>>Hey everyone. Welcome to the cubes presentation of the AWS startup showcase. This is season two, episode four of our ongoing series. That's featuring exciting startups within the AWS ecosystem. This theme, cybersecurity protect and detect against threats. I'm your host. Lisa Martin. I've got two guests here with me. Please. Welcome back to the program. Sam Kam, a COO and co-founder of security scorecard and bar Roth. Charri team lead solutions marketing at confluent guys. It's great to have you on the program talking about cybersecurity. >>Thanks for having us, Lisa, >>Sam, let's go ahead and kick off with you. You've been on the queue before, but give the audience just a little bit of context about security scorecard or SSC as they're gonna hear it referred to. >>Yeah. AB absolutely. Thank you for that. Well, the easiest way to, to put it is when people wanna know about their credit risk, they consult one of the major credit scoring companies. And when companies wanna know about their cybersecurity risk, they turn to security scorecard to get that holistic view of, of, of the security posture. And the way it works is SSC is continuously 24 7 collecting signals from across the entire internet. I entire IPV four space and they're doing it to identify vulnerable and misconfigured digital assets. And we were just looking back over like a three year period. We looked from 2019 to 2022. We, we, we assessed through our techniques over a million and a half organizations and found that over half of them had at least one open critical vulnerability exposed to the internet. What was even more shocking was 20% of those organizations had amassed over a thousand vulnerabilities each. >>So SSC we're in the business of really building solutions for customers. We mine the data from dozens of digital sources and help discover the risks and the flaws that are inherent to their business. And that becomes increasingly important as companies grow and find new sources of risk and new threat vectors that emerge on the internet for themselves and for their vendor and business partner ecosystem. The last thing I'll mention is the platform that we provide. It relies on data collection and processing to be done in an extremely accurate and real time way. That's a key for that's allowed us to scale. And in order to comp, in order for us to accomplish this security scorecard engineering teams, they used a really novel combination of confluent cloud and confluent platform to build a really, really robust data for streaming pipelines and the data streaming pipelines enabled by confluent allow us at security scorecard to collect the data from a lot of various sources for risk analysis. Then they get feer further analyzed and provided to customers as a easy to understand summary of analytics. >>Rob, let's bring you into the conversation, talk about confluent, give the audience that overview and then talk about what you're doing together with SSC. >>Yeah, and I wanted to say Sam did a great job of setting up the context about what confluent is. So, so appreciate that, but a really simple way to think about it. Lisa is confident as a data streaming platform that is pioneering a fundamentally new category of data infrastructure that is at the core of what SSE does. Like Sam said, the key is really collect data accurately at scale and in real time. And that's where our cloud native offering really empowers organizations like SSE to build great customer experiences for their customers. And the other thing we do is we also help organizations build a sophisticated real time backend operations. And so at a high level, that's the best way to think about comfort. >>Got it. But I'll talk about data streaming, how it's being used in cyber security and what the data streaming pipelines enable enabled by confluent allow SSE to do for its customers. >>Yeah, I think Sam can definitely share his thoughts on this, but one of the things I know we are all sort of experiencing is the, is the rise of cyber threats, whether it's online from a business B2B perspective or as consumers just be our data and, and the data that they're generating and the companies that have access to it. So as the, the need to protect the data really grows companies and organizations really need to effectively detect, respond and protect their environments. And the best way to do this is through three ways, scale, speed, and cost. And so going back to the points I brought up earlier with conference, you can really gain real time data ingestion and enable those analytics that Sam talked about previously while optimizing for cost scale. So those are so doing all of this at the same time, as you can imagine, is, is not easy and that's where we Excel. >>And so the entire premise of data streaming is built on the concepts. That data is not static, but constantly moving across your organization. And that's why we call it data streams. And so at its core, we we've sort of built or leveraged that open source foundation of APA sheet Kafka, but we have rearchitected it for the cloud with a totally new cloud native experience. And ultimately for customers like SSE, we have taken a away the need to manage a lot of those operational tasks when it comes to Apache Kafka. The other thing we've done is we've added a ton of proprietary IP, including security features like role based access control. I mean, some prognosis talking about, and that really allows you to securely connect to any data no matter where it resides at scale at speed. And it, >>Can you talk about bar sticking with you, but some of the improvements, and maybe this is a actually question for Sam, some of the improvements that have been achieved on the SSC side as a result of the confluent partnership, things are much faster and you're able to do much more understand, >>Can I, can Sam take it away? I can maybe kick us off and then breath feel, feel free to chime in Lisa. The, the, the, the problem that we're talking about has been for us, it was a longstanding challenge. We're about a nine year old company. We're a high growth startup and data collection has always been in, in our DNA. It's at it's at the core of what we do and getting, getting the insights, the, and analytics that we synthesize from that data into customer's hands as quickly as possible is the, is the name of the game because they're trying to make decisions and we're empowering them to make those decisions faster. We always had challenges in, in the arena because we, well partners like confluent didn't didn't exist when we started scorecard when, when we we're a customer. But we, we, we think of it as a partnership when we found confluent technology and you can hear it from Barth's description. >>Like we, we shared a common vision and they understood some of the pain points that we were experiencing on a very like visceral and intimate level. And for us, that was really exciting, right? Just to have partners that are there saying, we understand your problem. This is exactly the problem that we're solving. We're, we're here to help what the technology has done for us since then is it's not only allowed us to process the data faster and get the analytics to the customer, but it's also allowed us to create more value for customers, which, which I'll talk about in a bit, including new products and new modules that we didn't have the capabilities to deliver before. >>And we'll talk about those new products in a second exciting stuff coming out there from SSC, bro. Talk about the partnership from, from confluence perspective, how has it enabled confluence to actually probably enhance its technology as a result of seeing and learning what SSC is able to do with the technology? >>Yeah, first of all, I, I completely agree with Sam it's, it's more of a partnership because like Sam said, we sort of shared the same vision and that is to really make sure that organizations have access to the data. Like I said earlier, no matter where it resides so that you can scan and identify the, the potential security security threads. I think from, from our perspective, what's really helped us from the perspective of partnering with SSE is just looking at the data volumes that they're working with. So I know a stat that we talked about recently was around scanning billions of records, thousands of ports on a daily basis. And so that's where, like I, like I mentioned earlier, our technology really excels because you can really ingest and amplify the volumes of data that you're processing so that you can scan and, and detect those threats in real time. >>Because I mean, especially the amount of volume, the data volume that's increasing on a year by basis, that aspect in order to be able to respond quickly, that is paramount. And so what's really helped us is just seeing what SSE is doing in terms of scanning the, the web ports or the data systems that are at are at potential risk. Being able to support their use cases, whether it's data sharing between their different teams internally are being able to empower customers, to be able to detect and scan their data systems. And so the learning for us is really seeing how those millions and billions of records get processed. >>Got it sounds like a really synergistic partnership that you guys have had there for the last year or so, Sam, let's go back over to you. You mentioned some new products. I see SSC just released a tax surface intelligence product. That's detecting thousands of vulnerabilities per minute. Talk to us about that, the importance of that, and another release that you're making. >>There are some really exciting products that we have released recently and are releasing at security scorecard. When we think about, when we think about ratings and risk, we think about it not just for our companies or our third parties, but we think about it in a, in a broader sense of an, of an ecosystem, because it's important to have data on third parties, but we also want to have the data on their third parties as well. No, nobody's operating in a vacuum. Everybody's operating in this hyper connected ecosystem and the risk can live not just in the third parties, but they might be storing processing data in a myriad of other technological solutions, which we want to understand, but it's really hard to get that visibility because today the way it's done is companies ask their third parties. Hey, send me a list of your third parties, where my data is stored. >>It's very manual, it's very labor intensive, and it's a trust based exercise that makes it really difficult to validate. What we've done is we've developed a technology called a V D automatic vendor detection. And what a V D does is it goes out and for any company, your own company or another business partner that you work with, it will go detect all of the third party connections that we see that have a live network connection or data connection to an organization. So that's like an awareness and discovery tool because now we can see and pull the veil back and see what the bigger ecosystem and connectivity looks like. Thus allowing the customers to go hold accountable, not just the third parties, but their fourth parties, fifth parties really end parties. And they, and they can only do that by using scorecard. The attack surface intelligence tool is really exciting for us because well, be before security scorecard people thought what we were doing was fairly, I impossible. >>It was really hard to get instant visibility on any company and any business partner. And at the same time, it was of critical importance to have that instant visibility into the risk because companies are trying to make faster decisions and they need the risk data to steer those decisions. So when I think about, when I think about that problem in, in managing sort of this evolving landscape, what it requires is it requires insightful and actionable, real time security data. And that relies on a couple things, talent and tech on the talent side, it starts with people. We have an amazing R and D team. We invest heavily. It's the heartbeat of what we do. That team really excels in areas of data collection analysis and scaling large data sets. And then we know on the tech side, well, we figured out some breakthrough techniques and it also requires partners like confluent to help with the real time streaming. >>What we realized was those capabilities are very desired in the market. And we created a new product from it called the tech surface intelligence. A tech surface intelligence focuses less on the rating. There's, there's a persona on users that really value the rating. It's easy to understand. It's a bridge language between technical and non-technical stakeholders. That's on one end of the spectrum on the other end of the spectrum. There's customers and users, very technical customers and users that may not have as much interest in a layman's rating, but really want a deep dive into the strong threat Intel data and capabilities and insights that we're producing. So we produced ASI, which stands for attack surface intelligence that allows customers to look at the surface area of attack all of the digital assets for any organization and see all of the threats, vulnerabilities, bad actors, including sometimes discoveries of zero day vulnerabilities that are, that are out in the wild and being exploited by bad guys. So we have a really strong pulse on what's happening on the internet, good and bad. And we created that product to help service a market that was interested in, in going deep into the data. >>So it's >>So critical. Go >>Ahead to jump in there real quick, because I think the points that Sam brought up, we had a great, great discussion recently while we were building on the case study that I think brings this to life, going back to the AVD product that Sam talked about and, and Sam can probably do a better job of walking through the story, but the way I understand it, one of security scorecards customers approached them and told them that they had an issue to resolve and what they ended up. So this customer was using an AVD product at the time. And so they said that, Hey, the car SSE, they said, Hey, your product shows that we used, you were using HubSpot, but we stopped using that age server. And so I think when SSE investigated, they did find a very recent HubSpot ping being used by the marketing team in this instance. And as someone who comes from that marketing background, I can raise my hand and said, I've been there, done that. So, so yeah, I mean, Sam can probably share his thoughts on this, but that's, I think the great story that sort of brings this all to life in terms of how actually customers go about using SSCs products. >>And Sam, go ahead on that. It sounds like, and one of the things I'm hearing that is a benefit is reduction in shadow. It, I'm sure that happens so frequently with your customers about Mar like a great example that you gave of, of the, the it folks saying we don't use HubSpot, have it in years marketing initiates an instance. Talk about that as some of the benefits in it for customers reducing shadow it, there's gotta be many more benefits from a security perspective. >>Yeah, the, there's a, there's a big challenge today because the market moved to the cloud and that makes it really easy for anybody in an organization to go sign, sign up, put in a credit card, or get a free trial to, to any product. And that product can very easily connect into the corporate system and access the data. And because of the nature of how cloud products work and how easy they are to sign up a byproduct of that is they sort of circumvent a traditional risk assessment process that, that organizations go through and organizations invest a, a lot of money, right? So there's a lot of time and money and energy that are invested in having good procurement risk management life cycles, and making sure that contracts are buttoned up. So on one side you have companies investing loads of energy. And then on the other side, any employee can circumvent that process by just going and with a few clicks, signing up and purchasing a product. >>And that's, and, and, and then that causes a, a disparity and Delta between what the technology and security team's understanding is of the landscape and, and what reality is. And we're trying to close that gap, right? We wanna close and reduce any windows of time or opportunity where a hacker can go discover some misconfigured cloud asset that somebody signed up for and maybe forgot to turn off. I mean, it's a lot of it is just human error and it, and it happens the example that Barra gave, and this is why understanding the third parties are so important. A customer contacted us and said, Hey, you're a V D detection product has an error. It's showing we're using a product. I think it was HubSpot, but we stopped using that. Right. And we don't understand why you're still showing it. It has to be a false positive. >>So we investigated and found that there was a very recent live HubSpot connection, ping being made. Sure enough. When we went back to the customer said, we're very confident the data's accurate. They looked into it. They found that the marketing team had started experimenting with another instance of HubSpot on the side. They were putting in real customer data in that instance. And it, it, you know, it triggered a security assessment. So we, we see all sorts of permutations of it, large multinational companies spin up a satellite office and a contractor setting up the network equipment. They misconfigure it. And inadvertently leave an administrator portal to the Cisco router exposed on the public internet. And they forget to turn off the administrative default credentials. So if a hacker stumbles on that, they can ha they have direct access to the network. We're trying to catch those things and surface them to the client before the hackers find it. >>So we're giving 'em this, this hacker's eye view. And without the continuous data analysis, without the stream processing, the customer wouldn't have known about those risks. But if you can automatically know about the risks as they happen, what that does is that prevents a million shoulder taps because the customer doesn't have to go tap on the marketing team's shoulder and go tap on employees and manually interview them. They have the data already, and that can be for their company. That can be for any company they're doing business with where they're storing and processing data. That's a huge time savings and a huge risk reduction, >>Huge risk reduction. Like you're taking blinders off that they didn't even know were there. And I can imagine Sam tune in the last couple of years, as SAS skyrocketed the use of collaboration tools, just to keep the lights on for organizations to be able to communicate. There's probably a lot of opportunity in your customer base and perspective customer base to engage with you and get that really full 360 degree view of their entire organization. Third parties, fourth parties, et cetera. >>Absolutely. Absolutely. CU customers are more engaged than they've ever been because that challenge of the market moving to the cloud, it hasn't stopped. We've been talking about it for a long time, but there's still a lot of big organizations that are starting to dip their toe in the pool and starting to cut over from what was traditionally an in-house data center in the basement of the headquarters. They're, they're moving over to the cloud. And then on, on top of that cloud providers like Azure, AWS, especially make it so easy for any company to go sign up, get access, build a product, and launch that product to the market. We see more and more organizations sitting on AWS, launching products and software. The, the barrier to entry is very, very low. And the value in those products is very, very high. So that's drawing the attention of organizations to go sign up and engage. >>The challenge then becomes, we don't know who has control over this data, right? We don't have know who has control and visibility of our data. We're, we're bringing that to surface and for vendors themselves like, especially companies that sit in AWS, what we see them doing. And I think Lisa, this is what you're alluding to. When companies engage in their own scorecard, there's a bit of a social aspect to it. When they look good in our platform, other companies are following them, right? So now all of the sudden they can make one motion to go look good, make their scorecard buttoned up. And everybody who's looking at them now sees that they're doing the right things. We actually have a lot of vendors who are customers, they're winning more competitive bakeoffs and deals because they're proving to their clients faster that they can trust them to store the data. >>So it's a bit of, you know, we're in a, two-sided kind of market. You have folks that are assessing other folks. That's fun to look at others and see how they're doing and hold them accountable. But if you're on the receiving end, that can be stressful. So what we've done is we've taken the, that situation and we've turned it into a really positive and productive environment where companies, whether they're looking at someone else or they're looking at themselves to prove to their clients, to prove to the board, it turns into a very productive experience for them >>One. Oh >>Yeah. That validation. Go ahead, bro. >>Really. I was gonna ask Sam his thoughts on one particular aspect. So in terms of the industry, Sam, that you're seeing sort of really moving to the cloud and like this need for secure data, making sure that the data can be trusted. Are there specific like verticals that are doing that better than the others? Or do you see that across the board? >>I think some industries have it easier and some industries have it harder, definitely in industries that are, I think, health, healthcare, financial services, a absolutely. We see heavier activity there on, on both sides, right? They they're, they're certainly becoming more and more proactive in their investments, but the attacks are not stopping against those, especially healthcare because the data is so valuable and historically healthcare was under, was an underinvested space, right. Hospitals. And we're always strapped for it folks. Now, now they're starting to wake up and pay very close attention and make heavier investments. >>That's pretty interesting. >>Tremendous opportunity there guys. I'm sorry. We are out of time, but this is such an interesting conversation. You see, we keep going, wanna ask you both where can, can prospective interested customers go to learn more on the SSC side, on the confluence side, through the AWS marketplace? >>I let some go first. >>Sure. Oh, thank thank, thank you. Thank you for on the security scorecard side. Well look, security scorecard is with the help of Colu is, has made it possible to instantly rate the security posture of any company in the world. We have 12 million organizations rated today and, and that, and that's going up every day. We invite any company in the world to try security scorecard for free and experience how, how easy it is to get your rating and see the security rating of, of any company and any, any company can claim their score. There's no, there's no charge. They can go to security, scorecard.com and we have a special, actually a special URL security scorecard.com/free-account/aws marketplace. And even better if someone's already on AWS, you know, you can view our security posture with the AWS marketplace, vendor insights, plugin to quickly and securely procure your products. >>Awesome. Guys, this has been fantastic information. I'm sorry, bro. Did you wanna add one more thing? Yeah. >>I just wanted to give quick call out leads. So anyone who wants to learn more about data streaming can go to www confluent IO. There's also an upcoming event, which has a separate URL. That's coming up in October where you can learn all about data streaming and that URL is current event.io. So those are the two URLs I just wanted to quickly call out. >>Awesome guys. Thanks again so much for partnering with the cube on season two, episode four of our AWS startup showcase. We appreciate your insights and your time. And for those of you watching, thank you so much. Keep it right here for more action on the, for my guests. I am Lisa Martin. We'll see you next time.

>>Okay, welcome back everyone to super cloud 22 here in our live studio performance. You're on stage in Palo Alto. I'm Sean fur. You're host with the queue with Dave ante. My co it's got a great industry ecosystem panel to discuss whether it's realer hype, David MC Janet CEO of Hashi Corp, hugely successful company as will LA forest field CTO, Colu and Victoria over yourgo from VMware guys. Thanks for coming on the queue. Appreciate it. Thanks for having us. So realer, hype, super cloud David. >>Well, I think it depends on the definition. >>Okay. How do you define super cloud start there? So I think we have a, >>I think we have a, like an inherently pragmatic view of super cloud of the idea of super cloud as you talk about it, which is, you know, for those of us that have been in the infrastructure world for a long time, we know there are really only six or seven categories of infrastructure. There's sort of the infrastructure security, networking databases, middleware, and, and, and, and really the message queuing aspects. And I think our view is that if the steady state of the world is multi-cloud, what you've seen is sort of some modicum of standardization across those different elements, you know, take, you know, take confluent. You know, I, I worked in the middleware world years ago, MQ series, and typical multicast was how you did message queuing. Well, you don't do that anymore. All the different cloud providers have their own message, queuing tech, there's, Google pub sub, and the equivalents across the different, different clouds. Kafka has provided a consistent way to do that. And they're not trying to project that. You can run everything connected. They're saying, Hey, you should standardize on Kafka for message cuing is that way you can have operational consistency. So I think to me, that's more how we think about it is sort of, there is sort of layer by layer of sort of de facto standardization for the lingo Franco. >>So a streaming super cloud is how you would think of it, or no, I just, or a component of >>Cloud that could be a super cloud. >>I just, I just think that there are like, if I'm gonna build an application message, queuing is gonna be a necessary element of it. I'm gonna use Kafka, not, you know, a native pub sub engine on one of the clouds, because operationally that's just the only way I can do it. So I think that's more, our view's much more pragmatic rather than trying to create like a single platform that you can run everywhere and deal with the networking realities of like network, you know, hops missing across those different worlds and have that be our responsibility. It's much more around, Hey, let's standardize each layer, operational >>Standardized layer that you can use to build a super cloud if that's in your, your intent or, yeah. Okay. >>And it reminds me of the web services days. You kind of go throwback there. I mean, we're kind of living the next gen of web services, the dream of that next level, because DevOps dev SecOps now is now gone mainstream. That's the big challenge we're hearing devs are doing great. Yep. But the ops teams and screen, they gotta go faster. This seems to be a core, I won't say blocker, but more of a drag to the innovation. >>Well, I I'll just get off, I'll hand it off to, to you guys. But I think the idea that like, you know, if I'm gonna have an app that's running on Amazon that needs to connect to a database that's running on, on the private data center, that's essentially the SOA notion, you know, w large that we're all trying to solve 20 years ago, but is much more complicated because you're brokering different identity models, different networking models. They're just much more complex. So that's where the ops bit is the constraint, you know, for me to build that app, not that complicated for the ops person to let it see traffic is another thing altogether. I think that's, that's the break point for so much of what looks easier to a developer is the operational reality of how you do that. And the good news is those are actually really well solved problems. They're just not broadly understood. >>Well, what's your take, you talk to customers all the time, field CTO, confluent, really doing well, streaming data. I mean, everyone's doing it now. They have to, yeah. These are new things that pop up that need solutions. You guys step up and doing more. What's your take on super cloud? >>Well, I mean, the way we address it honestly is we don't, it's gonna be honest. We don't think about super cloud much less is the fact that SAS is really being pushed down. Like if we rely on seven years ago and you took a look at SAS, like it was obvious if you were gonna build a product for an end consumer or business user, you'd do SAS. You'd be crazy not to. Right. But seven years ago, if you look at your average software company producing something for a developer that people building those apps, chances are you had an open source model. Yeah. Or, you know, self-managed, I think with the success of a lot of the companies that are here today, you know, snowflake data, bricks, Colu, it's, it's obvious that SaaS is the way to deliver software to the developers as well. And as such, because our product is provided that way to the developers across the clouds. That's, that's how they have a unifying data layer, right. They don't necessarily, you know, developers like many people don't necessarily wanna deal with the infrastructure. They just wanna consume cloud data services. Right. So that's how we help our customers span cloud. >>So we evenly that SAS was gonna be either built on a single cloud or in the case of service. Now they built their own cloud. Right. So increasingly we're seeing opportunities to build a Salesforce as well across clouds tap different, different, different services. So, so how does that evolve? Do you, some clouds have, you know, better capabilities in other clouds. So how does that all get sort of adjudicated, do you, do you devolve to the lowest common denominator? Or can you take the best of all of each? >>The whole point to that I think is that when you move from the business user and the personal consumer to the developer, you, you can no longer be on a cloud, right. There has to be locality to where applications are being developed. So we can't just deploy on a single cloud and have people send their data to that cloud. We have to be where the developer is. And our job is to make the most of each, an individual cloud to provide the same experience to them. Right. So yes, we're using the capabilities of each cloud, but we're hiding that to the developer. They don't shouldn't need to know or care. Right. >>Okay. And you're hiding that with the abstraction layer. We talked about this before Victoria, and that, that layer has what, some intelligence that has metadata knowledge that can adjudicate what, what, the best, where the best, you know, service is, or function of latency or data sovereignty. How do you see that? >>Well, I think as the, you need to instrument these applications so that you, you, you can get that data and then make the intelligent decision of where, where, where this, the deploy application. I think what Dave said is, is right. You know, the level of super cloud that they talking about is the standardization across messaging. And, and are you what's happening within the application, right? So you don't, you are not too dependent on the underlying, but then the application say that it takes the form of a, of a microservice, right. And you deploy that. There has to be a way for operator to say, okay, I see all these microservices running across clouds, and I can factor out how they're performing, how I, I, life lifecycle managed and all that. And so I think there is, there is, to me, there's the next level of the super cloud is how you factor this out. So an operator can actually keep up with the developers and make sense of all that and manage it. Like >>You guys that's time. Like its also like that's what Datadog does. So Datadog basically in allows you to instrument all those services, on-prem private data center, you know, all the different clouds to have a consistent view. I think that that's not a good example of a vendor that's created a, a sort of a level of standardization across a layer. And I think that's, that's more how we think about it. I think the notion of like a developer building an application, they can deploy and not have to worry where it exists. Yeah. Is more of a PAs kind of construct, you know, things like cloud Foundry have done a great job of, of doing that. But underneath that there's still infrastructure. There's still security. There's still networking underneath it. And I think that's where, you know, things like confluent and perhaps at the infrastructure layer have standardized, but >>You have off the shelf PAs, if I can call it that. Yeah. Kind of plain. And then, and then you have PAs and I think about, you mentioned snowflake, snowflake is with snow park, seems to be developing a PAs layer that's purpose built for their specific purpose of sharing data and governing data across multiple clouds call super paths. Is, is that a prerequisite of a super cloud you're building blocks. I'm hearing yeah. For super cloud. Is that a prerequisite for super cloud? That's different than PAs of 10 years ago. No, but I, >>But I think this is, there's just different layers. So it's like, I don't know how that the, the snowflake offering is built built, but I would guess it's probably built on Terraform and vault and cons underneath it. Cuz those are the ingredients with respect to how you would build a composite application that runs across multiple. And >>That's how Oracle that town that's how Oracle with the Microsoft announcement. They just, they just made if you saw that that was built on Terraform. Right. But, but they would claim that they, they did some special things within their past that were purpose built for, for sure. Low latency, for example, they're not gonna build that on, you know, open shift as an, as an example, they're gonna, you know, do their own little, you know, >>For sure, for sure. So I think what you're, you're pointing at and what Victoria was talking about is, Hey, can a vendor provided consistent experience across the application layer across these multiple clouds? And I would say, sure, just like, you know, you might build a mobile banking application that has a front end on Amazon in the back end running on vSphere on your private data center. Sure. But the ingredients you use to do that have to be, they can't be the cloud native aspects for how you do that. How do you think about, you know, the connectivity of, of like networking between that thing to this thing? Is it different on Amazon? Is it different on Azure? Is it different on, on Google? And so the, the, the, the companies that we all serve, that's what they're building, they're building composited applications. Snowflake is just an example of a company that we serve this building >>Composite. And, but, but, but don't those don't, you have to hide the complexity of that, those, those cloud native primitives that's your job, right. Is to actually it creates simplicity across clouds. Is it not? >>Why? Go ahead. You. >>Yeah, absolutely. I mean that in fact is what we're doing for developers that need to do event streaming, right. That need to process this data in real time. Now we're, we're doing the sort of things that Victoria was just talking about, like underneath the covers, of course, you know, we're using Kubernetes and we're managing the differences between the clouds, but we're hiding the, that, and we've become sort of a defacto standard across the cloud. So if I'm developing an app in any of those cloud, and I think we all know, and you were mentioning earlier every significant company's multi-cloud now all the large enterprises, I just got back from Brazil and like every single one of 'em have multiple clouds and on-prem right. So they need something that can span those. >>What's the challenge there. If you talk to those customers, because we're seeing the same thing, they have multiple clouds. Yeah. But it was kind of by default or they had some use case, either.net developers there with Azure, they'll do whatever cloud. And it kind of seems specialty relative to the cloud native that they're on what problems do they have because the complexity to run infrastructure risk code across clouds is hard. Right? So the trade up between native cloud and have better integration to complexity of multiple clouds seems to be a topic around super cloud. What are you seeing for, for issues that they might have or concerns? >>Yeah. I mean, honestly it is, it is hard to actually, so here's the thing that I think is kind of interesting though, by the way, is that I, I think we tend to, you know, if you're, if you're from a technical background, you tend to think of multicloud as a problem for the it organization. Like how do we solve this? How do we save money? But actually it's a business problem now, too, because every single one of these companies that have multiple clouds, they want to integrate their data, their products across these, and it it's inhibiting their innovation. It's hard to do, but that's where something like, you know, Hatchie Corp comes in right. Is to help solve that. So you can instrument it. It has to happen at each of these layers. And I suppose if it does happen at every single layer, then voila, we organically have something that amounts to Supercloud. Right. >>I love how you guys are representing each other's firms. And, but, but, and they also correct me if I'm a very similar, your customers want to, it is very similar, but your customers want to monetize, right. They want bring their tools, their software, their particular IP and their data and create, you know, every, every company's a software company, as you know, Andreesen says every company's becoming a cloud company to, to monetize in, in the future. Is that, is that a reasonable premise of super cloud? >>Yeah. I think, think everyone's trying to build composite applications to, to generate revenue. Like that's, that's why they're building applications. So yeah. One, 100%. I'm just gonna make it point cuz we see it as well. Like it's actually quite different by geography weirdly. So if you go to like different geographies, you see actually different cloud providers, more represented than others. So like in north America, Amazon's pretty dominant Japan. Amazon's pretty dominant. You go to Southeast Asia actually. It's not necessarily that way. Like it might be Google for, for whatever reason more hourly Bob. So this notion of multi's just the reality of one's everybody's dealing with. But yeah, I think everyone, everyone goes through the same process. What we've observed, they kind of go, there's like there's cloud V one and there's cloud V two. Yeah. Cloud V one is sort of the very tactical let's go build something on cloud cloud V two is like, whoa, whoa, whoa, whoa. And I have some stuff on Amazon, some stuff on Azure, some stuff on, on vSphere and I need some operational consistency. How do I think about zero trust across that way in a consistent way. And that's where this conversation comes into being. It's sort of, it's not like the first version of cloud it's actually when people step back and say, Hey, Hey, I wanna build composite applications to monetize. How am I gonna do that in an industrialized way? And that's the problem that you were for. It's >>Not, it's not as, it's not a no brainer like it was with cloud, go to the cloud, write an app. You're good here. It's architectural systems thinking, you gotta think about regions. What's the latency, you know, >>It's step back and go. Like, how are we gonna do this, this exactly. Like it's wanted to do one app, but how we do this at scale >>Zero trust is a great example. I mean, Amazon kind of had, was forced to get into the zero trust, you know, discussion that, that wasn't, you know, even a term that they used and now sort of, they're starting to talk about it, but within their domain. And so how do you do zero trust trust across cost to your point? >>I, I wonder if we're limiting our conversation too much to the, the very technical set of developers, cuz I'm thinking back at again, my example of C plus plus libraries C plus plus libraries makes it easier. And then visual BA visual basic. Right. And right now we don't have enough developers to build the software that we want to build. And so I want, and we are like now debating, oh, can we, do we hide that AI API from Google versus that SQL server API from, from Microsoft. I wonder at some point who cares? Right. You know, we, I think if we want to get really economy scale, we need to get to a level of abstraction for developers that really allows them to say, I don't need, for most of most of the procedural application that I need to build as a developer, as a, as a procedural developer, I don't care about this. Some, some propeller had, has done that for me. I just like plug it in my ID and, and I use it. And so I don't, I don't know how far we are from that, but if we don't get to that level, it fits me that we never gonna get really the, the economy or the cost of building application to the level. >>I was gonna ask you in the previous segment about low code, no code expanding the number of developers out there and you talking about propel heads. That's, that's what you guys all do. Yeah. You're the technical geniuses, right. To solve that problem so that, so you can have low code development is that I >>Don't think we have the right here. Cause I, we, we are still, you know, trying to solve that problem at that level. But, but >>That problem has to be solved first, right before we can address what you're talking about. >>Yeah. I, I worked very closely with one of my biggest mentors was Adam Bosworth that built, you know, all the APIs for visual basics and, and the SQL API to visual basic and all that stuff. And he always was on that front. In fact that his last job was at my, at AWS building that no code environment. So I'm a little detached from that. It just hit me as we were discussing this. It's like, maybe we're just like >>Creating, but I would, I would argue that you kind of gotta separate the two layers. So you think about the application platform layer that a developer interfaces to, you know, Victoria and I worked together years ago and one of the products we created was cloud Foundry, right? So this is the idea of like just, you know, CF push, just push this app artifact and I don't care. That's how you get the developer community written large to adopt something complicated by hiding all the complexity. And I think that that is one model. Yeah. Turns out Kubernetes is actually become a peer to that and perhaps become more popular. And that's what folks like Tanza are trying to do. But there's another layer underneath that, which is the infrastructure that supports it. Right? Yeah. Cause that's only needs to run on something. And I think that's, that's the separation we have to do. Yes. We're talking a little bit about the plumbing, but you know, we just easily be talking about the app layer. You need, both of them. Our point of view is you need to standardize at this layer just like you need standardize at this layer. >>Well, this is, this is infrastructure. This is DevOps V two >>Dev >>Ops. Yeah. And this is where I think the ops piece with open source, I would argue that open source is blooming more than ever. So I think there's plenty of developers coming. The automation question becomes interesting because I think what we're seeing is shift left is proving that there's app developers out there that wanna stay in their pipelining. They don't want to get in under the hood. They just want infrastructure as code, but then you got supply chain software issues there. We talked about the Docker on big time. So developers at the top, I think are gonna be fine. The question is what's the blocker. What's holding them back. And I don't see the devs piece Victoria as much. What do you guys think? Is it, is the, is the blocker ops or is it the developer experience? That's the blocker. >>It's both. There are enough people truthfully. >>That's true. Yeah. I mean, I think I sort of view the developer as sort of the engine of the digital innovation. So, you know, if you talk about creative destruction, that's, that was the economic equivalent of softwares, eating the world. The developers are the ones that are doing that innovation. It's absolutely essential that you make it super easy for them to consume. Right. So I think, you know, they're nerds, they want to deal with infrastructure to some degree, but I think they understand the value of getting a bag of Legos that they can construct something new around. And I think that's the key because honestly, I mean, no code may help for some things. Maybe I'm just old >>School, >>But I, I went through this before with like Delphy and there were some other ones and, and I hated it. Like I just wanted a code. Yeah. Right. So I think making them more efficient is, is absolutely good. >>But I think what, where you're going with that question is that the, the developers, they tend to stay ahead. They, they just, they're just gear, you know, wired that way. Right. So I think right now where there is a big bottleneck in developers, I think the operation team needs to catch up. Cuz I, I talk to these, these, these people like our customers all the time and I see them still stuck in the old world. Right. Gimme a bunch of VMs and I'll, I know how to manage well that world, you know, although as lag is gonna be there forever, so managing mainframe. But so if they, the world is all about microservices and containers and if the operation team doesn't get on top of it and the security team that then that they're gonna be a bottleneck. >>Okay. I want to ask you guys if the, if the companies can get through that knothole of having their ops teams and the dev teams work well together, what's the benefits of a Supercloud. How do you see the, the outcome if you kind of architect it, right? You think the big picture you zoom as saying what's the end game look like for Supercloud? Is that >>What I would >>Say? Or what's the Nirvana >>To me Nirvana is that you don't care. You just don't don't care. You know, you just think when you running building application, let's go back to the on-prem days. You don't care if it runs on HP or Dell or, you know, I'm gonna make some enemies here with my old, old family, but you know, you don't really care, right. What you want is the application is up and running and people can use it. Right. And so I think that Nirvana is that, you know, there is some, some computing power out there, some pass layer that allows me to deploy, build application. And I just like build code and I deploy it and I get value at a reasonable cost. I think one of the things that the super cloud for as far as we're concerned is cost. How do you manage monitor the cost across all this cloud? >>Make sure that you don't, the economics don't get outta whack. Right? How many companies we know that have gone to the cloud only to realize that holy crap, now I, I got the bill and, and you know, I, as a vendor, when I was in my previous company, you know, we had a whole team figuring out how to lower our cost on the one hyperscaler that we were using. So these are, you know, the, once you have in the super cloud, you don't care just you, you, you go with the path of least the best economics is. >>So what about the open versus closed debate will you were mentioning that we had snowflake here and data bricks is both ends of the spectrum. Yeah. You guys are building open standards across clouds. Clearly even the CLO, the walled gardens are using O open standards, but historically de facto standards have emerged and solved these problems. So the super cloud as a defacto standard, versus what data bricks is trying to do super cloud kind of as an, as an open platform, what are you, what are your thoughts on that? Can you actually have an, an open set of standards that can be a super cloud for a specific purpose, or will it just be built on open source technologies? >>Well, I mean, I, I think open source continues to be an important part of innovation, but I will say from a business model perspective, like the days, like when we started off, we were an open source company. I think that's really done in my opinion, because if you wanna be successful nowadays, you need to provide a cloud native SAS oriented product. It doesn't matter. What's running underneath the covers could be commercial closed source, open source. They just wanna service and they want to use it quite frankly. Now it's nice to have open source cuz the developers can download it and run on their laptop. But I, I can imagine in 10 years time actually, and you see most companies that are in the cloud providing SAS, you know, free $500 credit, they may not even be doing that. They'll just, you know, go whatever cloud provider that their company is telling them to use. They'll spin up their SAS product, they'll start playing with it. And that's how adoption will grow. Right? >>Yeah. I, I think, I mean my personal view is that it's, that it's infrastructure is pervasive enough. It exists at the bottom of everything that the standards emerge out of open source in my view. And you think about how something like Terraform is built, just, just pick one of the layers there's Terraform core. And then there's a plugin for everything you integrate with all of those are open source. There are over 2000 of these. We don't build them. Right. That's and it's the same way that drove Linux standardization years ago, like someone had to build the drivers for every piece of hardware in the world. The market does not do that twice. The market does that once. And so I, I I'm deeply convicted that opensource is the only way that this works at the infrastructure layer, because everybody relies on it at the application layer, you may have different kinds of databases. You may have different kind of runtime environments. And that's just the nature of it. You can't to have two different ways of doing network, >>Right? Because the stakes are so high, basically. >>Yeah. Cuz there's, there's an infinite number of the surface areas are so large. So I actually worked in product development years ago for middleware. And the biggest challenge was how do you keep the adapter ecosystem up to date to integrate with everything in the world? And the only way to do it in our view is through open source. And I think that's a fundamental philosophical view that it we're just, you know, grounded in. I think when people are making infrastructure decisions that span 20 years at the customer base, this is what they think about. They go which standard it will emerge based on the model of the vendor. And I don't think my personal view is, is it's not possible to do in a, in >>A, do you think that's a defacto standard kind of psychological perspective or is there actual material work being done or both in >>There it's, it's, it's a network effect thing. Right? So, so, you know, before Google releases a new service service on Google cloud, as part of the release checklist is does it support Terraform? They do that work, not us. Why? Because every one of their customers uses Terraform to interface with them and that's how it works. So see, so the philosophical view of, of the customers, okay, what am I making a standardize on for this layer for the next 30 years? It's kind of a no brainer. Philosophically. >>I tend, >>I think the standards are organically created based upon adoption. I mean, for instance, Terraform, we have a provider we're again, we're at the data layer that we created for you. So like, I don't think there's a board out there. I mean there are that creating standards. I think those days are kind of done to be honest, >>The, the Terraform provider for vSphere has been downloaded five and a half million times this year. Yeah. Right. Like, so, I >>Mean, these are unifying moments. This are like the de facto standards are really important process in these structural changes. I think that's something that we're looking at here at Supercloud is what's next? What has to unify look what Kubernetes has done? I mean, that's essentially the easy thing to orchestra, but people get behind it. So I see this is a big part of this next, the two. Totally. What do you guys see that's needed? What's the rallying unification point? Is it the past layer? Is it more infrastructure? I guess that's the question we're trying to, >>I think every layer will need that open source or a major traction from one of the proprietary vendor. But I, I agree with David, it's gonna be open source for the most part, but you know, going back to the original question of the whole panel, if I may, if this is reality of hype, look at the roster of companies that are presenting or participating today, these are all companies that have some sort of multi-cloud cross cloud, super cloud play. They're either public have real revenue or about to go public. So the answer to the question. Yeah, it's real. Yeah. >>And so, and there's more too, we had couldn't fit him in, but we, >>We chose super cloud on purpose cuz it kind of fun, John and I kind came up with it and, and but, but do you think it's, it hurts the industry to have this, try to put forth this new term or is it helpful to actually try to push the industry to define this new term? Or should it just be multi-cloud 2.0, >>I mean, conceptually it's different than multi-cloud right. I mean, in my opinion, right? So in that, in that respect, it has value, right? Because it's talking about something greater than just multi-cloud everyone's got multi-cloud well, >>To me multi-cloud is the, the problem I should say the opportunity. Yeah. Super cloud or we call it cross cloud is the solution to that channel. Let's >>Not call again. And we're debating that we're debating that in our cloud already panel where we're talking about is multi-cloud a problem yet that needs to get solved or is it not yet ready for a market to your point? Is it, are we, are we in the front end of coming into the true problem set, >>Give you definitely answer to that. The answer is yes. If you look at the customers that are there, they won, they have gone through the euphoria phase. They're all like, holy something, what, what are we gonna do about this? Right. >>And, but they don't know what to do. >>Yeah. And the more advanced ones as the vendor look at the end of the day, markets are created by vendors that build ed that customers wanna buy. Yeah. Because they get value >>And it's nuance. David, we were sort talking about before, but Goldman Sachs has announced they're analysis software vendor, right? Capital one is a software vendor. I've been really interested Liberty what Cerner does with what Oracle does with Cerner and in terms of them becoming super cloud vendors and monetizing that to me is that is their digital transformation. Do you guys, do you guys see that in the customer base? Am I way too far out of my, of my skis there or >>I think it's two different things. I think, I think basically it's the idea of building applications. If they monetize yeah. There and Cerner's gonna build those. And you know, I think about like, you know, IOT companies that sell that sell or, or you think people that sell like, you know, thermostats, they sell an application that monetizes those thermostats. Some of that runs on Amazon. Some of that runs a private data center. So they're basically in composite applications and monetize monetizing them for the particular vertical. I think that's what we ation every day. That's what, >>Yeah. You can, you can argue. That's not, not anything new, but what's new is they're doing that on the cloud and taking across multiple clouds. Multiple. Exactly. That's what makes >>Edge. And I think what we all participate in is, Hey, in order to do that, you need to drive standardization of how you do provisioning, how you do networking, how you do security to underpin those applications. I think that's what we're all >>Talking about, guys. It's great stuff. And I really appreciate you taking the time outta your day to help us continue the conversation to put out in the open. We wanna keep it out in the open. So in the last minute we have left, let's go down the line from a hash core perspective, confluent and VMware. What's your position on super cloud? What's the outcome that you would like to see from your standpoint, going out five years, what's it look like they will start with you? >>I just think people like sort under understanding that there is a layer by layer of view of how to interact across cloud, to provide operational consistency and decomposing it that way. Thinking about that way is the best way to enable people to build and run apps. >>We wanna help our customers work with their data in real time, regardless of where they're on primer in the cloud and super cloud can enable them to build applications that do that more effectively. That's that's great for us >>For tour you. >>I, my Niana for us is customers don't care, just that's computing out there. And it's a, it's a, it's a tool that allows me to grow my business and we make it all, all the differences and all the, the challenges, you know, >>Disappear, dial up, compute utility infrastructure, ISN >>Code. I open up the thought there's this water coming out? Yeah, I don't care. I got how I got here. I don't wanna care. Well, >>Thank you guys so much and congratulations on all your success in the marketplace, both of you guys and VMware and your new journey, and it's gonna be great to watch. Thanks for participating. Really appreciate it. Thank you, sir. Okay. This is super cloud 22, our events, a pilot. We're gonna get it out there in the open. We're gonna get the data we're gonna share with everyone out in the open on Silicon angle.com in the cube.net. We'll be back with more live coverage here in Palo Alto. After this short break.