>> Narrator: From theCUBE studios in Palo Alto and Boston, it's theCUBE, covering IBM Think. Brought to you by IBM. >> All right everybody welcome back to theCUBE's continuous coverage of IBM Think 2020. It's digital event experience, my name is Dave Vellante, Aki Duvvur's here, he's the vice president of the IBM public cloud. Aki great to see you, thanks for coming on, hope you're safe and-- >> Hey Dave, Thanks for having us on. We're as safe as can be, appreciate it. >> Yeah, so your background is really interesting, your heading IBM cloud now, you got a CTO background, you been in sales, that's interesting to me because it gave you an opportunity to really try to understand the product market fit, if you will, from the customers point of view. But how did that shape your thinking about cloud generally and specifically where you're at today. >> Hey, great question Dave. So I'll tell you from my technology background it really gave me a good appreciation for how applications get built, from everything from the infrastructure all the way up and through the application itself. To all of the criticality around how those applications need to be built, how they need to be made highly available. With business continuance in mind, which is exactly what we're trying to do at scale right now from a public crown perspective, out from an architectural first principles perspective. And then I would say from a sales perspective it gave me a sense of speed and clarity of vision. In terms of just how you have to be very net in terms of the value proposition that you bring forward to a client and how you position the public cloud at large. So those two items or backgrounds have brought me full circle into my product role today and allow me to work with a sense of urgency for our clients and their journeys and their complex transformation as we build a cloud that is very enterprise centric to support their mission critical workload. >> I want to follow up with that. So I mean the traditional approach to developing enterprise apps, you walk inside any large financial institution and a healthcare, pharma, et cetera and you would have very much a waterfall approach. Understand the requirements, you'd have a development team, you'd have an operations team, they'd throw the code over the fence, they'd throw it back. Ah your code doesn't work, well it did when I sent it to you. And the cloud has really changed all that, hasn't it? And so now you're moving much faster, you're doing agile, how do you see that applying to sort of the traditional IBM base, is it being embraced? How is it being embraced? Is it different from other approaches? I wonder if you could address that. >> I think it's a transformation for the entire company, and when I say journey to cloud it really is around not just the public cloud as a destination but it's the entire hybrid approach that we have to take in delivering those applications you just alluded to. They're pretty much the mission critical heart of the enterprise, so it's a transformation from a public cloud perspective, it's a transformation from how our services schemes engage with our clients, how we migrate, how we modernize, how we take that middleware stack and we convert it into containerized software that we can actually leverage and deploy in the public cloud as part of this transformation,. So really it's a reinvention of not just the way our customers interact with the public cloud, but the way that we as a public cloud provider and a services provider can react and give our clients the best value across that entire hybrid transformation. >> So one of the things that of course IBM executives stresses, we've heard Ginni talk about it, we hear Arvind talk about it, across the whole company you guys are aligned on this topic, only 20% of the workloads have moved to the cloud, it's the hard stuff that hasn't moved, IBM has stated you want to be the preferred supplier for all the really challenging, hybrid, workloads et cetera. So what I want to get to is how you're approaching that, is it a combination of using open technologies and it's going to, blending those with your very large software state, what's your kind of secret sauce around succeeding with that vision? >> That's a really good question, so they're kind of three pillars to our strategy. Number one is around open technologies, embracing open technologies and one of the things that we did very early on in our transformation, in fact back in 2017, before any other cloud provider focused on this, we re-based our entire public cloud on Kubernetes as the base. Not only for the way we deliver up-stack services, whether it's Watson, our IOT or other service, but also in the way that we deliver our IaaS. So our entire control plane is built on Kubernetes. That was a big bet that we made probably two years before everybody else in the industry sort of followed suit. And we are the only cloud provider today that has their entire cloud based on Kube. That was one pillar, the second pillar was around pervasive security, so it's ensuring that our client have the controls required to be able to deliver pervasive security, whether it's encryption and flight at rest or in motion, but also ensuring that they're the only one's that have access to their keys. So nobody else, not even the provider can decrypt their data in the public cloud. And then finally it's around enterprise capabilities, so as you talked about this other 80% of workloads, a lot of those apps are brittle workloads, so they have upstream and downstream connectivity that creates a lot of complexity and chatter in the application itself. So you've got to be able to support those workloads from a public cloud perspective so that there is none of that chattiness and you can actually deliver those applications in a way that they can, one, be moved into the public cloud and then later transformed into microservices and or into microservices directly as part of that transformation, so that middleware content et cetera, delivered as containers allows for a lot of that transformation of different aspects of the cloud. >> Know what, take us back to that bet that you made, So Kubernetes obviously for portability, the decision had to be made strategically that, yeah, just going to try to lock everybody into the IBM cloud. You're going to support multiple clouds, and in all fairness you kind of were later to the cloud game so that became part of your strategy, hybrid is obviously a piece of that, but you embraced that. Many cloud providers out there were late to embracing that or flat-out don't embrace that sort of multicloud approach. Security's kind of table stakes and we're going to get into that later but that enterprise apps piece is critical. Take us back to that Kubernetes decision. What was that, was that the strategy of being open cloud and multicloud, was it sort of a Red Hat angle, pre-Red Hat acquisition where you had affinity towards not only Linux but OCP, maybe you can talk about that. >> I think it's a combination of many things, in fact it predates Red Hat too in that, this was back in 2017, and fundamentally after Google open-sourced Kubernetes, one of the big, if you look at the way that the virtual server platforms back in the late 90s, early 2000s, one of the big challenges was around management of those BM's at scale. So very similarly we saw containers as being a very rapid approach to application deployment and really sort of merging that DevOps transformation that many of our clients were going through. So we said that this was a perfect vehicle to not only deliver applications at scale but also ensure all of the attributes of a public cloud, which are higher levels of availability, self-healing and scale-up, scale-downing, able to turn on more storage, more memory so you weren't tied into the physical boundaries of a typical virtual machine. That really allowed us to sort of break the paradigm a little bit in terms of our approach. And the bet paid off, because we have a significant, almost 20,000 production clusters running across our enterprise clients today, so pretty significant footprint just on Kube alone. >> Well I can say and it gives clients the opportunity to have portability, hedges their bets, gives them an exit strategy if in fact they want one, and it just seems like good business. What about Open Shift, how does that fit in there in regards to OCP? >> Well I think Open Shift is a perfect complement right now. So as we talk about the fact that we have a cloud built on Kubernetes. Open Shift becomes the engine that runs all of our capabilities now. So as we think about how we deliver our services, how we deliver common sources whether it's logging or monitoring identity and access, all of the governance and orchestration required around a Kube environment, Open Shift is a terrific solution to be able to provide that at scale. Not just for our clients as a first class deployment in the public cloud but also as a look and deploy on prem so that they have multi-model deployments here with perhaps their applications that are very sensitive, that have PHI data, that they want to control on prem, they have that approach and they have the ability to be able to support it. They also have the ability to take advantage of strangler patterns, so parts of the application that sit, run perhaps in an Open Shift environment in the on prem environment with other aspects of it being controlled, orchestrated and run in the public cloud on our Red Hate Open Shift Kubernetes service. So we've got all of those attributes and capabilities to support that hybrid and even multicloud deployment. >> What if we get, sort of dive into security. You've seen this sort of interesting divergent narrative in the industry. On the one hand you've had executives like Pat Gelsinger come out and say security is broken. On the other hand you had, for instance, the CISO of AWS, say no security in the clouds great. So if you're a customer who do you believe? And you talk to CISO's and they say look it, it's on us, this problem will never be solved, it's an ongoing challenge. But I wonder if you could give us IBM's point of view on security, cause you're on both sides. You got the cloud, you got on prem, you got a deep history in security going back to Rack-F on the mainframes and so I wonder if you can share with us your thoughts on that. >> Well I think security is table stake, and always been table stakes and now more so than ever, especially as we look at that other 80% that we talked about. These are revenue generating applications, they're mission critical and they have significant impact if they're down in any way, shape or form, especially if there's a security attack of some kind and there's a breach. You're talking about businesses completely going out, I mean they're basically bankrupt at that point. So it is table stakes. We have taken a very long strategic look at how we build security, from the chip all the way up into the security architecture and into memory as well. Ensuring that every sort of attack vector is locked down. We have our dedicated HSM's with the highest FIPS, compliance FIPS 140-2 level four. As I mentioned before, we allow for keep your own key and bring your own key, everybody does bring your own key but keep your own key is a clients ability to bring and mange their own key in the public cloud. So if anybody tries to tamper with it, that just gets locked down and there's no access that even the provider could have in terms of decrypting. We have to get rid of that dedicated HSM at that point. So it really puts the control on our clients and ensures that every aspect of their environment from profiles to templates, you had mentioned CICD pipeline before, it's ensuring that we have a shift-left strategy which is really Sec DevOps because it really allows for us to focus on security in every interaction from the start of how code gets integrated and deployed into the cloud. So ensuring that we have that entire end to end approach nailed down is pretty important to us. >> One thing that's key if you're a CISO you don't want to have different security protocols for on prem and the cloud, you want that sort of end to end approach. Now maybe that doesn't happen overnight but presumably that's kind of the vision is that kind of consistency because every CISO will tell you the lack of skills is our biggest challenge. So the last thing we need to do is learn just a whole 'nother environment, all new processes. How have you made progress in terms of that end to end experience? >> Well we've tried to make it completely cloud native. We've tried to make it very API orientated. So it's basically really simple for them to integrate into the cloud and take advantage of the CICD pipeline as I mentioned. So if you look at how we deliver our code from a tekton perspective and if you look at how we can do signed images in the registry, so ensuring that developers are only authorized to run the appropriate applications that they have permission for and that they can't leverage other assets or pools that they're not. So ensuring that role-based access control is very tightly knit, ensuring least privileged access as opposed to opening up and ensuring that everybody has all access all the time and then working your way down into least privileged access is critical. So it's those core first principles that you would leverage in an on prem environment and extending it into the public cloud so that it becomes a very translatable experience for our client. >> Okay, I want to push you a little bit. We started out with openness and you sort of laid down the gauntlet as we made the decision early on to be open. What if I'm a security practitioner, I say hey I like Cloud Stripe or I like Okta or I want to use Zscaler. Can I use those in your environment? How open are you to that type of approach? >> You absolutely can and you can integrate into our security dashboard. So the nice thing about it is you can leverage our capabilities that we have in the cloud, or you can leverage your third-party tools and you can integrate them so you have a single plane of glass and you always know who's accessing your systems, where they're accessing them from, did they succeed or did they fail. This is table stakes allowing integration for best of class and best of breed security technology is core. >> So you're obviously cloud guy, the more cloud, better for you personally, your group, whatever. But what's the business case for moving those mission critical workloads in the cloud. Former CTO, I'm sure you've had a lot of discussions with customers, hey, why not just leave it there put a brick wall around it. It ain't broke, why fix it? What's the business case that you're seeing for putting those workloads in the cloud. >> I think the current healthcare crisis we're in is probably proving out a lot of the challenges of managing a data center in traditional sense, number one. And I think if you think about just the innovation agenda that many of our clients have, they're kind of hand strung by all of the legacy technologies and sometimes monolithic architectures that they've got deployed. They're unable to break out of that because of the amount of cost and the amount of resource it takes to manage those environments today and keep a lot of end of life infrastructure running. And really the move to public cloud and being able to transform and modernize your workloads frees up a lot of that budget in innovation that you can start to infuse into driving new revenue streams from a company perspective. I think that is the critical aspect to it and I think the current crisis just proves out that clients that have built for scale, who've kind of gone in with a cloud first set of principles are actually well setup to be able to navigate some of the current challenges a little bit better than others. >> Yeah and I think, listening to you talk reminds me of a conversation I had probably 10 years ago with a former IBMer legend, Steve Mills who said to me, look we spend way too much money on IT labor and it's just not productive so automation is key, you can't scale without it. I talked earlier about the skills gap, automation is at least one part of that answer. Because people just, to your point, if you're spending money on, wasting it on labor that's not giving you differentiation, that's stealing from the innovation budget. >> Yeah, totally agree Dave. >> So give me the final word, what's your vision for the IBM public cloud, where do you see all this in three to five years? >> Well I think we're just at the tip of the iceberg right now when it comes to a lot of the complex (murmurs) applications that we talked about before, ERP applications, mission critical back office apps that haven't moved and I think we are very, very early in that journey. And I think we're positioned really well to capture and win that marketplace. I think we have the right solutions, we have the right sort of core principles. As I mentioned open and secure and enterprise grade, having a multi-platform approach to support our clients applications, being able to modernize and kind of walk them through this crawl, walk, run approach to how they transform into the public cloud. And having all of the service expertise, so we're not just this CSP but we're also an MSP and we have sense around handling complex workload. We've done that all through our existence and we feel like this is where this starts to get interesting for our clients now as they take these next steps and as you probably heard last year with our announcement of the FFS ready public cloud with Bank of America. We're trying to bring all that together in terms of how we meet our client and ensure that we can take care of their regulatory requirements, which continue to change as well regardless of industry. >> Well it's a multi-trillion dollar, trillion plus dollar opportunity that you guys are after. And you're in the cloud game, a lot of people tried and failed, IBM made it through that knot hole and now you're in a position to really compete and participate in that modernization of those workloads. We've done research that shows that a lot of this, especially for the hard to move workloads is about risk, and to the extent that you can maintain that compatibility if you will, between what's on prem and what's in the cloud. You dramatically de-risk the cloud move and the decision, so yeah, I think you're in a good spot. And I really appreciate you coming on theCUBE. >> Hey Dave, thanks for having me. Appreciate it. >> All right, our please Aki. This is Dave Vellante for theCUBE, this is our continuous coverage of IBM Think 2020, the digital event experience. We'll be right back right after this short break. You're watching theCUBE. (calming music)