate how you've been sharing how cloud is really developing in your environment. As you look into the partners that you work with, what's on your wish list? What would enable you to be able to move this transition even faster, you know, beyond, I'm sure cost is always a concern, but what would you be looking for? What would help you and your organization move even faster? >> Ease of manageability. Right now, a lot of our partners are all siloed applications. If we had a service that could put a bunch of things under the same umbrella and allow ease of management of a whole variety of services, that would be a huge, huge win for us. That would probably make adoption much easier and would accelerate things a lot quicker than we can now. >> All right, what excites you most in technology space these days, Brian? >> I'm going to say the hyperconvergence and what that means for standard technology and how things have been done for the last 25 years. I think that's the future. That's where we are now and that's kind of the nice bridge between what we used to do to the cloud. And I think it's going to be here for a lot longer than people think. >> And when you rolled out the hyperconvergence, is there any specific metrics? What was the impact on your operations and any specific learnings that you would share with your peers? >> Well for us, it was a new service. It was something brand new we were bringing in. And I was amazed at how quickly my system administrators picked up on it and how quickly the faculty started to understand what it was and adopt it to their classes. >> Brian Anderson, really appreciate you sharing with us >> Thank you. >> the journey that BU and your organization are going through. You're watching theCUBE here at the WTG Dell EMC User Group event. (shutter clicking)

>> Announcer: From the Silicon Valley Media Office in Boston, Massachusetts, it's The Cube! Now, here's your host, Dave Vellante. >> Hi, everybody, welcome to a special Silicon Angle, The Cube on the ground. We're going to be talking about data capital with Paul Sonderegger, who is a big data strategist at Oracle, and he leads Oracle's data capital initiative. Paul, thanks for coming in, welcome to The Cube. >> Thank you, Dave, it's good to be here. >> So data capital, it's a topic that's gaining a lot of momentum, people talking about data value, they've talked about that for years, but what is data capital? >> Well, what we're saying with data capital, is that data fulfills the literal economic textbook definition of capital. Capital is a produced good, as opposed to a natural resource that you have to invest to create it, and it is then an necessary input into some other good or service. So when we define data capital, we say that data capital is the recorded information necessary to produce a good or service. Which is really boring, so let me give you an example. So imagine, picture a retailer. A retailer wants to go into a new market. To do that, the retailer has to expand its inventory, it has to extend its supply chain, it has to buy property, all of these kinds of investments. If it lacks the financial capital to make all of those investments, it can't go, cannot go into that new region. By the same token, if this retailer wants to create a new dynamic pricing algorithm, or a new recommendation engine, but lacks the data to feed those algorithms, it cannot create that ability. It cannot provide that service. Data is now a kind of capital. >> And for years, data was viewed by a lot of organizations, particularly general counsel, as a liability, and then the big data meme sort of took off and all of a sudden, data becomes an asset. Are organizations viewing data as an asset? >> A lot of organizations are starting to view data as an asset, even though they can't account for it that way. So by current accounting standards, companies are not allowed to treat the money that they spend on developing information, on capturing data, as an asset. However, what you see with these online consumer services, the ones that we know, Uber, Airbnb, Netflix, Linkedin, these companies absolutely treat data as an asset. They treat it, not just as a record of what happened, but as a raw material for creating new digital products and services. >> You too, you tweeted out an article recently on Uber, and Uber lost about, what is it? 1.2 billion- >> At least. >> Over six months, at least. >> At least. >> And then the article calculated how much it was actually paid, I mean basically, the conclusion was it paid 1.2 billion for data. >> Yeah. >> It was about $1.20 per data for ride record, which actually is not a bad deal, when you think about it that way. >> Well, that's the thing, it's not a bad deal when you consider that the big picture they have in view is the global market for personal transportation, which The Economist estimates is about 10 trillion dollars annually. Well, to go after a 10 trillion dollar market, if you can build up a unique stock of data capital, of a billion records at about a billion dollars per record, that's probably a pretty good deal, yeah. >> So, money obviously is fungible, it's currency. Data is not a currency, but digital data is fungible, right, I mean, you can use data in a lot of different ways, can't you? >> No, no, it's, and this actually is a really important point, it's a really important point. Data is actually not fungible. This is part of data's curious economic identity. So data, contrary to popular wisdom, data is not abundant. Data consists of countless unique observations, and one of the issues here is that, two pieces of data are usually not fungible. You can't replace one with the other because they carry different information. They carry different semantics. So just to make it very, very concrete, one of the things that we see now, a huge use of data capital is in fraud detection. And one of our customers handles the fraud detection for person-to-person mobile payments. So say you go away for a weekend with a friend, you come back, you want to split the tab, and you just want to make a payment directly to the other person. You do this through your phone. Those transactions, that account to account transfer, gets checked for possible fraudulent activity in the moment, as it happens, and there is a scoring algorithm that sniffs those transactions and gives it a score to indicate whether or not it may be fraudulent or if it's legitimate. Well, this company, they use the information they capture about whether their algorithm captured, caught, all of the fraudulent transactions or missed some, and whether that algorithm mistakenly flagged legitimate transactions as fraudulent. They capture all of those false positives and false negatives, feed it back into the system, and improve the performance of the algorithm for the next go around. Here's why this matters: the data created by that algorithm about its own performance, is a proprietary asset. It is unique. And no other data with substitute for it. And in that way, it becomes the basis for a sustainable competitive advantage. >> It's a great example. So the algorithm maybe is free, you can grab an algorithm, it's how you apply it that is proprietary, and now, okay, so we've established that the data is not fungible. But digital data doesn't necessarily have high asset specificity. Do you agree with that? In other words, I can use data in different ways, if it's digital. Yeah, absolutely, as a matter of fact, this is one of the other characteristics of data. It is non-rivalrous, is what economists would call it. And this means that two parties can use the same piece of data at the same time. Which is not the case with, say, a tractor. One guy on a tractor means that none of the other people can ride that tractor. Data's not like that. So data can be put to multiple uses simultaneously. And what becomes very interesting is that different uses of data can command different prices. There's actually a project going on right now where Harvard Law School is scanning and digitizing the entire collection of US case law. Now this is The Law, the law that we all as Americans are bound to. Yet, it is locked up in a way, in just, in all of these 43,000 books. Well, Harvard and a startup called Ravel Law, they are working on scanning and digitizing this data, which can then be searched, for free, all of these, you can search this entire body of case law, for free, so you can go in and search "privacy," for example, and see all of the judgements that mention privacy over the entire history of US case law. But, if you want, for example, to analyze how different judges, current sitting judges, rule on cases related to privacy, well, that's a service that you would pay for from Ravel. The exact same data, their algorithms are working on the same body of data. You can search it for free, but the analysis that you might want on that same data, you can only get for a fee. So different uses of data can command different prices. >> So, some excellent examples there. What are the implications of all of this for competitive strategies, what should companies, how should they apply this for competitive strategies? >> Well, when we think about competitive strategy with data capital, we think in terms of three principles of data capital, is what we call them. The first one is that data comes from activity. The second one is, data tends to make more data, and the third is that platforms tend to win. So these three principles, even if we just run through them in their turn, the first one, data comes from activity, this means that, in order to capture data, your company has to be part of the activity that produces it at the time that activity happens. And the competitive strategy implication here is that, if your company is not part of that activity when it happens, your chance to capture its data is lost, forever. And so this means that interactions with customers are critical targets to digitize and datify before the competition gets in there and shuts you out. The second principle, data tends to make more data, this is what we were talking about with algorithms. Analytics are great, they're very important, analytics provide information to people so that they can make better choices, but the real action is in algorithms. And here is where you're feeding your unique stock of data capital to algorithms, that not only act on that data, but create data about their own performance, that then improve their future performance, and that data capital flywheel becomes a competitive advantage that's very hard to catch. The third principle is that platforms tend to win. So platforms are common in information-intensive industries, we see them with a credit card, for example, we see them in financial services. A credit card is a payment platform between consumers on the one side, merchants on the other. A video game console is a platform between developers on the one side and gamers on the other. The thing about platform competition is that it tends to lead toward a winner-take-all outcome. Not always, but that's how it tends to go. And with the digitization and datification of more activities, platform competition is coming for industries that have never seen it before. >> So platform beats product, but it's winner-take-all, or number two maybe breaks even, right? >> That tends to be the way it goes. >> And number three loses money, okay. The first point you were making about, you've got to be there when the transaction occurs, you've got to show up. The second one's interesting, data tends to make more data. So, and you talked about algorithms and improving and fine-tuning in that feedback loop. I would imagine customers are challenged in terms of investments, do they spend money on acquiring more data, or do they spend money on improving their algorithms, and then the answer is got to do both, but budgets are limited. How are customers dealing with that challenge? >> Well, prioritization becomes really critical here. So not all data is created equal, but it's very difficult to know which data will be more valuable in the future. However, there are ways to improve your guess. And one of the best ways is to, go after data that your competition could get as well. So this is data that comes from activities with customers. Data from activities with suppliers, with partners. Those are all places where the competition could also try to digitize and datify those activities. So companies should really look outside their own four walls. But the next part, you know, figuring out, what do you do with it? This is where companies really need to take a page out of actual science as they approach data science, and science is all about argument. It's all about experimentation, testing, and keeping the hypotheses that are proven and discarding the ones that are disproven. What this means is that companies need a data lab environment, where they can cut the time, the cost, the effort, of forming and testing new hypotheses, getting new answers to new questions from their data. >> Okay, so, data has value, you've got to prioritize. How do you actually value the data so that I can prioritize and figure out what I should be focusing on in the lab and in production? >> Yeah, well, the basic answer is to go where the money is. So there are a couple things you can do with data. One is that you can improve your operational effectiveness, and so here, you should go look at your big cost areas, and focus your limited data science and managerial resources on trying to figure out, hey, can we become more efficient in whatever your big cost driver is? If it's shipping and logistics, if it's inventory management, if it's customer acquisition, if it's marketing and advertising, so that's one way to go. The next big thing that you can do with data is try to create a new product or service, a new ... create new value in a way that generates revenue. Here, there is a little caveat, which is that, companies may also want to consider creating new capabilities, maybe enriching the customer experience, making connections across multiple channels, that they can't actually charge for, not today. But, what they get, is data that no one else has. What they get from, let's say, making an investment into, bring together the in-store shopping experience with the, with the targeted emails, with, with communication through social feeds and through Twitter. Let's say that they invest in trying to tie that data together, to get a richer picture of their consumers' behavior. They might not be able to charge for that today. But, they may get insight into the way that shopping experience works that no one else can see, which then leads to a value-added service tomorrow. And I know it all sounds very speculative, but this is basically the nature of prototyping, of new product creation. >> Well, Uber's overused as an example, but this is a good application of Uber because they, essentially they pay for driver acquisition, which doesn't scale well. >> Yeah. >> But they get data. >> That's right. >> Because they're there at the point of the transaction and the activity and they've got data that nobody else has. >> Yeah, yeah, that's exactly right, and, you know, one of the ways to think about that is that, you're like a blackjack player, counting cards, and every time you play a hand as a company, you get data, information that may help you improve your future bets. This is why Vegas kicks out card counters, because it's an advantage for the future. But what we're talking about here, in digitizing activity with customers, every time you capture data about your interaction with those customers, you gain something simply for having carried out that activity. >> And so, thinking about, back to value for a minute, I mean I can envision some kind of value flow methodology where you assess the data intensity of the activity, and then assign some kind of, I don't know, score or a value to that activity, and then you can then look at that in relation to other activities. Is that a viable approach? >> It absolutely is. What companies need here is a new way to measure how much data they've got, how much they use, and then ascribe ... value created, you know, by that data. So the, how much they've got, you know, we can think about this, we always talk in terms of gigabytes and petabytes. But really we need some finer measurements. Data is an observation about something in the real world. And so, companies should start to think about measuring their data in terms of observations, in terms of attribute-value pairs. So even thinking about the record captured per activity, that's not enough. Companies should start thinking in terms of, how many columns are in that record? How many attributes are captured in these observations we make from that activity? The next issue, you know, how much do they use? Well, now, companies need to look at, how many of these observations are being touched, are being tapped by queries? Whether they're automatically generated, whether they are generated ad hoc by some data scientist, rooting around for some new understanding. So there's a set of questions there about, what percentage of these observations we possess are we actually using in queries of some kind? And then the third piece, how much value do we create from it? This is where ... This is a tough one, and it's really an estimation. It's, most likely what we need here is a new method for attributing the, profitabilty of a particular business unit to its use of that data. And I realize this is an estimation, but this is, there's a precedent for this in brand valuation, this is the coin of the realm when you're talking about putting a value to intangible assets. >> Well, as long as you're consistently applying that methodology across your portfolio, then, then at least you've got a relative measure and you can get back to prioritization, which is a key factor here. Is there an underlying technical architecture that has to be in place to take advantage of all this data capital momentum? >> There is, there is, companies are moving toward a hybrid cloud, big data architecture. >> What does that mean? >> It means that almost all the buzzwords are used, and we're going to need new ones. No, what it means is that, companies are going to find themselves in a situation where some of their computing activities, storage, processing, application execution, analytics, some of those activities will take place in a public cloud environment, some of it will take place within their own data centers, reconfigured to act as private clouds. And there are lots of potential reasons for this. There could be, companies have to deal with, not only existing regulations, which sometimes will prevent them from putting data up into a cloud, but they are also going to have to deal with regulatory arbitrage, maybe the regulations will change, or maybe they've got agreements with partners that are embodied in service level agreements that again require them to keep the data under their own observation. Even in that case, even in that case, the business still wants to consume all of those computing resources inside the data center as if they were services. The business doesn't care where they come from. And so this is one of the things that Oracle is providing, is an architecture for Oracle public cloud, and private cloud in the data center. It is the same on both sides of the wire. And in fact, can even be purchased in the same way so that even these, this Oracle cloud at customer, these machines, they are purchased on a subscription basis, just as public cloud capabilities are. And the reason this is good is because it allows IT leaders to provide to the business, computing capabilities, storage capabilities, you know, as needed, that can be consumed as services, regardless of where they come from. >> Yeah, so you've got the data locality issue, which is speed of light problems, you don't want to move data, then you've got compliance and governance, and you're saying, that hybrid approach allows you to have the cake and eat it, too. >> Yeah. >> Essentially. Are there other sort of benefits to taking this approach? >> Well, one of the, you know, the, one of the other pieces that we should talk about here is the big data aspect, and really what that means is, that, relational, Hadoop, NoSQL, graph database, repositories, they're all going to, they're all peers. They're all peers now, and, you know, this is Oracle's perspective, and as I'm sure you know, Oracle makes a relational database, it's very popular. Yeah, we've been doing it for a while, we're pretty good at it. Oracle's perspective on the future of data management is that Hadoop, NoSQL, graph, relational, all of these methods of data management will be peers and act together in a single high-performance enterprise system. And here's why. The reason is that, as our customers digitize and datify more of their activities, more of the world, they're creating data that's born in shapes and formats that don't necessarily lend themselves to a relational representation. It's more convenient to hold them in a Hadoop file system, and it's more convenient to hold them in just a great big key value store like NoSQL. And yet, they would like to use these data sources as if they were in the same system and not really have to worry about where they are. And we see this with, we see this with telecom providers who want to combine call data records with customer, warehouse, you know, customer data in the data warehouse. We see it with financial services companies who want to do a similar thing of combining research with portfolio investments records of what their high net worth customers have invested, with transaction data from the equities markets. So we see this polyglot future, the future of all of these different data management technologies, and their applications in the analytics built on top, working together, and existing in this hybrid cloud environment. >> So that's different than the historical Oracle, at least perceived messaging, where a lot of people believe that Oracle sees its Oracle database as a hammer, and every opportunity is a nail. You're telling a completely different story now. >> Well, it turns out there are many nails. So, you know, the hammer's still a good thing, but it turns out that, you know, there are also brads and tacks and Philips and flathead screwdrivers too. And this is just one of the consequences of our customers creating more kinds of data. Images, audio, JSON, XML, you know, spectrographic images from drones that are analyzing how much green is in a photograph because that indicates the chlorophyll content. We know, we know that our customers' ability to compete is based on how they create value from data capital. And so Oracle is in the business of making the things that make data more valuable, and we want to reinvent enterprise computing as a set of services that are easier to buy and use. >> And SQL is the lowest common denominator there, because of the skill sets that are available, is that right or? >> Well, it's funny, it's not necessarily a lowest common denominator, it turns out it's just incredibly useful. (laughs) Sequel is not just a technology standard, it's actually, in a manner of speaking, it's sort of a thinking standard. SQL is based on literally hundreds of years of hard thinking about how to think straight. You can trace SQL back to predicate logic, which was one of the critical ideas in the renaissance of mathematics and logic in the 1800s. So SQL embodies this way to think about, to think logically, to think about the attributes of things and their values and to reason about them in an automated fashion. And that is not going away, that in fact is going to become more powerful, more useful. >> Business processes are wired to that way of thinking, is what you're saying. >> That's exactly right. If you want to improve your operational effectiveness as a company, you're going to have to standardize some of your procedures and automate them, and that means you're going to standardize the information component of those activities. You can automate them better. And you're going to want to ask questions about, how's it going? And SQL is incredibly useful for doing that. >> So we went way over our time, this is very interesting discussion, but I have to ask you, what is it you do at Oracle? Do you work with customers to help them understand data strategies and catalyze new thinking? What's your day-to-day like? >> Yeah, I do a lot of this, a lot of telling the story, because we're in a huge time of change. Every 20 years or so, the IT industry goes through an architectural shift, and that changes, not just the technologies used to create value from data, but it changes the very value created from data itself. It changes what you can do with information. So, I spend a lot of time explaining these ideas of data capital, and sitting down with executives at our customers, helping them understand how to look out at the world and see the data that is not there yet, and what that means for the way that they compete, and then we talk through the competitive strategies that follow from that, and the technical architecture required to execute those strategies. >> Excellent. Well, Paul, thanks very much for sharing your knowledge with our Cube audience and coming into the Silicon Angle Media Studios here at Marlborough. >> Well, it's my pleasure. Thanks for having me. >> All right, you're welcome. Okay, thanks for watching, everybody. This is The Cube, Silicon Angle Media's special on the ground production. We'll see you next time. (peppy synth music)

>> Wait. Welcome back to Boston, everybody. This is the Cube. We're live on a special presentation of BMC Day atop of sixty State Street in Boston, Massachusetts. Beautiful view of Boston Harbor. Evelyn Ehrlich is here. She's the vice president and research director for service delivery at Force that we're going to talk about job control, language and cobalt. No, I'm just kidding. We're talking about service delivery. Who'd Evelyn? Yes. So you have a really deep background in it, And I know what J C l stands for, So I had to make that joke. So anyway, uh, welcome to the cubes. Great to see you gave a fantastic presentation today. Who doesn't need better service delivery? It's an imperative for the digital transformation. So, again, welcome to the Cube. Thank you. So tell us a little bit about what you do at Forrester, what your area is, and I want to get into your presentation today. >> Sure. So service delivery. Basically, when the application development team is ready to hand us something, whatever that issa Web service and application a service, we actually make sure that that gets to the work force or to the customer. So anything from Police Management Service Management, the front end relative to the service desk. Tell them anything around management after a performance of the applications operations. Anything like that is all about service delivery. >> And they were two. Two pieces of your talk really struck out to me on Dino. No George for a long time. So two things to majorities that you don't like to use one is users, right end users use it, and then the other really was. So talk about it. Why those terms don't make sense in this digital economy. And what does make sense? >> Yeah, so your users, it almost seems like to me, it is something where people are putting folks into a box that they are that they can like addicts. You know, user. Like I said, in a camp in the drug industry, we have users because they're addicts way have to somehow keep them at bay. We have to somehow keep them low and our engagement with them. It's no, it's not going to be enjoyable. It's not going to be fun, and it's not going to be actually effective. Unfortunately, these users today those are our workforce. There's our employees There's our partners and customers. They have other places to go. They don't need us and technology. So if we don't shift that thinking into that, their customers, so that we can actually enable them, we're might be able to lose our jobs. Because there's outsourcers service providers to workplace services, for example, as many companies out there who provide the service desk who provide of VD I who provide the services cheaper, faster and better. But what we have been lost or what if that's gonna happen? We are losing the understanding of the business for losing the connection to the business, and is that that could be a strategic conversation right? There should be a strategic conversations, not justa cost conversation. And when we think about user, it's all about cost. If you think about customer, its value and relevancy, >> okay, And of course, that leads to not its business. There's no such thing as a project. >> No, there isn't because anything we do if we think of information technology is anything almost like in the back room. It's something which is hidden in a data center somewhere in a storage or a server or in a device and it doesn't really add any value. >> Boiler, the boy, the room >> Exactly and way have done that. We have massaged it, what with whatever way measured the heck out of it. We measure meantime to repair. Well, who cares? It's time to business impact. This what we need to think about. So if we start thinking about customers to empty, TR becomes time to business impact. We're now thinking outside in and the same is true with I t. If we just use it for technology sake to Dr Information, we're not connected if the business, because it is about business technology, is dear to win, retain and sustain our customers. If we don't do that, we become borders. We become the, you know, the companies who all have not focused on the winning technology to make them successful. >> You had a really nice graph, simple sort of digital failing digital masters, and I were in between talked a little about things like I Till and Deb ops, and they feel sometimes like counter counter to each other. Once one's fast one feels home. As you talk to customer, you talk to customers. What can they expect? How long might these transformations take? Or what of the one of those key stepping stones you talked about? It being a journey? >> How do you >> will think about all this change? >> But that that's a good question. It's a very difficult question to have an answer to, and I think it has to. It has to be a little bit more compartmentalized. We have to start thinking a little bit more in smaller boxes, off influences or or areas where we can make some progress. So let's take, for example, Dev Ops and Vital and connect the process release, which is an I told process into this notion. If we combine Deaf ops and Tyto release, we're starting to see that the police management process. It's now a process which is done very agile very much. There is a lot more things behind that process and a lot more collaboration between a D and D and I, you know, to make the process of faster process. So we're now married, I told release management with the journey of Death, Bob's as we're starting to see release cycles off one day. Lookit, lookit Amazon. What they do I mean again, Amazon is a very extreme. Not everybody needs a police processes Amazon has, because it's just not that not every pieces is in the Amazon business. Maybe in ten years, who knows? Maybe in five, but those kinds of things that marriage happens through, more off for design thinking. And I think that's the practical way. Let's not adopt a Iittle blandly and say, All right, we're going to just redo our entire twenty six processes. Let's look at where is the problem? What, where? Where's the pain? What is the ninety day journey to solve that pain? Where's the six months? Nine months, twelve months, twenty four months? And if twenty four months is too far out, which I believe it's staying a twelve month road map and start adjusting it that way and measure it, measure where you are. Measure where you want to go and prove that you have done to Delta. Because if I don't measure that, I won't get funding for support, right? I think that's key. >> Devlin. You talked about the, you know, pray or a predator, right? That's good of a common theme that you hear conferences like this isn't a zero sum game, is is the taxi drivers. You know, the taxi companies screwed is, you know, the hotels in big trouble. I mean, Ken, cos you know who are sort of caught flat footed transform and begin to grow again. Talk about that zero sum game nous. >> Yeah, I think I think there is. There is hope. So I hope it's what dies last week saying right. But there is hope, hope if customers of organizations he's enterprise to see that there's a challenger out there. And if they don't necessarily stand up to fight that challenges start innovating in either copying or leveraging or ten. Gently do something else. Let me give you an example. When about two years we had a two years ago with an event in London and stuff I got Square was completely blocked off by the taxi drivers because uber was there were striking against uber or they were going on. It wasn't really a real strike was in London. It's a little bit of a challenge with unions, but anyway, instead, off going on a strike, why did they not embrace whatever they needed to and example is in the cab At that time, you could not use American Express or discover credit card uber. I never have tipple any money out of my pocket because that's a convenience. It's easy. It's enjoyable. >> Love it, >> We love it. It's simple. So why don't these other companies this cos the taxi cannot? Why don't the equip that technology in such a way? They can at least start adopting some of those innovations to make it a even part right. Some of the other things, maybe they will never get there, because there whatever limitations are there. And so that's what that's what I think needs to happen. These innovators will challenge all these other companies and those who want to stay alive. I mean, they want to because they have for street is forcing them to stay alive. They are the ones who will hopefully create a differentiation because of that >> essay, really invention required. It's applying technology and process that's well established. >> Thinking outside in thinking of you and him and me as >> customers, it becomes, you know, who just does the incumbent get innovation before the the challenger gets distribution? Exactly. You know, Huber, lots of cars. I don't have to buy them, but somebody like Tesla isn't necessarily disrupting forward because they don't have the men. They can't distribute it faster than you know. It depends where you are in the distribution versus innovation. So it's in the brief time. We have love to talk about the landscape. So and that's particularly the transformation of beings. BMC Public Company to private They were under a lot of fire, you know, kind of flattish revenues. Wall Street pound. You got companies like service now picking away at the established SM players. We're talking off camera, saying that's begun to change. Give us the narrative on that that sequence and where we are today. Yeah, we're going. >> Yeah, so if you go back, maybe me way back seven years ago or so you know, it started service now they had a fairly easy game because BMC with a very old platform, it wasn't really it wasn't. There was no fight. Um, and I think they were the enterprises. We're ready for something new, and it is always some new vendor out there is a new shiny object, and I have teenagers, so they always spent the next latest iPhone or whatever. I would >> sort of wave >> so So. And and it kept going in the other vendors into space hp, cia, IBM really had no challenge had no, no, didn't give service now a challenge either because the SAS cloud, the adoption of the cloud in this space was absolutely important. And service now was the first one to be on the cloud. BMC was not really doing much with remedy force at the time. Itis them on demand was in an A S P model. Not really an itis, um, and so service not just took names and numbers and that just grew and grew and steamrolled. Really? All of them and customers just were like, Oh, my God, this is easy. I loved it. Looks it loves it looks beautiful. It's exciting >> over for the >> same thing that innovation, right, That challenge, they served the customers. Then suddenly what happened is service now grew faster than native. You experienced some growing pains Customer saying my account rep. I haven't seen him for a while. They changed the pricing model a little bit too started to blow up their solution. And now board nebula, which is the ninety operations management solution der extending into financials and they're bolstering themselves into more of an enterprise solution, which is where BMC already has been. But they lost the connection to the customer. BMC did not love the customers at that time. Now, through some executive changes to really starting to realize that the install base they need to hug them, they're back in the game >> and watching >> service now. And they're going private. As you were asking the question earlier, try about giving them the funding to invest in R and D. >> It's so necessary if I want to give me your take on icy service now. Is someone on the collision course with sales Force? In a way, where does BMC go for to expand their their tam and to grow? >> Yeah, I said, I think so. So on the first comment Sales force and service. Now, absolutely now the CEO of service now does not think that sales force is his target off competition. I think it has to. He has to, because it is about business applications, everything. It's everything exactly So sales force and service now in I don't know. Is that the year you know, wherever Chris >> No, no, no, >> no. But they will there will collapse. Deborah Crash or you'LL see a fight. I think BMC should stay and really extend in this digital performance management in this operational management and really make it intelligent, intelligent decisions for operation for operations to become automated. To have a staff of eighty eight PM solution the application dependency mapping solution happening to be one of the best, really one of the best in the market. And customers love it. Tying that into two side intelligence, giving them the ability to understand before it happens not when it happens or after and then drive intelligence into different organizations to cmo the CEO, the CFO. Because that's what basis technology is all about. It's not about the journey anymore. They have that capability with products where service now does not have that >> great insight from a sharp analyst. Evan are like Evelyn Evelyn Ehrlich. Thanks very much for coming on the Cube. Forced to research wicked, we find more about the research that you do force the dotcom, obviously, but anything new for you, any upcoming events that we should know about where people should watch >> you go into Crystal Rica, Nicaragua >> mochi ice all right. We'LL leave you alone for a while, right, Evelyn? Great to meet you. Thanks for coming on. I keep right there, buddy. We're back with our next guest Is the Q ber live from BMC Day in Boston right back.

>>And welcome back to the cubes coverage of a, of us. Reinforc here in Boston, Massachusetts. I'm John furrier. We're here for a great interview on the next generation topic of state of industrial security. We have two great guests, Tim Jefferson, senior vice president data network and application security at Barracuda. And Cenon Aron vice president of zero trust engineering at Barracuda. Gentlemen. Thanks for coming on the queue. Talk about industrial security. >>Yeah, thanks for having us. >>So one of the, one of the big things that's going on, obviously you got zero trust. You've got trusted, trusted software supply chain challenges. You've got hardware mattering more than ever. You've got software driving everything, and all this is talking about industrial, you know, critical infrastructure. We saw the oil pipeline had a hack and ransomware attack, and that's just constant barrage of threats in the industrial area. And all the data is pointing to that. This area is gonna be fast growth machine learning's kicking in automation is coming in. You see a huge topic, huge growth trend. What is the big story going on here? >>Yeah, I think at a high level, you know, we did a survey and saw that, you know, over 95% of the organizations are experiencing, you know, security challenges in this space. So, you know, the blast radius in the, of the, the interface that this creates so many different devices and things and objects that are getting network connected now create a huge challenge for security teams to kind of get their arms around that. >>Yeah. And I can add that, you know, majority of these incidents that, that these organizations suffer lead to significant downtime, right? And we're talking about operational technology here, you know, lives depend on, on these technologies, right? Our, our wellbeing everyday wellbeing depend on those. So, so that is a key driver of initiatives and projects to secure industrial IOT and operational technologies in, in these businesses. >>Well, it's great to have both of you guys on, you know, Tim, you know, you had a background at AWS and sit on your startup, founder, soldier, coming to Barracuda, both very experienced, seeing the ways before in this industry. And I'd like to, if you don't mind talk about three areas, remote access, which we've seen in huge demand with, with the pandemic and the out, coming out with the hybrid and certainly industrial, that's a big part of it. And then secondly, that the trend of clear commitment from enterprises to have in a public cloud component, and then finally the secure access edge, you know, with SAS business models, securing these things, these are the three hot areas let's go into the first one, remote access. Why is this important? It seems that this is the top priority for having immediate attention on what's the big challenge here? Is it the most unsecure? Is it the most important? What, why is this relevant? >>So now I'll let you jump in there. >>Yeah, sure. Happy to. I mean, if you think about it, especially now, we've been through a, a pandemic shelter in place cycle for almost two years. It, it becomes essentially a business continuity matter, right? You do need remote access. We also seen a tremendous shift in hiring the best talent, wherever they are, right. Onboarding them and bringing the talent into, into, into, into businesses that have maybe a lot more distributed environments than traditionally. So you have to account for remote access in every part of everyday life, including industrial technologies, you need remote support, right? You need vendors that might be overseas providing you, you know, guidance and support for these technologies. So remote support is every part of life. Whether you work from home, you work on your, on the go, or you are getting support from a vendor that happens to be in Germany, you know, teleporting into your environment in Hawaii. You know, all these things are essentially critical parts of everyday life. Now >>Talk about ZT and a zero trust network access is a, this is a major component for companies. Obviously, you know, it's a position taking trust and verifies. One other approach, zero trust is saying, Hey, I don't trust you. Take us through why that's important. Why is zero trust network access important in this area? >>Yeah. I mean, I could say that traditionally remote access, if you think about infancy of the internet in the nineties, right? It was all about encryption in, in transit, right? You were all about internet was vastly clear text, right? We didn't have even SSL TLS, widely distributed and, and available. So when VPNs first came out, it was more about preventing sniffing, clear tech clear text information from, from, from the network, right? It was more about securing the, the transport, but now that kind of created a, a big security control gap, which implicitly trusted user users, once they are teleported into a remote network, right? That's the essence of having a remote access session you're brought from wherever you are into an internal network. They implicitly trust you that simply breakdown over time because you are able to compromise end points relatively easily using browser exploits. >>You know, so, so for supply chain issues, water hole attacks, and leverage the existing VPN tunnels to laterally move into the organization from within the network, you literally move in further and further and further down, you know, down the network, right? So the VPN needed a, a significant innovation. It was meant to be securing packets and transit. It was all about an encryption layer, but it had an implicit trust problem with zero trust. We turn it into an explicit trust problem, right? Explicit trust concept, ideally. Right? So you are, who do you say you are? And you are authorized to access only to things that you need to access to get the work done. >>So you're talking about granular levels versus the one time database look up you're in >>That's right. >>Tim, talk about the OT it side of this equation of industrial, because it, you know, is IP based, networking, OT have been purpose built, you know, maybe some proprietary technology yeah. That connects to the internet internet, but it's mainly been secure. Those have come together over the years and now with no perimeter security, how is this world evolving? Because there's gonna be more cloud there, be more machine learning, more hybrid on premise, that's going on almost a reset if you will. I mean, is it a reset? What's the, what's the situation. >>Yeah. I think, you know, in typical human behavior, you know, there's a lot of over rotation going on. You know, historically a lot of security controls are all concentrated in a data center. You know, a lot of enterprises had very large sophisticated well-established security stacks in a data center. And as those applications kind of broke down and, and got rearchitected for the cloud, they got more modular, they got more distributed that centralized security stack became an anti pattern. So now this kind of over rotation, Hey, let's take this stack and, and put it up in the cloud. You know, so there's lots of names for this secure access, service edge, you know, secure service edge. But in the end, you know, you're taking your controls and, and migrating them into the cloud. And, you know, I think ultimately this creates a great opportunity to embrace some of security, best practices that were difficult to do in some of the legacy architectures, which is being able to push your controls as far out to the edge as possible. >>And the interesting thing about OT and OT now is just how far out the edge is, right? So instead of being, you know, historically it was the branch or user edge, remote access edge, you know, Syon mentioned that you, you have technologies that can VPN or bring those identities into those networks, but now you have all these things, you know, partners, devices. So it's the thing, edge device edge, the user edge. So a lot more fidelity and awareness around who users are. Cause in parallel, a lot of the IDP and I IBM's platforms have really matured. So marrying those concepts of this, this lot of maturity around identity management yeah. With device in and behavior management into a common security framework is really exciting. But of course it's very nascent. So people are, it's a difficult time getting your arms around >>That. It's funny. We were joking about the edge. We just watching the web telescope photos come in the deep space, the deep edge. So the edge is continuing to be pushed out. Totally see that. And in fact, you know, one of the things we're gonna, we're gonna talk about this survey that you guys had done by an independent firm has a lot of great data. I want to unpack that, but one of the things that was mentioned in there, and I'll get, I wanna get your both reaction to this is that virtually all organizations are committing to the public cloud. Okay. I think it was like 96% or so was the stat. And if you combine in that, the fact that the edge is expanding, the cloud model is evolving at the edge. So for instance, a building, there's a lot behind it. You know, how far does it go? So we don't and, and what is the topology because the topology seem to change too. So there's this growth and change where we need cloud operations, DevOps at, at the edge and the security, but it's changing. It's not pure cloud, but it's cloud. It has to be compatible. What's your reaction to that, Tim? I mean, this is, this is a big part of the growth of industrial. >>Yeah. I think, you know, if you think about, there's kind of two exciting developments that I would think of, you know, obviously there's this increase to the surface area, the tax surface areas, people realize, you know, it's not just laptops and devices and, and people that you're trying to secure, but now they're, you know, refrigerators and, you know, robots and manufacturing floors that, you know, could be compromised, have their firmware updated or, you know, be ransomware. So this a huge kind of increase in surface area. But a lot of those, you know, industrial devices, weren't built around the concept with network security. So kind of bolting on, on thinking through how can you secure who and what ultimately has access to those, to those devices and things. And where is the control framework? So to your point, the control framework now is typically migrated now into public cloud. >>These are custom applications, highly distributed, highly available, very modular. And then, you know, so how do you, you know, collect the telemetry or control information from these things. And then, you know, it creates secure connections back into these, these control applications, which again, are now migrated to public cloud. So you have this challenge, you know, how do you secure? We were talking about this last time we discussed, right. So how do you secure the infrastructure that I've, I've built in deploying now, this control application and in public cloud, and then connect in with this, this physical presence that I have with these, you know, industrial devices and taking telemetry and control information from those devices and bringing it back into the management. And this kind marries again, back into the remote axis that Sunan was mentioning now with this increase awareness around the efficacy of ransomware, we are, you know, we're definitely seeing attackers going after the management frameworks, which become very vulnerable, you know, and they're, they're typically just unprotected web applications. So once you get control of the management framework, regardless of where it's hosted, you can start moving laterally and, and causing some damage. >>Yeah. That seems to be the common thread. So no talk about, what's your reaction to that because, you know, zero trust, if it's evolving and changing, you, you gotta have zero trust you. I didn't even know it's out there and then it gets connected. How do you solve that problem? Cuz you know, there's a lot of surface area that's evolving all the OT stuff and the new, it, what's the, what's the perspective and posture that the clients your clients are having and customers. Well, >>I, I think they're having this conversation about further mobilizing identity, right? We did start with, you know, user identity that become kind of the first foundational building block for any kind of zero trust implementation. You work with, you know, some sort of SSO identity provider, you get your, you sync with your user directories, you have a single social truth for all your users. >>You authenticate them through an identity provider. However that didn't quite cut it for industrial OT and OT environments. So you see like we have the concept of hardware machines, machine identities now become an important construct, right? The, the legacy notion of being able to put controls and, and, and, and rules based on network constructs doesn't really scale anymore. Right? So you need to have this concept of another abstraction layer of identity that belongs to a service that belongs to an application that belongs to a user that belongs to a piece of hardware. Right. And then you can, yeah. And then you can build a lot more, of course, scalable controls that basically understand the, the trust relation between these identities and enforce that rather than trying to say this internal network can talk to this other internal network through a, through a network circuit. No, those things are really, are not scalable in this new distributed landscape that we live in today. So identity is basically going to operationalize zero trust and a lot more secure access going forward. >>And that's why we're seeing the sassy growth. Right. That's a main piece of it. Is that what you, what you're seeing too? I mean, that seems to be the, the approach >>I think like >>Go >>Ahead to, yeah. I think like, you know, sassy to me is really about, you know, migrating and moving your security infrastructure to the cloud edge, you know, as we talked to the cloud, you know, and then, you know, do you funnel all ingress and egress traffic through this, you know, which is potentially an anti pattern, right? You don't wanna create, you know, some brittle constraint around who and what has access. So again, a security best practices, instead of doing all your enforcement in one place, you can distribute and push your controls out as far to the edge. So a lot of SASI now is really around centralizing policy management, which is the big be one of the big benefits is instead of having all these separate management plans, which always difficult to be very federated policy, right? You can consolidate your policy and then decide mechanism wise how you're gonna instrument those controls at the edge. >>So I think that's the, the real promise of, of the, the sassy movement and the, I think the other big piece, which you kind of touched on earlier is around analytics, right? So it creates an opportunity to collect a whole bunch of telemetry from devices and things, behavior consumption, which is, which is a big, common, best practice around once you have SA based tools that you can instrument in a lot of visibility and how users and devices are behaving in being operated. And to Syon point, you can marry that in with their identity. Yeah. Right. And then you can start building models around what normal behavior is and, you know, with very fine grain control, you can, you know, these types of analytics can discover things that humans just can't discover, you know, anomalous behavior, any kind of indicators are compromised. And those can be, you know, dynamic policy blockers. >>And I think sun's point about what he was talking about, talks about the, the perimeters no longer secure. So you gotta go to the new way to do that. Totally, totally relevant. I love that point. Let me ask you guys a question on the, on the macro, if you don't mind, how concerned are you guys on the current threat landscape in the geopolitical situation in terms of the impact on industrial IOT in this area? >>So I'll let you go first. Yeah. >>I mean, it's, it's definitely significantly concerning, especially if now with the new sanctions, there's at least two more countries being, you know, let's say restricted to participate in the global economic, you know, Mar marketplace, right? So if you look at North Korea as a pattern, since they've been isolated, they've been sanctioned for a long time. They actually double down on rents somewhere to even fund state operations. Right? So now that you have, you know, BES be San Russia being heavily sanctioned due to due to their due, due to their activities, we can envision more increase in ransomware and, you know, sponsoring state activities through illegal gains, through compromising, you know, pipelines and, you know, industrial, you know, op operations and, and seeking large payouts. So, so I think the more they will, they're ized they're pushed out from the, from the global marketplace. There will be a lot more aggression towards critical infrastructure. >>Oh yeah. I think it's gonna ignite more action off the books, so to speak as we've seen. Yeah. We've >>Seen, you know, another point there is, you know, Barracuda also runs a, a backup, you know, product. We do a, a purpose built backup appliance and a cloud to cloud backup. And, you know, we've been running this service for over a decade. And historically the, the amount of ransomware escalations that we got were very slow, you know, is whenever we had a significant one, helping our customers recover from them, you know, you know, once a month, but over the last 18 months, this is routine now for us, this is something we deal with on a daily basis. And it's becoming very common. You know, it's, it's been a well established, you know, easily monetized route to market for the bad guys. And, and it's being very common now for people to compromise management planes, you know, they use account takeover. And the first thing they're doing is, is breaking into management planes, looking at control frameworks. And then first thing they'll do is delete, you know, of course the backups, which this sort of highlights the vulnerability that we try to talk to our customers about, you know, and this affects industrial too, is the first thing you have to do is among other things, is, is protect your management planes. Yeah. And putting really fine grain mechanisms like zero trust is, is a great, >>Yeah. How, how good is backup, Tim, if you gets deleted first is like no backup. There it is. So, yeah. Yeah. Air gaping. >>I mean, obviously that's kinda a best practice when you're bad guys, like go in and delete all the backups. So, >>And all the air gaps get in control of everything. Let me ask you about the, the survey pointed out that there's a lot of security incidents happening. You guys pointed that out and discussed a little bit of it. We also talked about in the survey, you know, the threat vectors and the threat landscape, the common ones, ransomware was one of them. The area that I liked, what that was interesting was the, the area that talked about how organizations are investing in security and particularly around this, can you guys share your thoughts on how you see the, the market, your customers and, and the industry investing? What are they investing in? What stage are they in when it comes to IOT and OT, industrial IOT and OT security, do they do audits? Are they too busy? I mean, what's the state of their investment thesis progress of, of, of how they're investing in industrial IOT? >>Yeah. Our, our view is, you know, we have a next generation product line. We call, you know, our next, our cloud chain firewalls. And we have a form factor that sports industrial use cases we call secure connectors. So it's interesting that if you, what we learned from that business is a tremendous amount of bespoke efforts at this point, which is sort of indicative of a, of a nascent market still, which is related to another piece of information I thought was really interested in the survey that I think it was 93% of the, the participants, the enterprises had a failed OT initiative, you know, that, you know, people tried to do these things and didn't get off the ground. And then once we see build, you know, strong momentum, you know, like we have a, a large luxury car manufacturer that uses our secure connectors on the, on the robots, on the floor. >>So well established manufacturing environments, you know, building very sophisticated control frameworks and, and security controls. And, but again, a very bespoke effort, you know, they have very specific set of controls and specific set of use cases around it. So it kind of reminds me of the late nineties, early two thousands of people trying to figure out, you know, networking and the blast radi and networking and, and customers, and now, and a lot of SI are, are invested in this building, you know, fast growing practices around helping their customers build more robust controls in, in helping them manage those environments. So, yeah, I, I think that the market is still fairly nascent >>From what we seeing, right. But there are some encouraging, you know, data that shows that at least helpful of the organizations are actively pursuing. There's an initiative in place for OT and a, you know, industrial IOT security projects in place, right. They're dedicating time and resources and budget for this. And, and in, in regards to industries, verticals and, and geographies oil and gas, you know, is, is ahead of the curve more than 50% responded to have the project completed, which I guess colonial pipeline was the, you know, the call to arms that, that, that was the big, big, you know, industrial, I guess, incident that triggered a lot of these projects to be accelerating and, and, you know, coming to the finish line as far as geographies go DACA, which is Germany, Austria, Switzerland, and of course, north America, which happens to be the industrial powerhouses of, of the world. Well, APAC, you know, also included, but they're a bit behind the curve, which is, you know, that part is a bit concerning, but encouragingly, you know, Western Europe and north America is ahead of these, you know, projects. A lot of them are near completion or, or they're in the middle of some sort of an, you know, industrial IOT security project right >>Now. I'm glad you brought the colonial pipeline one and, and oil and gas was the catalyst. Again, a lot of, Hey, scared that better than, than me kinda attitude, better invest. So I gotta ask you that, that supports Tim's point about the management plane. And I believe on that hack or ransomware, it wasn't actually control of the pipeline. It was control over the management billing, and then they shut down the pipeline cuz they were afraid it was gonna move over. So it wasn't actually the critical infrastructure itself to your point, Tim. >>Yeah. It's hardly over the critical infrastructure, by the way, you always go through the management plane, right. It's such an easier lying effort to compromise because it runs on an endpoint it's standard endpoint. Right? All this control software will, will be easier to get to rather than the industrial hardware itself. >>Yeah. It's it's, it's interesting. Just don't make a control software at the endpoint, put it zero trust. So down that was a great point. Oh guys. So really appreciate the time and the insight and, and the white paper's called NETEC it's on the Barracuda. Netex industrial security in 2022. It's on the barracuda.com website Barracuda network guys. So let's talk about the read force event hasn't been around for a while cuz of the pandemic we're back in person what's changed in 2019 a ton it's like security years is not dog years anymore. It's probably dog times too. Right. So, so a lot's gone on where are we right now as an industry relative to the security cybersecurity. Could you guys summarize kind of the, the high order bit on where we are today in 2022 versus 2019? >>Yeah, I think, you know, if you look at the awareness around how to secure infrastructure in applications that are built in public cloud in AWS, it's, you know, exponentially better than it was. I think I remember when you and I met in 2018 at one of these conferences, you know, there were still a lot of concerns, whether, you know, IAS was safe, you know, and I think the amount of innovation that's gone on and then the amount of education and awareness around how to consume, you know, public cloud resources is amazing. And you know, I think that's facilitated a lot of the fast growth we've seen, you know, the consistent, fast growth that we've seen across all these platforms >>Say that what's your reaction to the, >>I think the shared responsibility model is well understood, you know, and, and, and, and we can see a lot more implementation around, you know, CSBM, you know, continuously auditing the configurations in these cloud environments become a, a standard table stake, you know, investment from every stage of any business, right? Whether from early state startups, all the way to, you know, public companies. So I think it's very well understood and, and the, and the investment has been steady and robust when it comes to cloud security. We've been busy, you know, you know, helping our customers and AWS Azure environments and, and others. So I, I think it's well understood. And, and, and we are on a very optimistic note actually in a good place when it comes to public cloud. >>Yeah. A lot of great momentum, a lot of scale and data act out there. People sharing data, shared responsibility. Tim is in, thank you for sharing your insights here in this cube segment coverage of reinforce here in Boston. Appreciate it. >>All right. Thanks for having >>Us. Thank you. >>Okay, everyone. Thanks for watching the we're here at the reinforced conference. AWS, Amazon web services reinforced. It's a security focused conference. I'm John furier host of the cube. We'd right back with more coverage after the short break.

>>Hello, Ron. Welcome to AWS reinforce here. Live in Boston, Massachusetts. I'm John feer, host of the cube. We're here at Carl Matson. CSO at no name security. That's right, no name security, no name securities, also a featured partner at season two, episode four of our upcoming eightish startup showcase security themed event happening in the end of August. Look for that at this URL, AWS startups.com, but we're here at reinforc Carl. Thanks for joining me today. Good to see >>You. Thank you for having us, John. >>So this show security, it's not as packed as the eight of us summit was in New York. That just happened two weeks ago, 19,000 people here, more focused crowd. Lot at stake operations are under pressure. The security teams are under a lot of pressure as apps drive more and more cloud native goodness. As we say, the gen outta the bottle, people want more cloud native apps. Absolutely. That's put a lot of pressure on the ops teams and the security teams. That's the core theme here. How do you see it happening? How do you see this unfolding? Do you agree with that? And how would you describe today's event? >>Well, I think you're, you're spot on. I think the, the future of it is increasingly becoming the story of developers and APIs becoming the hero, the hero of digital transformation, the hero of public cloud adoption. And so this is really becoming much more of a developer-centric discussion about where we're moving our applications and, and where they're hosted, but also how they're designed. And so there's a lot of energy around that right now around focusing security capabilities that really appeal to the sensibilities and the needs of, of modern applications. >>I want to get to know name security a second, and let you explain what you guys do. Then I'll have a few good questions for you to kind of unpack that. But the thing about the structural change that's happened with cloud computing is kind of, and kind of in the past now, DevOps cloud scale, large scale data, the rise of the super cloud companies like snowflake capital, one there's examples of companies that don't even have CapEx investments building on the cloud. And in a way, our, the success of DevOps has created another sea of problems and opportunities that is more complexity as the benefits of DevOps and open source, continue to rise, agile applications that have value can be quantified. There's no doubt with the pandemic that's value there. Yeah. Now you have the collateral damage of success, a new opportunity to abstract away, more complexity to go to the next level. Yep. This is a big industry thing. What are the key opportunities and areas as this new environment, cuz that's the structural change happening now? Yep. What's the key dynamics right now. That's driving this new innovation and what are some of those problem areas that are gonna be abstracted away that you see? >>Well, the, the first thing I I'd suggest is is to, to lean into those structural changes and take advantage of them where they become an advantage for governance, security risk. A perfect example is automation. So what we have in microservices, applications and cloud infrastructures and new workloads like snowflake is we have workloads that want to talk, they want to be interoperated with. And because of that, we can develop new capabilities that take advantage of those of those capabilities. And, and so we want to have on our, on our security teams in particular is we wanna have the talent and the tools that are leaning into and capitalizing on exactly those strengths of, of the underlying capabilities that you're securing rather than to counter that trend, that the, the security professional needs to get ahead of it and, and be a part of that discussion with the developers and the infrastructure teams. >>And, and again, the tructure exchange could kill you too as well. I mean, some benefits, you know, data's the new oil, but end of the day it could be a problematic thing. Sure. All right. So let's get that. No names talk about the company. What you guys do, you have an interesting approach, heavily funded, good success, good buzz. What's going on with the company? Give the quick overview. >>Well, we're a company that's just under three years old and, and what APIs go back, of course, a, a decade or more. We've all been using APIs for a long time, but what's really shifted over the last couple of years is the, is the transition of, of applications and especially business critical processes to now writing on top of public facing APIs where API used to be the behind the scenes interconnection between systems. Now those APIs are exposed to their public facing. And so what we focus on as a company is looking at that API as a, as a software endpoint, just like any other endpoint in our environments that we're historically used to. That's an endpoint that needs full life cycle protection. It needs to be designed well secure coding standards for, for APIs and tested. Well, it also has to be deployed into production configured well and operated well. And when there's a misuse or an attack in progress, we have to be able to protect and identify the, the risks to that API in production. So when you add that up, we're looking at a full life cycle view of the API, and it's really it's about time because the API is not new yet. We're just starting to now to apply like actual discipline and, and practices that help keep that API secure. >>Yeah. It's interesting. It's like what I was saying earlier. They're not going anywhere. They're not going, they're the underpinning, the underlying benefit of cloud yes. Cloud native. So it's just more, more operational stability, scale growth. What are some of the challenges that, that are there and what do you guys do particularly to solve it? You're protecting it. Are you scaling it? What specifically are you guys addressing? >>But sure. So I think API security, even as a, as a discipline is not new, but I think the, the, the traditional look at API security looks only at, at the quality of the source code. Certainly quality of the source code of API is, is sort of step one. But what we see in, in practices is most of the publicly known API compromises, they weren't because of bad source code that they because of network misconfiguration or the misapplication of policy during runtime. So a great example of that would be developer designs, an API designs. It in such a way that Gar that, that enforces authentication to be well designed and strong. And then in production, those authentication policies are not applied at a gateway. So what we add to the, we add to the, to the conversation on API security is helping fill all those little gaps from design and testing through production. So we can see all of the moving parts in the, the context of the API to see how it can be exploited and, and how we can reduce risk in independent of. >>So this is really about hardening the infrastructure yep. Around cuz the developer did their job in that example. Yep. So academic API is well formed working, but something didn't happen on the network or gateway box or app, you know, some sort of network configuration or middleware configuration. >>Absolutely. So in our, in our platform, we, we essentially have sort of three functional areas. There's API code testing, and then we call next is posture management posture. Management's a real thing. If we're talking about a laptop we're talking about, is it up to date with patches? Is it configured? Well, is it secure network connectivity? The same is true with APIs. They have to be managed and cared for by somebody who's looking at their posture on the network. And then of course then there's threat defense and run time protection. So that posture management piece, that's really a new entrant into the discussion on API security. And that's really where we started as a company is focusing on that sort of acute gap of information, >>Posture, protection, >>Posture, and protection. Absolutely >>Define that. What does that, what does posture posture protection mean? How would you define that? >>Sure. I think it's a, it's identifying the inherent risk exposure of an API. Great example of that would be an API that is addressable by internal systems and external systems at the same time. Almost always. That is, that is an error. It's a mistake that's been made so well by, by identifying that misconfiguration of posture, then we can, we can protect that API by restricting the internet connectivity externally. That's just a great example of posture. We see almost every organization has that and it's never intended. >>Great, great, great call out. Thanks for sharing. All right, so I'm a customer. Yep. Okay. Look at, Hey, I already got an app firewall API gateway. Why do I need another tool? >>Well, first of all, web application firewalls are sort of essential parts of a security ecosystem. An API management gateway is usually the brain of an API economy. What we do is we, we augment those platforms with what they don't do well and also when they're not used. So for example, in, in any environment, we, we aspire to have all of our applications or APIs protected by web application firewall. First question is, are they even behind the web? Are they behind the w at all? We're gonna find that the WAFF doesn't know if it's not protecting something. And then secondary, there are attack types of business logic in particular of like authentication policy that a WAFF is not gonna be able to see. So the WAFF and the API management plan, those are the key control points and we can help make those better. >>You know what I think is cool, Carl, as you're bringing up a point that we're seeing here and we've seen before, but now it's kind of coming at the visibility. And it was mentioned in the keynote by one of the presenters, Kurt, I think it was who runs the platform. This idea of reasoning is coming into security. So the idea of knowing the topology know that there's dynamic stuff going on. I mean, topes aren't static anymore. Yep. And now you have more microservices. Yep. More APIs being turned on and off this runtime is interesting. So you starting to see this holistic view of, Hey, the secret sauce is you gotta be smarter. Yep. And that's either machine learning or AI. So, so how does that relate to what you guys do? Does it, cuz it sounds like you've got something of that going on with the product. Is that fair or yeah. >>Yeah, absolutely. So we, yeah, we talked about posture, so that's, that's really the inherent quality or secure posture of a, of an API. And now let's talk about sending traffic through that API, the request and response. When we're talking about organizations that have more APIs than they have people, employees, or, or tens of thousands, we're seeing in some customers, the only way to identify anomalous traffic is through machine learning. So we apply a machine learning model to each and every API in independently for itself because we wanna learn how that API is supposed to be behave. Where is it supposed to be talking? What kind of data is it supposed to be trafficking in, in, in all its facets. So we can model that activity and then identify the anomaly where there's a misuse, there's an attacker event. There's an, an insider employee is doing something with that API that's different. And that's really key with APIs is, is that no, a no two APIs are alike. Yeah. They really do have to be modeled individually rather than I can't share my, my threat signatures for my API, with your organization, cuz your APIs are different. And so we have to have that machine learning approach in order to really identify that >>Anomaly and watch the credentials, permissions. Absolutely all those things. All right. Take me through the life cycle of an API. There's pre-production postproduction what do I need to know about those two, those two areas with respect to what you guys do? >>Sure. So the pre-production activities are really putting in the hands of a developer or an APSEC team. The ability to test that API during its development and, and source code testing is one piece, but also in pre-production are we modeling production variables enough to know what's gonna happen when I move it into production? So it's one thing to have secure source code, of course, but then it's also, do we know how that API's gonna interact with the world once it's sort of set free? So the testing capabilities early life cycle is really how we de-risk in the long term, but we all have API ecosystems that are existing. And so in production we're applying the, all of those same testing of posture and configuration issues in runtime, but really what it, it may sound cliche to say, we wanna shift security left, but in APIs that's, that's a hundred percent true. We want to keep moving our, our issue detection to the earliest possible point in the development of an API. And that gives us the greatest return in the API, which is what we're all looking for is to capitalize on it as an agent of transformation. >>All right, let's take the customer perspective. I'm the customer, Carl, Carl, why do I need you? And how are you different from the competition? And if I like it, how do I get started? >>Sure. So the, the, the first thing that we differentiate selves from the customer is, or from our competitors is really looking at the API as an entire life cycle of activities. So whether it's from the documentation and the design and the secure source code testing that we can provide, you know, pre-development, or pre-deployment through production posture, through runtime, the differentiator really for us is being a one-stop shop for an entire API security program. And that's very important. And as that one stop shop, the, the great thing about that when having a conversation with a customer is not every customer's at the same point in their journey. And so if, if a customer discussion really focuses on their perhaps lack of confidence in their code testing, maybe somebody else has a lack of confidence in their runtime detection. We can say yes to those conversations, deliver value, and then consider other things that we can do with that customer along a whole continuum of life cycle. And so it allows us to have a customer conversation where we don't need to say, no, we don't do that. If it's an API, the answer is, yes, we do do that. And that's really where we, you know, we have an advantage, I think, in, in looking at this space and, and, and being able to talk with pretty much any customer in any vertical and having a, having a solution that, that gives them something value right away. >>And how do I get started? I like it. You sold me on, on operationalizing it. I like the one stop shop. I, my APIs are super important. I know that could be potential exposure, maybe access, and then lateral movement to a workload, all kinds of stuff could happen. Sure. How do I get started? What do I do to solve >>This? Well, no name, security.com. Of course we, we have, you know, most customers do sandboxing POVs as part of a trial period for us, especially with, you know, being here at AWS is wonderful because these are customers who's with whom we can integrate with. In a matter of minutes, we're talking about literally updating an IAM role. Permission is the complexity of implementation because cloud friendly workloads really allow us to, to do proofs of concept and value in a matter of minutes to, to achieve that value. So whether it's a, a dedicated sandbox for one customer, whether it's a full blown POC for a complicated organization, you know, whether it's here at AWS conference or, or, or Nona security.com, we would love to do a, do a, like a free demo test drive and assessment. >>Awesome. And now you guys are part of the elite alumni of our startup showcase yep. Where we feature the hot startups, obviously it's the security focuses episodes about security. You guys have been recognized by the industry and AWS as, you know, making it, making it happen. What specifically is your relationship with AWS? Are you guys doing stuff together? Cuz they're, they're clearly integrating with their partners. Yeah. I mean, they're going to companies and saying, Hey, you know what, the more we're integrated, the better security everyone gets, what are you doing with Amazon? Can you share any tidbits? You don't have to share any confidential information, but can you give us a little taste of the relationship? >>Well, so I think we have the best case scenario with our relationship with AWSs is, is as a, as a very, very small company. Most of our first customers were AWS customers. And so to develop the, the, the initial integrations with AWS, what we were able to do is have our customers, oftentimes, which are large public corporations, go to AWS and say, we need, we need that company to be through your marketplace. We need you to be a partner. And so that partnership with, with AWS has really grown from, you know, gone from zero to 60 to, you know, miles per hour in a very short period of time. And now being part of the startup program, we have a variety of ways that a customer can, can work with us from a direct purchase through the APS marketplace, through channel partners and, and VA, we really have that footprint now in AWS because our customers are there and, and they brought our customers to AWS with us. >>It's it nice. The customers pulls you to AWS. Yes. Its pulls you more customers. Yep. You get kind of intermingled there, provide the value. And certainly they got, they, they hyperscale so >>Well, that creates depth of the relationship. So for example, as AWS itself is evolving and changing new services become available. We are a part of that inner circle. So to speak, to know that we can make sure that our technology is sort of calibrated in advance of that service offering, going out to the rest of the world. And so it's a really great vantage point to be in as a startup. >>Well, Carl, the CISO for no name security, you're here on the ground. You partner with AWS. What do you think of the show this year? What's the theme. What's the top story one or two stories that you think of the most important stories that people should know about happening here in the security world? >>Well, I don't think it's any surprise that almost every booth in the, in the exhibit hall has the words cloud native associated with it. But I also think that's, that's, that's the best thing about it, which is we're seeing companies and, and I think no name is, is a part of that trend who have designed capabilities and technologies to take advantage and lean into what the cloud has to offer rather than compensating. For example, five years ago, when we were all maybe wondering, will the cloud ever be as secure as my own data center, those days are over. And we now have companies that have built highly sophisticated capabilities here in the exhibit hall that are remarkably better improvements in, in securing the cloud applications in, in our environments. So it's a, it's a real win for the cloud. It's something of a victory lap. If, if you hadn't already been there, you should be there at this point. >>Yeah. And the structural change is happening now that's clear and I'd love to get your reaction if you agree with it, is that the ops on security teams are now being pulled up to the level that the developers are succeeding at, meaning that they have to be in the boat together. Yes. >>Oh, lines of, of reporting responsibility are becoming less and less meaningful and that's a good thing. So we're having just in many conversations with developers or API management center of excellence teams to cloud infrastructure teams as we are security teams. And that's a good thing because we're finally starting to have some degree of conversions around where our interests lie in securing cloud assets. >>So developers ops security all in the boat together, sync absolutely together or win together. >>We, we, we win together, but we don't win on day one. We have to practice like we as organizations we have to, we have to rethink our, we have to rethink our tech stack. Yeah. But we also have to, you have to rethink our organizational models, our processes to get there, to get >>That in, keep the straining boat in low waters. Carl, thanks for coming on. No name security. Why the name just curious, no name. I love that name. Cause the restaurant here in Boston that used to be of all the people that know that. No name security, why no name? >>Well, it was sort of accidental at, in the, in the company's first few weeks, the there's an advisory board of CISOs who provides feedback on, on seed to seed companies on their, on their concept of, of where they're gonna build platforms. And, and so in absence of a name, the founders and the original investor filled out a form, putting no name as the name of this company that was about to develop an API security solution. Well, amongst this board of CSOs, basically there was unanimous feedback that the, what they needed to do was keep the name. If nothing else, keep the name, no name, it's a brilliant name. And that was very much accidental, really just a circumstance of not having picked one, but you know, a few weeks passed and all of a sudden they were locked in because sort of by popular vote, no name was, >>Was formed. Yeah. And now the legacy, the origination story is now known here on the cube call. Thanks for coming on. Really appreciate it. Thank you, John. Okay. We're here. Live on the floor show floor of AWS reinforced in Boston, Massachusetts. I'm John with Dave ALO. Who's out and about getting the stories in the trenches in the analyst meeting. He'll be right back with me shortly day tuned for more cube coverage. After this short break.

(upbeat music) >> Okay, welcome back everyone. CUBE's coverage here in Boston, Massachusetts, AWS re:inforce 22, security conference. It's AWS' big security conference. Of course, theCUBE's here, all the reinvent, reese, remars, reinforced. We cover 'em all now and the summits. I'm John Furrier, my host Dave Vellante. We have IDC weighing in here with their analysts. We've got some great guests here, Jay Bretzmann research VP at IDC and Philip Bues research manager for Cloud security. Gentlemen, thanks for coming on. >> Thank you. >> Appreciate it. Great to be here. >> Appreciate coming. >> Got a full circle, right? (all laughing) Security's more interesting than storage, isn't it? (all laughing) >> Dave and Jay worked together. This is a great segment. I'm psyched that you guys are here. We had Crawford and Matt Eastwood on at HPE Discover a while back and really the data you guys are getting and the insights are fantastic. So congratulations to IDC. You guys doing great work. We appreciate your time. I want to get your reaction to the event and the keynotes. AWS has got some posture and they're very aggressive on some tones. Some things that we didn't hear. What's your reaction to the keynote? Share your assessment. >> So, you know, I manage two different research services at IDC right now. They are both Cloud security and identity and digital security, right? And what was really interesting is the intersection between the two this morning, because every one of those speakers that came on had something to say about identity or least privileged access, or enable MFA, or make sure that you control who gets access to what and deny explicitly. And it's always been a challenge a little bit in the identity world because a lot of people don't use MFA. And in RSA, that was another big theme at the RSA conference, MFA everywhere. Why don't they use it? Because it introduces friction and all of a sudden people can't get their jobs done. And the whole point of a network is letting people on to get that data they want to get to. So that was kind of interesting, but as we have in the industry, this shared responsibility model for Cloud computing, we've got shared responsibility for between Philip and I. (Philip laughing) I have done in the past more security of the Cloud and Philip is more security in the Cloud. >> So yeah. >> And now with Cloud operation Super Cloud, as we call it, you have on premises, private Cloud coming back, or hasn't really gone anywhere, all that on premises, Cloud operations, public Cloud, and now edge exploding with new requirements. It's really an ops challenge right now. Not so much dev. So the sec and op side is hot right now. >> Yeah, well, we've made this move from monolithic to microservices based applications. And so during the keynote this morning, the announcement around the GuardDuty Malware Protection component, and that being built into the pricing of current GuardDuty, I thought was really key. And there was also a lot of talk about partnering in security certifications, which is also so very important. So we're seeing this move towards filling in that talent gap, which I think we're all aware of in the security industry. >> So Jake, square the circle for me. So Kirk Coofell talked about Amazon AWS identity, where does AWS leave off, and companies like Okta or Ping identity or Cybertruck pickup, how are they working together? Does it just create more confusion and more tools for customers? We know the overused word of seamless. >> Yeah, yeah. >> It's never seamless, so how should we think about that? >> So, identity has been around for 35 years or something like that. Started with the mainframes and all that. And if you understand the history of it, you make more sense to the current market. You have to know where people came from and the baggage they're carrying, 'cause they're still carrying a lot of that baggage. Now, when it comes to the Cloud Service providers, they're more an accommodation from the identity standpoint. Let's make it easy inside of AWS to let you single sign on to anything in the Cloud that they have, right? Let's also introduce an additional MFA capability to keep people safer whenever we can and provide people with tools, to get into those applications somewhat easily, while leveraging identities that may live somewhere else. So there's a whole lot of the world that is still active, directory-centric, right? There's another portion of companies that were born in the Cloud that were able to jump on things like Okta and some of the other providers of these universal identities in the Cloud. So, like I said, if you understand where people came from in the beginning, you start to say, "Yeah, this makes sense." >> It's interesting you talk about mainframe. I always think about Rack F, you know. And I say, "Okay, who did what, when, where?" And you hear about a lot of those themes. So what's the best practice for MFA, that's non-SMS-based? Is it you got to wear something around your neck, is it to have sort of a third party authenticator? What are people doing that you guys would recommend? >> Yeah, one quick comment about adoption of MFA. If you ask different suppliers, what percent of your base that does SSO also does MFA, one of the biggest suppliers out there, Microsoft will tell you it's under 25%. That's pretty shocking. All the messaging that's come out about it. So another big player in the market was called Duo, Cisco bought them. >> Yep. >> And because they provide networks, a lot of people buy their MFA. They have probably the most prevalent type of MFA, it's called Push. And Push can be a red X and a green check mark to your phone, it can be a QR code, somewhere, it can be an email push as well. So that is the next easiest thing to adopt after SMS. And as you know, SMS has been denigrated by NIST and others saying, it's susceptible to man and middle attacks. It's built on a telephony protocol called SS7. Predates anything, there's no certification either side. The other real dynamic and identity is the whole adoption of PKI infrastructure. As you know, certificates are used for all kinds of things, network sessions, data encryption, well, identity increasingly. And a lot of the consumers and especially the work from anywhere, people these days have access through smart devices. And what you can do there, is you can have an agent on that smart device, generate your private key and then push out a public key and so the private key never leaves your device. That's one of the most secure ways to- >> So if our SIM card gets hacked, you're not going to be as vulnerable? >> Yeah, well, the SIM card is another challenge associated with the older ways, but yeah. >> So what do you guys think about the open source connection and they mentioned it up top. Don't bolt on security, implying shift left, which is embedding it in like sneak companies, like sneak do that. Very container oriented, a lot of Kubernetes kind of Cloud native services. So I want to get your reaction to that. And then also this reasoning angle they brought up. Kind of a higher level AI reasoning decisions. So open source, and this notion of AI reasoning. or AI reason. >> And you see more open source discussion happening, so you have your building maintaining and vetting of the upstream open source code, which is critical. And so I think AWS talking about that today, they're certainly hitting on a nerve, as you know, open source continues to proliferate. Around the automated reasoning, I think that makes sense. You want to provide guide rails and you want to provide roadmaps and you want to have sort of that guidance as to, okay, what's a correlation analysis of different tools and products? And so I think that's going to go over really well, yeah. >> One of the other key points about open source is, everybody's in a multi-cloud world, right? >> Yeah. >> And so they're worried about vendor lock in. They want an open source code base, so that they don't experience that. >> Yeah, and they can move the code around, and make sure it works well on each system. Dave and I were just talking about some of the dynamics around data control planes. So they mentioned encrypt everything which is great and I message by the way, I love that one. But oh, and he mentioned data at rest. I'm like, "What about data in flight? "Didn't hear that one." So one of the things we're seeing with SuperCloud, and now multi-cloud kind of as destinations of that, is that in digital transformation, customers are leaning into owning their data flows. >> Yeah. >> Independent of say the control plane aspects of what could come in. This is huge implications for security, where sharing data is huge, even Schmidt on stage said, we have billions and billions of things happening that we see things that no one else sees. So that implies, they're sharing- >> Quad trillion. >> Trillion, 15 zeros. (Jay laughs) >> 15 zeros. >> So that implies they're sharing that or using that pushing that into something. So sharing is huge with cyber security. So that implies open data, data flows. How do you guys see this evolving? I know it's kind of emerging, but it's becoming a nuanced point, that's critical to the architecture. >> Well, yeah, I think another way to look at that is the sharing of intelligence and some of the recent directives, from the executive branch, making it easier for private companies to share data and intelligence, which I think strengthens the cyber community overall. >> Depending upon the supplier, it's either an aggregate level of intelligence that has been anonymized or it's specific intelligence for your environment that everybody's got a threat feed, maybe two or three, right? (John laughs) But back to the encryption point, I mean, I was working for an encryption startup for a little while after I left IBM, and the thing is that people are scared of it. They're scared of key management and rotation. And so when you provide- >> Because they might lose the key. >> Exactly. >> Yeah. >> It's like shooting yourself in the foot, right? So that's when you have things like, KMS services from Amazon and stuff that really help out a lot. And help people understand, okay, I'm not alone in this. >> Yeah, crypto owners- >> They call that hybrid, the hybrid key, they don't know how they call the data, they call it the hybrid. What was that? >> Key management service? >> The hybrid- >> Oh, hybrid HSM, correct? >> Yeah, what is that? What is that? I didn't get that. I didn't understand what he meant by the hybrid post quantum key agreement. >> Hybrid post quantum key exchange. >> AWS never made a product name that didn't have four words in it. (John laughs) >> But he did reference the new NIST algos. And I think I inferred that they were quantum proof or they claim to be, and AWS was testing those. >> Correct, yeah. >> So that was kind of interesting, but I want to come back to identity for a second. So, this idea of bringing traditional IAM and Privileged Access Management together, is that a pipe dream, is that something that is actually going to happen? What's the timeframe, what's your take on that? >> So, there are aspects of privilege in every sort of identity. Back when it was only the back office that used computers for calculations, right? Then you were able to control how many people had access. There were two types of users, admins and users. These days, everybody has some aspect of- >> It's a real spectrum, really. >> Yeah. >> Granular. >> You got the C-suite, the finance people, the DevOps people, even partners and whatever. They all need some sort of privileged access, and the term you hear so much is least-privileged access, right? Shut it down, control it. So, in some of my research, I've been saying that vendors who are in the PAM space, Privilege Access Management space, will probably be growing their suites, playing a bigger role, building out a stack, because they have the expertise and the perspective that says, "We should control this better." How do we do that, right? And we've been seeing that recently. >> Is that a combination of old kind of antiquated systems meets for proprietary hyper scale, or kind of like build your own? 'Cause I mean, Amazon, these guys, Facebook, they all build their own stuff. >> Yes, they do. >> Then enterprises buy services from general purpose identity management systems. >> So as we were talking about knowing the past and whatever, Privileged Access Management used to be about compliance reporting. Just making sure that I knew who accessed what? And could prove it, so I didn't fail at all. >> It wasn't a critical infrastructure item. >> No, and now these days, what it's transitioning into, is much more risk management, okay. I know what our risk is, I'm ahead of it. And the other thing in the PAM space, was really session monitor. Everybody wanted to watch every keystroke, every screen's scrape, all that kind of stuff. A lot of the new Privileged Access Management, doesn't really require that. It's a nice to have feature. You kind of need it on the list, but is anybody really going to implement it? That's the question, right. And then if you do all that session monitoring, does anybody ever go back and look at it? There's only so many hours in the day. >> How about passwordless access? (Jay laughs) I've heard people talk about that. I mean, that's as a user, I can't wait but- >> Well, it's somewhere we want to all go. We all want identity security to just disappear and be recognized when we log in. So the thing with passwordless is, there's always a password somewhere. And it's usually part of a registration action. I'm going to register my device with a username password, and then beyond that I can use my biometrics, right? I want to register my device and get a private key, that I can put in my enclave, and I'll use that in the future. Maybe it's got to touch ID, maybe it doesn't, right? So even though there's been a lot of progress made, it's not quote, unquote, truly passwordless. There's a group, industry standards group called Fido. Which is Fast Identity Online. And what they realized was, these whole registration passwords, that's really a single point of failure. 'Cause if I can't recover my device, I'm in trouble. So they just did new extension to sort of what they were doing, which provides you with much more of like an iCloud vault that you can register that device in and other devices associated with that same identity. >> Get you to it if you have to. >> Exactly. >> I'm all over the place here, but I want to ask about ransomware. It may not be your wheelhouse. But back in the day, Jay, remember you used to cover tape. All the backup guys now are talking about ransomware. AWS mentioned it today and they showed a bunch of best practices and things you can do. Air gaps wasn't one of them. I was really surprised 'cause that's all every anybody ever talks about is air gaps and a lot of times that air gap could be a guess to the Cloud, I guess, I'm not sure. What are you guys seeing on ransomware apps? >> We've done a lot of great research around ransomware as a service and ransomware, and we just had some data come out recently, that I think in terms of spending and spend, and as a result of the Ukraine-Russia war, that ransomware assessments rate number one. And so it's something that we encourage, when we talk to vendors and in our services, in our publications that we write about taking advantage of those free strategic ransomware assessments, vulnerability assessments, as well and then security and training ranked very highly as well. So, we want to make sure that all of these areas are being funded well to try and stay ahead of the curve. >> Yeah, I was surprised to not see air gaps on the list, that's all everybody talks about. >> Well, the old model for air gaping in the land days, the novel days, you took your tapes home and put them in the sock drawer. (all laughing) >> Well, it's a form of air gap. (all laughing) >> Security and no one's going to go there and clean out. >> And then the internet came around and ruined it. >> Guys, final question we want to ask you, guys, we kind of zoom out, great commentary by the way. Appreciate it. We've seen this in many markets, a collection of tools emerge and then there's its tool sprawl. So cyber we're seeing the trend now where mon goes up on stage of all the ecosystems, probably other vendors doing the same thing where they're organizing a platform on top of AWS to be this super platform, for super Cloud capability by building a more platform thing. So we're saying there's a platform war going on, 'cause customers don't want the complexity. I got a tool but it's actually making it more complex if I buy the other tool. So the tool sprawl becomes a problem. How do you guys see this? Do you guys see this platform emerging? I mean tools won't go away, but they have to be easier. >> Yeah, we do see a consolidation of functionality and services. And we've been seeing that, I think through a 2020 Cloud security survey that we released that was definitely a trend. And that certainly happened for many companies over the last six to 24 months, I would say. And then platformization absolutely is something we talk and write about all the time so... >> Couple of years ago, I called the Amazon tool set an erector set because it really required assembly. And you see the emphasis on training here too, right? You definitely need to go to AWS University to be competent. >> It wasn't Lego blocks yet. >> No. >> It was erector set. >> Yeah. >> Very good distinction. >> Loose. >> And you lose a few. (chuckles) >> But still too many tools, right? You see, we need more consolidation. It's getting interesting because a lot of these companies have runway and you look at sale point at stock prices held up 'cause of the Thoma Bravo acquisition, but all the rest of the cyber stocks have been crushed especially the high flyers, like a Sentinel-1 one or a CrowdStrike, but just still M and A opportunity. >> So platform wars. Okay, final thoughts. What do you, think is happening next? What's your outlook for the next year or so? >> So, in the identity space, I'll talk about, Philip can cover Cloud for us. It really is more consolidation and more adoption of things that are beyond simple SSO. It was, just getting on the systems and now we really need to control what you're able to get to and who you are. And do it as transparently as we possibly can, because otherwise, people are going to lose productivity. They're not going to be able to get to what they want. And that's what causes the C-suite to say, "Wait a minute," DevOps, they want to update the product every day. Make it better. Can they do that or did security get in the way? People, every once in a while call security, the Department of No, right? >> They ditch it on stage. They want to be the Department of Yes. >> Exactly. >> Yeah. >> And the department that creates additional value. If you look at what's going on with B2C or CIAM, consumer oriented identity, that is all about opening up new direct channels and treating people like their old friends, not like you don't know them, you have to challenge them. >> We always say, you want to be in the boat together, it sinks or not. >> Yeah. Exactly. >> Philip I'm glad- >> Okay, what's your take? What's your outlook for the year? >> Yeah, I think, something that we've been seeing as consolidation and integration, and so companies looking at from built time to run time, investing in shift left infrastructure is code. And then also in the runtime detection, makes perfect sense to have both the agent and agent lists so that you're covering any of the gaps that might exist. >> Awesome, Jay Phillip, thanks for coming on "theCUBE" with IDC and sharing your- >> Oh, our pleasure- >> Perspective, commentary and insights and outlook. Appreciate it. >> You bet. >> Thank you. >> Okay, we've got the great direction here from IDC analyst here on the queue. I'm John Furrier, Dave Vellante. Be back more after this short break. (bright upbeat music)

(upbeat music) >> Okay, welcome back everyone in live coverage here at theCUBE, Boston, Massachusetts, for AWS re:inforce 22 security conference for Amazon Web Services. Obviously reinvent the end of the years' the big celebration, "re:Mars" is the new show that we've covered as well. The res are here with theCUBE. I'm John Furrier, host with a great guest, Ameesh Divatia, co-founder, and CEO of a company called "Baffle." Ameesh, thanks for joining us on theCUBE today, congratulations. >> Thank you. It's good to be here. >> And we got the custom encrypted socks. >> Yup, limited edition >> 64 bitter 128. >> Base 64 encoding. >> Okay.(chuckles) >> Secret message in there. >> Okay.(chuckles) Secret message.(chuckles) We'll have to put a little meme on the internet, figure it out. Well, thanks for comin' on. You guys are goin' hot right now. You guys a hot startup, but you're in an area that's going to explode, we believe. >> Yeah. >> The SuperCloud is here, we've been covering that on theCUBE that people are building on top of the Amazon Hyperscalers. And without the capex, they're building platforms. The application tsunami has come and still coming, it's not stopping. Modern applications are faster, they're better, and they're driving a lot of change under the covers. >> Absolutely. Yeah. >> And you're seeing structural change happening in real time, in ops, the network. You guys got something going on in the encryption area. >> Yes >> Data. Talk about what you guys do. >> Yeah. So we believe very strongly that the next frontier in security is data. We've had multiple waves in security. The next one is data, because data is really where the threats will persist. If the data shows up in the wrong place, you get into a lot of trouble with compliance. So we believe in protecting the data all the way down at the field, or record level. That's what we do. >> And you guys doing all kinds of encryption, or other things? >> Yes. So we do data transformation, which encompasses three different things. It can be tokenization, which is format preserving. We do real encryption with counter mode, or we can do masked views. So tokenization, encryption, and masking, all with the same platform. >> So pretty wide ranging capabilities with respect to having that kind of safety. >> Yes. Because it all depends on how the data is used down the road. Data is created all the time. Data flows through pipelines all the time. You want to make sure that you protect the data, but don't lose the utility of the data. That's where we provide all that flexibility. >> So Kurt was on stage today on one of the keynotes. He's the VP of the platform at AWS. >> Yes. >> He was talking about encrypts, everything. He said it needs, we need to rethink encryption. Okay, okay, good job. We like that. But then he said, "We have encryption at rest." >> Yes. >> That's kind of been there, done that. >> Yes. >> And, in-flight? >> Yeah. That's been there. >> But what about in-use? >> So that's exactly what we plug. What happens right now is that data at rest is protected because of discs that are already self-encrypting, or you have transparent data encryption that comes native with the database. You have data in-flight that is protected because of SSL. But when the data is actually being processed, it's in the memory of the database or datastore, it is exposed. So the threat is, if the credentials of the database are compromised, as happened back then with Starwood, or if the cloud infrastructure is compromised with some sort of an insider threat like a Capital One, that data is exposed. That's precisely what we solve by making sure that the data is protected as soon as it's created. We use standard encryption algorithms, AES, and we either do format preserving, or true encryption with counter mode. And that data, it doesn't really matter where it ends up, >> Yeah. >> because it's always protected. >> Well, that's awesome. And I think this brings up the point that we want been covering on SiliconAngle in theCUBE, is that there's been structural change that's happened, >> Yes. >> called cloud computing, >> Yes. >> and then hybrid. Okay. Scale, role of data, higher level abstraction of services, developers are in charge, value creations, startups, and big companies. That success is causing now, a new structural change happening now. >> Yes. >> This is one of them. What areas do you see that are happening right now that are structurally changing, that's right in front of us? One is, more cloud native. So the success has become now the problem to solve - >> Yes. >> to get to the next level. >> Yeah. >> What are those, some of those? >> What we see is that instead of security being an afterthought, something that you use as a watchdog, you create ways of monitoring where data is being exposed, or data is being exfiltrated, you want to build security into the data pipeline itself. As soon as data is created, you identify what is sensitive data, and you encrypt it, or tokenize it as it flows into the pipeline using things like Kafka plugins, or what we are very clearly differentiating ourselves with is, proxy architectures so that it's completely transparent. You think you're writing to the datastore, but you're actually writing to the proxy, which in turn encrypts the data before its stored. >> Do you think that's an efficient way to do it, or is the only way to do it? >> It is a much more efficient way of doing it because of the fact that you don't need any app-dev resources. There are many other ways of doing it. In fact, the cloud vendors provide development kits where you can just go do it yourself. So that is actually something that we completely avoid. And what makes it really, really interesting is that once the data is encrypted in the data store, or database, we can do what is known as "Privacy Enhanced Computation." >> Mm. >> So we can actually process that data without decrypting it. >> Yeah. And so proxies then, with cloud computing, can be very fast, not a bottleneck that could be. >> In fact, the cloud makes it so. It's very hard to - >> You believe that? >> do these things in static infrastructure. In the cloud, there's infinite amount of processing available, and there's containerization. >> And you have good network. >> You have very good network, you have load balancers, you have ways of creating redundancy. >> Mm. So the cloud is actually enabling solutions like this. >> And the old way, proxies were seen as an architectural fail, in the old antiquated static web. >> And this is where startups don't have the baggage, right? We didn't have that baggage. (John laughs) We looked at the problem and said, of course we're going to use a proxy because this is the best way to do this in an efficient way. >> Well, you bring up something that's happening right now that I hear a lot of CSOs and CIOs and executives say, CXOs say all the time, "Our", I won't say the word, "Our stuff has gotten complicated." >> Yes. >> So now I have tool sprawl, >> Yeah. >> I have skill gaps, and on the rise, all these new managed services coming at me from the vendors who have never experienced my problem. And their reaction is, they don't get my problem, and they don't have the right solutions, it's more complexity. They solve the complexity by adding more complexity. >> Yes. I think we, again, the proxy approach is a very simple. >> That you're solving that with that approach. >> Exactly. It's very simple. And again, we don't get in the way. That's really the the biggest differentiator. The forcing function really here is compliance, right? Because compliance is forcing these CSOs to actually adopt these solutions. >> All right, so love the compliance angle, love the proxy as an ease of use, take the heavy lifting away, no operational problems, and deviations. Now let's talk about workloads. >> Yeah. >> 'Cause this is where the use is. So you got, or workloads being run large scale, lot a data moving around, computin' as well. What's the challenge there? >> I think it's the volume of the data. Traditional solutions that we're relying on legacy tokenizations, I think would replicate the entire storage because it would create a token wall, for example. You cannot do that at this scale. You have to do something that's a lot more efficient, which is where you have to do it with a cryptography approach. So the workloads are diverse, lots of large files in the workloads as well as structured workloads. What we have is a solution that actually goes across the board. We can do unstructured data with HTTP proxies, we can do structured data with SQL proxies. And that's how we are able to provide a complete solution for the pipeline. >> So, I mean, show about the on-premise versus the cloud workload dynamic right now. Hybrid is a steady state right now. >> Yeah. >> Multi-cloud is a consequence of having multiple vendors, not true multi-cloud but like, okay, they have Azure there, AWS here, I get that. But hybrid really is the steady state. >> Yes. >> Cloud operations. How are the workloads and the analytics the data being managed on-prem, and in the cloud, what's their relationship? What's the trend? What are you seeing happening there? >> I think the biggest trend we see is pipelining, right? The new ETL is streaming. You have these Kafka and Kinesis capabilities that are coming into the picture where data is being ingested all the time. It is not a one time migration. It's a stream. >> Yeah. >> So plugging into that stream is very important from an ingestion perspective. >> So it's not just a watchdog. >> No. >> It's the pipelining. >> It's built in. It's built-in, it's real time, that's where the streaming gets another diverse access to data. >> Exactly. >> Data lakes. You got data lakes, you have pipeline, you got streaming, you mentioned that. So talk about the old school OLTP, the old BI world. I think Power BI's like a $30 billion product. >> Yeah. >> And you got Tableau built on OLTP building cubes. Aren't we just building cubes in a new way, or, >> Well. >> is there any relevance to the old school? >> I think there, there is some relevance and in fact that's again, another place where the proxy architecture really helps, because it doesn't matter when your application was built. You can use Tableau, which nobody has any control over, and still process encrypted data. And so can with Power BI, any Sequel application can be used. And that's actually exactly what we like to. >> So we were, I was talking to your team, I knew you were coming on, and they gave me a sound bite that I'm going to read to the audience and I want to get your reaction to. >> Sure. >> 'Cause I love this. I fell out of my chair when I first read this. "Data is the new oil." In 2010 that was mentioned here on theCUBE, of course. "Data is the new oil, but we have to ensure that it does not become the next asbestos." Okay. That is really clever. So we all know about asbestos. I add to the Dave Vellante, "Lead paint too." Remember lead paint? (Ameesh laughs) You got to scrape it out and repaint the house. Asbestos obviously causes a lot of cancer. You know, joking aside, the point is, it's problematic. >> It's the asset. >> Explain why that sentence is relevant. >> Sure. It's the assets and liabilities argument, right? You have an asset which is data, but thanks to compliance regulations and Gartner says 75% of the world will be subject to privacy regulations by 2023. It's a liability. So if you don't store your data well, if you don't process your data responsibly, you are going to be liable. So while it might be the oil and you're going to get lots of value out of it, be careful about the, the flip side. >> And the point is, there could be the "Grim Reaper" waiting for you if you don't do it right, the consequences that are quantified would be being out of business. >> Yes. But here's something that we just discovered actually from our survey that we did. While 93% of respondents said that they have had lots of compliance related effects on their budgets. 75% actually thought that it makes them better. They can use the security postures as a competitive differentiator. That's very heartening to us. We don't like to sell the fear aspect of this. >> Yeah. We like to sell the fact that you look better compared to your neighbor, if you have better data hygiene, back to the. >> There's the fear of missing out, or as they say, "Keeping up with the Joneses", making sure that your yard looks better than the next one. I get the vanity of that, but you're solving real problems. And this is interesting. And I want to get your thoughts on this. I found, I read that you guys protect more than a 100 billion records across highly regulated industries. Financial services, healthcare, industrial IOT, retail, and government. Is that true? >> Absolutely. Because what we are doing is enabling SaaS vendors to actually allow their customers to control their data. So we've had the SaaS vendor who has been working with us for over three years now. They store confidential data from 30 different banks in the country. >> That's a lot of records. >> That's where the record, and. >> How many customers do you have? >> Well, I think. >> The next round of funding's (Ameesh laughs) probably they're linin' up to put money into you guys. >> Well, again, this is a very important problem, and there are, people's businesses are dependent on this. We're just happy to provide the best tool out there that can do this. >> Okay, so what's your business model behind? I love the success, by the way, I wanted to quote that stat to one verify it. What's the business model service, software? >> The business model is software. We don't want anybody to send us their confidential data. We embed our software into our customers environments. In case of SaaS, we are not even visible, we are completely embedded. We are doing other relationships like that right now. >> And they pay you how? >> They pay us based on the volume of the data that they're protecting. >> Got it. >> That in that case which is a large customers, large enterprise customers. >> Pay as you go. >> It is pay as you go, everything is annual licenses. Although, multi-year licenses are very common because once you adopt the solution, it is very sticky. And then for smaller customers, we do base our pricing also just on databases. >> Got it. >> The number of databases. >> And the technology just reviewed low-code, no-code implementation kind of thing, right? >> It is by definition, no code when it comes to proxy. >> Yeah. >> When it comes to API integration, it could be low code. Yeah, it's all cloud-friendly, cloud-native. >> No disruption to operations. >> Exactly. >> That's the culprit. >> Well, yeah. >> Well somethin' like non-disruptive operations.(laughs) >> No, actually I'll give an example of a migration, right? We can do live migrations. So while the databases are still alive, as you write your. >> Live secure migrations. >> Exactly. You're securing - >> That's the one that manifests. >> your data as it migrates. >> Awright, so how much funding have you guys raised so far? >> We raised 36 and a half, series A, and B now. We raised that late last year. >> Congratulations. >> Thank you. >> Who's the venture funders? >> True Ventures is our largest investor, followed by Celesta Capital, National Grid Partners is an investor, and so is Engineering Capital and Clear Vision Ventures. >> And the seed and it was from Engineering? >> Seed was from Engineering. >> Engineering Capital. >> And then True came in very early on. >> Okay. >> Greenspring is also an investor in us, so is Industrial Ventures. >> Well, privacy has a big concern, big application for you guys. Privacy, secure migrations. >> Very much so. So what we are believe very strongly in the security's personal, security is yours and my data. Privacy is what the data collector is responsible for. (John laughs) So the enterprise better be making sure that they've complied with privacy regulations because they don't tell you how to protect the data. They just fine you. >> Well, you're not, you're technically long, six year old start company. Six, seven years old. >> Yeah. >> Roughly. So yeah, startups can go on long like this, still startup, privately held, you're growing, got big records under management there, congratulations. What's next? >> I think scaling the business. We are seeing lots of applications for this particular solution. It's going beyond just regulated industries. Like I said, it's a differentiating factor now. >> Yeah >> So retail, and a lot of other IOT related industrial customers - >> Yeah. >> are also coming. >> Ameesh, talk about the show here. We're at re:inforce, actually we're live here on the ground, the show floor buzzing. What's your takeaway? What's the vibe this year? What if you had to share what your opinion the top story here at the show, what would be the two top things, or three things? >> I think it's two things. First of all, it feels like we are back. (both laugh) It's amazing to see people on the show floor. >> Yeah. >> People coming in and asking questions and getting to see the product. The second thing that I think is very gratifying is, people come in and say, "Oh, I've heard of you guys." So thanks to digital media, and digital marketing. >> They weren't baffled. They want baffled. >> Exactly. >> They use baffled. >> Looks like, our outreach has helped, >> Yeah. >> and has kept the continuity, which is a big deal. >> Yeah, and now you're a CUBE alumni, welcome to the fold. >> Thank you. >> Appreciate you coming on. And we're looking forward to profiling you some day in our startup showcase, and certainly, we'll see you in the Palo Alto studios. Love to have you come in for a deeper dive. >> Sounds great. Looking forward to it. >> Congratulations on all your success, and thanks for coming on theCUBE, here at re:inforce. >> Thank you, John. >> Okay, we're here in, on the ground live coverage, Boston, Massachusetts for AWS re:inforce 22. I'm John Furrier, your host of theCUBE with Dave Vellante, who's in an analyst session, right? He'll be right back with us on the next interview, coming up shortly. Thanks for watching. (gentle music)

(bright music) >> Welcome back everyone to the live Cube coverage here in Boston, Massachusetts for AWS re:Inforce 22, with a great guest here, Denise Hayman, CRO, Chief Revenue of Sonrai Security. Sonrai's a featured partner of Season Two, Episode Four of the upcoming AWS Startup Showcase, coming in late August, early September. Security themed startup focused event, check it out. awsstartups.com is the site. We're on Season Two. A lot of great startups, go check them out. Sonrai's in there, now for the second time. Denise, it's great to see you. Thanks for coming on. >> Ah, thanks for having me. >> So you've been around the industry for a while. You've seen the waves of innovation. We heard encrypt everything today on the keynote. We heard a lot of cloud native. They didn't say shift left but they said don't bolt on security after the fact, be in the CI/CD pipeline or the DevStream. All that's kind of top of line, Amazon's talking cloud native all the time. This is kind of what you guys are in the middle of. I've covered your company, you've been on theCUBE before. Your, not you, but your teammates have. You guys have a unique value proposition. Take a minute to explain for the folks that don't know, we'll dig into it, but what you guys are doing. Why you're winning. What's the value proposition. >> Yeah, absolutely. So, Sonrai is, I mean what we do is it's, we're a total cloud solution, right. Obviously, right, this is what everybody says. But what we're dealing with is really, our superpower has to do with the data and identity pieces within that framework. And we're tying together all the relationships across the cloud, right. And this is a unique thing because customers are really talking to us about being able to protect their sensitive data, protect their identities. And not just people identities but the non-people identity piece is the hardest thing for them to reign in. >> Yeah. >> So, that's really what we specialize in. >> And you guys doing good, and some good reports on good sales, and good meetings happening here. Here at the show, the big theme to me, and again, listening to the keynotes, you hear, you can see what's, wasn't talk about. >> Mm-hmm. >> Ransomware wasn't talked about much. They didn't talk about air-gapped. They mentioned ransomware I think once. You know normal stuff, teamwork, encryption everywhere. But identity was sprinkled in everywhere. >> Mm-hmm. >> And I think one of the, my favorite quotes was, I wrote it down, We've security in the development cycle CSD, they didn't say shift left. Don't bolt on any of that. Now, that's not new information. We know that don't bolt, >> Right. >> has been around for a while. He said, lessons learned, this is Stephen Schmidt, who's the CSO, top dog on security, who has access to what and why over permissive environments creates chaos. >> Absolutely. >> This is what you guys reign in. >> It is. >> Explain, explain that. >> Yeah, I mean, we just did a survey actually with AWS and Forrester around what are all the issues in this area that, that customers are concerned about and, and clouds in particular. One of the things that came out of it is like 95% of clouds are, what's called over privileged. Which means that there's access running amok, right. I mean, it, it is, is a crazy thing. And if you think about the, the whole value proposition of security it's to protect sensitive data, right. So if, if it's permissive out there and then sensitive data isn't being protected, I mean that, that's where we really reign it in. >> You know, it's interesting. I zoom out, I just put my historian hat on going back to the early days of my career in late eighties, early nineties. There's always, when you have these inflection points, there's always these problems that are actually opportunities. And DevOps, infrastructure as code was all about APS, all about the developer. And now open source is booming, open source is the software industry. Open source is it in the world. >> Right. >> That's now the software industry. Cloud scale has hit and now you have the Devs completely in charge. Now, what suffers now is the Ops and the Sec, Second Ops. Now Ops, DevOps. Now, DevSecOps is where all the action is. >> Yep. >> So the, the, the next thing to do is build an abstraction layer. That's what everyone's trying to do, build tools and platforms. And so that's where the action is here. This is kind of where the innovation's happening because the networks aren't the, aren't in charge anymore either. So, you now have this new migration up to higher level services and opportunities to take the complexity away. >> Mm-hmm. >> Because what's happened is customers are getting complexity. >> That's right. >> They're getting it shoved in their face, 'cause they want to do good with DevOps, scale up. But by default their success is also their challenge. >> Right. >> 'Cause of complexity. >> That's exactly right. >> This is, you agree with that. >> I do totally agree with that. >> If you, you believe that, then what's next. What happens next? >> You know, what I hear from customers has to do with two specific areas is they're really trying to understand control frameworks, right. And be able to take these scenarios and build them into something that they, where they can understand where the gaps are, right. And then on top of that building in automation. So, the automation is a, is a theme that we're hearing from everybody. Like how, how do they take and do things like, you know it's what we've been hearing for years, right. How do we automatically remediate? How do we automatically prioritize? How do we, how do we build that in so that they're not having to hire people alongside that, but can use software for that. >> The automation has become key. You got to find it first. >> Yes. >> You guys are also part of the DevCycle too. >> Yep. >> Explain that piece. So, I'm a developer, I'm an organization. You guys are on the front end. You're not bolt-on, right? >> We can do either. We prefer it when customers are willing to use us, right. At the very front end, right. Because anything that's built in the beginning doesn't have the extra cycles that you have to go through after the fact, right. So, if you can build security right in from the beginning and have the ownership where it needs to be, then you're not having to, to deal with it afterwards. >> Okay, so how do you guys, I'm putting my customer hat on for a second. A little hard, hard question, hard problem. I got active directory on Azure. I got, IM over here with AWS. I wanted them to look the same. Now, my on-premises, >> Ah. >> Is been booming, now I got cloud operations, >> Right. >> So, DevOps has moved to my premise and edge. So, what do I do? Do I throw everything out, do a redo. How do you, how do you guys talk about, talk to customers that have that chance, 'cause a lot of them are old school. >> Right. >> ID. >> And, and I think there's a, I mean there's an important distinction here which is there's the active directory identities right, that customers are used to. But then there's this whole other area of non-people identities, which is compute power and privileges and everything that gets going when you get you know, machines working together. And we're finding that it's about five-to-one in terms of how many identities are non-human identities versus human identity. >> Wow. >> So, so you actually have to look at, >> So, programmable access, basically. >> Yeah. Yes, absolutely. Right. >> Wow. >> And privileges and roles that are, you know accessed via different ways, right. Because that's how it's assigned, right. And people aren't really paying that close attention to it. So, from that scenario, like the AD thing of, of course that's important, right. To be able to, to take that and lift it into your cloud but it's actually even bigger to look at the bigger picture with the non-human identities, right. >> What about the CISOs out there that you talk to. You're in the front lines, >> Yep. >> talking to customers and you see what's coming on the roadmap. >> Yep. >> So, you kind of get the best of both worlds. See what they, what's coming out of engineering. What's the biggest problem CISOs are facing now? Is it the sprawl of the problems, the hacker space? Is it not enough talent? What, I mean, I see the fear, what are, what are they facing? How do you, how do you see that, and then what's your conversations like? >> Yeah. I mean the, the answer to that is unfortunately yes, right. They're dealing with all of those things. And, and here we are at the intersection of, you know, this huge complex thing around cloud that's happening. There's already a gap in terms of resources nevermind skills that are different skills than they used to have. So, I hear that a lot. The, the bigger thing I think I hear is they're trying to take the most advantage out of their current team. So, they're again, worried about how to operationalize things. So, if we bring this on, is it going to mean more headcount. Is it going to be, you know things that we have to invest in differently. And I was actually just with a CISO this morning, and the whole team was, was talking about the fact that bringing us on means they have, they can do it with less resource. >> Mm-hmm. >> Like this is a a resource help for them in this particular area. So, that that was their value proposition for us, which I loved. >> Let's talk about Adrian Cockcroft who retired from AWS. He was at Netflix before. He was a big DevOps guy. He talks about how agility's been great because from a sales perspective the old model was, he called it the, the big Indian wedding. You had to get everyone together, do a POC, you know, long sales cycles for big tech investments, proprietary. Now, open sources like speed dating. You can know what's good quickly and and try things quicker. How is that, how is that impacting your sales motions. Your customer engagements. Are they fast? Are they, are they test-tried before they buy? What's the engagement model that you, you see happening that the customers like the best. >> Yeah, hey, you know, because of the fact that we're kind of dealing with this serious part of the problem, right. With the identities and, and dealing with data aspects of it it's not as fast as I would like it to be, right. >> Yeah, it's pretty important, actually. >> They still need to get in and understand it. And then it's different if you're AWS environment versus other environments, right. We have to normalize all of that and bring it together. And it's such a new space, >> Yeah. >> that they all want to see it first. >> Yeah. >> Right, so. >> And, and the consequences are pretty big. >> They're huge. >> Yeah. >> Right, so the, I mean, the scenario here is we're still doing, in some cases we'll do workshops instead of a POV or a POC. 90% of the time though we're still doing a POV. >> Yeah, you got to. >> Right. So, they can see what it is. >> They got to get their hands on it. >> Yep. >> This is one of those things they got to see in action. What is the best-of-breed? If you had to say best-of-breed in identity looks like blank. How would you describe that from a customer's perspective? What do they need the most? Is it robustness? What's some of the things that you guys see as differentiators for having a best-of-breed solution like you guys have. >> A best-of-breed solution. I mean, for, for us, >> Or a relevant solution for that matter, for the solution. >> Yeah. I mean, for us, this, again, this identity issue it, for us, it's depth and it's continuous monitoring, right. Because the issue in the cloud is that there are new privileges that come out every single day, like to the tune of like 35,000 a year. So, even if at this exact moment, it's fine. It's not going to be in another moment, right. So, having that continuous monitoring in there, and, and it solves this issue that we hear from a lot of customers also around lateral movement, right. Because like a piece of compute can be on and off, >> Yeah, yeah, yeah. >> within a few seconds, right. So, you can't use any of the old traditional things anymore. So to me, it's the continuous monitoring I think that's important. >> I think that, and the lateral movement piece, >> Yep. >> that you guys have is what I hear the most of the biggest fears. >> Mm-hmm. >> Someone gets in here and can move around, >> That's right. >> and that's dangerous. >> Mm-hmm. And, and no traditional tools will see it. >> Yeah. Yeah. >> Right. There's nothing in there unless you're instrumented down to that level, >> Yeah. >> which is what we do. You're not going to see it. >> I mean, when someone has a firewall, a perimeter based system, yeah, I'm in the castle, I'm moving around, but that's not the case here. This is built for full observability, >> That's right. >> Yet there's so many vulnerabilities. >> It's all open. Mm-hmm, yeah. And, and our view too, is, I mean you bring up vulnerabilities, right. It, it is, you know, a little bit of the darling, right. People start there. >> Yep. >> And, and our belief in our view is that, okay, that's nice. But, and you do have to do that. You have to be able to see everything right, >> Yep. >> to be able to operationalize it. But if you're not dealing with the sensitive data pieces right, and the identities and stuff that's at the core of what you're trying to do >> Yeah. >> then you're not going to solve the problem. >> Yeah. Denise, I want to ask you. Because you make what was it, five-to-one was the machine to humans. I think that's actually might be low, on the low end. If you could imagine. If you believe that's true. >> Yep. >> I believe that's true by the way If microservices continues to be the, be the wave. >> Oh, it'll just get bigger. >> Which it will. It's going to much bigger. >> Yeah. >> Turning on and off, so, the lateral movement opportunities are going to be greater. >> Yep. >> That's going to be a bigger factor. Okay, so how do I protect myself. Now, 'cause developer productivity is also important. >> Mm-hmm. >> 'Cause, I've heard horror stories like, >> Yep. >> Yeah, my Devs are cranking away. Uh-oh, something's out there. We don't know about it. Everyone has to stop, have a meeting. They get pulled off their task. It's kind of not agile. >> Right. Right. >> I mean, >> Yeah. And, and, in that vein, right. We have built the product around what we call swim lanes. So, the whole idea is we're prioritizing based on actual impact and context. So, if it's a sandbox, it probably doesn't matter as much as if it's like operational code that's out there where customers are accessing it, right. Or it's accessing sensitive data. So, we look at it from a swim lane perspective. When we try to get whoever needs to solve it back to the person that is responsible for it. So we can, we can set it up that way. >> Yeah. I think that, that's key insight into operationalizing this. >> Yep. >> And remediation is key. >> Yes. >> How, how much, how important is the timing of that. When you talk to your customer, I mean, timing is obviously going to be longer, but like seeing it's one thing, knowing what to do is another. >> Yep. >> Do you guys provide that? Is that some of the insights you guys provide? >> We do, it's almost like, you know, us. The, and again, there's context that's involved there, right? >> Yeah. >> So, some remediation from a priority perspective doesn't have to be immediate. And some of it is hair on fire, right. So, we provide actually, >> Yeah. >> a recommendation per each of those situations. And, and in some cases we can auto remediate, right. >> Yeah. >> If, it depends on what the customer's comfortable with, right. But, when I talk to customers about what is their favorite part of what we do it is the auto remediation. >> You know, one of the things on the keynotes, not to, not to go off tangent, one second here but, Kurt who runs platforms at AWS, >> Mm-hmm. >> went on his little baby project that he loves was this automated, automatic reasoning feature. >> Mm-hmm. >> Which essentially is advanced machine learning. >> Right. >> That can connect the dots. >> Yep. >> Not just predict stuff but like actually say this doesn't belong here. >> Right. >> That's advanced computer science. That's heavy duty coolness. >> Mm-hmm. >> So, operationalizing that way, the way you're saying it I'm imagining there's some future stuff coming around the corner. Can you share how you guys are working with AWS specifically? Is it with Amazon? You guys have your own secret sauce for the folks watching. 'Cause this remediation should, it only gets harder. You got to, you have to be smarter on your end, >> Yep. >> with your engineers. What's coming next. >> Oh gosh, I don't know how much of what's coming next I can share with you, except for tighter and tighter integrations with AWS, right. I've been at three meetings already today where we're talking about different AWS services and how we can be more tightly integrated and what's things we want out of their APIs to be able to further enhance what we can offer to our customers. So, there's a lot of those discussions happening right now. >> What, what are some of those conversations like? Without revealing. >> I mean, they have to do with, >> Maybe confidential privilege. >> privileged information. I don't mean like privileged information. >> Yep. I mean like privileges, right, >> Right. >> that are out there. >> Like what you can access, and what you can't. >> What you can, yes. And who and what can access it and what can't. And passing that information on to us, right. To be able to further remediate it for an AWS customer. That's, that's one. You know, things like other AWS services like CloudTrail and you know some of the other scenarios that they're talking about. Like we're, you know, we're getting deeper and deeper and deeper with the AWS services. >> Yeah, it's almost as if Amazon over the past two years in particular has been really tightly integrating as a strategy to enable their partners like you guys >> Mm-hmm. >> to be successful. Not trying to land grab. Is that true? Do you get that vibe? >> I definitely get that vibe, right. Yesterday, we spent all day in a partnership meeting where they were, you know talking about rolling out new services. I mean, they, they are in it to win it with their ecosystem. Not on, not just themselves. >> All right, Denise it's great to have you on theCUBE here as part of re:Inforce. I'll give you the last minute or so to give a plug for the company. You guys hiring? What are you guys looking for? Potential customers that are watching? Why should they buy you? Why are you winning? Give a, give the pitch. >> Yeah, absolutely. So, so yes we are hiring. We're always hiring. I think, right, in this startup world. We're growing and we're looking for talent, probably in every area right now. I know I'm looking for talent on the sales side. And, and again, the, I think the important thing about us is the, the fullness of our solution but the superpower that we have, like I said before around the identity and the data pieces and this is becoming more and more the reality for customers that they're understanding that that is the most important thing to do. And I mean, if they're that, Gartner says it, Forrester says it, like we are one of the, one of the best choices for that. >> Yeah. And you guys have been doing good. We've been following you. Thanks for coming on. >> Thank you. >> And congratulations on your success. And we'll see you at the AWS Startup Showcase in late August. Check out Sonrai Systems at AWS Startup Showcase late August. Here at theCUBE live in Boston getting all the coverage. From the keynotes, to the experts, to the ecosystem, here on theCUBE, I'm John Furrier your host. Thanks for watching. (bright music)

(gentle upbeat music) >> Okay, welcome back everyone to theCUBE's live coverage here in Boston, Massachusetts for AWS RE:INFORCE 22. I'm John Furrier, your host with Dave Vellante co-host of theCUBE, and Shreyans Metah, CTO and founder of Cequence Security. CUBE alumni, great to see you. Thanks for coming on theCUBE. >> Yeah. Thanks for having me here. >> So when we chatted you were part of the startup showcase. You guys are doing great. Congratulations on your business success. I mean, you guys got a good product in hot market. >> Yeah. >> You're here before we get into it. I want to get your perspective on the keynote and the talk tracks here and the show. But for the folks that don't know you guys, explain what you guys, take a minute to explain what you guys do and, and key product. >> Yeah, so we are the unified API protection place, but I mean a lot of people don't know what unified API protection is but before I get into that, just just talking about Cequence, we've been around since 2014. But we are protecting close to 6 billion API transactions every day. We are protecting close to 2 billion customer accounts, more than 2 trillion dollars in customer assets and a hundred million plus sort of, data points that we look at across customer base. That's that's who we are. >> I mean, of course we all know APIs is, is the basis of cloud computing and you got successful companies like Stripe, for instance, you know, you put API and you got a financial gateway, billions of transactions. What's the learnings. And now we're in a mode now where single point of failure is a problem. You got more automation you got more reasoning coming a lot more computer science next gen ML, AI there too. More connections, no perimeter. Right? More and more use cases, more in the cloud. >> Yeah. So what, what we are seeing today is, I mean from six years ago to now, when we started, right? Like the monolith apps are breaking down into microservices, right? What effectively, what that means is like every of the every such microservices talking APIs, right? So what used to be a few million web applications have now become billions of APIs that are communicating with each other. I mean, if you look at the, I mean, you spoke about IOT earlier, I call, I call like a Tesla is an application on four wheels that is communicating to its cloud over APIs. So everything is API yesterday. 80% traffic on internet is APIs. >> Now that's dated transit right there. (laughing) Couldn't resist. >> Yeah. >> Fully encrypted too. >> Yeah. >> Yeah, well hopefully. >> Maybe, maybe, maybe. (laughing) We dunno yet, but seriously everything is talking to an API. >> Yeah. >> Every application. >> Yeah. And, and there is no single choke point, right? Like you spoke about it. Like everybody is hosting their application in the cloud environments of their choice, AWS being one of them. But it's not the only one. Right? The, the, your APIs are hosted behind a CDN. Your APIs are hosted on behind an API gateway behind a load balancer in guest controllers. There is no single. >> So what's the problem? What's the problem now that you're solving? Because one was probably I can imagine connecting people, connecting the APIs. Now you've got more operational data. >> Yeah. >> Potential security hacks? More surface area? What's the what's what are you facing? >> Well, I can speak about some of the, our, some of the well known sort of exploits that have been well published, right. Everybody gets exploited, but I mean some of the well knowns. Now, if you, if you heard about Expedian last year there was a third party API that was exposing your your credit scores without proper authentication. Like Facebook had Ebola vulnerability sometime ago, where people could actually edit somebody else's videos online. Peloton again, a well known one. So like everybody is exposed, right. But that is the, the end results. All right? But it all starts with people don't even know where their APIs are and then you have to secure it all the way. So, I mean, ultimately APIs are prone to business logic attacks, fraud, and that's what, what you need to go ahead and protect. >> So is that the first question is, okay, what APIs do I need to protect? I got to take a API portfolio inventory. Is that? >> Yeah, so I think starting point is where. Where are my APIs? Right, so we spoke about there's no single choke point. Right, so APIs could be in, in your cloud environment APIs could be behind your cloud front, like we have here at RE:INFORCE today. So APIs could be behind your AKS, Ingrid controllers API gateways. And it's not limited to AWS alone, right. So, so knowing the unknown is, is the number one problem. >> So how do I find him? I asked Fred, Hey, where are our API? No, you must have some automated tooling to help me. >> Yeah, so, I, Cequence provides an option without any integration, what we call it, the API spider. Whereas like we give you visibility into your entire API attack surface without any integration into any of these services. Where are your APIs? What's your API attack surface about? And then sort of more details around that as well. But that is the number one. Is that agent list or is that an agent? >> There's no agent. So that means you can just sign up on our portal and then, then, then fire it away. And within a few minutes to an hour, we'll give you complete visibility into where your API is. >> So is it a full audit or is it more of a discovery? >> Or both? >> So, so number one, it's it's discovery, but we are also uncovering some of the potential vulnerabilities through zero knowledge. Right? So. (laughing) So, we've seen a ton of lock for J exposed server still. Like recently, there was an article that lock four J is going to be endemic. That is going to be here. >> Long time. >> (laughs) For, for a very long time. >> Where's your mask on that one? That's the Covid of security. >> Yeah. Absolutely absolutely. So, you need to know where your assets are what are they exposing? So, so that is the first step effectively discovering your attack surface. Yeah. >> I'm sure it's a efficiency issue too, with developers. The, having the spider allows you to at least see what's connecting out there versus having a meeting and going through code reviews. >> Yeah. Right? Is that's another big part of it? >> So, it is actually the last step, but you have, you actually go through a journey. So, so effectively, once you're discovering your assets you actually need to catalog it. Right. So, so I know where they're hosted but what are developers actually rolling out? Right. So they are updating your, the API endpoints on a daily basis, if not hourly basis. They have the CACD pipelines. >> It's DevOps. (laughing) >> Welcome to DevOps. It's actually why we'll do it. >> Yeah, and people have actually in the past created manual ways to catalog their APIs. And that doesn't really work in this new world. >> Humans are terrible at manual catalogization. >> Exactly. So, cataloging is really the next step for them. >> So you have tools for that that automate that using math, presumably. >> Exactly. And then we can, we can integrate with all these different choke points that we spoke about. There's no single choke points. So in any cloud or any on-prem environment where we actually integrate and give you that catalog of your APIs, that becomes your second step really. >> Yeah. >> Okay, so. >> What's the third step? There's the third step and then compliance. >> Compliance is the next one. So basically catalog >> There's four steps. >> Actually, six. So I'll go. >> Discovery, catalog, then compliance. >> Yeah. Compliance is the next one. So compliance is all about, okay, I've cataloged them but what are they really exposing? Right. So there could be PII information. There could be credit card, information, health information. So, I will treat every API differently based on the information that they're actually exposing. >> So that gives you a risk assessment essentially. >> Exactly. So you can, you can then start looking into, okay. I might have a few thousand API endpoints, like, where do I prioritize? So based on the risk exposure associated with it then I can start my journey of protecting so. >> That that's the remediation that's fixing it. >> Okay. Keep going. So that's, what's four. >> Four. That was that one, fixing. >> Yeah. >> Four is the risk assessment? >> So number four is detecting abuse. >> Okay. >> So now that I know my APIs and each API is exposing different business logic. So based on the business you are in, you might have login endpoints, you might have new account creation endpoint. You might have things around shopping, right? So pricing information, all exposed through APIs. So every business has a business logic that they end up exposing. And then the bad guys are abusing them. In terms of scraping pricing information it could be competitors scraping pricing. They will, we are doing account take. So detecting abuse is the first step, right? The fifth one is about preventing that because just getting visibility into abuse is not enough. I should be able to, to detect and prevent, natively on the platform. Because if you send signals to third party platforms like your labs, it's already too late and it's too course grain to be able to act on it. And the last step is around what you actually spoke about developers, right? Like, can I shift security towards the left, but it's not about shifting left. Just about shifting left. You obviously you want to bring in security to your CICD pipelines, to your developers, so that you have a full spectrum of API securities. >> Sure enough. Dave and I were talking earlier about like how cloud operations needs to look the same. >> Yeah. >> On cloud premise and edge. >> Yes. Absolutely. >> Edge is a wild card. Cause it's growing really fast. It's changing. How do you do that? Cuz this APIs will be everywhere. >> Yeah. >> How are you guys going to reign that in? What's the customers journey with you as they need to architect, not just deploy but how do you engage with the customer who says, "I have my environment. I'm not going to be to have somebody on premise and edge. I'll use some other clouds too. But I got to have an operating environment." >> Yeah. "That's pure cloud." >> So, we need, like you said, right, we live in a heterogeneous environment, right? Like effectively you have different, you have your edge in your CDN, your API gateways. So you need a unified view because every gateway will have a different protection place and you can't deal with 5 or 15 different tools across your various different environments. So you, what we provide is a unified view, number one and the unified way to protect those applications. So think of it like you have a data plane that is sprinkled around wherever your edges and gateways and risk controllers are and you have a central brains to actually manage it, in one place in a unified way. >> I have a computer science or computer architecture question for you guys. So Steven Schmidt again said single controls or binary states will fail. Obviously he's talking from a security standpoint but I remember the days where you wanted a single point of control for recovery, you talked about microservices. So what's the philosophy today from a recovery standpoint not necessarily security, but recovery like something goes wrong? >> Yeah. >> If I don't have a single point of control, how do I ensure consistency? So do I, do I recover at the microservice level? What's the philosophy today? >> Yeah. So the philosophy really is, and it's very much driven by your developers and how you want to roll out applications. So number one is applications will be more rapidly developed and rolled out than in the past. What that means is you have to empower your developers to use any cloud and serverless environments of their choice and it will be distributed. So there's not going to be a single choke point. What you want is an ability to integrate into that life cycle and centrally manage that. So there's not going to be a single choke point but there is going to be a single control plane to manage them off, right. >> Okay. >> So you want that unified, unified visibility and protection in place to be able to protect these. >> So there's your single point of control? What about the company? You're in series C you've raised, I think, over a hundred million dollars, right? So are you, where are you at? Are you scaling now? Are you hiring sales people or you still trying to sort of be careful about that? Can you help us understand where you're at? >> Yeah. So we are absolutely scaling. So, we've built a product that is getting, that is deployed already in all these different verticals like ranging from finance, to detail, to social, to telecom. Anybody who has exposure to the outside world, right. So product that can scale up to those demands, right? I mean, it's not easy to scale up to 6 billion requests a day. So we've built a solid platform. We've rolled out new products to complete the vision. In terms of the API spider, I spoke about earlier. >> The unified, >> The unified API protection covers three aspects or all aspects of API life cycle. We are scaling our teams from go to market motion. We brought in recently our chief marketing officer our chief revenue officer as well. >> So putting all the new, the new pieces in place. >> Yeah. >> So you guys are like API observability on steroids. In a way, right? >> Yeah, absolutely. >> Cause you're doing the observability. >> Yes. >> You're getting the data analysis for risk. You're having opportunities and recommendations around how to manage the stealthy attacks. >> From a full protection perspective. >> You're the API store. >> Yeah. >> So you guys are what we call best of breed. This is a trend we're seeing, pick something that you're best in breed in. >> Absolutely. >> And nail it. So you're not like an observability platform for everything. >> No. >> You guys pick the focus. >> Specifically, APS. And, so basically your, you can have your existing tools in place. You will have your CDN, you will have your graphs in place. So, but for API protection, you need something specialized and that stuff. >> Explain why I can't just rely on CDN infrastructure, for this. >> So, CDNs are, are good for content delivery. They do your basic TLS, and things like that. But APIs are all about your applications and business that you're exposing. >> Okay, so you, >> You have no context around that. >> So, yeah, cause this is, this is a super cloud vision that we're seeing of structural change in the industry, a new thing that's happening in real time. Companies like yours are be keeping a focus and nailing it. And now the customer's can assemble these services and company. >> Yeah. - Capabilities, that's happening. And it's happening like right now, structural change has happened. That's called the cloud. >> Yes. >> Cloud scale. Now this new change, best of brief, what are the gaps? Because I'm a customer. I got you for APIs, done. You take the complexity away at scale. I trust you. Where are the other gaps in my architecture? What's new? Cause I want to run cloud operations across all environments and across clouds when appropriate. >> Yeah. >> So I need to have a full op where are the other gaps? Where are the other best of breed components that need to be developed? >> So it's about layered, the layers that you built. Right? So, what's the thing is you're bringing in different cloud environments. That is your infrastructure, right? You, you, you either rely on the cloud provider for your security around that for roll outs and operations. Right? So then is going to be the next layer, which is about, is it serverless? Is it Kubernetes? What about it? So you'll think about like a service mesh type environment. Ultimately it's all about applications, right? That's, then you're going to roll out those applications. And that's where we actually come in. Wherever you're rolling out your applications. We come in baked into that environment, and for giving you that visibility and control, protection around that. >> Wow, great. First of all, APIs is the, is what cloud is based on. So can't go wrong there. It's not a, not a headwind for you guys. >> Absolutely. >> Great. What's a give a quick plug for the company. What are you guys looking to do hire? Get customers who's uh, when, what, what's the pitch? >> So like I started earlier, Cequence is around unified API protection, protecting around the full life cycle of your APIs, ranging from discovery all the way to, to testing. So, helping you throughout the, the life cycle of APIs, wherever those APIs are in any cloud environment. On-prem or in the cloud in your serverless environments. That's what Cequence is about. >> And you're doing billions of transactions. >> We're doing 6 billion requests every day. (laughing) >> Which is uh, which is, >> A lot. >> Unheard for a lot of companies here on the floor today. >> Sure is. Thanks for coming on theCUBE, sure appreciate it. >> Yeah. >> Good, congratulations to your success. >> Thank you. >> Cequence Security here on theCUBE at RE:INFORCE. I'm chatting with Dave Vellante, more coverage after this short break. (upbeat, gentle music)