>> Announcer: From the Silicon Valley Media Office in Boston, Massachusetts, it's The Cube! Now, here's your host, Dave Vellante. >> Hi, everybody, welcome to a special Silicon Angle, The Cube on the ground. We're going to be talking about data capital with Paul Sonderegger, who is a big data strategist at Oracle, and he leads Oracle's data capital initiative. Paul, thanks for coming in, welcome to The Cube. >> Thank you, Dave, it's good to be here. >> So data capital, it's a topic that's gaining a lot of momentum, people talking about data value, they've talked about that for years, but what is data capital? >> Well, what we're saying with data capital, is that data fulfills the literal economic textbook definition of capital. Capital is a produced good, as opposed to a natural resource that you have to invest to create it, and it is then an necessary input into some other good or service. So when we define data capital, we say that data capital is the recorded information necessary to produce a good or service. Which is really boring, so let me give you an example. So imagine, picture a retailer. A retailer wants to go into a new market. To do that, the retailer has to expand its inventory, it has to extend its supply chain, it has to buy property, all of these kinds of investments. If it lacks the financial capital to make all of those investments, it can't go, cannot go into that new region. By the same token, if this retailer wants to create a new dynamic pricing algorithm, or a new recommendation engine, but lacks the data to feed those algorithms, it cannot create that ability. It cannot provide that service. Data is now a kind of capital. >> And for years, data was viewed by a lot of organizations, particularly general counsel, as a liability, and then the big data meme sort of took off and all of a sudden, data becomes an asset. Are organizations viewing data as an asset? >> A lot of organizations are starting to view data as an asset, even though they can't account for it that way. So by current accounting standards, companies are not allowed to treat the money that they spend on developing information, on capturing data, as an asset. However, what you see with these online consumer services, the ones that we know, Uber, Airbnb, Netflix, Linkedin, these companies absolutely treat data as an asset. They treat it, not just as a record of what happened, but as a raw material for creating new digital products and services. >> You too, you tweeted out an article recently on Uber, and Uber lost about, what is it? 1.2 billion- >> At least. >> Over six months, at least. >> At least. >> And then the article calculated how much it was actually paid, I mean basically, the conclusion was it paid 1.2 billion for data. >> Yeah. >> It was about $1.20 per data for ride record, which actually is not a bad deal, when you think about it that way. >> Well, that's the thing, it's not a bad deal when you consider that the big picture they have in view is the global market for personal transportation, which The Economist estimates is about 10 trillion dollars annually. Well, to go after a 10 trillion dollar market, if you can build up a unique stock of data capital, of a billion records at about a billion dollars per record, that's probably a pretty good deal, yeah. >> So, money obviously is fungible, it's currency. Data is not a currency, but digital data is fungible, right, I mean, you can use data in a lot of different ways, can't you? >> No, no, it's, and this actually is a really important point, it's a really important point. Data is actually not fungible. This is part of data's curious economic identity. So data, contrary to popular wisdom, data is not abundant. Data consists of countless unique observations, and one of the issues here is that, two pieces of data are usually not fungible. You can't replace one with the other because they carry different information. They carry different semantics. So just to make it very, very concrete, one of the things that we see now, a huge use of data capital is in fraud detection. And one of our customers handles the fraud detection for person-to-person mobile payments. So say you go away for a weekend with a friend, you come back, you want to split the tab, and you just want to make a payment directly to the other person. You do this through your phone. Those transactions, that account to account transfer, gets checked for possible fraudulent activity in the moment, as it happens, and there is a scoring algorithm that sniffs those transactions and gives it a score to indicate whether or not it may be fraudulent or if it's legitimate. Well, this company, they use the information they capture about whether their algorithm captured, caught, all of the fraudulent transactions or missed some, and whether that algorithm mistakenly flagged legitimate transactions as fraudulent. They capture all of those false positives and false negatives, feed it back into the system, and improve the performance of the algorithm for the next go around. Here's why this matters: the data created by that algorithm about its own performance, is a proprietary asset. It is unique. And no other data with substitute for it. And in that way, it becomes the basis for a sustainable competitive advantage. >> It's a great example. So the algorithm maybe is free, you can grab an algorithm, it's how you apply it that is proprietary, and now, okay, so we've established that the data is not fungible. But digital data doesn't necessarily have high asset specificity. Do you agree with that? In other words, I can use data in different ways, if it's digital. Yeah, absolutely, as a matter of fact, this is one of the other characteristics of data. It is non-rivalrous, is what economists would call it. And this means that two parties can use the same piece of data at the same time. Which is not the case with, say, a tractor. One guy on a tractor means that none of the other people can ride that tractor. Data's not like that. So data can be put to multiple uses simultaneously. And what becomes very interesting is that different uses of data can command different prices. There's actually a project going on right now where Harvard Law School is scanning and digitizing the entire collection of US case law. Now this is The Law, the law that we all as Americans are bound to. Yet, it is locked up in a way, in just, in all of these 43,000 books. Well, Harvard and a startup called Ravel Law, they are working on scanning and digitizing this data, which can then be searched, for free, all of these, you can search this entire body of case law, for free, so you can go in and search "privacy," for example, and see all of the judgements that mention privacy over the entire history of US case law. But, if you want, for example, to analyze how different judges, current sitting judges, rule on cases related to privacy, well, that's a service that you would pay for from Ravel. The exact same data, their algorithms are working on the same body of data. You can search it for free, but the analysis that you might want on that same data, you can only get for a fee. So different uses of data can command different prices. >> So, some excellent examples there. What are the implications of all of this for competitive strategies, what should companies, how should they apply this for competitive strategies? >> Well, when we think about competitive strategy with data capital, we think in terms of three principles of data capital, is what we call them. The first one is that data comes from activity. The second one is, data tends to make more data, and the third is that platforms tend to win. So these three principles, even if we just run through them in their turn, the first one, data comes from activity, this means that, in order to capture data, your company has to be part of the activity that produces it at the time that activity happens. And the competitive strategy implication here is that, if your company is not part of that activity when it happens, your chance to capture its data is lost, forever. And so this means that interactions with customers are critical targets to digitize and datify before the competition gets in there and shuts you out. The second principle, data tends to make more data, this is what we were talking about with algorithms. Analytics are great, they're very important, analytics provide information to people so that they can make better choices, but the real action is in algorithms. And here is where you're feeding your unique stock of data capital to algorithms, that not only act on that data, but create data about their own performance, that then improve their future performance, and that data capital flywheel becomes a competitive advantage that's very hard to catch. The third principle is that platforms tend to win. So platforms are common in information-intensive industries, we see them with a credit card, for example, we see them in financial services. A credit card is a payment platform between consumers on the one side, merchants on the other. A video game console is a platform between developers on the one side and gamers on the other. The thing about platform competition is that it tends to lead toward a winner-take-all outcome. Not always, but that's how it tends to go. And with the digitization and datification of more activities, platform competition is coming for industries that have never seen it before. >> So platform beats product, but it's winner-take-all, or number two maybe breaks even, right? >> That tends to be the way it goes. >> And number three loses money, okay. The first point you were making about, you've got to be there when the transaction occurs, you've got to show up. The second one's interesting, data tends to make more data. So, and you talked about algorithms and improving and fine-tuning in that feedback loop. I would imagine customers are challenged in terms of investments, do they spend money on acquiring more data, or do they spend money on improving their algorithms, and then the answer is got to do both, but budgets are limited. How are customers dealing with that challenge? >> Well, prioritization becomes really critical here. So not all data is created equal, but it's very difficult to know which data will be more valuable in the future. However, there are ways to improve your guess. And one of the best ways is to, go after data that your competition could get as well. So this is data that comes from activities with customers. Data from activities with suppliers, with partners. Those are all places where the competition could also try to digitize and datify those activities. So companies should really look outside their own four walls. But the next part, you know, figuring out, what do you do with it? This is where companies really need to take a page out of actual science as they approach data science, and science is all about argument. It's all about experimentation, testing, and keeping the hypotheses that are proven and discarding the ones that are disproven. What this means is that companies need a data lab environment, where they can cut the time, the cost, the effort, of forming and testing new hypotheses, getting new answers to new questions from their data. >> Okay, so, data has value, you've got to prioritize. How do you actually value the data so that I can prioritize and figure out what I should be focusing on in the lab and in production? >> Yeah, well, the basic answer is to go where the money is. So there are a couple things you can do with data. One is that you can improve your operational effectiveness, and so here, you should go look at your big cost areas, and focus your limited data science and managerial resources on trying to figure out, hey, can we become more efficient in whatever your big cost driver is? If it's shipping and logistics, if it's inventory management, if it's customer acquisition, if it's marketing and advertising, so that's one way to go. The next big thing that you can do with data is try to create a new product or service, a new ... create new value in a way that generates revenue. Here, there is a little caveat, which is that, companies may also want to consider creating new capabilities, maybe enriching the customer experience, making connections across multiple channels, that they can't actually charge for, not today. But, what they get, is data that no one else has. What they get from, let's say, making an investment into, bring together the in-store shopping experience with the, with the targeted emails, with, with communication through social feeds and through Twitter. Let's say that they invest in trying to tie that data together, to get a richer picture of their consumers' behavior. They might not be able to charge for that today. But, they may get insight into the way that shopping experience works that no one else can see, which then leads to a value-added service tomorrow. And I know it all sounds very speculative, but this is basically the nature of prototyping, of new product creation. >> Well, Uber's overused as an example, but this is a good application of Uber because they, essentially they pay for driver acquisition, which doesn't scale well. >> Yeah. >> But they get data. >> That's right. >> Because they're there at the point of the transaction and the activity and they've got data that nobody else has. >> Yeah, yeah, that's exactly right, and, you know, one of the ways to think about that is that, you're like a blackjack player, counting cards, and every time you play a hand as a company, you get data, information that may help you improve your future bets. This is why Vegas kicks out card counters, because it's an advantage for the future. But what we're talking about here, in digitizing activity with customers, every time you capture data about your interaction with those customers, you gain something simply for having carried out that activity. >> And so, thinking about, back to value for a minute, I mean I can envision some kind of value flow methodology where you assess the data intensity of the activity, and then assign some kind of, I don't know, score or a value to that activity, and then you can then look at that in relation to other activities. Is that a viable approach? >> It absolutely is. What companies need here is a new way to measure how much data they've got, how much they use, and then ascribe ... value created, you know, by that data. So the, how much they've got, you know, we can think about this, we always talk in terms of gigabytes and petabytes. But really we need some finer measurements. Data is an observation about something in the real world. And so, companies should start to think about measuring their data in terms of observations, in terms of attribute-value pairs. So even thinking about the record captured per activity, that's not enough. Companies should start thinking in terms of, how many columns are in that record? How many attributes are captured in these observations we make from that activity? The next issue, you know, how much do they use? Well, now, companies need to look at, how many of these observations are being touched, are being tapped by queries? Whether they're automatically generated, whether they are generated ad hoc by some data scientist, rooting around for some new understanding. So there's a set of questions there about, what percentage of these observations we possess are we actually using in queries of some kind? And then the third piece, how much value do we create from it? This is where ... This is a tough one, and it's really an estimation. It's, most likely what we need here is a new method for attributing the, profitabilty of a particular business unit to its use of that data. And I realize this is an estimation, but this is, there's a precedent for this in brand valuation, this is the coin of the realm when you're talking about putting a value to intangible assets. >> Well, as long as you're consistently applying that methodology across your portfolio, then, then at least you've got a relative measure and you can get back to prioritization, which is a key factor here. Is there an underlying technical architecture that has to be in place to take advantage of all this data capital momentum? >> There is, there is, companies are moving toward a hybrid cloud, big data architecture. >> What does that mean? >> It means that almost all the buzzwords are used, and we're going to need new ones. No, what it means is that, companies are going to find themselves in a situation where some of their computing activities, storage, processing, application execution, analytics, some of those activities will take place in a public cloud environment, some of it will take place within their own data centers, reconfigured to act as private clouds. And there are lots of potential reasons for this. There could be, companies have to deal with, not only existing regulations, which sometimes will prevent them from putting data up into a cloud, but they are also going to have to deal with regulatory arbitrage, maybe the regulations will change, or maybe they've got agreements with partners that are embodied in service level agreements that again require them to keep the data under their own observation. Even in that case, even in that case, the business still wants to consume all of those computing resources inside the data center as if they were services. The business doesn't care where they come from. And so this is one of the things that Oracle is providing, is an architecture for Oracle public cloud, and private cloud in the data center. It is the same on both sides of the wire. And in fact, can even be purchased in the same way so that even these, this Oracle cloud at customer, these machines, they are purchased on a subscription basis, just as public cloud capabilities are. And the reason this is good is because it allows IT leaders to provide to the business, computing capabilities, storage capabilities, you know, as needed, that can be consumed as services, regardless of where they come from. >> Yeah, so you've got the data locality issue, which is speed of light problems, you don't want to move data, then you've got compliance and governance, and you're saying, that hybrid approach allows you to have the cake and eat it, too. >> Yeah. >> Essentially. Are there other sort of benefits to taking this approach? >> Well, one of the, you know, the, one of the other pieces that we should talk about here is the big data aspect, and really what that means is, that, relational, Hadoop, NoSQL, graph database, repositories, they're all going to, they're all peers. They're all peers now, and, you know, this is Oracle's perspective, and as I'm sure you know, Oracle makes a relational database, it's very popular. Yeah, we've been doing it for a while, we're pretty good at it. Oracle's perspective on the future of data management is that Hadoop, NoSQL, graph, relational, all of these methods of data management will be peers and act together in a single high-performance enterprise system. And here's why. The reason is that, as our customers digitize and datify more of their activities, more of the world, they're creating data that's born in shapes and formats that don't necessarily lend themselves to a relational representation. It's more convenient to hold them in a Hadoop file system, and it's more convenient to hold them in just a great big key value store like NoSQL. And yet, they would like to use these data sources as if they were in the same system and not really have to worry about where they are. And we see this with, we see this with telecom providers who want to combine call data records with customer, warehouse, you know, customer data in the data warehouse. We see it with financial services companies who want to do a similar thing of combining research with portfolio investments records of what their high net worth customers have invested, with transaction data from the equities markets. So we see this polyglot future, the future of all of these different data management technologies, and their applications in the analytics built on top, working together, and existing in this hybrid cloud environment. >> So that's different than the historical Oracle, at least perceived messaging, where a lot of people believe that Oracle sees its Oracle database as a hammer, and every opportunity is a nail. You're telling a completely different story now. >> Well, it turns out there are many nails. So, you know, the hammer's still a good thing, but it turns out that, you know, there are also brads and tacks and Philips and flathead screwdrivers too. And this is just one of the consequences of our customers creating more kinds of data. Images, audio, JSON, XML, you know, spectrographic images from drones that are analyzing how much green is in a photograph because that indicates the chlorophyll content. We know, we know that our customers' ability to compete is based on how they create value from data capital. And so Oracle is in the business of making the things that make data more valuable, and we want to reinvent enterprise computing as a set of services that are easier to buy and use. >> And SQL is the lowest common denominator there, because of the skill sets that are available, is that right or? >> Well, it's funny, it's not necessarily a lowest common denominator, it turns out it's just incredibly useful. (laughs) Sequel is not just a technology standard, it's actually, in a manner of speaking, it's sort of a thinking standard. SQL is based on literally hundreds of years of hard thinking about how to think straight. You can trace SQL back to predicate logic, which was one of the critical ideas in the renaissance of mathematics and logic in the 1800s. So SQL embodies this way to think about, to think logically, to think about the attributes of things and their values and to reason about them in an automated fashion. And that is not going away, that in fact is going to become more powerful, more useful. >> Business processes are wired to that way of thinking, is what you're saying. >> That's exactly right. If you want to improve your operational effectiveness as a company, you're going to have to standardize some of your procedures and automate them, and that means you're going to standardize the information component of those activities. You can automate them better. And you're going to want to ask questions about, how's it going? And SQL is incredibly useful for doing that. >> So we went way over our time, this is very interesting discussion, but I have to ask you, what is it you do at Oracle? Do you work with customers to help them understand data strategies and catalyze new thinking? What's your day-to-day like? >> Yeah, I do a lot of this, a lot of telling the story, because we're in a huge time of change. Every 20 years or so, the IT industry goes through an architectural shift, and that changes, not just the technologies used to create value from data, but it changes the very value created from data itself. It changes what you can do with information. So, I spend a lot of time explaining these ideas of data capital, and sitting down with executives at our customers, helping them understand how to look out at the world and see the data that is not there yet, and what that means for the way that they compete, and then we talk through the competitive strategies that follow from that, and the technical architecture required to execute those strategies. >> Excellent. Well, Paul, thanks very much for sharing your knowledge with our Cube audience and coming into the Silicon Angle Media Studios here at Marlborough. >> Well, it's my pleasure. Thanks for having me. >> All right, you're welcome. Okay, thanks for watching, everybody. This is The Cube, Silicon Angle Media's special on the ground production. We'll see you next time. (peppy synth music)

>> Hey everyone. Welcome back to theCUBE's coverage day two of CloudNative Security CON 23. Lisa Martin here in studio in Palo Alto with John Furrier. John, we've had some great conversations. I've had a global event. This was a global event. We had Germany on yesterday. We had the Boston Studio. We had folks on the ground in Seattle. Lot of great conversations, a lot of great momentum at this event. What is your number one takeaway with this inaugural event? >> Well, first of all, our coverage with our CUBE alumni experts coming in remotely this remote event for us, I think this event as an inaugural event stood out because one, it was done very carefully and methodically from the CNCF. I think they didn't want to overplay their hand relative to breaking out from CUBE CON So Kubernetes success and CloudNative development has been such a success and that event and ecosystem is booming, right? So that's the big story is they have the breakout event and the question was, was it a good call? Was it successful? Was it going to, would the dog hunt as they say, in this case, I think the big takeaway is that it was successful by all measures. One, people enthusiastic and confident that this has the ability to stand on its own and still contribute without taking away from the benefits and growth of Kubernetes CUBE CON and CloudNative console. So that was the key. Hallway conversations, the sessions all curated and developed properly to be different and focused for that reason. So I think the big takeaway is that the CNCF did a good job on how they rolled this out. Again, it was very intimate event small reminds me of first CUBE CON in Seattle, kind of let's test it out. Let's see how it goes. Again, clearly it was people successful and they understood why they're doing it. And as we commented out in our earlier segments this is not something new. Amazon Web Services has re:Invent and re:Inforce So a lot of parallels there. I see there. So I think good call. CNCF did the right thing. I think this has legs. And then as Dave pointed out, Dave Vellante, on our last keynote analysis was the business model of the hackers is better than the business model of the industry. They're making more money, it costs less so, you know, they're playing offense and the industry playing defense. That has to change. And as Dave pointed out we have to make the cost of hacking and breaches and cybersecurity higher so that the business model crashes. And I think that's the strategic imperative. So I think the combination of the realities of the market globally and open source has to go faster. It's good to kind of decouple and be highly cohesive in the focus. So to me that's the big takeaway. And then the other one is, is that there's a lot more security problems still unresolved. The emphasis on developers productivity is at risk here, if not solved. You saw supply chain software, again, front and center and then down in the weeds outside of Kubernetes, things like BIND and DNS were brought up. You're seeing the Linux kernel. Really important things got to be paid attention to. So I think very good call, very good focus. >> I would love if for us to be able to, as the months go on talk to some of the practitioners that actually got to attend. There were 72 sessions, that's a lot of content for a small event. Obviously to your point, very well curated. We did hear from some folks yesterday who were just excited to get the community back together in person. To your point, having this dedicated focus on CloudNativesecurity is incredibly important. You talked about, you know, the offense defense, the fact that right now the industry needs to be able to pivot from being on defense to being on offense. This is a challenging thing because it is so lucrative for hackers. But this seems to be from what we've heard in the last couple days, the right community with the right focus to be able to make that pivot. >> Yeah, and I think if you look at the success of Kubernetes, 'cause again we were there at theCUBE first one CUBE CON, the end user stories really drove end user participation. Drove the birth of Kubernetes. Left some of these CloudNative early adopters early pioneers that were using cloud hyperscale really set the table for CloudNative CON. I think you're seeing that here with this CloudNative SecurityCON where I think we're see a lot more end user stories because of the security, the hairs on fire as we heard from Madrona Ventures, you know, as they as an investor you have a lot of use cases out there where customers are leaning in with getting the rolling up their sleeves, working with open source. This has to be the driver. So I'm expecting to see the next level of SecurityCON to be end user focused. Much more than vendor focused. Where CUBECON was very end user focused and then attracted all the vendors in that grew the industry. I expect the similar pattern here where end user action will be very high at the beginning and that will essentially be the rising tide for the vendors to be then participating. So I expect almost a similar trajectory to CUBECON. >> That's a good path that it needs to all be about all the end users. One of the things I'm curious if what you heard was what are some of the key factors that are going to move CloudNative Security forward? What did you hear the last two days? >> I heard that there's a lot of security problems and no one wants to kind of brag about this but there's a lot of under the hood stuff that needs to get taken care of. So if automation scales, and we heard that from one of the startups we've just interviewed. If automation and scale continues to happen and with the business model of the hackers still booming, security has to be refactored quickly and there's going to be an opportunity structurally to use the cloud for that. So I think it's a good opportunity now to get dedicated focus on fixing things like the DNS stuff old school under the hood, plumbing, networking protocols. You're going to start to see this super cloud-like environment emerge where data's involved, everything's happening and so security has to be re imagined. And I think there's a do over opportunity for the security industry with CloudNative driving that. And I think this is the big thing that I see as an opportunity to, from a story standpoint from a coverage standpoint is that it's a do-over for security. >> One of the things that we heard yesterday is that there's a lot of it, it's a pretty high percentage of organizations that either don't have a SOCK or have a very primitive SOCK. Which kind of surprised me that at this day and age the risks are there. We talked about that today's focus and the keynote was a lot about the software supply chain and what's going on there. What did you hear in terms of the appetite for organizations through the voice of the practitioner to say, you know what guys, we got to get going because there's going to be the hackers are they're here. >> I didn't hear much about that in the coverage 'cause we weren't in the hallways. But from reading the tea leaves and talking to the folks on the ground, I think there's an implied like there's an unlimited money from customers. So it's a very robust from the data infrastructure stack building we cover with the angel investor Kane you're seeing data infrastructure's going to be part of the solution here 'cause data and security go hand in hand. So everyone's got basically checkbook wide open everyone wants to have the answer. And we commented that the co-founder of Palo Alto you had on our coverage yesterday was saying that you know, there's no real platform, there's a lot of tools out there. People will buy anything. So there's still a huge appetite and spend in security but the answer's not going to more tool sprawling. It's going to more platform auto, something that enables automation, fix some of the underlying mechanisms involved and fix it fast. So to me I think it's going to be a robust monetary opportunity because of the demand on the business side. So I don't see that changing at all and I think it's going to accelerate. >> It's a great point in terms of the demand for the business side because as we know as we said yesterday, the next Log4j is out there. It's not a matter of if this happens again it's when, it's the extent, it's how frequent we know that. So organizations all the way up to the board have to be concerned about brand reputation. Nobody wants to be the next big headline in terms of breaches and customer data being given to hackers and hackers making all this money on that. That has to go all the way up to the board and there needs to be alignment between the board and the executives at the organization in terms of how they're going to deal with security, and now. This is not a conversation that can wait. Yeah, I mean I think the five C's we talked about yesterday the culture of companies, the cloud is an enabler, you've got clusters of servers and capabilities, Kubernetes clusters, you've got code and you've got all kinds of, you know, things going on there. Each one has elements that are at risk for hacking, right? So that to me is something that's super important. I think that's why the focus on security's different and important, but it's not going to fork the main event. So that's why I think the spin out was, spinout, or the new event is a good call by the CNCF. >> One of the things today that struck me they're talking a lot about software supply chain and that's been in the headlines for quite a while now. And a stat that was shared this morning during the keynote just blew my brains that there was a 742% increase in the software supply chain attacks occurring over the last three years. It's during Covid times, that is a massive increase. The threat landscape is just growing so amorphously but organizations need to help dial that down because their success and the health of the individuals and the end users is at risk. Well, Covid is an environment where everyone's kind of working at home. So there was some disruption to infrastructure. Also, when you have change like that, there's opportunities for hackers, they'll arbitrage that big time. But I think general the landscape is changing. There's no perimeter anymore. It's CloudNative, this is where it is and people who are moving from old IT to CloudNative, they're at risk. That's why there's tons of ransomware. That's why there's tons of risk. There's just hygiene, from hygiene to architecture and like Nick said from Palo Alto, the co-founder, there's not a lot of architecture in security. So yeah, people have bulked up their security teams but you're going to start to see much more holistic thinking around redoing security. I think that's the opportunity to propel CloudNative, and I think you'll see a lot more coming out of this. >> Did you hear any specific information on some of the CloudNative projects going on that really excite you in terms of these are the right people going after the right challenges to solve in the right direction? >> Well I saw the sessions and what jumped out to me at the sessions was it's a lot of extensions of what we heard at CUBECON and I think what they want to do is take out the big items and break 'em out in security. Kubescape was one we just covered. They want to get more sandbox type stuff into the security side that's very security focused but also plays well with CUBECON. So we'll hear more about how this plays out when we're in Amsterdam coming up in April for CUBECON to hear how that ecosystem, because I think it'll be kind of a relief to kind of decouple security 'cause that gives more focus to the stakeholders in CUBECON. There's a lot of issues going on there and you know service meshes and whatnot. So it's a lot of good stuff happening. >> A lot of good stuff happening. One of the things that'll be great about CUBECON is that we always get the voice of the customer. We get vendors coming on with the voice of the customer talking about and you know in that case how they're using Kubernetes to drive the business forward. But it'll be great to be able to pull in some of the security conversations that spin out of CloudNative Security CON to understand how those end users are embracing the technology. You brought up I think Nir Zuk from Palo Alto Networks, one of the themes there when Dave and I did their Ignite event in December was, of 22, was really consolidation. There are so many tools out there that organizations have to wrap their heads around and they need to be able to have the right enablement content which this event probably delivered to figure out how do we consolidate security tools effectively, efficiently in a way that helps dial down our risk profile because the risks just seem to keep growing. >> Yeah, and I love the technical nature of all that and I think this is going to be the continued focus. Chris Aniszczyk who's the CTO listed like E and BPF we covered with Liz Rice is one of the most three important points of the conference and it's just, it's very nerdy and that's what's needed. I mean it's technical. And again, there's no real standards bodies anymore. The old days developers I think are super important to be the arbiters here. And again, what I love about the CNCF is that they're developer focused and we heard developer first even in security. So you know, this is a sea change and I think, you know, developers' choice will be the standards bodies. >> Lisa: Yeah, yeah. >> They decide the future. >> Yeah. >> And I think having the sandboxing and bringing this out will hopefully accelerate more developer choice and self-service. >> You've been talking about kind of putting the developers in the driver's seat as really being the key decision makers for a while. Did you hear information over the last couple of days that validates that? >> Yeah, absolutely. It's clearly the fact that they did this was one. The other one is, is that engineering teams and dev teams and script teams, they're blending together. It's not just separate silos and the ones that are changing their team dynamics, again, back to the culture are winning. And I think this has to happen. Security has to be embedded everywhere in making it frictionless and to provide kind of the guardrail so developers don't slow down. And I think where security has become a drag or an anchor or a blocker has been just configuration of how the organization's handling it. So I think when people recognize that the developers are in charge and they're should be driving the application development you got to make sure that's secure. And so that's always going to be friction and I think whoever does it, whoever unlocks that for the developer to go faster will win. >> Right. Oh, that's what I'm sure magic to a developer's ear is the ability to go faster and be able to focus on co-development in a secure fashion. What are some of the things that you're excited about for CUBECON. Here we are in February, 2023 and CUBECON is just around the corner in April. What are some of the things that you're excited about based on the groundswell momentum that this first inaugural CloudNative Security CON is generating from a community, a culture perspective? >> I think this year's going to be very interesting 'cause we have an economic challenge globally. There's all kinds of geopolitical things happening. I think there's going to be very entrepreneurial activity this year more than ever. I think you're going to see a lot more innovative projects ideas hitting the table. I think it's going to be a lot more entrepreneurial just because the cycle we're in. And also I think the acceleration of mainstream deployments of out of the CNCF's main event CUBECON will happen. You'll see a lot more successes, scale, more clarity on where the security holes are or aren't. Where the benefits are. I think containers and microservices are continuing to surge. I think the Cloud scale hyperscale as Amazon, Azure, Google will be more aggressive. I think AI will be a big theme this year. I think you can see how data is going to infect some of the innovation thinking. I'm really excited about the data infrastructure because it powers a lot of things in the Cloud. So I think the Amazon Web Services, Azure next level gen clouds will impact what happens in the CloudNative foundation. >> Did you have any conversations yesterday or today with respect to AI and security? Was that a focus of anybody's? Talk to me about that. >> Well, I didn't hear any sessions on AI but we saw some demos on stage. But they're teasing out that this is an augmentation to their mission, right? So I think a lot of people are looking at AI as, again, like I always said there's the naysayers who think it's kind of a gimmick or nothing to see here, and then some are just going to blown away. I think the people who are alpha geeks and the industry connect the dots and understand that AI is going to be an accelerant to a lot of heavy lifting that was either manual, you know, hard to do things that was boring or muck as they say. I think that's going to be where you'll see the AI stories where it's going to accelerate either ways to make security better or make developers more confident and productive. >> Or both. >> Yeah. So definitely AI will be part of it. Yeah, definitely. One of the things too that I'm wondering if, you know, we talk about CloudNative and the goal of it, the importance of it. Do you think that this event, in terms of what we were able to see, obviously being remote the event going on in Seattle, us being here in Palo Alto and Boston and guests on from Seattle and Germany and all over, did you hear the really the validation for why CloudNative Security why CloudNative is important for organizations whether it's a bank or a hospital or a retailer? Is that validation clear and present? >> Yeah, absolutely. I think it was implied. I don't think there was like anyone's trying to debate that. I think this conference was more of it's assumed and they were really trying to push the ability to make security less defensive, more offensive and more accelerated into the solving the problems with the businesses that are out there. So clearly the CloudNative community understands where the security challenges are and where they're emerging. So having a dedicated event will help address that. And they've got great co-chairs too that put it together. So I think that's very positive. >> Yeah. Do you think, is it possible, I mean, like you said several times today so eloquently the industry's on the defense when it comes to security and the hackers are on the offense. Is it really possible to make that switch or obviously get some balances. As technology advances and industry gets to take advantage of that, so do the hackers, is that balance achievable? >> Absolutely. I mean, I think totally achievable. The question's going to be what's the environment going to be like? And I remember as context to understanding whether it's viable or not, is to look at, just go back 13 years ago, I remember in 2010 Amazon was viewed as an unsecure environment. Everyone's saying, "Oh, the cloud is not secure." And I remember interviewing Steve Schmidt at AWS and we discussed specifically how Amazon Cloud was being leveraged by hackers. They made it more complex for the hackers. And he said, "This is just the beginning." It's kind of like barbed wire on a fence. It's yeah, you're not going to climb it so people can get over it. And so since then what's happened is the Cloud has become more secure than on premises for a lot of either you know, personnel reasons, culture reasons, not updating, you know, from patches to just being insecure to be more insecure. So that to me means that the flip the script can be flipped. >> Yeah. And I think with CloudNative they can build in automation and code to solve some of these problems and make it more complex for the hacker. >> Lisa: Yes. >> And increase the cost. >> Yeah, exactly. Make it more complex. Increase the cost. That'll be in interesting journey to follow. So John, here we are early February, 2023 theCUBE starting out strong as always. What year are we in, 12? Year 12? >> 13th year >> 13! What's next for theCUBE? What's coming up that excites you? >> Well, we're going to do a lot more events. We got the theCUBE in studio that I call theCUBE Center as kind of internal code word, but like, this is more about getting the word out that we can cover events remotely as events are starting to change with hybrid, digital is going to be a big part of that. So I think you're going to see a lot more CUBE on location. We're going to do, still do theCUBE and have theCUBE cover events from the studio to get deeper perspective because we can then bring people in remote through our our studio team. We can bring our CUBE alumni in. We have a corpus of content and experts to bring to table. So I think the coverage will be increased. The expertise and data will be flowing through theCUBE and so Cube Center, CUBE CUBE Studio. >> Lisa: Love it. >> Will be a integral part of our coverage. >> I love that. And we have such great conversations with guests in person, but also virtually, digitally as well. We still get the voices of the practitioners and the customers and the vendors and the partner ecosystem really kind of lauded loud and clear through theCUBE megaphone as I would say. >> And of course getting the clips out there, getting the highlights. >> Yeah. >> Getting more stories. No stories too small for theCUBE. We can make it easy to get the best content. >> The best content. John, it's been fun covering CloudNative security CON with you with you. And Dave and our guests, thank you so much for the opportunity and looking forward to the next event. >> John: All right. We'll see you at Amsterdam. >> Yeah, I'll be there. We want to thank you so much for watching TheCUBES's two day coverage of CloudNative Security CON 23. We're live in Palo Alto. You are live wherever you are and we appreciate your time and your view of this event. For John Furrier, Dave Vellante, I'm Lisa Martin. Thanks for watching guys. We'll see you at the next show.

(upbeat music) (upbeat music) >> Hi everybody, welcome back to our coverage of the Cloud Native Security Con. I'm Dave Vellante, here in our Boston studio. We're connecting today with Palo Alto, with John Furrier and Lisa Martin. We're also live from the show floor in Seattle. But right now, I'm here with Andy Thurai who's from Constellation Research, friend of theCUBE, and we're going to discuss the intersection of AI and security, the potential of AI, the risks and the future. Andy, welcome, good to see you again. >> Good to be here again. >> Hey, so let's get into it, can you talk a little bit about, I know this is a passion of yours, the ethical considerations surrounding AI. I mean, it's front and center in the news, and you've got accountability, privacy, security, biases. Should we be worried about AI from a security perspective? >> Absolutely, man, you should be worried. See the problem is, people don't realize this, right? I mean, the ChatGPT being a new shiny object, it's all the craze that's about. But the problem is, most of the content that's produced either by ChatGPT or even by others, it's an access, no warranties, no accountability, no whatsoever. Particularly, if it is content, it's okay. But if it is something like a code that you use for example, one of their site projects that GitHub's co-pilot, which is actually, open AI + Microsoft + GitHub's combo, they allow you to produce code, AI writes code basically, right? But when you write code, problem with that is, it's not exactly stolen, but the models are created by using the GitHub code. Actually, they're getting sued for that, saying that, "You can't use our code". Actually there's a guy, Tim Davidson, I think he's named the professor, he actually demonstrated how AI produces exact copy of the code that he has written. So right now, it's a lot of security, accountability, privacy issues. Use it either to train or to learn. But in my view, it's not ready for enterprise grade yet. >> So, Brian Behlendorf today in his keynotes said he's really worried about ChatGPT being used to automate spearfishing. So I'm like, okay, so let's unpack that a little bit. Is the concern there that it just, the ChatGPT writes such compelling phishing content, it's going to increase the probability of somebody clicking on it, or are there other dimensions? >> It could, it's not necessarily just ChatGPT for that matter, right? AI can, actually, the hackers are using it to an extent already, can use to individualize content. For example, one of the things that you are able to easily identify when you're looking at the emails that are coming in, the phishing attack is, you look at some of the key elements in it, whether it's a human or even if it's an automated AI based system. They look at certain things and they say, "Okay, this is phishing". But if you were to read an email that looks exact copy of what I would've sent to you saying that, "Hey Dave, are you on for tomorrow? Or click on this link to do whatever. It could individualize the message. That's where the volume at scale to individual to masses, that can be done using AI, which is what scares me. >> Is there a flip side to AI? How is it being utilized to help cybersecurity? And maybe you could talk about some of the more successful examples of AI in security. Like, are there use cases or are there companies out there, Andy, that you find, I know you're close to a lot of firms that are leading in this area. You and I have talked about CrowdStrike, I know Palo Alto Network, so is there a positive side to this story? >> Yeah, I mean, absolutely right. Those are some of the good companies you mentioned, CrowdStrike, Palo Alto, Darktrace is another one that I closely follow, which is a good company as well, that they're using AI for security purposes. So, here's the thing, right, when people say, when they're using malware detection systems, most of the malware detection systems that are in today's security and malware systems, use some sort of a signature and pattern scanning in the malware. You know how many identified malwares are there today in the repository, in the library? More than a billion, a billion. So, if you are to check for every malware in your repository, that's not going to work. The pattern based recognition is not going to work. So, you got to figure out a different way of identification of pattern of usage, not just a signature in a malware, right? Or there are other areas you could use, things like the usage patterns. For example, if Andy is coming in to work at a certain time, you could combine a facial recognition saying, that should he be in here at that time, and should he be doing things, what he is supposed to be doing. There are a lot of things you could do using that, right? And the AIOps use cases, which is one of my favorite areas that I work, do a lot of work, right? That it has use cases for detecting things that are anomaly, that are not supposed to be done in a way that's supposed to be, reducing the noise so it can escalate only the things what you're supposed to. So, AIOps is a great use case to use in security areas which they're not using it to an extent yet. Incident management is another area. >> So, in your malware example, you're saying, okay, known malware, pretty much anybody can deal with that now. That's sort of yesterday's problem. >> The unknown is the problem. >> It's the unknown malware really trying to understand the patterns, and the patterns are going to change. It's not like you're saying a common signature 'cause they're going to use AI to change things up at scale. >> So, here's the problem, right? The malware writers are also using AI now, right? So, they're not going to write the old malware, send it to you. They are actually creating malware on the fly. It is possible entirely in today's world that they can create a malware, drop in your systems and it'll it look for the, let me get that name right. It's called, what are we using here? It's called the TTPs, Tactics, Techniques and procedures. It'll look for that to figure out, okay, am I doing the right pattern? And then malware can sense it saying that, okay, that's the one they're detecting. I'm going to change it on the fly. So, AI can code itself on the fly, rather malware can code itself on the fly, which is going to be hard to detect. >> Well, and when you talk about TTP, when you talk to folks like Kevin Mandia of Mandiant, recently purchased by Google or other of those, the ones that have the big observation space, they'll talk about the most malicious hacks that they see, involve lateral movement. So, that's obviously something that people are looking for, AI's looking for that. And of course, the hackers are going to try to mask that lateral movement, living off the land and other things. How do you see AI impacting the future of cyber? We talked about the risks and the good. One of the things that Brian Behlendorf also mentioned is that, he pointed out that in the early days of the internet, the protocols had an inherent element of trust involved. So, things like SMTP, they didn't have security built in. So, they built up a lot of technical debt. Do you see AI being able to help with that? What steps do you see being taken to ensure that AI based systems are secure? >> So, the major difference between the older systems and the newer systems is the older systems, sadly even today, a lot of them are rules-based. If it's a rules-based systems, you are dead in the water and not able, right? So, the AI-based systems can somewhat learn from the patterns as I was talking about, for example... >> When you say rules-based systems, you mean here's the policy, here's the rule, if it's not followed but then you're saying, AI will blow that away, >> AI will blow that away, you don't have to necessarily codify things saying that, okay, if this, then do this. You don't have to necessarily do that. AI can somewhat to an extent self-learn saying that, okay, if that doesn't happen, if this is not a pattern that I know which is supposed to happen, who should I escalate this to? Who does this system belong to? And the other thing, the AIOps use case we talked about, right, the anomalies. When an anomaly happens, then the system can closely look at, saying that, okay, this is not normal behavior or usage. Is that because system's being overused or is it because somebody's trying to access something, could look at the anomaly detection, anomaly prevention or even prediction to an extent. And that's where AI could be very useful. >> So, how about the developer angle? 'Cause CNCF, the event in Seattle is all around developers, how can AI be integrated? We did a lot of talk at the conference about shift-left, we talked about shift-left and protect right. Meaning, protect the run time. So, both are important, so what steps should be taken to ensure that the AI systems are being developed in a secure and ethically sound way? What's the role of developers in that regard? >> How long do you got? (Both laughing) I think it could go for base on that. So, here's the problem, right? Lot of these companies are trying to see, I mean, you might have seen that in the news that Buzzfeed is trying to hire all of the writers to create the thing that ChatGPT is creating, a lot of enterprises... >> How, they're going to fire their writers? >> Yeah, they replace the writers. >> It's like automated automated vehicles and automated Uber drivers. >> So, the problem is a lot of enterprises still haven't done that, at least the ones I'm speaking to, are thinking about saying, "Hey, you know what, can I replace my developers because they are so expensive? Can I replace them with AI generated code?" There are a few issues with that. One, AI generated code is based on some sort of a snippet of a code that has been already available. So, you get into copyright issues, that's issue number one, right? Issue number two, if AI creates code and if something were to go wrong, who's responsible for that? There's no accountability right now. Or you as a company that's creating a system that's responsible, or is it ChatGPT, Microsoft is responsible. >> Or is the developer? >> Or the developer. >> The individual developer might be. So, they're going to be cautious about that liability. >> Well, so one of the areas where I'm seeing a lot of enterprises using this is they are using it to teach developers to learn things. You know what, if you're to code, this is a good way to code. That area, it's okay because you are just teaching them. But if you are to put an actual production code, this is what I advise companies, look, if somebody's using even to create a code, whether with or without your permission, make sure that once the code is committed, you validate that the 100%, whether it's a code or a model, or even make sure that the data what you're feeding in it is completely out of bias or no bias, right? Because at the end of the day, it doesn't matter who, what, when did that, if you put out a service or a system out there, it is involving your company liability and system, and code in place. You're going to be screwed regardless of what, if something were to go wrong, you are the first person who's liable for it. >> Andy, when you think about the dangers of AI, and what keeps you up at night if you're a security professional AI and security professional. We talked about ChatGPT doing things, we don't even, the hackers are going to get creative. But what worries you the most when you think about this topic? >> A lot, a lot, right? Let's start off with an example, actually, I don't know if you had a chance to see that or not. The hackers used a bank of Hong Kong, used a defect mechanism to fool Bank of Hong Kong to transfer $35 million to a fake account, the money is gone, right? And the problem that is, what they did was, they interacted with a manager and they learned this executive who can control a big account and cloned his voice, and clone his patterns on how he calls and what he talks and the whole name he has, after learning that, they call the branch manager or bank manager and say, "Hey, you know what, hey, move this much money to whatever." So, that's one way of kind of phishing, kind of deep fake that can come. So, that's just one example. Imagine whether business is conducted by just using voice or phone calls itself. That's an area of concern if you were to do that. And imagine this became an uproar a few years back when deepfakes put out the video of Tom Cruise and others we talked about in the past, right? And Tom Cruise looked at the video, he said that he couldn't distinguish that he didn't do it. It is so close, that close, right? And they are doing things like they're using gems... >> Awesome Instagram account by the way, the guy's hilarious, right? >> So, they they're using a lot of this fake videos and fake stuff. As long as it's only for entertainment purposes, good. But imagine doing... >> That's right there but... >> But during the election season when people were to put out saying that, okay, this current president or ex-president, he said what? And the masses believe right now whatever they're seeing in TV, that's unfortunate thing. I mean, there's no fact checking involved, and you could change governments and elections using that, which is scary shit, right? >> When you think about 2016, that was when we really first saw, the weaponization of social, the heavy use of social and then 2020 was like, wow. >> To the next level. >> It was crazy. The polarization, 2024, would deepfakes... >> Could be the next level, yeah. >> I mean, it's just going to escalate. What about public policy? I want to pick your brain on this because I I've seen situations where the EU, for example, is going to restrict the ability to ship certain code if it's involved with critical infrastructure. So, let's say, example, you're running a nuclear facility and you've got the code that protects that facility, and it can be useful against some other malware that's outside of that country, but you're restricted from sending that for whatever reason, data sovereignty. Is public policy, is it aligned with the objectives in this new world? Or, I mean, normally they have to catch up. Is that going to be a problem in your view? >> It is because, when it comes to laws it's always miles behind when a new innovation happens. It's not just for AI, right? I mean, the same thing happened with IOT. Same thing happened with whatever else new emerging tech you have. The laws have to understand if there's an issue and they have to see a continued pattern of misuse of the technology, then they'll come up with that. Use in ways they are ahead of things. So, they put a lot of restrictions in place and about what AI can or cannot do, US is way behind on that, right? But California has done some things, for example, if you are talking to a chat bot, then you have to basically disclose that to the customer, saying that you're talking to a chat bot, not to a human. And that's just a very basic rule that they have in place. I mean, there are times that when a decision is made by the, problem is, AI is a black box now. The decision making is also a black box now, and we don't tell people. And the problem is if you tell people, you'll get sued immediately because every single time, we talked about that last time, there are cases involving AI making decisions, it gets thrown out the window all the time. If you can't substantiate that. So, the bottom line is that, yes, AI can assist and help you in making decisions but just use that as a assistant mechanism. A human has to be always in all the loop, right? >> Will AI help with, in your view, with supply chain, the software supply chain security or is it, it's always a balance, right? I mean, I feel like the attackers are more advanced in some ways, it's like they're on offense, let's say, right? So, when you're calling the plays, you know where you're going, the defense has to respond to it. So in that sense, the hackers have an advantage. So, what's the balance with software supply chain? Are the hackers have the advantage because they can use AI to accelerate their penetration of the software supply chain? Or will AI in your view be a good defensive mechanism? >> It could be but the problem is, the velocity and veracity of things can be done using AI, whether it's fishing, or malware, or other security and the vulnerability scanning the whole nine yards. It's scary because the hackers have a full advantage right now. And actually, I think ChatGPT recently put out two things. One is, it's able to direct the code if it is generated by ChatGPT. So basically, if you're trying to fake because a lot of schools were complaining about it, that's why they came up with the mechanism. So, if you're trying to create a fake, there's a mechanism for them to identify. But that's a step behind still, right? And the hackers are using things to their advantage. Actually ChatGPT made a rule, if you go there and read the terms and conditions, it's basically honor rule suggesting, you can't use this for certain purposes, to create a model where it creates a security threat, as that people are going to listen. So, if there's a way or mechanism to restrict hackers from using these technologies, that would be great. But I don't see that happening. So, know that these guys have an advantage, know that they're using AI, and you have to do things to be prepared. One thing I was mentioning about is, if somebody writes a code, if somebody commits a code right now, the problem is with the agile methodologies. If somebody writes a code, if they commit a code, you assume that's right and legit, you immediately push it out into production because need for speed is there, right? But if you continue to do that with the AI produced code, you're screwed. >> So, bottom line is, AI's going to speed us up in a security context or is it going to slow us down? >> Well, in the current version, the AI systems are flawed because even the ChatGPT, if you look at the the large language models, you look at the core piece of data that's available in the world as of today and then train them using that model, using the data, right? But people are forgetting that's based on today's data. The data changes on a second basis or on a minute basis. So, if I want to do something based on tomorrow or a day after, you have to retrain the models. So, the data already have a stale. So, that in itself is stale and the cost for retraining is going to be a problem too. So overall, AI is a good first step. Use that with a caution, is what I want to say. The system is flawed now, if you use it as is, you'll be screwed, it's dangerous. >> Andy, you got to go, thanks so much for coming in, appreciate it. >> Thanks for having me. >> You're very welcome, so we're going wall to wall with our coverage of the Cloud Native Security Con. I'm Dave Vellante in the Boston Studio, John Furrier, Lisa Martin and Palo Alto. We're going to be live on the show floor as well, bringing in keynote speakers and others on the ground. Keep it right there for more coverage on theCUBE. (upbeat music) (upbeat music) (upbeat music) (upbeat music)

from the cube studios in Palo Alto in Boston bringing you data-driven insights from the cube and ETR this is breaking analysis with Dave vellante over the past decade cloudflare has built a Global Network that has the potential to become the fourth us-based hyperscale class cloud in our view the company is building a durable Revenue model with hooks into many important markets these include the more mature DDOS protection space to other growth sectors such as zero trust a serverless platform for application development and an increasing number of services such as database and object storage and other network services in essence cloudflare could be thought of as a giant distributed supercomputer that can connect multiple clouds and act as a highly efficient scheduling engine at scale its disruptive DNA is increasingly attracting novel startups and established Global firms alike looking for Reliable secure high performance low latency and more cost-effective alternatives to AWS and Legacy infrastructure Solutions hello and welcome to this week's wikibon Cube insights powered by ETR in this breaking analysis we initiate our deeper coverage of cloudflare we'll briefly explain our take on the company and its unique business model we'll then share some peer comparisons with both the financial snapshot and some fresh ETR survey data finally we'll share some examples of how we think cloudflare could be a disruptive force with a super cloud-like offering that in many respects is what multi-cloud should have been cloudflare has been on our peripheral radar Ben Thompson and many others have written about their disruptive business model and recently a breaking analysis follower who will remain anonymous emailed with some excellent insights on cloudflare that prompted us to initiate more detailed coverage let's first take a look at how cloudflare seize the world in terms of its view of a modern stack this is a graphic from cloudflare that shows a simple three-layer Stack comprising Storage and compute the lower level and application layer and the network and their key message is basically that the big four hyperscalers have replaced the on-prem leaders apps have been satisfied and that mess of network that you see and Security in the upper left can now be handled all by cloudflare and the stack can be rented via Opex versus requiring heavy capex investment so okay somewhat of a simplified view is those companies on the the left are you know not standing still and we're going to come back to that but cloudflare has done something quite amazing I mean it's been a while since we've invoked Russ hanneman of Silicon Valley Fame on breaking analysis but remember when he was in a meeting one of his first meetings if not the first with Richard Hendricks it was the whiz kid on the show Silicon Valley and hanneman said something like if you had a blank check and you could build anything in the world what would it be and Richard's answer was basically a new internet and that led to Pied Piper this peer-to-peer Network powered by decentralized devices and and iPhones and this amazing compression algorithm that enabled high-speed data movement and low latency uh up to no low latency access across the network well in a way that's what cloudflare has built its founding premise reimagined how the internet should be built with a consistent set of server infrastructure where each server had lots of cores lots of dram lots of cash fast ssds and plenty of network connectivity and bandwidth and well this picture makes it look like a bunch of dots and points of presence on a map which of course it is there's a software layer that enables cloudflare to efficiently allocate resources across this Global Network the company claims that it's Network utilization is in the 70 percent range and it has used its build out to enter the technology space from the bottoms up offering for example free tiers of services to users with multiple entry points on different services and selling then more services over time to a customer which of course drives up its average contract value and its lifetime value at the same time the company continues to innovate and add new services at a very rapid cloud-like Pace you can think of cloudflare's initial Market entry as like a lightweight Cisco as a service the company's CFO actually he uses that term he calls it that which really must tick off Cisco who of course has a massive portfolio and a dominant Market position now because it owns the network cloudflare is a marginal cost of adding new Services is very small and goes towards zero so it's able to get software like economics at scale despite all this infrastructure that's building out so it doesn't have to constantly face the increasing infrastructure tax snowflake for example doesn't own its own network infrastructure as it grows it relies on AWS or Azure gcp and and while it gives the company obvious advantages it doesn't have to build out its own network it also requires them to constantly pay the tax and negotiate with hyperscalers for better rental rates now as previously mentioned Cloud Fair cloudflare claims that its utilization is very high probably higher than the hyperscalers who can spin up servers that they can charge for underutilized customer capacity cloudflare also has excellent Network traffic data that it can use to its Advantage with its Analytics the company has been rapidly innovating Beyond its original Core Business adding as I said before serverless zero trust offerings it has announced a database it calls its database D1 that's pretty creative and it's announced an object store called R2 that is S3 minus one both from the alphabet and the numeric I.E minus the egress cost saying no egress cost that's their big claim to fame and they've made a lot of marketing noise around about that and of course they've promised in our a D2 database which of course is R2D2 RR they've launched a developer platform cloudflare can be thought of kind of like first of all a modern CDN they've got a simpler security model that's how they compete for example with z-scaler that brings uh they also bring VPN sd-wan and DDOS protection services that are that are part of the network and they're less expensive than AWS that's kind of their sort of go to market and messaging and value proposition and they're positioning themselves as a neutral Network that can connect across multiple clouds now to be clear unlike AWS in particular cloudflare is not well suited to lift and shift your traditional apps like for instance sap Hana you're not going to run that in on cloudflare's platform rather the company started by making websites more secure and faster and it flew under the radar and much in the same way that clay Christensen described the disruption in the steel industry if you've seen that where new entrants picked off the low margin rebar business then moved up the stack we've used that analogy in the semiconductor business with arm and and even China cloudflare is running a similar playbook in the cloud and in the network so in the early part of the last decade as aws's ascendancy was becoming more clear many of us started thinking about how and where firms could compete and add value as AWS is becoming so dominant so for instance take an industry Focus you could do things like data sharing with snowflake eventually you know uh popularized you could build on top of clouds again snowflake is doing that as are others you could build private clouds and of course connect to hybrid clouds but not many had the wherewithal and or the hutzpah to build out a Global Network that could serve as a connecting platform for cloud services cloudflare has traction in the market as it adds new services like zero trust and object store or database its Tam continues to grow here's a quick snapshot of cloudflare's financials relative to Z scalar which is both a competitor and a customer fastly which is a smaller CDN and Akamai a more mature CDN slash Edge platform cloudflare and fastly both reported earnings this past week Cloud Fair Cloud flare surpassed a billion dollar Revenue run rate but they gave tepid guidance and the stock got absolutely crushed today which is Friday but the company's business model is sound it's growing close to 50 annually it has sas-like gross margins in the mid to high 70s and it's it it's got a very strong balance sheet and a 13x revenue run rate multiple in fact it's Financial snapshot is quite close to that of z-scaler which is kind of interesting which zinc sailor of course doesn't own its own network that's a pure play software company fastly is much smaller and growing more slowly than cloudflare hence its lower multiple well Akamai as you can see is a more mature company but it's got a nice business now on its earnings call this week cloudflare announced that its head of sales was stepping down and the company has brought in a new leader to take the firm to five billion dollars in sales I think actually its current sales leader felt like hey you know my work is done here bring on somebody else to take it to the next level the company is promising to be free cash flow positive by the end of the year and is working hard toward its long-term financial model or so working towards sorry it's a long-term financial model with gross margin Targets in the mid 70s it's targeting 20 non-gaap operating margins so so solid you know very solid not like completely off the charts but you know very good and to our knowledge it has not committed to a long-term growth rate but at that sort of operating profit level you would like to see growth be consistently at least in the 20 range so they could at least be a rule of 40 company or perhaps even even five even higher if they're going to continue to command a premium valuation okay let's take a look at the ETR data ETR is very positive on cloudflare and has recently published a report on the company like many companies cloudflare is seeing an across the board slowdown in spending velocity we've reported on this quite extensively using the ETR data to quantify the degree to that Slowdown and on the data set with ETR we see that many customers they're shifting their spend to Flat spend you know plus or minus let's say you know single digits you know two three percent or even zero or in the market we're seeing a shift from paid to free tiers remember cloudflare offers a lot of free services as you're seeing customers maybe turn off the pay for a while and going with the freebie but we're also seeing some larger customers in the data and the fortune 1000 specifically they're actually spending more which was confirmed on cloudflare's earnings call they did say everything across the board was softer but they did also indicate that some of their larger customers are actually growing faster than their smaller customers and their churn is very very low here's a two-dimensional graphic we'd like to share this view a lot it's got Net score or spending momentum on the vertical axis and overlap or pervasiveness in the survey on the horizontal axis and this cut isolates three segments in the etrs taxonomy that cloudflare plays in Cloud security and networking now the table inserted in that upper left there shows the raw data which informs the position of each company in the dots with Net score in the ends listed in that rightmost column the red dotted line indicates a highly elevated Net score and finally we posted the breakdown those colors in the bottom right of cloudflare's Net score the lime green that's new adoptions the forest green is we're spending more six percent or more the gray is flat plus or minus uh five percent and you can see that the majority of customers you can see that's the majority of the customers that gray area the pink is we're spending Less in other words down six percent or worse and the bright red is churn which is minimal one percent very good indicator for for cloudflare what you do to get etr's proprietary Net score and they've done this for many many quarters so we have that time series data you subtract the Reds from the greens and that's Net score cloudflare is at 39 just under that magic red line now note that cloudflare and zscaler are right on top of each other Cisco has a dominant position on the x-axis that cloudflare and others are eyeing AWS is also dominant but note that its Net score is well above the red dotted line it's incredible Palo Alto networks is also very impressive it's got both a strong presence on the horizontal axis and it's got a Net score that's pretty comparable to cloudflare and z-scaler to much smaller companies Akamai is actually well positioned for a reasonably mature company and you can see fastly ATT Juniper and F5 have far less spending momentum on their platforms than does cloudflare but at least they are in positive Net score territory so what's going to be really interesting to see is whether cloudflare can continue to hold this momentum or even accelerate it as we've seen with some other clouds as it scales its Network and keeps adding more and more services cloudflare has a couple of potential strategic vectors that we want to talk about and it'll be going to be interesting to see how that plays out Now One path is to compete more directly as a Cloud Player offering secure access Edge services like firewall as a service and zero Trust Services like data loss prevention email security from its area one acquisition and other zero trust offerings as well as Network Services like routing and network connectivity this is The Sweet Spot of the company load balancing many others and then add in things like Object Store and database Services more Edge services in the future it might be telecom like services such as Network switching for offices so that's one route and cloudflare is clearly on that path more services more cohorts at innovating and and growing the company and bringing in more Revenue increasing acvs and and increasing long-term value and keeping retention high now the other Vector is what we're just going to refer to as super cloud as an enabler of cross-cloud infrastructure this is new value uh relative to the former Vector that we were just talking about now the title of this episode is what multi-cloud should have been meaning cloudflare could be the control plane providing a consistent experience across clouds one that is fast and secure at global scale now to give you Insight on this let's take a look at some of the comments made by Matthew Prince the CEO and co-founder of cloudflare cloudflare put its R2 Object Store into public beta this past May and I believe it's storing around a petabyte of data today I think that's what they said in their call here's what Prince said about that quote we are talking to very large companies about moving more and more of their stored objects to where we can store that with R2 and one of the benefits is not only can we help them save money on the egress fees but it allows them to then use those object stores or objects across any of the different Cloud platforms they're that they're using so by being that neutral third party we can let people adopt a little bit of Amazon a little bit of Microsoft a little bit of Google a little bit of SAS vendors and share that data across all those different places so what's interesting about this in the super cloud context is it suggests that customers could take the best of each Cloud to power their digital businesses I might like AWS for in redshift for my analytic database or I love Google's machine learning Microsoft's collaboration and I'd like a consistent way to connect those resources but of course he's strongly hinting and has made many public statements that aws's egress fees are a blocker to that vision now at a recent investor event Matthew Prince added some color to this concept when he talked about one metric of success being how much R2 capacity was consumed and how much they sold but perhaps a more interesting Benchmark is highlighted by the following statement that he made he said a completely different measure of success for R2 is Andy jassy says I'm sick and tired of these guys meaning cloudflare taking our objects away we're dropping our egress fees to zero I would be so excited because we've then unlocked the ability to be the network that interconnects the cloud together now of course it would be Adam solipski who would be saying that or maybe Andy Jesse you know still watching over AWS and I think it's highly unlikely that that's going to happen anytime soon and that of course but but in theory gets us closer to the super cloud value proposition and to further drive that point home and we're paraphrasing a little bit his comments here he said something the effect of quote customers need one consistent control plane across clouds and we are the neutral Network that can be consistent no matter which Cloud you're using interesting right that Prince sees the world that's similar to if not nearly identical to the concepts that the cube Community has been putting forth around supercloud now this vision is a ways off let's be real Prince even suggested that his initial vision of an application running across multiple clouds you know that's like super cloud Nirvana isn't what customers are doing today that's that's really hard to do and perhaps you know it's never going to happen but there's a little doubt that cloudflare could be and is positioning itself as that cross-cloud control plane it has the network economics and the business model levers to pull it's got an edge up on the competition at the edge pun intended cloudflare is the definition of Edge and it's distributed platform it's decentralized platform is much better suited for Edge workloads than these giant data centers that are you know set up to to try and handle that today the the hyperscalers are building out you know their Edge networks things like outposts you know going out to the edge and other local zones Etc now cloudflare is increasingly competitive to the hyperscalers and those traditional Stacks that it depositioned on an earlier slide that we showed but you know the likes of AWS and Dell and hpe and Cisco and those others they're not sitting in their hands they have a huge huge customer install bases and they are definitely a moving Target they're investing and they're building out their own Super clouds with really robust stacks as well let's face it it's going to take a decade or more for Enterprises to adopt a developer platform or a new database Cloud plus cloudflare's capabilities when compared to incumbent stacks and the hyperscalers is much less robust in these areas and even in storage you know despite all the great conversation that R2 generated and the buzz you take a specialist like Wasabi they're more mature they're more functional and they're way cheaper even than cloudflare so you know it's not a fake a complete that cloudflare is going to win in those markets but we love the disruption and if cloudflare wants to be the fourth us-based hyperscaler or join the the big four as the as the fifth if we put Alibaba in the mix it's got a lot of work to do in the ecosystem by its own admission as much to learn and is part of the value by the way that it sees in its area one acquisition it's email security company that it bought but even in that case much of the emphasis has been on reseller channels compare that to the AWS ecosystem which is not only a channel play but is as much an innovation flywheel filling gaps where companies like snowflake Thrive side by side with aws's data stores as well all the on-prem stacks are building hybrid connections to AWS and other clouds as a means of providing consistent experiences across clouds indeed many of them see what they call cross-cloud services or what we call super cloud hyper cloud or whatever you know Mega Cloud you want to call it we use super cloud they are really eyeing that opportunity so very few companies frankly are not going after that space but we're going to close with this cloudflare is one of those companies that's in a position to wake up each morning and ask who can we disrupt today and very few companies are in a position to disrupt the hyperscalers to the degree that cloudflare is and that my friends is going to be fascinating to watch unfold all right let's call it a wrap I want to thank Alex Meyerson who's on production and manages the podcast as well as Ken schiffman who's our newest addition to the Boston Studio Kristen Martin and Cheryl Knight help us get the word out on social media and in our newsletters and Rob Hof is our editor-in-chief over at silicon angle thank you to all remember all these episodes are available as podcasts wherever you listen all you're going to do is search breaking analysis podcasts I publish each week on wikibon.com and siliconangle.com you can email me at david.velante at siliconangle.com or DM me at divalante if you comment on my LinkedIn posts and please do check out etr.ai they got the best survey data in the Enterprise Tech business this is Dave vellante for the cube insights powered by ETR thank you very much for watching and we'll see you next time on breaking analysis

>>From the Cube Studios in Palo Alto in Boston, bringing you data driven insights from the cube and etr. This is breaking analysis with Dave Ante. >>Have you ever been driving on the highway and traffic suddenly slows way down and then after a little while it picks up again and you're cruising along and you're thinking, Okay, hey, that was weird. But it's clear sailing now. Off we go, only to find out in a bit that the traffic is building up ahead again, forcing you to pump the brakes as the traffic pattern ebbs and flows well. Welcome to the Seesaw economy. The fed induced fire that prompted an unprecedented rally in tech is being purposefully extinguished now by that same fed. And virtually every sector of the tech industry is having to reset its expectations, including the cloud segment. Hello and welcome to this week's Wikibon Cube Insights powered by etr. In this breaking analysis will review the implications of the earnings announcements from the big three cloud players, Amazon, Microsoft, and Google who announced this week. >>And we'll update you on our quarterly IAS forecast and share the latest from ETR with a focus on cloud computing. Now, before we get into the new data, we wanna review something we shared with you on October 14th, just a couple weeks back, this is sort of a, we told you it was coming slide. It's an XY graph that shows ET R'S proprietary net score methodology on the vertical axis. That's a measure of spending momentum, spending velocity, and an overlap or presence in the dataset that's on the X axis. That's really a measure of pervasiveness. In the survey, the table, you see that table insert there that shows Wiki Bond's Q2 estimates of IAS revenue for the big four hyperscalers with their year on year growth rates. Now we told you at the time, this is data from the July TW 22 ETR survey and the ETR hadn't released its October survey results at that time. >>This was just a couple weeks ago. And while we couldn't share the specific data from the October survey, we were able to get a glimpse and we depicted the slowdown that we saw in the October data with those dotted arrows kind of down into the right, we said at the time that we were seeing and across the board slowdown even for the big three cloud vendors. Now, fast forward to this past week and we saw earnings releases from Alphabet, Microsoft, and just last night Amazon. Now you may be thinking, okay, big deal. The ETR survey data didn't really tell us anything we didn't already know. But judging from the negative reaction in the stock market to these earnings announcements, the degree of softness surprised a lot of investors. Now, at the time we didn't update our forecast, it doesn't make sense for us to do that when we're that close to earning season. >>And now that all the big three ha with all the big four with the exception of Alibaba have announced we've, we've updated. And so here's that data. This chart lays out our view of the IS and PAs worldwide revenue. Basically it's cloud infrastructure with an attempt to exclude any SaaS revenue so we can make an apples to apples comparison across all the clouds. Now the reason that actual is in quotes is because Microsoft and Google don't report IAS revenue, but they do give us clues and kind of directional commentary, which we then triangulate with other data that we have from the channel and ETR surveys and just our own intelligence. Now the second column there after the vendor name shows our previous estimates for q3, and then next to that we show our actuals. Same with the growth rates. And then we round out the chart with that lighter blue color highlights, the full year estimates for revenue and growth. >>So the key takeaways are that we shaved about $4 billion in revenue and roughly 300 basis points of growth off of our full year estimates. AWS had a strong July but exited Q3 in the mid 20% growth rate year over year. So we're using that guidance, you know, for our Q4 estimates. Azure came in below our earlier estimates, but Google actually exceeded our expectations. Now the compression in the numbers is in our view of function of the macro demand climate, we've made every attempt to adjust for constant currency. So FX should not be a factor in this data, but it's sure you know that that ma the the, the currency effects are weighing on those companies income statements. And so look, this is the fundamental dynamic of a cloud model where you can dial down consumption when you need to and dial it up when you need to. >>Now you may be thinking that many big cloud customers have a committed level of spending in order to get better discounts. And that's true. But what's happening we think is they'll reallocate that spend toward, let's say for example, lower cost storage tiers or they may take advantage of better price performance processors like Graviton for example. That is a clear trend that we're seeing and smaller companies that were perhaps paying by the drink just on demand, they're moving to reserve instance models to lower their monthly bill. So instead of taking the easy way out and just spending more companies are reallocating their reserve capacity toward lower cost. So those sort of lower cost services, so they're spending time and effort optimizing to get more for, for less whereas, or get more for the same is really how we should, should, should phrase it. Whereas during the pandemic, many companies were, you know, they perhaps were not as focused on doing that because business was booming and they had a response. >>So they just, you know, spend more dial it up. So in general, as they say, customers are are doing more with, with the same. Now let's look at the growth dynamic and spend some time on that. I think this is important. This data shows worldwide quarterly revenue growth rates back to Q1 2019 for the big four. So a couple of interesting things. The data tells us during the pandemic, you saw both AWS and Azure, but the law of large numbers and actually accelerate growth. AWS especially saw progressively increasing growth rates throughout 2021 for each quarter. Now that trend, as you can see is reversed in 2022 for aws. Now we saw Azure come down a bit, but it's still in the low forties in terms of percentage growth. While Google actually saw an uptick in growth this last quarter for GCP by our estimates as GCP is becoming an increasingly large portion of Google's overall cloud business. >>Now, unfortunately Google Cloud continues to lose north of 850 million per quarter, whereas AWS and Azure are profitable cloud businesses even though Alibaba is suffering its woes from China. And we'll see how they come in when they report in mid-November. The overall hyperscale market grew at 32% in Q3 in terms of worldwide revenue. So the slowdown isn't due to the repatriation or competition from on-prem vendors in our view, it's a macro related trend. And cloud will continue to significantly outperform other sectors despite its massive size. You know, on the repatriation point, it just still doesn't show up in the data. The A 16 Z article from Sarah Wong and Martin Martin Kasa claiming that repatriation was inevitable as a means to lower cost of good sold for SaaS companies. You know, while that was thought provoking, it hasn't shown up in the numbers. And if you read the financial statements of both AWS and its partners like Snowflake and you dig into the, to the, to the quarterly reports, you'll see little notes and comments with their ongoing negotiations to lower cloud costs for customers. >>AWS and no doubt execs at Azure and GCP understand that the lifetime value of a customer is worth much more than near term gross margin. And you can expect the cloud vendors to strike a balance between profitability, near term profitability anyway and customer attention. Now, even though Google Cloud platform saw accelerated growth, we need to put that in context for you. So GCP, by our estimate, has now crossed over the $3 billion for quarter market actually did so last quarter, but its growth rate accelerated to 42% this quarter. And so that's a good sign in our view. But let's do a quick little comparison with when AWS and Azure crossed the $3 billion mark and compare their growth rates at the time. So if you go back to to Q2 2016, as we're showing in this chart, that's around the time that AWS hit 3 billion per quarter and at the same time was growing at 58%. >>Azure by our estimates crossed that mark in Q4 2018 and at that time was growing at 67%. Again, compare that to Google's 42%. So one would expect Google's growth rate would be higher than its competitors at this point in the MO in the maturity of its cloud, which it's, you know, it's really not when you compared to to Azure. I mean they're kind of con, you know, comparable now but today, but, but you'll go back, you know, to that $3 billion mark. But more so looking at history, you'd like to see its growth rate at this point of a maturity model at least over 50%, which we don't believe it is. And one other point on this topic, you know, my business friend Matt Baker from Dell often says it's not a zero sum game, meaning there's plenty of opportunity exists to build value on top of hyperscalers. >>And I would totally agree it's not a dollar for dollar swap if you can continue to innovate. But history will show that the first company in makes the most money. Number two can do really well and number three tends to break even. Now maybe cloud is different because you have Microsoft software estate and the power behind that and that's driving its IAS business and Google ads are funding technology buildouts for, for for Google and gcp. So you know, we'll see how that plays out. But right now by this one measurement, Google is four years behind Microsoft in six years behind aws. Now to the point that cloud will continue to outpace other markets, let's, let's break this down a bit in spending terms and see why this claim holds water. This is data from ET r's latest October survey that shows the granularity of its net score or spending velocity metric. >>The lime green is new adoptions, so they're adding the platform, the forest green is spending more 6% or more. The gray bars spending is flat plus or minus, you know, 5%. The pinkish colors represent spending less down 6% or worse. And the bright red shows defections or churn of the platform. You subtract the reds from the greens and you get what's called net score, which is that blue dot that you can see on each of the bars. So what you see in the table insert is that all three have net scores above 40%, which is a highly elevated measure. Microsoft's net scores above 60% AWS well into the fifties and GCP in the mid forties. So all good. Now what's happening with all three is more customers are keep keeping their spending flat. So a higher percentage of customers are saying, our spending is now flat than it was in previous quarters and that's what's accounting for the compression. >>But the churn of all three, even gcp, which we reported, you know, last quarter from last quarter survey was was five x. The other two is actually very low in the single digits. So that might have been an anomaly. So that's a very good sign in our view. You know, again, customers aren't repatriating in droves, it's just not a trend that we would bet on, maybe makes for a FUD or you know, good marketing head, but it's just not a big deal. And you can't help but be impressed with both Microsoft and AWS's performance in the survey. And as we mentioned before, these companies aren't going to give up customers to try and preserve a little bit of gross margin. They'll do what it takes to keep people on their platforms cuz they'll make up for it over time with added services and improved offerings. >>Now, once these companies acquire a customer, they'll be very aggressive about keeping them. So customers take note, you have negotiating leverage, so use it. Okay, let's look at another cut at the cloud market from the ETR data set. Here's the two dimensional view, again, it's back, it's one of our favorites. Net score or spending momentum plotted against presence. And the data set, that's the x axis net score on the, on the vertical axis, this is a view of et r's cloud computing sector sector. You can see we put that magic 40% dotted red line in the table showing and, and then that the table inserts shows how the data are plotted with net score against presence. I e n in the survey, notably only the big three are above the 40% line of the names that we're showing here. The oth there, there are others. >>I mean if you put Snowflake on there, it'd be higher than any of these names, but we'll dig into that name in a later breaking analysis episode. Now this is just another way of quantifying the dominance of AWS and Azure, not only relative to Google, but the other cloud platforms out there. So we've, we've taken the opportunity here to plot IBM and Oracle, which both own a public cloud. Their performance is largely a reflection of them migrating their install bases to their respective public clouds and or hybrid clouds. And you know, that's fine, they're in the game. That's a point that we've made, you know, a number of times they're able to make it through the cloud, not whole and they at least have one, but they simply don't have the business momentum of AWS and Azure, which is actually quite impressive because AWS and Azure are now as large or larger than IBM and Oracle. >>And to show this type of continued growth that that that Azure and AWS show at their size is quite remarkable and customers are starting to recognize the viability of on-prem hi, you know, hybrid clouds like HPE GreenLake and Dell's apex. You know, you may say, well that's not cloud, but if the customer thinks it is and it was reporting in the survey that it is, we're gonna continue to report this view. You know, I don't know what's happening with H P E, They had a big down tick this quarter and I, and I don't read too much into that because their end is still pretty small at 53. So big fluctuations are not uncommon with those types of smaller ends, but it's over 50. So, you know, we did notice a a a negative within a giant public and private sector, which is often a, a bellwether giant public private is big public companies and large private companies like, like a Mars for example. >>So it, you know, it looks like for HPE it could be an outlier. We saw within the Fortune 1000 HPE E'S cloud looked actually really good and it had good spending momentum in that sector. When you di dig into the industry data within ETR dataset, obviously we're not showing that here, but we'll continue to monitor that. Okay, so where's this Leave us. Well look, this is really a tactical story of currency and macro headwinds as you can see. You know, we've laid out some of the points on this slide. The action in the stock market today, which is Friday after some of the soft earnings reports is really robust. You know, we'll see how it ends up in the day. So maybe this is a sign that the worst is over, but we don't think so. The visibility from tech companies is murky right now as most are guiding down, which indicates that their conservative outlook last quarter was still too optimistic. >>But as it relates to cloud, that platform is not going anywhere anytime soon. Sure, there are potential disruptors on the horizon, especially at the edge, but we're still a long ways off from, from the possibility that a new economic model emerges from the edge to disrupt the cloud and the opportunities in the cloud remain strong. I mean, what other path is there? Really private cloud. It was kind of a bandaid until the on-prem guys could get their a as a service models rolled out, which is just now happening. The hybrid thing is real, but it's, you know, defensive for the incumbents until they can get their super cloud investments going. Super cloud implying, capturing value above the hyperscaler CapEx, you know, call it what you want multi what multi-cloud should have been, the metacloud, the Uber cloud, whatever you like. But there are opportunities to play offense and that's clearly happening in the cloud ecosystem with the likes of Snowflake, Mongo, Hashi Corp. >>Hammer Spaces is a startup in this area. Aviatrix, CrowdStrike, Zeke Scaler, Okta, many, many more. And even the projects we see coming out of enterprise players like Dell, like with Project Alpine and what Pure Storage is doing along with a number of other of the backup vendors. So Q4 should be really interesting, but the real story is the investments that that companies are making now to leverage the cloud for digital transformations will be paying off down the road. This is not 1999. We had, you know, May might have had some good ideas and admittedly at a lot of bad ones too, but you didn't have the infrastructure to service customers at a low enough cost like you do today. The cloud is that infrastructure and so far it's been transformative, but it's likely the best is yet to come. Okay, let's call this a rap. >>Many thanks to Alex Morrison who does production and manages the podcast. Also Can Schiffman is our newest edition to the Boston Studio. Kristin Martin and Cheryl Knight helped get the word out on social media and in our newsletters. And Rob Ho is our editor in chief over@siliconangle.com, who does some wonderful editing for us. Thank you. Remember, all these episodes are available as podcasts. Wherever you listen, just search breaking analysis podcast. I publish each week on wiki bond.com at silicon angle.com. And you can email me at David dot valante@siliconangle.com or DM me at Dante or comment on my LinkedIn posts. And please do checkout etr.ai. They got the best survey data in the enterprise tech business. This is Dave Valante for the Cube Insights powered by etr. Thanks for watching and we'll see you next time on breaking analysis.

>> From theCUBE Studios in Palo Alto and Boston, bringing you data driven insights from theCUBE and ETR. This is breaking analysis with Dave Vellante. >> The technology spending outlook is not pretty and very much unpredictable right now. The negative sentiment is of course being driven by the macroeconomic factors in earnings forecasts that have been coming down all year in an environment of rising interest rates. And what's worse, is many people think earnings estimates are still too high. But it's understandable why there's so much uncertainty. I mean, technology is still booming, digital transformations are happening in earnest, leading companies have momentum and they got cash runways. And moreover, the CEOs of these leading companies are still really optimistic. But strong guidance in an environment of uncertainty is somewhat risky. Hello and welcome to this week's Wikibon CUBE Insights Powered by ETR. In this breaking analysis, we share takeaways from ETR'S latest spending survey, which was released to their private clients on October 21st. Today, we're going to review the macro spending data. We're going to share where CIOs think their cloud spend is headed. We're going to look at the actions that organizations are taking to manage uncertainty and then review some of the technology companies that have the most positive and negative outlooks in the ETR data set. Let's first look at the sample makeup from the latest ETR survey. ETR captured more than 1300 respondents in this latest survey. Its highest figure for the year and the quality and seniority of respondents just keeps going up each time we dig into the data. We've got large contributions as you can see here from sea level executives in a broad industry focus. Now the survey is still North America centric with 20% of the respondents coming from overseas and there is a bias toward larger organizations. And nonetheless, we're still talking well over 400 respondents coming from SMBs. Now ETR for those of you who don't know, conducts a quarterly spending intention survey and they also do periodic drilldowns. So just by the way of review, let's take a look at the expectations in the latest drilldown survey for IT spending. Before we look at the broader technology spending intentions survey data, followers of this program know that we reported on this a couple of weeks ago, spending expectations that peaked last December at 8.3% are now down to 5.5% with a slight uptick expected for next year as shown here. Now one CIO in the ETR community said these figures could be understated because of inflation. Now that's an interesting comment. Real GDP in the US is forecast to be around 1.5% in 2022. So these figures are significantly ahead of that. Nominal GDP is forecast to be significantly higher than what is shown in that slide. It was over 9% in June for example. And one would interpret that survey respondents are talking about real dollars which reflects inflationary factors in IT spend. So you might say, well if nominal GDP is in the high single digits this means that IT spending is below GDP which is usually not the case. But the flip side of that is technology tends to be deflationary because prices come down over time on a per unit basis, so this would be a normal and even positive trend. But it's mixed right now with prices on hard to find hardware, they're holding more firms. Software, you know, software tends to be driven by lock in and competition and switching costs. So you have those countervailing factors. Services can be inflationary, especially now as wages rise but certain sectors like laptops and semis and NAND are seeing less demand and maybe even some oversupply. So the way to look at this data is on a relative basis. In other words, IT buyers are reporting 280 basis point drop in spending sentiment from the end of last year. Now, something that we haven't shared from the latest drilldown survey which we will now is how IT bar buyers are thinking about cloud adoption. This chart shows responses from 419 IT execs from that drilldown and depicts the percentage of workloads their organizations have in the cloud today and what the expectation is through years from now. And you can see it's 27% today and it's nearly 50% in three years. Now the nuance is if you look at the question, that ETRS, it's they asked about IaaS and PaaS, which to some could include on-prem. Now, let me come back to that. In particular, financial services, IT, telco and retail and services industry cited expectations for the future for three years out that we're well above the average of the mean adoption levels. Regardless of how you interpret this data there's most certainly plenty of public cloud in the numbers. And whether you believe cloud is an operating environment or a place out there in the cloud, there's plenty of room for workloads to move into a cloud model well beyond mid this decade. So you know, as ho hum as we've been toward recent as-a-service models announced from the likes of HPE with GreenLake and Dell with APEX, the timing of those offerings may be pretty good actually. Now let's expand on some of the data that we showed a couple weeks ago. This chart shows responses from 282 execs on actions their organizations are taking over the next three months. And the Deltas are quite traumatic from the early part of this charter than the left hand side. The brown line is hiring freezes, the black line is freezing IT projects, and the green line is hiring increases and that red line is layoffs. And we put a box around the sort of general area of the isolation economy timeframe. And you can see the wild swings on this chart. By mid last summer, people were kickstarting things and more hiring was going on and the black line shows IT project freezes, you know, came way down. And now, or on the way back up as our hiring freezes. So we're seeing these wild swings in organizational actions and strategies which underscores the lack of predictability. As with supply chains around the world, this is likely due to the fact that organizations, pre pandemic they were optimized for efficiency, not a lot of waste rather than business resilience. Meaning, you know, there's again not a lot of fluff in the system or if there was it got flushed out during the pandemic. And so the need for productivity and automation is becoming increasingly important, especially as actions that solely rely on headcount changes are very, very difficult to manage. Now, let's dig into some of the vendor commentary and take a look at some of the names that have momentum and some of the others possibly facing headwinds. Here's a list of companies that stand out in the ETR survey. Snowflake, once again leads the pack with a positive spending outlook. HashiCorp, CrowdStrike, Databricks, Freshworks and ServiceNow, they round out the top six. Microsoft, they seem to always be in the mix, as do a number of other security and related companies including CyberArk, Zscaler, CloudFlare, Elastic, Datadog, Fortinet, Tenable and to a certain extent Akamai, you can kind of put them sort of in that group. You know, CDN, they got to worry about security. Everybody worries about security, but especially the CDNs. Now the other software names that are highlighted here include Workday and Salesforce. On the negative side, you can see Dynatrace saw some negatives in the latest survey especially around its analytics business. Security is generally holding up better than other sectors but it's still seeing greater levels of pressure than it had previously. So lower spend. And defections relative to its observability peers, that's really for Dynatrace. Now the other one that was somewhat surprising is IBM. You see the IBM was sort of in that negative realm here but IBM reported an outstanding quarter this past week with double digit revenue growth, strong momentum in software, consulting, mainframes and other infrastructure like storage. It's benefiting from the Kyndryl restructuring and it's on track IBM to deliver 10 billion in free cash flow this year. Red Hat is performing exceedingly well and growing in the very high teens. And so look, IBM is in the midst of a major transformation and it seems like a company that is really focused now with hybrid cloud being powered by Red Hat and consulting and a decade plus of AI investments finally paying off. Now the other big thing we'll add is, IBM was once an outstanding acquire of companies and it seems to be really getting its act together on the M&A front. Yes, Red Hat was a big pill to swallow but IBM has done a number of smaller acquisitions, I think seven this year. Like for example, Turbonomic, which is starting to pay off. Arvind Krishna has the company focused once again. And he and Jim J. Kavanaugh, IBM CFO, seem to be very confident on the guidance that they're giving in their business. So that's a real positive in our view for the industry. Okay, the last thing we'd like to do is take 12 of the companies from the previous chart and plot them in context. Now these companies don't necessarily compete with each other, some do. But they are standouts in the ETR survey and in the market. What we're showing here is a view that we like to often show, it's net score or spending velocity on the vertical axis. And it's a measure, that's a measure of the net percentage of customers that are spending more on a particular platform. So ETR asks, are you spending more or less? They subtract less from the mores. I mean I'm simplifying, but that's what net score is. Now in the horizontal axis, that is a measure of overlap which is which measures presence or pervasiveness in the dataset. So bigger the better. We've inserted a table that informs how the dots in the companies are positioned. These companies are all in the green in terms of net score. And that right most column in the table insert is indicative of their presence in the dataset, the end. So higher, again, is better for both columns. Two other notes, the red dotted line there you see at 40%. Anything over that indicates an highly elevated spending momentum for a given platform. And we purposefully took Microsoft out of the mix in this chart because it skews the data due to its large size. Everybody else would cluster on the left and Microsoft would be all alone in the right. So we take them out. Now as we noted earlier, Snowflake once again leads with a net score of 64%, well above the 40% line. Having said that, while adoption rates for Snowflake remains strong the company's spending velocity in the survey has come down to Earth. And many more customers are shifting from where they were last year and the year before in growth mode i.e. spending more year to year with Snowflake to now shifting more toward flat spending. So a plus or minus 5%. So that puts pressure on Snowflake's net score, just based on the math as to how ETR calculates, its proprietary net score methodology. So Snowflake is by no means insulated completely to the macro factors. And this was seen especially in the data in the Fortune 500 cut of the survey for Snowflake. We didn't show that here, just giving you anecdotal commentary from the survey which is backed up by data. So, it showed steeper declines in the Fortune 500 momentum. But overall, Snowflake, very impressive. Now what's more, note the position of Streamlit relative to Databricks. Streamlit is an open source python framework for developing data driven, data science oriented apps. And it's ironic that it's net score and shared in is almost identical to those of data bricks, as the aspirations of Snowflake and Databricks are beginning to collide. Now, however, the Databricks net score has held up very well over the past year and is in the 92nd percentile of its machine learning and AI peers. And while it's seeing some softness, like Snowflake in the Fortune 500, Databricks has steadily moved to the right on the X axis over the last several surveys even though it was unable to get to the public markets and do an IPO during the lockdown tech bubble. Let's come back to the chart. ServiceNow is impressive because it's well above the 40% mark and it has 437 shared in on this cut, the largest of any company that we chose to plot here. The only real negative on ServiceNow is, more large customers are keeping spending levels flat. That's putting a little bit pressure on its net score, but that's just conservatives. It's kind of like Snowflakes, you know, same thing but in a larger scale. But it's defections, the ServiceNow as in Snowflake as well. It's defections remain very, very low, really low churn below 2% for ServiceNow, in fact, within the dataset. Now it's interesting to also see Freshworks hit the list. You can see them as one of the few ITSM vendors that has momentum and can potentially take on ServiceNow. Workday, on this chart, it's the other big app player that's above the 40% line and we're only showing Workday HCM, FYI, in this graphic. It's Workday Financials, that offering, is below the 40% line just for reference. Now let's talk about CrowdStrike. We attended Falcon last month, CrowdStrike's user conference and we're very impressed with the product visio, the company's execution, it's growing partnerships. And you can see in this graphic, the ETR survey data confirms the company's stellar performance with a net score at 50%, well above the 40% mark. And importantly, more than 300 mentions. That's second only to ServiceNow, amongst the 12 companies that we've chosen to highlight here. Only Microsoft, which is not shown here, has a higher net score in the security space than CrowdStrike. And when it comes to presence, CrowdStrike now has caught up to Splunk in terms of pervasion in the survey. Now CyberArk and Zscaler are the other two security firms that are right at that 40% red dotted line. CyberArk for names with over a hundred citations in the security sector, is only behind Microsoft and CrowdStrike. Zscaler for its part in the survey is seeing strong momentum in the Fortune 500, unlike what we said for Snowflake. And its pervasion on the X-axis has been steadily increasing. Again, not that Snowflake and CrowdStrike compete with each other but they're too prominent names and it's just interesting to compare peers and business models. Cloudflare, Elastic and Datadog are slightly below the 40% mark but they made the sort of top 12 that we showed to highlight here and they continue to have positive sentiment in the survey. So, what are the big takeaways from this latest survey, this really quick snapshot that we've taken. As you know, over the next several weeks we're going to dig into it more and more. As we've previously reported, the tide is going out and it's taking virtually all the tech ships with it. But in many ways the current market is a story of heightened expectations coming down to Earth, miscalculations about the economic patterns and the swings and imperfect visibility. Leading Barclays analyst, Ramo Limchao ask the question to guide or not to guide in a recent research note he wrote. His point being, should companies guide or should they be more cautious? Many companies, if not most companies, are actually giving guidance. Indeed, when companies like Oracle and IBM are emphatic about their near term outlook and their visibility, it gives one confidence. On the other hand, reasonable people are asking, will the red hot valuations that we saw over the last two years from the likes of Snowflake, CrowdStrike, MongoDB, Okta, Zscaler, and others. Will they return? Or are we in for a long, drawn out, sideways exercise before we see sustained momentum? And to that uncertainty, we add elections and public policy. It's very hard to predict right now. I'm sorry to be like a two-handed lawyer, you know. On the one hand, on the other hand. But that's just the way it is. Let's just say for our part, we think that once it's clear that interest rates are on their way back down and we'll stabilize it under 4% and we have clarity on the direction of inflation, wages, unemployment and geopolitics, the wild swings and sentiment will subside. But when that happens is anyone's guess. If I had to peg, I'd say 18 months, which puts us at least into the spring of 2024. What's your prediction? You know, it's almost that time of year. Let's hear it. Please keep in touch and let us know what you think. Okay, that's it for now. Many thanks to Alex Myerson. He is on production and he manages the podcast for us. Ken Schiffman as well is our newest addition to the Boston Studio. Kristin Martin and Cheryl Knight, they help get the word out on social media and in our newsletters. And Rob Hoff is our EIC, editor-in-chief over at SiliconANGLE. He does some wonderful editing for us. Thank you all. Remember all these episodes, they are available as podcasts. Wherever you listen, just search breaking analysis podcast. I publish each week on wikibon.com and siliconangle.com. Or you can email me at david.vellante@siliconangle.com or DM me @dvellante. Or feel free to comment on our LinkedIn posts. And please do check out etr.ai. They've got the best survey data in the enterprise tech business. If you haven't checked that out, you should. It'll give you an advantage. This is Dave Vellante for theCUBE Insights Powered by ETR. Thanks for watching. Be well and we'll see you next time on Breaking Analysis. (soft upbeat music)

>> Announcer: From theCUBE studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is "Breaking Analysis" with Dave Vellante. >> The rapid pace of cloud adoption has changed the way organizations approach cybersecurity. Specifically, the cloud is increasingly becoming the first line of cyber defense. As such, along with communicating to the board and creating a security aware culture, the chief information security officer must ensure that the shared responsibility model is being applied properly. Meanwhile, the DevSecOps team has emerged as the critical link between strategy and execution, while audit becomes the free safety, if you will, in the equation, i.e., the last line of defense. Hello, and welcome to this week's, we keep on CUBE Insights, powered by ETR. In this "Breaking Analysis", we'll share the latest data on hyperscale, IaaS, and PaaS market performance, along with some fresh ETR survey data. And we'll share some highlights and the puts and takes from the recent AWS re:Inforce event in Boston. But first, the macro. It's earning season, and that's what many people want to talk about, including us. As we reported last week, the macro spending picture is very mixed and weird. Think back to a week ago when SNAP reported. A player like SNAP misses and the Nasdaq drops 300 points. Meanwhile, Intel, the great semiconductor hope for America misses by a mile, cuts its revenue outlook by 15% for the year, and the Nasdaq was up nearly 250 points just ahead of the close, go figure. Earnings reports from Meta, Google, Microsoft, ServiceNow, and some others underscored cautious outlooks, especially those exposed to the advertising revenue sector. But at the same time, Apple, Microsoft, and Google, were, let's say less bad than expected. And that brought a sigh of relief. And then there's Amazon, which beat on revenue, it beat on cloud revenue, and it gave positive guidance. The Nasdaq has seen this month best month since the isolation economy, which "Breaking Analysis" contributor, Chip Symington, attributes to what he calls an oversold rally. But there are many unknowns that remain. How bad will inflation be? Will the fed really stop tightening after September? The Senate just approved a big spending bill along with corporate tax hikes, which generally don't favor the economy. And on Monday, August 1st, the market will likely realize that we are in the summer quarter, and there's some work to be done. Which is why it's not surprising that investors sold the Nasdaq at the close today on Friday. Are people ready to call the bottom? Hmm, some maybe, but there's still lots of uncertainty. However, the cloud continues its march, despite some very slight deceleration in growth rates from the two leaders. Here's an update of our big four IaaS quarterly revenue data. The big four hyperscalers will account for $165 billion in revenue this year, slightly lower than what we had last quarter. We expect AWS to surpass 83 billion this year in revenue. Azure will be more than 2/3rds the size of AWS, a milestone from Microsoft. Both AWS and Azure came in slightly below our expectations, but still very solid growth at 33% and 46% respectively. GCP, Google Cloud Platform is the big concern. By our estimates GCP's growth rate decelerated from 47% in Q1, and was 38% this past quarter. The company is struggling to keep up with the two giants. Remember, both GCP and Azure, they play a shell game and hide the ball on their IaaS numbers, so we have to use a survey data and other means of estimating. But this is how we see the market shaping up in 2022. Now, before we leave the overall cloud discussion, here's some ETR data that shows the net score or spending momentum granularity for each of the hyperscalers. These bars show the breakdown for each company, with net score on the right and in parenthesis, net score from last quarter. lime green is new adoptions, forest green is spending up 6% or more, the gray is flat, pink is spending at 6% down or worse, and the bright red is replacement or churn. Subtract the reds from the greens and you get net score. One note is this is for each company's overall portfolio. So it's not just cloud. So it's a bit of a mixed bag, but there are a couple points worth noting. First, anything above 40% or 40, here as shown in the chart, is considered elevated. AWS, as you can see, is well above that 40% mark, as is Microsoft. And if you isolate Microsoft's Azure, only Azure, it jumps above AWS's momentum. Google is just barely hanging on to that 40 line, and Alibaba is well below, with both Google and Alibaba showing much higher replacements, that bright red. But here's the key point. AWS and Azure have virtually no churn, no replacements in that bright red. And all four companies are experiencing single-digit numbers in terms of decreased spending within customer accounts. People may be moving some workloads back on-prem selectively, but repatriation is definitely not a trend to bet the house on, in our view. Okay, let's get to the main subject of this "Breaking Analysis". TheCube was at AWS re:Inforce in Boston this week, and we have some observations to share. First, we had keynotes from Steven Schmidt who used to be the chief information security officer at Amazon on Web Services, now he's the CSO, the chief security officer of Amazon. Overall, he dropped the I in his title. CJ Moses is the CISO for AWS. Kurt Kufeld of AWS also spoke, as did Lena Smart, who's the MongoDB CISO, and she keynoted and also came on theCUBE. We'll go back to her in a moment. The key point Schmidt made, one of them anyway, was that Amazon sees more data points in a day than most organizations see in a lifetime. Actually, it adds up to quadrillions over a fairly short period of time, I think, it was within a month. That's quadrillion, it's 15 zeros, by the way. Now, there was drill down focus on data protection and privacy, governance, risk, and compliance, GRC, identity, big, big topic, both within AWS and the ecosystem, network security, and threat detection. Those are the five really highlighted areas. Re:Inforce is really about bringing a lot of best practice guidance to security practitioners, like how to get the most out of AWS tooling. Schmidt had a very strong statement saying, he said, "I can assure you with a 100% certainty that single controls and binary states will absolutely positively fail." Hence, the importance of course, of layered security. We heard a little bit of chat about getting ready for the future and skating to the security puck where quantum computing threatens to hack all of the existing cryptographic algorithms, and how AWS is trying to get in front of all that, and a new set of algorithms came out, AWS is testing. And, you know, we'll talk about that maybe in the future, but that's a ways off. And by its prominent presence, the ecosystem was there enforced, to talk about their role and filling the gaps and picking up where AWS leaves off. We heard a little bit about ransomware defense, but surprisingly, at least in the keynotes, no discussion about air gaps, which we've talked about in previous "Breaking Analysis", is a key factor. We heard a lot about services to help with threat detection and container security and DevOps, et cetera, but there really wasn't a lot of specific talk about how AWS is simplifying the life of the CISO. Now, maybe it's inherently assumed as AWS did a good job stressing that security is job number one, very credible and believable in that front. But you have to wonder if the world is getting simpler or more complex with cloud. And, you know, you might say, "Well, Dave, come on, of course it's better with cloud." But look, attacks are up, the threat surface is expanding, and new exfiltration records are being set every day. I think the hard truth is, the cloud is driving businesses forward and accelerating digital, and those businesses are now exposed more than ever. And that's why security has become such an important topic to boards and throughout the entire organization. Now, the other epiphany that we had at re:Inforce is that there are new layers and a new trust framework emerging in cyber. Roles are shifting, and as a direct result of the cloud, things are changing within organizations. And this first hit me in a conversation with long-time cyber practitioner and Wikibon colleague from our early Wikibon days, and friend, Mike Versace. And I spent two days testing the premise that Michael and I talked about. And here's an attempt to put that conversation into a graphic. The cloud is now the first line of defense. AWS specifically, but hyperscalers generally provide the services, the talent, the best practices, and automation tools to secure infrastructure and their physical data centers. And they're really good at it. The security inside of hyperscaler clouds is best of breed, it's world class. And that first line of defense does take some of the responsibility off of CISOs, but they have to understand and apply the shared responsibility model, where the cloud provider leaves it to the customer, of course, to make sure that the infrastructure they're deploying is properly configured. So in addition to creating a cyber aware culture and communicating up to the board, the CISO has to ensure compliance with and adherence to the model. That includes attracting and retaining the talent necessary to succeed. Now, on the subject of building a security culture, listen to this clip on one of the techniques that Lena Smart, remember, she's the CISO of MongoDB, one of the techniques she uses to foster awareness and build security cultures in her organization. Play the clip >> Having the Security Champion program, so that's just, it's like one of my babies. That and helping underrepresented groups in MongoDB kind of get on in the tech world are both really important to me. And so the Security Champion program is purely purely voluntary. We have over 100 members. And these are people, there's no bar to join, you don't have to be technical. If you're an executive assistant who wants to learn more about security, like my assistant does, you're more than welcome. Up to, we actually, people grade themselves when they join us. We give them a little tick box, like five is, I walk on security water, one is I can spell security, but I'd like to learn more. Mixing those groups together has been game-changing for us. >> Now, the next layer is really where it gets interesting. DevSecOps, you know, we hear about it all the time, shifting left. It implies designing security into the code at the dev level. Shift left and shield right is the kind of buzz phrase. But it's getting more and more complicated. So there are layers within the development cycle, i.e., securing the container. So the app code can't be threatened by backdoors or weaknesses in the containers. Then, securing the runtime to make sure the code is maintained and compliant. Then, the DevOps platform so that change management doesn't create gaps and exposures, and screw things up. And this is just for the application security side of the equation. What about the network and implementing zero trust principles, and securing endpoints, and machine to machine, and human to app communication? So there's a lot of burden being placed on the DevOps team, and they have to partner with the SecOps team to succeed. Those guys are not security experts. And finally, there's audit, which is the last line of defense or what I called at the open, the free safety, for you football fans. They have to do more than just tick the box for the board. That doesn't cut it anymore. They really have to know their stuff and make sure that what they sign off on is real. And then you throw ESG into the mix is becoming more important, making sure the supply chain is green and also secure. So you can see, while much of this stuff has been around for a long, long time, the cloud is accelerating innovation in the pace of delivery. And so much is changing as a result. Now, next, I want to share a graphic that we shared last week, but a little different twist. It's an XY graphic with net score or spending velocity in the vertical axis and overlap or presence in the dataset on the horizontal. With that magic 40% red line as shown. Okay, I won't dig into the data and draw conclusions 'cause we did that last week, but two points I want to make. First, look at Microsoft in the upper-right hand corner. They are big in security and they're attracting a lot of dollars in the space. We've reported on this for a while. They're a five-star security company. And every time, from a spending standpoint in ETR data, that little methodology we use, every time I've run this chart, I've wondered, where the heck is AWS? Why aren't they showing up there? If security is so important to AWS, which it is, and its customers, why aren't they spending money with Amazon on security? And I asked this very question to Merrit Baer, who resides in the office of the CISO at AWS. Listen to her answer. >> It doesn't mean don't spend on security. There is a lot of goodness that we have to offer in ESS, external security services. But I think one of the unique parts of AWS is that we don't believe that security is something you should buy, it's something that you get from us. It's something that we do for you a lot of the time. I mean, this is the definition of the shared responsibility model, right? >> Now, maybe that's good messaging to the market. Merritt, you know, didn't say it outright, but essentially, Microsoft they charge for security. At AWS, it comes with the package. But it does answer my question. And, of course, the fact is that AWS can subsidize all this with egress charges. Now, on the flip side of that, (chuckles) you got Microsoft, you know, they're both, they're competing now. We can take CrowdStrike for instance. Microsoft and CrowdStrike, they compete with each other head to head. So it's an interesting dynamic within the ecosystem. Okay, but I want to turn to a powerful example of how AWS designs in security. And that is the idea of confidential computing. Of course, AWS is not the only one, but we're coming off of re:Inforce, and I really want to dig into something that David Floyer and I have talked about in previous episodes. And we had an opportunity to sit down with Arvind Raghu and J.D. Bean, two security experts from AWS, to talk about this subject. And let's share what we learned and why we think it matters. First, what is confidential computing? That's what this slide is designed to convey. To AWS, they would describe it this way. It's the use of special hardware and the associated firmware that protects customer code and data from any unauthorized access while the data is in use, i.e., while it's being processed. That's oftentimes a security gap. And there are two dimensions here. One is protecting the data and the code from operators on the cloud provider, i.e, in this case, AWS, and protecting the data and code from the customers themselves. In other words, from admin level users are possible malicious actors on the customer side where the code and data is being processed. And there are three capabilities that enable this. First, the AWS Nitro System, which is the foundation for virtualization. The second is Nitro Enclaves, which isolate environments, and then third, the Nitro Trusted Platform Module, TPM, which enables cryptographic assurances of the integrity of the Nitro instances. Now, we've talked about Nitro in the past, and we think it's a revolutionary innovation, so let's dig into that a bit. This is an AWS slide that was shared about how they protect and isolate data and code. On the left-hand side is a classical view of a virtualized architecture. You have a single host or a single server, and those white boxes represent processes on the main board, X86, or could be Intel, or AMD, or alternative architectures. And you have the hypervisor at the bottom which translates instructions to the CPU, allowing direct execution from a virtual machine into the CPU. But notice, you also have blocks for networking, and storage, and security. And the hypervisor emulates or translates IOS between the physical resources and the virtual machines. And it creates some overhead. Now, companies like VMware have done a great job, and others, of stripping out some of that overhead, but there's still an overhead there. That's why people still like to run on bare metal. Now, and while it's not shown in the graphic, there's an operating system in there somewhere, which is privileged, so it's got access to these resources, and it provides the services to the VMs. Now, on the right-hand side, you have the Nitro system. And you can see immediately the differences between the left and right, because the networking, the storage, and the security, the management, et cetera, they've been separated from the hypervisor and that main board, which has the Intel, AMD, throw in Graviton and Trainium, you know, whatever XPUs are in use in the cloud. And you can see that orange Nitro hypervisor. That is a purpose-built lightweight component for this system. And all the other functions are separated in isolated domains. So very strong isolation between the cloud software and the physical hardware running workloads, i.e., those white boxes on the main board. Now, this will run at practically bare metal speeds, and there are other benefits as well. One of the biggest is security. As we've previously reported, this came out of AWS's acquisition of Annapurna Labs, which we've estimated was picked up for a measly $350 million, which is a drop in the bucket for AWS to get such a strategic asset. And there are three enablers on this side. One is the Nitro cards, which are accelerators to offload that wasted work that's done in traditional architectures by typically the X86. We've estimated 25% to 30% of core capacity and cycles is wasted on those offloads. The second is the Nitro security chip, which is embedded and extends the root of trust to the main board hardware. And finally, the Nitro hypervisor, which allocates memory and CPU resources. So the Nitro cards communicate directly with the VMs without the hypervisors getting in the way, and they're not in the path. And all that data is encrypted while it's in motion, and of course, encryption at rest has been around for a while. We asked AWS, is this an, we presumed it was an Arm-based architecture. We wanted to confirm that. Or is it some other type of maybe hybrid using X86 and Arm? They told us the following, and quote, "The SoC, system on chips, for these hardware components are purpose-built and custom designed in-house by Amazon and Annapurna Labs. The same group responsible for other silicon innovations such as Graviton, Inferentia, Trainium, and AQUA. Now, the Nitro cards are Arm-based and do not use any X86 or X86/64 bit CPUs. Okay, so it confirms what we thought. So you may say, "Why should we even care about all this technical mumbo jumbo, Dave?" Well, a year ago, David Floyer and I published this piece explaining why Nitro and Graviton are secret weapons of Amazon that have been a decade in the making, and why everybody needs some type of Nitro to compete in the future. This is enabled, this Nitro innovations and the custom silicon enabled by the Annapurna acquisition. And AWS has the volume economics to make custom silicon. Not everybody can do it. And it's leveraging the Arm ecosystem, the standard software, and the fabrication volume, the manufacturing volume to revolutionize enterprise computing. Nitro, with the alternative processor, architectures like Graviton and others, enables AWS to be on a performance, cost, and power consumption curve that blows away anything we've ever seen from Intel. And Intel's disastrous earnings results that we saw this past week are a symptom of this mega trend that we've been talking about for years. In the same way that Intel and X86 destroyed the market for RISC chips, thanks to PC volumes, Arm is blowing away X86 with volume economics that cannot be matched by Intel. Thanks to, of course, to mobile and edge. Our prediction is that these innovations and the Arm ecosystem are migrating and will migrate further into enterprise computing, which is Intel's stronghold. Now, that stronghold is getting eaten away by the likes of AMD, Nvidia, and of course, Arm in the form of Graviton and other Arm-based alternatives. Apple, Tesla, Amazon, Google, Microsoft, Alibaba, and others are all designing custom silicon, and doing so much faster than Intel can go from design to tape out, roughly cutting that time in half. And the premise of this piece is that every company needs a Nitro to enable alternatives to the X86 in order to support emergent workloads that are data rich and AI-based, and to compete from an economic standpoint. So while at re:Inforce, we heard that the impetus for Nitro was security. Of course, the Arm ecosystem, and its ascendancy has enabled, in our view, AWS to create a platform that will set the enterprise computing market this decade and beyond. Okay, that's it for today. Thanks to Alex Morrison, who is on production. And he does the podcast. And Ken Schiffman, our newest member of our Boston Studio team is also on production. Kristen Martin and Cheryl Knight help spread the word on social media and in the community. And Rob Hof is our editor in chief over at SiliconANGLE. He does some great, great work for us. Remember, all these episodes are available as podcast. Wherever you listen, just search "Breaking Analysis" podcast. I publish each week on wikibon.com and siliconangle.com. Or you can email me directly at David.Vellante@siliconangle.com or DM me @dvellante, comment on my LinkedIn post. And please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights, powered by ETR. Thanks for watching. Be well, and we'll see you next time on "Breaking Analysis." (upbeat theme music)

(upbeat music) >> It'll be five, four, three and then silent two, one, and then you guys just follow my lead. We're just making some last minute adjustments. Like I said, we're down two hands today. So, you good Alex? Okay, are you guys ready? >> I'm ready. >> Ready. >> I got to get get one note here. >> So I noticed Maria you stopped anyway, so I have time. >> Just so they know Dave and the Boston Studio, are they both kind of concurrently be on film even when they're not speaking or will only the speaker be on film for like if Gerald's drawing while Maria is talking about-- >> Sorry but then I missed one part of my onboarding spiel. There should be, if you go into gallery there should be a label. There should be something labeled Boston live switch feed. If you pin that gallery view you'll see what our program currently being recorded is. So any time you don't see yourself on that feed is an excellent time to take a drink of water, scratch your nose, check your notes. Do whatever you got to do off screen. >> Can you give us a three shot, Alex? >> Yes, there it is. >> And then go to me, just give me a one-shot to Dave. So when I'm here you guys can take a drink or whatever >> That makes sense? >> Yeah. >> Excellent, I will get my recordings restarted and we'll open up when Dave's ready. >> All right, you guys ready? >> Ready. >> All right Steve, you go on mute. >> Okay, on me in 5, 4, 3. Developers have become the new king makers in the world of digital and cloud. The rise of containers and microservices has accelerated the transition to cloud native applications. A lot of people will talk about application architecture and the related paradigms and the benefits they bring for the process of writing and delivering new apps. But a major challenge continues to be, the how and the what when it comes to accessing, processing and getting insights from the massive amounts of data that we have to deal with in today's world. And with me are two experts from the data management world who will share with us how they think about the best techniques and practices based on what they see at large organizations who are working with data and developing so-called data-driven apps. Please welcome Maria Colgan and Gerald Venzl, two distinguish product managers from Oracle. Folks, welcome, thanks so much for coming on. >> Thanks for having us Dave. >> Thank you very much for having us. >> Okay, Maria let's start with you. So, we throw around this term data-driven, data-driven applications. What are we really talking about there? >> So data-driven applications are applications that work on a diverse set of data. So anything from spatial to sensor data, document data as well as your usual transaction processing data. And what they're going to do is they'll generate value from that data in very different ways to a traditional application. So for example, they may use machine learning, they are able to do product recommendations in the middle of a transaction. Or we could use graph to be able to identify an influencer within the community so we can target them with a specific promotion. It could also use spatial data to be able to help find the nearest stores to a particular customer. And because these apps are deployed on multiple platforms, everything from mobile devices as well as standard browsers, they need a data platform that's going to be both secure, reliable and scalable. >> Well, so when you think about how the workloads are shifting I mean, we're not talking about, you know it's not anymore a world of just your ERP or your HCM or your CRM, you know kind of the traditional operational systems. You really are seeing an explosion of these new data oriented apps. You're seeing, you know, modeling in the cloud, you are going to see more and more inferencing, inferencing at the edge. But Maria maybe you could talk a little bit about sort of the benefits that customers are seeing from developing these types of applications. I mean, why should people care about data-driven apps? >> Oh, for sure, there's massive benefits to them. I mean, probably the most obvious one for any business regardless of the industry, is that they not only allow you to understand what your customers are up to, but they allow you to be able to anticipate those customer's needs. So that helps businesses maintain that competitive edge and retain their customers. But it also helps them make data-driven decisions in real time based on actual data rather than on somebody's gut feeling or basing those decisions on historical data. So for example, you can do real-time price adjustments on products based on demand and so forth, that kind of thing. So it really changes the way people do business today. >> So Gerald, you think about the narrative in the industry everybody wants to be a platform player all your customers they are becoming software companies, they are becoming platform players. Everybody wants to be like, you know name a company that is huge trillion dollar market cap or whatever, and those are data-driven companies. And so it would seem to me that data-driven applications, there's nobody, no company really shouldn't be data-driven. Do you buy that? >> Yeah, absolutely. I mean, data-driven, and that naturally the whole industry is data-driven, right? It's like we all have information technologies about processing data and deriving information out of it. But when it comes to app development I think there is a big push to kind of like we have to do machine learning in our applications, we have to get insights from data. And when you actually look back a bit and take a step back, you see that there's of course many different kinds of applications out there as well that's not to be forgotten, right? So there is a usual front end user interfaces where really the application all it does is just entering some piece of information that's stored somewhere or perhaps a microservice that's not attached to a data to you at all but just receives or asks calls (indistinct). So I think it's not necessarily so important for every developer to kind of go on a bandwagon that they have to be data-driven. But I think it's equally important for those applications and those developers that build applications, that drive the business, that make business critical decisions as Maria mentioned before. Those guys should take really a close look into what data-driven apps means and what the data to you can actually give to them. Because what we see also happening a lot is that a lot of the things that are well known and out there just ready to use are being reimplemented in the applications. And for those applications, they essentially just ended up spending more time writing codes that will be already there and then have to maintain and debug the code as well rather than just going to market faster. >> Gerald can you talk to the prevailing approaches that developers take to build data-driven applications? What are the ones that you see? Let's dig into that a little bit more and maybe differentiate the different approaches and talk about that? >> Yeah, absolutely. I think right now the industry is like in two camps, it's like sort of a religious war going on that you'll see often happening with different architectures and so forth going on. So we have single purpose databases or data management technologies. Which are technologies that are as the name suggests build around a single purpose. So it's like, you know a typical example would be your ordinary key-value store. And a key-value store all it does is it allows you to store and retrieve a piece of data whatever that may be really, really fast but it doesn't really go beyond that. And then the other side of the house or the other camp would be multimodal databases, multimodal data management technologies. Those are technologies that allow you to store different types of data, different formats of data in the same technology in the same system alongside. And, you know, when you look at the geographics out there of what we have from technology, is pretty much any relational database or any database really has evolved into such a multimodal database. Whether that's MySQL that allows you to store or chase them alongside relational or even a MongoDB that allows you to do or gives you native graph support since (mumbles) and as well alongside the adjacent support. >> Well, it's clearly a trend in the industry. We've talked about this a lot in The Cube. We know where Oracle stands on this. I mean, you just mentioned MySQL but I mean, Oracle Databases you've been extending, you've mentioned JSON, we've got blockchain now in there you're infusing, you know ML and AI into the database, graph database capabilities, you know on and on and on. We talked a lot about we compared that to Amazon which is kind of the right tool, the right job approach. So maybe you could talk about, you know, your point of view, the benefits for developers of using that converged database if I can use that word approach being able to store multiple data formats? Why do you feel like that's a better approach? >> Yeah, I think on a high level it comes down to complexity. You are actually avoiding additional complexity, right? So not every use case that you have necessarily warrants to have yet another data management technology or yet the special build technology for managing that data, right? It's like many use cases that we see out there happily want to just store a piece of a chase and document, a piece of chase in a database and then perhaps retrieve it again afterwards so write some simple queries over it. And you really don't have to get a new database technology or a NoSQL database into the mix if you already have some to just fulfill that exact use case. You could just happily store that information as well in the database you already have. And what it really comes down to is the learning curve for developers, right? So it's like, as you use the same technology to store other types of data, you don't have to learn a new technology, you don't have to associate yourself with new and learn new drivers. You don't have to find new frameworks and you don't have to know how to necessarily operate or best model your data for that database. You can essentially just reuse your knowledge of the technology as well as the libraries and code you have already built in house perhaps in another application, perhaps, you know framework that you used against the same technology because it is still the same technology. So, kind of all comes down again to avoiding complexity rather than not fragmenting you know, the many different technologies we have. If you were to look at the different data formats that are out there today it's like, you know, you would end up with many different databases just to store them if you were to fully religiously follow the single purpose best built technology for every use case paradigm, right? And then you would just end up having to manage many different databases more than actually focusing on your app and getting value to your business or to your user. >> Okay, so I get that and I buy that by the way. I mean, especially if you're a larger organization and you've got all these projects going on but before we go back to Maria, Gerald, I want to just, I want to push on that a little bit. Because the counter to that argument would be in the analogy. And I wonder if you, I'd love for you to, you know knock this analogy off the blocks. The counter would be okay, Oracle is the Swiss Army knife and it's got, you know, all in one. But sometimes I need that specialized long screwdriver and I go into my toolbox and I grab that. It's better than the screwdriver in my Swiss Army knife. Why, are you the Swiss Army knife of databases? Or are you the all-in-one have that best of breed screwdriver for me? How do you think about that? >> Yeah, that's a fantastic question, right? And I think it's first of all, you have to separate between Oracle the company that has actually multiple data management technologies and databases out there as you said before, right? And Oracle Database. And I think Oracle Database is definitely a Swiss Army knife has many capabilities of since the last 40 years, you know that we've seen object support coming that's still in the Oracle Database today. We have seen XML coming, it's still in the Oracle Database, graph, spatial, et cetera. And so you have many different ways of managing your data and then on top of that going into the converge, not only do we allow you to store the different data model in there but we actually allow you also to, you apply all the security policies and so forth on top of it something Maria can talk more about the mission around converged database. I would also argue though that for some aspects, we do actually have to or add a screwdriver that you talked about as well. So especially in the relational world people get very quickly hung up on this idea that, oh, if you only do rows and columns, well, that's kind of what you put down on disk. And that was never true, it's the relational model is actually a logical model. What's probably being put down on disk is blocks that align themselves nice with block storage and always has been. So that allows you to actually model and process the data sort of differently. And one common example or one good example that we have that we introduced a couple of years ago was when, column and databases were very strong and you know, the competition came it's like, yeah, we have In-Memory column that stores now they're so much better. And we were like, well, orienting the data role-based or column-based really doesn't matter in the sense that we store them as blocks on disks. And so we introduced the in memory technology which gives you an In-Memory column, a representation of your data as well alongside your relational. So there is an example where you go like, well, actually you know, if you have this use case of the column or analytics all In-Memory, I would argue Oracle Database is also that screwdriver you want to go down to and gives you that capability. Because not only gives you representation in columnar, but also which many people then forget all the analytic power on top of SQL. It's one thing to store your data columnar, it's a completely different story to actually be able to run analytics on top of that and having all the built-in functionalities and stuff that you want to do with the data on top of it as you analyze it. >> You know, that's a great example, the kilometer 'cause I remember there was like a lot of hype around it. Oh, it's the Oracle killer, you know, at Vertica. Vertica is still around but, you know it never really hit escape velocity. But you know, good product, good company, whatever. Natezza, it kind of got buried inside of IBM. ParXL kind of became, you know, red shift with that deal so that kind of went away. Teradata bought a company, I forget which company it bought but. So that hype kind of disapated and now it's like, oh yeah, columnar. It's kind of like In-Memory, we've had a In-Memory databases ever since we've had databases you know, it's a kind of a feature not a sector. But anyway, Maria, let's come back to you. You've got a lot of customer experience. And you speak with a lot of companies, you know during your time at Oracle. What else are you seeing in terms of the benefits to this approach that might not be so intuitive and obvious right away? >> I think one of the biggest benefits to having a multimodel multiworkload or as we call it a converged database, is the fact that you can get greater data synergy from it. In other words, you can utilize all these different techniques and data models to get better value out of that data. So things like being able to do real-time machine learning, fraud detection inside a transaction or being able to do a product recommendation by accessing three different data models. So for example, if I'm trying to recommend a product for you Dave, I might use graph analytics to be able to figure out your community. Not just your friends, but other people on our system who look and behave just like you. Once I know that community then I can go over and see what products they bought by looking up our product catalog which may be stored as JSON. And then on top of that I can then see using the key-value what products inside that catalog those community members gave a five star rating to. So that way I can really pinpoint the right product for you. And I can do all of that in one transaction inside the database without having to transform that data into different models or God forbid, access different systems to be able to get all of that information. So it really simplifies how we can generate that value from the data. And of course, the other thing our customers love is when it comes to deploying data-driven apps, when you do it on a converged database it's much simpler because it is that standard data platform. So you're not having to manage multiple independent single purpose databases. You're not having to implement the security and the high availability policies, you know across a bunch of different diverse platforms. All of that can be done much simpler with a converged database 'cause the DBA team of course, is going to just use that standard set of tools to manage, monitor and secure those systems. >> Thank you for that. And you know, it's interesting, you talk about simplification and you are in Juan's organization so you've big focus on mission critical. And so one of the things that I think is often overlooked well, we talk about all the time is recovery. And if things are simpler, recovery is faster and easier. And so it's kind of the hallmark of Oracle is like the gold standard of the toughest apps, the most mission critical apps. But I wanted to get to the cloud Maria. So because everything is going to the cloud, right? Not all workloads are going to the cloud but everybody is talking about the cloud. Everybody has cloud first mentality and so yes, it's a hybrid world. But the natural next question is how do you think the cloud fits into this world of data-driven apps? >> I think just like any app that you're developing, the cloud helps to accelerate that development. And of course the deployment of these data-driven applications. 'Cause if you think about it, the developer is instantly able to provision a converged database that Oracle will automatically manage and look after for them. But what's great about doing something like that if you use like our autonomous database service is that it comes in different flavors. So you can get autonomous transaction processing, data warehousing or autonomous JSON so that the developer is going to get a database that's been optimized for their specific use case, whatever they are trying to solve. And it's also going to contain all of that great functionality and capabilities that we've been talking about. So what that really means to the developer though is as the project evolves and inevitably the business needs change a little, there's no need to panic when one of those changes comes in because your converged database or your autonomous database has all of those additional capabilities. So you can simply utilize those to able to address those evolving changes in the project. 'Cause let's face it, none of us normally know exactly what we need to build right at the very beginning. And on top of that they also kind of get a built-in buddy in the cloud, especially in the autonomous database. And that buddy comes in the form of built-in workload optimizations. So with the autonomous database we do things like automatic indexing where we're using machine learning to be that buddy for the developer. So what it'll do is it'll monitor the workload and see what kind of queries are being run on that system. And then it will actually determine if there are indexes that should be built to help improve the performance of that application. And not only does it bill those indexes but it verifies that they help improve the performance before publishing it to the application. So by the time the developer is finished with that app and it's ready to be deployed, it's actually also been optimized by the developers buddy, the Oracle autonomous database. So, you know, it's a really nice helping hand for developers when they're building any app especially data-driven apps. >> I like how you sort of gave us, you know the truth here is you don't always know where you're going when you're building an app. It's like it goes from you are trying to build it and they will come to start building it and we'll figure out where it's going to go. With Agile that's kind of how it works. But so I wonder, can you give some examples of maybe customers or maybe genericize them if you need to. Data-driven apps in the cloud where customers were able to drive more efficiency, where the cloud buddy allowed the customers to do more with less? >> No, we have tons of these but I'll try and keep it to just a couple. One that comes to mind straight away is retrace. These folks built a blockchain app in the Oracle Cloud that allows manufacturers to actually share the supply chain with the consumer. So the consumer can see exactly, who made their product? Using what raw materials? Where they were sourced from? How it was done? All of that is visible to the consumer. And in order to be able to share that they had to work on a very diverse set of data. So they had everything from JSON documents to images as well as your traditional transactions in there. And they store all of that information inside the Oracle autonomous database, they were able to build their app and deploy it on the cloud. And they were able to do all of that very, very quickly. So, you know, that ability to work on multiple different data types in a single database really helped them build that product and get it to market in a very short amount of time. Another customer that's doing something really, really interesting is MindSense. So these guys operate the largest mines in Canada, Chile, and Peru. But what they do is they put these x-ray devices on the massive mechanical shovels that are at the cove or at the mine face. And what that does is it senses the contents of the buckets inside these mining machines. And it's looking to see at that content, to see how it can optimize the processing of the ore inside in that bucket. So they're looking to minimize the amount of power and water that it's going to take to process that. And also of course, minimize the amount of waste that's going to come out of that project. So all of that sensor data is sent into an autonomous database where it's going to be processed by a whole host of different users. So everything from the mine engineers to the geo scientists, to even their own data scientists utilize that data to drive their business forward. And what I love about these guys is they're not happy with building just one app. MindSense actually use our built-in low core development environment, APEX that comes as part of the autonomous database and they actually produce applications constantly for different aspects of their business using that technology. And it's actually able to accelerate those new apps to the business. It takes them now just a couple of days or weeks to produce an app instead of months or years to build those new apps. >> Great, thank you for that Maria. Gerald, I'm going to push you again. So, I said upfront and talked about microservices and the cloud and containers and you know, anybody in the developer space follows that very closely. But some of the things that we've been talking about here people might look at that and say, well, they're kind of antithetical to microservices. This is our Oracles monolithic approach. But when you think about the benefits of microservices, people want freedom of choice, technology choice, seen as a big advantage of microservices and containers. How do you address such an argument? >> Yeah, that's an excellent question and I get that quite often. The microservices architecture in general as I said before had architectures, Linux distributions, et cetera. It's kind of always a bit of like there's an academic approach and there's a pragmatic approach. And when you look at the microservices the original definitions that came out at the early 2010s. They actually never said that each microservice has to have a database. And they also never said that if a microservice has a database, you have to use a different technology for each microservice. Just like they never said, you have to write a microservice in a different programming language, right? So where I'm going with this is like, yes you know, sometimes when you look at some vendors out there, some niche players, they push this message or they jump on this academic approach of like each microservice has the best tool at hand or I'd use a different database for your purpose, et cetera. Which almost often comes across like us. You know, we want to stay part of the conversation. Nothing stops a developer from, you know using a multimodal database for the microservice and just using that as a document store, right? Or just using that as a relational database. And, you know, sometimes I mean, it was actually something that happened that was really interesting yesterday I don't know whether you follow Dave or not. But Facebook had an outage yesterday, right? And Facebook is one of those companies that are seen as the Silicon Valley, you know know how to do microservices companies. And when you add through the outage, well, what happened, right? Some unfortunate logical error with configuration as a force that took a database cluster down. So, you know, there you have it where you go like, well, maybe not every microservice is actually in fact talking to its own database or its own special purpose database. I think there, you know, well, what we should, the industry should be focusing much more on this argument of which technology to use? What's the right tool for a job? Is more to ask themselves, what business problem actually are we trying to solve? And therefore what's the right approach and the right technology for this. And so therefore, just as I said before, you know multimodal databases they do have strong benefits. They have many built-in functionalities that are already there and they allow you to reduce this complexity of having to know many different technologies, right? And so it's not only to store different data models either you know, treat a multimodal database as a chasing documents store or a relational database but most databases are multimodal since 20 plus years. But it's also actually being able to perhaps if you store that data together, you can perhaps actually derive additional value for somebody else but perhaps not for your application. But like for example, if you were to use Oracle Database you can actually write queries on top of all of that data. It doesn't really matter for our query engine whether it's the data is format that then chase or the data is formatted in rows and columns you can just rather than query over it. And that's actually very powerful for those guys that have to, you know get the reporting done the end of the day, the end of the week. And for those guys that are the data scientists that they want to figure out, you know which product performed really well or can we tweak something here and there. When you look into that space you still see a huge divergence between the guys to put data in kind of the altarpiece style and guys that try to derive new insights. And there's still a lot of ETL going around and, you know we have big data technologies that some of them come and went and some of them came in that are still around like Apache Spark which is still like a SQL engine on top of any of your data kind of going back to the same concept. And so I will say that, you know, for developers when we look at microservices it's like, first of all, is the argument you were making because the vendor or the technology you want to use tells you this argument or, you know, you kind of want to have an argument to use a specific technology? Or is it really more because it is the best technology, to best use for this given use case for this given application that you have? And if so there's of course, also nothing wrong to use a single purpose technology either, right? >> Yeah, I mean, whenever I talk about Oracle I always come back to the most important applications, the mission critical. It's very difficult to architect databases with microservices and containers. You have to be really, really careful. And so and again, it comes back to what we were talking before about with Maria that the complexity and the recovery. But Gerald I want to stay with you for a minute. So there's other data management technologies popping out there. I mean, I've seen some people saying, okay just leave the data in an S3 bucket. We can query that, then we've got some magic sauce to do that. And so why are you optimistic about you know, traditional database technology going forward? >> I would say because of the history of databases. So one thing that once struck me when I came to Oracle and then got to meet great people like Juan Luis and Andy Mendelsohn who had been here for a long, long time. I come to realization that relational databases are around for about 45 years now. And, you know, I was like, I'm too young to have been around then, right? So I was like, what else was around 45 years? It's like just the tech stack that we have today. It's like, how does this look like? Well, Linux only came out in 93. Well, databases pre-date Linux a lot rather than as I started digging I saw a lot of technologies come and go, right? And you mentioned before like the technologies that data management systems that we had that came and went like the columnar databases or XML databases, object databases. And even before relational databases before Cot gave us the relational model there were apparently these networks stores network databases which to some extent look very similar to adjacent documents. There wasn't a harder storing data and a hierarchy to format. And, you know when you then start actually reading the Cot paper and diving a little bit more into the relation model, that's I think one important crux in there that most of the industry keeps forgetting or it hasn't been around to even know. And that is that when Cot created the relational model, he actually focused not so much on the application putting the data in, but on future users and applications still being able to making sense out of the data, right? And that's kind of like I said before we had those network models, we had XML databases you have adjacent documents stores. And the one thing that they all have along with it is like the application that puts the data in decides the structure of the data. And that's all well and good if you had an application of the developer writing an application. It can become really tricky when 10 years later you still want to look at that data and the application that the developer is no longer around then you go like, what does this all mean? Where is the structure defined? What is this attribute? What does it mean? How does it correlate to others? And the one thing that people tend to forget is that it's actually the data that's here to stay not someone who does the applications where it is. Ideally, every company wants to store every single byte of data that they have because there might be future value in it. Economically may not make sense that's now much more feasible than just years ago. But if you could, why wouldn't you want to store all your data, right? And sometimes you actually have to store the data for seven years or whatever because the laws require you to. And so coming back then and you know, like 10 years from now and looking at the data and going like making sense of that data can actually become a lot more difficult and a lot more challenging than having to first figure out and how we store this data for general use. And that kind of was what the relational model was all about. We decompose the data structures into tables and columns with relationships amongst each other so therefore between each other. So that therefore if somebody wants to, you know typical example would be well you store some purchases from your web store, right? There's a customer attribute in it. There's some credit card payment information in it, just some product information on what the customer bought. Well, in the relational model if you just want to figure out which products were sold on a given day or week, you just would query the payment and products table to get the sense out of it. You don't need to touch the customer and so forth. And with the hierarchical model you have to first sit down and understand how is the structure, what is the customer? Where is the payment? You know, does the document start with the payment or does it start with the customer? Where do I find this information? And then in the very early days those databases even struggled to then not having to scan all the documents to get the data out. So coming back to your question a bit, I apologize for going on here. But you know, it's like relational databases have been around for 45 years. I actually argue it's one of the most successful software technologies that we have out there when you look in the overall industry, right? 45 years is like, in IT terms it's like from a star being the ones who are going supernova. You have said it before that many technologies coming and went, right? And just want to add a more really interesting example by the way is Hadoop and HDFS, right? They kind of gave us this additional promise of like, you know, the 2010s like 2012, 2013 the hype of Hadoop and so forth and (mumbles) and HDFS. And people are just like, just put everything into HDFS and worry about the data later, right? And we can query it and map reduce it and whatever. And we had customers actually coming to us they were like, great we have half a petabyte of data on an HDFS cluster and we have no clue what's stored in there. How do we figure this out? What are we going to do now? Now you had a big data cleansing problem. And so I think that is why databases and also data modeling is something that will not go away anytime soon. And I think databases and database technologies are here for quite a while to stay. Because many of those are people they don't think about what's happening to the data five years from now. And many of the niche players also and also frankly even Amazon you know, following with this single purpose thing is like, just use the right tool for the job for your application, right? Just pull in the data there the way you wanted. And it's like, okay, so you use technologies all over the place and then five years from now you have your data fragmented everywhere in different formats and, you know inconsistencies, and, and, and. And those are usually when you come back to this data-driven business critical business decision applications the worst case scenario you can have, right? Because now you need an army of people to actually do data cleansing. And there's not a coincidence that data science has become very, very popular the last recent years as we kind of went on with this proliferation of different database or data management technologies some of those are not even database. But I think I leave it at that. >> It's an interesting talk track because you're right. I mean, no schema on right was alluring, but it definitely created some problems. It also created an entire, you know you referenced the hyper specialized roles and did the data cleansing component. I mean, maybe technology will eventually solve that problem but it hasn't up at least up tonight. Okay, last question, Maria maybe you could start off and Gerald if you want to chime in as well it'd be great. I mean, it's interesting to watch this industry when Oracle sort of won the top database mantle. I mean, I watched it, I saw it. It was, remember it was Informix and it was (indistinct) too and of course, Microsoft you got to give them credit with SQL server, but Oracle won the database wars. And then everything got kind of quiet for awhile database was sort of boring. And then it exploded, you know, all the, you know not only SQL and the key-value stores and the cloud databases and this is really a hot area now. And when we looked at Oracle we said, okay, Oracle it's all about Oracle Database, but we've seen the kind of resurgence in MySQL which everybody thought, you know once Oracle bought Sun they were going to kill MySQL. But now we see you investing in HeatWave, TimesTen, we talked about In-Memory databases before. So where do those fit in Maria in the grand scheme? How should we think about Oracle's database portfolio? >> So there's lots of places where you'd use those different things. 'Cause just like any other industry there are going to be new and boutique use cases that are going to benefit from a more specialized product or single purpose product. So good examples off the top of my head of the kind of systems that would benefit from that would be things like a stock exchange system or a telephone exchange system. Both of those are latency critical transaction processing applications where they need microsecond response times. And that's going to exceed perhaps what you might normally get or deploy with a converged database. And so Oracle's TimesTen database our In-Memory database is perfect for those kinds of applications. But there's also a host of MySQL applications out there today and you said it yourself there Dave, HeatWave is a great place to provision and deploy those kinds of applications because it's going to run 100 times faster than AWS (mumbles). So, you know, there really is a place in the market and in our customer's systems and the needs they have for all of these different members of our database family here at Oracle. >> Yeah, well, the internet is basically running in the lamp stack so I see MySQL going away. All right Gerald, will give you the final word, bring us home. >> Oh, thank you very much. Yeah, I mean, as Maria said, I think it comes back to what we discussed before. There is obviously still needs for special technologies or different technologies than a relational database or multimodal database. Oracle has actually many more databases that people may first think of. Not only the three that we have already mentioned but there's even SP so the Oracle's NoSQL database. And, you know, on a high level Oracle is a data management company, right? And we want to give our customers the best tools and the best technology to manage all of their data. Rather than therefore there has to be a need or there should be a part of the business that also focuses on this highly specialized systems and this highly specialized technologies that address those use cases. And I think it makes perfect sense. It's like, you know, when the customer comes to Oracle they're not only getting this, take this one product you know, and if you don't like it your problem but actually you have choice, right? And choice allows you to make a decision based on what's best for you and not necessarily best for the vendor you're talking to. >> Well guys, really appreciate your time today and your insights. Maria, Gerald, thanks so much for coming on The Cube. >> Thank you very much for having us. >> And thanks for watching this Cube conversation this is Dave Vellante and we'll see you next time. (upbeat music)