(bright music) >> Welcome back to HPE Discover 2021. My name is Dave Vellante and you're watching theCUBE's virtual coverage of Discover. We're going to dig into the most pressing topic, not only for IT, but entire organizations. And that's cyber security. With me is Sunil James, senior director of security engineering at Hewlett Packard Enterprise. Sunil, welcome to theCUBE. Come on in. >> Dave, thank you for having me. I appreciate it. >> Hey, you talked about project Aurora today. Tell us about project Aurora, what is that? >> So I'm glad you asked. Project Aurora is a new framework that we're working on that attempts to provide the underpinnings for Zero Trust architectures inside of everything that we build at HPE. Zero Trust is a way of providing a mechanism for enterprises to allow for everything in their enterprise, whether it's a server, a human, or anything in between, to be verified and attested to before they're allowed to access or transact in certain ways. That's what we announced today. >> Well, so in response to a spate of damaging cyber attacks last month, President Biden issued an executive order designed to improve the United States' security posture. And in that order, he essentially issued a Zero Trust mandate. You know, it's interesting, Sunil. Zero Trust has gone from a buzzword to a critical part of a security strategy. So in thinking about a Zero Trust architecture, how do you think about that, and how does project Aurora fit in? >> Yeah, so Zero Trust architecture, as a concept, has been around for quite some time now. And over the last few years, we've seen many a company attempting to provide technologies that they purport to be Zero Trust. Zero Trust is a framework. It's not one technology, it's not one tool, it's not one product. It is an entire framework of thinking and applying cybersecurity principles to everything that we just talked about beforehand. Project Aurora, as I said beforehand, is designed to provide a way for ourselves and our customers to be able to measure, attest, and verify every single piece of technology that we sell to them. Whether it's a server or everything else in between. Now, we've got a long way to go before we're able to cover everything that HPE sells. But for us, these capabilities are the root of Zero Trust architectures. You need to be able to, at any given moment's notice, verify, measure, and attest, and this is what we're doing with project Aurora. >> So you founded a company called Scytale and sold that to HPE last year. And my understanding is you were really the driving force behind the secure production identity framework, but you said Zero Trust is really a framework. That's an open source project. Maybe you can explain what that is. I mean, people talk about the NIST Framework for cybersecurity. How does that relate? Why is this important and how does Aurora fit into it? >> Yeah, so that's a good question. The NIST Framework is a broader framework for cybersecurity that couples and covers many aspects of thinking about the security posture of an enterprise, whether it's network security, host based intrusion detection capabilities, incident response, things of that sort. SPIFFE, which you're referring to, Secure Production Identity Framework For Everyone, is an open source framework and technology base that we did work on when I was the CEO of Scytale, that was designed to provide a platform agnostic way to assign identity to anything that runs in a network. And so think about yourself or myself. We have identities in our back pocket, driver's license, passports, things of that sort. They provide a unique assertion of who we are, and what we're allowed to do. That does not exist in the world of software. And what SPIFFE does is it provides that mechanism so that you can actually use frameworks like project Aurora that can verify the underpinning infrastructure on top of which software workloads run to be able to verify those SPIFFE identities even better than before. >> Is the intent to productize this capability, you know, within this framework? How do you approach this from HPE's standpoint? >> So SPIFFE and SPIRE will and always will be, as far as I'm concerned, remain an open source project held by the Cloud Native Computing Foundation. It's for the world, all right. And we want that to be the case because we think that more of our Enterprise customers are not living in the world of one vendor or two vendors. They have multiple vendors. And so we need to give them the tools and the flexibility to be able to allow for open source capabilities like SPIFFE and SPIRE to provide a way for them to assign these identities and assign policies and control, regardless of the infrastructure choices they make today or tomorrow. HPE recognizes that this is a key differentiating capability for our customers. And our goal is to be able to look at our offerings that power the next generation of workloads. Kubernetes instances, containers, serverless, and anything that comes after that. And our responsibility is to say, "How can we actually take what we have and be able to provide those kinds of assertions, those underpinnings for Zero Trust that are going to be necessary to distribute those identities to those workloads, and to do so in a scalable, effective, and automated manner?" Which is one of the most important things that project Aurora does. >> So a lot of companies, Sunil, will set up a security division. But is the HPE strategy to essentially embed security across its entire portfolio? How should we think about HPE strategy in cyber? >> Yeah, so it's a great question. HPE has a long history in security and other domains, networking, and servers, and storage, and beyond. The way we think about what we're building with project Aurora, this is plumbing. This is plumbing that must be in everything we build. Customers don't buy one product from us and they think it's one company, and something else from us, and they think it's another company. They're buying HPE products. And our goal with project Aurora is to ensure that this plumbing is widely and uniformly distributed and made available. So whether you're buying an Aruba device, a Primera storage device, or a ProLiant server, project Aurora's capabilities are going to provide a consistent way to do the things that I've mentioned beforehand to allow for those Zero Trust architectures to become real. >> So, as I alluded to President Biden's executive order previously. I mean, you're a security practitioner, you're an expert in this area. It just seems as though, and I'd love to get your comments on this. I mean, the adversaries are well-funded, you know, they're either organized crime, they're nation states. They're extracting a lot of very valuable information, they're monetizing that. You've seen things like ransomware as a service now. So any knucklehead can be in the ransomware business. So it's just this endless escalation game. How do you see the industry approaching this? What needs to happen? So obviously I like what you're saying about the plumbing. You're not trying to attack this with a bunch of point tools, which is part of the problem. How do you see the industry coming together to solve this problem? >> Yeah. If you operate in the world of security, you have to operate from the standpoint of humility. And the reason why you have to operate from a standpoint of humility is because the attack landscape is constantly changing. The things, and tools, and investments, and techniques that you thought were going to thwart an attacker today, they're quickly outdated within a week, a month, a quarter, whatever it might be. And so you have to be able to consistently and continuously evolve and adapt towards what customers are facing on any given moment's notice. I think to be able to, as an industry, tackle these issues more and moreso, you need to be able to have all of us start to abide, not abide, but start to adopt these open-source patterns. We recognize that every company, HPE included, is here to serve customers and to make money for its shareholders as well. But in order for us to do that, we have to also recognize that they've got other technologies in their infrastructure as well. And so it's our belief, it's my belief, that allowing for us to support open standards with SPIFFE and SPIRE, and perhaps with some of the aspects of what we're doing with project Aurora, I think allows for other people to be able to kind of deliver the same underpinning capabilities, the plumbing, if you will, regardless of whether it's an HPE product or something else along those lines as well. We need more of that generally across our industry, and I think we're far from it. >> I mean, this sounds like a war. I mean, it's more than a battle, it's a war that actually is never going to end. And I don't think there is an end in sight. And you hear CESOs talk about the shortage of talent, they're getting inundated with point products and tools, and then that just creates more technical debt. It's been interesting to watch. Interesting maybe is not the right word. But the pivot to Zero Trust, endpoint security, cloud security, and the exposure that we've now seen as a result of the pandemic was sort of rushed. And then of course, we've seen, you know, the adversaries really take advantage of that. So, I mean what you're describing is this ongoing never-ending battle, isn't it? >> Yeah, yeah, no, it's going to be ongoing. And by the way, Zero Trust is not the end state, right? I mean, there was things that we called the final nail in the coffin five years ago, 10 years ago, and yet the attackers persevered. And that's because there's a lot of innovation out there. There's a lot of infrastructure moving to dynamic architectures like cloud and others that are going to be poorly configured, and are going to not have necessarily the best and brightest providing security around them. So we have to remain vigilant. We have to work as hard as we can to help customers deploy Zero Trust architectures. But we have to be thinking about what's next. We have to be watching, studying, and evolving to be able to prepare ourselves, to be able to go after whatever the next capabilities are. >> What I like about what you're saying is, you're right. You have to have humility. I don't want to say, I mean, it's hard because I do feel like a lot of times the vendor community says, "Okay, we have the answer," to your point. "Okay, we have a Zero Trust solution." Or, "We have a solution." And there is no silver bullet in this game. And I think what I'm hearing from you is, look we're providing infrastructure, plumbing, the substrate, but it's an open system. It's got to evolve. And the thing you didn't say, but I'd love your thoughts on this is we've got to collaborate with somebody you might think is your competitor. 'Cause they're the good guys. >> Yeah. Our customers don't care that we're competitors with anybody. They care that we're helping them solve their problems for their business. So our responsibility is to figure out what we need to do to work together to provide the basic capabilities that allow for our customers to remain in business, right? If cybersecurity issues plague any of our customers that doesn't affect just HPE, that affects all of the companies that are serving that customer. And so, I think we have a shared responsibility to be able to protect our customers. >> And you've been in cyber for much, if not most of your career, right? >> Correct. >> So I got to ask you, did you have a superhero when you were a kid? Did you have a sort of a, you know, save the world thing going? >> Did I have a, you know, I didn't have a save the world thing going, but I had, I had two parents that cared for the world in many, many ways. They were both in the world of healthcare. And so everyday I saw them taking care of other people. And I think that probably rubbed off in some of the decisions that I make too. >> Well it's awesome. You're doing great work, really appreciate you coming on theCUBE, and thank you so much for your insights. >> I appreciate that, thanks. >> And thank you for being with us for our ongoing coverage of HPE Discover 21. This is Dave Vellante. You're watching theCUBE. The leader in digital tech coverage. We'll be right back. (bright music)

>> Announcer: From theCUBE Studios in Palo Alto and Boston, connecting with thought leaders all around the world, this is a CUBE conversation. >> Hello, welcome back to theCUBE's coverage, CUBE Virtual's coverage, CUBE digital coverage, of AWS Summit, virtual online, Amazon Summit's normally in face-to-face all around the world, it's happening now online, follow the sun. Of course, we want to bring theCUBE coverage like we do at the events digitally, and we've got a great guest that usually comes on face-to-face, he's coming on virtual, Sanjay Poonen, the chief operating officer of VMware. Sanjay great to see you, thanks for coming in virtually, you look great. >> Hey, John thank you very much. Always a pleasure to talk to you. This is the new reality. We both happen to live very close to each other, me in Los Altos, you in Palo Alto, but here we are in this new mode of communication. But the good news is I think you guys at theCUBE were pioneering a lot of digital innovation, the AI platform, so hopefully it's not much of an adjustment for you guys to move digital. >> It's not really a pivot, just move the boat, put the sails up and sail into the next generation, which brings up really the conversation that we're seeing, which is this digital challenge, the virtual world, it's virtualization, Sanjay, it sounds like VMware. Virtualization spawned so much opportunity, it created Amazon, some say, I'd say. Virtualizing our world, life is now integrated, we're immersed into each other, physical and digital, you got edge computing, you got cloud native, this is now a clear path to customers that recognize with the pandemic challenges of at-scale, that they have to operate their business, reset, reinvent, and grow coming out of this pandemic. This has been a big story that we've been talking about and a lot of smart managers looking at projects saying, I'm doubling down on that, and I'm going to move the resources from this, the people and budget, to this new reality. This is a tailwind for the folks who were prepared, the ones that have the experience, the ones that did the work. theCUBE, thanks for the props, but VMware as well. Your thoughts and reaction to this new reality, because it has to be cloud native, otherwise it doesn't work, your thoughts. >> Yeah, I think, John, you're right on. We were very fortunate as a company to invent the term virtualization for an x86 architecture and the category 20 years ago when Diane founded this great company. And I would say you're right, the public cloud is the instantiation of virtualization at its sort of scale format and we're excited about this Amazon partnership, we'll talk more about that. This new world of doing everything virtual has taken the same concepts to whole new levels. We are partnering very closely with companies like Zoom, because a good part of this is being able to deliver video experiences in there, we'll talk about that if needed. Cloud native security, we announced an acquisition today in container security that's very important because we're making big moves in security, security's become very important. I would just say, John, the first thing that was very important to us as we began to shelter in place was the health of our employees. Ironically, if I go back to, in January I was in Davos, in fact some of your other folks who were on the show earlier, Matt Garman, Andy, we were all there in January. The crisis already started in China, but it wasn't on the world scene as much of a topic of discussion. Little did we know, three, four weeks later, fast forward to February things were moving so quickly. I remember a Friday late in February where we were just about to go the next week to Las Vegas for our in-person sales kickoffs. Thousands of people, we were going to do, I think, five or 6,000 people in Las Vegas and then another 3,000 in Barcelona, and then finally in Singapore. And it had not yet been categorized a pandemic. It was still under this early form of some worriable virus. We decided for the health and safety of our employees to turn the entire event that was going to happen on Monday to something virtual, and I was so proud of the VMware team to just basically pivot just over the weekend. To change our entire event, we'd been thinking about video snippets. We have to become in this sort of virtual, digital age a little bit like TV producers like yourself, turn something that's going to be one day sitting in front of an audience to something that's a lot shorter, quicker snippets, so we began that, and the next thing we began doing over the next several weeks while the shelter in place order started, was systematically, first off, tell our employees, listen, focus on your health, but if you're healthy, turn your attention to serving your customers. And we began to see, which we'll talk about hopefully in the context of the discussion, parts of our portfolio experience a tremendous amount of interest for a COVID-centered world. Our digital workplace solutions, endpoint security, SD-WAN, and that trifecta began to be something that we began to see story after story of customers, hospitals, schools, governments, retailers, pharmacies telling us, thank you, VMware, for helping us when we needed those solutions to better enable our people on the front lines. And all VMware's role, John, was to be a digital first responder to the first responder, and that gave tremendous amount of motivation to all of our employees into it. >> Yeah, and I think that's a great point. One of the things we've been talking about, and you guys have been aligned with this, you mentioned some of those points, is that as we work at home, it points out that digital and technology is now part of lifestyle. So we used to talk about consumerization of IT, or immersion with augmented reality and virtual reality, and then talk about the edge of the network as an endpoint, we are at the edge of the network, we're at home, so this highlights some of the things that are in demand, workspaces, VPN provisioning, these new tools, that some cases we've been hearing people that no one ever thought of having a forecast of 100% VPN penetration. Okay, you did the AirWatch deal way back when you first started, these are now fruits of those labors. So I got to ask you, as managers of your customer base are out there thinking, okay, I got to double down on the right growth strategy for this post-pandemic world, the smart managers are going to look at the technologies enabled for business outcome, so I have to ask you, innovation strategies are one thing, saying it, putting it place, but now more than ever, putting them in action is the mandate that we're hearing from customers. Okay I need an innovation strategy, and I got to put it into action fast. What do you say to those customers? What is VMware doing with AWS, with cloud, to make those innovation strategies not only plausible but actionable? >> That's a great question, John. We focused our energy, before even COVID started, as we prepared for this year, going into sales kickoffs and our fiscal year, around five priorities. Number one was enabling the world to be multicloud, private cloud and public cloud, and clearly our partnership here with Amazon is the best example of that and they are our preferred cloud partner. Secondly, building modern apps with microservices and cloud native, what we call app modernization. Thirdly, which is a key part to the multicloud, is building out the entire network stack, data center networking, the firewalls, the load bouncing in SD-WAN, so I'd call that cloud network. Number four, the modernization of workplace with an additional workspace solution, Workspace ONE. And five, intrinsic security from all aspects of security, network, endpoint, and cloud. So those five priorities were what we began to think through, organize our portfolio, we call them solution pillars, and for any of your viewers who're interested, there's a five-minute version of the VMware story around those five pillars that you can watch on YouTube that I did, you just search for Sanjay Poonen and five-minute story. But then COVID hit us, and we said, okay we got to take these strategies now and make them more actionable. Exactly your question, right? So a subset of that portfolio of five began to become more actionable, because it's pointless going and talking about stuff and it's like, hey, listen, guys, I'm a house on fire, I don't care about the curtains and all the wonderful art. You got to help me through this crisis. So a subset of that portfolio became kind of what was those, think about now your laptop at home, or your endpoint at home. People wanted, on top of their Zoom call, or surrounding their Zoom call, a virtual desktop managed easily, so we began to see Workspace ONE getting a lot of interest from our customers, especially the VDI part of that portfolio. Secondly, that laptop at home needed to be secured. Traditional, old, legacy AV solutions that've worked, enter Carbon Black, so Workspace ONE plus Carbon Black, one and two. Third, that laptop at home needs network acceleration, because we're dialoguing and, John, we don't want any latency. Enter SD-WAN. So the trifecta of Workspace ONE, Carbon Black and VeloCloud, that began to see even more interest and we began to hone in our portfolio around those three. So that's an example of where you have a general strategy, but then you apply it to take action in the midst of a crisis, and then I say, listen, that trifecta, let's just go and present what we can do, we call that the business continuity or business resilience part of our portfolio. We began to start talking to customers, and saying, here's our business continuity solution, here's what we could do to help you, and we targeted hospitals, schools, governments, pharmacies, retailers, the ones who're on the front line of this and said again, that line I said earlier, we want to be a digital first responder to you, you are the real first responder. Right before this call I got off a CIO call with the CIO of a major hospital in the northeast area. What gives me great joy, John, is the fact that we are serving them. Their beds are busting at the seam, in serving patients-- >> And ransomware's a huge problem you guys-- >> We're serving them. >> And great stuff there, Sanjay, I was just on a call this morning with a bunch of folks in the security industry, thought leaders, was in DC, some generals were there, some real thought leaders, trying to figure out security policy around biosecurity, COVID-19, and this invisible disruption, and they were equating it to like the World Wars. Big inflection point, and one of the generals said, in those times of crisis you need alliances. So I got to ask you, COVID-19 is impactful, it's going to have serious impact on the critical nature of it, like you said, the house is on fire, don't worry about the curtains. Alliances matter more than ever when you need to come together. You guys have an ecosystem, Amazon's got an ecosystem, this is going to be a really important test to the alliances out there. How do you view that as you look forward? You need the alliances to be successful, to compete and win in the new world as this invisible enemy, if you will, or disruptor happens, what's your thoughts? >> Yeah, I'll answer in a second, just for your viewers, I sneezed, okay? I've been on your show dozens of time, John, but in your live show, if I sneezed, you'd hear the loud noise. The good news in digital is I can mute myself when a sneeze is about to happen, and we're able to continue the conversation, so these are some side benefits of the digital part of it. But coming to your question on alliance, super important. Ecosystems are how the world run around, united we stand, divided we fall. We have made ecosystems, I've always used this phrase internally at VMware, sort of like Isaac Newton, we see clearly because we stand on the shoulders of giants. So VMware is always able to be bigger of a company if we stand on the shoulders of bigger giants. Who were those companies 20 years ago when Diane started the company? It was the hardware economy of Intel and then HP and Dell, at the time IBM, now Lenovo, Cisco, NetApp, DMC. Today, the new hardware companies Amazon, Azure, Google, whoever have you, we were very, I think, prescient, if you would, to think about that and build a strategic partnership with Amazon three or four years ago. I've mentioned on your show before, Andy's a close friend, he was a classmate over at Harvard Business School, Pat, myself, Ragoo, really got close to Andy and Matt Garman and Mike Clayville and several members of their teams, Teresa Carlson, and began to build a partnership that I think is one of the most incredible success stories of a partnership. And Dell's kind of been a really strong partner with us on private cloud, having now Amazon with public cloud has been seminal, we do regular meetings and build deep integration of, VMware Cloud and AWS is not some announcement two or three years ago. It's deep engineering between, Bask's now in a different role, but in his previous role, that and people like Mark Lohmeyer in our team. And that deep engineering allows us to know and tell customers this simple statement, which both VMware and Amazon reps tell their customers today, if you have a workload running on vSphere, and you want to move that to Amazon, the best place, the preferred place for that is VMware Cloud and Amazon. If you try to refactor that onto a native VC 2, it's a waste of time and money. So to have the entire army of VMware and Amazon telling customers that statement is a huge step, because it tells customers, we have 70 million virtual machines running on-prem. If customers are looking to move those workloads to Amazon, the best place for that VMware Cloud and AWS, and we have some credible customer case studies. Freddie Mac was at VMworld last year. IHS Markit was at VMworld last year talking about it. Those are two examples and many more started it, so we would like to have every VMware and Amazon customer that's thinking about VMware to look at this partnership as one of the best in the industry and say very similar to what Andy I think said on stage at the time of this announcement, it doesn't have to be now a trade-off between public and private cloud, you can get the best of both worlds. That's what we're trying to do here-- >> That's a great point, I want to get your thoughts on leadership, as you look at COVID-19, one of our tracks we're going to be promoting heavily on theCUBE.net and our sites, around how to manage through this crisis. Andy Jassy was quoted on the fireside chat, which is coming up here in North America, but I saw it yesterday in New Zealand time as I time shifted over there, it's a two-sided door versus a one-sided door. That was kind of his theme is you got to be able to go both ways. And I want to get your thoughts, because you might know what you're doing in certain contexts, but if you don't know where you're going, you got to adjust your tactics and strategies to match that, and there's and old expression, if you don't know where you're going, every road will take you there, okay? And so a lot of enterprise CXOs or CEOs have to start thinking about where they want to go with their business, this is the growth strategy. Then you got to understand which roads to take. Your thoughts on this? Obviously we've been thinking it's cloud native, but if I'm a decision maker, I want to make sure I have an architecture that's going to carry me forward to the future. I need to make sure that I know where I'm going, so I know what road I'm on. Versus not knowing where I'm going, and every road looks good. So your thoughts on leadership and what people should be thinking around knowing what their destination is, and then the roads to take? >> John, I think it's the most important question in this time. Great leaders are born through crisis, whether it's Winston Churchill, Charles de Gaulle, Roosevelt, any of the leaders since then, in any country, Mahatma Gandhi in India, the country I grew up, Nelson Mandela, MLK, all of these folks were born through crisis, sometimes severe crisis, they had to go to jail, they were born through wars. I would say, listen, similar to the people you talked about, yeah, there's elements of this crisis that similar to a World War, I was talking to my 80 year old father, he's doing well. I asked him, "When was the world like this?" He said, "Second World War." I don't think this crisis is going to last six years. It might be six or 12 months, but I really don't think it'll be six years. Even the health care professionals aren't. So what do we learn through this crisis? It's a test of our leadership, and leaders are made or broken during this time. I would just give a few guides to leaders, this is something tha, Andy's a great leader, Pat, myself, we all are thinking through ways by which we can exercise this. Think of Sully Sullenberger who landed that plane on the Hudson. Did he know when he flew that airbus, US Airways airbus, that few flock of birds were going to get in his engine, and that he was going to have to land this plane in the Hudson? No, but he was making decisions quickly, and what did he exude to his co-pilot and to the rest of staff, calmness and confidence and appropriate communication. And I think it's really important as leaders, first off, that we communicate, communicate, communicate, communicate to our employees. First, our obligation is first to our employees, our family first, and then of course to our company employees, all 30,000 at VMware, and I'm sure similarly Andy does it to his, whatever, 60, 70,000 at AWS. And then you want to be able to communicate to them authentically and with clarity. People are going to be reading between the lines of everything you say, so one of the things I've sought to do with my team, all the front office functions report to me, is do half an hour Zoom video conferences, in the time zone that's convenient to them, so Japan, China, India, Europe, in their time zone, so it's 10 o'clock my time because it's convenient to Japan, and it's just 10 minutes of me speaking of what I'm seeing in the world, empathizing with them but listening to them for 20 minutes. That is communication. Authentically and with clarity, and then turn your attention to your employees, because we're going stir crazy sitting at home, I get it. And we've got to abide by the ordinances with whatever country we're in, turn your attention to your customers. I've gotten to be actually more productive during this time in having more customer conference calls, video conference calls on Zoom or whatever platform with them, and I'm looking at this now as an opportunity to engage in a new way. I have to be better prepared, like I said, these are shorter conversations, they're not as long. Good news I don't have to all over the place, that's better for my family, better for the carbon emission of the world, and also probably for my life long term. And then the third thing I would say is pick one area that you can learn and improve. For me, the last few years, two, three years, it's been security. I wanted to get the company into security, as you saw today we've announced mobile, so I helped architect the acquisition of Carbon Black, very similar to kind of the moves I've made six years ago around AirWatch, very key part to all of our focus to getting more into security, and I made it a personal goal that this year, at the start of the year, before COVID, I was going to meet 1,000 CISOs, in the Fortune 1000 Global 2000. Okay, guess what, COVID happens, and quite frankly that goal's gotten a little easier, because it's much easier for me to meet a lot more people on Zoom video conferences. I could probably do five, 10 per day, and if there's 200 working days in a day, I can easily get there, if I average about five per day, and sometimes I'm meeting them in groups of 10, 20. >> So maybe we can get you on theCUBE more often too, 'cause you have access to a video camera. >> That is my growth mindset for this year. So pick a growth mindset area. Satya Nadella puts this pretty well, "Move from being a know-it-all to a learn-it-all." And that's the mindset, great company. Andy has that same philosophy for Amazon, I think the great leaders right now who are running these cloud companies have that growth mindset. Pick an area that you can grow in this time, and you will find ways to do it. You'll be able to learn online and then be able to teach in some fashion. So I think communicate effectively, authentically, turn your attention to serving your customers, and then pick some growth area that you can learn yourself, and then we will come out of this crisis collectively, individuals and as partners, like VMware and Amazon, and then collectively as a society, I believe we'll come out stronger. >> Awesome great stuff, great insight there, Sanjay. Really appreciate you sharing that leadership. Back to the more of technical questions around leadership is cloud native. It's clear that there's going to be a line in the sand, if you will, there's going to be a right side of history, people are going to have to be on the right side of history, and I believe it's cloud native. You're starting to see this emersion. You guys have some news, you just announced today, you acquired a Kubernetes security startup, around Kubernetes, obviously Kubernetes needs security, it's one of those key new enablers, disruptive enablers out there. Cloud native is a path that is a destination opportunity for people to think about, why that acquisition? Why that company? Why is VMware making this move? >> Yeah, we felt as we talked about our plans in security, backing up to things I talked about in my last few appearances on your show at VMworld, when we announced Carbon Black, was we felt the security industry was broken because there was too many point benders, and we figured there'd be three to five control points, network, endpoint, cloud, where we could play a much more pronounced role at moving a lot of these point benders, I describe this as not having to force our customers to go to a doctor and say I've got to eat 5,000 tablets to get healthy, you make it part of your diet, you make it part of the infrastructure. So how do we do that? With network security, we're off to the races, we're doing a lot more data center networking, firewall, load bouncing, SD-WAN. Really, reality is we can eat into a lot of the point benders there that I've just been, and quite frankly what's happened to us very gratifying in the network security area, you've seen the last few months, some firewall vendors are buying SD-WAN players, kind of following our strategy. That's a tremendous validation of the fact that the network security space is being disrupted. Okay, move to endpoint security, part of the reason we acquired Carbon Black was to unify the client side, Workspace ONE and Carbon Black should come together, and we're well under way in doing that, make Carbon Black agentless on the server side with vSphere, we're well on the way to that, you'll see that very soon. By the way both those things are something that the traditional endpoint players can't do. And then bring out new forms of workload. Servers that are virtualized by VMware is just one form of work. What are other workloads? AWS, the public clouds, and containers. Container's just another workload. And we've been looking at container security for a long time. What we didn't want to do was buy another static analysis player, another platform and replatform it. We felt that we could get great technology, we have incredible grandeur on container cell. It's sort of Red Hat and us, they're the only two companies who are doing Kubernetes scales. It's not any of these endpoint players who understand containers. So Kubernetes, VMware's got an incredible brand and relevance and knowledge there. The networking part of it, service mesh, which is kind of a key component also to this. We've been working with Google and others like Istio in service mesh, we got a lot of IP there that the traditional endpoint players, Symantec, McAfee, Trend, CrowdStrike, don't know either Kubernetes or service mesh well. We add now container security into this, we really distinguish ourselves further from the traditional endpoint players with bringing together, not just the endpoint platform that can do containers, but also Kubernetes service mesh. So why is that important? As people think about their future in containers, they'll want to do this at the runtime level, not at the static level. They'll want to do it at build time And they'll want to have it integrated with some of their networking capabilities like service mesh. Who better to think about that IP and that evolution than VMware, and now we bring, I think it's 12 to 14 people we're bringing in from this acquisition. Several of them in Israel, some of them here in Palo Alto, and they will build that platform into the tech that VMware has onto the Carbon Black cloud and we will deliver that this year. It's not going to be years from now. >> Did you guys talk about the-- >> Our capability, and then we can bring the best of Carbon Black, with Tanzu, service mesh, and even future innovation, like, for example, there's a big movement going around, this thing call open policy agent OPA, which is an open source effort around policy management. You should expect us to embrace that, there could be aspects of OPA that also play into the future of this container security movement, so I think this is a really great move for Patrick and his team, I'm very excited. Patrick is the CEO of Carbon Black and the leader of that security business unit, and he came to me and said, "Listen, one of the areas "we need to move in is container security "because it's the number one request I'm hearing "from our CESOs and customers." I said, "Go ahead Patrick. "Find out who are the best player you could acquire, "but you have to triangulate that strategy "with the Tanzu team and the NSX team, "and when you have a unified strategy what we should go, "we'll go an make the right acquisition." And I'm proud of what he was able to announce today. >> And I noticed you guys on the release didn't talk about the acquisition amount. Was it not material, was it a small amount? >> No, we don't disclose small, it's a tuck-in acquisition. You should think of this as really bringing us some tech and some talent, and being able to build that into the core of the platform of Carbon Black. Carbon Black was the real big move we made. Usually what we do, you saw this with AirWatch, right, anchor on a fairly big move. We paid I think 2.1 billion for Carbon Black, and then build and build and build on top of that, partner very heavily, we didn't talk about that. If there's time we could talk about it. We announced today a security alliance with top SIEM players, in what's called a sock alliance. Who's announced in there? Splunk, IBM QRadar, Google Chronicle, Sumo Logic, and Exabeam, five of the biggest SIEM players are embracing VMware in endpoint security, saying, Carbon Black is who we want to work with. Nobody else has that type of partnership, so build, partner, and then buy. But buy is always very carefully thought through, we're not one of these companies like CA of the past that just bought every company and then it becomes a graveyard of dead acquisition. Our view is we're very disciplined about how we think about acquisition. Acquisitions for us are often the last resort, because we'd prefer to build and partner. But sometimes for time-to-market reasons, we acquire, and when we acquire, it's thoughtful, it's well-organized within VMware, and we take care of our people, 'cause we want, I mean listen, why do acquisitions fail? Because the good people leave. So we're excited about this team, the team in Israel, and the team in Palo Alto, they come from Octarine. We're going to integrate them rapidly into the platform, and this is a good evidence of VMware investing more in security, and our Q3 earnings pulled, John, I said, sorry, we said that the security business was a billion dollar business at VMware already, primarily from network, but some from endpoint. This is evidence of us putting more fuel behind that fire. It's only been six, seven months and Patrick's made his first acquisition inside Carbon Black, so you're going to see us investing more in security, it's an important priority for the company, and I expect us to be a very prominent player in these three pillars, network security, endpoint security, endpoint is both client and the workload, and cloud. Network, endpoint, cloud, they are the three areas where we think there's lots of room for innovation in security. >> Well, we'll be watching, we'll be reporting and analyzing the moves. Great playbook, by the way. Love that organic partnering and then key acquisitions which you build around, it's a great playbook, I think it's very relevant for this time. The most important question I have to ask you, Sanjay, and this is a personal question, because you're the leader of VMware, I noticed that, we all know you're into music, you've been putting music online, kind of a virtual band. You've also hired a CUBE alumni, Victoria Verango from McAfee who also puts up music, you've got some musicians, but you kind of know how to do the digital moves there, so the question is, will the music at VMworld this year be virtual? >> Oh, man. Victoria is actually an even better musician than me. I'm excited about his marketing gifts, but I'm also excited to watch him. But yeah, you've heard him sing, he's got a voice that's somewhat similar to Sting, so we, just for fun, in our Diwali, which is an Indian celebration last year, Tom Corn, myself, and a wonderful lady named Divya, who's got a beautiful voice, had sung a song, which was off the soundtrack of the Bollywood movie, "Secret Superstar," and we just for fun decided to record that in our three separate homes, and put that out on YouTube. You can listen, it's just a two or three-minute run, and it kind of went a little bit viral. And I was thinking to myself, hey, if this is one way by which we can let the VMware community know that, hey, you know what, art conquers COVID-19, you can do music even socially distant, and bring out the spirit of VMware, which is community. So we might build on that idea, Victoria and I were talking about that last night and saying, hey, maybe we do a virtual music kind of concert of maybe 10 or 15 or 20 voices in the various different countries. Record piece of a song and music and put it out there. I think these are just ways by which we're having fun in a virtual setting where people get to see a different side of VMware where, and the intent here, we're all amateurs, John, we're not like great. There are going to be mistakes in this music. If you listen to that audio, it sounds a little tinny, 'cause we're recording it off our iPhone and our iPad microphone. But we'll do the best we can, the point is just to show the human spirit and to show that we care, and at the end of the day, see, the COVID-19 virus has no prejudice on color of skin, or nationality, or ethnicity. It's affecting the whole world. We all went into the tunnel at different times, we will come out of this tunnel together and we will be a stronger human fabric when we're done with this, We shall absolutely overcome. >> Sanjay, give us a quick update to end the segment on your thoughts around VMworld. It's one of the biggest events, we look forward to it. It's the only even left standing that theCUBE's been to every year of theCUBE's existence, we're looking forward to being part of theCUBE virtual. It's been announced it's virtual. What are some of the thinking going on at the highest levels within the VMware community around how you're going to handle VMworld this year? >> Listen, when we began to think about it, we had to obviously give our customers and folks enough notice, so we didn't want to just spring that sometime this summer. So we decided to think through it carefully. I asked Robin, our CMO, to talk to many of the other CMOs in the industry. Good news is all of these are friends of ours, Amazon, Microsoft, Google, Salesforce, Adobe, and even some smaller companies, IBM did theirs. And if they were in the first half of the year, they had to go virtual 'cause we're sheltered in place, and IBM did theirs, Okta did theirs, and we began to watch how they were doing this. We're kind of in the second half, because we were August, September, and we just sensed a lot of hesitancy from our customers that wanted to get on a plane to come here, and even if we got just 500, 1,000, a few thousand, it wasn't going to be the same and there would always be that sort of, even if we were getting back to that, some worry, so we figured we'd do something that might be semi-digital, and we may have some people that roam, but the bulk of it is going to be digital, and we changed the dates to be a little later. I think it's September 20th to 29th. Right now it's all public now, we announced that, and we're going to make it a great program. In some senses like we're becoming TV producer. I told our team we got to be like Disney or ESPN or whoever your favorite show is, YouTube, and produce a really good several-hour program that has got a different way in which digital content is provided, smaller snippets, very interesting speakers, great brand names, make the content clear, crisp and compelling. And if we do that, this will be, I don't know, maybe it's the new norm for some period of time, or it might be forever, I don't know. >> John: We're all learning. >> In the past we had huge conferences that were busting 50, 70, 100,000 and then after the dot-com era, those all shrunk, they're like smaller conferences, and now with advent of companies like Amazon and Salesforce, we have huge events that, like VMworld, are big events. We may move to a environment that's a lot more digital, I don't know what the future of in-presence physical conferences are, but we, like others, we're working with AWS in terms of their future with Reinvent, what Microsoft's doing with Ignite, what Google's doing with Next, what Salesforce's going to do with Dreamforce, all those four companies are good partners of ours. We'll study theirs, we'll work together as a community, the CMOs of all those companies, and we'll come together with something that's a very good digital experience for our customers, that's really what counts. Today I did a webinar with a partner. Typically when we did a briefing in our briefing center, 20 people came. There're 100 people attending this, I got a lot more participation in this QBR that I did with this SI partner, one of the top SIs in the world, in an online session with them, than would I have gotten if they'd all come to Palo Alto. That's goodness. Should we take the best of that world and some physical presence? Maybe in the future, we'll see how it goes. >> Content quality. You know, you know content. Content quality drives everything online, good engagement creates community, that's a nice flywheel. I think you guys will figure it out, you've got a lot of great minds there, and of course, theCUBE virtual will be helping out as we can, and we're rethinking things too-- >> We count on that, John-- >> We're going to be open minded to new ideas, and, hey, whatever's the best content we can deliver, whether it's CUBE, or with you guys, or whoever, we're looking forward to it. Sanjay, thanks for spending the time on this CUBE Keynote coverage of AWS Summit. Since it's digital we can do longer programs, we can do more diverse content. We got great customer practitioners coming up, talking about their journey, their innovation strategies. Sanjay Poonen, COO of VMware, thank you for taking your precious time out of your day today. >> Thank you, John, always a pleasure. >> Thank you. Okay, more CUBE, virtual CUBE digital coverage of AWS Summit 2020, theCUBE.net is we're streaming, and of course, tons of videos on innovation, DevOps, and more, scaling cloud, scaling on-premise hybrid cloud, and more. We got great interviews coming up, stay with us our all-day coverage. I'm John Furrier, thanks for watching. (upbeat music)