>>Welcoming into the cubes presentation of AWS startup showcase open cloud innovations. This is season two episode one of the ongoing series covering exciting hot startups from the AWS ecosystem. Today's episode. One of season two theme is open source community and the open cloud innovations. I'm your host, John farrier of the cube. And today we're excited to be joined by Loris Dajani who is the C T O chief technology officer and founder of cystic found that in his backyard with some wine and beer. Great to see you. We're here to talk about Falco finding cloud threats in real time. Thank you for joining us, Laura. Thanks. Good to see you >>Love that your company was founded in your backyard. Classic startup story. You have been growing very, very fast. And the key point of the showcase is to talk about the startups that are making a difference and, and that are winning and doing well. You guys have done extremely well with your business. Congratulations, but thank you. The big theme is security and as organizations have moved their business critical applications to the cloud, the attackers have followed. This is Billy important in the industry. You guys are in the middle of this. What's your view on this? What's your take? What's your reaction? >>Yeah. As we, as a end ecosystem are moving to the cloud as more and more, we are developing cloud native applications. We relying on CACD. We are relying on orchestrations in containers. Security is becoming more and more important. And I would say more and more complex. I mean, we're reading every day in the news about attacks about data leaks and so on. There's rarely a day when there's nothing major happening and that we can see the press from this point of view. And definitely things are evolving. Things are changing in the cloud. In for example, Cisco just released a cloud native security and usage report a few days ago. And the mundane things that we found among our user base, for example, 60, 66% of containers are running as rude. So still many organizations adopting a relatively relaxed way to deploy their applications. Not because they like doing it, but because it tends to be, you know, easier and a little bit with a little bit less ration. >>We also found that that 27% of users unnecessary route access in the 73% of the cloud accounts, public has three buckets. This is all stuff that is all good, but can generate consequences when you make a mistake, like typically, you know, your data leaks, no, because of super sophisticated attacks, but because somebody in your organization forgets maybe some data on it on a public history bucket, or because some credentials that are not restrictive enough, maybe are leaked to another team member or, or, or a Gita, you know, repository or something like that. So is infrastructures and the software becomes a let's a more sophisticated and more automated. There's also at the same time, more risks and opportunities for misconfigurations that then tend to be, you know, very often the sewers of, of issues in the cloud. >>Yeah, those self-inflicted wounds definitely come up. We've seen people leaving S3 buckets open, you know, it's user error, but, you know, w w those are small little things that get taken care of pretty quickly. That's just hygiene. It's just discipline. You know, most of the sophisticated enterprises are moving way past that, but now they're adopting more cloud native, right. And as they get into the critical apps, securing them has been challenging. We've talked to many CEOs and CSOs, and they say that to us. Yeah. It's very challenging, but we're on it. I have to ask you, what should people worry about when secure in the cloud, because they know is challenging, then they'll have the opportunity on the other side, what are they worried about? What do you see people scared of or addressing, or what should I be worried about when securing the cloud? >>Yeah, definitely. Sometimes when I'm talking about the security, I like to compare, you know, the old data center in that the old monolithic applications to a castle, you know, in middle aged castle. So what, what did you do to protect your castle? You used to build very thick walls around it, and then a small entrance and be very careful about the entrance, you know, protect the entrance very well. So what we used to doing that, that data center was protect everything, you know, the, the whole perimeter in a very aggressive way with firewalls and making sure that there was only a very narrow entrance to our data center. And, you know, as much as possible, like active security there, like firewalls or this kind of stuff. Now we're in the cloud. Now, it's everything. Everything is much more diffused, right? Our users, our customers are coming from all over the planet, every country, every geography, every time, but also our internal team is coming from everywhere because they're all accessing a cloud environment. >>You know, they often from home for different offices, again, from every different geography, every different country. So in this configuration, the metaphor data that they like to use is an amusement park, right? You have a big area with many important things inside in the users and operators that are coming from different dangerous is that you cannot really block, you know, you need to let everything come in and in operate together in these kinds of environment, the traditional protection is not really effective. It's overwhelming. And it doesn't really serve the purpose that we need. We cannot build a giant water under our amusement park. We need people to come in. So what we're finding is that understanding, getting visibility and doing, if you Rheodyne is much more important. So it's more like we need to replace the big walls with a granular network of security cameras that allow us to see what's happening in the, in the different areas of our amusement park. And we need to be able to do that in a way that is real time and allows us to react in a smart way as things happen because in the modern world of cloud five minutes of delay in understanding that something is wrong, mean that you're ready being, you know, attacked and your data's already being >>Well. I also love the analogy of the amusement park. And of course, certain rides, you need to be a certain height to ride the rollercoaster that I guess, that's it credentials or security credentials, as we say, but in all seriousness, the perimeter is dead. We all know that also moats were relied upon as well in the old days, you know, you secure the firewall, nothing comes in, goes out, and then once you're in, you don't know what's going on. Now that's flipped. There's no walls, there's no moats everyone's in. And so you're saying this kind of security camera kind of model is key. So again, this topic here is securing real time. Yeah. How do you do that? Because it's happening so fast. It's moving. There's a lot of movement. It's not at rest there's data moving around fast. What's the secret sauce to making real identifying real-time threats in an enterprise. >>Yeah. And in, in our opinion, there are some key ingredients. One is a granularity, right? You cannot really understand the threats in your amusement park. If you're just watching these from, from a satellite picture. So you need to be there. You need to be granular. You need to be located in the, in the areas where stuff happens. This means, for example, in, in security for the clowning in runtime, security is important to whoever your sensors that are distributed, that are able to observe every single end point. Not only that, but you also need to look at the infrastructure, right? From this point of view, cloud providers like Amazon, for example, offer nice facilities. Like for example, there's CloudTrail in AWS that collects in a nice opinionated consistent way, the data that is coming from multiple cloud services. So it's important from one point of view, to go deep into, into the endpoint, into the processes, into what's executing, but also collect his information like the cultural information and being able to correlate it to there's no full security without covering all of the basics. >>So a security is a matter of both granularity and being able to go deep and understanding what every single item does, but also being able to go abroad and collect the right data, the right data sources and correlated. And then the real time is really critical. So decisions need to be taken as the data comes in. So the streaming nature of security engines is becoming more and more important. So the step one of course, security, especially cost security, posture management was very much let's ball. Once in a while, let's, let's involve the API and see what's happening. This is still important. Of course, you know, you need to have the basics covered, but more and more, the paradigm needs to change to, okay, the data is coming in second by second, instead of asking for the data manually, once in a while, second by second, there's the moment it arrives. You need to be able to detect, correlate, take decisions. And so, you know, machine learning is very important. Automation is very important. The rules that are coming from the community on a daily basis are, are very important. >>Let me ask you a question, cause I love this topic because it's a data problem at the same time. There's some network action going on. I love this idea of no perimeter. You're going to be monitoring anything, but there's been trade offs in the past, overhead involved, whether you're monitoring or putting probes in the network or the different, there's all kinds of different approaches. How does the new technology with cloud and machine learning change the dynamics of the kinds of approaches? Because it's kind of not old tech, but you the same similar concepts to network management, other things, what what's going on now that's different and what makes this possible today? >>Yeah, I think from the friction point of view, which is one very important topic here. So this needs to be deployed efficiently and easily in this transparency, transparent as possible, everywhere, everywhere to avoid blind spots and making sure that everything is scheduled in front. His point of view, it's very important to integrate with the orchestration is very important to make use of all of the facilities that Amazon provides in the it's very important to have a system that is deployed automatically and not manually. That is in particular, the only to avoid blind spots because it's manual deployment is employed. Somebody would forget, you know, to deploy where somewhere where it's important. And then from the performance point of view, very much, for example, with Falco, you know, our open source front-end security engine, we really took key design decisions at the beginning to make sure that the engine would be able to support in Paris, millions of events per second, with minimal overhead. >>You know, they're barely measure measurable overhead. When you want to design something like that, you know, that you need to accept some kind of trade-offs. You need to know that you need to maybe limit a little bit this expressiveness, you know, or what can be done, but ease of deployment and performance were more important goals here. And you know, it's not uncommon for us is Dave to have users of Farco or commercial customers that they have tens of thousands, hundreds of thousands of machines. You know, I said two machines and sometimes millions of containers. And in these environments, lightweight is key. You want death, but you want overhead to be really meaningful and >>Okay, so a amusement park, a lot of diverse applications. So integration, I get that orchestration brings back the Kubernetes angle a little bit and Falco and per overhead and performance cloud scale. So all these things are working in favor. If I get that right, is that, am I getting that right? You get the cloud scale, you get the integration and open. >>Yeah, exactly. Any like ingredients over SEP, you know, and that, and with these ingredients, it's possible to bake a, a recipe to, to have a plate better, can be more usable, more effective and more efficient. That may be the place that we're doing in the previous direction. >>Oh, so I've got to ask you about Falco because it's come up a lot. We talked about it on our cube conversations already on the internet. Check that out. And a great conversation there. You guys have close to 40 million plus million downloads of, of this. You have also 80 was far gate integration, so six, some significant traction. What does this mean? I mean, what is it telling us? Why is this successful? What are people doing with Falco? I see this as a leading indicator, and I know you guys were sponsoring the project, so congratulations and propelled your business, but there's something going on here. What does this as a leading indicator of? >>Yeah. And for, for the audience, Falco is the runtime security tool of the cloud native generation such. And so when we, the Falco, we were inspired by previous generation, for example, network intrusion detection, system tools, and a post protection tools and so on. But we created essentially a unique tool that would really be designed for the modern paradigm of containers, cloud CIC, and salt and Falco essentially is able to collect a bunch of brainer information from your applications that are running in the cloud and is a religion that is based on policies that are driven by the community, essentially that allow you to detect misconfigurations attacks and normals conditions in your cloud, in your cloud applications. Recently, we announced that the extension of Falco to support a cloud infrastructure and time security by parsing cloud logs, like cloud trail and so on. So now Falba can be used at the same time to protect the workloads that are running in virtual machines or containers. >>And also the cloud infrastructure to give the audience a couple of examples, focused, able to detect if somebody is running a shelf in a radius container, or if somebody is downloading a sensitive by, from an S3 bucket, all of these in real time with Falco, we decided to go really with CR study. This is Degas was one of the team members that started it, but we decided to go to the community right away, because this is one other ingredient. We are talking about the ingredients before, and there's not a successful modern security tool without being able to leverage the community and empower the community to contribute to it, to use it, to validate and so on. And that's also why we contributed Falco to the cloud native computing foundation. So that Falco is a CNCF tool and is blessed by many organizations. We are also partnering with many companies, including Amazon. Last year, we released that far gate support for Falco. And that was done is a project that was done in cooperation with Amazon, so that we could have strong runtime security for the containers that are running in. >>Well, I've got to say, first of all, congratulations. And I think that's a bold move to donate or not donate contribute to the open source community because you're enabling a lot of people to do great things. And some people might be scared. They think they might be foreclosing and beneficial in the future, but in the reality, that is the new business model open source. So I think that's worth calling out and congratulations. This is the new commercial open source paradigm. And it kind of leads into my last question, which is why is security well-positioned to benefit from open source besides the fact that the new model of getting people enabled and getting scale and getting standards like you're doing, makes everybody win. And again, that's a community model. That's not a proprietary approach. So again, source again, big part of this. Why was security benefit from opensource? >>I am a strong believer. I mean, we are in a better, we could say we are in a war, right? The good guys versus the bad guys. The internet is full of bad guys. And these bad guys are coordinated, are motivated, are sometimes we'll find it. And we'll equip. We win only if we fight this war as a community. So the old paradigm of vendors building their own Eva towers, you know, their own self-contained ecosystems and that the us as users as, as, as customers, every many different, you know, environments that don't communicate with each other, just doesn't take advantage of our capabilities. Our strength is as a community. So we are much stronger against the big guys and we have a much better chance doing when this war, if we adopt a paradigm that allows us to work together. Think only about for example, I don't know, companies any to train, you know, the workforce on the security best practices on the security tools. >>It's much better to standardize on something, build the stack that is accepted by everybody and tell it can focus on learning the stack and becoming a master of the steak rounded rather than every single organization naming the different tool. And, and then B it's very hard to attract talent and to have the right, you know, people that can help you with, with your issues in, in, in, in, in, with your goals. So the future of security is going to be open source. I'm a strong believer in that, and we'll see more and more examples like Falco of initiatives that really start with, with the community and for the community. >>Like we always say an open, open winds, always turn the lights on, put the code out there. And I think, I think the community model is winning. Congratulations, Loris Dajani CTO and founder of SIS dig congratulatory success. And thank you for coming on the cube for the ADB startup showcase open cloud innovations. Thanks for coming on. Okay. Is the cube stay with us all day long every day with the cube, check us out the cube.net. I'm John furrier. Thanks for watching.

>>Yeah. >>Hello. Welcome to the Special Cube conversation here in Palo Alto, California. I'm John for a host of the Cube. We have a conversation around a I for the enterprise. What this means I got two great guests. John Finelli, Vice President, virtual GPU at NVIDIA and Maurizio D V D C T o University of Pisa in Italy. Uh, Practitioner, customer partner, um, got VM world coming up. A lot of action happening in the enterprise. John. Great to see you. Nice to meet you. Remotely coming in from Italy for this remote. >>John. Thanks for having us on again. >>Yeah. Nice to meet >>you. I wish we could be in person face to face, but that's coming soon. Hopefully, John, you were talking. We were just talking about before we came on camera about AI for the enterprise. And the last time I saw you in person was in Cuba interview. We were talking about some of the work you guys were doing in AI. It's gotten so much stronger and broader and the execution of an video, the success you're having set the table for us. What is the ai for the enterprise conversation frame? >>Sure. So, um, we, uh we've been working with enterprises today on how they can deliver a I or explore AI or get involved in a I, um uh, in a standard way in the way that they're used to managing and operating their data centre. Um, writing on top of you know, they're Dell servers with B M or V sphere. Um, so that AI feels like a standard workload that night organisation can deliver to their engineers and data scientists. And then the flip side of that, of course, is ensuring that engineers and data scientists get the workloads position to them or have access to them in the way that they need them. So it's no longer a trouble ticket that you have to submit to, I t and you know, count the hours or days or weeks until you you can get new hardware, right By being able to pull it into the mainstream data centre. I can enable self service provisioning for those folks. So we actually we make a I more consumable or easier to manage for I t administrators and then for the engineers and the data scientists, etcetera. We make it easy for them to get access to those resources so they can get to their work right away. >>Quite progress in the past two years. Congratulations on that and looking. It's only the beginning is Day one Mercy. I want to ask you about what's going on as the CTO University piece of what's happening down there. Tell us a little bit about what's going on. You have the centre of excellence there. What does that mean? What does that include? >>Uh, you know, uh, University of Peace. Are you one of one of the biggest and oldest in Italy? Uh, if you have to give you some numbers is around 50 K students and 3000 staff between, uh, professors resurgence and that cabinet receive staff. So I we are looking into data operation of the centres and especially supports for scientific computing. And, uh, this is our our daily work. Let's say this, uh, taking us a lot of times, but, you know, we are able to, uh, reserve a merchant percentage of our time, Uh, for r and D, And this is where the centre of excellence is, Uh, is coming out. Uh, so we are always looking into new kinds of technologies that we can put together to build new solutions to do next generation computing gas. We always say we are looking for the right partners to do things together. And at the end of the day is the work that is good for us is good for our partners and typically, uh, ends in a production system for our university. So is the evolution of the scientific computing environment that we have. >>Yeah. And you guys have a great track record and reputation of, you know, R and D, testing software, hardware combinations and sharing those best practises, you know, with covid impact in the world. Certainly we see it on the supply chain side. Uh, and John, we heard Jensen, your CEO and video talk multiple keynotes. Now about software, uh, and video being a software company. Dell, you mentioned Dale and VM Ware. You know, Covid has brought this virtualisation world back. And now hybrid. Those are words that we used basically in the text industry. Now it's you're hearing hybrid and virtualisation kicked around in real world. So it's ironic that vm ware and El, uh, and the Cube eventually all of us together doing more virtual stuff. So with covid impacting the world, how does that change you guys? Because software is more important. You gotta leverage the hardware you got, Whether it's Dell or in the cloud, this is a huge change. >>Yeah. So, uh, as you mentioned organisations and enterprises, you know, they're looking at things differently now, Um, you know, the idea of hybrid. You know, when you talk to tech folks and we think about hybrid, we always think about you know, how the different technology works. Um, what we're hearing from customers is hybrid, you know, effectively translates into, you know, two days in the office, three days remote, you know, in the future when they actually start going back to the office. So hybrid work is actually driving the need for hybrid I t. Or or the ability to share resources more effectively. Um, And to think about having resources wherever you are, whether you're working from home or you're in the office that day, you need to have access to the same resources. And that's where you know the the ability to virtualize those resources and provide that access makes that hybrid part seamless >>mercy What's your world has really changed. You have students and faculty. You know, Things used to be easy in the old days. Physical in this network. That network now virtual there. You must really be having him having impact. >>Yeah, we have. We have. Of course. As you can imagine, a big impact, Uh, in any kind of the i t offering, uh, from, uh, design new networking technologies, deploying new networking technologies, uh, new kind of operation we find. We found it at them. We were not able anymore to do burr metal operations directly, but, uh, from the i t point of view, uh, we were how can I say prepared in the sense that, uh, we ran from three or four years parallel, uh, environment. We have bare metal and virtual. So as you can imagine, traditional bare metal HPC cluster D g d g X machines, uh, multi GPU s and so on. But in parallel, we have developed, uh, visual environment that at the beginning was, as you can imagine, used, uh, for traditional enterprise application, or VD. I, uh, we have a significant significant arise on a farm with the grid for remote desktop remote pull station that we are using for, for example, uh, developing a virtual classroom or visual go stations. And so this is was typical the typical operation that we did the individual world. But in the same infrastructure, we were able to develop first HPC individual borders of utilisation of the HPC resources for our researchers and, uh, at the end, ai ai offering and ai, uh, software for our for our researchers, you can imagine our vehicle infrastructure as a sort of white board where we are able to design new solution, uh, in a fast way without losing too much performance. And in the case of the AI, we will see that we the performance are almost the same at the bare metal. But with all the flexibility that we needed in the covid 19 world and in the future world, too. >>So a couple things that I want to get John's thoughts as well performance you mentioned you mentioned hybrid virtual. How does VM Ware and NVIDIA fit into all this as you put this together, okay, because you bring up performance. That's now table stakes. He's leading scale and performance are really on the table. everyone's looking at it. How does VM ware an NVIDIA John fit in with the university's work? >>Sure. So, um, I think you're right when it comes to, uh, you know, enterprises or mainstream enterprises beginning their initial foray into into a I, um there are, of course, as performance in scale and also kind of ease of use and familiarity are all kind of things that come into play in terms of when an enterprise starts to think about it. And, um, we have a history with VM Ware working on this technology. So in 2019, we introduced our virtual compute server with VM Ware, which allowed us to effectively virtual is the Cuda Compute driver at last year's VM World in 2020 the CEOs of both companies got together and made an announcement that we were going to bring a I R entire video AI platform to the Enterprise on top of the sphere. And we did that, Um, starting in March this year, we we we finalise that with the introduction of GM wears V, Sphere seven, update two and the early access at the time of NVIDIA ai Enterprise. And, um, we have now gone to production with both of those products. And so customers, Um, like the University of Pisa are now using our production capabilities. And, um, whenever you virtualize in particular and in something like a I where performances is really important. Um, the first question that comes up is, uh doesn't work and And how quickly does it work Or or, you know, from an I t audience? A lot of times you get the How much did it slow down? And and and so we We've worked really closely from an NVIDIA software perspective and a bm wear perspective. And we really talk about in media enterprise with these fair seven as optimist, certified and supported. And the net of that is, we've been able to run the standard industry benchmarks for single node as well as multi note performance, with about maybe potentially a 2% degradation in performance, depending on the workload. Of course, it's very different, but but effectively being able to trade that performance for the accessibility, the ease of use, um, and even using things like we realise, automation for self service for the data scientists, Um and so that's kind of how we've been pulling it together for the market. >>Great stuff. Well, I got to ask you. I mean, people have that reaction of about the performance. I think you're being polite. Um, around how you said that shows the expectation. It's kind of sceptical, uh, and so I got to ask you, the impact of this is pretty significant. What is it now that customers can do that? They couldn't or couldn't feel they had before? Because if the expectations as well as it worked well, I mean, there's a fast means. It works, but like performance is always concerned. What's different now? What what's the bottom line impact on what country do now that they couldn't do before. >>So the bottom line impact is that AI is now accessible for the enterprise across there. Called their mainstream data centre, enterprises typically use consistent building blocks like the Dell VX rail products, right where they have to use servers that are common standard across the data centre. And now, with NVIDIA Enterprise and B M R V sphere, they're able to manage their AI in the same way that they're used to managing their data centre today. So there's no retraining. There's no separate clusters. There isn't like a shadow I t. So this really allows an enterprise to efficiently deploy um, and cost effectively Deploy it, uh, it without because there's no performance degradation without compromising what their their their data scientists and researchers are looking for. And then the flip side is for the data science and researcher, um, using some of the self service automation that I spoke about earlier, they're able to get a virtual machine today that maybe as a half a GPU as their models grow, they do more exploring. They might get a full GPU or or to GPS in a virtual machine. And their environment doesn't change because it's all connected to the back end storage. And so for the for the developer and the researcher, um, it makes it seamless. So it's really kind of a win for both Nike and for the user. And again, University of Pisa is doing some amazing things in terms of the workloads that they're doing, Um, and, uh and, uh, and are validating that performance. >>Weigh in on this. Share your opinion on or your reaction to that, What you can do now that you couldn't do before. Could you share your experience? >>Our experience is, uh, of course, if you if you go to your, uh, data scientists or researchers, the idea of, uh, sacrificing four months to flexibility at the beginning is not so well accepted. It's okay for, uh, for the Eid management, As John was saying, you have people that is know how to deal with the virtual infrastructure, so nothing changed for them. But at the end of the day, we were able to, uh, uh, test with our data. Scientists are researchers veteran The performance of us almost similar around really 95% of the performance for the internal developer developer to our work clothes. So we are not dealing with benchmarks. We have some, uh, work clothes that are internally developed and apply to healthcare music generator or some other strange project that we have inside and were able to show that the performance on the beautiful and their metal world were almost the same. We, the addition that individual world, you are much more flexible. You are able to reconfigure every finger very fast. You are able to design solution for your researcher, uh, in a more flexible way. An effective way we are. We were able to use the latest technologies from Dell Technologies and Vidia. You can imagine from the latest power edge the latest cuts from NVIDIA. The latest network cards from NVIDIA, like the blue Field to the latest, uh, switches to set up an infrastructure that at the end of the day is our winning platform for our that aside, >>a great collaboration. Congratulations. Exciting. Um, get the latest and greatest and and get the new benchmarks out their new playbooks. New best practises. I do have to ask you marriage, if you don't mind me asking why Look at virtualizing ai workloads. What's the motivation? Why did you look at virtualizing ai work clothes? >>Oh, for the sake of flexibility Because, you know, uh, in the latest couple of years, the ai resources are never enough. So we are. If you go after the bare metal, uh, installation, you are going into, uh, a world that is developing very fastly. But of course, you can afford all the bare metal, uh, infrastructure that your data scientists are asking for. So, uh, we decided to integrate our view. Dual infrastructure with AI, uh, resources in order to be able to, uh, use in different ways in a more flexible way. Of course. Uh, we have a We have a two parallels world. We still have a bare metal infrastructure. We are growing the bare metal infrastructure. But at the same time, we are growing our vehicle infrastructure because it's flexible, because we because our our stuff, people are happy about how the platform behaviour and they know how to deal them so they don't have to learn anything new. So it's a sort of comfort zone for everybody. >>I mean, no one ever got hurt virtualizing things that makes it makes things go better faster building on on that workloads. John, I gotta ask you, you're on the end video side. You You see this real up close than video? Why do people look at virtualizing ai workloads is the unification benefit. I mean, ai implies a lot of things, implies you have access to data. It implies that silos don't exist. I mean, that doesn't mean that's hard. I mean, is this real people actually looking at this? How is it working? >>Yeah. So? So again, um you know for all the benefits and activity today AI brings a I can be pretty complex, right? It's complex software to set up and to manage. And, um, within the day I enterprise, we're really focusing in on ensuring that it's easier for organisations to use. For example Um, you know, I mentioned you know, we we had introduced a virtual compute server bcs, um uh, two years ago and and that that has seen some some really interesting adoption. Some, uh, enterprise use cases. But what we found is that at the driver level, um, it still wasn't accessible for the majority of enterprises. And so what we've done is we've built upon that with NVIDIA Enterprise and we're bringing in pre built containers that remove some of the complexities. You know, AI has a lot of open source components and trying to ensure that all the open source dependencies are resolved so you can get the AI developers and researchers and data scientists. Actually doing their work can be complex. And so what we've done is we've brought these pre built containers that allow you to do everything from your initial data preparation data science, using things like video rapids, um, to do your training, using pytorch and tensorflow to optimise those models using tensor rt and then to deploy them using what we call in video Triton Server Inference in server. Really helping that ai loop become accessible, that ai workflow as something that an enterprise can manage as part of their common core infrastructure >>having the performance and the tools available? It's just a huge godsend people love. That only makes them more productive and again scales of existing stuff. Okay, great stuff. Great insight. I have to ask, What's next one's collaboration? This is one of those better together situations. It's working. Um, Mauricio, what's next for your collaboration with Dell VM Ware and video? >>We will not be for sure. We will not stop here. Uh, we are just starting working on new things, looking for new development, uh, looking for the next beast. Come, uh, you know, the digital world is something that is moving very fast. Uh, and we are We will not We will not stop here because because they, um the outcome of this work has been a very big for for our research group. And what John was saying This the fact that all the software stock for AI are simplified is something that has been, uh, accepted. Very well, of course you can imagine researching is developing new things. But for people that needs, uh, integrated workflow. The work that NVIDIA has done in the development of software package in developing containers, that gives the end user, uh, the capabilities of running their workloads is really something that some years ago it was unbelievable. Now, everything is really is really easy to manage. >>John mentioned open source, obviously a big part of this. What are you going to? Quick, Quick follow if you don't mind. Are you going to share your results so people can can look at this so they can have an easier path to AI? >>Oh, yes, of course. All the all the work, The work that is done at an ideal level from University of Visa is here to be shared. So we we as, uh, as much as we have time to write down we are. We are trying to find a way to share the results of the work that we're doing with our partner, Dell and NVIDIA. So for sure will be shared >>well, except we'll get that link in the comments, John, your thoughts. Final thoughts on the on the on the collaboration, uh, with the University of Pisa and Delvian, where in the video is is all go next? >>Sure. So So with University of Pisa, We're you know, we're absolutely, uh, you know, grateful to Morocco and his team for the work they're doing and the feedback they're sharing with us. Um, we're learning a lot from them in terms of things we can do better and things that we can add to the product. So that's a fantastic collaboration. Um, I believe that Mauricio has a session at the M World. So if you want to actually learn about some of the workloads, um, you know, they're doing, like, music generation. They're doing, you know, covid 19 research. They're doing deep, multi level, uh, deep learning training. So there's some really interesting work there, and so we want to continue that partnership. University of Pisa, um, again, across all four of us, uh, university, NVIDIA, Dell and VM Ware. And then on the tech side, you know, for our enterprise customers, um, you know, one of the things that we actually didn't speak much about was, um I mentioned that the product is optimised certified and supported, and I think that support cannot be understated. Right? So as enterprises start to move into these new areas, they want to know that they can pick up the phone and call in video or VM ware. Adele, and they're going to get support for these new workloads as they're running them. Um, we were also continuing, uh, you know, to to think about we spent a lot of time today on, like, the developer side of things and developing ai. But the flip side of that, of course, is that when those ai apps are available or ai enhanced apps, right, Pretty much every enterprise app today is adding a I capabilities all of our partners in the enterprise software space and so you can think of a beady eye enterprises having a runtime component so that as you deploy your applications into the data centre, they're going to be automatically take advantage of the GPS that you have there. And so we're seeing this, uh, future as you're talking about the collaboration going forward, where the standard data centre building block still maintains and is going to be something like a VX rail two U server. But instead of just being CPU storage and RAM, they're all going to go with CPU, GPU, storage and RAM. And that's going to be the norm. And every enterprise application is going to be infused with AI and be able to take advantage of GPS in that scenario. >>Great stuff, ai for the enterprise. This is a great QB conversation. Just the beginning. We'll be having more of these virtualizing ai workloads is real impacts data scientists impacts that compute the edge, all aspects of the new environment we're all living in. John. Great to see you, Maurizio here to meet you and all the way in Italy looking for the meeting in person and good luck in your session. I just got a note here on the session. It's at VM World. Uh, it's session 22 63 I believe, um And so if anyone's watching, Want to check that out? Um, love to hear more. Thanks for coming on. Appreciate it. >>Thanks for having us. Thanks to >>its acute conversation. I'm John for your host. Thanks for watching. We'll talk to you soon. Yeah,

>>mhm Yes. >>Hello and welcome back to the cubes coverage of dr khan 2021 virtual. I'm john Kerry hosted the Q got a great cube segment here. Simon Maple Field C T Oh it's technique. Great company security shifting left great to have you on Simon. Thanks for thanks for stopping by >>absolute pleasure. Thank you very much for having me. >>So you guys were on last year the big partnership with DR Conn remember that interview vividly because it was really the beginning at the beginning but really come to me the mainstream of shifting left as devops. It's not been it's been around for a while. But as a matter of practice as containers have been going super mainstream. Super ballistic in the developer community then you're seeing what's happening. It's containers everywhere. Security Now dev sec apps is the standard. So devops great infrastructure as code. We all know that but now it's def sec ops is standard. This is the real deal. Give us the update on what's going on with sneak. >>Absolutely, yeah. And you know, we're still tireless in our approach of trying to get make sure developers don't just have the visibility of security but are very much empowered in terms of actually fixing issues and secure development is what we're really striving for. So yeah, the update, we're still very, very deep into a partnership with DACA. We have updates on DR desktop which allows developers to scan the containers on the command line, providing developers that really fast feedback as as early as possible. We also have uh, you know, new updates and support for running Docker scan on Lennox. Um, and yeah, you know, we're still there on the Docker hub and providing that security insights um, to, to users who are going to Docker hub to grab their images. >>Well, for the folks watching maybe for the first time, the sneak Docker partnership, we went in great detail last year was the big reveal why Docker and sneak partnership, what is the evolution of that partnership over the year? They speak highly of you guys as a developer partner. Why Doctor? What's the evolution looked like? >>It's a it's a really great question. And I think, you know, when you look at the combination of DACA and sneak well actually let's take let's take each as an individual. Both companies are very, very developer focused. First of all, right, so our goals and will be strife or what we what we tirelessly spend their time doing is creating features and creating, creating an environment in which a developer you can do what they need to do as easily as possible. And that, you know, everyone says they want to be developer friendly, They want to be developer focused. But very few companies can achieve. And you look at a company like doctor, you're a company like sneak it really, really provides that developer with the developer experience that they need to actually get things done. Um, and it's not just about being in a place that a developer exists. It's not enough to do that. You need to provide a developer with that experience. So what we wanted to do was when we saw doctor and extremely developer friendly environment and a developer friendly company, when we saw the opportunity there to partner with Yoko, we wanted to provide our security developer friendliness and developer experience into an already developed a friendly tool. So what the partnership provides is the ease of, you know, deploying code in a container combined with the ease of testing your code for security issues and fixing security issues in your code and your container and pulling it together in one place. Now, one of the things which we as a as a security company um pride ourselves on is actually not necessarily saying we provide security tools. One of what our favorite way of saying is we're a developer tooling company. So we provide tools that are four developers now in doing that. It's important you go to where the developers are and developers on DACA are obviously in places like the Docker hub or the Docker Cli. And so it's important for us to embed that behavior and that ease of use inside Dhaka for us to have that uh that that flow. So the developer doesn't need to leave the Docker Cli developer that doesn't need to leave Docker hub in order to see that data. If you want to go deeper, then there are probably easier ways to find that data perhaps with sneak or on the sneak site or something like that. But the core is to get that insight to get that visibility and to get that remediation, you can see that directly in in the in the Dhaka environment. And so that's what makes the relationship so so powerful. The fact that you combine everything together and you do it at source >>and doing it at the point of code. >>Writing >>code is one of the big things I've always liked about the value proposition is simple shift left. Um So let's just step back for a second. I got to ask you this question because this I wanted to make sure we get this on the table. What are the main challenges uh and needs to, developers have with container security? What are you seeing as the main top uh A few things that they need to have right now for the challenges uh with container security? >>Yeah, it's a it's a very good question. And I think to answer that, I think we need to um we need to think of it in a couple of ways. First of all, you've just got developers security uh in general, across containers. Um And the that in itself is there are different levels at which developers engage with containers. Um In some organizations, you have security teams that are very stringent in terms of what developers can and can't do in other organizations. It's very much the developer that that chooses their environment, chooses their parent image, et cetera. And so there when a developer has many, many choices in which they need to need to decide on, some of those choices will lead to more issues, more risk. And when we look at a cloud native environment, um uh Let's take let's take a node uh image as an example, the number of different uh images tags you can choose from as a developer. It's you know, there are hundreds, probably thousands. That you can actually you can actually choose. What is the developer gonna do? Well, are they going to just copy paste from another doctor file, for example, most likely. What if there are issues in that docker file? They're just gonna copy paste that across mis configurations that exist. Not because the developer is making the wrong decision, but because the developer very often doesn't necessarily know that they need to add a specific directive in. Uh So it's not necessarily what you add in a conflict file, but it's very often what you admit. So there are a couple of things I would say from a developer point of view that are important when we think about cloud security, the first one is just that knowledge that understanding what they need to do, why they need to do it. Secure development doesn't need to be, doesn't mean they need to be deep in security. It means they need to understand how they can develop securely and what what the best decisions that could come from guard rails, from the security team that they provide the development team to offer. But that's the that's an important error of secure development. The second thing and I think one of the most important things is understanding or not understanding necessarily, but having the information to get an act on those things early. So we know the length of time that developers are uh working on a branch or working on um some some code changes that is reducing more and more and more so that we can push to production very, very quickly. Um What we need to do is make sure that as a developer is making their changes, they can make the right decision at the right time and they have the right information at that time. And a lot of this could be getting information from tools, could be getting information from your team where it could be getting information from your production environments and having that information early is extremely important to make. That decision. May be in isolation with your team in an autonomous way or with advice from the security team. But I would say those are the two things having that information that will allow you to make that action, that positive change. Um uh and and yeah, understanding and having that knowledge about how you can develop security. >>All right. So I have a security thing. So I'm a development team and by the way, this whole team's thing is a huge deal. I think we'll get to that. I want to come back to that in a second but just throw this out there. Got containers, got some security, it's out there and you got kubernetes clusters where containers are coming and going. Sometimes containers could have malware in them. Um and and this is, I've heard this out and about how do how that happens off container or off process? How do you know about it? Is that infected by someone else? I mean is it gonna be protected? How does the development team once it's released into the wild, so to speak. Not to be like that, but you get the idea, it's like, okay, I'm concerned off process this containers flying around. What is it How do you track all >>and you know, there's a there's a few things here that are kind of like potential potential areas that, you know, we can trip up when we think about malware that's running um there are certain things that we need to that we need to consider and what we're really looking at here are kind of, what do we have in place in the runtime that can kind of detect these issues are happening? How do we block that? And how do you provide that information back to the developer? The area that I think is, and that is very, very important in order to in order to be able to identify monitor that those environments and then feed that back. So that that that's the kind of thing that can be that can be fixed. Another aspect is, is the static issues and the static issues whether that's in your os in your OS packages, for example, that could be key binaries that exist in your in your in your docker container out the box as well or of course in your application, these are again, areas that are extremely important to detect and they can be detected very very early. So some things, you know, if it's malware in a package that has been identified as malware then absolutely. That can be that can be tracked very very early. Sometimes these things need to be detected a little bit later as well. But yeah, different tools for different for different environments and wear sneak is really focused. Is this static analysis as early as possible. >>Great, great insight there. Thanks for sharing that certainly. Certainly important. And you know, some companies classes are locked down and all of sudden incomes, you know, some some malware from a container, people worried about that. So I want to bring that up. Uh The other thing I want to ask you is this idea of end to end security um and this is a team formation thing we're seeing where modern teams have essentially visibility of their workload and to end. So this is a huge topic. And then by the way it might integrate their their app might integrate with other processes to that's great for containers as well and observe ability and microservices. So this is the trend. What's in it for the developer? If I work with sneak and docker, what benefits do I get if I want to go down that road of having these teams began to end, but I want the security built in. >>Mhm. Yeah, really, really important. And I think what's what's most important there is if we don't look end to end, there are component views and there are applications. If we don't look into end, we could have our development team fixing things that realistically aren't in production anyway or aren't the key risks that are potentially hurting us in our production environment. So it's important to have that end to end of you so that we have the right insights and can prioritize what we need to identify and look at early. Um, so I think, I think that visibility into end is extremely important. If we think about who, who is re fixing uh certain issues, again, this is gonna depend from dog to walk, but what we're seeing more and more is this becoming a developer lead initiative to not just find or be given that information, but ultimately fixed. They're getting more and more responsible for DR files for for I see for for their application code as well. So one of the areas which we've looked into as well is identifying and actually running in cuba Netease workloads to identify where the most important areas that a developer needs to look at and this is all about prioritization. So, you know, if the developer has just a component view and they have 100 different images, 100 different kubernetes conflicts, you know, et cetera. Where do they prioritize, where do they spend their time? They shouldn't consider everything equal. So this identification of where the workloads are running and what um is causing you the most risk as a business and as an organization, that is the data. That can be directly fed back into your, your your vulnerability data and then you can prioritize based on the kubernetes workloads that are in your production and that can be fed directly into the results in the dashboards. That's neat. Can provide you as well. So that end to end story really provides the context you need in order to not just develop securely, but act and action issues in a proper way. >>That's a great point. Context matters here because making it easy to do the right thing as early as possible, the right time is totally an efficiency productivity gain, you see in that that's clearly what people want. It's a great formula, success, reduce the time it takes to do something, reduced the steps and make it easy. Right, come on, that's a that's a formula. Okay, so I gotta bring that to the next level. When I ask you specifically around automation, this is one the hot topic and def sec ops, automation is part of it. You got scale, you got speed, you've got a I machine learning, you go out of all these new things. Microservices, how do you guys fit into the automation story? >>It's a great question. And you know, one of the recent reports that we that we did based on a survey data this year called the state of a state of cloud, native applications security. We we asked the question how automated our people in their in their deployment pipelines and we found some really strong correlations between value from a security point of view um in terms of in terms of having that automation in it, if I can take you through a couple of them and then I'll address that question about how we can be automated in that. So what we found is a really strong correlation as you would expect with security testing in ci in your source code repositories and all the way through the deployment ci and source code were the two of the most most well tested areas across the pipeline. However the most automated teams were twice as likely to test in I. D. S. And testing your CLS in local development. And now those are areas that are really hard to automate if at all because it's developers running running their cli developers running and testing in their I. D. So the having a full automation and full uh proper testing throughout the sclc actually encourages and and makes developers test more in their development environment. I'm not saying there's causation there but there's definite correlation. A couple of other things that this pushes is um Much much more likely to test daily or continuously being automated as you would expect because it's part of the bills as part of your monitoring. But crucially uh 73% of our respondents were able to fix a critical issue in less than a week as opposed to just over 30% of people that were not automated, so almost double people are More likely to fix within a week. 36% of people who are automated can fix a critical security issue in less than a day as opposed to 8% of people who aren't automated. So really strong data that correlates being automated with being able to react now. If you look at something like Sneak what if our um goals of obviously being developer friendly developer first and being able to integrate where developers are and throughout the pipeline we want to test everywhere and often. Okay, so we start as far left as we can um integrating into, you know, CLS integrating into Docker hub, integrating into into doctors can so at the command line you type in doctors can you get sneak embedded in DHAKA desktop to provide you those results so as early as possible, you get that data then all the way through to to uh get reposed providing that testing and automatically testing and importing results from there as well as as well as other repositories, container repositories, being at a poor from there and test then going into ci being able to run container tests in C I to make sure we're not regressing and to choose what we want to do their whether we break, whether we continue with with raising an issue or something like that, and then continuing beyond that into production. So we can monitor tests and automatically send pull requests, etcetera. As and when new issues or new fixes occur. So it's about integrating at every single stage, but providing some kind of action. So, for example, in our ui we provide the ability to say this is the base level you should be or could be at, it will reduce your number of vulnerabilities by X and as a result you're going to be that much more secure that action ability across the pipeline. >>That's a great, great data dump, that's a masterclass right there on automation. Thanks for sharing that sign. I appreciate it. I gotta ask you the next question that comes to my mind because I think this is kind of the dots connect for the customer is okay. I love this kind of hyper focus on containers and security. You guys are all over it, shift left as far as possible, be there all the time, test, test, test all through the life cycle of the code. Well, the one thing that is popping up as a huge growth areas, obviously hybrid cloud devops across both environments and the edge, whether it's five G industrial or intelligent edge, you're gonna have kubernetes clusters at the edge now. So you've got containers. The relationship to kubernetes and then ultimately cloud native work clothes at, say, the edge, which has data has containers. So there's a lot of stuff going on all over the place. What's your, what's your comment there for customer says, Hey, you know, I got, this is my architecture that's happening to me now. I'm building it out. We're comfortable with kubernetes put in containers everywhere, even on the edge how to sneak fit into that story. >>Yeah, really, really great question. And I think, you know, a lot of what we're doing right now is looking at a developer platform. So we care about, we care about everything that a developer can check in. Okay, so we care about get, we care about the repositories, we care about the artifact. So um, if you look at the expansion of our platform today, we've gone from code that people uh, third party libraries that people test. We added containers. We've also added infrastructure as code. So Cuban eighties conflicts, Terror form scripts and things like that. We're we're able to look at everything that the developer touches from their code with sneak code all the way through to your to your container. And I see, so I think, you know, as we see more and more of this pushing out into the edge, cuba Nitties conflict that that, you know, controls a lot of that. So much of this is now going to be or not going to be, but so much of the environment that we need to look at is in the configurations or the MIS configurations in that in those deployment scripts, um, these are some of the areas which which we care a lot about in terms of trying to identify those vulnerabilities, those miS configurations that exist within within those scripts. So I can see yeah more and more of this and there's a potential shift like that across to the edge. I think it's actually really exciting to be able to see, to be able to see those uh, those pushing across. I don't necessarily see any other, any, you know, different security threats or the threat landscape changing as a result of that. Um there could be differences in terms of configurations, in terms of miS configurations that that that could increase as a result, but, you know, a lot of this and it just needs to be dealt with in the appropriate way through tooling through, through education of of of of how that's done. >>Well, obviously threat vectors are all gonna look devops like there's no perimeter. So they're everywhere right? Looking at I think like a hacker to be being there. Great stuff. Quick question on the future relationship with DR. Obviously you're betting a lot here on that container relationship, a good place to start. A lot of benefits there. They have dependencies, they're going to have implications. People love them, they love to use them, helps old run with the new and helps the new run better. Certainly with kubernetes, everything gets better together. What's the future with the DACA relationship? Take us through how you see it. >>So yeah, I mean it's been an absolute blast the doctor and you know, even from looking at some of the internal internal chats, it's been it's been truly wonderful to see the, the way in which both the doctor and sneak from everything from an engineering point of view from a marketing, from a product team. It's been a pleasure to, it's been a pleasure to see that relationship grow and flourish. And, and I think there's two things, first of all, I think it's great that as companies, we, we both worked very, very well together. I think as as as users um seeing, you know, doctor and and and sneak work so so seamlessly and integrated a couple of things. I would love to see. Um, I think what we're gonna see more and more and this is one of the areas that I think, um you know, looking at the way sneak is going to be viewing security in general. We see a lot of components scanning a lot, a lot of people looking at a components can and seeing vulnerabilities in your components. Can I think what we need to, to to look more upon is consolidating a lot of the a lot of the data which we have in and around different scans. What I would love to see is perhaps, you know, if you're running something through doctors can how can you how can you view that data through through sneak perhaps how can we get that closer integration through the data that we that we see. So I would love to see a lot more of that occur, you know, within that relationship and these are kind of like, you know, we're getting to that at that stage where we see integration, it just various levels. So we have the integration where we have we are embedded but how can we make that better for say a sneak user who also comes to the sneak pages and wants to see that data through sneak. So I would love to see at that level uh more there where as I mentioned, we have we have some some additional support as well. So you can run doctors can from from Lenox as well. So I can see more and more of that support rolling out but but yeah, in terms of the future, that's where I would love to see us uh to grow more >>and I'll see in the landscape side on the industry side, um, security is going beyond the multiple control planes out there. Kubernetes surveillance service matches, etcetera, continues to be the horizontally scalable cloud world. I mean, and you got you mentioned the edge. So a lot more complexity to rein in and make easier. >>Yeah, I mean there's a lot more complexity, you know, from a security point of view, the technology is the ability to move quickly and react fast in production actually help security a lot because you know, being able to spin a container and make changes and and bring a container down. These things just weren't possible, you know, 10 years ago, 20 years ago. Pre that it's like it was it's insanely hard compared trying to trying to do that compared to just re spinning a container up. However, the issue I see from a security point of view, the concerns I see is more around a culture and an education point of view of we've got all this great tech and it's it's awesome but we need to do it correctly. So making sure that as you mentioned with making the right decision, what we want to make sure is that right decision is also the easy decision and the clear decision. So we just need to make sure that as we as we go down this journey and we're going down it fast and it's not gonna, I don't see it slowing down, we're going fast down that journey. How do we make, how do we prepare ourselves for that? We're already seeing, you know, miss configurations left, right and center in the news, I am roles as three buckets, etcetera. These are they're they're simpler fixes than we than we believe, right? We just need to identify them and and make those changes as needed. So we just need to make sure that that is in place as we go forward. But it's exciting times for sure. >>It's really exciting. And you got the scanning and right at the point of coding automation to help take that basic mis configuration, take that off the table. Not a lot of manual work, but ultimately get to that cloud scale cool stuff. >>Simon, thank you >>for coming on the cube dr khan coverage. Really appreciate your time. Drop some nice commentary there. Really appreciate it. Thank you. >>My pleasure. Thank you very much. >>Simon Maple Field C T. O. A sneak hot startup. Big partner with Docker Security, actually built in deVOPS, is now dead. Say cops. This is dr khan cube 2021 virtual coverage. I'm sean for your host. Thanks for watching. Mm.

>>from >>Around the globe, it's the cube with digital coverage of IBM think 2020 >>one brought to you by IBM. Hello everyone and welcome back to the cubes ongoing virtual coverage of IBM think 2021 this is our second virtual think and we're going to talk about what's on the minds of C. T. O. S with a particular point of view from the EMEA region. I'm pleased to welcome rasheed Parmer, who is an IBM fellow and vice president of technology for Armenia that region. Hello rashid, Good to see you. >>Hey David, great to see you. >>So let me start by by asking talk a little bit about the role of the C. T. O. And why is it necessarily important to focus on the C. T. O. Role versus say some of the other technology practitioner roles? >>Yeah. You know, you know, they as you look at all the range of roles of the got in in the I. T. Department, the CTO is uniquely placed in looking forward how technology and how digitization is gonna make a difference in the business but also at the same time is there as the kind of thought leader for how they're going to really you re imagine the use of technology reimagine automation, reimagining, how digitalization helps them go to market different ways. So the CTO is a unique unique position from idea to impact. And in the past we've kind of lost the C. T. A little bit but they're now re emerging as being the thought leader that's owning and driving digitalization going forward in our big plants. >>Yeah I agree. And it really has a deep understanding of that vision and can apply that vision to business success. So you obviously have a technical observation space and you also have some data so maybe you could share with our audience how you inform yourself and your colleagues and IBM on on what C. T. O. S. Are thinking about and what they're worried about. >>Yeah. So what we've done over the last four years now is gone out and interviewed Cdos and we do a very unstructured interviews. It's not it's not a survey in the form of uh you know, filling these uh these 10 questions and tell us yes or no. It really is a structured interviews. We asked things like what's top of mind for you, what are the decisions you're making? What's holding you back? What decisions do you think you shouldn't have made or you wouldn't have liked to make? And it's that range of a real input from the the interview. So last year we interviewed 100 CTO s um this year we're actually doing a lot more. We're working with the IBM Institute Business Value and we're gonna interview a lot more teachers but but the material we're gonna talk about today is is really from those 100 CTO interviews. >>Yeah. And I think that having done a lot of these myself, when you do those, we call them, you know in depth interviews, our I. D. S. You kind of have a structure and you sort of follow that but you learn so much and that it maybe does inform those more structured interviews that you do down the road. You learn so much, but maybe you could summarize some of the concerns in the region. What's on the minds of Ceos? >>Yeah. And you know, the the real decisions are made based around seven points. Right? So the first one is we all know, we're on a journey to the cloud but it's a hybrid multi cloud. How do I think about the range of capabilities and need to be able to unlock the latent potential of existing investments and the cloud based capabilities of God. So, so the hybrid cloud platform is one of the the first and foundational pieces. The second challenge is the C e O s want to modernize their applications and that modernization is a journey of moving towards microservices. That microservices journey has two parts. One is the business facing view and that's what containers is all about, choosing the right container platform at the same time. They also want to use containers as a way of automation and management and reducing the effort in the infrastructure. So, so that's kind of two parts of the whole container journey. So Microsoft, this has really become the business developer view and containers become the operational view At the same time. They want infused new data, they want to climb the ladder, they want to get the new new insights from that data that plugs into those new workflows to get to those workflows. There's a decision around how do I isolate myself from some of the services of using that? And we created a layer in the decisions around what's called cloud services integration. So cloud services integration is kind of the modern day E S B as we might think about it, but it's a way in which you choose which technology, which a P I is. I'm going to use from where and then ultimately, the CTS are trying to build what are the new, the new workflows, intelligent workflows and they're really worried about how do I get the right level of automation that managing that issue between what becomes creepy and valuable, Right? You know, the some workflows that happen, you think, why the hell did that happen? Right. That doesn't make sense. And and and and it really sort of nerves. The consumer, the user where some which are, wow, that's really cool. I really enjoyed that. To try to get the intelligent workflows right is a big concern. And then on the two big perils of that is how do we manage the system, the operational automation right from having the right data observe ability of all the infrastructure, recognizing they've got a spectrum of things from 30 40 50 year old systems to modern day cloud native systems, how to manage how operationally automate that keep that efficient, effective. And then of course protecting from the perpetrators, right? Business, a lot of people out there wanting to begin to the systems and, and, and and draw all kinds of, you know, a data from their system. So security, privacy and making sure that align with the ethics and privacy of the business. So those are those are the kind of range of issues right from the journey to cloud, through to operational automation, through through intelligent workflows, right into manage and protecting the services. >>It's interesting. Thank you for that. I mean I remember and you will as well some of the post Y two K you know, thrust and part part of the modernization back then was during that they had budget to do that. But a lot of times organizations would make the mistake that they would they're going to migrate off of a system that was working just fine. That was there sort of mental model of of modernization. And it turned out to be disastrous in many cases. And so when I talk to Ceos they talk about maybe, you know, I'd look at it is this this abstraction layer we want to protect what we have that works. Yes. Some stuff is going to go into the public cloud, but this hybrid connection that you talk about and then we want control and the way we're gonna get control is we're gonna use microservices to modernize and use modern A. P. I. S. And so very very sort of different thinking. And of course they want to avoid migration at all costs because it's so expensive and risky. I wonder if you could talk about, are there any patterns in terms of where people get started and the kinds of outcomes that they're working towards that they can measure? >>Yeah, we we kind of lumped the learning from the work into three broad patterns, right? Um one pattern is primarily around survival. They recognize that this journey is very complex. The pandemic has created tremendous challenges. The market dynamics means they've got to try and really be thoughtful in in taking cost out and making sure they survive some of these issues. And so the pattern is really around cost reduction. It may start with a hybrid cloud, it may start with intelligent workflows but it's really about taking costs out of the systems. The second pattern is what is referred to as a simplification pattern and this is about saying but we've got we've got so much complexity because of technical debt because of you know systems that we've half migrated and half done things with. So how do I how do I simplify my I. T. Landscape from applications through infrastructure for data and make it more consistent, manageable and and effective. And then the 3rd 1 is their city is saying look we've got a really pick the time when we super scale something, we've got something which we are unique and effective on and I want to take that and really super scale that very quickly and make that consistent and really maximize value of it so that the pattern is really fall into three categories of driving, driving, cost reduction and survival, simplification and modernisation transformation. And then those that have got something which is unique and special and really super scaring up. >>Yeah. Right, right, doubling down on those things. That unique competitive advantage in the, in the studies that you've done over the years. You use this term ADP architectural decision points and some of them are quite compelling. Maybe you could talk about some of those. Were there some anxieties from the cdos that you uncovered? >>Yeah. You know, the, the NDP s talk about the 70 Gps and it starts from the higher ability crowd through to two intelligent workflows and so on. And the NDP s themselves are really distilling the client's words and the clients way of thinking about how they're going to drive those, those technologies, um and also how they're going to use those techniques to make a difference. But if we went through those interviews, what became apparent is, see us do have some anxieties as you refer to, and those anxieties, they couldn't necessarily put words on them and their anxieties. Like, are we thinking enough about the carbon footprint? Are we are we being thoughtful in how we make sure we're reducing carbon footprint or reducing the environmental impact of the infrastructure? You've got, we've got sprawling infrastructure um ripping out rare metals from the earth. Are we being thoughtful in how we reduce the amount of rare metals we have water consumption right through to is the code that we're producing efficient, secure and and fit for for the future. Are we being ethical in capturing the data for its right use? Um Is the ai systems that we're building? Are they explainable? Are they ethical? Are they free from bias or are we kind of amplifying things that we shouldn't be amplifying? So there was a whole bunch of those call anxieties and what we did along with the architectural decision report. A point after decision report was was identify what we call a set of responsibilities. And and we've built a framework about around responsible computing which is which is a basis for how you think through what your responsibilities are as a as a Ceo are as an I. T. Leader. And we're right in the process of building out that that kind of responsible computing framework. >>You know it's interesting a lot of people may may think about they think about the responsible computing and and and the sustainability and they might think that's a 1 80 from Milton Friedman Economics, which is the job of businesses to make profits. But in fact responsible computing, there's a strong business case around it. It actually can help you reduce costs that can help you attract better employees. Because young people are passionate about this. I wonder if you could talk about how how people can get involved with responsible computing and lean in. >>Yeah, so what we're about to publish it is actually manifesto for responsible computing. So I think everybody wants to get that published. I'm hoping to do that in the next two or three months. We're working with a few clients. So there's actually three clients that have chosen through your client cts from the ones that we interviewed were very keen to collaborate with us in laying out that that manifesto and the opportunity really is from anybody listening. If if you if you find this of great value, please do come and reach out to me more than happy to collaborate. We're looking for more insights on this. We've also had some competitions. So in in in a media we've had a competition with business partners, looking for ideas of how we can really showcase examples or exemplars of being responsible computing provider, whether it's at the level of responsible data center, whether it's about responsible code data, use Responsible systems right through the responsible impact. And obviously a lot of our work around things like your tech for good is tied directly to responsible impact. And of course, if you want to see what we have never been doing are responsible responsibility report, which we've been voluntarily publishing for the last 30 years, provides a tremendous set of insights on how we've done that over the years. And and that's a that's a great way for you to see how we've been doing things and see if there are people in your business. >>Yeah. So there's so there's the, the ADP report is available. You can check it out on on linkedin. Um, go to, go to Russia linked in profile, you'll find it. There's a blog post that talks about the next wave of, of digitization, uh, you know, the learnings that you just talked about. So there's a lot of resources for for people to get involved. I'll give you the last word. >>Yeah. And look, this is this is what I call job big and it's not job done that the whole ADP responsible computing is a digitization journey where we want to balance delivering business value and making a difference to the organization, but at the same time being responsible in making sure that we're thoughtful what's needed for the future and we create impact that really matters. And we can feel proud that we've put a foundation for digitization which will which will serve the businesses for many years to come, >>love it, impact investing in your business and in the future. Russia, thanks so much for coming on the cube. Really appreciate it. >>A pleasure. Thank you. >>Okay, keep it right there for more coverage from IBM think 2021 this is Dave Volonte for the Cube. Yeah, yeah.

>>from around the globe. It's the Cube with digital coverage of AWS reinvent 2020 sponsored by Intel and AWS. Yeah, hello, everyone, and welcome back to the Cubes Walter Wall coverage of AWS reinvent 2020. We've gone virtual along with reinvent and we heard in Andy Jassy is hours long. Keynote a number of new innovations in the area of storage. And with me to talk about that is Milan Thompson Bukovec. She's the vice president of Block and Object Storage and AWS. That's everything. Elastic block storage s three Glacier, the whole portfolio Milon. Thanks for coming on. >>Great to see you. >>Great to see you too. So you heard Andy. We all heard Andy talk a lot about reinventing different parts of the platform, reinventing industries and a really kind of exciting and visionary put talk that he put forth. Let's >>talk >>about storage, though. How is storage reinventing itself? >>Well, as you know, cloud storage was essentially invented by a W s a number of years ago. And whether that's in 2000 and six, when US three was launched, or 2000 and eight when CBS was launched and we first came up with this model of pay as you go for durable, attached storage. Too easy to instances. And so we haven't stopped and we haven't slowed down. If anything, we've picked up the rate of reinvention that we've done across the portfolio for storage. I think, as Andy called out, speed matters. And it matters for how customers air thinking about how do they pivot and move to the cloud as quickly as they can, particularly this year. And it matters a lot in storage as well, because the changing access patterns of what customers air doing with their new cloud applications, you know they're they're transforming their businesses and their applications, and they need a modern storage platform underneath it. And that's what you have with AWS Storage. And he talked about some of the key releases, particularly in block storage. It's actually kind of amazing. What's what's been done with CBS is here. We launched GP three GP two was the previous generation general purpose volume type. We launched that in 2000 and 14 again thief, first type of general purpose volume that had this great combination of simplicity and price, and just about everybody uses it for a boot or often a data volume. And with GP three, which was available yesterday with Andy's announcement, we added four times peak throughput on top of GP two, and it's a 20% lower storage price per gigabyte per month. And we took the feedback. The number one feedback we got on GP to which was how can I separate buying throughput and I ops from storage capacity? And that is really important. That goes back to the promise of the cloud. And it goes back to being able to pick what aspect do you want to scale your storage on? And so, with GP three, you could buy a certain amount of capacity. And if you're good with that capacity, but you need more throughput, more eye ops, you can buy those independently. And that is that fine grained customization for those changing data patterns that I just talked about. And it's available for GP three today. >>Yeah, that was I looked at that, like my life is a knob that you could turn Okay, juice my eye ops. And don't touch my capacity. I'm happy there. I don't wanna pay for more of it. >>And thio add to that it's a knob you could turn if you need it. We have more throughput, more eye ops as a baseline capacity for your storage capacity than we did for GP to. But then you can tune it based on whatever you need, not just now, but in the future. >>So so given the pandemic, I mean, how has that affected E? Everybody is talking about going to the cloud, because where else you gonna go? But But how has that affected what customers are doing this year, and does it change your roadmap at all? Does it change your thinking? >>Well, I have to say, there's two main things that we've seen. One is it's really accelerated customers thinking about getting off of on premises and into the club. It's done that because nobody really wants to manage the data center. And if there's ever a year you don't want to manage the data center, it's 2020 and it's because, particularly with storage appliances, it takes a long time to acquire. Let's just take storage area networks or sense super expensive. You get a fixed amount of capacity you have to acquire. It takes months to come in you gotta rack and stack. Then you gotta change all your networking and maintain it. Ah, lot of customers don't want to do that. And so what it's done for us is it's really, uh, you know, accelerated our thinking and you saw yesterday and Andy's keynote as well. Of how do we build the first san in the cloud? And we launched Io two. In August of this year, we introduced the first nines of durability, again reinventing how people think about durability and their block storage. But just this week we now have a Iot to block Express with 2 56 K ai ops, four K megabytes of throughput in 64 terabytes of capacity, that sand level performance. And it's available for preview because I 02 is going to be your son in the cloud. And that is a direct correlation to what we hear from customers, which is how can I get away from these expensive on premises purchases like Sands and combine the performance with the elasticity that I need? So that's the first thing. How can we accelerate getting off of these very rigid procurement cycles that we have and having to manage a data center. It's not just for EBS, its for S. Trias. Well, the second thing we're hearing from customers is how can I have the agility? So you talk to customers as well. He talked to CEOs and C. T. O s. It's been a crazy year in 2020. It was one thing that a company has to do its pivot. It's really figure out. How are you going to adjust and adjust quickly? And so we have customers like Ontario Telehealth Network up in Canada, where they went from 8000 to 30,000 users because they're doing virtual health for Ontario. And we have other customers who, you know, that's a pivot. That's an increase. And we have other customers, like APS Flyer, where their goal is to just save money without changing their application. And they also did a pivot. They used the intelligence hearing storage class, which is the most popular storage class, as three offers for data lakes, and they were able to make that change save 18% on their storage cost, no change of their application, just using the capabilities of AWS. And so his ability to pivot helped you know really make us think and accelerate what we're building as well. And so one of the things that we launched just recently for intelligent hearing is we added two new archival tears to intelligent hearing. And those are archival tears, you know, just like intelligence hearing automatically watches every object industry storage and your data lake and gives you dynamic pricing based on if it's frequently accessed in a month or inflict infrequently accessed, you can turn on archival tear. And if your object your pork a file, for example, isn't access or your backup isn't access for 90 days, intelligence hearing will automatically move it to glacier characteristics of archival or too deep archive and give you the same price. A dollar, a terabyte per month. If your data is an access to 180 days, it's done automatically, and it means you save up to 90% 95% and cost on that storage. And so, if you if you think about those two trends, how can I get away from getting locked into those on premises Hardware cycles? How can I get away from it faster for sands and other hardware appliances and then the other trend is how can I pivot and use the innovation and the reinvention in our storage services to just save money and be more agile in these changing conditions? >>So I gotta ask you follow up question on staying in the cloud, because when you think of sand, you think of switches. You think of complexity, but I get that you're connecting to the performance of a sand. But you guys are all about simplicity. So how did you What's behind there? Can you take us under the covers? Just you guys build your own little storage network because it's cloud. It's gotta be fast and simple. >>That's right. When we're thinking about performance and cost, we go down to the metal for this stuff. We think about Unicosta a very fine grained level, and when we're building new technology that we know is gonna be the foundation for everything we're doing for that high performance, we went down to the protocol level. We're using something called Us RD. It's all rolled up under the hood for Block Express, and it's the foundation of that super super high performance. As you know, there's a lot of engineering behind the scenes in the cloud and for for what we've done this year, as part of that reinvention we've reinvented all the way down to the protocol way. >>Let me ask you that the two things that come up in our survey when you talk to CEOs, they say two priorities. Security is actually second cloud migration actually popped up to the top. So where does storage fit in that whole notion about cloud migration, >>Storage eyes, usually where a lot of people start, you know, Luckily, with a W s, you don't have to choose between security or cloud of migration. Security is job one for every AWS service. And so when customers air thinking about how do I move an application, they gotta move the data first. And so they start from the from the data. What storage do I use? What is the best fit for the storage and how do I best secure that's storage? And so the innovation that we dio on storage always comes with that. That combination of, you know, migration, the set of tools that we provide for getting data from on premises into the cloud. We have tools like aws data sync which do a great job of this on. Then we also look at things like how do we continue to take the profile of security forward? And one example of that is something we launched just this week called Bucket keys s three bucket keys. And it drops the cost of using kms for service side encryption with us three by over 90%. And the way it does it is that we've integrated those two services super closely together so that you can minimize the amount of costs that you make for very, very frequent request. Because in data lakes you have millions and billions of objects and our goal is to make security so cost effective people don't even think about it. That also goes for other parts of the platform. We have guard duty for us three now, and what that does is security anomaly detection automatically to track your access patterns across as three and flag when something is not quite what it should be. And so this idea of like how do I not only get my data into the cloud? But then how do I take advantage of the breath of the storage portfolio, but also the breath of the AWS services to really maximize that security profile as well as the access patterns that I want from my application. >>Well, my way hit the major announcements and unfortunately, out of time. But I really would love to have you back and go deeper and have you share your vision of what the cloud storage piece looks like going forward. Thanks so much for coming in. The Cube is great to have you. >>Great to be here. Thanks, Dave. CIA. >>See you later and keep it right, everybody. You're watching the cubes. Coverage of aws reinvent 2020 right back.

>>from around the globe. It's the Cube with digital coverage of AWS reinvent 2020 sponsored by Intel, AWS and our community partners. >>Welcome to the cubes coverage of AWS reinvent 2020. The digital version I'm Lisa Martin and I have a couple of Cuba alumni joining me from Wien. We've got Danny Allen. It's C T O and S VP of product strategy And Dave Russell, VP of Enterprise Strategy, is here as well. Danny and a Welcome back to the Cube. >>Hi, Lisa. Great to be here. >>Hey, Lisa. Great to be here. Love talking with this audience >>It and thankfully, because of technologies like this in the zoom, were still able to engage with that audience, even though we would all be gearing up to be Go spending five days in Vegas with what 47,000 of our closest friends across, you know, and walking a lot. But I wanted Thio. Danny, start with you and you guys had them on virtually this summer. That's an event known for its energy. Talk to me about some of the things that you guys announced there. And how are your customers doing with this rapid change toe? work from home and this massive amount of uncertainty. >>Well, certainly no one would have predicted this the beginning of the year. There has been such transformation. There was a statement made earlier this year that we've gone through two years of transformation in just two months, and I would say that is definitely true. If you look both internally and bean our workforce, we have 4400 employees all of a sudden, 3000 of them that had been going into the office or working from home. And that is true of our customer base as well. There's a lot of remote, uh, remote employ, mental remote working, and so that has. You would think it would have impact on the digital systems. But what it's done is it's accelerated the transformation that organizations were going through, and that's been good in a number of different aspects. One certainly cloud adoption of clouds picked up things like Microsoft teams and collaboration software is certainly picked up, so it's certainly been a challenging year on many fronts. But on the on the other hand, it's also been very beneficial for us as well. >>Yeah, I've talked to so many folks in the last few months. There's silver linings everywhere. There's opportunity everywhere. But give our audience standing an overview of who them is, what you do and how you help customers secure their data. >>Sure, so VM has been in the backup businesses. What I'll say We started right around when virtualization was taking off a little before AWS and you see two left computing services on DWI would do back up a virtual environments. You know, over the last decade, we have grown into a $1 billion company doing backup solutions that enable cloud data management. What do you mean by that? Is we do backup of all kinds of different infrastructures, from virtual to cloud based Assad's based to physical systems, You name it. And then when we ingest that data, what we do is we begin to manage it. So an example of this is we have 400,000 customers, they're going back up on premises. And one of the things that we've seen this year is this massive push of that backup data into S three into the public cloud and s. So this is something that we help our customers with as they go through this transformation. >>And so you've got a team for a ws Cloud native solution. Talk to me a little bit about that. And how does that allow business is to get that centralized view of virtual physical SAS applications? >>Yeah, I think it all starts with architecture er and fundamentally beams, architectures. ER is based upon having a portable data format that self describing. So what >>does >>that mean? That means it reduces the friction from moving data that might have been born on premises to later being Stan Shih ated in, say, the AWS cloud. Or you can also imagine now new workloads being born in the cloud, especially towards the middle and end of this year. A lot of us we couldn't get into our data center. We had to do everything remotely. So we had to try to keep those lights on operationally. But we also had to begin to lift and shift and accelerate your point about silver linings. You know, if there is a silver lining, the very prepared really benefited. And I think those that were maybe a little more laggards they caught up pretty quickly. >>Well, that's good to hear stick big sticking with you. I'd love to get your perspectives on I t challenges in the last nine months in particular, what things have changed, what remains the same. And where is back up as a priority for the the I T folks and really the business folks, too? >>Yeah, I almost want to start with that last piece. Where? Where's backup? So back up? Obviously well understood as a concept, it's well funded. I mean, almost everybody in their right mind has a backup product, especially for critical data. But yet that all sounds very much the same. What's very, very different, though? Where are those workloads? Where do they need to be going forward? What are the service level agreements? Meaning that access times required for those workloads? And while we're arguably transitioning from certain types of applications to new applications, the vast majority of us are dead in the middle of that. So we've got to be able to embrace the new while also anchoring back to the past. >>Yeah, I'm not so easily sudden, done professionally or personally, Danny, I'd love to get your perspective on how your customer conversations have changed. You know, we're executives like you, both of you are so used to getting on planes and flying around and being able Thio, engage with your customers, especially events like Vermont, and reinvent What's the change been like? And from a business perspective, are you having more conversations at that business? Little as the end of the day. If you can't recover the data, that's the whole point, right? >>Yeah, it is. I would say the conversations really have four sentiments to them. The first is always starts with the pandemic and the impact of the pandemic on the business. The second from there is it talks about resource. We talked about resource management. That's resource management, both from a cost perspective. Customers trying to shift the costs from Capex models typically on premises into Op X cloud consumption models and also resource management as well. There's the shift from customers who are used to doing business one way, and they're trying to shift the resources to make it effective in a new and better way. I'd say the third conversation actually pivots from there to things like security and governance. One of the interesting things this year we've seen a lot of is ransomware and malware and attacks, especially because the attack surface has increased with people working from home. There is more opportunity for organizations to be challenged, and then, lastly, always pivots where it ends up his digital transformation. How do I get from where I used to be to where I want to be? >>Yeah, the ransomware increase has been quite substantial. I've seen a number of big. Of course you never want to be. The brand garment was head Carnival Cruise Line. I think canon cameras as well and you're talking about you know you're right, Danny. The attacks are toe surfaces, expanding. Um, you know, with unprotected cloud databases. I think that was the Facebook Tic Tac Instagram pack. And so it's and also is getting more personal, which we have more people from home, more distractions. And that's a big challenge that organizations need to be prepared for, because, really, it's not a matter of are we going to get a hit? But it's It's when, and we need to make sure that we have that resiliency. They've talked to us about how them enables customers toe have that resiliency. >>Yeah, you know, it's a multilayered approach like you know, any good defensive mechanism. It's not one thing it's trying to do all of the right things in advance, meaning passwords and perimeter security and, ideally, virtual private networks. But to your point, some of those things can fail, especially as we're all working remotely, and there's more dependence on now. Suddenly, perhaps not so. I t sophisticated people, too. Now do the right things on a daily basis and your point about how personal is getting. If we're all getting emails about, click on this for helpful information on the pandemic, you know there's the likelihood of this goes up. So in addition to try and do good things ahead of time, we've got some early warning detection capabilities. We can alert that something looks suspicious or a novelist, and bare bears out better investigation to confirm that. But ultimately, the couple of things that we do, they're very interesting and unique to beam are we can lock down copy of the backup data so that even internal employees, even somewhat at Amazon, can't go. If it's marked immutable and destroy it, remove it, alter it in any way before it's due to be modified or deleted, erased in any way. But one of the ones I'm most excited about is we can actually recover from an old backup and now introduce updated virus signatures to ensure we don't reintroduced Day zero threats into production environment. >>Is it across all workloads, physical virtual things like, you know, Microsoft or 65 slack talked about those collaboration tools that immune ability, >>so immune ability. We're expanding out into multiple platforms today. We've got it on on premises object storage through a variety of different partners. Actually, a couple dozen different partners now, and we have something very unique with AWS s three object lock that we you can really lock down that data and ensure that can't be compromised. >>That's excellent, Danny, over to you in terms of cloud adoption, you both talked about this acceleration of digital business transformation that we've all seen. I think everyone has whiplash from that and that this adoption of cloud has increased. We've seen a lot of that is being a facilitator like, are you working with clients who are sort of, you know, maybe Dave at that point you talked about in the beginning, like kind of on that on that. Bring in the beginning and we've got to transform. We've got to go to the cloud. How do you kind of help? Maybe facilitate their adoption of public health services like AWS with the technologies that the off first? >>Yeah, I'd say it's really two things everyone wants to say, Hey, we're disrupting the market. We're changing everything about the world around us. You should come with us. Being actually is a very different approach to this one is we provide stability through the disruption around you. So as your business is changing and evolving and you're going through digital transformation, we can give you the stability through that and not only the stability through that change, but we can help in that change. And what I mean by that is if you have a customer who's been on premises and running the workloads on premises for a long while, and maybe they've been sending their backups and deaths three and flagging that impute ability. But maybe now they want to actually migrate the workloads into E. C to weaken. Do that. It's a It's a three step three clicks and workflow to hit a button and say send it up into Easy to. And then once it's in AWS, we can protect the workload when it's there. So we don't just give the stability in this changing environment around us. But we actually help customers go through that transformation and help them move the workloads to the most appropriate business location for them. >>And how does that Danny contending with you from a cost optimization perspective? Of course, we always talk about cost as a factor. Um, I'm going to the cloud. How does that a facilitator of, like, being able to move some of those workloads like attitude that you talked about? Is that a facilitator of cost optimization? Lower tco? I would imagine at some point Yes, >>Yes, it is. So I have this saying the cloud is not a charity right there later in margin, and often people don't understand necessarily what it's going to cost them. So one of the fundamental things that we've had in being back up for a W s since the very beginning since version one is we give cost forecasting and it's not just a rudimentary cost forecasting. We look at the storage we looked compute. We looked at the networking. We look at what all of the different factors that go into a policy, and we will tell them in advance what it's going to cost. That way you don't end up in a position where you're paying a lot more than you expected to pay. And so giving that transparency, giving the the visibility into what the costs of the cloud migration and adoption are going to be is a critical motivator for customers actually to use our software. >>Awesome. And Dave, I'm curious if we look at some of the things trends wise that have gone on, what are you seeing? I t folks in terms of work from home, the remote workers, but I am imagine they're getting their hands on this. But do you expect that a good amount of certain types of folks from industries won't go back into the office because I ts realizing, like more cost optimization? Zor Hey, we don't need to be on site because we can leverage cloud capabilities. >>Yeah, I think it works, actually, in both directions least, I think we'll see employees continue to work remotely, so the notion of skyscrapers being filled with tens of thousands of people, you know, knowledge workers, as they were once called back in the day. That may not come to pass at least any time soon. But conversely to your point everybody getting back into the data center, you know, from a business perspective, the vast majorities of CEO so they don't wanna be in the real estate business. They don't wanna be in the brick and mortar and the power cooling the facilities business. So >>that was >>a trend that was already directionally happening. And just as an accelerant, I think 2000 and 20 and probably 2021 at least the first half just continues that trend. >>Yeah, Silicon Valley is a bit lonely. The freeways there certainly emptier, which is one thing. But it is. It's one of those things that you think you could be now granted folks that worked from home regardless of the functions they were in before. It's not the same. I think we all know that it's not the same working from home during a pandemic when there's just so much more going on. But at the same time, I think businesses are realizing where they can actually get more cost optimization. Since you point not wanting to manage real estate, big data centers, things like that, that may be a ah, positive spin on what this situation has demonstrated. Daddy Last question to you. I always loved it to hear about successful customers. Talk to me about one of your favorite reference customers that really just articulates beams value, especially in this time of helping customers with so many pivots. >>Well, the whole concept of digital transformation is clearly coming to the forefront with the pandemic. And so one of my favorite customers, for example, ducks unlimited up in Canada. They have i ot sensors where they're collecting data about about climate information. They put it into a repository and they keep it for 60 years. Why 60 years? Because who knows? Over the next 60 years, when these sensors in the data they're collecting may be able to solve problems like climate change. But if you >>look at it >>a broader sense, take that same concept of collection of data. I think we're in a fantastic period right now where things like Callum medicine. Um, in the past, >>it was >>kind of in a slow roll remote education and training was on kind of a slow roll. Climate change. Slow roll. Um, but now the pandemics accelerating. Ah, lot of that. Another customer, Royal Dutch Shell, for example. Traditionally in the oil and petrochemical industry, their now taking the data that they have, they're going through this transformation faster than ever before and saying, How do I move to sustainable energy? And so a lot of people look at 2020 and say, I want how does this year? Or, you know, this is not the transformation I want. I actually take the reverse of that. The customers that we have right now are taking the data sets that they have, and they're actually optimizing for a more sustainable future, a better future for us and for our Children. And I think that's a fantastic thing, and being obviously helps in that transformation. >>That's excellent. And I agree with you, Danny, you know, the necessity is the mother of invention. And sometimes when all of these challenges air exposed, it's hard right away to see what are the what are the positives right? What are the opportunities? But from a business perspective is you guys were talking about the beginning of our segment, you know, in the beginning was keeping the lights on. Well, now we've got to get from keeping the lights on, too. Surviving to pivoting well to thriving. So that hopefully 2021 this is good as everybody hopes it's going to be. Right, Dave? >>Yeah, absolutely. It's all data driven and you're right. We have to move from keep the lights up on going the operational aspect to growing the business in new ways and ideally transforming the business in new ways. And you can see we hit on digital transformation a number of times. Why? Because its data driven, Why do we intercept that with being well? Because if it's important to you, it's probably backed up and held for long term safekeeping. So we want to be able to better leverage the data like Danny mentioned with Ducks Unlimited. >>And of course, as we know, data volumes are only growing. So next time you're on day, you have to play us out with one of your guitars. Deal >>definitely, definitely will. >>Excellent for Dave Russell and Danny Allen. I'm Lisa Martin. Guys, thank you so much for joining. You're watching the Cube

>>from around the globe. It's the Cube with coverage of Yukon and Cloud. Native Con North America. 2020. Virtual Brought to You by Red Hat, The Cloud, Native Computing Foundation and Ecosystem Partners Welcome back to the Cube. Virtual coverage of KUB Con Cloud native 2020. It's virtual this year. We're not face to face. Were normally in person where we have great interviews. Everyone's kind of jamming in the hallways, having a good time talking tech, identifying the new projects and knew where So we're not. There were remote. I'm John for your host. We've got two great gas, both Cuba alumni's Chris. And is it chief technology officer of the C and C F Chris, Welcome back. Great to see you. Thanks for coming on. Appreciate it. >>Awesome. Glad to be here. >>And, of course, another Cube alumni who is in studio. But we haven't had him at a Show Jr store meant executive director of the Fin Ops Foundation. And that's the purpose of this session. A interesting data point we're going to dig into how cloud has been enabling Mawr communities, more networks of practitioners who are still working together, and it's also a success point Chris on the C N C F vision, which has been playing out beautifully. So we're looking forward to digging. Jr. Thanks for coming on. Great to see you. >>Yeah, great to be here. Thanks, John. >>So, first of all, I want to get the facts out there. I think this is really important story that people should pay attention to the Finn Ops Foundation. That J. R. That you're running is really an interesting success point because it's it's not the c n c f. Okay. It's a practitioner that builds on cloud. Your experience in community you had is doing specific things that they're I won't say narrow but specific toe a certain fintech things. But it's really about the success of Cloud. Can you explain and and layout for take a minute to explain What is the fin Ops foundation and has it relate to see NCF? >>Yeah, definitely. So you know, if you think about this, the shift that we've had to companies deploying primarily in cloud, whether it be containers a ciencia focuses on or traditional infrastructure. The thing that typically people focus on right is the technology and innovation and speed to market in all those areas. But invariably companies hit this. We'd like to call the spend panic moment where they realize they're They're initially spending much more than they expected. But more importantly, they don't really have the processes in place or the people or the tools to do things like fully, you know, understand where their costs are going to look at how to optimize those to operate that in their organizations. And so the foundation pinups foundation eyes really focused on, uh, the people in practitioners who are in organizations doing cloud financial management, which is, you know, being those who drive this accountability of this variable spin model that's existed. So we were partnering very closely with, uh, see NCF. And we're now actually part of the Linux Foundation as of a few months ago, Uh, and you know, just to kind of put into context how that you kind of Iraq together, whereas, you know, CNC s very focused on open source coordinative projects, you know, For example, Spotify just launched their backstage cloud called Management Tool into CFCF Spotify folks, in our end, are working on the best practices around the cloud financial management that standards to go along with that. So we're there to help, you know, define this sort of cultural transformation, which is a shift to now. Engineers happen to think about costs as they never did before. On finance, people happen to partner with technology teams at the speed of cloud, and, you know executives happen to make trade off decisions and really change the way that they operate the business. With this variable page ago, engineers have all the access to spend the money in Cloud Model. >>Hey, blank check for engineers who doesn't like that rain that in its like shift left for security. And now you've got to deal with the financial Finn ops. It's really important. It's super point, Chris. In all seriousness. Putting kidding aside, this is exactly the kind of thing you see with open sores. You're seeing things like shift left, where you wanna have security baked in. You know what Jr is done in a fabulous job with his community now part of Linux Foundation scaling up, there's important things to nail down that is specific to that domain that are related to cloud. What's your thoughts on this? Because you're seeing it play out. >>Yeah, no, I mean, you know, I talked to a lot of our end user members and companies that have been adopting Cloud Native and I have lots of friends that run, you know, cloud infrastructure at companies. And Justus Jr said, You know, eventually there's been a lot of success and cognitive and want to start using a lot of things. Your bills are a little bit more higher than you expect. You actually have trouble figuring out, you know, kind of who's using what because, you know, let's be honest. A lot of the clouds have built amazing services. But let's say the financial management and cost management accounting tools charge back is not really built in well. And so I kind of noticed this this issue where it's like, great everyone's using all these services. Everything is great, But costs are a little bit confusing, hard to manage and, you know, you know, scientifically, you know, I ran into, you know, Jr and his community out there because my community was having a need of like, you know, there's just not good tools, standards, no practices out there. And, you know, the Finau Foundation was working on these kind of great things. So we started definitely found a way to kind of work together and be under the same umbrella foundation, you know, under the under Linux Foundation. In my personal opinion, I see more and more standards and tools to be created in this space. You know, there's, you know, very few specifications or standards and trying to get cost, you know, data out of different clouds and tools out there, I predict, Ah, lot more work is going to be done. Um, in this space, whether it's done and defendants foundation itself, CNC f, I think will probably be, uh, collaboration amongst communities. Can I truly figure this out? So, uh, engineers have any easier understanding of, you know, if I spent up the service or experiment? How much is this actually going to potentially impact the cost of things and and for a while, You know, uh, engineers just don't think about this. When I was at Twitter, we spot up services all time without really care about cost on, and that's happening a lot of small companies now, which don't necessarily have as a big bucket. So I'm excited about the space. I think you're gonna see a huge amount of focus on cloud financial management drops in the near future. >>Chris, thanks for that great insight. I think you've got a great perspective. You know, in some cases, it's a fast and loose environment. Like Twitter. You mentioned you've got kind of a blank check and the rocket ships going. But, Jr, this brings up to kind of points. This kind of like the whole code side of it. The software piece where people are building code, but also this the human error. I mean, we were playing with clubs, so we have a big media cloud and Amazon and we left there. One of the buckets open on the switches and elemental. We're getting charged. Massive amounts for us cash were like, Wait a minute, not even using this thing. We used it once, and it left it open. It was like the water was flowing through the pipes and charging us. So you know, this human error is throwing the wrong switch. I mean, it was simply one configuration error, in some cases, just more about planning and thinking about prototypes. >>Yeah. I mean, so take what your experience there. Waas and multiply by 1000 development teams in a big organization who all have access to cloud. And then, you know, it's it's and this isn't really about a set of new technologies. It's about a new set of processes and a cultural change, as Chris mentioned, you know, engineers now thinking about cost and this being a whole new efficiency metric for them to manage, right? You know, finance teams now see this world where it's like tomorrow. The cost could go three x the next day they could go down. You've got, you know, things spending up by the second. So there's a whole set of cross functional, and that's the majority of the work that are members do is really around. How do we get these cross functional teams working together? How do we get you know, each team up leveled on what they need, understand with cloud? Because not only is it, you know, highly variable, but it's highly decentralized now, and we're seeing, you know, cloud hit. These sort of material spend levels where you know, the big, big cloud spenders out there spending, you know, high nine figures in some cases you know, in cloud and it's this material for their for their businesses. >>And let's just let's be honest. Here is like Clouds, for the most part, don't really have a huge incentive in offering limits and so on. It's just, you know, like, hey, the more usage that the better And hopefully getting a group of practitioners in real figures. Well, holy put pressure to build better tools and services in this area. I think actually it is happening. I think Jared could correct me if wrong. I think AWS recently announced a feature where I think it's finally like quotas, you know, enabled, you know, you have introducing quotas now for and building limits at some level, which, you know, I think it's 2020 Thank you know, >>just to push back a little bit in support of our friends, you ask Google this company, you know, for a long time doing this work, we were worried that the cloud would be like, What are you doing? Are you trying to get our trying to minimize commitments and you know the dirty secret of this type of work? And I were just talking a bunch of practitioners today is that cloud spend never really goes down. When you do this work, you actually end up spending more because you know you're more comfortable with the efficiency that you're getting, and your CEO is like, let's move more workloads over. But let's accelerate. Let's let's do Maurin Cloud goes out more data centers. And so the cloud providers air actually largely incentivized to say, Yeah, we want people to be officially don't understand this And so it's been a great collaboration with those companies. As you said, you know, aws, Google, that you're certainly really focused in this area and ship more features and more data for you. It's >>really about getting smart. I mean, you know, they no, >>you could >>do it. I mean, remember the old browser days you could switch the default search engine through 10 menus. You could certainly find the way if you really wanted to dig in and make policy a simple abstraction layer feature, which is really a no brainer thing. So I think getting smarter is the right message. I want to get into the synergy Chris, between this this trend, because I think this points to, um kind of what actually happened here if you look at it at least from my perspective and correct me if I'm wrong. But you had jr had a community of practitioners who was sharing information. Sounds like open source. They're talking and sharing, you know? Hey, don't throw that switch. Do This is the best practice. Um, that's what open communities do. But now you're getting into software. You have to embed cost management into everything, just like security I mentioned earlier. So this trend, I think if you kind of connect the dots is gonna happen in other areas on this is really the synergy. Um, I getting that right with CNC >>f eso The way I see it is, and I dream of a future where developers, as they develop software, will be able to have some insight almost immediately off how much potential, you know, cost or impact. They'll have, you know, on maybe a new service or spinning up or potentially earlier in the development cycle saying, Hey, maybe you're not doing this in a way that is efficient. Maybe you something else. Just having that feedback loop. Ah lot. You know, closer to Deb time than you know a couple weeks out. Something crazy happens all of a sudden you notice, You know, based on you know, your phase or financial folks reaching out to you saying, Hey, what's going on here? This is a little bit insane. So I think what we'll see is, as you know, practitioners and you know, Jr spinoffs, foundation community, you know, get together share practices. A lot of them, you know, just as we saw on sense. Yeah, kind of build their own tools, models, abstractions. And, you know, they're starting to share these things. And once you start sharing these things, you end up with a you know, a dozen tools. Eventually, you know, sharing, you know, knowledge sharing, code sharing, you know, specifications. Sharing happens Eventually, things kind of, you know, become de facto tools and standards. And I think we'll see that, you know, transition in the thin ops community over the next 12 to 4 months. You know, very soon in my thing. I think that's kind of where I see things going, >>Jr. This really kind of also puts a riel, you know, spotlight and illustrates the whole developer. First cliche. I mean, it's really not a cliche. It's It's happening. Developers first, when you start getting into the calculations of our oi, which is the number one C level question is Hey, what's the are aware of this problem Project or I won't say cover your ass. But I mean, if someone kind of does a project that it breaks the bank or causes a, you know, financial problem, you know, someone gets pulled out to the back would shed. So, you know, here you're you're balancing both ends of the spectrum, you know, risk management on one side, and you've got return on investment on the other. Is that coming out from the conversation where you guys just in the early stages, I could almost imagine that this is a beautiful tailwind for you? These thes trends, >>Yeah. I mean, if you think about the work that we're doing in our practice you're doing, it's not about saving money. It's about making money because you actually want empower those engineers to be the innovation engines in the organization to deliver faster to ship faster. At the same time, they now can have, you know, tangible financial roo impacts on the business. So it's a new up leveling skill for them. But then it's also, I think, to Christmas point of, you know, people seeing this stuff more quickly. You know what the model looks like when it's really great is that engineers get near real time visibility into the impact of their change is on the business, and they can start to have conversations with the business or with their finance partners about Okay, you know, if you want me to move fast, I could move fast, But it's gonna cost this if you want me to optimize the cost. I could do that or I can optimize performance. And there's actually, you know, deeper are like conversation the candidate up. >>Now I know a lot of people who watch the Cube always share with me privately and Chris, you got great vision on this. We talked many times about it. We're learning a lot, and the developers are on the front lines and, you know, a lot of them don't have MBAs and, you know they're not in the business, but they can learn quick. If you can code, you can learn business. So, you know, I want you to take a minute Jr and share some, um, educational knowledge to developers were out there who have to sit in these meetings and have to say, Hey, I got to justify this project. Buy versus build. I need to learn all that in business school when I had to see s degree and got my MBA, so I kind of blended it together. But could you share what the community is doing and saying, How does that engineer sit in the meeting and defend or justify, or you some of the best practices what's coming out of the foundation? >>Yeah, I mean, and we're looking at first what a core principles that the whole organization used to line around. And then for each persona, like engineers, what they need to know. So I mean, first and foremost, it's It's about collaboration, you know, with their partners andan starting to get to that world where you're thinking about your use of cloud from a business value driver, right? Like, what is the impact of this? The critical part of that? Those early decentralization where you know, now you've got everybody basically taking ownership for their cloud usage. So for engineers, it's yes, we get that information in front of us quickly. But now we have a new efficiency metric. And engineers don't like inefficiency, right? They want to write fishing code. They wanna have efficient outcomes. Um, at the same time, those engineers need to now, you know, have ah, we call it, call it a common lexicon. Or for Hitchhiker's Guide to the Galaxy, folks. Ah, Babel fish that needs to be developed between these teams. So a lot of the conversations with engineers right now is in the foundation is okay. What What financial terms do I need to understand? To have meaningful conversations about Op X and Capex? And what I'm going to make a commitment to a cloud provider like a committed use discount, Google or reserved instance or savings Planet AWS. You know, Is it okay for me to make that? What? How does that impact our, you know, cost of capital. And then and then once I make that, how do I ensure that I could work with those teams to get that allocated and accounted? The right area is not just for charge back purposes, but also so that my teams can see my portion of the estate, right? And they were having the flip side of that conversation with all the finance folks of like, You need to understand how the variable cloud, you know, model works. And you need to understand what these things mean and how they impact the business. And then all that's coming together. And to the point of like, how we're working with C and C f you know, into best practices White papers, you know, training Siri's etcetera, sets of KP eyes and capabilities. Onda. All these problems have been around for years, and I wouldn't say they're solved. But the knowledge is out there were pulling it together. The new level that we're trying to talk with the NCF is okay. In the old world of Cloud, you had 1 to 1 use of a resource. You're running a thing on an instance in the new world, you're running in containers and that, you know, cluster may have lots of pods and name spaces, things inside of it that may be doing lots of different workloads, and you can no longer allocate. I've got this easy to instance and this storage to this thing it's now split up and very ephemeral. And it is a whole new layer of virtualization on top of virtual ization that we didn't have to deal with before. >>And you've got multiple cloud. I'll throw that in there, just make another dimension on it. Chris, tie this together cause this is nice energy to scale up what he's built with the community now, part of the Linux Foundation. This fits nicely into your vision, you know, perfectly. >>Yeah, no, 100% like, you know, so little foundation. You know, as you're well, well aware, is just a federation of open source foundations of groups working together to share knowledge. So it definitely fits in kind of the little foundation mission of, you know, building the largest share technology investment for, you know, humankind. So definitely good there with my kind of C and C f c T o hat, you know, on is, you know, I want to make sure that you know, you know my community and and, you know, the community of cloud native has access and, you know, knowledge about modern. You know, cloud financial management practices out there. If you look at some of the new and upcoming projects in ciencia things like, you know, you know, backstage, which came out of Spotify. They're starting to add functionality that, you know, you know, originally backstage kind of started out as this, you know, everyone builds their own service catalog to go catalog, and you know who owns what and, you know and all that goodness and developers used it. And eventually what happened is they started to add cost, you know, metrics to each of these services and so on. So it surfaces things a little bit closer, you know, a depth time. So my whole goal is to, you know, take some of these great, you know, practices and potential tools that were being built by this wonderful spinoffs community and trying to bring it into the project. You know, front inside of CNC F. So having more projects either exposed, you know, useful. You know, Finn, ops related metrics or, you know, be able to, you know, uh, you know, tool themselves to quickly be able to get useful metrics that could be used by thin ox practitioners out there. That's my kind of goal. And, you know, I just love seeing two communities, uh, come together to improve, improve the state of the world. >>It's just a great vision, and it's needed so and again. It's not about saving money. Certainly does that if you play it right, but it's about growth and people. You need better instrumentation. You need better data. You've got cloud scale. Why not do something there, right? >>Absolutely. It's just maturity after the day because, you know, a lot of engineers, you know, they just love this whole like, you know, rental model just uses many Resource is they want, you know, without even thinking about just basic, you know, metrics in terms of, you know, how many idle instances do I have out there and so, like, people just don't think about that. They think about getting the work done, getting the job done. And if they anything we do to kind of make them think a little bit earlier about costs and impact efficiency, charge back, you know, I think the better the world isn't Honestly, you know, I do see this to me. It's It's almost like, you know, with my hippie hat on. It's like Stephen Green or for the more efficient we are. You know, the better the world off cloud is coming. Can you grow? But we need to be more efficient and careful about the resource is that we use in sentencing >>and certainly with the pandemic, people are virtually you wanted mental health, too. I mean, if people gonna be pulling their hair out, worrying about dollars and cents at scale, I mean, people are gonna be freaking out and you're in meetings justifying why you did things. I mean, that's a time waster, right? I mean, you know, talking about wasting time. >>I have a lot of friends who, you know, run infrastructure at companies. And there's a lot of you know, some companies have been, you know, blessed during this, you know, crazy time with usage. But there is a kind of laser focused on understanding costs and so on and you not be. Do not believe how difficult it is sometimes even just to get, you know, reporting out of these systems, especially if you're using, you know, multiple clouds and multiple services across them. It's not. It's non trivial. And, you know, Jared could speak to this, But, you know, a lot of this world runs in like terrible spreadsheets, right and in versus kind of, you know, nice automated tools with potential, a p I. So there's a lot of this stuff. It's just done sadly in spreadsheets. >>Yeah, salute the flag toe. One standard to rally around us. We see this all the time Jr and emerging inflection points. No de facto kind of things develop. Kubernetes took that track. That was great. What's your take on what he just said? I mean, this is a critical path item for people from all around. >>Yeah, and it's It's really like becoming this bigger and bigger data problem is well, because if you look at the way the clouds are building, they're building per seconds and and down to the very fine grain detail, you know, or functions and and service. And that's amazing for being able to have accountability. But also you get people with at the end of the month of 300 gigabyte billing files, with hundreds of millions of rows and columns attached. So, you know, that's where we do see you companies come together. So yeah, it is a spreadsheet problem, but you can now no longer open your bill in a spreadsheet because it's too big. Eso you know, there's the native tools are doing a lot of work, you know, as you mentioned, you know, AWS and Azure Google shipping a lot. There's there's great, you know, management platforms out there. They're doing work in this area, you know, there's there's people trying to build their own open source the things like Chris was talking about as well. But really, at the end of the day like this, this is This is not a technology. Changes is sort of a cultural shift internally, and it's It's a lot like the like, you know, move from data center to cloud or like waterfall to Dev ops. It's It's a shift in how we're managing, you know, the finances of the money in the business and bringing these groups together. So it it takes time and it takes involvement. I'm also amazed I look like the job titles of the people who are plugged into the Phenoms Foundation and they range from like principal engineers to tech procurement. Thio you know, product leaders to C. T. O. S. And these people are now coming together in the classic to get a seat at the table right toe, Have these conversations and talk about not How do we reduce, you know, cost in the old eighties world. But how do we work together to be more quickly to innovate, to take advantage of these cognitive technologies so that we could be more competitive? Especially now >>it's automation. I mean, all these things are at play. It's about software. I mean, software defined operations is clearly the trend we've been covering. You guys been riding the wave cloud Native actually is so important in all these modern APS, and it applies to almost every aspect of stacks, so makes total sense. Great vision. Um, Chris props to you for that, Jr. Congratulations on a great community, Jerry. I'll give you the final word. Put a plug in for the folks watching on the fin ops Foundation where you're at. What are you looking to do? You adding people, What's your objectives? Take a minute to give the plug? >>Yeah, definitely. We were in open source community, which means we thrive on people contributing inputs. You know, we've got now almost 3000 practitioner members, which is up from 1500 just this this summer on You know, we're looking for those who have either an interesting need to plug into are checked advisory council to help define standards as part of this event, The cognitive gone we're launching Ah, white paper on kubernetes. Uh, and how to do confidential management for it, which was a collaborative effort of a few dozen of our practitioners, as well as our vendor members from VM Ware and Google and APP Thio and a bunch of others who have come together to basically defined how to do this. Well, and, you know, we're looking for folks to plug into that, you know, because at the end of the day, this is about everybody sort of up leveling their skills and knowledge and, you know, the knowledge is out there, nobody's head, and we're focused on how toe drive. Ah, you know, a central collection of that be the central community for it. You enable the people doing this work to get better their jobs and, you know, contribute more of their companies. So I invite you to join us. You know, if your practitioner ITT's Frito, get in there and plug into all the bits and there's great slack interaction channels where people are talking about kubernetes or pinups kubernetes or I need to be asked Google or where we want to go. So I hope you consider joining in the community and join the conversation. >>Thanks for doing that, Chris. Good vision. Thanks for being part of the segment. And, as always, C N C F. This is an enablement model. You throw out the soil, but the 1000 flowers bloom. You don't know what's going to come out of it. You know, new standards, new communities, new vendors, new companies, some entrepreneur Mike jump in this thing and say, Hey, I'm gonna build a better tool. >>Love it. >>You never know. Right? So thanks so much for you guys for coming in. Thanks for the insight. Appreciate. >>Thanks so much, John. >>Thank you for having us. >>Okay. I'm John Furry, the host of the Cube covering Coop Con Cloud, Native Con 2020 with virtual This year, we wish we could be there face to face, but it's cute. Virtual. Thanks for watching

>>from around the globe. It's the Cube >>with digital coverage of VM World 2020 brought to you by VM Ware and its ecosystem partners. Hello and welcome back to the VM World 2020 Virtual coverage with the Cube Virtual I'm John for day. Volonte your hosts our 11th year covering VM. We'll get a great guest Greg Lavender, SBP and the CTO of VM. Where, uh, welcome to the Cube. Virtual for VM World 2020 Virtual Great. Thanks for coming on. >>Privileged to be here. Thank you. >>Um, really. You know, one of the things Dave and I were commenting with Pat on just in general start 11th year covering VM world. Uh, a little difference not face to face. But it's always been a technical conference. Always a lot of technical innovation. Project Monterey's out there. It's pretty nerdy, but it's a it's called the catnip of the future. Right? People get excited by it, right? So there's really ah lot of awareness to it because it kinda it smells like a systems overhaul. It smells like an operating system. Feels like a, you know, a lot of moving parts that are, quite frankly, what distributed computing geeks and software geeks love to hear about and to end distributed software intelligence with new kinds of hardware innovations from and video and whatnot. Where's that innovation coming from? Can you share your thoughts on this direction? >>Yeah, I think first I should say this isn't like, you know, something that just, you know, we decided to do, you know, six months ago, actually, in the office of C T 04 years ago, we actually had a project. Um, you know, future looking project to get our core hyper visor technology running on arm processors and that incubated in the office of the CTO for three years. And then last December, move the engineering team that had done that research and advanced development work in the office of the CTO over to our cloud platforms business unit, you know, and smart Knicks, you know, kind of converged with that. And so we were already, you know, well along the innovation path there, and it's really now about building the partnerships we have with smart nick vendors and driving this technology out to the benefit of our customers who don't want to leverage it. >>You get >>Greg, I want if you could clarify something for me on that. So Pat talked about Monterey, a complete re architect ing of the i o Stack. And he talked about it affecting in video. Uh, intel, melon, ox and Sandoz part of that when he talks about the Iot stack, you know, specifically what are we talking about there? >>So you know any any computing server in the data center, you know, in a cola facility or even even in the cloud, you know? Ah, large portion of the, you know CPU resource is, and even some memory resource is can get consumed by just processing. You know, the high volumes of Iot that's going out, you know, storage devices, you know, communicating between the different parts of multi tiered applications. And so there's there's a there's an overhead that that gets consumed in the course server CPU, even if its multi core multi socket. And so by offloading that a lot of that I owe work onto the arm core and taking advantage of the of the hardware offloads there in the smart Knicks, you can You can offload that processing and free up even as much as 30% of the CPU of a server, multi socket, multicourse server, and give that back to the application so that the application gets the benefit of that extra compute and memory resource is >>So what about a single sort of low cost flash tear to avoid the complexities of tearing? Is that part of the equation? >>Well, you know, you can you can, um you know, much storage now is network attached. And so you could if it's all flash storage, you know, using something like envy me fabric over over Ethernet, you can essentially build large scale storage networks more efficiently, you know more cheaply and take advantage of that offload processing, uh, to begin to reduce the Iot Leighton. See, that's required taxes. That network attached storage and not just storage. But, you know, other devices, you know, that you can use you could better network attached. So disaggregated architectures is term. >>Uh, is that a yes? Or is that a stay tuned? >>Yeah, Yeah, yeah, yeah, yes. I mean the storage. You know, more efficient use of different classes of storage and storage. Tearing is definitely a prime use case there. >>Yeah, great. Thank you. Thanks for that. John, >>How could people think about the edge now? Because one of the things that's in this end to end is the edge. Pat brought it up multi cloud and edge or two areas that are extending off cloud and hybrid. What should people think about the innovation equation around those things? Is that these offload techniques? What specifically in the systems architecture? Er, do you guys see as the key keys there? >>So so, you know, edges very diversified, heterogeneous place, Uh, in the architectures of multi cloud services. So one thing we do know is, you know, workload. I would like to say workload follows data, and a lot of the data will be analyzed, the process at the edge. So the more that you can accelerate that data processing at the edge and apply some machine learning referencing at the edge were almost certainly gonna have kubernetes everywhere, including the edge. So I think you're seeing a convergence of the hardware architectures er the kubernetes control plane and services and machine learning workloads. You know, traveling to the edge where the where the data is going to be processed and actions could be taken autonomously at the edge. So I think we're in this convergence point in the industry where all that comes together. >>How important do you >>do you see that? Okay, John, >>how important is the intelligence piece? Because again, the potatoes at the edge. How do you guys see the data architecture being built out there? >>Um, well, again, it's depending on the other. The thick edge of the thin edge. You know, you're gonna have different, different types of data, and and again, a lot of the the inference thing that could happen at the edges. Going to, I think, for mawr, you know, again to take action at the edges, opposed to calling home to a cloud, you know, to decide what to do. So, depending on, you know, the computational power and the problem with its video processing or monitoring, you know, sensors, Aaron, oil. Well, the kind of interesting that will happen at the edge will will be dependent on that data type and what kind of decisions you want to make. So I think data will be moving, you know, from the edge to the cloud for historical analytics and maybe transitional training mechanisms. But, you know, the five G is gonna play heavily into this is well right for the network connectivity. So we read This unique point is often occurs in the industry every few years of all these technology innovations converging to open up an entirely new platform in a new way of computing that happens at the edge, not just in your data center at the cloud. >>So, Greg, you did a fairly major stint at a large bank. What would something you mentioned? You know, like an oil rig. But what would something like these changes mean for a new industry like banking or financial? Uh, will it have an impact there and put on your customer hat for a minute and take us through that >>e? You know, eight machines, you know, branches, chaos. You know, there's all make banks always been a very distributed computing platform. And so, you know, people want to deliver mawr user experience, services, more video services. You know all these things at the edge to interact positively with the customer without using the people in the loop. And so the banking industry has already gone through the SD when, and I want transformation to deliver the bandwidth more capably to the edge. And I just think that they'll just now be able to deliver Mawr Edge services that happened can happen more autonomously at the edge is opposed that having the hairpin home run everything back to the data center. >>Awesome. Well, Pat talks about the modern platform, the modern companies. Greg, I wanna ask you because we're seeing with Kovar, there's to use cases, you know, the people who don't have a tailwind, Um, companies that are, you know, not doing well because there's no business that you have there modernizing their business while they have some downtime. Other ones have a tailwind. They have a modern app that that takes advantage, this covert situation. So that brings up this idea of what is a modern app look like? Because now, if you're talking about a distributed architecture, some of things you're mentioning around inference, data edge. People are starting to think about these modern naps, and they are changing the game for the business. Now you have vertical industries. You mentioned oil and gas, you got financial services. It used to be you had industry solution. It worked like that and was siloed. Now you have a little bit of a different architectures. If we believe that we're looking up, not down. Does it matter by industry? How should people think about a modern application, how they move faster? Can you share your insights into into some of this conceptual? What is a modern approach and does it doesn't matter by vertical or industry. >>Yes, I mean, certainly over the course of my career, I mean, there's there's a massive diversity of applications. And of course, you know, the explosion of mobile and edge computing is just another sort of sort of use cases that will put demands on the infrastructure in the architecture and the networking. So a modern, a modern app I mean, we historically built sort of these monolithic app. So we sort of built these sort of three tier apse with, you know, sort of the client side, the middleware side. The database back in is the system of record. I mean, this is even being more disaggregated in terms of, you know, the the consumer edges both not just web here, but mobile tear. And, you know, we'll see what emerges out of that. The one thing for sure that is that, um they're becoming less monolithic and mawr a conglomeration of sass and other services that are being brought together, whether it's from the cloud services or whether it's s, you know, SBS delivering, you know, bring your own software. Um, and they're becoming more distributed because people need operated higher degrees of scale. There's a limit to Virgil vertical scaling, so you have to go to horizontal scaling, which is what the cloud is really good at. So I think all these things were driving a whole new set of technologies like next generation AP gateways. Message Busses, service mesh. We're announcing Tanzi's service message being world. Um, you know, this is just allowing allowing that application to be disaggregated and then integrated with other APS assassin services that allow you to get faster time to market. So speed of delivery is everything. So modern C I. C d. Modern software, technology and ability to deploy and run that workload anywhere at the edge of the core in the data center in the cloud. >>So when you do in your re architecture like this, Greg, I mean you've seen over the course of history in our industry you've seen so many companies have hit a wall and in VM, whereas it's just amazing engineering culture. How are you able toe, you know, change the engine mid flight here and avoid like, serious technical debt. And I mean, it took, you know, you said started four years ago, but can you give us a peek inside? You know, that sort of transformation and how you're pulling that off? >>Well, I mean, we're providing were delivered the platform and, you know, spring Buddhas a key, you know, technology that's used widely across the industry already, which is what we've got is part of our pivotal acquisition. And so what we're just trying to do is just keep keep delivering the technology and the platform that allows people to go faster with quality security and safety and resiliency. That's what we do really well at VM ware. So I think you're seeing more people building these APS Cloud native is opposed to, you know, taking an existing legacy app In trying to re factor it, they might do what it called e think somebody's called two speed architectures. Take the user front, end the consumer front in, and put that cloud native in the cloud. But the back end system of record still runs in the private cloud in a highly resilient you know, backed up disaster recovered way. So you're having, I think, brand new cloud native APS we're seeing. And then you're seeing people very carefully because there's a cost to it of looking at How do I basically modernized the front end but maintain the reliability of the scalability of security and the reliability of that sort of system of record back in? So either way, it's it's winning for the companies because they could do faster delivery to their businesses and their clients and their partners. But you have to have the resiliency and reliability that were known for for running those mission critical workloads, >>right? So the scenario is that back end stays on premise on the last earnings call, I think, Pat said, or somebody said that, that I think I just they said on Prem or maybe the man hybrid 30 to 40% cheaper, then doing it in the cloud. I presume they were talking about those kind of back end systems that you know you don't wanna migrate. Can you add some color that again from your customer perspective That the economics? >>Yeah. You know, um, somebody asked me one time what's really a cloud. Greg and I said, automation, automation, automation you can take you can take You can take your current environments and highly automate the release. Lifecycle management develop more agile software delivery methods. And so therefore, you could you could get sort of cloud benefits, you know, from your existing applications by just highly optimizing them and, you know, on the cost of goods and services. And then again, the hybrid cloud model just gives customers more choice, which is okay. I want to reduce the number of data centers I have, but I need to maintain reliability, scalability, etcetera. Take advantage of, you know, the hybrid cloud that we offer. But you'll still run things. Cloud natives. I think you're seeing this true multi cloud technology and paradigm, you know, grow out as people have these choices. And then the question is okay. If you have those choices, how do you maintain security? How do you maintain reliability? How do you maintain up time yet be able to move quickly. And so I think there's different speeds in which those platforms will evolve. And our goal is to give you the ability to basically make those choices and and optimize for economics as well as technical. You know, capability. >>Great. I want to ask you a question with Cove it we're seeing and we've been reporting the Cube virtual evolve because we used to be it at events, but we're not there anymore. But the as everyone has realized with cove it it's exposed some projects that you might not want to double down on or highlighted some gaps in architecture. Er, I mean, certainly who would have forecast of the disruption of 100% work from home VP and provisioning to access and access management security, and it really is exposed. What kind of who's where in the journey, Right in digital transformation. So I gotta ask you, what's the most important story or thing to pay attention, Thio as the smart money and smart customers go, Hey, you know what? I'm gonna double down on that. I'm gonna kill that project or sunset. That or I'm not gonna re factor that I'm gonna contain Arise it and there's probably there's a lot of that going on. In our conversations with customers, they're like it's pretty obvious. It's critical path. It's like we stay in business. We build a modern app, but I'm doubling down. I'm transitioning. It's a whole nother ballgame. What >>is >>the most important thing that you see that people should pay attention to around maintaining an innovation and coming out on the other side? >>Yeah, well, I think I think it just generally goes to the whole thesis of software defined. I mean, you know the idea of taking an appliance physical, You know, you have to order the hardware, get it on your loading dock, install in your data center. You know, go configure it, mapping into the rest of your environment. You know, whereas or you could just spend up new, softer instances of load balancers, firewalls, etcetera. So I think you know what's What's really helped in the covert era is the maturity of software to find everything. Compute storage, networking. Lan really allowed customers and many of our customers toe, you know, rapidly make that pivot. And so you know what? It's the you know, the workspace, the remote workspace. You gotta secure it. That's a key part of it, and you've got to give it. You know, you gotta have the scalability back in your data centers or, if you don't have it, be able to run those virtual desktops you know, in the cloud. And I think so. This ability again to take your current environment and, more importantly, your operating model, which, you know the technology could be agile and fast. But if you're operating models not agile, you know you can't executed Well, One of the best comments I heard from a customer CEO was, you know, for six months we debated, you know, the virtual networking architecture and how to deploy the virtual network. And, you know, when covet hit. We made the decision that did it all in one week. So the question the CEO asked now is like Well, why do we Why do we have to operate in that six month model going forward? Let's operate in the one week model going forward. E. I think that that z yeah, that's e think that's the big That's a big inflection point is the operating model has to be agile. We got all kinds of agile technology and choices I mentioned it's like, How do you make your organization agile to take advantage of those technological offerings? That's really what I've been doing the last six months, helping our customers achieve. >>I think that's a key point worth calling out and doubling down on day because, you know, whether you talk about our q Q virtual, our operating model has changed and we're doing new things. But it's not bad. It's actually beneficial. We could talk to more people. This idea of virtual ization. I mean pun intended virtual izing workforces face to face interactions air now remote. This is a software defined operating business. This is the rial innovation. I think this is the exposure. As companies wake up and going. Why didn't we do that before? Reminds me of the old mainframe days. Days? You know, why do we have that mainframe? Because they're still clutching and grabbing onto it. They got a transition. So this is the new the new reality. >>We were joking earlier that you know it ain't broke, don't fix it. And all of a sudden Covic broke everything. And so you know, virtualization becomes a fundamental component of of of how you respond. But and I wonder if Greg you could talk about the security. Peace? How how that fits in. You know everybody you know, the bromide, of course, is security can't be a bolt on. It's gotta be designed in from the start, Pat Gelsinger said years ago in the Cube. Security is a do over. You guys have purchased many different security components you've built in. Security comes. So how should we think about? And how are you thinking about designing insecurity across that entire stack without really bolting in, You know, pieces, whether it's carbon, carbon, black or other acquisitions that you've made? >>Yeah, I mean, I think that's that's the key. Inflection point we're in is an industry. I mean, getting back to my banking experience, I was responsible for cybersecurity, engineering the platforms that we engineered and deployed across the bank globally. And the challenge, the challenge. You know, that's I had, you know, 150 plus security products, and you go to bed at night wondering what? Which one did I forget to deploy or what did I get that gap? Do you think you think you're safe by the sheer number, but when you really boil down to it is like, you know, because you have to sort of like both all this stuff together to create a secure environment, you know, on a global level. And so really, our philosophy of VM where is Okay? Well, let's kind of break that model. That's what we call it intrinsic security, which is just, you know, we have the hyper visor. If you're running, the hyper visor is running on most of the service in your data center. If we have your if you have our network virtualization, we see all the traffic going between all those hyper visors and out to the cloud as well hybrid cloud or public cloud with our NSX technology. And then, you know, then you sort of bring into that the load balancers and the software to find firewalls. And pretty soon you have realized Okay, look, we have we have most of the estate. Therefore we could see everything and bring some intelligent machine learning to that and get proactive as opposed to reactive. Because our whole model now is we. All this technology and some alert pops and we get reactive. How about proactively telling me that something nasty is going on. >>I need to ask you a >>question. May be remediated. Sorry, John. It may be remediated at some point anyway. Bring in some machine intelligence tow. So instead of like you said, getting an alert actually tells me what what happened and how it was fixed, you know? Or at least recommending what I should dio, right? >>Yeah. I mean, part of the problem in the historic architectures is it was all these little silos. You know, every business unit had its own sort of technology. And Aziz, you make things virtualized. You you sort of do the virtual networking. The virtual stories of virtual compute all the software. You know, all of a sudden you have you have a different platform, you have lots of standardization. Therefore you don't have your operating model simplifies right and amount of and then it's about just collecting all the data and then making sense of the data. So you're not overwhelming the human's capacity to respond to it. And so I think that's really the fundamental thing we're all trying to get to. But the surface area is enlarged outside the data centers we've discussed out to the edge, whatever the edges, you know, into the cloud hybrid or public. So now you've got this big surface area where you've gotta have all that telemetry and all that visibility again, Back to getting proactive. So you got to do it in Band is opposed out of band. >>Great. I want to ask you a question on cyber security. We have an event on October 4th, the virtual event that Cuba is hosting with Cal Poly around this space and cybersecurity, symposiums, intersection of space and cyber. I noticed VM Ware recently announced last month that the United States Space Force has committed to the Tan Xue platform for for Continuous Dev ops operation for agility. I interviewed Lieutenant General John Thompson, Space Force, and we talked about that. He said quote, it's hard to do break fix in space. Uh, illustrating, really? Just can't send someone to swap out something in space. Not yet, at least. So they're looking at software defined as a key operating reality. Okay, so again, talk about the edge of space Isas edges. You're gonna get it. Need to be completely mad and talk about payloads and data. This >>is kind >>of interesting data point because you have security issues because space is gonna be contested and congested as an edge device. So it's actually the government's interested in that. But fundamentally, the death hops problem that you're you guys are involved in This >>is a >>reality. It's kind of connects this reality idea of operating models based in reality have to be software. What's >>your name? Yeah. I mean, I think the term we use now is def sec ops because you can't just do Dev ops. You have to have the security component in there, So, uh, yeah, the interesting. You know, like, there's a lot of interesting things happen just in fundamental networking, right? I mean, you know, the StarLink, you know, satellites at Testa. His launched Elon musk has launched and, you know, bringing sort of, you know, higher band with laurel agency to those. Yeah, we'll call it near space the and then again, just opens up all new opportunities for what we can dio. And so, Yeah, I think that's the software that the whole the whole saw for development ecosystem again, back to this idea. I think of three things. You gotta have speed. You gotta have scale and you gotta have security. And so that's really the emerging platform, whether it's a terrestrial or in near space, Uh, that's giving us the opportunity, Thio Do new architectures create service measures of services, some terrestrial, some some you know, far remote. And as you bring these new application architectures and system platform architectures together with all the underlying hardware and networking innovations that are occurring, you mentioned flash. But even getting into pmm persistent memory, right? So this this is so much happening that is converging. What's exciting to me about being a TV? Where is the CTO and we partner with all the hardware vendors? We partner with all the system providers, like in video and others. You know, the smart nick vendors. And then we get to come up with software architectures that sort of bring that together holistically and give people a platform. We can run your workloads to get work done wherever you need to land those workloads. And that's really the excitement about >>the candy store. And yet you've got problems hard problems to work on to solve. I mean, this really brings the whole project moderate, full circle because we think about space and networks and all these things you're talking about, You need to have smart everything. I mean, isn't that software? It's a complete tie into the Monterey. >>Yeah, yeah, yeah, Exactly. You're right. It's not just it's not just connecting everything and pushing data around its than having the intelligence to do it efficiently, economically, insecurely. And that's you know. So I see that you don't want to over hype machine learning. I did not to use the term AI, but use the machine learning technologies, you know, properly trained with the proper data sets, you know, and then the proper algorithms. You know that you can then a employee, you know, at the edge small edge, thick edge, you know, in the data center at the cloud is really Then you give the visibility so that we get to that proactive world I was talking about. >>Yeah, great stuff, Greg. Great insight, great conversation. Looking forward to talking mawr Tech with you. Obviously you are in the right spot was in the center of all the action across the board final point. If you could just close it out for us. What is the most important story at VM World 2020 this year. >>Um, well, I think you know, I like to say that I have the best job. I think you know that I've had in my career. I've had some great ones is you know, we get to be disruptive innovators, and we have a culture of perpetual innovation and really being world for us, Aly employees and all the people that work together to put it together is we get to showcase. You know, some of that obviously have more up our sleeves for the future. But, you know, being world is are, you know, coming coming out out show of the latest set of innovations and technologies. So there's going to be so much I have, ah, vision and innovation. Keynote kickoff, right. Do some lightning demos. And actually, I talk about work we're doing in sustainability, and we're putting a micro grid on our campus in Palo Alto and partnership with City of Palo Alto so that when the wildfires come through or there is power outages, you know we're in oasis of power generating capacity with our solar in our batteries. And so the city of Palo Alto could take their emergency command vehicles and plug into our batteries when the power is out in Palo Alto and operate city services and city emergency services. So we're not just innovating, you know, in cortex we're innovating to become a more, you know, sustainable company and provide sustainable, you know, carbon neutral technology for our customers to adopt. And I think that's an area we wanna talk about me. We talk about it next time, but I think you know our innovations. We're gonna basically help change the world with regard to climate as well. >>Let's definitely do that. Let's follow up for another in depth conversation on the societal impact. Of course, VM Ware VM Ware's VM World's 2020 is virtual is a ton of sessions. There's a Cloud City portion. Check out the 60 solution demos. Of course, they ask the expert, Greg, you're in there with Joe Beta Raghu, all the experts, um, engage and check it out. Thank you so much for the insight here on the Cube. Virtual. Thanks for coming on. >>Appreciate the opportunity. Great conversation and good questions. >>Great stuff. Thank you very much. Innovation that vm where it's the heart of their missions always has been, but they're doing well on the business side, Dave. Okay. The cube coverage. They're not there in person. Virtual. I'm John for day. Volonte. Thanks for watching.