>> from Seattle WASHINGTON. It's the Q covering AWS Imagine nonprofit brought to you by Amazon Web service is >> Hey, welcome back and ready Geoffrey here with the Cube. We're in downtown Seattle, actually, right on the water from the AWS. Imagine nonprofit event. We're here a couple weeks back for the education version of this event. First time to come into the non profit of it, and >> we're really excited to have our next guest. I knew a little bit about this organization before. Now we know a lot more. As he came off his keynote, he's brought Excuse me, Byron Hill, global head of >> technology for the Movember Foundation. By a great job on the keynote >> in the bay here to talk to you. >> And I think you came further than anybody did. Any other hands come up? I couldn't see the audience. 1000 miles, one >> I actually asked with from. So my whole stick around, you know, being from Australia 8140 miles to Seattle lost its appeal. If I'd said half Are you from 10,000 miles? >> Yes. Yes. We're glad we're glad you made it so that for the people that aren't >> familiar with them. Forgive him. Kind of a quick overview, Absolutely so in November >> is one of the world's largest men's health charities. We focus on three areas of men's health. Prostate cancer, mental health and testicular cancer. And every year we have annual fundraising campaign where we encourage men and women to fund. Rise for our cause is >> so Men's health is a really tricky situation. Let's met with GAL. She's like, Yeah, I'm going to do this. Start up. I'm gonna help. I'm gonna help all my male friends get to their doctor. Please. I was like, That's not the problem. The problem is, I never want to go in the first place. I don't want to talk about it. They want to acknowledge it. You know, they don't want to get their colonoscopy. They've heard horrible things about the prostate exam. So this is a really challenging thing to tackle. So how did you guys decide to go after it? How are you doing it a little bit differently so that you can have some success and he's not easy to operate areas. >> We realize that men's health was in a state of crisis. Men live on average sixties. Lesson. Women. And as you say, it's because way sit on the couch. We don't let things. We don't take action as opposed to women who always talk to themselves and should get out there and get something checked. So focusing on areas such as prostate cancer, where we know the family, history and ethnicity really important factors around these disease types and really targeting those populations and making sure we can have a big impact. We also spend a lot of time looking at survivorship. But how we can help people through that journey and understand what that journey looks like and help them actually have a really positive outcome At the end of it. My oh suicide is a huge area. Focus. One man every minute globally will die by suicide. And while that's not a uniquely mild disease, three out of four suicides a mile to really try to develop unique messaging, to talk to men in a very direct way is being one way we've I tried to get a cut through to really make a difference, right? >> So the mustache is in November in November, How did that come together? So you know, you've got these very serious diseases that we're trying to address a really big global problem. And you're coming at it with this kind of fun, kind of tongue in cheek thing. Movember. So for the folks that aren't familiar, what is movin, roll about? How did it come about? And really, what's the impact that actually, he has a huge impact with you outlined in the keynote? >> Absolutely So remember, started with two guys in a pub talking about fashion trends. They got onto the fact that the mustache had been the mainstay of seventies and eighties fashion and all but disappeared in the nineties. They just started to bring the mustache back as a gag. They got 30 mites, my yoga, robust ashes. They raise $0. They realized that papal complete strangers in the street. We're coming up to them asking about the mustache. What's that thing when you leave? And they realize the power of the mustache was something much more created conversations and allowed people to connect with one another to create an environment. We were able to talk about men's health. That's where we started. We never intended to become a men's health charity, but fast forward to 2009 and we've had over 6,000,000 people participating in a fundraising campaigns in the top 45 engineers globally and have funded over 1200 men's health programs. And again, all starting with two guys and pub. Having having a conversation about fashion trends >> you have, The numbers are amazing. I >> think you said S O start in 2004 and you guys were raising over $100,000,000 a year. How does it tie back to the mustache? Is just a conversation starter? No, by the way, this is why I'm doing it and please go go to the Web site. One of the mechanics. >> It's all about fun. Originally, the idea of the moustache was just fun. Just grow a mustache. Race and funds. That's it. We've really matured and progress in the last few years around really focusing in on the importance of men's health. So it started as a fun thing back in the day, and now we still try to maintain the fund. We also have a serious message to get through. So, quite literally, will ask people to grow a mustache last. Him too host and van will ask them to move. We've got a whole range of different fundraising ideas, and the idea is to absolutely get people raising funds in November. Getting as many people as we can to sign up and to grow moustache is and two doughnuts. So that's quite literally how we do it. And then we invest those funds back into women's health records. A >> great Well, I can assure you, after today we will be. The Q team will all be doing their best to get them. The mustache is there in a couple of months, but >> you had a >> lot of other really interesting messages within your within. You're talking about a culture of innovation, Mom. And everyone is always struggling. How do I and still a culture of innovation, especially in a large organization? You had a great quote. You're not the 1st 1 ever say it, but you said it with such passion, and clearly it's fall in love with the problem, not the solution to many people especially intact. Yeah, they want to talk about the attack. They don't want to talk about the problem. How do you know X ticket that? How do you instill that in your team. And how's that be really been a great driver for your success in development as a zone organization? >> Absolutely. So you're quite right. Paper will jump to the solution. And it's not just technical. People, like most people will come to you with a solution because I think they're actually helping. They think that they know exactly what the problem is to really just trying to position that to say, Well, let's get really clear and say Fall in love with problem Get really clear around the outcomes, withdrawn and deliver. Think about the experience is withdrawn. Give people here and then think about the technology. I talked about bringing the community into the conversation. Imagine the power you can have by bringing the community at the table when you're designing a new product. We try to do that all the time having a man in the room that suffered from prostate cancer. The insights they give you. We're very quickly highlight that you may have absolutely no idea of what the problem is. I talked a lot about assumptions. We form assumptions in her mind that crystallized. We have this bias and you have to challenge yourself to constantly go back to the coalface and look at those assumptions. Are they right? Are we solving completely the wrong problem Here you can deliver a great solution that completely misses a problem. So how do we do that? We encourage people to think about the problem. Immersed herself in the research. I talked about an example in testicular cancer. We spent three months on understanding the problem. Three months we spent four weeks on building a solution, and that was for a feeling that we didn't quite have the confidence that we knew what the problem. Waas. We wanted to know what itwas who wanted to delve into that research and really engage with people. Engage the community to get a deep seated understanding of what we were trying to solve. Right? >> Another PC talked about Is the community the importance of the community and really said the community is the why really powerful statement And I don't know people. Sometimes I think, think of community 10 gentle They're not really is the purpose for what? You know why you get up in the morning every day and why you do what you do. You have that come about. And how do you make sure that that stays, You know, clearly in focus for everyone. >> It's a really important point, and it's why we exist. And for us, it's a mobile rose and most sisters and the men that we serve. So how do we do it? We have to constantly anchor ourselves back to the point that there are means and means of men out there suffering from this desert diseases that we support. We want to create a better world for them so we can a line around the Y. If everyone in the organization understands why we're doing the work, it helps us deliver some amazing outcomes and again, the context of having people in the room, the community being part of the conversation that you're having gives that really sense of context. And it hasn't been easy. It's taken time to get there and you can't involve. I give an example of 20,000 people responded to a survey. You know, it doesn't have to be huge amounts of data. The voice of one or two people could be enough to provide unique insights. They give you a real sense of purpose and really give you a sense of what you're trying to change >> right? The third piece, he talked about the third leg of the stool, if you will. His culture. Onda geun driving, innovation of culture and your example you gave him the key note was phenomenal, which is when your team, you know, found a problem and asked you for approval on the $500 fixes. And you said, you know, empower your people to find the problem to solve the problems out Me and I think it's such a great message. And you spoken depth about learning about a screw up a failure and really identifying that as a terrific learning opportunity. You know, where did you learn about that kind of cultural approach? How do you keep that up? Because that is really the key to scale. And I think so many people are afraid to trust and afraid to have kind of blameless. Blameless postmortems is another phrase that we've heard so important to enabling your people to actually go out and accept. It's not easy, >> and how do we learn, Like all good things we did on the fly like if you're facing a situation where you've got a major piece of work that's kind of screwed up, and it doesn't do what you think it's gonna do. We had two choices. We could try to fix it, and I just knew we weren't gonna get there. It's a really using it as an opportunity toe positively reinforce what we should be doing that was learning. We had a really narrow opportunity to learn and learn in an in depth way. And how do we develop that culture we had to spend that time? It was really consciously thinking about when you got a team who are not feeling a lot of love there really worried. They actually concerned for their jobs, refocusing their their effort, giving them conference, telling them I've got your back and ultimately it helped us create this coach where people can proactively go out there and solve problems and my example of the business case or a showcase every single time we will go for the showcase, getting people to talk about how they're solving these problems, what is the problem and actually putting a proof of concept in or showing us that an example of what it looks like that's taken a long time to develop that culture, however, it's been absolutely worth it. >> Yeah, that's great. And you gave you gave the audience three challenges. At the end of the day, I was pretty interesting that weren't in there because they kind of encapsulated there kind of your key three themes that was, you know, really understand the problem you're trying to solve. I talked to people in the community. I like that. Don't presume you know what's going on. Talk to people. And then the last thing is encouraged. Three people to start working on the problem. Don't start working on it yourself. But again, you know you're going to have such a good grasp on engaging the team to the benefit of the whole great great messages >> over the year. Or didn't appreciate the homework I gave them to go. Go back to their desks on Monday morning and try these things. But I firmly believe that you know those three challenges and they're only small like this is not about trying to solve world hunger. This is just starting with something small in your business that you can look at. You can get two of your people 23 other people to focus on that validated the problem and look for ways around it. So it doesn't have to be a huge a group of people just getting a stock. And I've already talked to a number papal off to the canine who who really said that really resonated just starting that conversation. Small in that that I did a snowball and eventually growing as part of the organization. Right culture is something which takes a huge amount of time to get right, and I go in starting small one and letting that grow and permeate and do as much as you can do to reinforce that culture within your organization. Really living and breathing that cultures is important. But >> even those starting small your guys goals were huge. I mean, your goals are to cut to cut the prostate and the testicular percent, 50% and drop the suicides by 3/4. So, you know, it's a really interesting approach. Start small, you know, focus on the small, but but you clearly have a really big goal is my >> goal, and we know we can't achieve those goals by ourselves so way collaborate as much as we can with others who have similar missions and trying to band together. And we realized very early on that bringing together the best and brightest minds in the world to solve these problems was absolutely essential. We couldn't do it myself. So forming those network says global networks of experts researching constantly evaluating that research, making sure we're having to cut through and with nests in the process of scale in those programs that have shown great outcomes to reach the lives of means of men. So it's again starting small, proving these ideas out there looking to scour those ideas to reach frankly means in England. >> All right, Byron, we're almost out of time. We've got about 10 weeks until the month. Formally. No, it's November for >> me knowing this. So how do >> people get involved? What should people do? Give us give us some concrete tips for the audio? >> Absolutely, absolutely. So, first of all, you want to go to moveon dot com and you want to sign up, Sign up to be a mobile. Almost Easter, you can either grow a mustache. You can host in the van. You can move for Movember start donating, and it's like any people to die tonight. So grow a mustache and asking me to give you money. That's the 1st 1 to do it. Second tip is what sort of moustache gonna grow. There's so many styles. There's the >> little style guide on the course, But not everyone >> can go. We could, Tash, but, uh, we do have wards for the line, Mark. So some of those >> little lame of the Lane >> Mart I can always always recommend some augmentation of the mustache if you got a few gray hairs and maybe bush it out. A little bit of color lamentation. Something like that. Um, but above all else, it doesn't live. Use one message. It's about getting yourself checked. When things don't feel normal, go to the doctor, have that positive impact on your life. And, of course, Movember dot com is full of really useful tips and great content to help you on that journey. >> All right. Well, Byron, thanks to you very much. And again. Congrats on the keynote. Thank you. Seem really enjoyed the time. Excellent. Thank you. Alright, He's tired. I'm Jeff. You're watching The key were eight of us imagined nonprofit in Seattle, Washington. Thanks for watching. We'll see you next time

>> live from Boston, Massachusetts. It's the Cube covering A W s reinforce 2019 brought to you by Amazon Web service is and its ecosystem partners. >> Hey, welcome back, everyone to Cubes. Live coverage here in Boston, Massachusetts for eight of us reinforced Amazon Web service is inaugural event around Cloud Security. I'm Jeffrey Day Volante. Two days of coverage. We're winding down Day two. We're excited to have a year in The Cube Special guest, part of Big and that one of the big announcements. Well, I think it's big. Nerdy Announcement is the automated reasoning. Byron Cook, director of the Automated Reasoning Group within AWS. Again, this is part of the team that's gonna help figure out security use automation to augment humans. Great to have you on big part of show here. Thanks very much to explain the automated reasoning group. Verner Vogel had a great block post on All things distributed applies formal verification techniques in an innovative way to cloud security and compliance for our customers. For our own there's developers. What does that mean? Your math? >> Yeah, let me try. I'll give you one explanation, and if I puzzle, you all try to explain a different way. 300 So do you know the Pythagorean Theorem? Yeah, sure, Yeah. So? So that the path I agree in theory is about all triangles that was proved in approximately B. C. It's the proof is a finite description in logic as to why it's true and holds for all possible triangles. So we're basically using This same approach is to prove properties of policies of networks of programs, for example, crypto virtualization, the storage, et cetera. So we write software. This finds proofs in mathematics and this the proofs are the same as what you could found for thuggery and should apply into >> solve problems that become these mundane tasks of checking config files, making sure things are that worries kind of that's I'll give you an example. So so that's two in which is the T. L s implementation used, for example, in history. But the large majority >> of AWS has approximately 12,000 state holding elements, so that with if you include the stack of the heat usage, so the number >> of possible >> states it could reach us to to the 12,000. And if you wanted to show that the T. L s handshake Implementation is correct or the H Mac implementation is correct. Deterministic random bit generator implementation is correct, which is what we do using conventional methods like trying to run tests on it. So you would need, if you have, like, 1,000,000 has, well, microprocessors and you would need many more lifetimes in the sun is gonna admit light at 3.4 $4,000,000,000 a year to test to exhaustively test the system. So what we do is we rather than just running a bunch of inputs on the code, we we represent that as the mathematical system and then we use proof techniques, auto automatically search for a proof and with our tools, we in about 10 minutes or able to prove all those properties of s two in the way of your intimidates. And then we apply that to pieces of s three pieces of easy to virtual ization infrastructure on. Then, uh, what we've done is we've realized that customers had a lot of questions about their networks and their policies. So, for example, they have a complicated network worldwide different different availability zones, different regions on. They want to ask. Hey, does there exist away for this machine to connect to this other machine. Oh, are you know, to do all this all SS H traffic coming in that eventually gets to my Web server, go through a bastion host, which is the best, best practice. And then we can answer that question again, using logic. So we take the representation that semantics of easy to networking the policy, the network from the customer, and then the question we're asking, expressing logic. And we throw a big through their call ifthere improver, get the answer back. And then same for policy. >> So you're analyzing policies, >> policies, networks, programs, >> networks, connections. Yeah, right. And it to the tooling is sell cova. Eso >> eso eso basically way come with We come with an approach and then we have many tools that implement the approach on different, different problems. That's how you apply Volkova all underneath. It's all uses of a kind of tool called SMT inside. So there's a south's over, uh, proves theorems about formula and proposition. A logic and SMT is sat modular theories. Those tools can prove properties of problems expressed in first order logic. And so what we do is we take the, for example, if you have a question about your policies answering, answering semantic level questions about policies is actually a piece space problem. So that's harder than NP complete. We express the question in logic and then call the silvery and they get their answer back on Marshall it back. And that's what Volkova does. So that's calling a tool called CVC four, which is which is an open source. Prove er and we wenzel Koval. We take the policy three question encoded to logic. Call a Silver and Marshall answer back. >> What's the What's the root of this? I mean, presumably there's some academic research that was done. You guys were applying it for your specific use case, But can you share with this kind of He's the origination of this. >> So the first Impey complete problem was discovered by a cook and not not me. Another cook the early seventies on. So he proved that the proposition a ll satisfy ability problem is impeccably and meanwhile, there's been a lot of research from the sixties. So Davis and Putnam, for example, I think a paper from the mid sixties where they were, we're trying to answer the question of can we efficiently solved this NP complete problem proposition will satisfy ability on that. Researchers continue. There have been a bunch of breakthroughs, and so now we're really starting to see very from. There's a big breakthrough in 2001 on, then some and then some further breakthroughs in the 5 4008 range. So what we're seeing is that the solvers air getting better and better. So there's an international competition of Let's Save, usually about 30 silvers. And there's a study recently where they took all of the winners from this competition each year 2001 5 4008 30 2002 to 2011 and compared them on the same bench marks and hardware, and the 2002 silver is able to solve 1/4 of the benchmarks in the 2011 solved practically all of them and then the the 2019 silvers, or even better. Nowadays they can take problems and logic that have many tens of millions of variables and solve them very efficiently. So we're really using the power of those underlying solvers and marshaling the questions to those to those overs, codifying thinking math. And that's the math. The hour is you gave a talk in one sessions around provable security. Kind of the title proves provable. >> What's what is that? What is that? Intel. Can you just explain that concept and sure, in the top surfaces. So, uh, uh, >> so mathematical logic. You know, it's 2000 years old, right? So and has refined Sobule, for example, made logic less of a philosophical thing and more of a mathematical thing. Uh, and and then automated reasoning was sort of developed in the sixties, where you take algorithms and apply algorithms to find proofs and mathematical logic. And then provable security is the application of automated reasoning to questions and security and compliance. So we you wanna prove absence of memory, corruption errors and C code You won't approve termination of of event handling routines that are supposed to handle security events. All of those questions, their properties of your program. And you can use these tools to automatically or uh oh, our find proofs and then check The proofs have been found manually. That's what that's >> where approvable security fix. What was the makeup of the attendee list where people dropping this where people excited was all bunch of math geeks. You have a cross section of great security people here, and they're deep dive conversations Not like reinvent this show. This is really deep security. What was some of the feedback and makeup of the attendees? >> Give you two answers because I actually gave to talks. And the and the answers are a little bit different because the subject of the talk So there was one unprovable security, which was a basically the foundation of logic And how we how Cheers since Volkova and our program, because we also prove correctness of crypto and so on. So those tools and so that was largely a, uh uh, folks who had heard about it. And we're wanting to know more, and we're and we're going to know how we're using it and trying to learn there was a second talk, which was about the application of it to compliance. So that was with Tomic, Andrew, who is the CEO of Coal Fire, one of the third party auditors that AWS uses in a lot of customers used and also Chad Wolf, who's vice president of security, focused on compliance. And so the three of us spoke about how we're using it internally within eight of us to automate, >> uh, >> certification compliance, sort of a commission on. So that crowd was really interesting mixture of people interested in automated reasoning and people interested in compliance, which are two communities you wouldn't think normally hang together. But that's sort of like chocolate and peanut butter. It turns out to be a really great application, >> and they need to work together to, because it is the world. The action is they don't get stuck in the compliance and auditing fools engineering teams emerging with old school compliance nerds. So there's a really interesting, uh, sort of dynamic to proof that has a like the perfect use casing compliance. So the problem of like proving termination of programs is undecided ble proving problems and proposition a logic is np complete as all that sounds very hard, difficult and you use dearest six to solve this problem. But the thing is that once you've found a proof replaying, the proof is linear and size of the proof, so actually you could do extremely efficiently, and that has application and compliance. So one could imagine that you have, for example, PC I hip fed ramp. You have certain controls that you want to prove that the property like, for example, within a W s. We have a control that all data dressed must be encrypted. So we are using program verification tools, too. Show that of the code base. But now, once we've run that tool that constructs a proof like Euclid founded the sectarian serum that you can package up in a file hand to an auditor. And then a very simple, easy to understand third party open source tool could replay that proof. And so that becomes audit evidence. It's a scale of total examples >> wth e engineering problem. You're solving a security at scale. The business problem. You're solving it. Yeah. His customers are struggling. Just implementing There just >> aren't enough security professionals to hire right? So the old day is, the talk explains. It's out there all on YouTube's. The people watching the show can go check it out. But I am by the way I should I should make a plug for if you Google a W s provable security. There's a Web page on eight of us that has papers and videos and lots of information, so you might wanna check that out. I can't remember what I was answering now, but >> it's got links to the academic as >> well. Oh, yes. Oh, yes. That was the point that Tommy Kendra is pointing out, as in the old days, you would do an audit would come in to be a couple minutes box that we win this box. You check a few things to be a little network. Great. But now you have machines across the world, extremely complex networks, interaction between policies, networks, crypto, etcetera. And so there's There's no way a human or even a team of human could come in and have any reasonable chance of actually deeply understanding the system. So they just sort of check some stuff and then they call it success. And these tools really allow you to actually understand the entire system buyer and you guys doing some cutting edge work, >> folks watching and want to know how math translates into the real world with all your high school kids out their parents. This is stuff you learn in school like you could be played great work. I think I think this is cutting edge. I think math and the confidence of math intersects with groups. The compliance example audited example shows that world's gonna come together with math. I think this is a big mega trend. It's gonna not eliminate the human element. It's going augment that so great stuff, its final question just randomly. And while you're here, since your math guru we're always interested, we always covering our favorite topic of Blockchain, huh? We believe that a security conference is gonna soon have a Blockchain component because because of the mutability of it, there's a lot of math behind it. So as that starts to mature certainly Facebook entering him at their own currency. Whole nother conversation you don't want to have here is bring a lot of attention. So we see the intersection of security being a supply chain problem in the future. Your thoughts on that just generally. So So the problem of proving programs is undecided, and that means that you can't build a general solution. What you're gonna have to do is look >> for niche areas like device drivers, networks, policies, AP, I used to dream crypto et cetera, and then make the tools work for that area, and you will have to be comfortable with the idea that occasionally the tools aren't gonna be able to find an answer. And so the Amazon culture of being customer obsessed and working as closely as possible with the customer has been really helpful to my community of of logic, uh, full methods, practitioners, because they were really forced to work with a customer, understand the problem. So what I've been doing is listening to the customer on finding out what the problems with concerns. They are focusing my attention on that. And I haven't yet heard of, uh, of customers asking for mathematical proof on crypto currency Blockchain sorts of stuff. But I'm I I await further and you're intrigued. Yeah, I'm s I always like mathematics, but where we have been hearing customers asked for help is for Temple. We're working on free Our toss s o i o T applications Understand the networks that are connecting up the coyote to the cloud, understanding the correctness of machine learning. So why, why So I reused. I've done some machine learning. I've constructed a model. How do I know what it does? And is it compliant? Does it respect hip fed ramp PC, i et cetera, and some other issues like that. >> There's a lot of talk in the industry about quantum computing and creating nightmares for guys like you. How much thought given that you have any thing that you can share with us? >> Yes. Oh, there's there's work in the AWS crypto team preparing for the post quantum world. So imagine Adversary has quantum computer. And so there are proposals on eight of us has a number of proposals, and we've and those proposals have been implemented. So their standards and we've our team has been doing proof on the correctness of those. So, actually, in the one of my talks, I think the talk not with Chad and Tom. I show a demo of our work to prove the correctness of someplace quantum code. >> So, Byron, thank you for coming on the inside. Congratulations on the automated reason. Good to see it put in the practice and appreciate the commentary. Thank you very much. Thank you. Here for the first inaugural security cloud security event reinforced AWS is putting on cube coverage. I'm John Fairy with Day Volonte. Thanks for watching

>> Live from New York, it's theCUBE covering theCUBE New York City 2018. Brought to you by SiliconANGLE Media and its ecosystem partners. (techy music) >> Hey, welcome back, everyone. It's theCUBE live in New York City for CUBENYC, formerly Big Data NYC. Now it's turned from big data into a much broader conversation. CUBENYC is exploring all these around data, data intelligence, cloud computing, devops, application developers, data centers, the whole range, all things data. I'm John Furrier here with Peter Burris, cohost and analyst here on the session. Our next guest is Byron Banks, who's the vice president of product marketing at SAP Analytics. No stranger to enterprise analytics. Welcome to theCUBE, thanks for joining us. >> Thank you for having us. >> So, SAP is, you know, a brand that's been doing business analytics for a long, long time, certainly powering-- >> Mm-hm, sure. >> The software for larger enterprises. Supply chain, you name it-- >> Sure. >> ERP, everyone kind of knows the history of SAP, but you guys really have been involved in analytics. HANA's been tailor-made for some speed. We've been covering that, but now as the world turns into a cloud native-- >> Mm-hm. >> SAP has a global cloud platform that is multi-cloud driven you guys kind of see this picture of a horizontally scalable computing environment. Analytics is a big, big piece of that, so what's going on with machine learning and AI, and as analytical software and infrastructure need to be provisioned dynamically. >> Sure, sure. >> This is an opportunity for people who love to get into the data. >> Absolutely. >> This is a great opportunity. What's the uptake? >> Great opportunity for us. We firmly believe that the era of optimization and digitization is over. It's not enough, it's certainly important. It has given a lot of benefits, but just overwhelming every user, every customer with more data, more optimization, faster data, better data, it's not enough. So, we believe that the concept to switch to intelligence, so how do you make customers, how do you serve customers exactly what they need in the moment? How do you give them an offer that is relevant? Not spam them, give them a great offer. How do you motivate your employees to be the best at what they do, whether it's in HR or whether it's in sales, and we think technology's key to that, but at the end of the day, the customer, the organization is the driver. They are the driver, they know their business best, so what we want to do is be the pit crew, if you will, to use a racing analogy, if they're the driver of the race car we want to bring the technology to them with some best practices and advice, because again, we're SAP, we've been in the business for 45 years, so we have a very good perspective of what works based on the companies we see, and serve over 300,000 of them, but it's really enabling them to be their best, and the customers that are doing the best, we call those intelligent enterprises, and that means three components. It needs intelligent applications, what we call the intelligent suite. So, how do we make an HR application that is great at retaining the best employees and also attracting great ones? How do we enable a sales system to give the best offers and do the best forecasts? So, all of that is the intelligent applications. The middle layer for that is called intelligent technologies. So, how do we use these great technologies that we've been developing as an industry over the last three to five years? Things like big data, IoT, sensors, machine learning, and analytics. That intelligent technology layer, how do we make that available, and then finally, it's the digital core, the digital platform for that. So, how do we have this scalable platform, ideally in the cloud, that can pull data from both cloud sources, SAP sources, non-SAP sources, and give the right data to those applications-- >> Yeah. >> And technologies in realtime. >> I love the pit crew example of the race car on the track, because you want to get as much data in the system as possible because more data is, you know, more opportunities to understand and get insights, but at the end of the day, you want to make sure that the car not only runs well on the track, (chuckles) and is cost effective, but it's performing. It actually wins the race or stays in the race. So, customers want revenue, I mean, the big thing we're hearing is, "Okay, let's get some top line benefit, not just "good cost effectiveness." >> Right, right. >> So, the objective of the customer, and whatever, that can be applications, it could be, you know, insight into operational efficiency. The revenue piece of growth is a big part of the growth strategy-- >> Right. >> For companies to have a data-centric system. >> Absolutely. >> This is part of the intelligence. >> But it's not just presenting the data. We introduced a product a couple of years ago, and I promise this isn't going to be a marketing pitch, (chuckles) but I think it's very relevant to what you just said. So, the SAP Analytics Cloud, that's one of those technologies I talked about, intelligent technologies. So, it is modern, built from the ground for SAS applications, cloud-based, built on the SAP cloud platform, and it has three major components. It has planning, so what are my KPIs? If I'm in HR am I recruiting talent or am I retraining talent? What are my KPIs if I'm in sales? Am I trying to drive profitability or am I trying to track new customers? And if I'm in, you know, again, in marketing how effective are we on campaigns? Tied to that is all the data visualization we can do so that we can mix and match data to discover new insights about our business, make it very, very easy, again, to connect with both SAP and non-SAP sources, and then provide the machine learning capabilities. All of that predictive capability, so not just looking at what happened in the past, I'm also looking at what's likely to happen in the next week, and the key point to all of that is when you open the application and start, the first thing it asks you is, "What are you trying to do? "What is the business problem you're trying to solve?" It's a story, so it's designed from the get-go to be very business outcome focused, not just show you 50 different data sources or 100 different data sources and then leave it to you to figure out what you should be doing. >> Yeah. >> So, it is designed to be very much a business outcome driven environment, so that, again, people like me, a marketer, can logon to that product and immediately start to work in campaigns-- >> Yeah. >> And in the language that I want to work in, not in IT speak or geek speak. Nothing wrong with geek speak, but again-- >> Yeah, I want to get into a conversation, because one of the things, we're very data driven as a media company because we have data that's out there, consumption data, but some platforms don't have measurement capability, like LinkedIn doesn't finance any analytics. >> Sure. >> So, this data that's out there that I need, I want, that might be available down the road, but not today, so I want to get to that conversation around, okay, you can measure what you're looking at, so everything that's measurable you've got dashboards for, but-- >> Sure. >> There's some elusive gaps between what's available that could help the data model. These are future data sets, or things that aren't yet instrumented properly. >> Correct. >> As new technology comes in with cloud native the need for instrumentation's critical. How do you guys think about that from a product standpoint, because you know, customers aren't going to say, "Well, create a magic linkage between something "that doesn't exist yet," but soon data will be existing. You know, for instance, network effect or other things that might be important for people that aren't yet measurable but might be in the future. >> Sure. >> They want to be set up for that, they don't want to foreclose that. >> Sure, well and I think one of the balances we have as SAP, because we're a technology company and we built a lot of great tools, but we also work a lot with our customers around business processes, so as I said, when we introduce our products we don't want to give them just a black box, which is a bunch of feeds and speeds technologies-- >> Yeah. >> That they need to figure it out. As we see patterns in our customers, we build an end-to-end process that is analytics driven and we provide that back to our customers to give them a headstart, but we have to have all of the capabilities in our solutions that allow them to build and extend in any way possible, because again, at the end of the day, they have a very unique business, but we want to give them a jumping off point so that they're not just staring at a blank screen. It's kind of like writing a speech. You don't want to start with just a blank screen. If you're in sales and marketing and you want to do a sales forecast, we will provide out-of-the-box, what we call embedded analytics, a fully complete dashboard that will take them through a guided workflow that says, "Hey, you want to do a sales forecast. "Here's the data we think you want to pull, "do you want to pull that? "Here's some additional inference we've seen "from some of our machine learning algorithms "based on what has happened in the last six weeks "of selling and make a projection as to what "we expect will happen between now and next quarter." >> You get people started quickly, that's the whole goal. Get people started quickly. >> Exactly, but we don't lock them into only doing it the one way, the right way. We're not preaching >> Yeah. >> We want to give them the flexibility. >> But this is an important point, because every, almost every decision at some point in time comes back to finance. >> Sure. >> And so, being able to extend your ability to learn something about data and act on data as measurements improve, you still want to be able to bring it back to what it means from a return standpoint, and that requires some agreement, not just some, a lot of agreement-- >> Sure. >> With a core financial system, and I think that this could be one of the big opportunities that you guys have, is because knowing a lot about how the data works, where it is, sustaining that so that the transactional integrity remains the same but you can review it through a lot of different analytics systems-- >> Right. >> Is a crucial element of this, would you agree? >> I fully agree, and I think if you look at the analytics cloud that I talked about, the very first solution capability we built into it was planning. What are my KPIs that I'm trying to measure? Now, yes, of course if you're in a business it all turns into dollars or euros at the end of the end of the day, but customer satisfaction, employee engagement, all of those things are incredibly important, so I do believe there is a way to put measurements, not always at a dollar value, that are important for what you're trying to do, because it will ultimately translate into dollars down the road. >> Right, and I want to get the news. You guys have some hard news here in New York this week on your analytics and the stuff you're working on. What's the hard news? >> Absolutely. Absolutely, so today we announced a bunch of updates to our analytics cloud platform. We've had it around for three or four years, thousands of customers, a lot of great innovation, and what we were doing today, what we announced today, is the update since our SAPPHIRE, our big, annual conference in June this year, so we have built a number of machine learning capabilities that, again, speak in the language of the business user, give them the tools that allow them to quickly benefit from things like correlations, things like regressions, patterns we've seen in the data to guide them through a process where they can do forecasting, retainment, recruiting, maybe even looking for bias, and unintended bias, in things like campaigns or marketing campaigns. Give them a guided approach to that, speaking in their terms, using very natural language processing, so for example, we have things like Smart Insights where you can ask questions about, "Give me the sales forecast for Japan," and you can say it, just type it that way and the analytic platform will start to construct and guide you through it, and it will build all the queries, it will give you, again, you're still in control, but it's a very guided process-- >> Yep. >> That says, "Do you want to run a forecast? "Here's how we recommend a forecast. "Here are some variables we find very, very interesting." That says, "Oh, in Japan this product sold "really well two quarters ago, "but it's not selling well this quarter." Maybe there's been a competitive action, maybe we need to look at pricing, maybe we need to retrain the sales organization. So, it's giving them information, again, in a very guided business focus, and I think that's the key thing. Like data scientists, we love them. We want to use them in a lot of places, but can't have data scientists involved in every single analytic that you're trying to do. >> Yeah. >> There are just not enough in the world. >> I mean, I love the conversation, because this exact conversation goes down the road of devops-like conversation. >> Right. >> Automation, agility, these are themes that we're talking about in cloud platforms, (chuckles) say data analytics. >> Absolutely. >> So, now you're bringing data down. Hey, we're automating things, so it could look like a Siri or voice activated construct for interaction. >> Yeah, absolutely, and in their language, again, in the language that the end user wants to speak, and it doesn't take the human out of it. It's actually making them better, right? We want to automate things and give recommendations so that you can automate things. >> Yeah. >> A great example is like invoice matching. We have customers that use, you know, spent hundreds of people, thousands of hours doing invoice matching because the address wouldn't line up or the purchase order had a transposed number in it, but using machine learning-- >> Yeah, yeah. >> Or using algorithms, we can automate all of that or go, "Hey, here's a pattern we see." >> Yeah. >> "Do you want us to automate "this matching process for you?" And customers that have-- >> Yeah. >> Implemented, they've found 70% of the transactions could be automated. >> I think you're right on, I personally believe that humans are more valuable, certainly in the media business that people think is, you know, sliding down, but humans, huge role. Now, data and automation can surface and create value that humans can curate on top of, so same with data. The human role is pretty critical in this because the synthesis is being helped by the computers, but the job's not going away, it's just shortcutting to the truth. >> And I think if you do it right machine learning can actually train the users on the job. >> Yeah. >> I think about myself and I think about unintended bias, right, and you look at a resume that you put out or a job posting, if you use the term I want somebody to lead a team, you will get a demographic profile of the people that apply to that job. If you use the term build a team, you'll get a different demographic profile, so I'm not saying one's better or the other, but me as a hiring manager, I'm not aware of that. I'm not totally on top of that, but if the tool is providing me information saying, "Hey, we've seen these keywords "in your marketing campaign," or in your recruiting, or even in your customer support and the way you speak with your customers, and it's starting to see patterns, just saying, "Hey, by the way, "we know that if you use these kinds of terms "it's more likely to get this kind of a response." That helps me become a better marketer. >> Yeah. >> Or be more appropriate in the way I engage with my customers. >> So, it assists you, it's your pit crew example, it's efficiency, all kind of betterment. >> Absolutely. >> Byron, thanks for coming on theCUBE, appreciate the time, coming to share and the insights on SAP's news and your vision on analytics. Thanks for coming on, appreciate it. It's theCUBE live in New York City for CUBENYC. I'm John Furrier with Peter Burris. Stay with us, day one continues. We're here for two days, all things data here in New York City. Stay with us, we'll be right back. (techy music)

>> Host: New York City, it's The Cube covering Cyber Connect 2017, brought to you by Centrify and the Institute for Critical Infrastructure Technology. >> Hey, welcome back, everyone. This the Cube's live coverage in New York City. This is the Cyber Connect 2017, presented by Centrify, underwritten by such a large industry event. I'm John Furrier, Dave Vellante. Our next guest is Byron Acohido who's the journalist at lastwatchdog.com. Thanks for joining us, welcome to The Cube. >> Thank you, pleasure to be here. >> So, seasoned journalist, there's a lot to report. Cyber is great, we heard a great talk this morning around the national issues around the government. But businesses are also struggling, too, that seems to be the theme of this event, inaugural event. >> It really is a terrific topic that touches everything that we're doing, the way we live our lives today. So, yeah, this is a terrific event where some of the smartest minds dealing with it come together to talk about the issues. >> What's the top level story in your mind in this industry right now? Chaos, is it data, civil liberties, common threats? How do you stack rank in level of importance, the most important story? >> You know, it really is all of the above. I had the privilege to sit at lunch with General Keith Alexander. I've seen him speak before at different security events. So it was a small group of the keynote speakers, and Tom Kemp, the CEO of Centrify. And he just nailed it. He basically, what resonated with me was he said basically we're kind of like where we were, where the world was at the start of World War I, where Russia and Germany and England, we're all kind of lining up, and Serbia was in the middle, and nobody really knew the significance of what lay ahead, and the US was on the sidelines. And all these things were just going to converge and create this huge chaos. That's what he compared it today, except we're in the digital space with that, because we're moving into cloud computing, mobile devices, destruction of privacy, and then now the nation states, Russia is lining up, North Korea, and Iran. We are doing it too, that was probably one of the most interesting things that came at you. >> His rhetoric was very high on the, hey, get our act together, country, attitude. Like, we got a lot to bring to the table, he highlighted a couple use cases and some war stories that the NSA's been involved in, but almost kind of teasing out, like we're kind of getting in our own way if we don't reimagine this. >> Yes, he is a very great advocate for the private sector industry, but not just industry, the different major verticals like especially the financial sector and the energy sector to put aside some of the competitive urges they have and recognize that this is going on. >> Okay, but I got to ask you, as a journalist, Last Watchdog, General Alexander definitely came down, when he sort of addressed privacy, and Snowden, and the whole story he told about the gentleman from the ACLU who came in a skeptic and left an advocate. As a journalist whose job is to be a skeptic, did you buy that? Does your community buy that? What's the counterpoint to that narrative that we heard this morning? >> Well, actually I think he hit it right on the head. As a journalist, why I got into this business and am still doing it after all these years is if I can do a little bit to shed a little bit of light on something that helps the public recognize what's going on, that's what I'm here to do. And this topic is just so rich and touches everything. We were talking just about the nation state level of it, but really it effects down to what we're doing as a society, what Google, and Facebook, and Twitter, how they're shaping our society and how that impacts privacy. >> We were talking last night, Dave, about the Twitter, and Facebook, and Alphabet in front of the Senate hearings last week, and how it means, in terms, he brought it up today. The common protection of America in this time, given the past election, that was the context of the Google thing, really has got a whole opportunity to reimagine how we work as a society in America, but also on the global stage. You got China, Russia, and the big actors. So, it's interesting, can we eventually reimagine, use this opportunity as the greatest crisis to transform the crap that's out there today. Divisiveness, no trust. We're living in an era now where, in my life time I can honestly say I've never seen it this shitty before. I mean, it's bad. I mean, it's like the younger generation looking at us, looking at, oh, Trump this, Trump that, I don't trust anybody. And the government has an opportunity. >> Alright, but wait a minute. So, I'm down the middle, as you know, but I'm going to play skeptic here a little bit. What I basically heard from General Alexander this morning was we got vetted by the ACLU, they threw sort of holy water on it, and we followed the law. And I believe everything he said, but I didn't know about that law until Snowden went public, and I agree with you, Snowden should be in jail. >> John: I didn't say that. >> You did, you said that a couple, few years ago on The Cube, you said that. Anyway, regardless. >> I'm going to go find the archive. >> Maybe I'm rewriting history, but those laws were enacted kind of in a clandestine manner, so I put it out to both of you guys. As a citizen, are you willing to say, okay, I'll give up maybe some of my privacy rights for protection? I know where I stand on that, but I'm just asking you guys. I mean, do all your readers sort of agree with that narrative? Do all of The Cube? >> If you look at the World War I example the general, he brought up at lunch, I wasn't there, but just me thinking about that, it brings up a good perspective. If you look at reinventing how society in America is done, what will you give up for safety? These are some of the questions. What does patriotizing mean for if industry's going to work together, what does it mean to be a patriot? What I heard from the general onstage today was, we're screwed if we don't figure this out, because the war, it's coming. It's happening at massive speeds. >> Again, I know where I stand on this. I'm a law-abiding citizen. >> - Byron, what do you think? >> Go ahead and snoop me, but I know people who would say no, that's violating my constitutional rights. I dunno, it's worth a debate, is all I'm saying. >> It's a core question to how we're living our lives today, especially here in the US. In terms of privacy, I think the horse has left the barn. Nobody cares about privacy if you just look at the way we live our lives. Google and Facebook have basically thrown the privacy model-- >> GPS. >> That came about because we went through World War I and World War II, and we wanted the right to be left alone and not have authoritative forces following us inside the door. But now we don't live in just a physical space, we live in a cyberspace. >> I think there's new rules. >> There is no privacy. >> Don't try and paint me into a corner here, I did maybe say some comments. Looking forward the new realities are, there are realities happening, and I think the general illuminated a lot of those today. I've been feeling that. However, I think when you you define what it means to be a patriot of the United States of America and freedom, that freedom has to be looked through the prism of the new realities. The new realities are, as the General illuminated, there are now open public domain tools for anyone to attack the United State, industry and government, he brought it up. Who do they protect, the banks? So, this ends up, I think will be a generational thing that the younger generation and others will have to figure out, but the leaders in industry will have to step up. And I think that to me is interesting. What does that look like? >> I think leadership is the whole key to this. I think there's a big thread about where the burden lies. I write about that a lot as a central theme, where is the burden? Well, each of us have a burden in this society to pay attention to our digital footprint, but it's moving and whirling so fast, and the speaker just now from US Bank said there is no such thing as unprecedented, it's all ridiculous the way things are happening. So, it has to be at the level of the leaders, a combination, and I think this is what the general was advocating, a combination of the government as we know it, as we've built it, by and for the people, and industry recognizing that if they don't do it, regulations are going to be pushed down, which is already happening here in New York. New York State Department of Financial Services now imposes rules on financial services companies to protect their data, have a CSO, check their third parties. That just went in effect in March. >> Let's unpack that, because I think that's what new. If they don't do this, they don't partner, governments and industry don't partner together, either collectively as a vertical or sector with the government, then the government will impose new mandates on them. That's kind of what you're getting at. That's what's happening. >> It'll be a push and shove. Now the push is because industry has not acted with enough urgency, and even though they were seeing them in the headlines. California's already led the way in terms of its Data Loss Disclosure law that now 47 states have, but it's a very, I mean, that's just the level the government can push, and then industry has to react to that. >> I got to say, I'm just being an observer in the industry, we do The Cube, and how many events will we hear the word digital transformation. If people think digital transformation is hard now, imagine if the government imposes all these restrictions. >> What about GDPR? >> Byron: That's a good question, yeah. >> You're trying to tell me the US government is going to be obliged to leak private information because of a socialist agenda, which GDPR has been called. >> No, that's another one of these catalysts or one of these drivers that are pushing. We're in a global society, right? >> Here's my take, I'll share my opinion on this, Dave, I brought it up earlier. What the general was pointing out is the terror states now have democratized tools that other big actors are democratizing through the public domain to allow any enemy of the United States to attack with zero consequences, because they're either anonymous. But let's just say they're not anonymous, let's just say they get caught. We can barely convert drug dealers, multiple jurisdictions in court and around the world. What court is out there that will actually solve the problem? So, the question is, if they get caught, what is the judicial process? >> Navy SEALs? >> I mean, obviously, I'm using the DEA and drug, when we've been fighting drug for multiple generations and we still have to have a process to multiple years to get that in a global court. I mean, it's hard. My point is, if we can't even figure it out for drug trade, generations of data, how fast are we going to get cyber criminals? >> Well, there is recognition of this, and there is work being done, but the gap is so large. Microsoft has done a big chunk of this in fighting botnets, right? So, they've taken a whole legal strategy that they've managed to impose in maybe a half-dozen cases the last few years, where they legally went and got legal power to shut down hosting services that were sources of these botnets. So, that's just one piece of it. >> So, this World War I analogy, let's just take it to the cloud wars. So, in a way, Dave, we asked Amazon early on, Amazon Web Services how their security was. And you questioned, maybe cloud has better security than on premise, at that time eight years ago. Oh my God, the cloud is so insecure. Now it looks like the cloud's more secure, so maybe it's a scale game. Cloud guys might actually be an answer, if you take your point to the next level. What do you think? >> Correct me if I'm wrong, you haven't seen these kind of massive Equifax-like breaches at Amazon and Google. >> That we know about. >> That we know about. >> What do you think? Don't they have to disclose? >> Cloud players have an opportunity? >> That we know about. >> That's what I was saying. The question on the table is, are the cloud guys in a better position to walk around and carry the heavy stick on cyber? >> Personally, I would say no question. There's homogeneity of the infrastructure, and standardization, and more automation. >> What do you think? What's your community think? >> I think you're right, first of all, but I think it's not the full answer. I think the full answer is what the general keeps hammering on, which is private, public, this needs to be leadership, we need to connect all these things where it makes sense to connect them, and realize that there's a bigger thing on the horizon that's already breathing down our necks, already blowing fire like a dragon at us. It's a piece of the, yeah. >> It's a community problem. The community has to solve the problem at leadership level for companies and industry, but also what the security industry has always been known for is sharing. The question is, can they get to a data sharing protocol of some sort? >> It's more than just data sharing. I mean, he talked about that, he talked about, at lunch he did, about the ISAC sharing. He said now it's more, ISACs are these informational sharing by industry, by financial industry, health industry, energy industry, they share information about they've been hacked. But he said, it's more than that. We have to get together at the table and recognize where these attacks are coming, and figure out what the smart things are doing, like at the ISP level. That's a big part of the funnel, crucial part of the funnel, is where traffic moves. That's where it needs to be done. >> What about the the balance of power in the cyber war, cyber warfare? I mean, US obviously, US military industrial complex, Russia, China, okay, we know what the balance of power is there. Is there much more of a level playing field in cyber warfare, do you think, or is it sort of mirror the size of the economy, or the sophistication of the technology? >> No, I think you're absolutely right. There is much more of a level playing field. I mean, North Korea can come in and do a, this is what we know about, or we think we know about, come in and do a WannaCry attack, develop a ransomware that actually moves on the internet of things to raise cash, right, for North Korea. So there, yeah, you're absolutely right. >> That's funding their Defense Department. >> As Robert Gates said when he was on The Cube, we have to be really careful with how much we go on the offense with cyber security, because we have more to lose than anybody with critical infrastructure, and the banking system, the electrical grid, nuclear facilities. >> I interviewed a cyber guy on The Cube in the studio from Vidder, Junaid Islam. He's like, we can look at geo and not have anyone outside the US access our grid. I mean, no one should attack our resources from outside the US, to start with. So, core network access has been a big problem. >> Here's something, I think I can share this because I think he said he wouldn't mind me sharing it. At the lunch today, to your point that we have more to lose is, the general said yeah, we have terrific offensive capability. Just like in the analog world, we have all the great bombers, more bombers than anybody else. But can we stop people from getting, we don't have the comparable level of stopping. >> The defense is weak. >> The defense, right. Same thing with cyber. He said somebody once asked him how many of your, what percentage of your offensive attacks are successful? 100%. You know, we do have, we saw some of that with leaks of the NSA's weapons that happened this year, that gone out. >> It's like Swiss cheese, the leaks are everywhere, and it's by the network itself. I ran into a guy who was running one of the big ports, I say the city to reveal who it was, but he's like, oh my God, these guys are coming in the maritime network, accessing the core internet, unvetted. Pure core access, his first job as CIO was shut down the core network, so he has to put a VPN out there and segment the network, and validate all the traffic coming through. But the predecessor had direct internet access to their core network. >> Yeah, I think the energy sector, there's a sponsor here, ICIT, that's in the industrial control space, that I think that's where a lot of attention is going to go in the next couple of years, because as we saw with these attacks of the Ukraine, getting in there and shutting down their power grid for half a day or whatever, or with our own alleged, US own involvement in something like Stuxnet where we get into the power grid in Iran, those controls are over here with a separate legacy. Once you get in, it's really easy to move around. I think that needs to be all cleaned up and locked down. >> They're already in there, the malware's sitting in there, it's idle. >> We're already over there probably, I don't know, but that's what I would guess and hope. >> I don't believe anything I read these days, except your stuff, of course, and ours. Being a journalist, what are you working on right now? Obviously you're out there reporting, what are the top things you're looking at that you're observing? What's your observation space relative to what you're feeding into your reports? >> This topic, security, I'm going to retire and be long gone on this. This is a terrific topic that means so much and connects to everything. >> A lot of runway on this topic, right? >> I think the whole area of what, right there, your mobile device and how it plugs into the cloud, and then what that portends for internet of things. We have this whole 10-year history of the laptops, and we're not even solving that, and the servers are now moving here to these mobile devices in the clouds and IOT. It's just, attack surface area is just, continues to get bigger. >> And the IT cameras. >> The other thing I noticed on AETNA's presentation this morning on the keynote, Jim was he said, a lot of times many people chase the wrong attack vector, because of not sharing, literally waste cycle times on innovation. So, it's just interesting market. Okay, final thoughts, Byron. This event, what's the significance of this event? Obviously there's Black Hat out there and other industry events. What is so significant about CyberConnect from your perspective? Obviously, our view is it's an industry conversation, it's up-leveled a bit. It's not competing with other events. Do you see it the same way? What is your perspective on this event? >> I think that it's properly named, Connect, and I think that is right at the center of all this, when you have people like Jim Ralph from AETNA, which is doing these fantastic things in terms of protecting their network and sharing that freely, and the US Bank guy that was just on, and Verizon is talking later today. They've been in this space a long time sharing terrific intelligence, and then somebody like the general, and Tom Kemp, the CEO of Centrify, talking about giving visibility to that, a real key piece that's not necessarily sexy, but by locking that down, that's accessing. >> How is the Centrify message being received in the DC circles? Obviously they're an enterprise, they're doing very well. I don't know their net revenue numbers because they're private, they don't really report those. Are they well-received in the DC and the cyber communities in terms of what they do? Identity obviously is a key piece of the kingdom, but it used to be kind of a fenced off area in enterprise software model. They seem to have more relevance now. Is that translating for them in the marketplace? >> I would think so, I mean, the company's growing. I was just talking to somebody. The story they have to tell is substantive and really simple. There's some smart people over there, and I think there are friendly ears out there to hear what they have to say. >> Yeah, anything with identity, know your customer's a big term, and you hear in blockchain and anti-money laundering, know your customer, big term, you're seeing more of that now. Certainly seeing Facebook, Twitter, and Alphabet in front of the Senate getting peppered, I thought that was interesting. We followed those guys pretty deeply. They got hammered, like what's going on, how could you let this happen? Not that it was national security, but it was a major FUD campaign going on on those platforms. That's data, right, so it wasn't necessarily hacked, per se. Great stuff, Byron, thanks for joining us here on The Cube, appreciate it. And your website is lastwatchdog.com. >> Yes. >> Okay, lastwatchdog.com. Byron Acohido here inside The Cube. I'm John Furrier, Dave Vellante, we'll be back with more live coverage after this short break.

>> Narrator: Live from Las Vegas. It's theCUBE. Covering VMworld 2017. Brought to you by VMware and its ecosystem partners. >> Hi I'm Stu Miniman joined by John Troyer and we're at VMworld 2017. This is SiliconANGLE Media's production of theCUBE, the worldwide leader in live tech coverage. The show's hashtag is #VMworld. There's also a lot of sub-hashtags, so if I was going to make this one the VMworld three word, it's developers, developers, developers. Happy to bring onto the program first time guest Byron Schaller, who is the DevOp's practice lead at RoundTower and Rebecca Fitzhugh, who's Technical Marketing Engineer at Rubrik. Thank you both so much for joining us. >> Thank you for having us. >> Alright, Byron, I want to start with you. Both of you I've known through the community for a bunch of years but tell ya, how long have you called yourself a developer and, you know, tell us a little bit about what you do these days. >> These days I'm more of a friend to developers, I think, than an actual real developer myself but I started writing code professionally 20 years ago. I've been, kind of in an Ops role, and went back into Dev, and now try to help really bridge that gap and get Ops folks to write better code, and get Dev folks to have some more sympathy and empathy I guess for the Ops side as well. Try to get them to play nice together. >> Yep, but Byron, those of us who haven't been in tech in a while, last time I was coding we called it programming. (Byron laughing) So, I thought that shift happened like 15 years ago. But, Rebecca, tell us a little bit about your background, how you fit into the DevOps community. >> So I would say I am more of Dev adjacent. So I work in Technical Marketing as an Engineer at Rubrik, so while I do write some code and help with some of the integrations, I'm primarily public facing and helping evangelize our software, and work hand-in-hand with the developers as well. >> Absolutely, and maybe talk a little bit about that, you know, we know the Virtualization community, what's different about the developer community, and DevOps versus kind of the traditional administrators? >> One of the things that I've noticed that, in my opinion, is the difference between the events, like comparing VMworld to a DevOpsDay. VMworld is very technically focused, a lot of time. And when I go to DevOpsDays, I always notice they make an effort to show sessions on culture, and to talk a lot about culture of development, and what we can do better as a community. >> What's the connection here, between VMworld and the developer community, right? We're the VMworld has been, I dunno, how many VMworld's have there been Stu? We've been, there's been 15 of them or something? At least. So, very operationally focused, IT people who call themselves IT, operators maybe, even broader than that, Enterprise Architects, and now, we've been talking about DevOps for a few years. So, maybe, Byron, what's the relationship of DevOps to the VMware community? >> It really comes down to the API integration. And at what point do you stops being an Ops person if you're writing a bunch of API code, and you become a developer. That's become a lot fuzzier lately. >> Are you saying Ops people have to become developers? >> They don't have to, but a lot of them are going that way. There's API explorers now that make it really easy to write rest calls and things like that to kick off jobs, and it just makes their lives easier to adopt that trend. It's not that they have to, but if they want to, it's definitely there and moreso than it ever has been. >> Yeah, I definitely think that we're seeing more and more large enterprises, Microsoft, VMware and so on, moving away from kind of this proprietary model, and more into an open model where they want their APIs to be consumed, they want you to help improve their product, and they want you to write code that integrates with their software. >> I have another question about DevOps, right? So, developer plus operations, and breaking down that wall. Can you do DevOps if you don't Dev, right? There are IT shops that just consume packaged software, and they run them, and they do things in the cloud, and they do everything else, but that particular company doesn't make bespoke software, at least they don't think they do. So, can you do DevOps without Dev? >> No. >> Okay. >> So, it really comes down to the fact of most everyone writes code whether they think they do or not. They may not write core business apps, but they could write a lot of other integrations, or they have off-the-shelf software that they write customized reports for, whatever, but there is something going on, something is being created. And as long as you have that thing being created, you can have a DevOps model. But I think it's a lot broader than just in-house applications at this point. >> I mean even if you were writing a script, you're writing code, right? If you're creating Power Serialized scripts or PowerShell scripts to automate something in your environment, that's code. And that would absolutely fall into that DevOps mindset. >> Speaking of the show itself, I know a couple of years ago they had a little breakout with keynotes, and they've done some sessions, my understanding there isn't a dedicated developer track or mini Dev show inside of it. So what do the developers or people do in DevOps, what's attractive to them here at the show? >> There's always the hallway track, right? And then there's the side events like the vBrownBag, things like that where you see a lot people talking about Ansible and other things like that, that you won't see on the show floor itself. And I think with the hackathon tonight, and lots of stuff like that, there's a lot of adjacent activities that are very much worthwhile. >> You mentioned the hackathon, you participated last year, if I remember right, you won, your team won the hackathon. So, tell us a little bit about that experience, this is the third year they're doing it, so-- >> It was great, I mean it was just nice to see a lot of folks in the community come together to build interesting things out of nothing, in like three hours, and that's, doing that itself is just really kind of amazing to me, but then those projects, a lot of them have carried on and gotten adoption, and now there's going to be some things created long term, because of this one interaction. I think that's just really special. >> When I've loved to see the difference between last year and this years, I felt, while last year was amazing, and seeing the people write these scripts and these codes, it felt like it was a lot of shooting from the hip, and what I've noticed this year is that there's been a lot of pre-work done by these teams, these groups, that they've been talking and communicating for weeks, planning what they're going to code tonight. That's very exciting. >> The code program Code by VMware, I think they call it, it actually is expanding, they're doing a lot to touch both developers and kind of the API side of the IT, more traditional IT side. Rebecca, one way to characterize DevOps, or one element is I say part of DevOps would be time to value, right? Rapid time to value, we don't plan for a year, sit in a war room, and like hope we don't lose our jobs when we push the button to launch, you know, the next generation of whatever we're about to launch, right? We've recognized that's a hard way to go about launching something, so instead, we're more iterative, smaller bites, faster time to value. As you go out and talk with IT pros, like again, your commercial side, right? You have a product that has fast time to value, I mean, how much of a mindshift is having to happen inside IT where you can go, "Oh no, I could set this up in an afternoon, "and maybe I could write some code around it "over the next couple weeks," rather than, "I got to plan this out for a year "before I do anything." >> Yes, I mean I think we're definitely moving from kind of a bureaucratic type of development to more of an agile, where we have to iterate, and so, like in my experience, prior to joining Rubrik, I was very involved with VMware and did lots of virtualization stuff, and you would have like one major release a year. Right, and then a couple of updates, and there's a lot of planning that would go into it, and involved, and that gave a lot of lead time. And now, like working with Rubrik, we're on like a quarterly release cycle, and so we're just constantly, so I think a lot of its mindset. So, I don't want to say it's shooting from the hip because it's not, but it's just adapting and moving forward, and then getting ready for the next thing. There's not time to question and plan, it's we're doing this, and let's do it now. >> The thing I'd noticed is just in conversations and in the keynote, APIs were brought up more this year than I remember in previous years, you know you brought up the VMware Code Team, they've been doing the flings now for a couple years, so even if it might not be developer centric, it seems like they're adopting some of the things that you know, are attractive to what the developer community would do. >> Yeah, and there's a lot of really good marketing going on there too, especially around flings. Flings are great, and there are so many useful tools there, that people just don't know about until they get the press, and now that they're talking about it, there's a really great community built up around it, especially with VMware Code, I think is a great initiative, there's an awesome Slack channel that they have, and just getting the word out, more than word of mouth, and getting that stuff in the keynotes is so key to helping reach everybody else who's not already there. Word of mouth only goes so far when you have like the CEOs getting up there and talking about this as a core initiative, that's really important, we need to see more of that. >> Anything specific around the flings you could highlight, like you know, this one was really cool and it turned into something, or? >> The HTML5 client was a fling forever, and it was so much better than the actual web client. >> And now it's becoming the actual official supported client, and the older client is going away, finally. >> Yeah. >> Everyone's happy about that. >> It's very, there's stats feeder, is a super cool one that not many people know about but you can get all this information out of your vCenter, pump it into some kind of like noSQL database, and make these really creative reports, that just, there wasn't a way to do that before that existed, and something like that's really cool. >> Byron, as you go out and talk to IT pros and IT departments, you're trying to be a trusted adviser, you're bringing along a team from your company, are there elements of cultural change or kind of adaptability that when you go into a conference room and start giving your first presentations, and the questions that get asked, do you sometimes you go, what are the signs that you're going to go, "Oh this is going to go well," versus "Hoo boy, these folks are not ready yet." >> So we try to ask some probing questions to kind of pick a fight to be totally, not really pick a fight, but see who's going to take the bait, right? And then how communication resolves itself. And seeing that pattern happen, you know, okay, there's something missing or something as far as how the team constructed that leads to this animosity, right? Find that out as fast as possible, and then find a way to remediate that, is how you get that cultural change. But until you actually see it organically, it's hard to say well you know, just be more empathetic and hug it out, that all sounds nice, but you've got to really find what the dynamic is that's causing the tension or breakdown. >> John: Are there any particular signs that you could point to-- >> Yelling is a good one. (laughing) >> On a positive sign or a negative sign? >> Both sometimes. >> That group's not invited to this meeting, right? >> It's just a lot of finger pointing, it's a lot of you can tell they don't talk. And a lot of it starts with just having a conversation on a daily basis of what do you do, what's your job, how can I understand that, have that empathy, cause until you have that empathy, no one's going to care. And once you build up that, and get this understanding that, "Oh, what you do is valuable to the business as well," then people start to actually, you know, work, or I dunno, be friends or something at work, I don't know, it's really important to build that up. >> Byron, your title has DevOps in it, because you're addressing a function, but should there be people inside IT groups with a DevOps in their title, if you're here at VMware, and you're kind of coding, and you're a little bit interested in that, should you be looking for something, a title of DevOps? >> I think anybody can do DevOps. And I think that's something that we need to change our mindset on. I hear a lot of people say, "Why would I join the VMware Code community, "I don't write code," and it's, anybody can write code. It doesn't have to be the most beautiful elegant code in the world, you just creating a script, you've done it. Now contribute. Put your work on Github, let other people use it. You consume from other people, it's a community of sharing, share. >> That's great. >> It's all about contribution, right? It doesn't have to be code, you can write documentation, you can work on bug reports, there's so many things you can do that are not code related, that people can give back with. That's the important thing there. >> Reminds me a lot of just some of the discussion we've been having about community in general for a while. Rebecca, we're here at a big show, 20,000 plus people, do you spend all your time at meet-ups though, how do you deal with reaching kind of a broad community, or is it kind of smaller, more intimate things? >> I try and balance both, because I have obviously work obligations and I have speaking obligations, and then, but I do try and spend time one-on-one with people as well as at group functions, so I personally like to get out of my comfort zone, so like that was one of the big reasons I attend certain events, like the hackathon last year. My code is rudimentary. I don't want to pretend like I'm some amazing developer, but that was me getting out of my comfort zone and interacting with that community, because I knew that was a community I wanted to be more a part of. >> I guess the question is too, from like, your marketing role-- >> Mm-hmm. >> Do you have to go reach out to those thousands of meet-ups or, you know, how do you balance that kind of small versus large? >> So, yeah, I think like in a large group it becomes sort of an echo chamber in a way, where it's more of you talking at them than talking with them. I personally prefer to be in smaller type sessions, as well as one-on-one type discussions. I think we get more out of it that way. >> You mentioned DevOpsDays, that's a group independently organized, all over the world, kind of a meet-up user group on steroids all day, you've been to some of those as you said and that-- >> Yes, so one of the things I noticed from DevOpsDays that's different than a lot of user groups, is that a lot of user groups will jam pack the schedule, and you might have a 15 minute break there, and you have lunch, and that's it. Maybe a social hour afterwards. DevOpsDays, a lot of them create free spaces, of an hour, two hours, and sometimes, I think the one, I'm attending one in Detroit, in September, and I was looking at the schedule, and I think there's a three hour block of just talk to people, go and find your little community of people, talk to them, spend time with them, and then move onto another community and get to know each other. >> Byron, anything in open source community, and how it is different than, a little bit maybe, than this one here? >> The V community, if you want to call it that, it has been built up, is very unique, from an enterprise software standpoint, no other enterprise software company has what VMware has with that. It is a lot like the open source community, you go to something like OzCon or something, there's the same kind of interactions, the same kind of feel that we have here. >> John: Helping each other. >> Yes, I mean it's all about reaching out saying, "I don't know how to do this, someone help!" And, people saying, "Okay, this worked for me. "This hasn't." And just that feedback loop, and once you pay that forward to five more people, that's just really really great. You see it with the hang space here, the community, the sessions and things here, there are just so many people that want to volunteer and give back, there's not enough time to hear them all speak. And that's awesome. >> That's why we have things like vBrownBag. >> Yeah, right. >> Contribute there. >> There's so many different aspects of what's going on at the show, I'm curious if you have any, if you were talking to VMware and say, "Hey, next year, VMworld, you know, you should do this." Anything you'd like to add? >> Hmm. That's a really good question. >> That is a very good question. >> I mean firstly I'd love to see more developer track type items, especially as VMware is moving towards more consumable APIs in their platform, so I'd like to see more in that realm. >> Yeah, there could always be more work around that. I think I'd like to see more interaction, from the VMware Devs themselves. Talking about stuff going on, inside VMware, as much as they can I guess. That'd be super interesting, you don't see a lot of behind the curtains stuff here. And I think that'd be neat to see more of that. >> Yeah, I always love to look at the kind of similarities and differences between those communities. We do, we've done Red Hat Summit for a number of years, I'm going to be at the Open Source Summit, you know, coming up soon, we're at Amazon re:Invent, where the enterprise folks and the developers always argue about which keynote for them versus the other person, and striking that balance is always tough. Well, Byron, Rebecca, thank you so much for joining us here, really appreciate your insights onto what's happening in the community, and thanks for all you're doing there. For John Troyer, and I'm Stu Miniman, we've got lots more coverage here in three days of theCUBE at VMworld 2017. Thanks for watching theCUBE. (upbeat music)

>>Um, >>Welcome to common volt connections. My name is Dave Volante, and we're going to dig into the changing security landscape and look specifically at ransomware and what steps organizations can take to better protect their data, their applications, and their people. As you know, cyber threats continue to escalate in the past 19 months, we've seen a major shift in CSO strategies, tactics and actions as a direct result of the trend toward remote work, greater use of the cloud and the increased sophistication of cyber criminals. In particular, we've seen a much more capable well-funded and motivated adversary than we've ever seen before. Stealthy techniques like living off the land island, hopping through the digital supply chain, self forming malware and escalations in ransomware attacks, necessitate vigilant responses. And we're super pleased today to be joined by Dave Martin. Who's a global chief security officer at ADP. Dave. Welcome. Good to see you. >>Thanks for having me today. It's >>Our pleasure. Okay. Let's get right into it as a great topic. I mean, ADP, we're talking about people's money. I mean, it doesn't get more personal and sensitive than that maybe healthcare, but money is right there on the priority list, but maybe you could start by telling us a bit about your role at the company, how you fit into the organization with your colleagues like the, you know, the CIO, the CDO. Maybe describe that a bit if you would. >>Yeah, absolutely. So we're somewhat unusual in both banks structure and we, one of the ways is aware a I have a very converged organization. So my responsibility extends from both the physical protection of kind of buildings, our associates, um, travel safety through fraud that we see in, uh, attempted in our products all the way through to I'm more traditional, a chief security officer, um, in the cyberspace. And, uh, the other thing that's a little bit unusual is rather than reporting into a technology organization. I actually report into our chief administrative officer. So my peers in that organization now, our legal compliance, uh, so we, it's, it's a great position to be in the organization and I've had various different reports during my career. And there's always a lot of debate in, uh, in, uh, with my kids about where's the best place for the report. And I think they always come back to, it's not really where you report it's about those relationships that you mentioned. So how do you actually collaborate and work with the chief data officer, the CIO, the head of product, the product organization, and how do you use that to create this kind of very dynamic Angela falls to defend against the threats we face today? >>Yeah. Now, so let's just want to clarify for the audience. So when you talk about that converged structure, oftentimes if I, if I understand what your point is that the network team might be responsible for some of the physical security or the network security, that's all under one roof in your organization, is that correct? >>So a lot of the controls and operations, something like firewalls is out in the CIO organization. Um, but the, the core responsibility and accountability, whether it's protecting the buildings, the data centers, the, uh, the data in our applications, the, uh, kind of the back office of all the services that we use to, to deliver value to our clients and kind of the same things that everyone has, the, uh, the ERP environments. Now, all of that, the protecting those environments rolls up to my team from an accountability and governance. >>Got it. So, I mean, as I was saying upfront, I mean, the, the acceleration, we all talk about that acceleration that compression, the force March to digital and that that's solar winds hack. It was like a Stuxnet Stuxnet moment to me. Cause it's signaled almost this new level of excellent escalation by cybercriminals and that had to send a shockwave through your community. I wonder if you could talk about at a high level, how did that impact the way that CSOs think about cyber attacks or, or did it >>Well, I think we're, we're very used to watching the outside world kind of adversaries don't stand to sell our businesses. Don't stand still, so we're constantly having to evolve. So it's just another call to action. How do we think about what we just saw and then how do we kind of realign the controls that we have and then how do we think about our program there, food that we need to address? >>Yeah. So we've seen, uh, when we talk to other CSOs, your colleagues, we, we, they tell us we've made a big sort of budget allocation toward end point security cloud identity, access management, uh, and, and obviously focus on a flatter network. And of course, ransomware, how have you shifted priorities as a result of sort of the last, you know, the pandemic 19 months? >>Yeah, definitely seeing that shift in kind of the necessity of working from home and kind of thinking by what tools that we need to get to our associates, um, to really make them successful. And then also keep our, uh, the integrity of our data and the availability of our services in that new model. And so we've made that shift in technology and controls, reinforced a lot of things that we already had. One thing thinking about the supply chain change that we saw out of SolarWinds is thinking about ransomware defense prior to that was very much around, uh, aligning the defenses within the perimeter of your network, a within the cloud environments. And I really thinking about where do I am inside that environment? Where do I exchange files from what connectivity do I have with partners and suppliers? What services do they provide, um, to support us as an enterprise and what's going to happen if they're not there at a minimum, but then what happens if they have a, some kind of a channel for that can actually drive some of this malware and spread into the network or via some of those file transfer, make sure we really sure shored up the controls in that area, but the, the response is actually part of that. >>How am I gonna react? When I hear from even applying, we're a very customer service focused company, we want to do whatever we can to help. And the instinct of one of our frontline associates, Hey, send, send me that Excel file. I'll take care of it. So now yet we still want to help that client through, but we want to think through a little bit more before we start sharing a, uh, an office file back and forth between two environments, one of which we know to be home, >>Right. That's interesting what you're saying about the change in just focus on the perimeter to the, the, the threats, you know, within, uh, without et cetera, because you don't even need a high school degree or, you know, gray diploma to be a ransomware attacker. These days, you could go on the dark or dark web, and if you're bad, bad person, you can hire ransomware as a service. If you have access to a server credentials, you know, you can do bad things and hopefully you'll end up in handcuffs, but, but that's a legitimate threat today, which is relatively new in the way in which people are escalating, whether it's, you know, crypto ransoms, et cetera, really do necessitate new thinking around or ransomware. So I wonder if you could talk a little bit more about, you know, the layered approach that you might take the air gapping, uh, be interested to understand where Convolt fits in to the, to the, to the portfolio, if you will. >>Sure. And really it's thinking about this in depth and you're not going to be able to, uh, to protect or recover everything. So really understanding, first of all, that, of what is most important to be able to maintain service, what data do you do you need to protect and have available armed with that? Now you can go through the rest of the nest cyber security framework and main things. You're doing the best for prevention, uh, for the detection and response in that area. And then kind of really, uh, interesting when we get to the recovery phase, both from a Convolt perspective and in many tanks where we really want to focus on prevention, but ultimately we'll likely to see a scenario. And even in some small part of our environment, whereas some kind of attack is effective and there, where we're back to that recovery step. >>And we don't want them to be the first time we're testing those backgrounds. We don't want to be the first time that we figured out that those backups have been on the network the whole time, and they can't be used for recovery. So partnering with everyone in the environment, it takes a village to defend against this kind of threat, getting everyone engaged the experts in each of these fields to make sure that we're thinking they understand that this threat and how real it is and what their role is going to be in setting up that protection and defense, and then calm that dark day that we all hope will never happen. What's the, when do you need them? When do you need them to be doing so that you can get back to a restoration and effective operation sooner possibly >>Yeah. Hope for the best plan for the worst. So it's a big part of that is education. Um, and of course the backup Corpus is an obvious target because everything's in there. Uh, but before we get into sort of the best practice around that, I wanted to ask you about your response, because one of the things that we've seen is that responses increasingly have to be stealthy, uh, so that you don't necessarily alert the, the attackers that you know, that they're inside. Is that sort of a new trend and how do you approach that? >>Yeah, I mean, it's always, it's always a balance depending on the type of data and the type of attack as to kind of heroine kind of violent and swept. And obviously you have to be to be able to protect the environment, protect the integrity of the data, and then also balance the games kind of tipping off the attacker, which could potentially make things worse. So always a conversation depending on the different threat type, um, you're going to have to go through. And it really helps to have some of those conversations up front to have tabletops, not just at a technical level to make sure that you're walking through the steps of a response to make it as seamless and quick and effective as possible, but also having that conversation with leadership team and even the board around the kind of decisions they're going to have to make and make sure that youth, that wherever possible use scenarios to, uh, to figure out what are some of those actions that are likely to be taken and also empower some teams. It's really important to be able to act autonomously and quickly you, uh, you don't want to be at 2:00 AM kind of looking for, uh, for the CEO or kind of the executive team to get them out there to make a decision. Some of these decisions need to be made very quickly and very effectively, and you can only do that with empowered upfront and sometimes even automated processes to do them. >>Dave, describe what you mean by tabletops. I presume you're talking to a top-down view versus sort of being in the weeds, but that's some color to that, please. Yeah, >>Yeah, definitely. It literally is kind of getting everyone around the table and at ADP, at least once per year, we actually get the full executive team together and challenge them with a scenario, making sure that they're working through the problem. They know what each of their roles are at the table. And I am lucky to have a fantastic leadership team. We're actually very practiced. We've done this often enough now that they really pull apart really hard problems and think about what that decision is going to mean to me. So come that dark day, if it ever does, then they're not kind of challenged by the never thought they don't they've understand the technical background of why being asked to make a decision to the limitations of what they're responsive to may be. >>So a lot of people in process goes into this, always the case, but let's talk a little bit about the tech. Eventually the backup Corpus is an obvious target before. What are some of the best tech practices in terms of protecting, whether it's that backup Corpus other data, uh, air gaps, maybe you could give us some guidance on that front. >>Sure. Hey, we're not going to be able to protect our things or focus on those favorite children is the, uh, the best advice up front to think about the, uh, the critical components that enabled me to bring things up easy, to go focus on that critical data and that most important half that everyone in the company understands, but all that cannot even start. If you don't have the foundation, the network's not up and running your authentication. So it's good to get a focus, some elements and practice that technical tabletop setting of what, how do you go through recovering an active directory forest bank to a known, trusted state because that's one of the foundations you're going to need to build. Anything else back off on the backup side is made sure that you don't use the same credentials that the, your backup administrators use everyday make. >>There's only the smallest number of people have access to be able to control the backpacks if at all possible and, uh, combo and many backup solutions in there and make sure they're using a second factor authentication to be able to get into those systems and also make sure that some of the backups that you have are kind of offline air gaps can be touched. Uh, and then also think about the duration, talk about the attack, being very smart and determined. They know how enterprises prepare and respond. So think about the, uh, how long you're retaining them, where you're retaining some of the backups, not just incremental is to be able to phone you restore a system, basically from ban that whole from backslide. >>And you're using Convolt software to manage some of this, this, this capability is that right? I'm sure you have a bevy of tooling, but yeah, >>We have a wide range of toning >>And somebody said, consultants said to me the day, you know, Dave, I'm thinking about advising my clients that their air gap process should be air gapped. In other words, they should have him as sort of a separate, you know, remote removed from the mainstream process, just for extra protection. And I was like, okay, that's kind of interesting, but at the same time then do they have the knowledge to get back to, you know, a low RPO state? What do you think about about that? >>So the challenges of any kind of recovery and control design is like making sure that you're make, not making things overly complex and introducing other issues. And also other exposures you're moving out of your normal control environment that you have a 24 by 7, 365 set of monitoring. The more creative you get and you prance are in danger of kind of having control erosion and visibility to that other state. Um, but it is really important to think about even at the communication level, um, is in this kind of attack, you may not be able to rely on email kind of teams, all the common services you have. So how are you actually going to communicate with this village? It's going to take, to recover, to be able to, uh, work through the process. So that's definitely an area that I would advocate for having offline capabilities to be able to have people react, gather, respond, plan, and control the recovery. Even though the, uh, the main enterprise may not be currently function. >>I wonder if I could pick your brain on another topic, which is, you know, zero trust prior to the pandemic. A lot of times people would roll their eyes. Like it's a buzzword, but it's kind of become a mandate where people are now talking about, you know, eliminating credentials to talking about converging identity, access management and governance and privilege access, access management. I mean, what are those, some of the sea changes you see around so-called zero trust. >>Yeah. I think kind of zero trust has become that kind of call to action buzzword. But these concepts that are embodied in zero trust journey are ones that have been around for forever least privilege. And it's how we think about that. You can't go buy a product that I like. I'm just implemented zero trust. How do you think strategically about way you take your starting point and then go on this journey to kind of increase the, uh, the various tools that start to limit improve the segmentation, not only from a network standpoint, from a service standpoint, from an identity standpoint and make sure you're embracing concepts like persona so that you start to break up the, uh, may not get to zero trust anytime soon, but you're able to get less and less trust in that model and to think about it in many different worlds. >>Think about your product access. If you're a service provider company, like we are as well as kind of the internal employee, uh, context. So there's many, um, elements, it's a complex journey. It's not something you're going to buy off the shelf and go implement. But it's one that you're going to have to, again, partner with those other stakeholders that you have because there's user experience and client experience components of this journey, some of which are actually quite positive. Uh, you mentioned penciled us as one of those components in the gym. Certainly something that actually has a better user experience and also can offer a, a better security and freedom from the traditional passwords that you've come to love to hate >>Dave. I know you're tight on time. I got two more questions for you. One is what is the CSOs number one challenge. >>Wow, that's a getting enough slate now. Um, and then he is just staying current with that business environment, that threat environment and the available tool sets and making sure that we're constantly working with those partners that we keep describing to chart that course to the future. So that we're, this is a race that doesn't have a finish line. The marathon gets a little bit longer every year and bringing my peers on and making them understand that it's easy to get fatigued and say, ah, don't worry. Tell me what I've done when we finished this initiative. It's just keeping everyone's energy up and focus on a very long then >>One a and that question, if I may, is, is many organizations lack the talent to be able to do that. You may not, you may, you may have a firmer, but the industry as a whole really lacks the skills and the talent, and really, that's why they're looking to automation. How acute do you see that talent shortage? >>It's definitely there. And I think it's important to realize that the, uh, back to that village concept, everybody has a play here. So what is a smaller, uh, available talent born in the, uh, the security industry is we've really got to be that call to action. We've got to explain why this is important. We've got to be the consultants that have lead brew. What changes are we going to need to make, to be successful? It's tempting to say, oh, they'll never do that. And they're like, we've got to do it ourselves. We will never be successful. And just being the security team that tries to do everything, it's bringing everyone along for the journey. And part of that is just going to be this constant socialization and education of what they need to do and why it's so important. And then you really will build a great partnership. >>My last question, I was kind of been keeping a list of Dave's best practice. I say, obviously, the layered approach you want to get to that NIST framework. There's a lot of education involved. You've got to partner with your colleagues that tabletops executive visibility. So everybody knows what their role is. Kind of the do your job. You've got to build zero trust. You can't just buy zero trust off the shelf. And, and, and, uh, so that is my kind of quick list. Am I missing anything? >>I think that's pretty good. And then I'm just in that partnership, you guys have it, this is a tiring, a hard thing to do and kind of just bringing everyone along or they, they, they can help you do so much, especially if you explained to them how it's going to make that product better. That was going to make that client experience better. How it's going to mean for the CIO, the internal associate experience about it, that this isn't just a Byron adding friction into a, an already challenging environment, >>You know, like frontline healthcare workers, the SecOps pros are heroes. Day-to-day, you don't necessarily hear a lot about the work they're doing, but, uh, but Dave, we really appreciate you coming on and sharing some of the best practices. And thank you for the great work that you guys are doing out there. And best of luck. Thanks for the exchange has been a pleasure. All right. And thank you for watching everybody. This is Dave Volante for the cube. Keep it right there.

(upbeat music) >> Hello, welcome to this CUBE conversation. I'm John Furrier your host of theCUBE here in our Palo Alto studio. We got a great conversation with the CEO of Lacework, David Hatfield. Who's in on theCUBE remote. David great to see you guys, a security platform at Lacework, you're at the helm as CEO. Welcome to theCUBE conversation. >> Thank you, John. Great to see you congrats to you and the team and all the success. I think what you guys are doing is really important so happy to be part of it. >> Great to have you in the community and you guys are doing great work. I know about Lacework I've done some due diligence on you guys. I love your business model, but for the folks who don't know what you guys do, take a minute to explain who is Lacework? What do you guys do? What's your positioning? And what's your focus? >> Yeah, well, we're a modern data security platform for the cloud. And so I think data science meets cloud security ultimately. The company has been around since 2015. We received one of the largest financing rounds that we're aware of I think in history in security business, $525 million in January. Led by Sutter Hill Ventures which many people may know about they founded PureStorage with the notion that we're going to go fundamentally change and revamp the ownership model for a high speed data storage using flash versus using spinning disc drives. I spent eight years with that company. Love with what we built there. Then Mike Speiser considered an investment in a company called Snowflake computing. I think you're aware of what Snowflake does which is bringing data warehousing into the cloud. And the third big investment that Sutter Hill made is really to help disrupt security, and that's in Lacework. So north of a billion dollar valuation a 300% year over year growth and have a ton of momentum. So at the core of what we do, it's really trying to merge, when we look at we look at security as a data problem, security and compliance the data problem. And when you apply that to the cloud, it's a massive data problem. you literally have trillions of data points across shared infrastructure that we need to be able to ingest and capture and then you need to be able to process efficiently and provide context back to the end-user. And so we approached it very differently than how legacy approaches have been in place, you know largely rules-based engines that are written to be able to try and stop the bad guys. And they miss a lot of things. And so our data-driven approach that we patented is called a polygraph. It's a, it's a security architecture and there are three primary benefits. It does a lot of things, but the three things that we think are most profound first is it eliminates the need for, you know dozens of point solutions. I was shocked when I, you know kind of learned about security. I was at Symantec back in the day. And just to see how fragmented this market is, it's one of the biggest markets in tech. $124 billion in annual spend growing at, to $300 billion in the next three years. And it's massively fragmented. And the average number of point solutions that customers have to deal with is dozens. Like literally 75 is the average number. And so we wanted to take a platform approach to solve this problem where the larger the attack surface that you put in the more data that you put into our machine learning algorithms the smarter it gets and the higher, the efficacy. So eliminating point solutions is his value proposition one. Point two is that we have to be 10 X better than everybody else in the business. Otherwise the merchant companies don't get a breakout and become long and during companies. And so there's a number of different dimensions. The first dimension that I think is probably the most important is efficacy, you know in anomaly detection or in, you know threat detection where you're trying to identify what risks we have in the business. It's, it's generally a very noisy activity. And so rules-based approaches on average will produce a hundred alerts to our one or two. Those, the signal to noise ratio, is, is, you know is a massive a 100x, but call it 10x a reduction. And so we're actually delivering the needle versus the haystack for security administrators and dev developers to actually solve the problem. So it's 10x, higher efficacy it's 10x faster to be able to resolve the problems. And obviously the ROI is, is a no-brainer because you're eliminating all these points which is in having to manage it. And the third, and probably the thing that I'm most excited about what we're doing and what our customers are already realizing is that we're transforming security and compliance teams from kind of compliance into business enablers. when you automate all these processes and you build it into, you know the CICD platforms for the developers you actually enable the developers to write code to differentiate their business, you know to create new customer experiences to get competitive advantage and drive revenue for their businesses. And, and you know that's not what security has done up to this point. We oftentimes, they're the ones we're the ones having to say, no, you know we're slow down or it's too risky, etc. But when you automate that and you increase the efficacy you can enable the developers to do their thing. And it allows the CSOs and allows the security professionals to up level their responsibility into selling and driving revenue. And that is increasingly going to become more and more important for supply chains and partners of these cloud native businesses of how secure am I working with you, etc. And so we think that that transformation of the role of security is going to be as, as meaningful as the technology that we're providing the business. So we're super excited about it. >> I could tell you have so much going on this investment team Sutter Hill, you mentioned big time players huge success track record. Just saw them written up in the wall street journal as one of the best venture capital firms and returns. It's just that the bets are all coming home, but their bet strategy is simple. Disrupting the market that's growing and changing PureStorage, you mentioned company you've worked for, you know people were saying, oh, they'll never get escape velocity. They disrupted an existing, boring storage market changed the game there, security, right for change. A lot of tools, a lot of people have buying tools off the shelf, you know and everyone fighting for the platform. That seems to be the conversation. So I have to ask you, you guys want to be the player that that platform you are, that platform what's different in this platform where everyone's trying to be a security platform, what's makes you different. >> Yeah. So I mean, I think the platform wars are, are clearly, upon us, you know I think what's different about our approach is that we were built on the cloud, for the cloud so we're a cloud native business that, you know runs our business on AWS and everything that we do. We don't have hardware, we don't own data centers. we don't have any of the legacy elements that are there. we use software run on the cloud to enable this. So that's point number one point number two is we did the hard work of mapping the data elements that are out there and adjusting them in and then have this polygraph, you know behavioral anomaly detection, that is it can be applied to today. It's being applied to vulnerability and discovery management and containers and Kubernetes. But over time we believe it extends very naturally to a larger part of the attack server. So we don't have to rewrite the data engine to develop solutions across broader attack services. We already have that, you know so I think our time to develop and innovate will be profound. And I think the third thing that we're seeing companies do and largely the legacy bigger companies is that they're just acquiring their way there. And, it's very, very difficult to acquire 8 to 10 to 20, 30 companies, 30 different CTOs 30 different code bases and try and integrate them to provide a delightful customer experience. And, the parallels, you know in the storage business are, are are pretty similar actually, Dell bought EMC, EMC bought a hundred companies. And, we went after a platform approach to be able to go attack them with a unified file system in a in a unified customer experience that was native for the media that we're working with. We're doing the same playbook here, you know which is you have to have the hard work of the foundation elements in place to be cloud native to deliver great outcomes, great efficacy and and a really great customer experience. So when we get head to head with any of these points coming out and trying to solve something for containers or Kubernetes, or just vulnerability discovery and management, etc, or we're competing with the legacy companies that have, a hodgepodge of acquisitions that they're trying to pull together we went North of 95% of the time. our POC win rates are phenomenal better than anything I've ever seen. We had a pretty good one to appear too. And the, the product and the experience and the efficacy kind of stand on their own once we're in those fights. So part of why we enjoy working with AWS and are really focused on building the partnership together is that it creates awareness of what could be and what possibilities all we want is a shot. And, our approach is such that you can be up and running in minutes, you know and every single one of our customers does a POC. So we'll stand behind our technology as our real differentiator compared to anybody else that's out there. >> Great. You guys had great traction going on with the company certainly saw the investment news that you mentioned earlier at the top. Why did you come on as CEO? And when did you come on and join the team? And what was the reason? What, what, what attracted you to join as the CEO of Lacework? >> Well, I've been involved in the company for since the beginning actually I invested in the early rounds participated on the board and I've always bought into this. The thesis that security is fundamentally a data problem. And if we can get the data problem and the data processing right, you know you can fundamentally change the industry but you need to have a major inflection. And that inflection is people moving to the cloud. And we all have seen it during the pandemic. things are accelerating. AWS just did their earnings yesterday. I think they increased their top-line guidance from 46 billion to 56 billion this year. I mean, it's a machine that is continuing to move forward. They have 30% market share. Azure's investing at 20% GCP still investing people are moving their businesses online aggressively. And as they shift to the cloud the rules-based approach just doesn't work. It doesn't scale. And so a new approach needs to be done. And so by being cloud native and best of breed and solving the thorny problem of this data processing problem first, you know it gives us an opportunity to use that to then extend and build a business, you know at an enduring level over the next 10 to 20 years. And that's Sutter's model, that's their playbook. They don't invest in 400 companies and kind of spray and pray, which is what most venture funds do. And I love them. They're great. And we appreciate the investment in tech, but Sutter's focus is find a really big market find a catalyst for change. In our case, it's moving to the cloud and then build a modern approach. that is 10x better in every dimension. And that attracted to me. I mean, it's, it's a, it's one of the biggest markets in tech and it's one of the most important things that we can do is a digital business is to ensure that we're secure and we're safe and the threats are becoming much more skilled much more deliberate, much better funded. And so the importance for us to ensure that company's security is really tight is, is increasingly critical. So the combination of those factors, and then as I dove back into it and talked to a bunch of customers and talk to partners and seeing the outcomes and enthusiasm that they had and the, the team is phenomenal. And so talking to them, and I just kind of got energized by the opportunity to go build a really important company that really delivers great outcomes. So I'm having a ball great to be back into it. >> Yeah. It's great to have leadership that has experienced that you have and go to the next level because this is classic next level. When you talk about Amazon's earnings and cloud scale and hybrid and edge right around the corner at scale as well. So you start to see that transformation really hit the tipping point, which is changing the landscape on the developer side, which I think is super valuable. I think you hit that. You mentioned core problem. You guys look at that through the lens of data problem. How does this trend of everything going hybrid and soon to be, you know edge core to edge impact your businesses of tailwind? How do you see you capturing that next level of scale from a business perspective for lease work? >> Well, I think that the trend, you know from core to edge, you know, hybrid and, you know ultimately cloud a hundred percent, there we've started with the cloud native businesses. Like, we've been focusing on those companies that are already there, you know and so now we're we just had finished a phenomenal record-breaking Q1 and multiple seven figure deals, you know with very complex global environments where they do have a hybrid environment and they are leveraging the edge. And we're perfect for that. I mean, as you think about what we deliver in its most simplistic context, you know we're effectively delivering a security solution from the container to control plane, right. You know we want to be able to have a granular understanding of operated trillions of data points coming in and those can be collected in the core. They can be collected on-prem. They can be collected in the cloud. Ultimately they need to be collected and then contextualized so, you know and this is where our behavioral polygraph technology transitions data into information that's useful via the polygraph. And so we think that, the complexity that's added with environments that are hybrid environments that are leveraging the edge environments that are leveraging the cloud native all need a control plane to run across that to deliver efficacy, you know, for our customers. And, we work with, you know AWS has their own security tools. Azure has some security tools UCPs security tools, but ultimately, our, our challenge and opportunity is to be best of breed to deliver incremental value on top of that and that horizontal value across it. so customers have choice but they know that their security posture is, is, is secure. And so we, we see it as a tailwind for our businesses as we go forward. >> I always said the companies that have the horizontal scalability with cloud and then have that vertical AI kind of vibe where you can get in the context of the data is there to win it all. And I think that you guys have a great solution potentially there. I want to get more information if you don't mind double clicking on that with me, this is kind of a different take on cloud security because you've got the scalability, which gives you the observation space. And then you got to get the context to get the right patterns or whatever magic you guys have in the, in the secret sauce. But you doing that on top of massive exponential velocity. >> Yeah. >> Where's that secret sauce? Is it in the compute? Is it in the software? What's different about what you guys have in security to give us a- >> It's all in the, it's all in the software. Ultimately, it's the intelligence of how you capture it how you ingest it, how you, you process it but then ultimately how you, how you contextualize it and then how you apply it to different problems. and so the attack surface area and security is a very broad, that's why there's so many point solutions that are out there. And so the breadth of solutions, you know we just want to continue to add solutions and capabilities on top of this polygraph security architecture that allows for the same kind of simple experience, the same kind of 10x value proposition, but, but, but wider. And so we can eliminate more and more of those of those point solutions. So, our, our thinking on it is that, you know we can participate once we have a customer the land and expand motion of what we have. We want to make it really really frictionless for customers to try our technology. And so that's why we do POC. That's why it only takes a couple of minutes and you can do it for just Kubernetes or just containers or just vulnerability discovery and managed like wherever your specific pain point is. We want to help identify what that is, you know give you a chance to try it. And then once we prove ourselves it's very easy to extend that across the board. So we get natural growth in velocity from people moving to cloud and just, you know more usage of, of compute and storage and sort of etc, but breadth of actually the security or posture or a tax service that they have as well. So, you know so I think we have an opportunity to benefit from, from both the depth and the breadth, you know but the value that we're delivering is ultimately the software that we're running on top of the infrastructure. And you mentioned observability, there's a number of companies that are leveraging the data and insights collected in different ways to converge security and observability over time. And, we see that, you know that ultimately there's a very very big security company that needs to be built. That really is best of breed, but the data and the insights that we're providing to our primary customer, which is really DevOps. I mean, it's really the development communities and the builders or who we're changing security for and enabling, in addition to the security teams, you know we think that we're going to continue to drive software that adds value on that data set and it can be applied to multiple problems in the future. So today security is a massive market. We're going to focus there, but it does. It does extend pretty naturally to other markets >> It's a hot market security. Everyone needs to have the latest and greatest and also has to be effective. I got to ask you specifically around startup transition to a rapidly growing company to now you're going to the next level where you're starting to having to get into some serious, big complex enterprise go to market sales motions. So what's in it for the customer. What's the, what's the pain point? What's the customer orientation. What do you marketing into as a solution? Is it the developer? Is it the CSO? Is it the CXO, what's in it for the enterprise? Why Lacework, why are they engaging? You guys get record numbers. What's the, what's in it for them. What's the, if I'm the customer what's in it for me? >> Ultimately efficacy, which is your security posture is it goes up significantly, simplicity, which is makes it easier for you to do your other jobs, you know and I'll have to look for those needles in a haystack and ROI, you know which is it's just compelling, and much, much more efficient than what, what you're doing today. So that that's a pretty universal value proposition and applies to cloud native businesses that are high growth that applies to government agencies. It applies to a large complex enterprises. We have a wonderful kind of go to market motion right now. I think Andy Byron and the team who've been here have really done a wonderful job of really making the customer buying experience and the journey really efficient, you know and help them quantify the impact and the risks and then deliver value. And I think, that that applies in sort of the commercial mid-market and cloud native space. And like I mentioned, we had, a number of deals in the quarter that were seven figure deals, you know in very complex organizations with massive demands. And, you know it ultimately selling is a team sport and, you know and still having the process and the rigor, that's there fine tuning that to make sure you have the people and the partnerships, you know, that deliver solutions in the way that customers want to buy them and then ultimately deliver a value proposition that is just unquestionably better. And I think we have all of those elements, you know we'll be entering the, the large enterprise very aggressively in the quarters to come. I that's where I've come from, you know running a multi-tool, you know, kind of go to market engines where you've got mid-market commercial enterprise large enterprise government across all geographies is, is really fun to expand. And, we're we're hiring as fast as we can maintain quality, you know? And so we're out of that startup phase now and entering into real scale. And, I think that, you know in the AWS marketplace I think we're the number one startup vendor. If I, if I got my facts, right. for, for private offers, we're one of the top security players and top 50 ISBs in the marketplace overall. And so in order for us to get the motion we need to make sure that we're delivering our value in the context of how companies want to buy it. And people want to use AWS credits, you know to apply to their solutions. And so it's really important for us to make that frictionless buying experience occur. And so we're excited about it. I think we've got a really nice start and it's the fun part of building companies, which is how do you attune things to make sure you're making it really really easy for the market to absorb your technology. And then once you're there, delight the hell out of them and just make sure that, that there's that they're excited in our, our net retention rates are the best I've seen in the marketplace. Our net promoter scores, you know, are in the high fifties low sixties, which, which is fantastic in this space. I think it's best in class by order of magnitude some players, big SIM players that are out there, you know have a customer in net promoter score of four. You know that means 96% of the people or 96 boats that says they wouldn't recommend the solution to their, to their peers. So, at pure, we've got this at scale. So from 70 to, in the, in the low eighties I think we have the opportunity to do the same thing here. So, combination of tailoring the motion that we have making it really easy for the buyer to buy what they want with whom they want from whom they want, you know and then just spreading a value proposition. That is a no brainer is, is I think the secret recipe >> If anything, it's interesting, you know you're so much experience in the enterprise and tech with cloud native you're basically laying out the success formula, which is if you have a value proposition you should be able to get it in quickly. You don't need the top down. win everything you can have a value proposition that can be enabled for usage and then grow rapidly when it's successful and that's cloud, that's the cloud business model. So it's not so much about organic versus this. It's really what the preferred motion is. >> It's speed, and I think developers in particular it's why the cloud happened, right? I.T wasn't delivering services in, in the speed and the efficacy that, that, that the developers wanted. And so in order to appeal to the developer community you need to deliver something that's frictionless and easy and fits into JIRA and fits into their workflow processes and speaks their language. And so we built our platform and our solutions for builders because that's where the money is. That's where the pain point is and that's and they want to build secure code. They just don't want to be told no. And so, we want to automate that process and make code secure and do that, you know in the build phase and then do it in the runtime. And then across the CICD pipeline we want to continuously be adding value across that. And, and the developers, candidly when pure bought the solution, many years ago and I introduced him to the company, it was it was the general manager of our software business unit that bought it not the security team. And I think that's a trend that is continuing that we're going to focus on. >> A lot of people realize that security and compliance and automation kind of all go together where you don't want to disrupt developers to kind of engineer something just to do an integration, for instance. So there's a real business model impact that you're hitting on here. That's not just a technical solution. It's really how the business is operating. And I think that to me is super interesting use case. What's your reaction to that? Do you see this as a, as a- >> No it's, that's that's that third part that I was talking about, you know which is that's most exciting is that, you know people are calling shift left, right. so moving, you know security into the development pipeline as it's happening and in integrating security architects as value added into the development organizations themselves and leveraging automated machine learning tools like ours to be able to simplify and automate the process versus slowing it down. So we think that shift left is, is super exciting and, and will continue. And we actually think we're the leaders in that space. We want to continue to be the leaders in that. >> Congratulations, great insight. Awesome to have you on and to hear from your experience and also the great venture that your scaling up and to the next level. Lacework, David thanks for coming on, but I'll give you the last minute to close us out. Give us a quick plug for the company vitals, what you're working on now, what you're looking for, you're obviously hiring give a quick plug for Lacework. What you, what are you working on? >> So, number one, we love our partnership with AWS. And so we're going to continue to invest, invest there. Two the businesses growing North of 300% year over year. That means that we've got record breaking growth and lots of hiring. So we're hiring across all functions. And three give us an opportunity. I, I think that, you know, you can fundamentally we want to be the bar of what you define all other security companies and all the technology companies. So it's a high bar. We want to make it frictionless, frictionless to try give us a shot, give us some feedback. And I'm grateful and privileged to be part of this, this wonderful team. So look forward to spending more time with you, John, in the future. >> Man, looking forward to a lot lots of talk about David Hatfield CEO of Lacework great company scaling up again. Another success story in cloud, cloud native as Po, COVID comes to a close, if you will for this phase and people get back to real life. The scale of cloud is going to be leading it and a new technology is going to be powering it. This is theCube conversation. I'm John Furrier. Thanks for watching. (soft music playing) (music fades)

>> from Bahrain. It's the Q covering AWS Public sector Bahrain brought to you by Amazon Web service is >> Okay Welcome back, everyone to the cube coverage We are hearing by rain for a W s summit where cloud computing is changing the games. The Fintech panel discussion Yasmine el Sharif, head of Fintech Innovation Unit, Central Bank of Rain Thank you for joining >> us. Thank you for having me >> Elmo Yacht. Whose founder and CEO of Ammonia Technologies Thank you for coming on. Thank you for having so We're very robust Conversation before they turn on the cameras Fit in tech is hot. I'll see in global fintech Everyone knows what that is, but it's interesting because entrepreneurship and innovation is not just for start ups. It's for countries and hearing by rain, this ecosystem and the mandate to go cloud first has had a ripple effect. We were talking about open banking, mandate, open banking versus regulation, chasing innovation, holding it back. You guys here taking a different approach. Take a minute to explain the philosophy. >> Yeah, I think there's there's benefits to being late adopters to the game. I think in the case of behind it's been a very interesting journey. I think the we started with the whole AWS. But if you look at the prerequisites of technical adoption and creating Data Pool's for analytics to run on, I think the what's interesting about Bahrain is it's really led by regulation. If you look at the prerequisites of creating a digital economy, what's happening in financial service is, or the digitization or openness of financial service. Is it really one context off the bigger picture of Bahrain's digitization plan or the economic strategy? And really, what happens here is if you look at first built the data fools and or the data centers bring a W. A s in and create the data centers. Number two is creator data or cloud First policy. Move the entire government onto the cloud and then give the ownership of the data to the people by implementing the Bahrain personal data protection laws. Once you've done that, then you've given the ownership to the people and you've created what we have is we started with a unique identifies. So the citizens of the country or the residents of the country have a unique identify our number where they're known by once you've done that and then you start mandating certain sectors to open up with a P I integrations. You're creating a very, very interesting value proposition. It creates a much faster you leap frog, a generation of technology. You're going from the classic screen scraping technologies or whatever to a very a completely open infrastructure and open a P I. Where things air cryptographic Lee signed. People are in control of their data, people can control the mobility of their date, and you're really creating a very robust data pool for a lot of algorithms to sit on. >> You know what I love about this has me were talking before he came on cameras that you guys are thinking holistically as a knocking operating system is being in a geek that I am. I love that. But it's not just one thing you're doing, it's a it's a system and it's it's a modernization view. Now we all know that financial systems, power economies and fin tech innovation unit, but you're in. This is important. You gotta have that. That leg of the stool, that pillar that's working absolutely sandbox. You have technology mechanisms to roll in tech, move things quickly moving fast. What's the strategy? What if some of the key things What's the sandbox? >> Let me start by saying The Kingdom of Bahrain has always been considered as a centre of excellence as a financial centre of excellence. And we do realize at the Central Bank in order for us to maintain that position, we have to innovate. We have to remain dynamic and agile enough to make the necessary reforms within our regulations to meet the dynamics off the digital economy. Technology is changing the paradigm off the financial system on the changes happening extremely fast. Regulators have had to come up with a mechanism whereby they can harness and test the feasibility of these innovations whilst putting the risks in a controlled environments as regulators were not typically assigned to host incubators to host startups. However, because of all this change in technology, it has become extremely essential that we come up with a regulatory approach to enable startups as well as existing financial institutions to test out their innovative financial solutions in a controlled environment. So a sandbox is really a controlled live bounds time bounds environment, enabling startups as well as existing financial institutions to test out their innovative solutions under the strict supervision off the regulator, without being required to abide by full regulatory requirements directly with volunteer customers. >> You have to put this trick standards now but means sandboxes. What developers? No, it's a collaborative approach, absolutely not being an incubator. But you're setting up a rules of engagement, Senator startups to take what they know how to do >> exactly >> end up sandboxes in the cloud. That's what everyone does >> absolutely, and our journey with the sandbox has been very successful. We've launched our sandbox back in 2000 and 17. Up to date, we have 35 companies that have been admitted into the sun box. We have been able to graduate to companies successfully. One of them has been licensed as a crypto acid provider, the other as an open biking service provider. We have four other companies in the pipeline ready to graduates. I think all in all, our experience with Sun Box has enabled us to grow and develop his regulators. It has enabled us to maintain open communication with animators, to come tea, to learn the needs of innovators and to enable innovators to live, get familiar realized. With the regulatory environment of the Kingdom of Bahrain, >> you know, you guys are doing some really pioneering work. I wouldn't want to say it's really commendable. I know it's fast and new, but if you look at the United States with Facebook there now asking to be regulated regulation if it comes too late is bad because you know things got out of control and if you're too early, you can put a clamp down and stifle innovation. So the balance between regulation and innovation has always been an art, if you will. >> Exactly. >> What do you guys, How do you view that? What's the philosophy? >> So from a regular perspective, we think that regulation and innovation goes hand in hand, and we have to embrace innovation open heartedly. However, having said that, regulators have to run all common sense checks, meaning that we don't accept an innovation that will potentially pulls more harm to the financial stability of the economy as opposed to the advantages that puzzles. We've passed the number of different regulations to support innovation in the financial services sector dating back to 2014 when we first issued our payment service provider licenses allowing more competition and innovation within the payments sector. We've issued CROWDFUNDING regulations. We've issued robo advisory regulations. We've issued insurance aggregator regulations, crypto asset service provider regulations, open banking regulations, Justin in a few. And I think that each of the regulations that we have issued solves a specific pain point, whether it's to enhance financial inclusion, whether it's to empower customers by retaining ownership back, uh, of their financial information and data, Whether it's too also empower startups and to enable them to get it gain access to funding through digital platforms. >> Have dual. I want to get you in here because as an entrepreneur, like I love all that great, I just wanna get funded. I want my product to market. I need a capital market that's going to be robust. And I need to have that's capital providers state venture capital for private equity supporting their limited partners. So I want to see that I don't wanna be standing there when I need gas for my car. I need fuel. I got to get to the next level. This is what I want And he bought >> on. I think, the one thing John that is very important that people look at in the context of fintech today. Raising money investing into fintech Regulatory uncertainty is one that defines scalability today. Once your technology is proven, where you go next really is dependent on the regulator that you'll be dealing with in the context of that specific activity that you'll be performing. In the case of Bahrain, I must say we were blown away by the receptiveness. We in what way? Yes, yes, mean mentioned open banking, for example. We got into the regulatory sandbox, which you hear a lot about sandboxes all around the world. We got into the sandbox. We got into the sandbox with contact with with with an idea of building and accounts aggregator direct FBI integration to these banks. And we got into the sandbox. We There were no regulations at the time. They like the idea. We started bouncing ideas back and forth on how to develop it. We developed the technology. We started piloting the technology. We integrated to 15 banks in the country on a sandbox environment. The consul, the white paper on open banking, was listed. They sent it out for consultation. We integrated on a production environment to more than 70% of the banks in it in the country. The central Bank of Bahrain mandated open banking across the entire nation. With every retail bank all in a period of less than 18 months. That's insane. That's the kind of context. So as a no Vester exactly so as an investor or as an entrepreneur that looks at the sector. The question is here. If anything, I think the regulator in Bahrain is the one that's leading the innovation and these air the benefits of being late adopters. We get to test out and see what's going on in the rest of the world and really develop great regulations that will embrace and and foster innovation. >> You know, I love the liquidity conversation because this neck goes to the next level. Liquidity is a wonderful thing started. Wanna go public? If that's what happens in the U. S. Mergers and acquisitions, we have an incubator that we're gonna interview here flat Six labs just had to come. One of their companies got sold to match dot com. So you're seeing a lot of cross border liquidity. Yeah, this is a new dynamic. It's only gonna get stronger, more come. He's gonna come out of my reign in the region. Liquid is important. Absent. So how do you guys want to foster that? What's the strategy? Continue to do the same. >> So from a regular perspective again, we don't really holds. Thank you. Beaters are actually two accelerators, but what we do as we refined our regulations to support startups to gain access to liquidity, for example, are crowdfunding regulations that have been passed in 2017 and they support both. Equity is one of financing crowdfunding, including conventional as well as Sharia compliant. Crowdfunding transactions were also currently working on refining our regulations for enabling venture capitalists to take roots and marine and to support these startups. >> Yeah, I think John, you mentioned two things you mentioned regulation leading. When you mandate something like open banking, you are ultimately pushing the entire sector forward, saying you better innovators fastest possible. And there's a gap that you need to you need to basically bridge, and that really loosens up a lot of liquidity when it comes to partnerships. When it comes to acquisitions, when it comes to these banks ultimately looking for better solutions, so they that's the role of the regulator. Here we are seeing a lot of VC activity come to the region right now, the region is only starting to open up. AWS just went live a few months ago. We're seeing the cloud adoption start to really take effect, and this is where you'll start seeing real scalability. But I think the most compelling thing here is Previously people would look at the Middle East with a boot with a bit of skepticism. How much innovation can really take place and the reality is here. There are a few prerequisites that have been put in place. Foreign ownership is at 100% cloud. First policy. There's a lot of things that can really foster innovation. And we're, I mean, where as an entrepreneur, where living proof off this whole Team Bahrain initiative of the fact that you can get in you can build in accounts aggregator in a country that never even had the regulations to adopted to mandate it and to be Ultimately, I think Bahrain will become the global reference point for open banking very soon because it has mandated a regulation of open AP eyes with cryptographic signatures ultimate security frameworks with a robust infrastructure across an entire nation. And don't forget, we still have a population of below the age of 30 70% of our population below. So it gives a very compelling story t test your technology. And then what we end up saying is, once you're on AWS or any cloud for that matter than the scalability of the technology just depends on where you want to go in there. >> No doubt the demographics are solid here, and I love the announcement here. The bachelor's degree. Yeah, cloud computing. We've seen some data science degrees, so new skills are coming on. My vision is interesting. I think that would interest me about the region of Amazon. Being here is these regions create revitalisation? >> Yeah, you >> guys are in perfect position with this Modernization trend is beautiful, not only to be a template for the world but a center for global banking. So I think to me, is that, you know is I'm trying to put together and connect the dots of where this goes in the next two decades. I mean, if crypto currency market continues to get matured and stabilized, that's still flowing with a lot of money. A lot of money in the relay >> absolutely >> was not just the region business to do here for couples to come here. It's you guys playing a role in global financial system. That's of interest to me. What's your vision? >> Absolutely. I think that regulators around the world are starting to realize the importance of collaborating together, to try and work on policy challenges in line with innovation within the financial service of sector and to share experiences to share lessons learned at the Central Bank of Bahrain were a member of the Global Financial Innovation Network, which is an initiative that has Bean passed by the F C A in the UK Again, we're also a member of the authentic working group of the GCC and through these two different initiatives, we work alongside other regulators to collaborate on solving policy issues, to solve, to share experiences and knowledge and to try and harmonize our regulations. Because of the end of the day, startups and innovators ultimately will want to scale up and want to serve customers across the friend jurisdictions. So it's important to have that kind of harmonization in terms of regulations to foster innovation as well as to safeguard the overall security of the international financial. Um, >> keep partnerships. Do you guys need to do to kind of go global on this 20 year vision? Is there other things they have to fall into place? That needs to happen? >> I think >> 20 years is a long time, I say in the next. Let's take five years, for example. If you say in the next five years and where I see this going, the question is, what do entrepreneurs and startups need to look at a jurisdiction and say That's where I want to test my technology. You need a robust infrastructure. You need a regulator than embraces you. You need technical subsidies and financial subsidies that are available, and then you need an independent arm that can really hand hold you and take you to that >> thrust. Its critical trust, money making absolutely ability. >> Just add to that and Byron, we take great pride in our human capital, which we believe is one of our biggest assets. And today, with having your Amazon web service is in Bahrain, this has enabled training of young Bahrainis for the data and knowledge economies which is expected Thio greet around 5000 jobs within becoming five years through different schemes such as Amazon education. For example. >> This is super exciting, which we had more time. Congratulations. Love the vision again. Occupiers like to make money. They wanted environments could be trustworthy and some scalability on behind it. So good luck. We're behind you. We'll keep following up. Thanks for having a cube coverage here and by rain for AWS. I'm John Ferrier. Stay tuned for more after this short break.

>> Announcer: Live from Las Vegas, it's theCUBE, covering Dell Technologies World 2018, brought to you buy Dell EMC and its ecosystem partners. >> Welcome back to SiliconANGLE's Media Production of theCUBE, live here from Dell Technologies World 2018. I'm Stu Miniman, and I have the distinct pleasure of welcoming Walter Isaacson to our program. Author, podcaster, I read every biography that you publish. I listen to every podcast, so thank you. So, Walter, this is a conference of geeks, you know? And I say that lovingly, 14 thousand people. They love technology; they love ideas. You have the chance to study and research some of the, you know, most brilliant minds, that we've had the last couple hundred years. Where do you get your inspiration from? >> You know, I love the fact that the most creative of people, from Leonardo Da Vinci to Einstein, Ben Franklin, Steve Jobs, Ada Lovelace, whomever they may be, all love the humanities and the science. They stand at that intersection of sort of liberal acts technology, and that's so important in today's world. We can have enormous amounts of data, and the question is, how do you connect humans to it? How do you add the human factor? And so, that's where I get my inspiration, from people who stand at that interaction of humanities and technology. >> Yeah, one of my favorite books of yours is the Innovators. You talked about history, and there's things that we've been looking at or trying. When you talk about forecasting or predicting something, sometimes we have great ideas, but if I take us, you know, decades or longer to get there, any kind of, you know, big inspirations? What do you say to people that work in the tech world, just how they should think about things like that? >> Well, first of all, things happen sometimes slower than you expect, until that inflection point, when they happen faster than you expect. >> It's like going broke, you know? It happens really slow, and then it happens fast. >> I guess we shouldn't say that in Vegas, here where we are for this conference, but I think that the main thing to do is to be one of those people that has an intuitive feel for how humans are going to find a product or service to be transformative to them. And, you know, we didn't know we needed a thousand songs in our pocket till the iPod came along. You know, likewise, we didn't know we needed transistors until somebody invented the transistor radio, and we could take it along with us. So, what turns us on? What makes us human? >> Yeah, so many things out there. You've been not only writing; you're doing podcasts now. What do you think of kind of the state of content? People say sometimes nobody reads anymore. You do hard research, a team of people. What's your thoughts about content these days? >> Well, I think the business model for journalism and production of content has been decimated at times, partly because it's all ad-driven in terms of journalism and, you know, video, and we need to get back to a time when people valued content and are willing to have a direct relationship with the content provider. About 80% of the revenue now for, say, reported or journalistic content does either the Google, Facebook, Instagram, some aggregator, so I think we have to look at the next way of finding micro-payment subscription models that work in addition to the advertising-driven model. >> Yeah, there's so many people sometimes, they look at all of this change, and they get kind of pessimistic. You know, we're going to have the AI apocalypse, or the robots are going to take over. Shows like here we're, that technology is, I say, by definition, are positive about technology. When I read your writings, you seem to have a very positive outcome. >> Oh, I'm definitely optimistic about where technology takes us. You know, I write in the Innovators, begin with Ada Lovelace, who was Lord Byron's daughter. Her father was a lud eyed, you know, defended the followers of Ned Lot, who was smashing the looms of England, thinking that technology would put people out of work. But Ada was somebody who said, "I get it. The punch card's telling those looms how to do patterns could make a calculating machine be able to do numbers, as well as words, as well as pictures." She envisioned the computer, and the notion of technology increases the number of people in the textile industry in England in the 19th century. And the computer has led to so many more jobs than its destroyed, so I think technology will always augment human creativity, not destroy it. >> So, last thing I wanted to ask you, Walter, is, we're here at Dell Technologies World. 34 years ago, Michael Dell started this. And he's a special individual. We've had the opportunity to talk to him, get to know him. I've told people that, you know, inside the company, if you reach out to him, he actually will respond. He seems very special in today's day in age. You've got background with Michael. Tell me, how do you-? >> I think it practically begins with his parents, his late mother and his father, you know, his father's still alive. Care a lot about education; care a lot about creativity. Deeply humane in the sense that they love all of society, human civil discourse, and that's why there's a humanity I see that Michael Dell is able to embed in his products, whether it's a Dell laptop I always use or the new servers, and Dell EMC, which enables people across platforms to say, "How do we collaborate; how do we be creative?" >> All right, well, Walter, I just say thank you so much. A pleasure having you on the program. And you've been watching theCUBE. I'm Stu Miniman. Always check out thecube.net for all of our broadcasts, and we also, like Walter, have a podcast. Check it out on iTunes. >> Walter: Thank you, Stu. >> Thank you. (upbeat music)