>> Announcer: Live from Washington DC, it's CUBE Conversations with John Furrier. >> Well, welcome to a special CUBE conversation here at Amazon Web Services headquarters in public sector, in Washington DC, actually, in Arlington, Virginia. It's a CUBE coverage on the ground in Washington DC. Our next guest is Shannon Kellogg, who's the Director of AWS Public Policy in Americas, here, joining us. Thanks for spending the time with us. >> It's a pleasure to be here. >> So obviously, public policy is a big part of public sector, hence the success you guys have had. Amazon's had great success. I mean, you go back four years ago, the shock heard all around the cloud was the CIA deal. >> Shannon: Indeed. >> And since then, there's been this gestation period of innovation. You guys have been penetrating, doing a lot of hard work. I know how hard it is. And kind of knowing the DC culture, how hard was it, and hard is it for you guys now? Is it getting easier? I mean, policies, got a lot of education involved, a lot of moving parts. >> Yeah, well, I joined over five years ago. And when I joined, there was very little understanding that Amazon was even in the cloud computing business. And so we really had to start from scratch. And so it was just basic education and awareness work. And I wouldn't call that easy, but it certainly was in a different time where people were curious about Amazon, AWS, and cloud. What is cloud computing? The cloud computing directive of the Federal Government, Cloud First Policy, had just come out a year prior, and so there was a lot of curiosity. So people were willing to talk. People were curious, but they didn't really understand what cloud computing was. And again, they didn't even realize AWS was in that business. >> And back at that time, and I know you have a tech history over at EMC before and RSA. You know the tech game. You've seen many waves of >> Shannon: I have. >> innovation, and it's almost a time where you saw some interesting shadow IT developing. Shadow IT term referred to kind of a in-the-shadows experiment. You put your credit card down and get some Amazon, get some cloud, and test, kick the tires, if you will, kind of, without anyone seeing you, called shadow IT. That became a big part of the growth. How much shadow IT has been involved to kind of force Amazon to the table? Did that help? Was that a help-driver for you guys? Was it going on? >> Yeah. Well, it's interesting, because when you look back four or five years ago, there were a lot of first movers in departments and agencies, folks in little units that I had actually even never heard of in some of the big agencies, customers that I would speak to that were experimenting with AWS and commercial cloud. In those days, they were able to take out their credit card and experiment a little bit with it and discover what was possible. And we saw a lot of uptake in interest as a result of some of that experimentation. But really, things started to change in a big way when AWS won the contract to build the community cloud for the intelligence community. And following that win, and as that project was implemented, and in the six months to a year after that award, we saw a lot more interest by agencies to not just experiment, but to go bigger. >> I couldn't get Amazon to confirm. I've tried many times on the CUBE, Jassy and Teresa, to get them to confirm that that was certainly a shadow IT effort, that someone within the CIA came out of the woodwork and said, "Hold on IBM, we have an alternative." >> Yeah, well I can't-- >> (laughing) Conferment denied. I can't comment on that either, but I can tell you that it was a very open, competitive process that we won. And it was a very big deal for the community and a very big deal for us. And that's when we really started to see a number of other agencies and organizations, really, not just experiment with cloud, but how can we leverage this to get the same benefits that the intel community needs? >> And IBM didn't help either. They got cocky. They figured they're going to sue you guys and ended up amplifying it, where the judge actually said on the ruling, "Amazon is a better service." >> Shannon: Yeah. >> I mean, you couldn't get a better testimony. But let's talk about that move. >> There was a resounding public, or resounding legal opinion, and I would encourage your viewers who haven't read it to read it. >> It's well doc, but at SiliconANGLE. Search SiliconANGLE, AWS, IBM, CIA deal, you'll find it. But I think what's notable about that is it's kind of cocky, because the old way of doing things was schmooze, win the ivory tower, have that relationship, lean on that relationship. And the IT just, they were just like going through security at the airport, just whatever, right? >> Shannon: Right. They just checked the boxes. You got to win the C level. That now has changed, where not only at the buying and evaluation process bottoms up, there's a lot of consensus involved. There's now new stakeholders. >> You bet. >> Talk about that new dynamic, because this is a modern trend. It's not just send it to the department for a check box, it's truly agile. Talk about this new, modern procurement process that people are going through. >> You bet, and it's still evolving. But over the last few years, we've seen a lot of interest by federal organizations to shift from what is traditionally a capital expense model to an operational expense model. And you'll probably laugh at me that I actually even remember this. But in the 2015 budget, with the previous administration, President Obama's budget request in 2015, there was, actually, on page 41 of that budget, a line, or actually a paragraph, that talked about how the Federal Government would need to continue to move to commercial cloud services. And in the language, in the budget, it actually talked about the consumption model, the operational expense model versus the traditional capex model. >> Shannon, what is commercial cloud, because, I mean, again, back to the old days, kind of back in my days when I was growing with the industry, you had a federal division that managed all the government stuff, sometimes separate products, right, I mean, absolutely different, unique features >> Yeah, you bet. >> in the government. Now with the cloud, I'm I hearing that this is the same cloud that Amazon runs? Is it a different product. I know there's different private clouds. >> Certainly, our cloud >> But what is the commercial cloud? >> is one option. >> Explain what the commercial cloud is. >> Yeah, our cloud is one option in this area of commercial cloud services. And we think it's a great option. But if you look at the different types of solutions, NIST actually talked about this when they put out the definition on what cloud computing should be described as several years ago. I think the final definition came out in 2011. And at the time, they called public cloud, which we in federal agencies, now, really refer to as commercial cloud, as one of the deployment models. But it also is really emphasizing commercial solutions and commerciality, versus having an agency go out and try to build its own cloud, or to issue a special contract that is controlled by that agency, that does a traditional private-cloud type of build, like for example, California did with CalCloud several years ago. We're seeing more and more agencies move away from that model and into procuring-- >> Why is that? Why are they moving, costly? >> Well, because, yeah, it's-- >> Just like HP and everyone else backed out of the cloud, same reason? >> It's costly, and one thing, looking at CalCloud, and if you haven't sort of looked at what they did with their policy, in 2014 they issued a policy, California did, which basically created a preference for CalCloud. And by August of 2017, they moved away from that preference reversing the policy and then doing sort of a about-face and saying not only is there not a preference for CalCloud, this privately built cloud, anymore in California, but there's going to be a preference for commercial cloud services and leveraging commercial solutions and technologies. >> Is that, again, the same reasons why a lot of commercial vendors like HP, even VMware, and others who kind of backed out of the cloud. It's expensive, it's complicated, right? I mean, is that main driver, or is it of talent? I mean, why did CalCloud move from that to the (mumbles). >> Yeah, I mean, I obviously can't speak for what other >> Well generally speaking. >> companies have done, but I think, based on our observations at the federal level, at the state level, and even internationally, we're seeing more and more governments in their cloud policies focus on how to leverage commercial cloud services, versus build their own, or go out and spend a billion dollars in trying to build their own through a contractor or traditional contractor. >> I talked to Teresa Carlson. >> And by the way, just for the record, in California, it was IBM who actually ended up building CalCloud. >> Nice dig on IBM there, good one. >> So I just talked to Teresa Carlson, and she and I, we talked about the notion of commercializing ecosystem, to bring in tech in with government kind of the mash up or integration culturally among other things, technology. I had an interview with an executive of New Relic, one of Amazon's top customers. I think they were saying they were getting FedRAMP certified. But there's a variety of certifications that you guys offer, essentially, people in the ecosystem, non-governmental, but they can come in and provide solutions. Can you talk about that dynamic, because we're seeing that become a trend now, where folks in the Amazon, or in general tech ecosystems, that says, "Hey, you know what? "I can go in through Amazon and do some business "with the public sector." >> Sure. >> What do you guys offer? Is there a playbook? Is there a roadmap? Is there check boxes? What's the playbook? >> Well, first of all, if you don't, if your viewers don't know what FedRAMP is, it's a Federal Government security evaluation process for cloud computing providers and service providers who want to sell to the US Federal Government. And the framework itself was created on international security standards as well as existing, and evolving in some cases, NIST security standards. And so it's a common security framework that any company of any size can align to. And AWS, because we believe so strongly in security, and because we had a lot of first-mover customers in the Federal Government marketplace, we really invested in that process early. And as a result of that, we meet the FedRAMP requirements at the different security levels that exist. And we were one of the first providers to actually do that. And then partners started working with us and leveraging that. And not just-- >> So what does that mean to the partner? >> resellers or systems integrators. >> They piggyback on your certification, or they have to do some modifications? It's like the stamp of approval. You can't get into the party without it, right? >> Yeah, you have to have FedRAMP certification in order to provide certain types of services to the US government. A lot of agencies now require some type of FedRAMP certification to do business with them. It's very common now. >> Any other certifications that they need? >> Well, that's the most common one at the federal level. But there are some department-specific requirements too. So for example, when you look at the Defense Department, they've added additional requirements on top of FedRAMP. And providers like us have to go through those additional processes, and then again, if you're partnering with an AWS, and we've gone through that process, and we made the investments, and you have some software that's based on AWS, that's going to be favorable for you in order to sell to that market segment. >> Take a step back and zoom out, and talk about the big landscape in DC. Obviously, DC's the center of the action for policy and this, obviously, public sector all around the world, as well in the United States. What's the trend that you're seeing? I mean, obviously Amazon is kind of like its own black swan. If you think about it, lowering prices, increasing functionality on a daily basis is the business model of Amazon. They win on scale. Customers are happy with that, and government seems to be happy. Yet, the competitive landscape couldn't have been at an all-time high, certainly Oracle, IBM, Microsoft, the others are competing for the same dollars, potentially. So you have the old guard, as Andy Jassy would say, and you guys, self-described, new guard. What's the landscape look like? How are you guys competing? What observations can you share and the role of policy makers in the middle of it? Are they stuck between all this? >> Well, it's been quite a ride over the last seven or eight years. Again, going back to when the First Cloud Policy was issued by the Federal Government CIO at the time, Vivek Kundra. Very early days, they talked about each agency trying to move three applications to the cloud. And so we're in a much different time now. And there a lot of agencies who are going all in on cloud services. That's actually been really fast forward and emphasized even more over the last couple years, starting with the previous administration and the emphasis that they had. I talked about the 2015 budget, but we also saw a number of other policy initiatives in the previous administration during President Obama's eight years. And then you had the new administration come in and really emphasize this early too. And one of the cornerstone things that's happened by the new administration over the last year has been the development and then the release of the President's report on IT modernization. And they set up a new Office of American Innovation and a new tech council to advise on the development of that report. And they went out, the administration did, and got a lot of input from the industry. And then they came out with a final report of recommendations in December. And they're already moving to actually implement a number of those recommendations and pilot a number of recommendations in agencies. And they're really emphasizing shared services and commercial cloud services as a key part of that effort. And then in tandem with that, and this is probably going to shock you, but in tandem with that, Congress actually worked with the administration to also make a number of changes to law, including in December of 2017, a really important piece of legislation called, The Modernizing Government Technology Act. And that was added to the Defense Authorization Bill for 2018. You know in this town, that's often how legislation moves at the end of the year is through the Defense Authorization Bill. So that legislation was passed, and it really is focused on helping agencies in their IT modernization efforts move again from legacy IT systems to the cloud. And they're not doing that just because it lowers cost, and it's a good thing to do. They're actually doing that as part of a way to improve the Federal Government cyber security posture. And that's the last thing I'll talk about that's happened in the last year is I mentioned what the administration did about its IT Modernization Report. I mentioned also what Congress did with the Modernizing Government Technology Act. Well, there was also a new cyber security executive order that was issued during the year by the President that married those two things. And basically, it made very clear that there's very little possibility to actually improve the security of federal systems without moving forward with the IT modernization efforts and moving to cloud. >> And the cyber warfare we're living in it truly is a cyber war. This is not just hand-waving, IT modernization. It's beyond that, because it's critical infrastructure now being compromised. This is our security, right? It's the state of the security of our people. >> You bet, and quite frankly, we're seeing this trend internationally too. You see more and more governments making this link between IT modernization and improving the country's cyber security posture. We've seen that in the UK. We've seen that in Australia. >> It takes cyber war to fix IT. I mean, is that what we're coming to? Okay, final point is obviously IT modernization is key. I love that that's driving it. We need to go faster. Question for you, Cloud First, certainly a big, initial orientation from the government to go Cloud First. Question for you is do you see the expectations yet in the agencies and throughout public sector for cloud speed, meaning not only like speed in feeds, like moving to an agile outcome, faster delivery, under budget, on time, lower prices. Is that expectation now set, or is it still getting there? >> No, we believe it is being set. And if you look at developments over the last six months I mean, you now have the Department of Defense that has come out with changes to policy to move faster to the cloud. And if you look at the Secretary, I'm sorry, the Deputy Secretary of Defense's memorandum in September of last year, he talked a lot about leveraging cloud computing as part of a way to make improvements in the implementation of technology, such as artificial intelligence and machine learning. And in that memo they talked about that's a national security imperative to do that. And so they're seeing technology, not as the end result, but as a way to enable a lot of these developments and changes. And we've already seen many of those steps forward in the intelligence community. So it's very encouraging to us that we're also seeing now the Department of Defense move in this direction. >> So they're running towards the cloud. They're running towards AI. >> Shannon: They're trying to. >> They're going as fast as they can, because they need to. >> They're trying to. >> Final word on security. What do you hope to have happen in our government in America to really crack the code on cyber security and surveillance all these holes? Especially with IoT, their surface area couldn't be bigger. >> So before I answer that question, one thing I did want to say, because we were talking about the Department of Defense. And you had added a question in earlier about what some of the legacy proprietors may or may not be doing. Well, these two things are married. What we're seeing at the Department of Defense is that they really do want to move faster to the cloud. But you probably noticed in the press that there are many different legacy providers out there. And as our boss would say, Andy Jassy, a lot of the old-guard community, who want to try to slow that transition down. And so that is really something that's going on right now. There's a lot of effort out there to pursue the status quo, to continue to keep the lights on. And if you look at what amount of the federal budget that is being spent on keeping the lights on in IT, it's over 80% is what the number is commonly referred to. And so a lot of companies are making traditional companies, old-guard companies, as Andy Jassy would say, are making a lot of money following that same path. And you know what? The taxpayer can't afford that anymore. The mission owners can't afford that anymore. And so it's really time to move forward into the 21st century and leverage commercial cloud technology and some of these advanced capabilities, like artificial intelligence and machine learning. And then to answer your final question-- >> Hold on, on the DoD thing, because I did see that in the news. It's obviously clearly FUD, fear, uncertainty, and doubt, as they said, in the industry from the old guards to slow down the process. That's classic move, right? Hey, slow down. >> It is. >> We're going to lose this thing. If we don't put the brakes on-- >> It's a classic move that some companies have been practicing for a few decades. >> Decades, decades, we all know that, I mean, it's called Selling 101 when you want to secure the ivory tower. Okay, so papa, this is the tactic, and I want to get your opinion. This is a policy question. It's not in the best interest of the users, and the society, and the citizens to have a policy injection for political warfare on deal selling. So that's, essentially, what I see happening. >> Yeah, we agree. >> I want to get your comments on this, because it comes up to a very political topic, technically, multi-cloud. >> Shannon: Right. So the move is, whoa, you can't go to one cloud. We're putting all our eggs in one basket, so we have to spec it to be multi-cloud. That's the policy injection. What's the impact of that in your opinion? Does it matter? Does the government say, "Hey, we should do multi-cloud"? You actually want to have one cloud. That's what Andy Jassy >> Well, actually... >> wants, right? >> you know, that's not true. What I'll say, and take a step back here, is that what we want is what the customer wants. And a lot of companies are forgetting the customer in this debate about multi-cloud versus single cloud. >> So you're jump ball. Your philosophy is to say jump ball. >> We welcome open competition. >> So multi-cloud, >> We want to serve the customer. >> and single cloud. >> What happened with the intelligence community is they had an open competition for a single-cloud approach. One thing that's happening right now as part of this broader discussion is some of the old-guard companies are spreading a lot of misinformation about-- >> John: Like what? >> the different types of contracts, and so there's been a lot of misinformation about DoD trying to pursue a sole-source contract for this JEDI program that they're trying to do to implement cloud. And what DoD has said in the stories that I've read on the record is that they want to have an open competition. And whether or not they choose a single award, which is different than a sole source that's not competed, if they choose a single award that's competed like the intelligence community did, or they choose a multi-award, it's going to be their preference. And let me tell you something, the policy space, what we've heard consistently from members of Congress and other policy makers is they don't want to be in the business of telling the Department of Defense or any other federal agency, specifically, what they should do or shouldn't do in a technology procurement. What they want is an open competition. And I'll tell you on the record, we embrace an open competition, and that will serve the customers well. But don't tell the customer if you're an old-guard company what they should or shouldn't do. And don't ignore the customer. >> Well, I would, from just a personal standpoint, industry participant, I would say that that's going backwards. If you have the companies doing old-guard tactics injecting policy and FUD to slow a deal down just to save it, that's really bad, bad form. >> Yeah, it's- >> That's going backwards. >> It's bad policy, but it's also bad for the taxpayer, and it's bad for the mission owner. So let there be open competition. Let the customers, like DoD, make the decisions that they're going to make, which is going to be best for their mission. >> Well, Shannon, as Teresa, a basketball fan, would say, "Jump ball," make it fair. >> Let's do it. >> Let the chips fall where they may. >> Let's do it. >> All right. Open competition, that is Amazon's position here in DC. Policy, no problem, we can play that game, but it's all about the customers. Shannon, thanks for your insight and observations. >> You bet. >> Shannon Kellogg, who's in charge of policy at Americas for AWS. This is CUBE Conversations. I'm John Furrier, thanks for watching. (rhythmic electronic music)