>>Okay, welcome back everyone. Cube's coverage here in Boston, Massachusetts, AWS reinforced 22, the security conference. It's ADOS big security conference. Of course, the cubes here, all the reinvent res re Mars reinforce. We cover 'em all now and the summits. I'm John. Very my host, Dave ante have IDC weighing in here with their analysis. We've got some great guests here, Jay Brisbane, research VP at IDC and Philip who research managed for cloud security. Gentlemen, thanks for coming on. Thank you. Appreciate it. Great >>To, to be here. I appreciate the got the full >>Circle, right? Just, security's more interesting >>Than storage. Isn't it? >>Dave, Dave and Jay worked together. This is a, a great segment. I'm psyched that you guys are here. We had Crawford and Matt Eastwood on at HPE discover a while back and really the, the, the data you guys are getting and the insights are fantastic. So congratulations to IDC. You guys doing great work. We appreciate your time. I wanna get your reaction to the event and the keynotes. AWS has got some posture and they're very aggressive on some tones. Some things that they didn't, we didn't hear. What's your reaction to the keynote, share your, your assessment. >>So, you know, I managed two different research services at IDC right now. They are both cloud security and identity and, and digital security. Right. And what was really interesting is the intersection between the two this morning, because every one of those speakers that came on had something to say about identity or least privileged access, or, you know, enable MFA, or make sure that you, you know, control who gets access to what and deny explicitly. Right? And it's always been a challenge a little bit in the identity world because a lot of people don't use MFA. And in RSA, that was another big theme at the RSA conference, right? MFA everywhere. Why don't they use it because it introduces friction and all of a sudden people can't get their jobs done. Right. And the whole point of a network is letting people on to get that data they want to get to. So that was kind of interesting, but, you know, as we have in the industry, this shared responsibility model for cloud computing, we've got shared responsibility for between Philip and I, I have done in the ke past more security of the cloud and Philip is more security in the cloud, >>So yeah. And it's, and now with cloud operation, super cloud, as we call it, you have on premises, private cloud coming back, or hasn't really gone anywhere, all that on premises, cloud operations, public cloud, and now edge exploding with new requirements. Yeah. It's really an ops challenge right now. Not so much dev. So the sick and op side is hot right now. >>Yeah. Well, we've made this move from monolithic to microservices based applications. And so during the keynote this morning, the announcement around the guard duty malware protection component, and that being built into the pricing of current guard duty, I thought was, was really key. And there was also a lot of talk about partnering in security certifications. Yeah. Which is also so very important. So we're seeing this move towards filling in that talent gap, which I think we're all aware of in the security industry. >>So Jake square, the circle for me. So Kirk, Coel talked about Amazon AWS identity, where does AWS leave off and, and companies like Okta or ping identity or crock pickup, how are they working together? Does it just create more confusion and more tools for customers? We, we have, we know the over word overused word of seamless. Yeah. Yeah. It's never seamless. So how should we think about that? >>So, you know, identity has been around for 35 years or something like that started with the mainframes and all that. And if you understand the history of it, you make more sense to the current market. You have to know where people came from and the baggage they're carrying, cuz they're still carrying a lot of that baggage. Now, when it comes to the cloud service providers, they're more an accommodation from the identity standpoint, let's make it easy inside of AWS to let you single sign on to anything in the cloud that they have. Right. Let's also introduce an additional MFA capability to keep people safer whenever we can and, you know, provide people the tools to, to get into those applications somewhat easily, right. While leveraging identities that may live somewhere else. So, you know, there's a whole lot of the world that is still active directory centric, right? There's another portion of companies that were born in the cloud that were able to jump on things like Okta and some of the other providers of these universal identities in the cloud. So, you know, like I said, you, if you understand where people came from in the beginning, you start to, to say, yeah, this makes sense. >>It's, it's interesting. You talk about mainframe. I, I always think about rack F you know, and I say, okay, who did what, when, where, yeah. And you hear about a lot of those themes. What, so what's the best practice for MFA? That's, that's non SMS based. Is it, you gotta wear something around your neck, is it to have sort of a third party authenticator? What are people doing that is that, that, that you guys would recommend? >>Yeah. One quick comment about adoption of MFA. You know, if you ask different suppliers, what percent of your base that does SSO also does MFA one of the biggest suppliers out there Microsoft will tell you it's under 25%. That's pretty shocking. Right? All the messaging that's come out about it. So another big player in the market was called duo. Cisco bought them. Yep. Right. And because they provide networks, a lot of people buy their MFA. They have probably the most prevalent type of MFA it's called push. Right. And push can be, you know, a red X and a green check mark to your phone. It can be a QR code, you know, somewhere, it can be an email push as well. So that is the next easiest thing to adopt after SMS. And as you know, SMS has been denigrated by N and others saying, you know, it's susceptible to man and middle attacks. >>It's built on a telephony protocol called SS seven. Yep. You know, predates anything. There's no certification, either side. The other real dynamic and identity is the whole adoption of PKI infrastructure. As you know, certificates are used for all kinds of things, network sessions, data encryption, well identity increasingly, and a lot of the, you know, consumers and especially the work from anywhere, people these days have access through smart devices. Right. And what you can do there is you can have an agent on that smart device, generate your private key and then push out a public key. And so the private key never leaves your device. That's one of the most secure ways to, so if your >>SIM card gets hacked, you're not gonna be as at vulnerable >>Or as vulnerable. Well, the SIM card is another, you know, challenge associated with the, the older waste. But yeah. Yeah. >>So what do you guys think about the open source connection and, and they, they mentioned it up top don't bolt on security implying shift left, which is embedding it in like sneak companies, like sneak do that, right. Container oriented, a lot of Kubernetes kind of cloud native services. So I wanna get your reaction to that. And then also this reasoning angle, they brought up kind of a higher level AI reasoning decisions. So open source and this notion of AI reasoning >>Automation. Yeah. And, and you see more open source discussion happening, right. So you, you know, you have your building maintaining and vetting of the upstream open source code, which is critical. And so I think AWS talking about that today, they're certainly hitting on a nerve as, you know, open source continues to proliferate around the automated reasoning. I think that makes sense. You know, you want to provide guiderails and you want to provide roadmaps and you wanna have sort of that guidance as to okay. What's the, you know, a correlation analysis of different tools and products. And so I think that's gonna go over really well. >>Yeah. One of the other, you know, key points of what open source is, everybody's in a multi-cloud world, right? Yeah. And so they're worried about vendor lockin, they want an open source code base so that they don't experience that. >>Yeah. And they can move the code around and make sure it works well on each system. Dave and I were just talking about some of the dynamics around data control planes. So yeah. They mentioned encrypt everything, which is great. And I message, by the way, I love that one, but oh. And he mentioned data at rest. I'm like, what about data in flight? Didn't hear that one. So one of the things we're seeing with super cloud, and now multi-cloud kind of, as destinations of that, is that in digital transformation, customers are leaning into owning their data flows. >>Yeah. >>Independent of say the control plane aspects of what could come in. This is huge implications for security, where sharing data is huge. Even Schmidt on Steve said we have billions and billions of things happening that we see things that no one else else sees. So that implies, they're >>Sharing quad trillion, >>Trillion, 15 zeros trillion. Yeah. 15 >>Zeros, 15 zeros. Yeah. >>So that implies, they're sharing that or using that, pushing that into something. So sharing's huge with cyber security. So that implies open data, data flows. What do, how do you guys see this evolving? I know it's kind of emerging, but it's becoming a, a nuanced point that's critical to the architecture. >>Well, I, yeah, I think another way to look at that is the sharing of intelligence and some of the recent directives, you know, from the executive branch, making it easier for private companies to share data and intelligence, which I think strengthens the cyber community overall, >>Depending upon the supplier. Right? Yeah. It's either an aggregate level of intelligence that has been, you know, anonymized or it's specific intelligence for your environment that, you know, everybody's got a threat feed, maybe two or three, right. Yeah. But back to the encryption point, I mean, I was working for an encryption startup for a little while. Right after I left IBM. And the thing is that people are scared of it. Right. They're scared of key management and rotation. And so when you provide, >>Because they might lose the key. >>Exactly. Yeah. It's like shooting yourself in the foot. Right. So that's when you have things like, you know, KMS services from Amazon and stuff, they really help out a lot and help people understand, okay, I'm not alone in this. >>Yeah. Crypto >>Owners, they call that hybrid, the hybrid key, they call the, what they call the, today. They call it the hybrid. >>What was that? The management service. Yeah. The hybrid. So hybrid HSM, correct. >>Yeah. What is that? What is that? I didn't, I didn't get that. I didn't understand what he meant by the hybrid post hybrid, post quantum key agreement. Right. That still notes >>Hybrid, post quantum key exchange, >>You know, AWS never made a product name that didn't have four words in it, >>But he did, but he did reference the, the new N algos. And I think I inferred that they were quantum proof or the claim it be. Yeah. And AWS was testing those. Correct. >>Yeah. >>So that was kind of interesting, but I wanna come back to identity for a second. Okay. So, so this idea of bringing traditional IAM and, and privilege access management together, is that a pipe dream, is that something that is actually gonna happen? What's the timeframe, what's your take on that? >>So, you know, there are aspects of privilege in every sort of identity back when, you know, it was only the back office that used computers for calculations, right? Then you were able to control how many people had access. There were two types of users, admins, and users, right? These days, everybody has some aspect of, >>It's a real spectrum, really >>Granular. You got the, you know, the C suite, the finance people, the DevOps, people, you know, even partners and whatever, they all need some sort of privileged access. And the, the term you hear so much is least privileged access. Right? Shut it down, control it. So, you know, in some of my research, I've been saying that vendors who are in the Pam space privilege access management space will probably be growing their suites, playing a bigger role, building out a stack because they have, you know, the, the expertise and the, and the perspective that says we should control this better. How do we do that? Right. And we've been seeing that recently, >>Is that a combination of old kind of antiquated systems meets for proprietary hyperscale or kind of like build your own? Cause I mean, Amazon, these guys, they Facebook, they all build their own stuff. >>Yes. They >>Do enterprises buy services from general purpose identity management systems. >>So as we were talking about, you know, knowing the past and whatever privileged access management used to be about compliance reporting. Yeah. Right. Just making sure that I knew who accessed what and could prove it. So I didn't fail in art. It wasn't >>A critical infrastructure item. >>No. And now these days, what it's transitioning into is much more risk management. Okay. I know what our risk is. I'm ahead of it. And the other thing in the Pam space was really session monitor. Right. Everybody wanted to watch every keystroke, every screen's scrape, all that kind of stuff. A lot of the new privilege access Mon management doesn't really require that it's nice to have feature. You kind of need it on the list, but is anybody really gonna implement it? That's the question. Right. And then, you know, if, if you do all that session monitor, does anybody ever go back and look at it? There's only so many hours in the day. >>How about passwordless access? You know? Right. I've heard people talk about that. Yeah. I mean, that's as a user, I can't wait, but >>It's somewhere we want to all go. Yeah. Right. We all want identity security to just disappear and be recognized when we log in. So the, the thing with password list is there's always a password somewhere and it's usually part of a registration, you know, action. I'm gonna register my device with a username password. And then beyond that, I can use my biometrics. Right. I wanna register my device and get a private key that I can put in my enclave. And I'll use that in the future. Maybe it's gotta touch ID. Maybe it doesn't. Right. So even though there's been a lot of progress made, it's not quote unquote, truly passwordless, there's a group industry standards group called Fido. Right. Which is fast identity online. And what they realized was these whole registration passwords. That's really a single point of failure. Cuz if I can't recover my device, I'm in trouble. Yeah. So they just did a, a new extension to sort of what they were doing, which provides you with much more of a, like an iCloud vault, right. That you can register that device in and other devices associated with that same iPad that you can >>Get you to it. If you >>Have to. Exactly. I had >>Another have all over the place here, but I, I want to ask about ransomware. It may not be your wheelhouse. Yeah. But back in the day, Jay, remember you used to cover tape. All the, all the backup guys now are talking about ransomware. AWS mentioned it today and they showed a bunch of best practices and things you can do air gaps. Wasn't one, one of 'em. Right. I was really surprised cuz that's all, every anybody ever talks about is air gaps. And a lot of times that air gaps that air gap could be a guess to the cloud. I guess I'm not sure. What are you guys seeing on ransomware >>Apps? You know, we've done a lot of great research around ransomware as a service and ransomware and, and you know, we just had some data come out recently that I think in terms of spending and, and spend and in as a result of the Ukraine, Russia war, that ransomware assessments rate number one. And so it's something that we encourage, you know, when we talk to vendors and in our services, in our publications that we write about taking advantage of those free strategic ransomware assessments, vulnerability assessments, right. As well, and then security and training ranked very highly as well. So we wanna make sure that all of these areas are being funded well to try and stay ahead of the curve. >>Yeah. I was surprised that not the air gaps on the list, that's all everybody >>Talks about. Well, you know, the, the old model for air gaping in the, the land days, the Noel days, you took your tapes home and put 'em in the sock drawer. >>Well, it's a form of air gap security and no one's gonna go there >>Clean. And then the internet came around >>Guys. Final question. I want to ask you guys, we kind zoom out. Great, great commentary by the way. Appreciate it. As the, we've seen this in many markets, a collection of tools emerge and then there's it's tool sprawl. Oh yeah. Right? Yeah. So cyber we're seeing trend now where Mon goes up on stage of all the E probably other vendors doing the same thing where they're organizing a platform on top of AWS to be this super platform. If you super cloud ability by building more platform thing. So we're saying there's a platform war going on, cuz customers don't want the complexity. Yeah. I got a tool, but it's actually making it more complex if I buy the other tool. So the tool sprawl becomes a problem. How do you guys see this? Do you guys see this platform emerging? I mean, tools won't go away, but they have to be >>Easier. Yeah. We do see a, a consolidation of functionality and services. And we've been seeing that, I think through a 20, 20 flat security survey that we released, that that was definitely a trend. And you know, that certainly happened for many companies over the last six to 24 months, I would say. And then platformization absolutely is something we talk 'em right. About all the time. So >>More M and a couple of years ago, I called the, the Amazon tool set in rector set. Yeah. Because it really required assembly. Yeah. And you see the emphasis on training here too, right? Yeah. You definitely need to go to AWS university to be competent. It >>Wasn't Lego blocks yet. No, it was a rector set. Very good distinction rules, you know, and, and you lose a few. It's >>True. Still too many tools. Right. You see, we need more consolidation. That's getting interesting because a lot of these companies have runway and you look, you look at sale point, its stock prices held up cuz of the Toma Bravo acquisition, but all the rest of the cyber stocks have been crushed. Yeah. You know, especially the high flyers, like a Senti, a one or a crowd strike, but yeah, just still M and a opportunity >>Itself. So platform wars. Okay. Final thoughts. What do you thinks happening next? What's what's your outlook for the, the next year or so? >>So in the, in the identity space, I'll talk about Phillip can cover cloud force. You know, it really is more consolidation and more adoption of things that are beyond simple SSO, right. It was, you know, just getting on the systems and now we really need to control what you're able to get to and who you are and do it as transparently as we possibly can because otherwise, you know, people are gonna lose productivity, right. They're not gonna be able to get to what they want. And that's what causes the C-suite to say, wait a minute, you know, DevOps, they want to update the product every day. Right. Make it better. Can they do that? Or did security get in the way people every once in a while I'll call security, the department of no, right? Yeah. Well, >>Yeah. They did it on stage. Yeah. They wanna be the department of yes, >>Exactly. And the department that creates additional value. If you look at what's going on with B to C or C IAM, consumer identity, that is all about opening up new direct channels and treating people like, you know, they're old friends, right. Not like you don't know 'em you have to challenge >>'em we always say you wanna be in the boat together. It sinks or not. Yeah. Right. Exactly. >>Phillip, >>Okay. What's your take? What's your outlook for the year? >>Yeah. I think, you know, something that we've been seeing as consolidation and integration, and so, you know, companies looking at from built time to run time investing in shift left infrastructure is code. And then also in the runtime detection makes perfect sense to have both the agent and agentless so that you're covering any of the gaps that might exist. >>Awesome. Jerry, Phillip, thanks for coming on the queue with IDC and sharing >>Your oh our pleasure perspective. >>Commentary, have any insights and outlook. Appreciate it. You bet. Thank you. Okay. We've got the great direction here from IDC analyst here on the queue. I'm John for a Dave, we're back more after this shirt break.

>> Announcer: Live from Las Vegas it's theCube. Covering VMworld 2017. Brought to you by VMware and its ecosystem partners. (upbeat techno music) >> Hi, I'm Stu Miniman here with Justin Warren. This is theCUBE's coverage of VMworld2017. Believe it or not it's our eighth year covering this show. About 23,000 here in attendance and pulls from around the world even though there is a European show. But happen to welcome to the program, a first time guest, to theCUBE, someone I've known for a number of years. So, great to pull you in front of the camera. Dan Frith who is a consultant with Penguin Punk. We had one of my guests this morning said, you know this is the punk rock set so it only makes sense that, you know, you've got the shoes and the hair, and even hit a punk show >> Dan: Yep. >> here in Vegas >> Dan: I did, I did. >> when you first got here. >> Dan: Yep. >> So, thanks for joining us. >> Thank you. Thanks for having me. >> So, Dan, just for our audience, give us a little bit about your background. You're heavily involved in the VMware community. You're a VIMA leader. >> Dan: Yeah. >> Tell us your background and what you're doing these days. >> Dan: Yeah, sure. Thanks, Stu. I've been working with Virtualization for about 15 year now. Started with Workstation, went to ESX 2. And sort of it all went from there. I thought that was pretty cool stuff. Kept me really busy for a long time. Branched out into further data center technologies. I'm really interested in things that go in racks, and how they can help people do stuff better, faster and smarter. >> Dan: Yeah. >> I tell you, I've been working with VMware for about the same time, 15 years. Had a little bit more hair and less gray, you know, when that started, I loved some of the IBM to TV commericals where it was like, "Where did all the servers go?" Racked it all up and things like that. To watch the evolution and the ebbs and flows in this community >> Dan: Yep. >> has been pretty cool. So, how important is VMware today in your ecosystem? >> Yeah, it's critical to what we do every day. A lot of our customers are very VMware focused. Not just for the high proviso. It's all management automation that we wrap around that stuff. NSX is becoming more and more critical to what we're doing. Got a lot of complicated cloud plays happening locally. NSX is really helping us to get where we need to be where traditionally maybe it was bit of a slower, harder process. We've certainly found stuff like that is really helping us get some good winds on the board. >> Could you unpack that a little bit for us? Definitely coming into the show, I hear a lot about NSX. Lots of customers doing what I taught. Some of the ecosystem at large is like when you really get in there's some complicated pieces. Networking, security, >> Dan: That's right. >> never going to be simple? >> Dan: Right. >> So what are some of the challenges? How do we get over some of them? And what does this really deliver? >> Yeah, I think some of the biggest challenges with networking and security in the enterprise isn't the actual tech anymore it's the way that we apply the processes to that tech, the policies, the frameworks and governments, the risk, compliance assessments, all that sort of stuff. People don't necessarily understand that world inside their business. Having something like NSX come in it gives them the opportunity to reassess what they're actually trying to achieve, what's critical from an application perspective down rather than just thinking about the infrastructure and the tools they're using. It's not just about switches, routers, firewalls anymore. It's about what I'm actually trying to achieve, what really needs to talk to what, and now I can make this happen with this tool that's actually really flexible and agile, and very easy to get up and running. >> But the thing around the security aspect of it in particular, is that it's not the same sort of audience that you would normally be talking to if you're a VMware sort of person. >> Dan: That's right. It's usually handled by someone completely different. Similarly, the networking can be a little bit funny as well because the networking people are all about the hardware, and the switches, and things that plug into it. And this virtual switching idea, when I first heard NSX you're going to teach BGP to virtualization? >> I know, >> and I think that's been very interesting as well. I think we saw the last 10 years the storage and virtualization guys seem to come together reasonably well and start to cooperate on stuff. And we're finally understanding what storage is to VMware guys and vice versa. Whereas the networking stuff is still that dark art where you have to have >> Yeah. >> a certain number of letters after your name to make it work. And the security guys, again, they're a whole different beast, right? They're kind of like the DBA's of the infrastructure world. >> So, how far along in using storage as sort of an analogy. How far down that journey of getting people together and to understand each other on both sides. >> Yeah, so I think its still pretty early days. I know VMware's been very bullish about what NSX can do to transform your infrastructure. But I think there's a lot of conversations that still need to be had at a reasonably high level in organizations to get people understanding exactly what they can do with this stuff, and I think realize the potential of what they can do. Sometimes it's not actually what they need to do now, it's what they need to do three years from now. And I think a lot of businesses just aren't planning ahead that far, right? >> Dan, I'm curious your take on the keynote this morning. Pat got on stage. I thought good energy. I thought it was one of his best keynotes that he's given. >> Dan: Absolutely. >> But for your audience, kind of in your geo, digital transformation, kind of the journey to cloud. How much of that kind of hit home for you? Any critiques that you'd give. >> So, cloud's obviously a hot topic where I'm based. The VMware AWS story is getting more and more interesting. But, again, for Australia still not so much. You've got it in one geo right now. Australia is not going to be enabled for awhile. It took AWS a long time to get a presence down there. >> I think if I heard right, they said within a year by the time we come back to VMWorld next year, which I think is going to be in Vegas unfortunately again, but they said we should be across all the Amazon availability zones. >> Yeah, in which case that could be tremendously interesting. But I've got to crunch a few numbers to make sure this really works because I like the idea. It's a neat idea. It's very good for those legacy enterprises that don't really want to get away from vSphere to Shared who've got the kind of crusty applications that don't really run very well on public cloud. But they're in the middle of their transformation piece, perhaps. They're trying to get cloud-native. This is a nice stepping stone. If VMware can execute on it, makes sense financially. >> So, what are some of the financial price points that you're seeing out there? You know, we've heard over the years, VMware sometimes is everybody's yelling about it, sometimes not as much, cloud is going to be the savior Or wow, it's really expensive- >> Dan: That's right, it sort of varies. I think one of the points this morning they said, "You can have a variable cost model." And a lot of the businesses I deal with they hate that stuff. They need to know every month how much they're going to spend. >> Stu: Yeah, CFO doesn't like uncertainty, right? >> Absolutely not. Yeah, and this kind of stuff can get out of control really quickly. I'm not yet convinced unless you put the right controls, governance, framework, all that stuff on top of it. That's going to be the key thing, I think, for the success of this. >> There's a lot of talk about innovation which involves change and risk. And so, if we're trying to keep things into constrained boxes where we may not understand exactly what it's going to be, then by definition we're reducing as much risk as we can which is kind of- >> What's been fascinating with the customers I work with who are all traditional enterprises, services, those types. They've got CIOs coming in and saying, "Let's go to cloud. Everyone's in the cloud." They've sent it all up there and they go, "Oh my three-tier application actually doesn't work in this cloud. I need to bring it back. We've got those people going through those cycles already locally. Yeah, there's a lot of innovation going on at a high level. But I think some of the homework hasn't been done, to make that successful. And I think that's what people need to focus more on is an application centric, or even a business outcome centric... You know we use 2,000 applications in the enterprise but what do they all do. >> Justin: What are they for? >> What are they for? Are they just there because they've always been there? Or can we carve some of this stuff out? >> Yeah, how do softwares and service and public cloud fit into that discussion. >> Yeah. So, I think they're going to be more and more critical. I think the maturity around some of the softwares and service offerings has been really good. People are loving the offloader risk and the offload our responsibility for SAS. I think some of the problem is around, again, it's compliance, risk, people aren't necessarily backing up their Office365 stuff. They're sort of relying on Microsoft to have things in place. They're potentially not realizing some of the risk they're exposing themselves to. Not that this stuff is dodgy but it's tricky to navigate how you actually protect- >> I was talking to a security person yesterday, and they were like, "Oh, yeah, no if I just use SAS I don't need to worry about the security, right?" And I was like, "No, you need to worry about it even more." >> Dan: Yeah, yeah. >> We've seen plenty of examples of people who have put data into AWS for example, and then their S3 bucket is just open for the world to see. >> Dan: That's right. The simplicity adds a bit more mystery where it probably shouldn't. >> Yeah, doing your homework and understanding the tools that you're about to go and use is important. >> Dan: Yeah, understanding the risks and understanding some of the consequences of your actions. It's not just about reducing the floor tiles on your own premises stuff. It's about understanding what the data is actually doing, where it's going, and what it's going to mean to someone if they get ahold of that data. >> Yeah, but it's not a new situation really. Cloud's been around for over ten years now. A lot of these ideas of IT working with the business because that's what IT is about. It's not exactly a radical concept. >> It's not a massive change in what we're doing. I think some of the problem is we haven't done that very well to begin with. Now, we've just put another infrastructure construct in place and gone, "Oh, well now well work with the business on this." Unfortunately, we still aren't working with the business. You still got pockets of the business doing their own thing. It's poorly understood. IT is a cost center, a pain, a drain on the business, if you will. And it's hard for them to, I think, bridge that gap. We need to focus a bit more on making the gap between what the business is trying to achieve and what IT can do to help them. I don't think the cloud necessarily takes that conversation away. >> Yeah, unfortunately the technologies never going to be a silver bullet but I heard you say that IT still is looked at as a cost center for a lot of your environments. And I hear people maybe they're too optimistic. Not only is IT a cost center, they're working with the business. Maybe IT is driving the business. Sounds like maybe you're not there quite yet. >> So, I don't think that's happening in the big enterprises just yet. The more conservative ones are still struggling, I think, with bridging that gap between IT and business. The ones who can't see the value of what they're doing from an IT perspective, they're always going to struggle with that kind of stuff. >> How about just a general concept of digital transformation. In your area is that something, are people embracing it? I've read a great article actually by one of the networking vendors, and he said, "Look, people might not agree with digital transformation but digital disruption is definitely real." >> Absolutely. >> Stu: What are you seeing? >> If there's a way we can shoehorn a way of doing things differently into traditional business, into traditional IT companies as well, and making them understand that they're not just there to take all their money and not necessarily deliver on all of their promises. And if the business can start understanding that their is some value in IT, then I'm all for digital disruption if that's a mechanism to make that happen. Realistically though, I'm still faced with the same challenges of legacy software being out of support, and hardware that's sweating the asset, taking it a little too far. Those kind of problems are realistically what I'm still seeing every day. >> Kind of like the concept that Pat talked about in the keynote today of cyber hygiene. Just doing the basics >> Dan: That's right. >> Dan: Doing the basics. And I think some people are struggling with those basics because they've never done it or they've sort of forgotten how to do it, or they expect, magically, that their new shiny cloud will do that for them. Or their service provider and that's definitely not the case. >> Justin: Yeah. >> We're still pretty early in the show. But any of the announcements so far, anything jump out at you? Or anything that you've seen yet that you want to highlight? >> I'm excited about the VM in AWS thing. I think it's good to finally see that. The annoucement last year at VMworld US, now it's generally available. Limited but generally available. >> Yeah, it was actually announced like a month after the show last year. One of the things we were a little frustrated that there was a three letter name big company that they made an announcement with which was up on stage talking about security today but not so much their cloud offerings. >> Not so much about that stuff. Yeah, so it's been a weird, I'm not going to say it's a pivot but it's certainly a bit of a twist. >> So, you're also a VMUG leader. What are the pain points that you're hearing from people in the community? What do they look for out of the ecosystem that would make their jobs a whole lot easier? >> I think people are sometimes struggling with the complexity of the ecosystem. It's still fairly broad and diverse. And sometimes people struggle to actually navigate their way through what they need to get done. I think that's what a lot of our VMUG members are struggling with day to day. >> I guess I don't see the vendors in the ecosystem solving that problem. It tends to be the distribution, consultants and the like that will help explain that. Because the problem we have, even if I just take storage or networking, these are really complicated things. And there's not going to be one solution that fits 90% of it. So, that's why I need to understand, you said a customer with 2,000 applications, how do I manage that stack of applications? How do I deal with that? You're a consultant. How do you help people through some of these challenges? >> So, I generally try to start with what's important to people. Like what's really making the business tick? What hurt them the most when it goes down? What costs them money? And some people have a really hard time understanding how much money their burning every time an application falls over. And then we just try to make some links between the infrastructure, the application that keeps that outcome running for them. >> Yeah, one of the things I've been poking at is there's too many things that IT is doing that they suck at. And I'm not trying to poke at them. It's what we call the undifferentiated heavy lifting. Come on, I think we talk to anybody, you're no good at building a data center. Please don't do another one. >> Dan: That's right. >> Somebody else can do it. Now, I'm not saying it all goes to public cloud. Lots of options how you do that. But from the ground up and as we work our way, what drives the business? What creates value for the business? And finding those areas. Roles of the CIO is changing greatly, role of IT. >> Yeah. >> Things are going to look very different in five years than it does today. >> Oh, absolutely. Yeah, yeah. And I think people don't necessarily appreciate the value of consultants who can help them on their journey. Because it's hard. IT is hard. Enterprise is hard. And putting IT and Enterprise in the same sentence that really makes it very hard. >> Justin: Yeah, very hard. >> You got to be careful. I saw there was one of those sarcastic memes years ago. It was like, "Consultants, if you can't solve the problem at least there's lots of money to be made moving it along." >> Yeah, yeah. And redefining the problem is another fun one. >> Justin: That's always fun. >> Yeah. >> So, Dan people want to learn more about what you're doing. How do they find you? >> So, they can find me at penguinpunk.net. I've got a blog there. It's been running there for about 10 years now. You can find me on the Twitters @penguinpunk. And various other things. Come to a VMUG meeting in Brisbane if you're ever in the area. We'll buy you a beer and treat you nice. >> Stu: Excellent. Love to do that. We have yet to do theCUBE in Australia but it's definitely what we want to do. So, Dan, thank you so much for joining us. >> Thanks, Stu. For Justin and Stu, we'll be back with lots more coverage here from VMworld 2017. You're watching theCUBE. (upbeat techno music)