>>From the Bellagio hotel in Las Vegas, it's the cube covering UI path forward for brought to you by >>Welcome to the cubes coverage of UI path forward for live from Las Vegas. We're here at the Bellagio. Lisa Martin, with Dave a long time, very excited to have in-person events back ish. I'll say we're going to be talking about automation as a boardroom imperative. We have two guests joining us here, James Matras here consulting principal. America's intelligent automation leader at UI and Irv. Dennis retired EA partner, and former CFO of HUD gentlemen. Welcome to the program. Exciting topic automation as a boardroom imperative, James says COO and start with you. How do you discuss the value of automation as being a key component and driver of transformation? >>That's a great question. I think what we've seen in the last couple of years is the evolution of what automation used to be. Two is going nine. And we've seen the shift from what we call generation one, which is very RPA centric type automation to more generation two, which is the combined integration of multiple technologies. It can target an intern process and it's quite important that you understand the pivotal shift because it's not enabling us to move from a task micro top agenda to a macro agenda actually impacts an organization at a strategic level. The ability to be able to look at processes more deeply to automate them in an end to end process collectively and use these different technologies in a synergistic manner truly becomes powerful because it shifts the narrative from a micro process agenda into more systemic area. >>So gen zero is an Emmanuel gen one is RPA point tools that individual maybe getting their personal productivity out. And then now you're saying gen three is across the enterprise. Where are we in terms of, you know, take your experience from your practical experience? Where do you think the world is? It's like probably between zero and one still. Right. But the advanced folks of thinking about gen three, w what's your, >>Yeah, it's a great question. And, um, when you and I, I can do the comparison being private and public sector on this because I was 37 years with E Y then went into retirement and CFL at HUD CFO. Ed was, was a HUD was nowhere. They had to just do all the intelligence digitalization, um, throughout, uh, from scratch. The private sector is probably five or six years ahead of them. But when you think about James talks about the gen one, two and three, the private sector is probably somewhere between two and three. And I know we're talking about the board in this conversation. Um, boards probably have one and two on their radar. Some boards may have three, some may not, but that's where the real strategic focus for boards needs to be is looking forward and, and getting ahead. But I think from a public sector standpoint, lot to go private sector, more to go as well. But, uh, there's a, there's a bit of a gap, but the public sector is probably only about three or four years behind the private sector >>To be okay. Let's look at the numbers, look at, look at the progress for the quarter. And now it's like discussion on cyber discussion on digital discussion on automated issue. It really changed the narrative over the last decade. >>Yeah, I think when you think of boards today, the lots of conversation on cyber that that conversation has been around for a while. A lot of conversation on ESG today, that conversation is getting, getting very popular. But I think when you think of next three, a Jen talks that bear James talks about, um, that's got to start elevating itself if it's not within the boardroom right now, because that will be the future of the company. And the way I think of it from a board's conversation is if a company doesn't think of themselves as a technology company in all aspects, no matter what you do, you are a technology company or you need to be. And if you're not thinking along that way, you're gonna, you're gonna lose market share and you're going to start falling behind your competitors. >>Well, and how much acceleration did the pandemic bring to just that organizations that weren't digital forward last year are probably gone? >>I think it certainly has shifted quite a lot. There's been a drive, the relevance of technology and hard plays for us in the modern workforce in the modern workplace has fundamentally changed the pandemic. We reimagine how we do things. Technology has progressed in itself significantly, and that made a big difference for, for all the environments as a result of that. So certainly is one of the byproducts of the pandemic has been certainly a good thing for everybody. >>Where does automation fit in the board? Virginia? You've got compensation committee. You've probably, I mean, there's somebody in charge of cyber. You got ESG now there's automation part of a broader digital agenda. Where's what's the right word. >>You know, I, I would personally put it in a enterprise risk management from a standpoint that if you're not focused on it, it's going to be a risk to the enterprise. And, um, when you think of automation and intelligent automation and RPA, uh, I think boards have a pretty good sense of how you interface with your customers and your vendors. I think a big push ought to be looking internally at your own infrastructure. You know, what are you, what are you doing in the HR space? What are you doing in a financial statement, close process? What are you doing your procurement process? I suspect there's still a lot of very routine transactions and processing within those, that infrastructure that if you just apply some RPA artificial intelligence, that data extraction techniques, you can probably eliminate a lot of man hours from the routine stuff. And, and the many man hours is probably not the right way to think of it. You could elevate people's work from being pushing numbers around to being data analyzers. And that's where the excitement is for people to see. >>It's not how it's viewed at organizations. We're not eliminating hours. Well focusing folks on much more strategic down at a test. >>Yes. I would say that that's exactly right now in the private sector, you're always going to have the efficiency play and profitability. So there will be an element of that. I know when at HUD we're, we're focused, we were not focused on eliminating hours because we needed people and we focused on creating efficiencies within the space and having people convert from, again, being Trent routine transactions, to being data analyzers and made the jobs, I'm sure. Fund for them as well. I mean, this is a lot of fun stuff. And, and if, uh, uh, companies need to be pushing this down through their entire infrastructure, not just dealing with our customers and the third parties that they deal with >>Catalyst or have been public sector. So you mentioned they may be five or six years behind, but I've seen certain public sector organizations really lean in, they learn from, from the private sector. And then even when you think about some of the military, how advanced they are absolutely. You know, the private could learn from them and if they could open it up. But >>So, yeah, I think that's, that's well said I was in this, you know, the that's the civilian part with, with the housing and urban development. I think the catalyst is, uh, bringing the expertise in, uh, I know when I, when I came, I went to HUD to elevate their financial infrastructure. It was, it was probably the worst of the cabinet agency. The financials were a mess. There was no, there was a, uh, there was not a clean audit opinion for eight years. And I was there to fix that and we fixed it through digitalization and digital transformation, as well as a financial transformation. The catalyst is just creating the education, letting people know what is, what, what technology can do. You don't have to be a programmer, but it's like driving a car. Anybody can drive a car, but we can't mechanic, you know, work as a mechanic on it. >>So I think it's creating education, letting people know what it can do. And at HUD, for example, we did a very simple, I was telling James earlier, we did a very simple RPA project on an, an, a financial statement, close process. It was 2,600 hours, six months. Once we implemented the RPA, brought that down to 70 hours, two weeks, people's eyes exploded with it. And then all of a sudden, I said, I want everyone to go back and come back with, with any manual process, any routine process that can convert to an RPA. And I got a list of a hundred, then it came then became trying to slow everything down. We're not going to do it overnight. Yeah, exactly. >>So, but it was self-funding. It was >>Self-funded. Yes. >>And, and how do you take that message to customers that it could be self-funding how how's that resonating >>Very well. And I think it was important. I always like to say, it's a point of differentiation because you look at, uh, mentioned earlier that organizations are basically technology companies. That's what they are. But now if you look across that we no longer compete at the ERP level without got SAP, Oracle, it's not a point of differentiation. We don't compete the application layer where they've got service. Now, black line, how we use them is helpful. We competed the digital layer and with automation is a major component of that. That's where your differentiation takes place. Now, if you have a point of differentiation, that is self-funding, it fundamentally changes the game. And that's why it's so important for boards to understand this, because that risk management, if you've not doing it, somebody is getting ahead of the game much faster than you are. >>Yeah. Yeah. You mentioned ERP and it, and it triggered something in my mind. Cause I, I said this 10 years ago about data. If in the nineties, you, you couldn't have picked SAP necessarily as the winner of ERP. But if you could have picked the companies that were using ERP could have made a lot of money in the stock market because they outperform their peers. And the same thing was true with data. And I think the same thing is going to be true with automation in the coming decade. >>Couldn't agree more. And I think that's exactly the point that differential acceleration happening this. And it's harder because of the Europeans. Once you knew what it was, you can put the boundaries on it. Digital, the options are infinite. It's just continuous progress as are from there. >>I've got a question for you. You talked about some great stats about how dramatically faster things were took far less time. How does that help from an adoption perspective? I know how much cultural change is very difficult for folks in any organization, but that sort of self-serving how does that help fuel adoption? >>Well, it's interesting. Um, it's, it is a, we're actually going to talk about this tomorrow. It is a framework and it's got to start at the leadership has got to start with governance. It's got to start with a detailed plan. That's executable. And it's got to start with getting buy-in from not only your, the, the organization, but the people you're dealing with outside the organization. Um, it's, it's, uh, I think that's absolutely critical. And when you bring this back to the boardroom, they are the leaders of the companies. And, and I, James, I talked about this as we're getting ready for tomorrow's session. I think the number one thing a board can do today is an own personal self assessment. Do they understand automation? Do they understand what next generation three is? Do they understand what the different components can do? And do they understand how the companies are implementing it? And if I was a board member, uh, on our boards, I say, we need to understand that or else this is nothing's going to happen. We're going to be here at the reliance of the CEO and the CFO strategy, which may or may not include or be thinking about this next three. So leadership at the top is going to drive this. And it's so critical. >>We were talking about catalyst before. And you mentioned education and expertise. I'm always curious as to what drew you to public sector because it's, yeah, I mean, very successful, you know, you're, you're with one of the global SIS directly, you can make a lot more money and that side. So what was it did, was it a desire to it's a great country? Was it >>Take one for the team and I'm going to do a selfish plug here. I just actually wrote a book in this whole thing called transforming a federal agency. What's the name of the book transforming and federal agency. And it's, uh, I spent my time at E Y for 37 years, fully retired. I wanted to give back and do meaningful work. And we lived in Columbus, Ohio, as I was talking about earlier, I was going to go teach and I got a call from the president's personnel office to see if I wanted to come. And these, the CFO at HUD with secretary Carson and change turn the agency around, uh, that took me a little while to say yes, because I wasn't sure I wanted something full time. It was a, it was in DC. So I'd be in a commuting role back and forth. My family's in Columbus. >>Um, but it was, uh, I did it and I loved it. It was, uh, I would pray, I would ask anyone that's has the ability to go into public service at any point in their career to do it. It's it was very rewarding. It was one of my favorite three years of life. And to your point, I didn't have to do it, but, uh, if I wanted to do something and give back and that met the criteria and we were very successful in turning it around with the digital transformation and a lot of stuff that we're talking about today gave me the ability to talk about it because I helped lead it >>For sharing that and did it. So did it start with the CFO's office? Because the first time I ever even heard about our RPO RPA was at a CFO conference and I started talking to him like, oh, this is going to be game changing. Is that where it started? Is that where it lands today? >>From an infrastructure standpoint, the CFO has the wonderful ability to see most processes within a company and its entire lifestyle from beginning to end. So CFO has that visibility to understand where efficiencies can happen in the process. And so the CFO plays a dramatically important role in this. And you think about a CFO's role today versus 20 years ago, it's no longer this, the bean counter rolling up numbers that become a business advisors to the board, to the CEO and to the executive suite. Um, so the CFO, I think has probably the best visibility of all the processes on a global basis. And they can see where the, the efficiencies and the implementation of automation can happen. >>So they can be catalysts and really fueling the actual >>Redesign of work. Yes, they, they, they probably need to be the catalyst. And as a board member, you want to be asking what is the CFO's strategic imperative for the next year? And if it doesn't include this, it's just got to get on the agenda. >>Well, curve ball here is his CFO question and you know, three years or two years ago, you wouldn't have even thought, I mean, let me set it up better. One of the industries that is highly automated is crypto. Yeah. You wouldn't even thought about crypto in your balance sheet a couple of years ago, but I'm not sure it's a widespread board level discussion, but as a CFO, what do you make of the trend to put Bitcoin on balance sheets? >>Yeah, I'm probably not the right person to ask because I'm a conservative guy. >>If somebody supported me and he said, Hey, why don't we put crypto on the balance sheet? >>I would get much more educated. I wouldn't shut it down. I would put it into, let's get more educated. Let's get the experts in here. Let's understand what's really happening with it. Let's understand what the risks are, what the rewards are. And can we absorb any sort of risk or reward with it? And when you say put it on the balance sheet, you can put it on in a small way to test it out. I wouldn't put the whole, I wouldn't make the whole balance sheet for Dell on day one. So that's why I would think about it. Just tell, tell me more, get me educated. How did you think about it? How can it help our business? How can I help our shareholders? How does it grow the bottom line? And then, then you start making decisions. >>Cause CFOs, let me find nature often conservative and most CFOs that I talked to just say no way, not a chance, but you're, maybe you're not as conservative as you think. Well, >>No, but I will never say go away on anything. I mean, cause I want to learn. I want to know. I mean, um, if you like all this stuff, that's new, it's easy to say go away, right? Yeah. But all of a sudden, three years later, the go away, all your competitors are doing it at a competitive advantage. So never say go away, get yourself educated before you jump into it. >>That's good advice. Yeah. In any walk of life question for you, or have you talked about the education aspect there? I'm curious from a risk mitigation perspective, especially given the last 18, 19 months, so tumultuous, so scary for all those organizations that were very digital, they're either gone or they accelerated very quickly. How much of an education do you have to provide certain industries? And are you seeing certain industries? I think healthcare manufacturing, financial services as being leaders in the uptake? >>Well, I think the financial service industries, for sure, they, they, they get this and then they need to, uh, cause they, you know, they're, they're a transaction and based, uh, industry. Uh, so they get it completely. Um, you know, I think maybe some manufacturing distribution, some of the old line businesses are, you know, they may not be thinking of this as progressively as they should. Um, but they'll get there. They're going to have to get there eventually. Um, you know, when you think about the education, my, I thought you were gonna ask a question about the education of the workforce. And I think as a board member, I would be really focused on, uh, how am I educating my workforce of the future? And do I have the workforce of the future today? Do I have to educate them to have to bring in hiring for it? Do I have to bring third-party service providers to get us there? So as a board member really focus on, do I have the right workforce to get us to this next stage? And if not, what do I need to do to get there? Because >>We'll allocate a percentage of their budgets to training and education. And the question is where do they put it >>In? Is it the right training and education, right? >>Where do they focus though? Right now we hear you iPad talking about they're a horizontal play, but James, when you and Lisa, we were asking about industry, when you go to market, are you, are you more focused on verticals? Are you thinking, >>No, it's on two things. So which often find is regardless of the sector with some nuanced variation, the back office functions are regionally the procure to pay process as the same fundamentals, regardless of the sector where the differentiation comes in at a sector of service is when you start going to the middle of the front office, I mean a mining has only one customer. They sold their product to image the retailer has an endless number of them. So when you get to the middle and front office and really start engaging with a customer and external vendors, then a differentiation is very unique and you'd have a lot of sort of customers having sector specific nuances and variations in how you use the platform. And that's where the shift now is happening as well is the back office functions that are largely driven by the CFO. If now getting good, robust value out of it, there's pivot to make it a differentiator in the market, comes in the front and middle office. And that's where we starting to say, sector specific genres solutions, nuances really come to the fall >>Deep industry expertise. Do you think digital at all changes that the reason I ask it because I see Amazon as a retail and then they're in cloud and they're in grocery other in content Apple's in, in financial services and you're seeing these internet giants with a dual agenda, they're disrupting horizontal technology and then there's disruptive industries. And my premise is it's because of data and digital. Do you ever see that industry specialization changing that value chain >>Without a doubt? And I think it's happens initially. It starts off. When people have started looking at the process, they realize there's such key dependencies on the upstream and downstream components of the value chain that they want to control it. So they actually start bridging out of what the core practices or the core business to own a broader agenda. And with digital, you can do it. You can actively interact more systemically that installs triggering, well, maybe I have a different product offering. Maybe I can own this. Could I monetize the information I had at my disposal today in a completely new line. And that really what gets truly innovative and starts creating a revenue increase as opposed as the cost saving. And that's what they're really going after. It's how do I, >>The vertical integration is not new. The plenty of ended up Koch industries, Tyson foods, but now it's digital. So presumably you can do it faster with greater greater scale >>Without a doubt. And you don't have to move your big ERP and things like that. Cause that's the only way it takes five years to move my technology backbone with digital. I can do the interaction tomorrow and we can build up enough to be able to sustain that in the short term. >>Right. And speaking of speed, unfortunately, guys, we are out of time, but thank you. Fantastic conversation automation as a board imperative guys, that's been great James or >>Thank you for your time. Thank you so much >>For Dave a long day. I'm Lisa Martin. You're watching the queue. We are live in Las Vegas at the Bellagio at UI path forward for stick around Dave and I will be right back. Okay.

>>Hello, and welcome. Very excited to see everybody here. DockerCon is going fantastic. Everybody's uh, engaging in the chat. It's awesome to see. My name is Peter McKee. I'm the head of developer relations here at Docker and Taber. Today. We're going to be talking about container first development now and in the future. But before we do that, a couple little housekeeping items, first of all, yes, we are live. So if you're in our session, you can go ahead and chat, ask us questions. We'd love to get all your questions and answer them. Um, if you come to the main page on the website and you do not see the chat, go ahead and click on the blue button and that'll die. Uh, deep dive you into our session and you can interact with the chat there. Okay. Without further ado, let's just jump right into it. Katie, how are you? Welcome. Do you mind telling everybody who you are and a little bit about yourself? >>Absolutely. Hello everyone. My name is Katie and currently I am the eco-system advocate at cloud native computing foundation or CNCF. My responsibility is to lead and represent the end-user community. So these are all the practitioners within the cloud native space that are vendor neutral. So they use cloud native technologies to build their services, but they don't sell it. So this is quite an important characteristic as well. My responsibility is to make sure to close the gap between these practitioners and the project maintainers, to make sure that there is a feedback loop around. Um, I have many roles within the community. I am on the advisory board for KIPP finishes, a sandbox project. I'm working with open UK to make sure that Elton standards are used fairly across data, hardware, and software. And I have been, uh, affiliated way if you'd asked me to make sure that, um, I'm distributing a cloud native fundamental scores to make cloud and they do a few bigger despite everyone. So looking forward to this panel and checking with everyone. >>Awesome. Yeah. Welcome. Glad to have you here. Johanna's how are you? Can you, uh, tell everybody a little bit about yourself and who you are? Yeah, sure. >>So hi everybody. My name is Johannes I'm one of the co-founders at get pot, which in case you don't know is an open-source and container based development platform, which is probably also the reason why you Peter reached out and invited me here. So pleasure to be here, looking forward to the discussion. Um, yeah, though it is already a bit later in Munich. Um, and actually my girlfriend had a remote cocktail class with her colleagues tonight and it took me some stamina to really say no to all the Moscow mules that were prepared just over there in my living room. Oh wow. >>You're way better than me. Yeah. Well welcome. Thanks for joining us. Jerome. How are you? Good to see you. Can you tell everybody who you are and a little bit about yourself? Hi, >>Sure. Yeah, so I'm, I, I used to work at Docker and some, for me would say I'm a container hipster because I was running containers in production before it for hype. Um, I worked at Docker before it was even called Docker. And then since 2018, I'm now a freelancer and doing training and consulting around Docker containers, Kubernetes, all these things. So I used to help folks do stuff with Docker when I was there and now I still have them with containers more generally speaking. So kind of, uh, how do we say same, same team, different company or something like that? Yeah. >>Yeah. Perfect. Yeah. Good to see you. I'm glad you're on. Uh, Jacob, how are you? Good to see you. Thanks for joining us. Good. Yeah. Thanks for having me tell, tell everybody a little bit about yourself who you are. >>Yeah. So, uh, I'm the creator of a tool called mutagen, which is an open source, uh, development tool for doing high performance file synchronization and, uh, network forwarding, uh, to enable remote development. And so I come from like a physics background where I was sort of always doing, uh, remote developments, you know, whether that was on a big central clusters or just like some sort of local machine that was a bit more powerful. And so I, after I graduated, I built this tool called mutagen, uh, for doing remote development. And then to my surprise, people just started using it to use, uh, with Docker containers. And, uh, that's kind of grown into its primary use case now. So I'm, yeah, I've gotten really involved with the Docker community and, uh, talked with a lot of great people and now I'm one of the Docker captains. So I get to talk with even more and, and join these events and yeah, but I'm, I'm kind of focused on doing remote development. Uh, cause I, you know, I like, I like having all my tools available on my local machine, but I also like being able to pull in a little bit more powerful hardware or uh, you know, maybe a software that I can't run locally. And so, uh, that's sort of my interest in, in Docker container. Yeah. Awesome. >>Awesome. We're going to come back to that for sure. But yeah. Thank you again. I really appreciate you all joining me and yeah. So, um, I've been thinking about container first development for a while and you know, what does that actually mean? So maybe, maybe we can define it in our own little way. So I, I just throw it out to the panel. When you think about container first development, what comes to mind? What w what, what are you kind of thinking about? Don't be shy. Go ahead. Jerome. You're never a loss of words >>To me. Like if I go back to the, kind of the first, uh, you know, training engagements we did back at Docker and kind of helping folks, uh, writing Dockerfiles to stop developing in containers. Um, often we were replacing, um, uh, set up with a bunch of Vagrant boxes and another, like the VMs and combinations of local things. And very often they liked it a lot and they were very soon, they wanted to really like develop in containers, like run this microservice. This piece of code is whatever, like run that in containers because that means they didn't have to maintain that thing on their own machine. So that's like five years ago. That's what it meant to me back then. However, today, if you, if you say, okay, you know, developing in containers, um, I'm thinking of course about things like get bought and, uh, I think it's called PR or something like that. >>Like this theme, maybe that thing with the ESCO, that's going to run in a container. And you, you have this vs code thing running in your browser. Well, obviously not in your browser, but in a container that you control from your browser and, and many other things like that, that I, I think that's what we, where we want to go today. Uh, and that's really interesting, um, from all kinds of perspectives, like Chevy pair pairing when we will not next to each other, but actually thousands of miles away, um, or having this little environment that they can put aside and come back to it later, without it having using resource in my machine. Um, I don't know, having this dev service running somewhere in the cloud without needing something like, it's at the rights that are like the, the possibilities are really endless. >>Yeah. Yeah. Perfect. Yeah. I'm, you know, a little while ago I was, I was torn, right. W do I spin up containers? Do I develop inside of my containers? Right. There's foul sinking issues. Um, you know, that we've been working on at Docker for a while, and Jacob is very, very familiar with those, right? Sometimes it, it becomes hard, but, and I, and I love developing in the cloud, but I also have this screaming, you know, fast machine sitting on my desktop that I think I should take advantage of. So I guess another question is, you know, should we be developing inside of containers? Is that a smart thing to do? Uh, I'd love to hear you guys' thoughts around that. >>You know, I think it's one of those things where it's, you know, for me container first development is really about, um, considering containers as sort of a first class citizen in, in terms of your development toolkit, right. I mean, there's not always that silver bullet, that's like the one thing you should use for everything. You know, you shouldn't, you shouldn't use containers if they're not fitting in or adding value to your workflow, but I think there's a lot of scenarios that are like, you know, super on super early on in the development process. Like as soon as you get the server kind of running and working and, you know, you're able to access it, you know, running on your local system. Uh that's I think that's when the value comes in to it to add containers to, you know, what you're doing or to your project. Right. I mean, for me, they're, um, they're more of a orchestrational tool, right? So if I don't have to have six different browser tabs open with like, you know, an API server running at one tab and a web server running in another tab and a database running in another tab, I can just kind of encapsulate those and, and use them as an automation thing. So I think, you know, even if you have a super powerful computer, I think there's still value in, um, using containers as, as a orchestrational mechanism. Yeah. Yeah, >>For sure. I think, I think one of the, one of my original aha moments with Docker was, oh, I can spin up different versions of a database locally and not have to install it and not have to configure it and everything, but, you know, it just ran inside of a container. And that, that was it. Although it's might seem simple to some people that's very, very powerful. Right. So I think being able to spin things up and containers very quickly is one of the super benefits. But yeah, I think, uh, developing in containers is, is hard right now, right. With, um, you know, and how do you do that? Right. Does anybody have any thoughts around, how do you go about that? Right. Should you use a container as just a development environment, so, you know, creating an image and then running it just with your dev tools in it, or do you just, uh, and maybe with an editor all inside of it, and it's just this process, that's almost like a VM. Um, yeah. So I'll just kick it back to the panel. I'd love to hear your thoughts on, you know, how do you set up and configure, uh, containers to develop in any thoughts around that? >>Maybe one step back again, to answer your question, what kind of container first development mean? I think it doesn't mean, um, by default that it has to be in the cloud, right? As you said, um, there are obvious benefits when it comes to the developer experience of containers, such as, I dunno, consistency, we have standardized tools dependencies for the dev side of things, but it also makes their dev environment more similar to all the pipeline that is somehow happening to the right, right. So CIC D all the way to production, it is security, right? Which also somehow comes with standardization. Um, but vulnerability scanning tools like sneak are doing a great job there. And, um, for us, it gets pod. One of the key reasons why we created get pod was literally creating this peace of mind for deaths. So from a developer's point of view, you do not need to take care anymore about all the hassle around setups and things that you will need to install. >>And locally, based on some outdated, REIT me on three operating systems in your company, everybody has something different and leading to these verbs in my machine situations, um, that really slow professional software developers down. Right. Um, back to your point, I mean, with good pod, we obviously have to package everything together in one container because otherwise, exactly the situation happens that you need to have five browser tabs open. So we try and leverage that. And I think a dev environment is not just the editor, right? So a dev environment includes your source code. It includes like a powerful shell. It includes file systems. It includes essentially all the tools you need in order to be productive databases and so on. And, um, yeah, we believe that should be encapsulated, um, um, in a container. >>Yeah. Awesome. Katie, you talked to a lot of end users, right. And you're talking to a lot of developers. What, what's your thoughts around container first development, right? Or, or what's the community out there screaming or screaming. It might be too to, uh, har you know, to, to two grand of the word. Right. But yeah, I love it. I love to hear what your, your thoughts. >>Absolutely. So I think when you're talking about continuing driven development, uh, the first thing that crosses my mind is the awareness of the infrastructure or the platform you're going to run your application on top of, because usually when you develop your application, you'd like to replicate as much as possible the production or even the staging environment to make sure that when you deploy your application, you have us little inconsistencies as possible, but at the same time, you minimize the risk for something to go wrong as well. So when it talking about the, the community, um, again, when you deploy applications and containers and Kubernetes, you have to use, you have awareness about, and probably apply some of the best practices, like introducing liveliness and readiness probes, to make sure that your application can restart in, in case it actually goes down or there's like a you're starving going CPU or something like that. >>So, uh, I think when it comes to deployment and development of an application, the main thing is to actually improve the end developer experience. I think there has been a lot of focus in the community to develop the tool, to actually give you the right tool to run application and production, but that doesn't necessarily, um, go back to how the end developer is actually enabling that application to run into that production system. So I think there has been, uh, this focus for the community identified now, and it's more, more, um, or trying to build momentum on enhancing the developer experience. And we've seen this going through many, uh, where we think production of many tools did what has been one of them, which actually we can have this portable, um, development environment if you choose so, and you can actually replicate them across different teams in different machines, which is actually quite handy. >>But at the same time, we had tools such as local composts has been a great tool to run locally. We have tool such as carefully, which is absolutely great to automatically dynamically upload any changes to how within your code. So I think all of these kinds of tools, they getting more matured. And again, this is going back to again, we need to enhance our developer experience coming back to what is the right way to do so. Um, I think it really depends on the environment you have in production, because there's going to define some of the structures with the tool and you're going to have internally, but at the same time, um, I'd like to say that, uh, it really depends on, on what trucks are developing. Uh, so it's, it's, I would like to personally, I would like to see a bit more diversification in this area because we might have this competitive solutions that is going to push us to towards a new edge. So this is like, what definitely developer experience. If we're talking about development, that's what we need to enhance. And that's what I see the momentum building at the moment. >>Yeah. Yeah. Awesome. Jerome, I saw you shaking your head there in agreement, or maybe not, but what's your thoughts? >>I was, uh, I was just reacting until 82. Uh, it depends thinking that when I, when I do training, that's probably the answer that I gave the most, uh, each time somebody asks, oh, should we do diesel? And I was also looking at some of the questions in the chat about, Hey, the, should we like have a negatory in the, in the container or something like that. And folks can have pretty strong opinions one way or the other, but as a ways, it kind of depends what we do. It also depends of the team that we're working with. Um, you, you could have teams, you know, with like small teams with folks with lots of experience and they all come with their own Feb tools and editorials and plugins. So you know that like you're gonna have PRI iMacs out of my cold dead hands or something like that. >>So of course, if you give them something else, they're going to be extremely unhappy or sad. On the other hand, you can have team with folks who, um, will be less opinionated on that. And even, I don't know, let's say suddenly you start working on some project with maybe a new programming language, or maybe you're targeting some embedded system or whatever, like something really new and different. And you come up with all the tools, even the ADE, the extensions, et cetera, folks will often be extremely happy in that case that you're kind of giving them a Dettol and an ADE, even if that's not what they usually would, uh, would use, um, because it will come with all of the, the, the nice stage, you know, the compression, the, um, the, the, the bigger, the, whatever, all these things. And I think there is also something interesting to do here with development in containers. >>Like, Hey, you're going to start working on this extremely complex target based on whatever. And this is a container that has everything to get started. Okay. Maybe it's not your favorites editor, but it has all the customization and the conserver and whatever. Um, so you can start working right away. And then maybe later you, we want to, you know, do that from the container in a way, and have your own Emacs, atom, sublime, vs code, et cetera, et cetera. Um, but I think it's great for containers here, as well as they reserve or particularly the opportunity. And I think like the, that, that's one thing where I see stuff like get blood being potentially super interesting. Um, it's hard for me to gauge because I confess I was never a huge ID kind of person had some time that gives me this weird feeling, like when I help someone to book some, some code and you know, that like with their super nice IDE and everything is set up, but they feel kind of lost. >>And then at some point I'm like, okay, let's, let's get VI and grep and let's navigate this code base. And that makes me feel a little bit, you know, as this kind of old code for movies where you have the old, like colorful guy who knows going food, but at the end ends up still being obsolete because, um, it's only a going for movies that whole good for masters and the winning right. In real life, we don't have conformance there's anymore mentioned. So, um, but part of me is like, yeah, I like having my old style of editor, but when, when the modern editorial modern ID comes with everything set up and configured, that's just awesome. That's I, um, it's one thing that I'm not very good at sitting up all these little things, but when somebody does it and I can use it, it's, it's just amazing. >>Yeah. Yeah. I agree. I'm I feel the same way too. Right. I like, I like the way I've I have my environment. I like the tools that I use. I like the way they're set up. And, but it's a big issue, right? If you're switching machines, like you said, if you're helping someone else out there, they're not there, your key bindings aren't there, you can't, you can't navigate their system. Right? Yeah. So I think, you know, talking about, uh, dev environments that, that Docker's coming out with, and we're, you know, there's a lot, there, there's a, it's super complex, all these things we're talking about. And I think we're taking the approach of let's do something, uh, well, first, right. And then we can add on to that. Right. Because I think, you know, setting up full, full developed environments is hard, right. Especially in the, the, um, cloud native world nowadays with microservices, do you run them on a repo? >>Do you not have a monitor repo? Maybe that would be interesting to talk about. I think, um, you know, I always start out with the mono repos, right. And you have all your services in there and maybe you're using one Docker file. And then, because that works fine. Cause everything is JavaScript and node. And then you throw a little Python in there and then you throw a little go and now you start breaking things out and then things get too complex there, you know, and you start pulling everything out into different, get repos and now, right. Not everything just fits into these little buckets. Right. So how do you guys think maybe moving forward, how do we attack that night? How do we attack these? Does separate programming languages and environments and kind of bring them all together. You know, we, we, I hesitate, we solve that with compose around about running, right about executing, uh, running your, your containers. But, uh, developing with containers is different than running containers. Right. It's a, it's a different way to think about it. So anyway, sorry, I'm rattling on a little bit, but yeah. Be interesting to look at a more complex, uh, setup right. Of, uh, of, you know, even just 10 microservices that are in different get repos and different languages. Right. Just some thoughts. And, um, I'm not sure we all have this flushed out yet, but I'd love to hear your, your, you guys' thoughts around that. >>Jacob, you, you, you, you look like you're getting ready to jump there. >>I didn't wanna interrupt, but, uh, I mean, I think for me the issue isn't even really like the language boundary or, or, um, you know, a sub repo boundary. I think it's really about, you know, the infrastructure, right? Because you have, you're moving to an era where you have these cloud services, which, you know, some of them like S3, you can, you can mock up locally, uh, or run something locally in a container. But at some point you're going to have like, you know, cloud specific hardware, right? Like you got TPS or something that maybe are forming some critical function in your, in your application. And you just can't really replicate that locally, but you still want to be able to develop against that in some capacity. So, you know, my, my feeling about where it's going to go is you'll end up having parts of your application running locally, but then you also have, uh, you know, containers or some other, uh, element that's sort of cohabitating with, uh, you know, either staging or, or testing or production services that you're, uh, that you're working with. >>So you can actually, um, you know, test against a really or realistic simulation or the actual, uh, surface that you're running against in production. Because I think it's just going to become untenable to keep emulating all of that stuff locally, or to have to like duplicate these, you know, and, you know, I guess you can argue about whether or not it's a good thing that, that everything's moving to these kind of more closed off cloud services, but, you know, the reality of situation is that's where it's going to go. And there's certain hardware that you're going to want in the cloud, especially if you're doing, you know, machine learning oriented stuff that there's just no way you're going to be able to run locally. Right. I mean, if you're, even if you're in a dev team where you have, um, maybe like a central machine where you've got like 10 or 20 GPU's in it, that's not something that you're going to be able to, to, to replicate locally. And so that's how I kind of see that, um, you know, containers easing that boundary between different application components is actually maybe more about co-location, um, or having different parts of your application run in different locations, on different hardware, you know, maybe someone on your laptop, maybe it's someone, you know, AWS or Azure or somewhere. Yeah. It'd be interesting >>To start seeing those boundaries blur right. Working local and working in the cloud. Um, and you might even, you might not even know where something is exactly is running right until you need to, you know, that's when you really care, but yeah. Uh, Johanas, what's your thoughts around that? I mean, I think we've, we've talked previously of, of, um, you know, hybrid kind of environments. Uh, but yeah. What, what's your thoughts around that? >>Um, so essentially, yeah, I think, I mean, we believe that the lines between cloud and local will also potentially blur, and it's actually not really about that distinction. It's just packaging your dev environment in a way and provisioning your dev environment in a way that you are what we call always ready to coat. So that literally, um, you, you have that for the, you described as, um, peace of mind that you can just start to be creative and start to be productive. And if that is a container potentially running locally and containers are at the moment. I think, you know, the vehicle that we use, um, two weeks ago, or one week ago actually stack blitz announced the web containers. So potentially some things, well, it's run in the browser at some point, but currently, you know, Docker, um, is the standard that enables you to do that. And what we think will happen is that these cloud-based or local, um, dev environments will be what we call a femoral. So it will be similar to CIS, um, that we are using right now. And it doesn't literally matter, um, where they are running at the end. It's just, um, to reduce friction as much as possible and decrease and yeah, yeah. Essentially, um, avoid or the hustle that is currently involved in setting up and also managing dev environments, um, going forward, which really slows down specifically larger teams. >>Yeah. Yeah. Um, I'm going to shift gears a little bit here. We have a question from the audience in chat, uh, and it's, I think it's a little bit two parts, but so far as I can see container first, uh, development, have the challenges of where to get safe images. Um, and I was going to answer it, but let me keep it, let me keep going, where to get safe images and instrumentation, um, and knowing where exactly the problem is happening, how do we provide instrument instrumentation to see exactly where a problem might be happening and why? So I think the gist of it is kind of, of everything is in a container and I'm sitting outside, you know, the general thought around containers is isolation, right. Um, so how do I get views into that? Um, whether debugging or, or, or just general problems going on. I think that's maybe a broader question around the, how you, you know, you have your local hosts and then you're running everything containers, and what's the interplay there. W what's your thoughts there? >>I tend to think that containers are underused interactively. I mean, I think in production, you have this mindset that there's sort of this isolated environment, but it's very, actually simple to drop into a shell inside of a container and use it like you would, you know, your terminal. Um, so if you want to install software that way, you know, through, through an image rather than through like Homebrew or something, uh, you can kind of treat containers in that way and you can get a very, um, you know, direct access to the, to the space in which those are running in. So I think, I think that's maybe the step one is just like getting rid of that mindset, that, that these are all, um, you know, these completely encapsulated environments that you can't interact with because it's actually quite easy to just Docker exec into a container and then use it interactively >>Yeah. A hundred percent. And maybe I'll pass, I'm going to pass this question. You drone, but maybe demystify containers a little bit when I talked about this on the last, uh, panel, um, because we have a question in the, in the chat around, what's the, you know, why, why containers now I have VMs, right? And I think there's a misunderstanding in the industry, uh, about what, what containers are, we think they're fair, packaged stuff. And I think Jacob was hitting on that of what's underneath the hood. So maybe drown, sorry, for a long way to set up a question of what, what, what makes up a container, what is a container >>Is a container? Well, I, I think, um, the sharpest and most accurate and most articulate definition, I was from Alice gold first, and I will probably misquote her, but she said something like containers are a bunch of capsulated processes, maybe running on a cookie on welfare system. I'm not sure about the exact definition, but I'm going to try and, uh, reconstitute that like containers are just processes that run on a Unix machine. And we just happen to put a bunch of, um, red tape or whatever around them so that they are kind of contained. Um, but then the beauty of it is that we can contend them as much, or as little as we want. We can go kind of only in and put some actual VM or something like firecracker around that to give some pretty strong angulation, uh, all we can also kind of decontam theorize some aspects, you know, you can have a container that's actually using the, um, the, um, the network namespace of the host. >>So that gives it an entire, you know, wire speed access to the, to the network of the host. Um, and so to me, that's what really interesting, of course there is all the thing about, oh, containers are lightweight and I can pack more of them and they start fast and the images can be small, yada yada, yada. But to me, um, with my background in infrastructure and building resilient, things like that, but I find really exciting is the ability to, you know, put the slider wherever I need it. Um, the, the, the ability to have these very light containers, all very heavily, very secure, very anything, and even the ability to have containers in containers. Uh, even if that sounds a little bit, a little bit gimmicky at first, like, oh, you know, like you, you did the Mimi, like, oh, I heard you like container. >>So I put Docker when you're on Docker. So you can run container for you, run containers. Um, but that's actually extremely convenient because, um, as soon as you stop building, especially something infrastructure related. So you challenge is how do you test that? Like, when we were doing.cloud, we're like, okay, uh, how do we provision? Um, you know, we've been, if you're Amazon, how do you provision the staging for us installed? How do you provision the whole region, Jen, which is actually staging? It kind of makes things complicated. And the fact that we have that we can have containers within containers. Uh, that's actually pretty powerful. Um, we're also moving to things where we have secure containers in containers now. So that's super interesting, like stuff like a SIS box, for instance. Um, when I saw that, that was really excited because, uh, one of the horrible things I did back in the days as Docker was privileged containers, precisely because we wanted to have Docker in Docker. >>And that was kind of opening Pandora's box. That's the right, uh, with the four, because privileged containers can do literally anything. They can completely wreck up the machine. Um, and so, but at the same time, they give you the ability to run VPNs and run Docker in Docker and all these cool things. You can run VM in containers, and then you can list things. So, um, but so when I saw that you could actually have kind of secure containers within containers, like, okay, there is something really powerful and interesting there. And I think for folks, well, precisely when you want to do development in containers, especially when you move that to the cloud, that kind of stuff becomes a really important and interesting because it's one thing to have my little dev thing on my local machine. It's another thing when I want to move that to a swarm or Kubernetes cluster, and then suddenly even like very quickly, I hit the wall, which is, oh, I need to have containers in my containers. Um, and then having a runtime, like that gets really intense. >>Interesting. Yeah, yeah, yeah. And I, and jumping back a bit, um, yeah, uh, like you said, drum at the, at the base of it, it containers just a, a process with, with some, uh, Abra, pardon me, operating constructs wrapped around it and see groups, namespaces those types of things. But I think it's very important to, for our discussion right. Of, uh, developers really understanding that, that this is just the process, just like a normal process when I spin up my local bash in my term. Uh, and I'm just interacting with that. And a lot of the things we talk about are more for production runtimes for securing containers for isolating them locally. I don't, I don't know. I'll throw the question out to the panel. Is that really relevant to us locally? Right. Do we want to pull out all of those restrictions? What are the benefits of containers for development, right. And maybe that's a soft question, but I'd still love to hear your thoughts. Maybe I'll kick it over to you, Katie, would you, would you kick us off a little bit with that? >>I'll try. Um, so I think when, again, I was actually thinking of the previous answers because maybe, maybe I could do a transition here. So, interesting, interesting about containers, a piece of trivia, um, the secrets and namespaces have been within the Linux kernel since 2008, I think, which just like more than 10 years ago, hover containers become popular in the last years. So I think it's, it's the technology, but it's about the organization adopting this technology. So I think why it got more popular now is because it became the business differentiator organizations started to think, how can I deliver value to my customers as quickly as possible? So I think that there should be this kind of two lane, um, kind of progress is the technology, but it's at the same time organization and cultural now are actually essential for us to develop, uh, our applications locally. >>Again, I think when it's a single application, if you have just one component, maybe it's easier for you to kind of run it locally, have a very simple testing environment. Sufficient is a container necessary, probably not. However, I think it's more important when you're thinking to the bigger picture. When we have an architecture that has myriads of microservices at the basis, when it's something that you have to expose, for example, an API, or you have to consume an API, these are kind of things where you might need to think about a lightweight set up within the containers, only local environment to make sure that you have at least a similar, um, environment or a configuration to make sure that you test some of the expected behavior. Um, I think the, the real kind of test you start from the, the dev cluster will like the dev environment. >>And then like for, for you to go to staging and production, you will get more clear into what exactly that, um, um, configuration should be in the end. However, at the same time, again, it's, it's more about, um, kind of understanding why you continue to see this, the thing, like, I don't say that you definitely need containers at all times, but there are situations when you have like, again, multiple services and you need to replicate them. It's just the place to, to, to work with these kind of, um, setups. So, um, yeah, really depends on what you're trying to develop here. Nothing very specific, unfortunately, but get your product and your requirements are going to define what you're going to work with. >>Yeah, no, I think that's a great answer, right. I think one of the best answers in, in software engineering and engineering in general as well, it depends. Right. It's things are very specific when we start getting down to the details, but yeah, generally speaking, you know, um, I think containers are good for development, but yeah, it depends, right. It really depends. Is it helping you then? Great. If it's hindering you then, okay. Maybe think what's, what's the hindrance, right. And are containers the right solution. I agree. 110% and, >>And everything. I would like absurd this too as well. When we, again, we're talking about the development team and now we have this culture where we have the platform and infrastructure team, and then you have your engineering team separately, especially when the regulations are going to be segregated. So, um, it's quite important to understand that there might be a, uh, a level of up-skilling required. So pushing for someone to use containers, because this is the right way for you to develop your application might be not, uh, might not be the most efficient way to actually develop a product because you need to spend some time to make sure that the, the engineering team has the skills to do so. So I think it's, it's, again, going back to my answers here is like, truly be aware of how you're trying to develop how you actually collaborate and having that awareness of your platform can be quite helpful in developing your, uh, your publication, the more importantly, having less, um, maybe blockers pushing it to a production system. >>Yeah, yeah. A hundred percent. Yeah. The, uh, the cultural issue is, is, um, within the organization, right. Is a very interesting thing. And it, and I would submit that it's very hard from top down, right. Pushing down tools and processes down to the dev team, man, we'll just, we'll just rebel. It usually comes from the bottom up. Right. What's working for us, we're going to do right. And whether we do it in the shadows and don't let it know, or, or we've conformed, right. Yeah. A hundred percent. Um, interesting. I would like to think a little bit in the future, right? Like, let's say, I don't know, two, three years from now, if, if y'all could wave a and I'm from Texas. So I say y'all, uh, if you all could wave a magic wand, what, what, what would that bring about right. What, what would, what would be the best scenario? And, and we just don't have to say containers. Right. But, you know, what's the best development environment and I'm going to kick it over to you, Jacob. Cause I think you hinted at some of that with some hybrid type of stuff, but, uh, yeah. Implies, they need to keep you awake. You're, you're, you're, uh, almost on the other side of the world for me, but yeah, please. >>Um, I think, you know, it's, it's interesting because you have this technology that you've been, that's been brought from production, so it's not, um, necessarily like the right or the normal basis for development. So I think there's going to be some sort of realignment or renormalization in terms of, uh, you know, what the, what the basis and the abstractions that we're using on a daily basis are right. Like images and containers as they exist now are really designed for, um, for production use cases. And, and in terms of like, even even the ergonomics of opening a shell inside a container, I think is something that's, um, you know, not as polished or not as smooth as it could be because they've come from production. And so I think it's important, like not to, not to have people look at, look at the technology as it exists now and say like, okay, this is slightly rough around the edges, or it wasn't designed for this use case and think, oh, there's, you know, there's never any way I could use this for, for my development of workflows. >>I think it's, you know, it's something Docker's exploring now with, uh, with the, uh, dev containers, you know, it's, it's a new, and it's an experimental paradigm and it may not be what the final picture looks like. As, you know, you were saying, there's going to be kind of a baseline and you'll add features to that or iterate on that. Um, but I think that's, what's interesting about it, right? Cause it's, there's not a lot of things as developers that you get to play with that, um, that are sort of the new technology. Like if you're talking about things you're building to ship, you want to kind of use tried and true components that, you know, are gonna, that are going to be reliable. But I think containers are that interesting point where it's like, this is an established technology, but it's also being used in a way now that's completely different than what it was designed for. And, and, you know, as hackers, I think that's kind of an interesting opportunity to play with it, but I think, I think that's, what's going to happen is you're just going to see kind of those production, um, designed, uh, knobs kind of sanded down or redesigned for, for development. So that's kind of where I see it going. >>Yeah. Yeah. And I think that's what I was trying to hint out earlier is like, um, yeah, just because all these things are there, does it actually mean we need them locally? Right. Do they make sense? I, I agree. A hundred percent, uh, anybody else drawn? What are your thoughts around that? And then, and then, uh, I'll probably just ask all of you. I'd love to hear each of your thoughts of the future. >>I had a thought was maybe unrelated, but I was kind of wondering if we would see something on the side of like energy efficiency in some way. Um, and maybe it's just because I've been thinking a lot about like climate change and things like that recently, and trying to reduce like the, uh, the energy use energy use and things like that. Perhaps it's also because I recently got a new laptop, which on paper is super awesome, but in practice, as soon as you try to have like two slack tabs and a zoom call, you know, it's super fast, both for 30 seconds. And after 30 seconds, it blows its thermal budget and it's like slows down to a crawl. And I started to think, Hmm, maybe, you know, like before we, we, we were thinking about, okay, I don't have that much CPU available. So you have to be kind of mindful about that. >>And now I wonder how are we going to get in something similar to that, but where you try to save CPU cycles, not just because you don't have that many CPU cycles, but more because you know, that you can't go super fast for super long when you are on one of these like small laptops or tablets or phones, like you have this demo budget to take into account. And, um, I wonder if, and how like, is there something where goaltenders can do some things here? I guess it can be really interesting if they can do some the equivalent of like Docker top and Docker stats. And if I could see, like how much what's are these containers using, I can already do that with power top on Linux, for instance, like process by process. So I'm thinking I could see what's the power usage of, of some containers. Um, and I wonder if down the line, is this going to be something useful or is this just silly because we can just masquerade CPU usage for, for Watson and forget about it. >>Yeah. Yeah. It was super, super interesting, uh, perspective for sure. I'm going to shut up because I want to, I want to give, make sure I give Johannes and Katie time. W w what are your thoughts of the future around, let's just say, you know, container development in general, right? You want, you want to start absolutely. Oh, honest, Nate. Johns wants more time. I say, I'll try not to. Beneficiate >>Expensive here, but, um, so one of the things that we've we've touched upon earlier in the panel was multicloud strategy. And I was reading one of the data reports from it was about the concept of Kubernetes from gamer Townsville. But what is working for you to see there is that more and more organizations are thinking about multicloud strategy, which means that you need to develop an application or need an infrastructure or a component, which will allow you to run this application bead on a public cloud bead, like locally in a data center and so forth. And here, when it comes to this kind of, uh, maybe problems we come across open standards, this is where we require something, which will allow us to execute our application or to run our platform in different environments. So when you're thinking about the application or development of the application, one of the things that, um, came out in 2019 at was the Oakland. >>Um, I wish it was Kybella, which is a, um, um, an open application model based application, which allows you to describe the way you would like your service to be executed in different environments. It doesn't need to be well developed specifically for communities. However, the open application model is specialized. So specialized tries to cover multiple platforms. You will be able to execute your application anywhere you want it to. So I think that that's actually quite important because it completely obstructs what is happening underneath it, completely obstructs notions, such as containers, uh, or processes is just, I want this application and I want to have this kind of behavior is so example of, to scale in this conditions or to, um, to be exposed for these, uh, end points and so forth. And everything that I would like to mention here is that maybe this transcends again, the, uh, the logistics of the application development, but it definitely will impact the way we run our applications. >>So one of the biggest, well, one of the new trends that is kind of gaining momentum now has been around Plaza. And this is again, something which is trying to present what we have the on containers. Again, it's focusing on the, it's kind of a cyclical, um, uh, action movement that we have here. When we moved from the VMs to containers, it was smaller footprint. We want like better execution, one, this agnosticism of the platforms. We have the same thing happening here with Watson, but again, it consents a new, um, uh, kind of, well, it teaches in you, uh, in new climax here, where again, we shrink the footprint of the cluster. We have a better isolation of all the services. We have a better trend, like portability of how services and so forth. So there is a great potential out there. And again, like why I'm saying this is some of these technologies are gonna define the way we're gonna do our development of the application on our local environment. >>That's why it's important to kind of maybe have an eye there and maybe see if some of those principles of some of those technologies we can bring internally as well. And just this, like a, a final thought here, um, security has been mentioned as well. Um, I think it's something which has been, uh, at the forefront, especially when it comes to containers, uh, especially when it comes to enterprise organizations and those who are regulated, which I feel come very comfortable to run their application within a VM where you have the full isolation, you can do what we have complete control of what's happening inside that compute. So, um, again, security has been at the forefront at the moment. So I know it has mentioned in the panel before. I'd like to mention that we have the security white paper, which has been published. We have the software supply chain, white paper as well, which twice to figure out or define some of these good practices as well, again, which you can already apply from your development environment and then propagate them to production. So I'm just going to leave, uh, all of these. That's all. >>That's awesome. And yeah, well, while is very, very interesting. I saw the other day that, um, and I forget who it was, maybe, maybe all can remember, um, you know, running, running the node, um, engine inside of, you know, in Walzem inside of a browser. Right. And, uh, at first glance I said, well, we already have a JavaScript execution engine. Right. And it's kind of like Docker and Docker. So you have, uh, you know, you have the browser, then, then you have blossom and then you have a node, you know, a JavaScript runtime. And, and I didn't understand was while I was, um, you know, actually executing is JavaScript and it's not, but yeah, it's super interesting, super powerful. I always felt that the browser was, uh, Java's what write once run anywhere kind of solution, right. That never came about, they were thinking of set top, uh, TV boxes and stuff like that, which is interesting. >>I don't know, you'll some of the history of Java, but yeah. Wasm is, is very, I'm not sure how to correctly pronounce it, but yeah, it's extremely interesting because of the isolation in that boxing. Right. And running powerful languages that were used to inside of a more isolated environment. Right. And it's almost, um, yeah, it's kind of, I think I've mentioned it before that the containers inside of containers, right. Um, yeah. So Johannes, hopefully I gave you enough time. I delayed, I delayed as much as I can. My friend, you better, you better just kidding. I'm just kidding, please, please. >>It was by the way, stack let's and they worked together with Google and with Russell, um, developing the web containers, it's called there's, it's quite interesting. The research they're doing there. Yeah. Yeah. I mean, what we believe and I, I also believe is that, um, yeah, probably somebody is doing to death environments, what Docker did to servers and at least that good part. We hope that somebody will be us. Um, so what we mean by that is that, um, we think today we are still somehow emotionally attached to our dev environments. Right. We give them names, we massage them over time, which can also have its benefits, but it's, they're still pets in some way. Right. And, um, we believe that, um, environments in the future, um, will be treated similar like servers today as automated resources that you can just spin up and close down whenever you need them. >>Right. And, um, this trend essentially that you also see in serverless, if you look at what kind of Netlify is doing a bit with preview environments, what were sellers doing? Um, there, um, we believe will also arrive at, um, at Steph environments. It probably won't be there tomorrow. So it will take some time because if there's also, you know, emotion involved into, in that, in that transition, but ultimately really believe that, um, provisioning dev environments also in the cloud allows you to leverage the power of the cloud and to essentially build all that stuff that you need in order to work in advance. Right? So that's literally either command or a button. So either, I don't know, a command that spins up your local views code and SSH into, into a container, or you do it in a browser, um, will be the way that professional development teams will develop in the future. Probably let's see in our direction of document, we say it's 2000 to 23. Let's see if that holds true. >>Okay. Can we, can, we let's know. Okay. Let's just say let's have a friendly bet. I don't know that's going to be closed now, but, um, yeah, I agree. I, you know, it's my thought around is it, it's hard, right? Th these are hard. And what problems do you tackle first, right? Do you tackle the day, one of, uh, you know, of development, right. I joined a team, Hey, here's your machine? And you have Docker installed and there you go, pull, pull down your environment. Right. Is that necessarily just an image? You know, what, what exactly is that sure. Containers are involved. Right. But that's, I mean, you, you've probably all gone through it. You joined a team, new project, even open-source project, right there. There's a huge hurdle just to get everything configured, to get everything installed, to get it up and running, um, you know, set aside all understanding the code base. >>Cause that's a different issue. Right. But just getting everything running locally and to your point earlier, Jacob of around, uh, recreating, local production cues and environments and, you know, GPS or anything like that, right. Is extremely hard. You can't do a lot of that locally. Right. So I think that's one of the things I'd love to see tackled. And I think that's where we're tackling in dev environments, uh, with Docker, but then now how do you become productive? Right. And where do we go from there? And, uh, and I would love to see this kind of hybrid and you guys have been all been talking about it where I can, yes. I have it configured everything locally on my nice, you know, apple notebook. Right. And then, you know, I go with the family and we go on vacation. I don't want to drag this 16 inch, you know, Mac laptop with me. >>And I want to take my nice iPad with the magic keyboard and all the bang stuff. Right. And I just want to fire up and I pick up where I left off. Right. And I keep coding and environment feels, you know, as much as it can that I'm still working at backup my desktop. I think those, those are very interesting to me. And I think reproducing, uh, the production running runtime environments as close as possible, uh, when I develop my, I think that's extremely powerful, extremely powerful. I think that's one of the hardest things, right. It's it's, uh, you know, we used to say, we, you debug in production. Right. We would launch, right. We would do, uh, as much performance testing as possible. But until you flip that switch on a big, on a big site, that's where you really understand what is going to break. >>Right. Well, awesome. I think we're just about at time. I really, really appreciate everybody joining me. Um, it's been a pleasure talking to all of you. We have to do this again. If I, uh, hopefully, you know, I I'm in here in America and we seem to be doing okay with COVID, but I know around the world, others are not. So my heart goes out to them, but I would love to be able to get out of here and come see all of you and meet you in person, maybe break some bread together. But, um, again, it was a pleasure talking to you all, and I really appreciate you taking the time. Have a good evening. Cool. >>Thanks for having us. Thanks for joining us. Yes.

>> Live from Las Vegas. It's the Cube covering Adobe Summit twenty nineteen brought to you by Extension Interactive. >> Welcome back, everyone. Live cube coverage here in Las Vegas for adobe summat. Twenty nineteen. I'm John for With my Coast. Jeffrey for Yu here for two days. The wall, the wall coverage We're on day to our next guest. Marc Andre Sinclair, director of digital marketing Platform Content Strategy Export Development Canada E D. C. Welcome to the Cube. Thank you. So love your channel. Digital marketing platform content strategy. That's kind of in the center of all the action. So, you know, you've been doing some transformation. Tell us your story. What do you guys do? What was what was that? What's the story? >> So I joined E. C. Exported moment Cata two years ago, really helping them out on the overall digital transformation. So I've been fortunate, joined the organization as the moment that they're our position. We wanted to change like we weren't a mandate to gain back some relevance in the market. CDC exists how occasion businesses go beyond the borders, go international. So they really wanted to be relevant to the market because we're not competing with the markets were really just like a compliment in a market. So we've been on that journey distrust, transformation For the last two years, we've are now competing the first phase of a transformation and just about two years, which normally takes four years in the industry. And we're now add midway to our overall digital transformation. We want a critical the number of customers that we have in four years, but it's a very aggressive target what we call normal, like a stretch goal that are serious put. So that's what we've been up to in the last two years. >> And what >> was the catalyst? Why the change? Because, well, what was going on kind of behind the scenes t make such an aggressive, so aggressive move. If you look at >> the interest you overall, there's a major shift in what is export. So exporting means merchandising guys ing good for most of the people. When when you look at the shipping industry to software and services, these folks are not perceiving themselves as being on exporter like really, you build a software, you sell it. You don't think about your software getting beyond the borders. So the industry, the overall market size, are the number of companies that we could help in. The country has grown, but our number of customer remained flat. So we wanted to catch back at that market reach. And there was a theater in Perth. Is that forced us to change? But basically it started. What? Our CEO Putting forward a strong paper cultured like really forced people to think differently and change. >> What's the progress Like how you happy with the progress so far? Absolutely. What are what are some of the things you've knocked down already? What was the pick us through the steps? They could screw up the plan. What was the What is the plan? What is completed were how much how much is left. >> OK, so it started for us as a strong investments and over all the marketing tech stocks which started obviously where I will be summit. So we started in the vestments with the Adobe expense manager and it was about us changing the technology that we had in terms of delivering a customer experience. So your approach we took wass people processing technology. But at the middle, we really put the customer experience at the forefront of everything at the art of every decisions. Makings. So for us were Margaret, we're finishing the migration as we speak right now. That's the first phase. And now with the partner that we have X censure. We're looking in terms ofthe archaic. How can we build capabilities back in the business? Because we've outsourced are full function to our partner. And now it's about how do we get the right level of cost tower scalability for the future so we can deliver premium customer experience. So a lot of activities have happened. We went into natural transformation at the same time, the organization has embraced our job overall and now we're really thinking about was the future data customer experience. So these are the biggest shift that their condition is looking at As we stand right now, we've done the migration and we can now start to think about personalization experimentations. These are all the cool things that we have ahead of us. >> What was the heavy lifting hard part of getting this off the ground? What, some learning or any experiences where you, you know, failed miserably and rebooted or reset means you learned through it oration. We see these successful projects. What's the key learnings? Have you had any moments like that? >> Definitely So So, First of all, I would like to talk a bit about the fail approach because this is something that wasn't obviously part of the organization. And that is something fundamental to a change in organizations. So to quote my boss fail stance or first attempt and learning, So you got to get out and you got to try things and we gotta experiment. Otherwise, you're not really pushing the boundaries. Eso I'm proud of her failure and actually won an award about failure last year at our, um, organizations. So they have a corporate awards that recognise people that do fails but move on and fell fast, like that's a spirit. So for us as, say, at the beginning, the biggest part of a project was to get the what I call the M V P. Zero. So we have to change from a nun premise toe called architectures. And when you start to do these things at an organization that has never done cloud, you uncover a lot of stuff a lot of security protocols, firewalls kicking in. So our first BP zero just to set the infrastructure has been quite a challenge. I think we went three times out, and the third time was the right one. But this is the critical one where you start to build credibility. And even though for us we're working and agile every two weeks without ever cradle to grave, everything full blown experience, this one was really a longer one. And we were really made sure that the requisition understood that this is complicated When you do the foundation. This >> is company goes cousins to say its foundational. So I'm going to take your time. You've got to get that right. Can't have any cracks in the foundation because you're building on top of it. Exactly. So that three attempts you. You said you went out for forbid, or how did three attempts of building it was >> so the throughout That's R about us deploying the full Levi's serology in the clouds. So first time we went uncover a few things. Second time, not anything pop up weren't aware. And then the third time we went out. Third time's a charm to say we went >> out. It was good >> way. Nailed it on that >> time. It's the >> price I didn't invite you on stage. I don't know if you caught that in the Kino. Towards the end of his keynote, he said, We need to have an award for people that disproved their own hypothesis. Exactly so. But you said it's interesting. He said. The people part was hard in the process, and yet it was a top down initiative from the CEO. So was it not bought in a kind of the mid tier management level? The senior management? Why, if the COC and we need to do this, was it hard to move those different party organization? Well, >> I'd say the people part was more about having the right talent on the right mind sets. So one to CEO put forward the culture paper, the stretch goals. Really the organization started to organize themselves on. Are we going to make that thing happened now? Like we need to work differently. And this is not about just more cash, more at counts. We need to re engineer a bit the way we were working, so I wouldn't say that there was an issue with with the way or the people of today was just like you start through higher scrums, you start the heart coach to start our appeal. These are skills says that you've never had. Like at the beginning of the project, we had new marketing talent. We had new partner for the ritual that every we have a new partner for agile and we also have new technology. So you start with a lot of new stuff at the same time. So I'd say these are natural things that you have to do. Is it easy? No, not necessarily. But we had a lot of support from the sea level standpoint. >> It sounds like you guys have a very Dev ops oriented culture because talking about failing fast is a cultural cloud concept. I mean agile iterating scrums. This's a dev ops mindset, infrastructure. It's code. Did you guys have that built in Or you said you started three years ago. Was that was that the core cultural mindset? >> So I wouldn't say that we're a dev ups type of culture of mentality, I would say, actually, it's probably the part that we still need to invest hard because now we build a fully whole machine that scaring and pushing the machine you start uncover that once you go that full cycle, few things are popping up, so you know, and and the in the nineties are beginning of this of two thousands. Like when you were thinking about nal ticks, people were always like, Okay, let's let's do this on our techs use case. Our position at the end. Let's do your documentation at the end. It tends to be the same thing with Dev up. Sometimes like we have a strong architectural when in terms of regression, automation and all these things, we truly need to invest a bit more so we can have a because we're playing every single two weeks that we wanted or not. So that's a lot of pressure on all the people that do, que way you waited to make sure everything >> you want to get it right first, then kind of bolted on after as more of an operational models >> way had a very strong foundation, and now we're spinning everything. >> It's all I got to ask you about the export piece of it because, obviously, um, international global competitiveness is a big force. Right now, people have to be global and data privacy. You mentioned. We talk about genie pr before we came on camera you an opinion on this. Do you have anything? You? Could you please share your view on TV? I really Well, I thought it's valuable. >> Yeah, absolutely. So what I didn't mention when we chatted about that before is Wei thought a lot about you. We need to comply to GDP. Are because this is ah, European regulation. And we headed up that Yes, a CZ. Because we have prisons internationally and erupts. Not everyone that has that opinion that they need to comply. But what we've uncovered was one, one or two weeks before the D days on May twenty fits that We needed to be compliant. So what has happened is in two weeks, we stop everything. We worked twenty four hours for two weeks to restructure the platform to make sure that we were, like, compliant to do CPR. And then after that, we fought a lot. Next few months, we'LL look into it. Are we going to make that thing right? Because people are scared of gpr, but that you want it or not? This is just a beginning way. See it with the California Act Canada as a castle. I'm pretty sure they're going to be very aggressive, so you need to make sure that you really invest in. There are privacy management and all these things. At the end of the day, if it's well done, your customers will love it. The issue is people are being a bit sneaky without the use data. But if you're being transparent and you're being honest with the way you use the data and you're being fully disclosing what you're doing, it's not an issue you need to embrace it. Actually, I think that's a commis it embrace it because it's going to be part of our journey that we >> want to do the tough work up front for you. He was forced to because you are building something new. And then, well, the deadlines here, so is the struggles. Hard works. He had to grind it out. So you and then once you get over that, prepare for it, invested it, nurture the strategy for that. What's the advice to give someone sets there has to do the GPR and might not be into the time pressure, but it's starting out and saying Okay, I got to get my arms around this. What's the core issues well, getting started, not colour, but like what's playbook? >> So the playbook and say like if you think about G p r. This is basically for the European. You If they're not giving you the right tio leverage cookies and tracking and all these things, you should not be doing it. So it's simply thinking in your implementation of a piece of software that goes at the beginning that says, Do you want to have full functional thief, full personalization or not? And don't look at GDP R. But look at the customer experience. If you put the customer once again at the forefront and you really think about what does it make sense? You know if if you and I get on the Web sites and we see that thing that is fronting A, I know what you've done last summer like it's kind of creepy. You don't want to have these things. And so you just build that customer experience around their privacy management, and then everything will fall together. >> So build it into the product. >> Yeah, platform, yeah, and do it the right way and compliance will follow. Don't do it to be compliant. Don't >> exactly do it through a customer experience, >> right? Right. So how's this success band in terms of getting into some of these new markets for you in terms of software and services and some of the other export markets? So, so >> interesting question, because two years ago a DC was focused on to court things, financial products and insurance products. So right now we've expended our product line, and we're now having this what we call knowledge business. So if you think about occasion, business or any business that wants to go beyond the borders, this's quite scary to go in the international game. So now we're capable of offering them a lot of insights on international market out the exports virus key questions that haven't her journey. So we're not helping them to our journey and also as were wet and better than the international supply chains. We're helping them with connecting with big, big companies that are leveraging or looking for some capabilities that we have in the country. So we've really skilled up the product line that we have. We're really shifting the model. We're working a lot with the banks and the way we're supporting the Cajun businesses so like it's days and nights, the type of products that have a solution, the experience that were providing, uh, from two years ago. Do we still have work? Absolutely. Like digital transformation is never such a thing that is completed. The key essence here. The key message is, it's never done, and the customer experience has to be at the forefront if you think about the customer experience. It just happened that most of the experiences digital these days so test our mission is never handing. >> I think I think it's a great mind set. I think that's so smart. It's not just about mobile first or cloud for just customer center. From the beginning, I'm gonna ask you the question. What's it like working with a century Iraq? That what role that they play with a easy to work with the good? What's the story? >> Absolutely. I'm very pleased with the team that we had. We have strong people from Accenture were fully leveraging the network that they have because they're distributed in the global business. Axe Central, for us, is doing all the delivery stuff, the the very difficult stuff behind the scene that is normally like your function that you haven't an organization. So we've been extremely pleased on DH. Actually, I think that the fighter fact that were capable of delivering every single two weeks and agile were pure, agile. You will hear in the industry that some people think they're our job, but they're actually hybrid Elijah. So we're full blown, agile the organization. And they've been strong partner with us on that journey. >> That's awesome. Well, I love the story looking for to keep it in touch. Keep us posted on When you get this transformation. I look forward to chatting. And thanks for sharing your story. And inside here in the Cube, my pleasure. Mark Andreessen, Claire customer here inside the cute telling about the journey and the struggles and GDP are get on it and make it an advantage. Great. Great line there. And digital is the future. I'm Jeffery Jeffery. More day to coverage with the Cube after the short break

>> Live from Bahrain, it's theCUBE. Covering AWS Summit Bahrain. Brought to you by Amazon Web Services. >> Hello everyone, welcome to theCUBE's exclusive coverage. We are here in Bahrain in the Middle East for exclusive coverage of AWS's new region in the area. I'm John Furrier, cohost of theCUBE. It's our first time in the Middle East, as we go out into the world and expand theCUBE's mission of bringing you the best content, extracting the signal from the noise, meeting new people, connecting with thought leaders, people creating innovation, creating a new cultural shift with cloud computing. It's a societal global phenomenon, it's a change that's going to impact society, culture, economics, and humans. And this is theCUBE coverage, we're going to continue with that we are excited to have Khalid Al Rumaihi who is the CEO of the Bahrain Economic Development Board. He's the man, and responsible with his team for all the success and vision of bringing an Amazon region into the area. Here in Bahrain, Amazon has announced a region that's going to come in. And we expect to see economic revitalization. We expect to see an amplification of culture. Welcome to theCUBE, thank you for joining me. >> Thanks for having me John. >> Thanks for inviting us, and thanks for having us here. Here in the middle of all the action. Teresa Carlson from Amazon had a vision and you aligned with that vision, you guys are like-minded individuals. You saw something special with digital. >> Right. >> And this is not new. It's not like you woke up one morning and said, hey, let's bring Amazon in. Take us through the history of how we got here with Amazon about to launch a region early 2019 in Bahrain. You guys have had a vision, take us through that. >> You know, I started in my position about three years ago. I remember March 2015, a little more than three years ago. And my first week on the job, was joining his highness the crown prince in a meeting with Teresa. And so, in that meeting, that's what kicked it really off. Teresa heard form his highness, who is the chairman of the Bahrain Economic Development board, the vision for the country. We deregulated our telecom sector about 13, 14 years ago. We were the first country to do that in the Middle East. Which meant that we introduced competition on broadband, on mobile. It dropped prices by about 50%. On connectivity in the country. That attracted Amazon. When they looked at the region, they said, here's a government that's allowing true competition and for a data center obviously broadband communication, and the competitiveness of that price is key. And she was also impressed with his royal highness's vision for the country going forward. We want to become a digital economy, we want to transform this economy from an oil-based economy, to one that is based on information. And so we had a common view. And we determined, at that point, that we were going to do everything in our power to translate the conversation we had there to a reality. And here we are, almost three years later, almost to have a region here. >> And you know, people know my rant and rave, I always talk about, data is the new oil, information is the new oil. In that data and information, digital assets are digital. It a life-blood now of society. Citizen are reacting. Everyone's now connected with mobile devices, you're starting to see autonomous vehicles, you're starting to see a cultural blending between the old world, and then digital. And citizens can get new services, there's more efficiencies but there's actually a better opportunity for the citizens. And also in general. How do you guys look at that when you guys have your meetings, and you're looking at the vision of the future, the citizen benefits. Whether it's an entrepreneur or someone who's just living life. >> Well you know, when we had this discussion with Amazon, we decided to do what we call a cloud first policy. And we decided that we were going to move the government work loads to the cloud. We were going to actually, challenge any government institution, why they're not using the cloud. And it's been phenomenal. Now, it's been phenomenal from a cost saving perspective, which we want to pass on to the citizens. So for the citizens, for be for them to be able to get government services on their mobile phone, to pay their electricity bill to do get their license. And the government, if it reduces its cost can pass that on to that citizen. But more importantly, it's going to allow innovation to take place in the government. We're going to be able to have our education data in the Ministry of Education, communicate with our labor data. We're going to be able to do education in a new way. So it is going to unleash innovation in the government and the way it offers its services. We think it's going to do the same for businesses and for startups. >> We didn't get a chance to film it yesterday, but we were part of with Teresa Carlson's team with you and your startup Bahrain. All the entrepreneurs from the community, very vibrant, talking General Keith Alexander was there, knows a thing or two about cyber and then we had an entrepreneur visionary in John Wood, who's been in the business, but he's also a visionary. He made a comment and you reacted to that around the impact of the AWS region coming here. He was almost like, there's a storm of innovation coming and you align with that. You said, you kind of reacted at dinner last night about it. What is your feeling of what this will bring to the region? 'Cause Amazon has proven that when they put a region out, there's unexpected consequences sometimes like things you might not see. What are you expecting for the impact. For AWS? >> I think it's a game changer. I mean, you said data is the new oil. If we think back to the 30s, this country was the first country to discover oil. When, at that time, Texaco and So Cal started a refinery and started extracting oil, all the industries that developed around it refineries, oilfield engineering, oilfield services. You know, I think we're seeing we're going to see that in the new digital economy with data. Amazon coming here is going to do several things. Number one, it's going to unleash this innovation, it's going to reduce latency for people who are storing data looking to retrieve that. It's going to create new jobs, data scientists. We estimate 10,000 jobs are going to come on the back of this, that is going to be for the entire region. And I get it, I emphasize this is going to be a game changer, not just for the kingdom of Bahrain, but for the entire Middle East. We're already seeing startups who are getting educated about what the cloud can do for them, and the scale, the scale that they can reach by going to the cloud early on, we've seen them in the United States. Why can't this region see a unicorn that is able to be a global leader, just by virtue of, going to the cloud and learning from Amazon. And Amazon, AWS shares our passion for the startup community and what this can do for that. >> I want to get to the what's going to attract business to come into Bahrain. But first about what startup impact Amazon has proven and I heard a comment from one of the startups, Amazon Web Services is for big companies. Whoa, whoa, yeah, big companies are using Amazon now, but they won, they were built on the backs of startups. When Amazon first started and startups still use Amazon. It is a dream for a startup, the cost to get a company up off the ground, the speed of innovation with Amazon has proven startups, this is a big opportunity. And so this is going to impact how you set policy and get out of the way entrepreneurs, do you help them? As you look at policy, is that almost a tough decision on your part? 'Cause you guys are used to helping entrepreneurs, very entrepreneur friendly, but almost do you get out of their way, do you help them? What's the strategy for the startups? How do you look at this, because if the acceleration comes in and the training kicks in, you're going to see a renaissance of entrepreneurs, >> Right? >> What do you do, get out of their way, help them out? What's that? >> You got to balance it. I think, you can't coddle them. You can't do everything for the entrepreneur, there's got to be that grit, the resilience, that hunger at the entrepreneur. I was an entrepreneur before I took this role, and I think you've really got to have that fire in your belly. So what we want to do is we want to create an ecosystem, but we don't want to spoon feed them. So what we've done is for instance, we launched a $100 million venture capital fund of funds. And we said, the government shouldn't invest in startups but let's create a fund of funds that will invite venture capitalists to base themselves here, but we're not going to tell these venture capitalist how to invest. So each startup has to pitch itself to these venture capitalists and make sure that there's justification for it. We're going to create, you know, training, we're going to create elements, the regulation. We introduced a bankruptcy law this year, that is going to allow people to fail and to restructure. So we're going to put the policy in place. We're going to allow capital to be there, we're going to look at our training and education. But again, it really is down to the entrepreneur, to, so you've got to mix you've got to balance it. You've got to say, the burden is also on you to think about what's the market opportunity. Here is what the country will do, but then the rest is up to you. And I think, we're going to see our young youth in the region. We're doing this because this region is transforming. This region needs to create jobs. There's about a 100 million jobs you need to create in the Middle East over the next couple years. You're not going to be able to create that in the normal way. So we want people to become employers become entrepreneurs, rather than just employees and looking for a nine to five job. So it's integral to the vision of the region. >> Entrepreneurship is the engine of innovation. All right, let's talk about the region. You know, we're first out here so I'm kind of new, fresh eyes and you see Dubai out there, you got Asia, China and all these in Hong Kong and Singapore. So you guys have a unique opportunity. Dubai is kind of like a New York, it's hustle bustle is built out. You guys have this feeling like a Silicon Valley vibe. >> Right? >> It feels very open, very friendly, so you don't have to compete with each other. And New York does things, Silicon Valley does things. So you have this entrepreneurial culture. The key is a global co-creation a connection. How are you going to attract businesses? Because there is demand in the US for domiciling in places outside the United States. There's been a lot of competition. >> Sure. >> So are you prepared for companies to come here work with you? I know you guys are doing a lot of work. What do you say to the folks out there saying, I need to have a presence. Can I domicile in Bahrain? What's it like? What's the opportunities for me to connect into a growing ecosystem around Bahrain? >> So I'd say first of all, on the region, I mean, just like in Asia, just like in the US, you can have multiple hubs. So you know Bahrain will be a hub alongside a Dubai or a Riyadh or a Kuwait and so forth or a Abu Dhabi. And our niche is, as a small country, we're going to be very agile. One of the reasons why Amazon chose Bahrain is because we have a team Bahrain approach. And I, you know, I came from the private sector, when you're talking to General Electric, you're not talking to one department in General Electric, especially if you're a large customer. The whole company's going to rally around you and bring a solution to you as a customer. We're going to do that as a country. So with Amazon we got all the various ministries and we took a team Bahrain approach and we said we're going to solve through the economic development board, we're going to solve for your problem. Mondelez, which chose to locate their $100 million facility in Bahrain, built a facility about 30 soccer pitches, and they did it within a year and a half. We reclaimed land and had the land ready for them. They called it 'cause they make Oreos, they call it turning ocean to Oreos. >> Yeah. >> And so it's that agility that is going to differentiate us. In terms of niche, we're very interested in FinTech. We think we're going to take a leadership position not only regionally, but globally in FinTech. We have exciting announcements that we're going to make in FinTech. It's a small country, we can be nimble, agile, startup friendly, and kind of innovate. And so we're determined to carve a niche in open banking, in crypto currency exchanges, interesting innovation areas that we think we can excel at. >> Cloud computing certainly is a driver, artificial intelligence, obviously clearly. The fodder for entrepreneurship because it allows you to do things with data at a scale with a cloud engine, talk about FinTech and banking you can't ignore blockchain and crypto currency, which is bubble-ish right now, and then was kind of cleaning itself out, sorting itself out, but when that starts to settle and it becomes legitimate in the sense of a global access to digital money, or software defined money. >> Right. >> And data, that could be an integral part. How do you guys look at that? I know that's something that everyone's talking about. People are looking to do token kind of business models and there's really hasn't been any leadership globally at all on. >> Right. >> This is a place people can domicile, here Malta, here, there and there. So how do you guys look at that market, are you thinking about it, are you kicking the tires, what's happening? >> We're looking at FinTech and saying, really, beyond all the logos and all that. We're looking to reduce the friction for a customer doing the simple things. Looking at aggregating your accounts, understanding how you're spending money, looking at how to transfer money, looking at how to raise capital. If we can look at reducing the friction for people around these challenges, these day to day challenges and use our country as a pilot for doing that. Then imagine the potential that once you illustrate the potential here, you could go replicate it elsewhere. So we're very interested in blockchain. So you talk about crypto currencies, I think the real interesting element is the blockchain opportunity in FinTech and beyond. How can you allow the distributed ledger to have multiple applications. We're going to introduce issuing car licensing by a blockchain. Land, real estate transactions via blockchain. In addition to that, we're looking at open banking and allowing open banking to be prevalent here and allowing entrepreneurs to plug in and get access to that data and innovate around that. So that's how we're thinking about innovation in FinTech. >> Really, thanks for coming on and spending the time. I know you're super busy, and thanks for hosting us with theCUBE as part of the Amazon contingent. I give you the final word for the folks watching out there. What should they know about Bahrain that they might not know about it? And how do they engage with you guys? What are you guys doing? How should someone contact you? How do we engage? And what's the secret sauce of the Bahrain plan? >> Well, first of all, I'm going to plug my institution. It's simple, look at bahrainedb.com. It's on the internet. It's going to give you everything you need about what Bahrain. And what I'd say is, this is a small, but you know in this, in today's world, a global world and interconnected world, small is beautiful. So we're a small, forward thinking country. We're in a region that is about $1.5 trillion in terms of just the Gulf Cooperation Council. And here is a great gateway for tapping into that opportunity. We're about 30 minutes from the kingdom of Saudi Arabia which is doing wonderful things with Vision 2030, and you can be in Bahrain accessing that opportunity. And so I'd invite you to come, look at our website and the Bahrainedb will help you translate that kind of opportunity to a reality. >> Khalid, Chief Executive of Economic Development Board in Bahrain. Bold move congratulations. Bold moves have bold payoffs. Big bet with Amazon. >> Thanks, for having me John. >> Thanks for coming on. It's theCUBE here, we're live in Bahrain here at the Ritz Carlton for AWS summit 2018 here in the Middle East. I'm John Furrier. We'll be back with more coverage after this short break. (upbeat music)

>> Live from Bahrain, it's theCUBE. Covering AWS Summit Bahrain. Brought to you by Amazon Web Services. >> Hello everyone, welcome back to theCUBE's exclusive coverage live here in Bahrain. This is our exclusive coverage of Amazon's new region we're covering. Part of AWS Summit, first time here in the Middle East for theCUBE. We're excited to be here. Next guest is Tala Fakhro, Executive Director of Market and Strategy Intelligence of Bahrain's Economic Development Board, also known as the EDB. >> That's right! >> Great to see you. Thanks for coming on. >> Thanks for having me. >> I've learned so much and it was great to meet you last night and have a conversation around some of the things you are working on. The Economic Development Board is a big part of this digital first, cloud first strategy. >> That's right. >> And Amazon's at the center of it. They're going to drop a region in here. This is really big news and it's certainly got our attention. And I've learned so much about what's happening in the startup community. >> Yes, we are very-- >> You've got a lot going on. What's the impact of the AWS region mean for Bahrain, the region, and the economic development opportunity? >> We took a look at Bahrain, and we decided we are going to have to transform this economy from an oil dependent one into a digital one. It just, it seemed like the right thing to do. And having Amazon here, attracting Amazon, allows us to plant that flag to say we are serious, we want to do this. And we will do what we need to do. We, we work together as a government. You know Bahrain is unique because we can do we can do things really fast when we want to. We built the Formula One Racetrack in 14 months, which is unheard of. And we did the same for Amazon. We engaged with them at every level. It wasn't just let's talk about this plot of land here, or this fiber optic cable there. We had the government engaged in legislation, and regulation and education. Every part of the government was actively pushing for this transaction. >> And I think that's an important point. I want to just amplify and double down on that and talk about it, because I think culturally, Bahrain, what I learned was this is a culture of fast moving, open, friendly but pragmatic people. >> Absolutely. >> And that's Amazon's ethos. >> Absolutely. >> Scale, move fast, and innovate. >> Absolutely. We, we've been a trading nation all our lives since time immemorial, you know. We're a tiny little country in the middle of the map. We were cross-border trading before we knew what that was called. So this is something not unique to us. It is part of our DNA, and we found a good match with Amazon. They wanted all the same things we wanted and they are genuinely interested in making the ecosystem of the countries in which they install their regions better. And we found that to be very attractive for us. >> So I've got to ask you, as Amazon comes in they're expected to have that, this region up and running in the beginning of 2019. >> That's right. >> Which is just right around the corner, so they're running fast, so congratulations. >> Thank you. >> It's the new Formula One Racetrack for cloud computing. What is driving the demand for cloud computing? Because obviously we've seen the history of what's happened in North America with startups. >> That's right. >> And as Amazon goes around the world, there's a growth engine underneath Amazon. What's driving the demand for cloud computing in the region? >> Well, 96% by some measures of our entire economy are startups or SMEs. So you could imagine that the cost savings that Amazon offers is extremely attractive. In addition, the volatility of oil prices has put a big crunch on the government budget and so they are also attracted to the idea of saving some money on the cloud. And the government is a big employer and a big consumer. So they really drive the economy. >> Yeah. >> So in both, it was a win-win for everybody. We are really interested in making sure that our Startup scene is vibrant and is scalable. And cloud is the way to do that. It allows you to use as much as you need and pay for only what you would consume, so it's great. >> And so, Khalid Al Rumaihi, the CEO of the EDB. >> Yes. >> Who's a very good visionary. He has private sector background, super smart. Really enjoyed that conversation. But one of the things that we talked about was we always say in theCUBE and sometimes debate this, but data is the new oil. >> Absolutely. >> Couldn't be more indicative of an oil region, and you mentioned that in moving off the dependence of oil, or getting into a new market like data, data needs refineries as an economic opportunity. So he mentions, Vintech as a big driver for what could be possible in Bahrain as a core competency. When you do your research and your insight and intelligent analysis of the data of what's going on the macro level, is that consistent of what you are seeing that there's a need for this digital refinery, being a center point of innovation? And if so, what does that mean? What is, how should people understand that Bahrain is a small country in a big region? >> It is a small-- >> How do you differentiate? How do you take a leadership opportunity? >> Well, Bahrain is a small country but it is a small country that's rich in one thing. If it's not rich in oil, it's rich in its people. We are bilingual. Many of us are trilingual. We've always been open and outgoing and we've been willing to make partnerships and friends with other nations and other places. So we think that our human capital is coming together with the hard infrastructure that a region will bring. It makes it a, you know, a real good proposition. And it allows for our students, who are, by the way, already starting to be cloud trained. Over 2500 Bahrainis have signed up for cloud training since the program started six months ago. >> Yeah. >> That's a huge proportion given our population. That's a much faster rate than India or China for example. >> Yeah. >> So this shows you how much, how willing we are. You know coding is the new English. We learned English in the 70's so that we could compete globally. Now we are learning coding to do the same thing. >> And that's super important. Let's talk about the human capital side of it, 'cause I think this is a good point that a lot of people overlook. Everyone's now connected with mobile devices, so connectedness is now common. So coding is the new language. Digital is the new culture. How are you guys looking at transforming some of the day-to-day citizen roles? Because now you have opportunities to serve citizens from a government standpoint and to get enable them to be successful. And one of the things that I noticed at the Startup Bahrain sessions I was attending yesterday was the vibrant entrepreneurs. They're opinionated, which I love. 'Cause that's what entrepreneurs are. They're like, come on, let's move faster. Where's the cash? Where's the capital? So the human capital seems to be a big equation here. What are you guys doing to facilitate that? Where are you guys on the progress bar in your mind? Are people coding at a young age? Has it started? Is it, what's, what's the progress? Can you take us through the plan? >> Well we, as I mentioned, for a cloud computing, specifically we already have programs in place. We also have many other initiatives coming up through Udacity, through Carcera, through others. We are bringing them to Bahrain to have the technical skills added to the human capital skill set that we already have. But I think most importantly, we are making it important. We are making it a forefront of the government agenda. You know, we are making it something that is a requirement. And I think that as we set our national economic strategy for the next four years, human capital is a crucial driver for that and it is going to have it's very own chapter with all the recommendations and all the initiatives that we think need to be done in order to increase, not just our stem cell but also our creativity, our entrepreneurship, >> Yeah. >> And all the things that had made us great in the past. >> You know as I was observing also, talking to your CEO about, I've seen people trying to replicate Silicon Valley trying to manufacture innovation in a way or trying to get a momentum. It's really hard. But what you guys I think have done or have here that's hard to do or hard to replicate or manufacture out of thin air is you guys have actually built a community of people. I see the entrepreneurs. I see the support around them through the EDB. You have money? >> We do. >> And you have growth coming. The other stuff's mechanics. How do you get funded? How to do this? How are you looking at that? When you look at the research and you dig into, and sometimes the best move is just let it develop. Get out of the way and let the entrepreneurs develop. How are you guys letting this develop because I won't say that Bahrain has an identity crisis. I think they have an opportunity to set a new identity. >> Absolutely. >> How do you look at that? And how do you guys see that opportunity? How do you talk about it? >> Well, you can't buy innovation. I think we've proven that enough times, that government is no good at making people innovate. But what we can do is make life easier for those who want to innovate. So what we want to do is pave the way. Allow for the opportunities to be there. And then, you know, then it's every man for himself and the free market will compete. We're a very free market oriented entity and government and so all we're going to do is we're going to get out of the way. But we're going to make sure that the path is as clear as we can make it. We are going to make sure that whatever we can do to help, we will. Whether that's bringing somebody like an Amazon here, to have the people here or the Al Waha Fund which is a venture capital fund to fund, which was just launched and which is already invested in. And three or four independently managed >> Yeah. >> Venture capital funds. We feel like these kinds of things, where we're not directly funding but we are encouraging, motivating, helping, that's the role of the government. >> And I also want to just to say to the folks watching, you guys and give you guys some props, you don't just talk it, you walk it. And I think what I noticed in the sessions yesterday and meeting some of the top policy makers and the entrepreneurs was you guys are actually doing the work. >> Oh, we're trying. >> And Teresa Carlson's success in Washington D.C. with Amazon web services really is a testament that if you do the work, the results will pay off. And when Teresa came to Washington DC, Amazon Cloud Computing was like, whoa it'll never work. It is not secure. You know, now they are winning. They are doing extremely well. I've seen the model. Everyone's emulating and moving towards. You guys are doing the work. I see the check boxes. But there's still some work to do. EKYC, other things. >> Yup. >> So congratulations. >> Thank you very much. >> So the question is, what do you got done and what is to do? And what does that mean for people who want to come either work here or collaborate with Bahrain? 'Cause if you check the boxes you're going to be set up. What's the status? >> Well, the first thing we wanted to do was to make sure that the soft infrastructure was there, so we, as a government passed what we call the digital ecosystem package. So that's data protection. That's electronic transactions laws. There's a new law that's in the process that will allow people who are storing data on Amazon's region in Bahrain to bring their own laws with them. So that there are no issues with conflict of laws. >> On the compliance side? >> Exactly. >> Yeah. >> So you know, it's as if they are storing in Saudi or Kuwait. >> Yeah. >> But they are storing here. So these kinds of things, this was the first step. And we've passed a bunch of those laws and we think that they are very important. In addition, as I mentioned, we have the funding situation. We begin to look at that. We hope that with this-- >> That's a hundred million fund of funds. >> That's a hundred million dollars fund to fund. >> Fund to fund, which means that you are going to enable private sector-- >> Correct. >> And professionals to come in. >> Absolutely. People who know what they're doing, who have done it before, in the region and outside of the region, whether it's Silicon Valley or Dubai. They're going to come here and they're going to look at the Bahraini startups, and that gives us the chance to compete on the world stage and shine. And it also gives us the chance to up our game. Once you see the competition, then you can >> Yeah. >> Fix and adjust and do what you need to do. And that's what we want. We want them. We're not going to help spoonfeed them. >> Yeah. >> We're not going to give them charity. This is, you are going to compete because what we dream is that Bahrain will eventually become a global player, and we think we can do that. That's our vision. That's what we want to do, and that's where we are headed. >> So you guys are competitive? >> We have to be. (John laughing) We're a tie, we are the underdog. >> Yeah. >> But sometimes underdogs win. >> You know as I was saying also observing that, we're our first time here with theCUBE in the region. So I was noticing that, you know, we see a lot of events in Dubai. And Dubai is very blown, built, blown up now and is developed. Bahrain feels like Silicon Valley because New York is different than say, the San Francisco Bay area, Silicon Valley. But they don't have to be each other. New York is New York. Hustle, bustle. Silicon Valley is where innovation is. It feels like you guys have that same kind of-- >> We do. >> Vibe here. >> We do, and a rising tide lifts all ships. Where there's good for the Emirates and Saudi, there's also good for Bahrain. It's a region at the end of the day. We're too small to be a player on our own. But one thing I wanted to touch on, you mentioned, that, you know, with the Silicon Valley. The difference between New York and Silicon Valley is everybody knows everybody in Silicon Valley. So if you are an entrepreneur and you have a good idea, you can easily access the people that you need to access. >> Yeah. >> We think Bahrain has that advantage too. And this is-- >> Yeah. >> Clearly demonstrated in the Amazon transaction because you know at the time when we could, we had everyone from His Royal Highness, the Crown Prince on down. If we needed them, they were a phone call away. >> And people are accessible here. They're open. >> They're open. >> They're very friendly. But it's kind of, I won't say no, it's kind of no nonsense in the sense of people just want, get to the point. Right? But it's not in your face like a East Coast New York kind of thing. >> Well, we're not there yet. (John laughing) Give us time. >> All right, so back to the access to capital concept because I think first of all, we're going to open up our doors >> Yes. >> With theCUBE in Silicon Valley for you guys. So very impressive. Consider that an open invitation. But now you're talking about networks. As you built community outside of Bahrain, what are some of the things that you guys are trying to do? What does the research say to do? Is it, is there regions that you see that you need to connect through? Obviously, you want to build some communications with other groups. What's the data show for you guys? What's the sequence of execution? >> So I think what we need to do is we really need to focus on the partners that we have and enhance that relationship. But also we need to look a little bit deeper. So I think India and China are areas of interest for us as well because they are interested in this part of the world, and we need to improve our relationship with Silicon Valley. Not just giving them money. >> Yeah. >> Because everyone wants to give Silicon valley money. But we want to really learn-- >> Yeah. >> And understand what they have done, why it's worked there, why it doesn't work elsewhere, and apply some of those lessons here. >> And bring some collaborations, certainly. >> Absolutely. >> Well, people are leaving Silicon Valley and I know that most startups and growing companies have engineering teams all over the world so it's a global economy. >> Absolutely. >> Final question for you as we wrap up. What is going to attract, folks you are, or, let me rephrase that. What should companies know about Bahrain if they want to engage with you guys here and work with you, or domicile here and create a group here? >> Well first of all, they should know that they don't need to involve anyone else because they can come in and set up on their own. 100% foreign ownership is something that we have here. Where it's a very liberal economy. It's a great place to live. and that sounds facetious but it's actually really important because talent is the crucial component of every success for these companies. And people like to live here. People enjoy it. I think you'll find a welcoming environment. You'll find an environment where if you have an issue, you can raise it to the highest level very easily. >> Got it. >> And EDB is here to help with that. >> Well Tala, thank you coming on. >> Thank you. >> Tala Fakhro, Executive Director of the Bahrain Economic Development Board, the EDB. They have a website. You can engage them obviously doing great things. This is the calm before the storm. As Amazon Web Services Region gets up and running, we expect to see a lot of growth and unexpected things. >> Yeah. >> Unexpected, unintended consequences. Be careful what you wish for, Right? >> Well. >> I mean, it's coming. >> It's coming and we're waiting. >> Thanks for joining us. >> Thank you so much. >> I'm John Furrier with theCUBE. You can reach me at @furrier on Twitter. Bringing you all the action here in Bahrain for our exclusive coverage of the Amazon's new region in the area here in Bahrain and through the Middle East. Thanks for watching. Stay with us for more live coverage here at the Ritz Carlton for AWS summit in Bahrain 2018. We'll be right back. (bright music)

>> From the Amazon Meeting Center in downtown Seattle, it's theCUBE. Covering: Imagine A Better World, A Global Education Conference. Sponsored by Amazon Web Services. >> Hey welcome back everybody, Jeff Frick here with theCUBE. We're in downtown Seattle at the AWS IMAGINE education event, first time ever, 900 people registered, over 20 countries represented, Teresa gave the keynote, a lot of exciting stuff. And one of the big announcements is some of the work that's happening down in Los Angeles with all the community colleges there. We're excited to have, right off the keynote stage, he's Bill Allen, the CEO of the LA Economic Development Corporation, who's been instrumental in getting this thing off the ground. Bill, good to see you. >> Jeff, it's great to be with you today. This is an exciting moment for us, rolling out this very successful pilot program to all 19 colleges that are part of the LA Regional Consortium. >> So let's jump in, it's called the CA Cloud Workforce Project. >> Yeah, the California Cloud Workforce Project. We have obviously millions of businesses in California, in our own region 250,000 business with employees that are looking to convert to the cloud, take advantage of the exciting tools and resources available to them in the cloud, but they need the skilled workers in these firms to help migrate this transition and that's what our community colleges are stepping up to provide with the help of Amazon Web Services and AWS Educate. >> So it's really interesting cause you know it's a special role that community colleges play within the whole education system, and we could have a whole long debate over adult beverages on a Friday about the state of the education system but specifically here, there is a huge gap and people think technology's taking jobs away. They're taking some jobs away, but they're opening up a ton of new jobs and go no further than looking at the jobs open recs, there's lots and lots and lots of jobs to fill. So how did it come to be to tie that back directly to real skills, that you can actually have real kids take real jobs? >> Well we see these transitions happening all across the industry sectors in Los Angeles and we have a broad array: aerospace, entertainment, digital media, life sciences, transportation logistics. >> It's the little technology, right. >> Advanced transportation. they're all undergoing significant changes and they're all becoming more technology enabled, more technology dependent. And the opportunity exists to train workers for these technology enabled jobs that provide good wages and good benefits, and help our businesses compete globally and take advantage, fully leverage all these advances and innovations. We formed a center for a competitive workforce with all of our 19 colleges, using their labeled market researcher economists and our own economists in the institute for applied economics at the LAEDC, to study the evolving demand for labor and skills in the various occupations in these industry sectors and compare that against the supply side of our labor market. >> Right, right. >> To enhance our talent development pipeline, and its led to new programs such as this. This was one of the clear areas of opportunity was cloud computing skills. The first program we launched at Santa Monica College, had two sections they rapidly sold out, we had to expand it to seven sections. More than 300 students participated in the first year of courses. 230 are signed up for this Fall 2018. And it's an extraordinarily successful program, but now the other 18 community college presidents have all stepped up and said we're going to roll this out on our campuses beginning this August at East Los Angeles college and historic East LA, part of our community which, speaks to the diversity opportunities. >> Right. >> We have a very diverse population in Los Angeles and many of our communities have been underrepresented historically in the technology fields. They are really interested in accessing the skills and opportunities, and they are really taking up these courses with enthusiasm from our local high schools to our community colleges. And I think it's going to help us in Los Angeles really diversity our technology workforce, and that helps our companies expand globally. >> Right, so I'm just curious, what are some of the skills when you did the research that popped up in terms of specific types of jobs? Because we've all see the pictures of data centers, they are usually pretty clean, there's not a lot of people walking around. But there are people that really need to make it go. So what were some of those kind of job titles and job skills that leapt out that have such demand, and field demand. >> There's so much need for data scientist, there's so much need for machine learning capabilities, there's so much need for basic cloud computing, cyber security, really all of these advanced technologies that are data dependent, data analytic, data science, really are emerging as important components of each and every industry sector that I mentioned earlier that exists in our community and throughout the world. And so our job is to try and share that knowledge with our community colleges, our state universities, our four year public and private institutions, and even our k-12 institutions so they can begin to adjust their curriculum to ensure that they're creating pathways of learning at the earliest ages, and then specific coursework in these emerging opportunities throughout the career ladder, throughout the career development pipeline in the LA area. >> So I want to touch base on the k-12 because I think an interesting component of this program is each community college is paired up with at least one, I don't know if there's more than one high school in their area. And it's always been kind of interesting to me that it's been so hard to get kind of CS baked into kind of the standard high school curriculum. You've got kind of the standard math track with trig and Calc, and Algebra I and Algebra II, you've got kind of the standard science track with Physics, and Bio, and Chem. But it's been really hard to wedge CS into that. So are you finding with programs like this, kind of the adoption or the embracing of the CS curriculum at these lower, lower levels is finally getting some steam? >> We are, interestingly our students have often been ahead of our institutions in understanding the demand and the opportunity, and they've been clamoring for these kinds of opportunities. And our industries are becoming more aware of the roll that they can play in helping our schools develop the curriculum, purchase, acquire, maintain the equipment associated with this. Whether it's hardware, or software. And these partnerships that are emerging originally around some theme based academies in our schools, both charter schools and traditional public schools have been helping the broader school districts engage more deeply in the development of curriculum to prepare a more technologically literate workforce for the future. >> Right, now what if you could speak a little to the public private partnership. You're with the economic development corporation, you mentioned LA chamber of commerce's involved and now you've got a big company like AWS, there's a lot of resources to bring to bare and also a lot of open job recs. How does that work, and how have they helped you partner with Amazon AWS kind of move your initiative forward? >> So Amazon and the AWS platform have been terrific partners and specifically the AWS education initiative, have been terrific partners and are really shining the way, lighting the path for other major employers in our region. The students who graduate with this program will not only be valuable to Amazon itself but so many of its customers who are migrating to the cloud platform. But we have companies like Northrop Grumman who are partnering with community colleges to develop talent for their joint strike fighter program in the North end of our county, and hiring people for well paying jobs. Amazon has premier partners in their AWS educate partner program like Anaca who are providing internships for the graduates of this program. So the public and private sector are working closely together, that's why the LAEDC and the LA chamber were asked to get involved in this so we can bring employers to the table, who are really forward looking in their approaches to developing their future talent pipeline. And really desirous of developing the more diverse talent base that is in Los Angeles to fill the needs as so many of the workers in these industries are aging out of the workforce. We need a significant number of newly skilled young people in our communities to take on the future of each of these industries. >> Right, so we're both big fans of Teresa Carlson she kicked things off today. If we come back a year from today, which I assume we will, what are we going to be talking about? How do you see kind of the next year? What are your kind of short term goals and more medium term goals? I won't even ask you about long term goals. >> As I mentioned we had a few hundred students sign up for this so much so that we had to expand the sections from two to seven, I think you're going to see thousands of students taking advantage of this across our region. We have 300,000 students in our community colleges in this LA regional consortium. >> 300 thousand? >> 300 thousand students. >> Make a big impact. >> And I think a significant number of them are going to want to avail themselves of these types of opportunities. We're projecting through our center for competitive workforce, thousands of job openings in this area and so we have a ways to go of scaling this up to the thousands of students who should be taking these courses, and preparing themselves for the well paying jobs in these careers in Los Angeles and the broader Southern California mega region for which our community colleges train such a healthy percentage of our workforce. >> Alright Bill, well sounds like you're off and running, and wish you nothing but the best. >> Jeff, thanks so much, great talking to you. >> Alright, he's Bill, I'm Jeff. You're watching theCUBE! We're at AWS Imagine education in Seattle. Thanks for watching. (upbeat music)

>> Narrator: Live from San Jose, California in the heart of Silicon Valley, it's theCUBE, covering QuickBooks Connect 2016. Sponsored by Intuit QuickBooks. Now here are your hosts, Jeff Frick and John Walls. >> And welcome back here to San Jose, the Convention Center. We're on theCUBE to continue our coverage of QuickBooks Connect 2016. We're here for the rest of today and onto tomorrow for two days at this great event, third year event, that is now going on with 5,000 attendees. So record attendance, great keynotes this morning, another keynote session coming up, by the way, in just about a half hour or so. We'll have some guests after that and then continue our coverage here tomorrow on theCUBE. Along with Jeff Frick, I am John Walls. We're joined by Yumi Clark who's the SVP of product development at Capital One. And Yumi, thank you for being with us here on theCUBE. >> Thank you very much. >> First time, right? >> Yes. >> On theCUBE. >> Yes, first time. >> So Capital One, what are you doing here? In a good way, of course. But what do you find of interest from a professional standpoint with the small business crowd? >> Yes, so Capital One is here because we want to meet our customers where they are today, and many of our customers are actually here at the show, QuickBooks Connect. Whether they be accountants or small business owners themselves, we are looking to build products for them and solutions for them based off of the pains that they have and the problems that they're having. So we're here to do much of a data gathering exercise and see what we can provide to our users. >> So I assume this is an ongoing process, right? This isn't just a one-time hit. Generally speaking, what do you hear from the people with whom you work or that you're supporting, in terms of their pain points for the services you provide and what you can do from a solutions standpoint? >> Yes, well actually here at QuickBooks Connect we have been doing some informal polls with the people that have been attending, and we often hear these types of things also as we're leading the businesses within the product development space. We're seeing a lot of the people talk about the passions that they have with regards to the business, and oftentimes they start the business because of their passion. They're actually not starting it because they want to start a business itself. Because oftentimes those businesses have a lot of administrivia tied to them in process. That's not what they're doing to start that business. They want to make sure that they're creating something that really speaks to them and speaks to their passions, and because of that, they've created a small business. >> But then, unfortunately, they have to tasks and they have to do accounting and they have to do payroll, they have to pay the vendors, and they have to get up from making whatever they're making and selling whatever they're selling to deal with the reality, and that's really where the opportunity at QuickBooks has done. But part of the thing they're trying to do is build this ecosystem not only to provide the tools, but really to provide other services to enable these folks to be successful. So within the Capital One world, as you look at small businesses as kind of a category, what are some of the unique challenges that they have that you guys are trying to help them with? How do you see the small business world as an opportunity? >> Yes, so in the same way, Capital One is also looking at that ecosystem. First and foremost what we do as a financial institution is provide very competitive savings and checkings and credit cards as part of our plethora of products that we offer. From a savings perspective, we have a 1% cash back, and from a credit card perspective we have a 2% cash back rate so that we're truly competitive from that perspective. In our recent surveys and the research that we've done, we've also seen that many of these small businesses, whether they're here or somewhere else, they have more than two bank accounts in order to run their small business. Also what we see is that they have anywhere between 10 to 12 different applications that they are stitching together to get their financial health of their small business right. Knowing that that's the problem, what we're doing at Capital One is helping them stitch that together. Not only do we have a competitive checking and savings accounts so that they can actually pay their bills and do the invoicing and the payroll, we are also looking at things to help them in future. And most recently in August what we did as Capital One is launch the Spark 401k service. 50% of all Americans either own or work for a small business so it's a huge crowd that needs to be addressed. Even though it's 50%, only 13% of those small businesses are offering some type of retirement benefit. And because of that we saw that as an opportunity and challenge that we can help resolve, and that's why we've launched the Spark 401k service this past August, which is specifically targeted to those small businesses so they can help not only themselves but the employees that work for them think about the future. >> So how has this changed the way you do business? Because you're looking for new products, you're looking for new services, you're looking to be more expansive in the kinds of things that you're offering, right? >> Yumi: Yes. >> But I'm sure the migration has... sometimes it's not natural. You're introducing new concepts to your workforce and to your people and so how's this impacted what Capital One does, in terms of looking to stretch yourself? Basically to create new opportunities for your clients. >> Right. Well, there's two ways that we're addressing the client relationship. One is that we're definitely seeing that digital transformation happen. Most recently in a poll that we took there was about 30% of small businesses were using some type of mobile device, but in the most recent study that we've seen it's about 60%, it's more than doubled in terms of the mobile banking and the mobile device that they're using to run their small business. And because of it we're leaning in to many of the mobile solutions that Capital One can provide so that small businesses can do things anytime, anywhere and any place as they're trying to run their business. 'Cause the reality is is that they're not just sitting in one place nine to five running their business. They're running off, doing other things, they're doing it at home. Also we're exploring different experiments so that if we're meeting the small businesses where they are, trying out different devices and different technologies, I don't know if you've seen some of the announcements that we've made but we're also looking at IoT and some of the Alexa form factors by which you can test and see how is my daily balance, what are the transactions going through and the sort of thing as well. So we're marrying a lot of the technologies that we are seeing and helping small businesses make that transformation themselves where they are today. If they're using one type of device, we'll be helping them with that mobile device. We're helping them with Alexa, for example, as well. And the helping them make that transition. >> So many choices. >> Go ahead, Jeff. >> I was just going to say and then there's now the gig economy, right? >> Yes. >> I wonder if you guys are, I'm sure you're looking at it, how do you see that as being fundamentally different? We were at a thing at the Stanford graduate school the other day and we were talking about the gig economy. At least a small business are thinking about things like retirement and setting aside money for taxes and potentially there's all types of retirement options if you're a small, self-employed person. But then you think of the gig economy, it's a guy doing four hours of week before class to run its Uber, or Postmates or all these kind of little bits and pieces. It doesn't appear from the outside looking in, I have no data, that they're really thinking through what is their total cost? Not only for the insurance and the wear and tear on the car, but then to set aside for taxes, and then are they putting some aside for insurance? Are they putting some aside for retirement? It just feels like that's a whole different kind of category of work and yet it's the one that's growing the most rapidly. >> It is and it isn't, actually. I think that oftentimes financial institutions have been geared more towards companies, business entities and that sort of thing. If we think about the most recent Spark 401k launch that we did, we're looking at companies of one, which are actually gig economy workers, if you really think about it. And then we are able to support those types of employees or businesses as well. The second thing that we're doing in terms of the gig economy is the reality is a lot of these people are, in the same way as I was mentioning before, stitching together their work life. And stitching together their work life means that they're using multiple applications and multiple revenue streams in order to be financially stable. And because of that, one of the pain points that we wanted to address was can we make it easy for these people to stitch together? And that's why we have the aggregation of the top 12 financial institutions within Spark Business so that they can get a complete financial health history of where they are today. >> We've been speaking with different folks from Intuit today and one of the striking conversations we had was about adoption within the accountant community and the cloud migrations, and people with very traditional perspectives or very regimented viewpoints about this is how I do things and the reluctance to change. What are you seeing in terms of digital adoption, what businesses are doing, how willing are they to accept some of these new products, or understanding this is a better mousetrap? And how do you grow that to make them understand this is maximize your efficiency and lower your cost, it's all good. But it's hard to get 'em there. >> Yes. One of the things that we actually see is not solving for the sake of creating a new feature. In the same way that I would feel if I were a small business, just because there's something out there doesn't necessarily mean I want to use it. You have to show the benefit to that small business owner. And if you think about where small businesses have been, they have been going to the bank, but they become more technologically savvy using, for example, mobile deposit capture because that saves them time, and all they have to do is take a picture of the check and it just works to deposit those moneys into a financial institution. And that's what we're providing as part of Capital One. If you show the benefit first, rather than the solution first, I suspect that more people will say, I'll give it a try. And that's what we're seeing in our base as well. We're seeing people saying, I'll give it a try, I am technologically savvy, I am using my mobile device more than I was before, sure, why not, and I'll give it a try. >> John: And that works? >> It has been working for us and we're seeing definitely more people going towards our Spark ecosystem solution, and they're stitching together all of the different applications because they are definitely feeling the pain of trying to do it themselves. And it's really hard to figure out themselves. >> So what's your biggest challenge, then? In terms of, it sounds like adoption, you're working and making progress on that front, you're here surveying your customer base, trying to understand what their needs are. It sounds like everything's great, everything's good, but that isn't always the case, obviously. There are challenges. In your perspective, from your viewpoint, what is it? What's the big hurdle you think that is keeping in the way a progress for you as Capital One and for the small business owner? >> I think really honing in, I think a lot of people often talk about small business owners trying to manage their financial health and their cashflow. That's the reality of running a small business. The question is how you solve that. Is it thinking about the savings and the checking accounts? Is it about thinking about the 401k in the future? Is it about that balance? Is it about tying savings and efficiency? And there's quite a fine line between thinking about just the actual solutions themselves and really offering the benefit. And so that, for us, is kind of the biggest challenge. Meaning that as we test into all these different applications, we need to make sure that we are improving their cashflow and showing them transparency around their financial health. >> It's funny you talk about whether there's a benefit or not and I just think from your customers' point of view, the small businesses, just all these different ways to pay. They want to take that money in and put it in and put it in their Capital One account. Whether it's Google Pay or Apple Pay or they even have Samsung Pay, I don't know why I'd ever want Samsung Pay, and who knows what tomorrow pay is going to be. From your customers' point of view, what do they think of this wave of options that their customers, the end customers, want to have, they think they want to have? They got people pushing these different alternatives down their throat. Are they really necessary? Do we need Samsung Pay along with Apple Pay and Google Pay and I already have credit cards and ATM cards and chip cards and god help us if I pull the 20 out. I went to one restaurant, they wouldn't even take cash. Like, we don't take cash. What, you don't take cash? It's so much more complicated now. There's just so many options coming out. I think of driving through a snowstorm at night with your headlights on. It's just like-- What do you tell 'em? How do they navigate this way? Oh, by the way, I'm still trying to just run my business. >> Right, actually, that's one of the things that we want to do at Capital One. We wanted to give small business owners the personalized delivery of data and looking at what would help them as they're running their small business. Because there are so many choices there, we want to help them make the choices by showing them the data that nudges them towards perhaps you might want this rather than this. That's what we're doing from a short term perspective, and more longer term, what we're also looking at, what is the benefit that we can actually provide? And showing those benefits clearly and transparently to the small business owner. There are a lot of choices out there. >> A lot of choices. Well, Yumi, we've asked you a lot of questions. The one that I think we don't have to ask is what's in your wallet, right? (laughs) We know what's in your wallet. >> Yes, a Venture credit card. (laughs) >> Yumi Clark from Capital One, thank you for joining us here on theCUBE. We appreciate the time. And good luck with the rest of the surveying. I'm sure this is a pretty fertile territory for you in terms of finding out what your customers need, what they want, and what you can do for 'em. >> Thank you so much for having me. >> Thanks. >> Thank you. Back with more on theCUBE here form San Jose in just a minute. (elecronic music)

>> theCUBE's live coverage is made possible by funding from Dell Technologies, creating technologies that drive human progress. (upbeat music) >> Hey everyone, guys and gals, good to see you. It's theCUBE live in Barcelona at MWC23. Lisa Martin here with Dave Vellante on day one of four days of wall to wall CUBE coverage. Dave, today is ecosystem day. We've had some great conversations about why the open ecosystem is so important and some of the key players in it. >> Well and I'm in search of disruptors, so I'm looking for, okay, who are the network operators that are going to actually lean into the future and drive it and challenge the existing incumbents. We'll talk about that today. >> And we're going to be talking about that next. We've got one of our alumni back with us. Satish Iyer is here, the Vice President of Emerging Services at Dell. Great to have you back on the program. >> Thank you. >> Richard Leitao is with us as well, the Vice President of National Development at DISH Network. Welcome. >> Pleasure to be here. >> So, lots of, this is day one, the theme is velocity. I feel like the day has gone by so quickly. But Dell and DISH have partnered together on a multi-year initiative to build your nationwide cloud-native 5G network that's going to cover a lot of the US. Talk a little bit about that partnership, we'll get both of your perspectives. Richard, we'll start with you. >> Sure. So thank you again for having me. So DISH had the opportunity of, of going through this experience, of innovating once more. For the ones that know DISH, DISH is a company that was founded in 1980 by an innovator, a disruptor. Of course, in the course of the next 40 years, we had the opportunities of even disrupting ourselves. We launched our first satellite TV service. We then launched the first streaming, video streaming platform, disrupting our own satellite business. And since 2008, we have been acquiring Spectrum and, you know, Spectrum, the most valuable asset of a wireless operator. We felt that this was the right opportunity, having 5G , having O-RAN, and we decided to go full in in a greenfield project building national network, 5G O-RAN cloud-based network, one of a kind network in in the US and, and most of all, using O-RAN, it's very important to us, what, what it can bring and it can bring to DISH but to the entire ecosystem of, of this sector in the US. >> Satish, talk a little bit about the partnership from Dell's perspective and some of the unique advantages that Dell is delivering to DISH. >> Oh absolutely. Again, like Richard was saying, I mean the telecom network is being desegregated as we speak. You know, companies like DISH and everybody else is looking at what are the best-in-class technologies we can bring to the table. I would like to say that, you know, the cloud is coming to the telco world, right? A lot of us have seen the tremendous transformation in the cloud world in the last few years. Now, you know, DISH is a big enterprise company. As you know, you know, we are pretty strong within the cloud space and enterprise space. So what we try to work with DISH is Dell, is to bring to DISH is, you know, that notion of cloud scale and the cloud ecosystem into telecom, right? By means best-in-class infrastructure products, best-in-class software products, to allow somebody like DISH to innovate and incre, you know, basically expand and build their O-RAN network. So it's absolutely important for us as we build and get into the telecom space to work with somebody like DISH who's also disrupting as a carrier in that space. >> So it's early days for Open RAN but you've decided, "okay, we're all in". >> Yeah. >> Right? So (chuckling) you burn the bridge, as they say, "go for it". (Lisa chuckles) So when you talk to most people, they say, "okay, it's, it's, it's, it's immature." It's got to be able to get to the levels of, of the, the the hardened stack reliability. But of course it brings the advantage of flexibility and speed. Are you optimizing for one or the other right now? How are you dealing with that balance? >> Well, it, it's, it's not mature in the sense that most of operators that think about it, they have a legacy network. And in order to go full in on the O-RAN side, they need to scrap a lot of things that they have and honestly, they don't want, and it doesn't make sense. So being a greenfield operator, give us that advantage. Give us the advantage and, and desegregation, it's all about chip sets, boxes and software and the chip sets part and what I like the most in desegregation is the time of innovation. The time that we can use new chip sets coming into the market, the size of the boxes that we are using. Obviously our footprint onsite is much smaller than traditional carriers or proprietary systems. So all of that Dell has been critical in supporting us. Supporting us having the best chip sets, having the smallest footprint and, you know, the software, the cycle of innovation is much faster than in proprietary systems. So ma-, it's maturing. I'm glad to say that probably two years ago here O-RAN was more like a, a pilot type of technology. It is not, we are live, we are live for more than 30 million customers in the US and, you know, the performance levels are very similar to traditional networks. >> So you don't just buy a nationwide cloud-native 5G network out of the box, you got to- >> No, you don't. >> You got to build it. So I'm curious as to what Dell's role is in that, in that build out. >> Right? >> How and how, I'm really curious how to, how you would grade Dell but we'll get there. >> Yeah, I mean, look, yes, you don't. So I think the, the, the first and foremost is again, as, as we, Dell, comes into the telco space, one of the things we have to look at is to understand what makes Dell better in the enterprise space, right? It is the best-in-class infrastructure. It is the software ties together. As you talk about desegregated networks, it's important to understand lot of these piece parts have to still be touched together, right? So I think the integration and integration aspects becomes really key which is really Dell is very good at. So one of the things we are working really closely with DISH Tech, you know Richard was alluding to, is bringing all, not just bringing all the software and hardware assets together, but how do you continuously innovate and keep fixing things faster, right? So in the old days, traditional ways, you have a software stack, it takes you 18 months, 20 months to actually get an upgrade done. Here we have continuously CI/CD pipelines where if you want to a change done within, within a week's or within a few days, where we can actually go and test and make sure these things work. So I think a lot of the best enterprise software practices, cloud practices, combined with whatever needs for telco, actually is what makes it very unique. >> I, I saw that this started out as an FCC compliance initiative that turned into a partnership, obviously a very successful one. Richard, talk about what DISH saw in Dell that really made it the right choice, knowing you have choices, you have options. >> You know, we saw the capability to execute, but we also saw the capability to innovate. From an execution level, at the end of the day, like we were talking, we started the project in the middle of COVID, and we had the first mandate to cover 20% of the US population by June, 2022. And now we have a second one, 70% of US population by June 2023. At the beginning of the project, it was all about availability of materials, logistics, how to distribute, how to transport material. So Dell has a world-class supply chain, we felt that working with Dell through all these challenges made things easier. So from an execution perspective, whenever you need to build a network and you, you are building thousands of sites, you need to have materials, you need to distribute them and you need to install them. Dell helped us across the board. Our expectations obviously will change. We have a network, we want to cooperate with Dell in many other areas. We want to, you know, leverage on Dell ability to reach the enterprise market, to have private 5G offers. So hopefully this collaboration will endure in time and, and, you know, will change and evolve in time. >> And it's a big bet. I mean, it's not like a single, it's not like a little transaction that you guys are doing. I feel like, you know Michael Dell and Eric Carlson had dinner and they said, "okay, we're going to, we're going to partner up and this is going to be a multi-decade partnership. You had to be transparent, "Hey, we're new at this, even though we're really good at enterprise tech and so you're going to, obviously if you take a chance on us, here's what we promise you." >> Absolutely. >> And vice versa, you guys had to say, "all right, hey, we're willing to roll the dice because we're trying to change the world." So what was that dynamic like? I mean, how did, I'm curious as to this has to be a lot of different levels, engineering, senior management, board level discussions. >> You know, we felt a huge buy-in from Dell on the Open RAN concept. >> Right. >> Yeah, okay. >> And, you know, edge computing and, and the ability to get us the best product and evolve the best product, Intel is is critical in all these offerings. Intel has a great relationship with Dell. Dell helped us. Dell sponsored the DISH program and some of these suppliers, So it was definitely good to have their support and the buy-in on the O-RAN concept. We felt it from day one and we felt secure on that. >> Yeah, I mean, I, to add to that, I mean, you know DISH was very instrumental in driving, dictating and executing to our roadmap, right? They're one of the key, I mean, since they are out there and they're really turning in a way, it's important that a customer who's actually at the out front of innovation, helps us drive our own roadmap. So to Richard's point, a lot of our product roadmaps, in terms of what have you built and all that, was based on what DISH thinks as going to be market-based requirements. They also helped us a lot in the integration aspects. Like I said, one of the things about open desegregation of these networks is there is a lot of integration because, you know, there is, it's not a one, one monolithic pipe smokestack anymore. You are picking up best-in-class pieces, bits and pieces and tying it together. And it's important to understand when you tie it together things will go wrong, right? So there is a lot of learnings from an integration standpoint. Supportability, deployment, one of the things Richard talked about was supply chain, you know. Other Dell's ability to, lot of these deployments, a lot of these configs in the factory, right, in the second part. So especially a lot of these partnerships started during COVID time and as you all know, you know what we went through two years ago. So we had to make sure that lot of these things are done in one place and a factory, and not done in the field because we couldn't do a lot of these things. So there's a lot of, lot of experimentation, lot of, lot, lot of innovation on that. >> So it's 2030, what's this look like? What's the vision if we can work backwards from there? Well, a, a great network coverage to the entire country, bringing new services to enterprises, to verticals, bringing value add to customers and, you know, technology cycles, they are lasting much less than they were. I cannot even say what will happen in three years. 2030, I mean, I know, I know somebody has a vision for 2030. That's another thing. (everyone laughs) >> A lot of it is "build it and they will come", right? >> Yeah. >> I mean it really is right? You put that network in place and then innovation happens on top. That's the best thing. >> Yeah. And look and and I think the biggest people think about Open RAN in terms of cost, which, you know, you, you have some things in cost that you appreciate in Open RAN. The footprint, the the possibility to diversify suppliers and and have more competition. But for me, Open RAN is about innovation and cycles of innovation. I used to work for Nokia, I used to work for Alcatel. I knew from the generation of an idea to an execution and having a feature delivered to a certain customer, it, it took months. We want innovation to take weeks. We are innovating at the speed, speed of the cloud. We are cooperating with new players, players on the cloud and, and we expect things to happen much faster than they traditionally happen on the telecom sector. >> Move fast and break things. >> Well, we also expect that speed- >> Break and fix. (everyone laughs) >> Yeah, thank you for that. >> But speaking of speed, your customers expect that, right? They expect the service to be up 24/7. They expect to be able to access whatever content they want, whenever they want from wherever they are. So comment, Richard, in our last few minutes here of, of how the, the Dell partnership is helping DISH to really deliver the excellent customer experience that your customers just expect that you're going to deliver. >> Well by setting up the system, number one, we are leveraging on a number of services. And I mentioned the supply chain, but in reality Dell made much more than that for our 20% milestone and is supporting our 70% milestone by installing, testing, verifying most of our data center equipment. We found that this offering from Dell was really addressing some of our needs because, you know, we, we believe they know a lot in this area and they, they can provide the best advice and the best speed to market in, in terms of having this equipment. Because we are working on a time clock, we need to have this done as soon as possible. You know for the future, I hope that they can help us in driving more services. I hope they can bring all the infrastructure that we need to offer to our customers. And, you know, we keep committed to O-RAN. O-RAN is really important. We are not compromising that. And I think the future is bright for both of us. >> Yeah, and Dell learns from the experience. >> Exactly. >> Absolutely. >> There's got to be a catalyst for expanding your roadmap and vision in telecom. >> Yeah, I mean, like you said, I mean, you asked a 2030 question and I think that, you know, know six, seven years from now I think people should look at what DISH and Dell and say they were the trailblazers of make, bringing Open RAN to the market and making 5G a reality. I mean, you talk about 5G, but every 5G is on a different stages. I do think that this combination, this partnership has the best chance to be the first ones to actually have a truly Open RAN network to be successful in commercial. >> Awesome guys. Trailblazers, Dell and DISH. Well, we look forward to watching this story unfold. Thank you- >> Thank you. >> for joining Dave and me on the program today talking about what you're doing together. We appreciate it. >> Thanks for having us. >> Our pleasure. >> Thank you, bye. >> For our guests and for Dave Vellante, I'm Lisa Martin. You're watching theCUBE live from Barcelona at MWC23. We'll be back after a short break, so we'll see you soon.

>>Welcome back, everyone live here at Supercomputing 22 in Dallas, Texas. I'm John for host of the Queue here at Paul Gillin, editor of Silicon Angle, getting all the stories, bringing it to you live. Supercomputer TV is the queue right now. And bringing all the action Bresniker, chief architect of Hewlett Packard Labs with HP Cube alumnis here to talk about Supercomputing Road to Quantum. Kirk, great to see you. Thanks for coming on. >>Thanks for having me guys. Great to be >>Here. So Paul and I were talking and we've been covering, you know, computing as we get into the large scale cloud now on premises compute has been one of those things that just never stops. No one ever, I never heard someone say, I wanna run my application or workload on slower, slower hardware or processor or horsepower. Computing continues to go, but this, we're at a step function. It feels like we're at a level where we're gonna unleash new, new creativity, new use cases. You've been kind of working on this for many, many years at hp, Hewlett Packard Labs, I remember the machine and all the predecessor r and d. Where are we right now from your standpoint, HPE standpoint? Where are you in the computing? It's as a service, everything's changing. What's your view? >>So I think, you know, you capture so well. You think of the capabilities that you create. You create these systems and you engineer these amazing products and then you think, whew, it doesn't get any better than that. And then you remind yourself as an engineer. But wait, actually it has to, right? It has to because we need to continuously provide that next generation of scientists and engineer and artists and leader with the, with the tools that can do more and do more frankly with less. Because while we want want to run the program slower, we sure do wanna run them for less energy. And figuring out how we accomplish all of those things, I think is, is really where it's gonna be fascinating. And, and it's also, we think about that, we think about that now, scale data center billion, billion operations per second, the new science, arts and engineering that we'll create. And yet it's also what's beyond what's beyond that data center. How do we hook it up to those fantastic scientific instruments that are capable to generate so much information? We need to understand how we couple all of those things together. So I agree, we are at, at an amazing opportunity to raise the aspirations of the next generation. At the same time we have to think about what's coming next in terms of the technology. Is the silicon the only answer for us to continue to advance? >>You know, one of the big conversations is like refactoring, replatforming, we have a booth behind us that's doing energy. You can build it in data centers for compute. There's all kinds of new things. Is there anything in the paradigm of computing and now on the road to quantum, which I know you're involved, I saw you have on LinkedIn, you have an open rec for that. What paradigm elements are changing that weren't in play a few years ago that you're looking at right now as you look at the 20 mile stair into quantum? >>So I think for us it's fascinating because we've had a tailwind at our backs my whole career, 33 years at hp. And what I could count on was transistors got at first they got cheaper, faster and they use less energy. And then, you know, that slowed down a little bit. Now they're still cheaper and faster. As we look in that and that Moore's law continues to flatten out of it, there has to be something better to do than, you know, yet another copy of the prior design opening up that diversity of approach. And whether that is the amazing wafer scale accelerators, we see these application specific silicon and then broadening out even farther next to the next to the silicon. Here's the analog computational accelerator here is now the, the emergence of a potential quantum accelerator. So seeing that diversity of approaches, but what we have to happen is we need to harness all of those efficiencies and yet we still have to realize that there are human beings that need to create the application. So how do we bridge, how do we accommodate the physical of, of new kinds of accelerator? How do we imagine the cyber physical connection to the, to the rest of the supercomputer? And then finally, how do we bridge that productivity gap? Especially not for people who like me who have been around for a long time, we wanna think about that next generation cuz they're the ones that need to solve the problems and write the code that will do it. >>You mentioned what exists beyond silicon. In fact, are you looking at different kinds of materials that computers in the future will be built upon? >>Oh absolutely. You think of when, when we, we look at the quantum, the quantum modalities then, you know, whether it is a trapped ion or a superconducting, a piece of silicon or it is a neutral ion. There's just no, there's about half a dozen of these novel systems because really what we're doing when we're using a a quantum mechanical computer, we're creating a tiny universe. We're putting a little bit of material in there and we're manipulating at, at the subatomic level, harnessing the power of of, of quantum physics. That's an incredible challenge. And it will take novel materials, novel capabilities that we aren't just used to seeing. Not many people have a helium supplier in their data center today, but some of them might tomorrow. And understanding again, how do we incorporate industrialize and then scale all of these technologies. >>I wanna talk Turkey about quantum because we've been talking for, for five years. We've heard a lot of hyperbole about quantum. We've seen some of your competitors announcing quantum computers in the cloud. I don't know who's using these, these computers, what kind of work they're being used, how much of the, how real is quantum today? How close are we to having workable true quantum computers and what can you point to any examples of how it's being, how that technology is being used in the >>Field? So it, it remains nascent. We'll put it that way. I think part of the challenge is we see this low level technology and of course it was, you know, professor Richard Fineman who first pointed us in this direction, you know, more than 30 years ago. And you know, I I I trust his judgment. Yes. You know that there's probably some there there especially for what he was doing, which is how do we understand and engineer systems at the quantum mechanical level. Well he said a quantum mechanical system's probably the way to go. So understanding that, but still part of the challenge we see is that people have been working on the low level technology and they're reaching up to wondering will I eventually have a problem that that I can solve? And the challenge is you can improve something every single day and if you don't know where the bar is, then you don't ever know if you'll be good enough. >>I think part of the approach that we like to understand, can we start with the problem, the thing that we actually want to solve and then figure out what is the bespoke combination of classical supercomputing, advanced AI accelerators, novel quantum quantum capabilities. Can we simulate and design that? And we think there's probably nothing better to do that than than an next to scale supercomputer. Yeah. Can we simulate and design that bespoke environment, create that digital twin of this environment and if we, we've simulated it, we've designed it, we can analyze it, see is it actually advantageous? Cuz if it's not, then we probably should go back to the drawing board. And then finally that then becomes the way in which we actually run the quantum mechanical system in this hybrid environment. >>So it's na and you guys are feeling your way through, you get some moonshot, you work backwards from use cases as a, as a more of a discovery navigational kind of mission piece. I get that. And Exoscale has been a great role for you guys. Congratulations. Has there been strides though in quantum this year? Can you point to what's been the, has the needle moved a little bit a lot or, I mean it's moving I guess to some, there's been some talk but we haven't really been able to put our finger on what's moving, like what need, where's the needle moved I >>Guess in quantum. And I think, I think that's part of the conversation that we need to have is how do we measure ourselves. I know at the World Economic Forum, quantum Development Network, we had one of our global future councils on the future of quantum computing. And I brought in a scene I EEE fellow Par Gini who, you know, created the international technology roadmap for semiconductors. And I said, Paulo, could you come in and and give us examples, how was the semiconductor community so effective not only at developing the technology but predicting the development of technology so that whether it's an individual deciding if they should change careers or it's a nation state deciding if they should spend a couple billion dollars, we have that tool to predict the rate of change and improvement. And so I think that's part of what we're hoping by participating will bring some of that road mapping skill and technology and understanding so we can make those better reasoned investments. >>Well it's also fun to see super computing this year. Look at the bigger picture, obviously software cloud natives running modern applications, infrastructure as code that's happening. You're starting to see the integration of, of environments almost like a global distributed operating system. That's the way I call it. Silicon and advancements have been a big part of what we see now. Merchant silicon, but also dpu are on the scene. So the role role of silicon is there. And also we have supply chain problems. So how, how do you look at that as a a, a chief architect of h Hewlett Packard Labs? Because not only you have to invent the future and dream it up, but you gotta deal with the realities and you get the realities are silicon's great, we need more of that quantums around the corner, but supply chain, how do you solve that? What's your thoughts and how do you, how, how is HPE looking at silicon innovation and, and supply chain? >>And so for us it, it is really understanding that partnership model and understanding and contributing. And so I will do things like I happen to be the, the systems and architectures chapter editor for the I eee International Roadmap for devices and systems, that community that wants to come together and provide that guidance. You know, so I'm all about telling the semiconductor and the post semiconductor community, okay, this is where we need to compute. I have a partner in the applications and benchmark that says, this is what we need to compute. And when you can predict in the future about where you need to compute, what you need to compute, you can have a much richer set of conversations because you described it so well. And I think our, our senior fellow Nick Dubey would, he's coined the term internet of workflows where, you know, you need to harness everything from the edge device all the way through the extra scale computer and beyond. And it's not just one sort of static thing. It is a very interesting fluid topology. I'll use this compute at the edge, I'll do this information in the cloud, I want to have this in my exoscale data center and I still need to provide the tool so that an individual who's making that decision can craft that work flow across all of those different resources. >>And those workflows, by the way, are complicated. Now you got services being turned on and off. Observability is a hot area. You got a lot more data in in cycle inflow. I mean a lot more action. >>And I think you just hit on another key point for us and part of our research at labs, I have, as part of my other assignments, I help draft our AI ethics global policies and principles and not only tell getting advice about, about how we should live our lives, it also became the basis for our AI research lab at Shewl Packard Labs because they saw, here's a challenge and here's something where I can't actually believe, maintain my ethical compliance. I need to have engineer new ways of, of achieving artificial intelligence. And so much of that comes back to governance over that data and how can we actually create those governance systems and and do that out in the open >>That's a can of worms. We're gonna do a whole segment on that one, >>On that >>Technology, on that one >>Piece I wanna ask you, I mean, where rubber meets the road is where you're putting your dollars. So you've talked a lot, a lot of, a lot of areas of, of progress right now, where are you putting your dollars right now at Hewlett Packard Labs? >>Yeah, so I think when I draw, when I draw my 2030 vision slide, you know, I, for me the first column is about heterogeneous, right? How do we bring all of these novel computational approaches to be able to demonstrate their effectiveness, their sustainability, and also the productivity that we can drive from, from, from them. So that's my first column. My section column is that edge to exoscale workflow that I need to be able to harness all of those computational and data resources. I need to be aware of the energy consequence of moving data, of doing computation and find all of that while still maintaining and solving for security and privacy. But the last thing, and, and that's one was a, one was a how one was aware. The last thing is a who, right? And is is how do we take that subject matter expert? I think of a, a young engineer starting their career at hpe. It'll be very different than my 33 years. And part of it, you know, they will be undaunted by any, any scale. They will be cloud natives, maybe they metaverse natives, they will demand to design an open cooperative environment. So for me it's thinking about that individual and how do I take those capabilities, heterogeneous edge to exito scale workflows and then make them productive. And for me, that's, that's where we were putting our emphasis on those three. When, where and >>Who. Yeah. And making it compatible for the next generation. We see the student cluster competition going on over there. This is the only show that we cover that we've been to that is from the dorm room to the boardroom and this cuz Supercomputing now is elevating up into that workflow, into integration, multiple environments, cloud, premise, edge, metaverse. This is like a whole nother world. >>And, and, but I think it's, it's the way that regardless of which human pursuit you're in, you know, everyone is going to be demand simulation and modeling ai, ML and massive data m l and massive data analytics that's gonna be at heart of, of everything. And that's what you see. That's what I love about coming here. This isn't just the way we're gonna do science. This is the way we're gonna do everything. >>We're gonna come by your booth, check it out. We've talked to some of the folks, hpe obviously HPE Discover this year, GreenLake with center stage, it's now consumption is a service for technology. Whole nother ballgame. Congratulations on, on all this. I would say the massive, I won't say pivot, but you know, a change >>It >>Is and how you guys >>Operate. And you know, it's funny sometimes you think about the, the pivot to as a services benefiting the customer, but as someone who has supported designs over decades, you know, that ability to to to operate and at peak efficiency, to always keep in perfect operating order and to continuously change while still meeting the customer expectations that actually allows us to deliver innovation to our customers faster than when we are delivering warranted individual packaged products. >>Kirk, thanks for coming on Paul. Great conversation here. You know, the road to Quantum's gonna be paved through computing supercomputing software integrated workflows from the dorm room to the boardroom to Cube, bringing all the action here at Supercomputing 22. I'm Jacque Forer with Paul Gillin. Thanks for watching. We'll be right back.

>>When Oracle acquired my SQL via the Sun acquisition, nobody really thought the company would put much effort into the platform preferring to focus all the wood behind its leading Oracle database, Arrow pun intended. But two years ago, Oracle surprised many folks by announcing my SQL Heatwave a new database as a service with a massively parallel hybrid Columbia in Mary Mary architecture that brings together transactional and analytic data in a single platform. Welcome to our latest database, power panel on the cube. My name is Dave Ante, and today we're gonna discuss Oracle's MySQL Heat Wave with a who's who of cloud database industry analysts. Holgar Mueller is with Constellation Research. Mark Stammer is the Dragon Slayer and Wikibon contributor. And Ron Westfall is with Fu Chim Research. Gentlemen, welcome back to the Cube. Always a pleasure to have you on. Thanks for having us. Great to be here. >>So we've had a number of of deep dive interviews on the Cube with Nip and Aggarwal. You guys know him? He's a senior vice president of MySQL, Heatwave Development at Oracle. I think you just saw him at Oracle Cloud World and he's come on to describe this is gonna, I'll call it a shock and awe feature additions to to heatwave. You know, the company's clearly putting r and d into the platform and I think at at cloud world we saw like the fifth major release since 2020 when they first announced MySQL heat wave. So just listing a few, they, they got, they taken, brought in analytics machine learning, they got autopilot for machine learning, which is automation onto the basic o l TP functionality of the database. And it's been interesting to watch Oracle's converge database strategy. We've contrasted that amongst ourselves. Love to get your thoughts on Amazon's get the right tool for the right job approach. >>Are they gonna have to change that? You know, Amazon's got the specialized databases, it's just, you know, the both companies are doing well. It just shows there are a lot of ways to, to skin a cat cuz you see some traction in the market in, in both approaches. So today we're gonna focus on the latest heat wave announcements and we're gonna talk about multi-cloud with a native MySQL heat wave implementation, which is available on aws MySQL heat wave for Azure via the Oracle Microsoft interconnect. This kind of cool hybrid action that they got going. Sometimes we call it super cloud. And then we're gonna dive into my SQL Heatwave Lake house, which allows users to process and query data across MyQ databases as heatwave databases, as well as object stores. So, and then we've got, heatwave has been announced on AWS and, and, and Azure, they're available now and Lake House I believe is in beta and I think it's coming out the second half of next year. So again, all of our guests are fresh off of Oracle Cloud world in Las Vegas. So they got the latest scoop. Guys, I'm done talking. Let's get into it. Mark, maybe you could start us off, what's your opinion of my SQL Heatwaves competitive position? When you think about what AWS is doing, you know, Google is, you know, we heard Google Cloud next recently, we heard about all their data innovations. You got, obviously Azure's got a big portfolio, snowflakes doing well in the market. What's your take? >>Well, first let's look at it from the point of view that AWS is the market leader in cloud and cloud services. They own somewhere between 30 to 50% depending on who you read of the market. And then you have Azure as number two and after that it falls off. There's gcp, Google Cloud platform, which is further way down the list and then Oracle and IBM and Alibaba. So when you look at AWS and you and Azure saying, hey, these are the market leaders in the cloud, then you start looking at it and saying, if I am going to provide a service that competes with the service they have, if I can make it available in their cloud, it means that I can be more competitive. And if I'm compelling and compelling means at least twice the performance or functionality or both at half the price, I should be able to gain market share. >>And that's what Oracle's done. They've taken a superior product in my SQL heat wave, which is faster, lower cost does more for a lot less at the end of the day and they make it available to the users of those clouds. You avoid this little thing called egress fees, you avoid the issue of having to migrate from one cloud to another and suddenly you have a very compelling offer. So I look at what Oracle's doing with MyQ and it feels like, I'm gonna use a word term, a flanking maneuver to their competition. They're offering a better service on their platforms. >>All right, so thank you for that. Holger, we've seen this sort of cadence, I sort of referenced it up front a little bit and they sat on MySQL for a decade, then all of a sudden we see this rush of announcements. Why did it take so long? And and more importantly is Oracle, are they developing the right features that cloud database customers are looking for in your view? >>Yeah, great question, but first of all, in your interview you said it's the edit analytics, right? Analytics is kind of like a marketing buzzword. Reports can be analytics, right? The interesting thing, which they did, the first thing they, they, they crossed the chasm between OTP and all up, right? In the same database, right? So major engineering feed very much what customers want and it's all about creating Bellevue for customers, which, which I think is the part why they go into the multi-cloud and why they add these capabilities. And they certainly with the AI capabilities, it's kind of like getting it into an autonomous field, self-driving field now with the lake cost capabilities and meeting customers where they are, like Mark has talked about the e risk costs in the cloud. So that that's a significant advantage, creating value for customers and that's what at the end of the day matters. >>And I believe strongly that long term it's gonna be ones who create better value for customers who will get more of their money From that perspective, why then take them so long? I think it's a great question. I think largely he mentioned the gentleman Nial, it's largely to who leads a product. I used to build products too, so maybe I'm a little fooling myself here, but that made the difference in my view, right? So since he's been charged, he's been building things faster than the rest of the competition, than my SQL space, which in hindsight we thought was a hot and smoking innovation phase. It kind of like was a little self complacent when it comes to the traditional borders of where, where people think, where things are separated between OTP and ola or as an example of adjacent support, right? Structured documents, whereas unstructured documents or databases and all of that has been collapsed and brought together for building a more powerful database for customers. >>So I mean it's certainly, you know, when, when Oracle talks about the competitors, you know, the competitors are in the, I always say they're, if the Oracle talks about you and knows you're doing well, so they talk a lot about aws, talk a little bit about Snowflake, you know, sort of Google, they have partnerships with Azure, but, but in, so I'm presuming that the response in MySQL heatwave was really in, in response to what they were seeing from those big competitors. But then you had Maria DB coming out, you know, the day that that Oracle acquired Sun and, and launching and going after the MySQL base. So it's, I'm, I'm interested and we'll talk about this later and what you guys think AWS and Google and Azure and Snowflake and how they're gonna respond. But, but before I do that, Ron, I want to ask you, you, you, you can get, you know, pretty technical and you've probably seen the benchmarks. >>I know you have Oracle makes a big deal out of it, publishes its benchmarks, makes some transparent on on GI GitHub. Larry Ellison talked about this in his keynote at Cloud World. What are the benchmarks show in general? I mean, when you, when you're new to the market, you gotta have a story like Mark was saying, you gotta be two x you know, the performance at half the cost or you better be or you're not gonna get any market share. So, and, and you know, oftentimes companies don't publish market benchmarks when they're leading. They do it when they, they need to gain share. So what do you make of the benchmarks? Have their, any results that were surprising to you? Have, you know, they been challenged by the competitors. Is it just a bunch of kind of desperate bench marketing to make some noise in the market or you know, are they real? What's your view? >>Well, from my perspective, I think they have the validity. And to your point, I believe that when it comes to competitor responses, that has not really happened. Nobody has like pulled down the information that's on GitHub and said, Oh, here are our price performance results. And they counter oracles. In fact, I think part of the reason why that hasn't happened is that there's the risk if Oracle's coming out and saying, Hey, we can deliver 17 times better query performance using our capabilities versus say, Snowflake when it comes to, you know, the Lakehouse platform and Snowflake turns around and says it's actually only 15 times better during performance, that's not exactly an effective maneuver. And so I think this is really to oracle's credit and I think it's refreshing because these differentiators are significant. We're not talking, you know, like 1.2% differences. We're talking 17 fold differences, we're talking six fold differences depending on, you know, where the spotlight is being shined and so forth. >>And so I think this is actually something that is actually too good to believe initially at first blush. If I'm a cloud database decision maker, I really have to prioritize this. I really would know, pay a lot more attention to this. And that's why I posed the question to Oracle and others like, okay, if these differentiators are so significant, why isn't the needle moving a bit more? And it's for, you know, some of the usual reasons. One is really deep discounting coming from, you know, the other players that's really kind of, you know, marketing 1 0 1, this is something you need to do when there's a real competitive threat to keep, you know, a customer in your own customer base. Plus there is the usual fear and uncertainty about moving from one platform to another. But I think, you know, the traction, the momentum is, is shifting an Oracle's favor. I think we saw that in the Q1 efforts, for example, where Oracle cloud grew 44% and that it generated, you know, 4.8 billion and revenue if I recall correctly. And so, so all these are demonstrating that's Oracle is making, I think many of the right moves, publishing these figures for anybody to look at from their own perspective is something that is, I think, good for the market and I think it's just gonna continue to pay dividends for Oracle down the horizon as you know, competition intens plots. So if I were in, >>Dave, can I, Dave, can I interject something and, and what Ron just said there? Yeah, please go ahead. A couple things here, one discounting, which is a common practice when you have a real threat, as Ron pointed out, isn't going to help much in this situation simply because you can't discount to the point where you improve your performance and the performance is a huge differentiator. You may be able to get your price down, but the problem that most of them have is they don't have an integrated product service. They don't have an integrated O L T P O L A P M L N data lake. Even if you cut out two of them, they don't have any of them integrated. They have multiple services that are required separate integration and that can't be overcome with discounting. And the, they, you have to pay for each one of these. And oh, by the way, as you grow, the discounts go away. So that's a, it's a minor important detail. >>So, so that's a TCO question mark, right? And I know you look at this a lot, if I had that kind of price performance advantage, I would be pounding tco, especially if I need two separate databases to do the job. That one can do, that's gonna be, the TCO numbers are gonna be off the chart or maybe down the chart, which you want. Have you looked at this and how does it compare with, you know, the big cloud guys, for example, >>I've looked at it in depth, in fact, I'm working on another TCO on this arena, but you can find it on Wiki bod in which I compared TCO for MySEQ Heat wave versus Aurora plus Redshift plus ML plus Blue. I've compared it against gcps services, Azure services, Snowflake with other services. And there's just no comparison. The, the TCO differences are huge. More importantly, thefor, the, the TCO per performance is huge. We're talking in some cases multiple orders of magnitude, but at least an order of magnitude difference. So discounting isn't gonna help you much at the end of the day, it's only going to lower your cost a little, but it doesn't improve the automation, it doesn't improve the performance, it doesn't improve the time to insight, it doesn't improve all those things that you want out of a database or multiple databases because you >>Can't discount yourself to a higher value proposition. >>So what about, I wonder ho if you could chime in on the developer angle. You, you followed that, that market. How do these innovations from heatwave, I think you used the term developer velocity. I've heard you used that before. Yeah, I mean, look, Oracle owns Java, okay, so it, it's, you know, most popular, you know, programming language in the world, blah, blah blah. But it does it have the, the minds and hearts of, of developers and does, where does heatwave fit into that equation? >>I think heatwave is gaining quickly mindshare on the developer side, right? It's not the traditional no sequel database which grew up, there's a traditional mistrust of oracles to developers to what was happening to open source when gets acquired. Like in the case of Oracle versus Java and where my sql, right? And, but we know it's not a good competitive strategy to, to bank on Oracle screwing up because it hasn't worked not on Java known my sequel, right? And for developers, it's, once you get to know a technology product and you can do more, it becomes kind of like a Swiss army knife and you can build more use case, you can build more powerful applications. That's super, super important because you don't have to get certified in multiple databases. You, you are fast at getting things done, you achieve fire, develop velocity, and the managers are happy because they don't have to license more things, send you to more trainings, have more risk of something not being delivered, right? >>So it's really the, we see the suite where this best of breed play happening here, which in general was happening before already with Oracle's flagship database. Whereas those Amazon as an example, right? And now the interesting thing is every step away Oracle was always a one database company that can be only one and they're now generally talking about heat web and that two database company with different market spaces, but same value proposition of integrating more things very, very quickly to have a universal database that I call, they call the converge database for all the needs of an enterprise to run certain application use cases. And that's what's attractive to developers. >>It's, it's ironic isn't it? I mean I, you know, the rumor was the TK Thomas Curian left Oracle cuz he wanted to put Oracle database on other clouds and other places. And maybe that was the rift. Maybe there was, I'm sure there was other things, but, but Oracle clearly is now trying to expand its Tam Ron with, with heatwave into aws, into Azure. How do you think Oracle's gonna do, you were at a cloud world, what was the sentiment from customers and the independent analyst? Is this just Oracle trying to screw with the competition, create a little diversion? Or is this, you know, serious business for Oracle? What do you think? >>No, I think it has lakes. I think it's definitely, again, attriting to Oracle's overall ability to differentiate not only my SQL heat wave, but its overall portfolio. And I think the fact that they do have the alliance with the Azure in place, that this is definitely demonstrating their commitment to meeting the multi-cloud needs of its customers as well as what we pointed to in terms of the fact that they're now offering, you know, MySQL capabilities within AWS natively and that it can now perform AWS's own offering. And I think this is all demonstrating that Oracle is, you know, not letting up, they're not resting on its laurels. That's clearly we are living in a multi-cloud world, so why not just make it more easy for customers to be able to use cloud databases according to their own specific, specific needs. And I think, you know, to holder's point, I think that definitely lines with being able to bring on more application developers to leverage these capabilities. >>I think one important announcement that's related to all this was the JSON relational duality capabilities where now it's a lot easier for application developers to use a language that they're very familiar with a JS O and not have to worry about going into relational databases to store their J S O N application coding. So this is, I think an example of the innovation that's enhancing the overall Oracle portfolio and certainly all the work with machine learning is definitely paying dividends as well. And as a result, I see Oracle continue to make these inroads that we pointed to. But I agree with Mark, you know, the short term discounting is just a stall tag. This is not denying the fact that Oracle is being able to not only deliver price performance differentiators that are dramatic, but also meeting a wide range of needs for customers out there that aren't just limited device performance consideration. >>Being able to support multi-cloud according to customer needs. Being able to reach out to the application developer community and address a very specific challenge that has plagued them for many years now. So bring it all together. Yeah, I see this as just enabling Oracles who ring true with customers. That the customers that were there were basically all of them, even though not all of them are going to be saying the same things, they're all basically saying positive feedback. And likewise, I think the analyst community is seeing this. It's always refreshing to be able to talk to customers directly and at Oracle cloud there was a litany of them and so this is just a difference maker as well as being able to talk to strategic partners. The nvidia, I think partnerships also testament to Oracle's ongoing ability to, you know, make the ecosystem more user friendly for the customers out there. >>Yeah, it's interesting when you get these all in one tools, you know, the Swiss Army knife, you expect that it's not able to be best of breed. That's the kind of surprising thing that I'm hearing about, about heatwave. I want to, I want to talk about Lake House because when I think of Lake House, I think data bricks, and to my knowledge data bricks hasn't been in the sites of Oracle yet. Maybe they're next, but, but Oracle claims that MySQL, heatwave, Lakehouse is a breakthrough in terms of capacity and performance. Mark, what are your thoughts on that? Can you double click on, on Lakehouse Oracle's claims for things like query performance and data loading? What does it mean for the market? Is Oracle really leading in, in the lake house competitive landscape? What are your thoughts? >>Well, but name in the game is what are the problems you're solving for the customer? More importantly, are those problems urgent or important? If they're urgent, customers wanna solve 'em. Now if they're important, they might get around to them. So you look at what they're doing with Lake House or previous to that machine learning or previous to that automation or previous to that O L A with O ltp and they're merging all this capability together. If you look at Snowflake or data bricks, they're tacking one problem. You look at MyQ heat wave, they're tacking multiple problems. So when you say, yeah, their queries are much better against the lake house in combination with other analytics in combination with O ltp and the fact that there are no ETLs. So you're getting all this done in real time. So it's, it's doing the query cross, cross everything in real time. >>You're solving multiple user and developer problems, you're increasing their ability to get insight faster, you're having shorter response times. So yeah, they really are solving urgent problems for customers. And by putting it where the customer lives, this is the brilliance of actually being multicloud. And I know I'm backing up here a second, but by making it work in AWS and Azure where people already live, where they already have applications, what they're saying is, we're bringing it to you. You don't have to come to us to get these, these benefits, this value overall, I think it's a brilliant strategy. I give Nip and Argo wallet a huge, huge kudos for what he's doing there. So yes, what they're doing with the lake house is going to put notice on data bricks and Snowflake and everyone else for that matter. Well >>Those are guys that whole ago you, you and I have talked about this. Those are, those are the guys that are doing sort of the best of breed. You know, they're really focused and they, you know, tend to do well at least out of the gate. Now you got Oracle's converged philosophy, obviously with Oracle database. We've seen that now it's kicking in gear with, with heatwave, you know, this whole thing of sweets versus best of breed. I mean the long term, you know, customers tend to migrate towards suite, but the new shiny toy tends to get the growth. How do you think this is gonna play out in cloud database? >>Well, it's the forever never ending story, right? And in software right suite, whereas best of breed and so far in the long run suites have always won, right? So, and sometimes they struggle again because the inherent problem of sweets is you build something larger, it has more complexity and that means your cycles to get everything working together to integrate the test that roll it out, certify whatever it is, takes you longer, right? And that's not the case. It's a fascinating part of what the effort around my SQL heat wave is that the team is out executing the previous best of breed data, bringing us something together. Now if they can maintain that pace, that's something to to, to be seen. But it, the strategy, like what Mark was saying, bring the software to the data is of course interesting and unique and totally an Oracle issue in the past, right? >>Yeah. But it had to be in your database on oci. And but at, that's an interesting part. The interesting thing on the Lake health side is, right, there's three key benefits of a lakehouse. The first one is better reporting analytics, bring more rich information together, like make the, the, the case for silicon angle, right? We want to see engagements for this video, we want to know what's happening. That's a mixed transactional video media use case, right? Typical Lakehouse use case. The next one is to build more rich applications, transactional applications which have video and these elements in there, which are the engaging one. And the third one, and that's where I'm a little critical and concerned, is it's really the base platform for artificial intelligence, right? To run deep learning to run things automatically because they have all the data in one place can create in one way. >>And that's where Oracle, I know that Ron talked about Invidia for a moment, but that's where Oracle doesn't have the strongest best story. Nonetheless, the two other main use cases of the lake house are very strong, very well only concern is four 50 terabyte sounds long. It's an arbitrary limitation. Yeah, sounds as big. So for the start, and it's the first word, they can make that bigger. You don't want your lake house to be limited and the terabyte sizes or any even petabyte size because you want to have the certainty. I can put everything in there that I think it might be relevant without knowing what questions to ask and query those questions. >>Yeah. And you know, in the early days of no schema on right, it just became a mess. But now technology has evolved to allow us to actually get more value out of that data. Data lake. Data swamp is, you know, not much more, more, more, more logical. But, and I want to get in, in a moment, I want to come back to how you think the competitors are gonna respond. Are they gonna have to sort of do a more of a converged approach? AWS in particular? But before I do, Ron, I want to ask you a question about autopilot because I heard Larry Ellison's keynote and he was talking about how, you know, most security issues are human errors with autonomy and autonomous database and things like autopilot. We take care of that. It's like autonomous vehicles, they're gonna be safer. And I went, well maybe, maybe someday. So Oracle really tries to emphasize this, that every time you see an announcement from Oracle, they talk about new, you know, autonomous capabilities. It, how legit is it? Do people care? What about, you know, what's new for heatwave Lakehouse? How much of a differentiator, Ron, do you really think autopilot is in this cloud database space? >>Yeah, I think it will definitely enhance the overall proposition. I don't think people are gonna buy, you know, lake house exclusively cause of autopilot capabilities, but when they look at the overall picture, I think it will be an added capability bonus to Oracle's benefit. And yeah, I think it's kind of one of these age old questions, how much do you automate and what is the bounce to strike? And I think we all understand with the automatic car, autonomous car analogy that there are limitations to being able to use that. However, I think it's a tool that basically every organization out there needs to at least have or at least evaluate because it goes to the point of it helps with ease of use, it helps make automation more balanced in terms of, you know, being able to test, all right, let's automate this process and see if it works well, then we can go on and switch on on autopilot for other processes. >>And then, you know, that allows, for example, the specialists to spend more time on business use cases versus, you know, manual maintenance of, of the cloud database and so forth. So I think that actually is a, a legitimate value proposition. I think it's just gonna be a case by case basis. Some organizations are gonna be more aggressive with putting automation throughout their processes throughout their organization. Others are gonna be more cautious. But it's gonna be, again, something that will help the overall Oracle proposition. And something that I think will be used with caution by many organizations, but other organizations are gonna like, hey, great, this is something that is really answering a real problem. And that is just easing the use of these databases, but also being able to better handle the automation capabilities and benefits that come with it without having, you know, a major screwup happened and the process of transitioning to more automated capabilities. >>Now, I didn't attend cloud world, it's just too many red eyes, you know, recently, so I passed. But one of the things I like to do at those events is talk to customers, you know, in the spirit of the truth, you know, they, you know, you'd have the hallway, you know, track and to talk to customers and they say, Hey, you know, here's the good, the bad and the ugly. So did you guys, did you talk to any customers my SQL Heatwave customers at, at cloud world? And and what did you learn? I don't know, Mark, did you, did you have any luck and, and having some, some private conversations? >>Yeah, I had quite a few private conversations. The one thing before I get to that, I want disagree with one point Ron made, I do believe there are customers out there buying the heat wave service, the MySEQ heat wave server service because of autopilot. Because autopilot is really revolutionary in many ways in the sense for the MySEQ developer in that it, it auto provisions, it auto parallel loads, IT auto data places it auto shape predictions. It can tell you what machine learning models are going to tell you, gonna give you your best results. And, and candidly, I've yet to meet a DBA who didn't wanna give up pedantic tasks that are pain in the kahoo, which they'd rather not do and if it's long as it was done right for them. So yes, I do think people are buying it because of autopilot and that's based on some of the conversations I had with customers at Oracle Cloud World. >>In fact, it was like, yeah, that's great, yeah, we get fantastic performance, but this really makes my life easier and I've yet to meet a DBA who didn't want to make their life easier. And it does. So yeah, I've talked to a few of them. They were excited. I asked them if they ran into any bugs, were there any difficulties in moving to it? And the answer was no. In both cases, it's interesting to note, my sequel is the most popular database on the planet. Well, some will argue that it's neck and neck with SQL Server, but if you add in Mariah DB and ProCon db, which are forks of MySQL, then yeah, by far and away it's the most popular. And as a result of that, everybody for the most part has typically a my sequel database somewhere in their organization. So this is a brilliant situation for anybody going after MyQ, but especially for heat wave. And the customers I talk to love it. I didn't find anybody complaining about it. And >>What about the migration? We talked about TCO earlier. Did your t does your TCO analysis include the migration cost or do you kind of conveniently leave that out or what? >>Well, when you look at migration costs, there are different kinds of migration costs. By the way, the worst job in the data center is the data migration manager. Forget it, no other job is as bad as that one. You get no attaboys for doing it. Right? And then when you screw up, oh boy. So in real terms, anything that can limit data migration is a good thing. And when you look at Data Lake, that limits data migration. So if you're already a MySEQ user, this is a pure MySQL as far as you're concerned. It's just a, a simple transition from one to the other. You may wanna make sure nothing broke and every you, all your tables are correct and your schema's, okay, but it's all the same. So it's a simple migration. So it's pretty much a non-event, right? When you migrate data from an O LTP to an O L A P, that's an ETL and that's gonna take time. >>But you don't have to do that with my SQL heat wave. So that's gone when you start talking about machine learning, again, you may have an etl, you may not, depending on the circumstances, but again, with my SQL heat wave, you don't, and you don't have duplicate storage, you don't have to copy it from one storage container to another to be able to be used in a different database, which by the way, ultimately adds much more cost than just the other service. So yeah, I looked at the migration and again, the users I talked to said it was a non-event. It was literally moving from one physical machine to another. If they had a new version of MySEQ running on something else and just wanted to migrate it over or just hook it up or just connect it to the data, it worked just fine. >>Okay, so every day it sounds like you guys feel, and we've certainly heard this, my colleague David Foyer, the semi-retired David Foyer was always very high on heatwave. So I think you knows got some real legitimacy here coming from a standing start, but I wanna talk about the competition, how they're likely to respond. I mean, if your AWS and you got heatwave is now in your cloud, so there's some good aspects of that. The database guys might not like that, but the infrastructure guys probably love it. Hey, more ways to sell, you know, EC two and graviton, but you're gonna, the database guys in AWS are gonna respond. They're gonna say, Hey, we got Redshift, we got aqua. What's your thoughts on, on not only how that's gonna resonate with customers, but I'm interested in what you guys think will a, I never say never about aws, you know, and are they gonna try to build, in your view a converged Oola and o LTP database? You know, Snowflake is taking an ecosystem approach. They've added in transactional capabilities to the portfolio so they're not standing still. What do you guys see in the competitive landscape in that regard going forward? Maybe Holger, you could start us off and anybody else who wants to can chime in, >>Happy to, you mentioned Snowflake last, we'll start there. I think Snowflake is imitating that strategy, right? That building out original data warehouse and the clouds tasking project to really proposition to have other data available there because AI is relevant for everybody. Ultimately people keep data in the cloud for ultimately running ai. So you see the same suite kind of like level strategy, it's gonna be a little harder because of the original positioning. How much would people know that you're doing other stuff? And I just, as a former developer manager of developers, I just don't see the speed at the moment happening at Snowflake to become really competitive to Oracle. On the flip side, putting my Oracle hat on for a moment back to you, Mark and Iran, right? What could Oracle still add? Because the, the big big things, right? The traditional chasms in the database world, they have built everything, right? >>So I, I really scratched my hat and gave Nipon a hard time at Cloud world say like, what could you be building? Destiny was very conservative. Let's get the Lakehouse thing done, it's gonna spring next year, right? And the AWS is really hard because AWS value proposition is these small innovation teams, right? That they build two pizza teams, which can be fit by two pizzas, not large teams, right? And you need suites to large teams to build these suites with lots of functionalities to make sure they work together. They're consistent, they have the same UX on the administration side, they can consume the same way, they have the same API registry, can't even stop going where the synergy comes to play over suite. So, so it's gonna be really, really hard for them to change that. But AWS super pragmatic. They're always by themselves that they'll listen to customers if they learn from customers suite as a proposition. I would not be surprised if AWS trying to bring things closer together, being morely together. >>Yeah. Well how about, can we talk about multicloud if, if, again, Oracle is very on on Oracle as you said before, but let's look forward, you know, half a year or a year. What do you think about Oracle's moves in, in multicloud in terms of what kind of penetration they're gonna have in the marketplace? You saw a lot of presentations at at cloud world, you know, we've looked pretty closely at the, the Microsoft Azure deal. I think that's really interesting. I've, I've called it a little bit of early days of a super cloud. What impact do you think this is gonna have on, on the marketplace? But, but both. And think about it within Oracle's customer base, I have no doubt they'll do great there. But what about beyond its existing install base? What do you guys think? >>Ryan, do you wanna jump on that? Go ahead. Go ahead Ryan. No, no, no, >>That's an excellent point. I think it aligns with what we've been talking about in terms of Lakehouse. I think Lake House will enable Oracle to pull more customers, more bicycle customers onto the Oracle platforms. And I think we're seeing all the signs pointing toward Oracle being able to make more inroads into the overall market. And that includes garnishing customers from the leaders in, in other words, because they are, you know, coming in as a innovator, a an alternative to, you know, the AWS proposition, the Google cloud proposition that they have less to lose and there's a result they can really drive the multi-cloud messaging to resonate with not only their existing customers, but also to be able to, to that question, Dave's posing actually garnish customers onto their platform. And, and that includes naturally my sequel but also OCI and so forth. So that's how I'm seeing this playing out. I think, you know, again, Oracle's reporting is indicating that, and I think what we saw, Oracle Cloud world is definitely validating the idea that Oracle can make more waves in the overall market in this regard. >>You know, I, I've floated this idea of Super cloud, it's kind of tongue in cheek, but, but there, I think there is some merit to it in terms of building on top of hyperscale infrastructure and abstracting some of the, that complexity. And one of the things that I'm most interested in is industry clouds and an Oracle acquisition of Cerner. I was struck by Larry Ellison's keynote, it was like, I don't know, an hour and a half and an hour and 15 minutes was focused on healthcare transformation. Well, >>So vertical, >>Right? And so, yeah, so you got Oracle's, you know, got some industry chops and you, and then you think about what they're building with, with not only oci, but then you got, you know, MyQ, you can now run in dedicated regions. You got ADB on on Exadata cloud to customer, you can put that OnPrem in in your data center and you look at what the other hyperscalers are, are doing. I I say other hyperscalers, I've always said Oracle's not really a hyperscaler, but they got a cloud so they're in the game. But you can't get, you know, big query OnPrem, you look at outposts, it's very limited in terms of, you know, the database support and again, that that will will evolve. But now you got Oracle's got, they announced Alloy, we can white label their cloud. So I'm interested in what you guys think about these moves, especially the industry cloud. We see, you know, Walmart is doing sort of their own cloud. You got Goldman Sachs doing a cloud. Do you, you guys, what do you think about that and what role does Oracle play? Any thoughts? >>Yeah, let me lemme jump on that for a moment. Now, especially with the MyQ, by making that available in multiple clouds, what they're doing is this follows the philosophy they've had the past with doing cloud, a customer taking the application and the data and putting it where the customer lives. If it's on premise, it's on premise. If it's in the cloud, it's in the cloud. By making the mice equal heat wave, essentially a plug compatible with any other mice equal as far as your, your database is concern and then giving you that integration with O L A P and ML and Data Lake and everything else, then what you've got is a compelling offering. You're making it easier for the customer to use. So I look the difference between MyQ and the Oracle database, MyQ is going to capture market more market share for them. >>You're not gonna find a lot of new users for the Oracle debate database. Yeah, there are always gonna be new users, don't get me wrong, but it's not gonna be a huge growth. Whereas my SQL heatwave is probably gonna be a major growth engine for Oracle going forward. Not just in their own cloud, but in AWS and in Azure and on premise over time that eventually it'll get there. It's not there now, but it will, they're doing the right thing on that basis. They're taking the services and when you talk about multicloud and making them available where the customer wants them, not forcing them to go where you want them, if that makes sense. And as far as where they're going in the future, I think they're gonna take a page outta what they've done with the Oracle database. They'll add things like JSON and XML and time series and spatial over time they'll make it a, a complete converged database like they did with the Oracle database. The difference being Oracle database will scale bigger and will have more transactions and be somewhat faster. And my SQL will be, for anyone who's not on the Oracle database, they're, they're not stupid, that's for sure. >>They've done Jason already. Right. But I give you that they could add graph and time series, right. Since eat with, Right, Right. Yeah, that's something absolutely right. That's, that's >>A sort of a logical move, right? >>Right. But that's, that's some kid ourselves, right? I mean has worked in Oracle's favor, right? 10 x 20 x, the amount of r and d, which is in the MyQ space, has been poured at trying to snatch workloads away from Oracle by starting with IBM 30 years ago, 20 years ago, Microsoft and, and, and, and didn't work, right? Database applications are extremely sticky when they run, you don't want to touch SIM and grow them, right? So that doesn't mean that heat phase is not an attractive offering, but it will be net new things, right? And what works in my SQL heat wave heat phases favor a little bit is it's not the massive enterprise applications which have like we the nails like, like you might be only running 30% or Oracle, but the connections and the interfaces into that is, is like 70, 80% of your enterprise. >>You take it out and it's like the spaghetti ball where you say, ah, no I really don't, don't want to do all that. Right? You don't, don't have that massive part with the equals heat phase sequel kind of like database which are more smaller tactical in comparison, but still I, I don't see them taking so much share. They will be growing because of a attractive value proposition quickly on the, the multi-cloud, right? I think it's not really multi-cloud. If you give people the chance to run your offering on different clouds, right? You can run it there. The multi-cloud advantages when the Uber offering comes out, which allows you to do things across those installations, right? I can migrate data, I can create data across something like Google has done with B query Omni, I can run predictive models or even make iron models in different place and distribute them, right? And Oracle is paving the road for that, but being available on these clouds. But the multi-cloud capability of database which knows I'm running on different clouds that is still yet to be built there. >>Yeah. And >>That the problem with >>That, that's the super cloud concept that I flowed and I I've always said kinda snowflake with a single global instance is sort of, you know, headed in that direction and maybe has a league. What's the issue with that mark? >>Yeah, the problem with the, with that version, the multi-cloud is clouds to charge egress fees. As long as they charge egress fees to move data between clouds, it's gonna make it very difficult to do a real multi-cloud implementation. Even Snowflake, which runs multi-cloud, has to pass out on the egress fees of their customer when data moves between clouds. And that's really expensive. I mean there, there is one customer I talked to who is beta testing for them, the MySQL heatwave and aws. The only reason they didn't want to do that until it was running on AWS is the egress fees were so great to move it to OCI that they couldn't afford it. Yeah. Egress fees are the big issue but, >>But Mark the, the point might be you might wanna root query and only get the results set back, right was much more tinier, which been the answer before for low latency between the class A problem, which we sometimes still have but mostly don't have. Right? And I think in general this with fees coming down based on the Oracle general E with fee move and it's very hard to justify those, right? But, but it's, it's not about moving data as a multi-cloud high value use case. It's about doing intelligent things with that data, right? Putting into other places, replicating it, what I'm saying the same thing what you said before, running remote queries on that, analyzing it, running AI on it, running AI models on that. That's the interesting thing. Cross administered in the same way. Taking things out, making sure compliance happens. Making sure when Ron says I don't want to be American anymore, I want to be in the European cloud that is gets migrated, right? So tho those are the interesting value use case which are really, really hard for enterprise to program hand by hand by developers and they would love to have out of the box and that's yet the innovation to come to, we have to come to see. But the first step to get there is that your software runs in multiple clouds and that's what Oracle's doing so well with my SQL >>Guys. Amazing. >>Go ahead. Yeah. >>Yeah. >>For example, >>Amazing amount of data knowledge and, and brain power in this market. Guys, I really want to thank you for coming on to the cube. Ron Holger. Mark, always a pleasure to have you on. Really appreciate your time. >>Well all the last names we're very happy for Romanic last and moderator. Thanks Dave for moderating us. All right, >>We'll see. We'll see you guys around. Safe travels to all and thank you for watching this power panel, The Truth About My SQL Heat Wave on the cube. Your leader in enterprise and emerging tech coverage.

(upbeat intro music) >> Hello, everyone. Welcome back to theCube's presentation of the AWS Startup Showcase. This is season two, episode four, of the ongoing series covering the exciting startups from the a AWS ecosystem. Talk about cybersecurity. I'm your host, John Furrier. Here, excited to have two great guests. Ed Casmer, Founder & CEO of Cloud Storage Security. Back, Cube alumni. And also James Johnson, AVP of Research & Development, iPipeline here. Here to talk about Cloud Storage Security, antivirus on S3. Gents, thanks for joining us today. >> Thank you, John. >> Thank you. >> So, the topic here is cloud security, storage security. Ed, we had a great Cube conversation previously, earlier in the month. You know, companies are modernizing their apps and migrating to the cloud. That's fact. Everyone kind of knows that. Been there, done that. You know, clouds have the infrastructure, they got the OS, they got protection. But, the end of the day, the companies are responsible and they're on the hook for their own security of their data. And this is becoming more preeminent now that you have hybrid cloud, cloud operations, cloud-native applications. This is the core focus right now. In the next five years. This is what everyone's talking about. Architecture, how to build apps, workflows, team formation. Everything's being refactored around this. Can you talk about how organizations are adjusting, and how they view their data security in light of how applications are being built and specifically, around the goodness of say, S3? >> Yep, absolutely. Thank you for that. So, we've seen S3 grow 20,000% over the last 10 years. And that's primarily because companies like James with iPipeline, are delivering solutions that are leveraging this object storage more and above the others. When we look at protection, we typically fall into a couple of categories. The first one is, we have folks that are worried about the access of the data. How are they dealing with it? So, they're looking at configuration aspects. But, the big thing that we're seeing is that customers are blind to the fact that the data itself must also be protected and looked at. And, so, we find these customers who do come to the realization that it needs to happen. Finding out like how asking themselves, "How do I solve for this?" And, so, they need lightweight, cloud-native built solutions to deliver that. >> So, what's the blind spot? You mentioned there's a blind spot. They're kind of blind to that. What specifically are you seeing? >> Well, so when we get into these conversations, the first thing that we see with customers is, "I need to predict how I access it." This is everyone's conversation. "Who are my users? How do they get into my data? How am I controlling that policy? Am I making sure there's no east-west traffic there, once I've blocked the north-south?" But, what we really find is that the data is the key packet of this whole process. It's what gets consumed by the downstream users. Whether that's an employee, a customer, a partner. And, so, it's really the blind spot is the fact that we find most customers not looking at whether that data is safe to use. >> It's interesting. You know, when you talk about that, I think about like all the recent breaches and incidents. "Incidents" they call them. >> Yeah. >> They're really been around user configurations. S3 buckets not configured properly. And this brings up what you're saying, is that the users and the customers have to be responsible for the configurations, the encryption, the malware aspect of it. Don't just hope that AWS has the magic to do it. Is that kind of what you're getting at here? Is that the similar? Am I correlating that properly? >> Absolutely. That's perfect. And, and we've seen it. We've had our own customers, luckily, iPipeline's not one of them, that have actually infected their end users, because they weren't looking at the data. >> Yeah. And that's a huge issue. So, James, let's get in, you're a customer-partner. Talk about your relationship with these guys and what's it all about? >> Yeah. Well, iPipeline is building a digital ecosystem for life insurance and wealth management industries to enable the sale of life insurance to underinsured and uninsured Americans, to make sure that they have the coverage that they need should something happen. And, our solutions have been around for many years in a traditional data center type of an implementation. And, we're in process now of migrating that to the cloud, moving it to AWS. In order to give our customers a better experience, better resiliency, better reliability. And, with that, we have to change the way that we approach file storage and how we approach scanning for vulnerabilities in those files that might come to us via feeds from third parties, or that are uploaded directly by end users that come to us from a source that we don't control. So, it was really necessary for us to identify a solution that both solved for these vulnerability scanning needs, as well as enabling us to leverage the capabilities that we get with other aspects of our move to the cloud. Being able to automatically scale based on load, based on need. To ensure that we get the performance that our customers are looking for. >> So, tell me about your journey to the cloud, migrating to the cloud, and how you're using S3. Specifically, what led you to determine the need for the cloud-based AV solution? >> Yeah. So, when we looked to begin moving our applications to the cloud, one of the realizations that we had is that our approach to storing certain types of data, was a bit archaic. We were storing binary files in a database, which is not the most efficient way to do things. And, we were scanning them with the traditional antivirus engines, that would've been scaled in traditional ways. So, as our need grew, we would need to spin up additional instances of those engines to keep up with load. And we wanted a solution that was cloud-native, and would allow us to scan more dynamically without having to manage the underlying details of how many engines do I need to have running for a particular load at a particular time, and being able to scan dynamically and also being able to move that out of the application layer, being able to scan those files behind the scenes. So, scanning in, when the file's been saved in S3. It allows us to scan and release the file once it's been deemed safe, rather than blocking the user while they wait for that scan to take place. >> Awesome. Well, thanks for sharing that. I got to ask Ed and James, same question. And next is, how does all this factor into audits and self-compliance? Because, when you start getting into this level of sophistication, I'm sure it probably impacts reporting, workflows. Can you guys share the impact on that piece of it? The reporting. >> Yeah, I'll start with a comment, and James will have more applicable things to say. But, we're seeing two things. One, is you don't want to be the vendor whose name is in the news for infecting your customer base. So, that's number one. so you have to put something like this in place and figure that out. The second part is, we do hear that under SOC 2, under PCI, different aspects of it, there are scanning requirements on your data. Traditionally, we've looked at that as endpoint data and the data that you see in your on-prem world. It doesn't translate as directly to cloud data, but, it's certainly applicable. And if you want to achieve SOC 2 or you want to achieve some of these other pieces, you have to be scanning your data as well. >> James, what's your take? As practitioner, you're living it. >> Yeah. That's exactly right. There are a number of audits that we go through, where this is a question that comes up both from a SOC perspective, as well as our individual customers, who reach out, and they want to know where we stand from a security perspective and a compliance perspective. And, very often, this is a question of "How are you ensuring that the data that is uploaded into the application is safe and doesn't contain any vulnerabilities?" >> James, if you don't mind me asking. I have to kind of inquire, because I can imagine that you have users on your system, but also you have third parties, relationships. How does that impact this? What's the connection? >> That's a good question. We receive data from a number of different locations. From our customers directly, from their users, and from partners that we have, as well as partners that our customers have. And, as we ingest that data, from an implementation perspective, the way we've approached this, there's minimal impact there in each one of those integrations, because everything comes into the S3 bucket and is scanned before it is available for consumption or distribution. But, this allows us to ensure that no matter where that data is coming from, that we are able to verify that it is safe before we allow it into our systems or allow it to continue on to another third party, whether that's our customer or somebody else. >> Yeah. I don't mean to get in the weeds there, but it's one of those things where, you know, this is what people are experiencing right now. You know, Ed, we talked about this before. It's not just siloed data anymore. It's interactive data. It's third party data from multiple sources. This is a scanning requirement. >> Agreed. I find it interesting, too. I think James brings it up. We've had it in previous conversations, that not all data's created equal. Data that comes from third parties that you're not in control of, you feel like you have to scan and other data you may generate internally. You don't, have to be as compelled to scan that, although it's a good idea. But it's, you can kind of, as long as you can sift through and determine which data is which, and process it appropriately, then you're in good shape. >> Well, James. You're living the cloud security storage security situation, here. I got to ask you if you zoom out, not get in the weeds, and look at kind of the boardroom or the management conversation. Tell me about how you guys view the data security problem. I mean, obviously it's important, right? So, can you give us a level of, you know, how important it is for iPipeline and with your customers and where does this S3 piece fit in? I mean, when you guys look at this holistically, for data security, what's the view? What's the conversation like? >> Yeah. Well, data security is critical. As Ed mentioned a few minutes ago, you don't want to be the company that's in the news because some data was exposed. That's something that nobody has the appetite for. And, so, data security is, first and foremost, in everything that we do. And that's really where this solution came into play and making sure that we had not only a solution, but, we had a solution that was the right fit for the technology that we're using. There are a number of options. Some of them have been around for a while. But this is focused on S3, which we were using to store these documents that are coming from many different sources. And, you know, we have to take all the precautions we can to ensure that something that is malicious doesn't make its way into our ecosystem or into our customers' ecosystems through us. >> What's the primary use case that you see the value here with these guys? What's the "aha" moment that you had? >> With the Cloud Storage Security, specifically, it was really, it goes beyond the security aspects of being able to scan for vulnerable files, which is there are a number of options and, and they're one of those. But for us, the key was being able to scale dynamically without committing to a particular load, whether that's under committing or over committing. As we move our applications from a traditional data center type of installation to AWS, we anticipated a lot of growth over time. And being able to scale up very dynamically, you know, literally moving a slider within the admin console was key to us, to be able to meet our customer's needs without overspending. By building up something that was, dramatically larger than we needed in our initial rollout. >> Not a bad testimonial there, Ed. I mean. >> I agree. >> This is really highlights the applications using S3 more in the file workflow for the application in real time. This is where you start to see the rise of ransomware, other issues and scale matters. Can you share your thoughts and reaction to what James just said? >> Yeah, I think it's critical. I mean, as the popularity of S3 has increased, so has the fact that it's an attack vector now, and people are going after it. Whether that's to plant bad, malicious files, whether it's to replace code segments that are downloaded and used in other applications, it is a very critical piece. And when you look at scale, and you look at the cloud-native capability, there are lots of ways to solve it. You can dig a hole with a spoon, but a shovel works a lot better. And, in this case, you know, we take a simple example like James. They did a weekend migration, so, they've got new data coming in all the time. But, we did a massive migration. 5,000 files a minute being ingested. And, like he said, with a couple of clicks, scale up, process that over a sustained period of time, and then scale back down. So, you know, I've said it before. I said it on the previous one. We don't want to get in the way of someone's workflow. We want to help them secure their data and do it in a timely fashion, that they can continue with their proper processing and their normal customer responses. >> Yeah. Friction always has to be key. I know you're in the marketplace with your antivirus, for S3 on AWS. People can just download it. So, people are interested, go check it out. James, I got to ask you, and maybe Ed can chime in over the top, but, it seems so obvious. Data. Secure the data. Why is it so hard? Why isn't this so obvious? What's the problem? Why is it so difficult? Why are there so many different solutions? It just seems so obvious. You know, you got ransomware, you got injection of different malicious payloads. There's a ton of things going around around the data. Why is this? This is so obvious. Why isn't it solved? >> Well, I think there have been solutions available for a long time. That the challenge, the difficulty that I see is, that it is a moving target. As bad actors learn new vulnerabilities, new approaches. And as new technology becomes available, that opens additional attack vectors. That's the challenge. Is keeping up on the changing world. Including keeping up on the new ways that people are finding to exploit vulnerabilities. >> Yeah. And you got sensitive data at iPipeline. You do a lot of insurance, wealth management, all kinds of sensitive data, super valuable. You know, just brings me up, reminds me of the Sony hack, Ed, years ago. You know, companies are responsible for their own militia. I mean, cybersecurity, there's no government help for sure. I mean, companies are on the hook, as we mentioned earlier at the top of this interview. This really is highlighted that, IT departments and are, have to evolve to large scale cloud, you know, cloud-native applications, automation, AI machine learning all built in, to keep up at the scale. But, also, from a defense standpoint, I mean, James, you're out there, you're in the front lines. You got to defend yourself, basically, and you got to engineer it. >> A hundred percent. And just to go on top of what James was saying is, I think they're one of the big factors, and we've seen this. There's skill shortages out there. There's also just a pure lack of understanding. When we look at Amazon S3 or object storage in general, it's not an executable file system. So, people sort of assume that, "Oh, I'm safe. It's not executable. So, I'm not worried about it traversing my storage network." And they also probably have the assumption that the cloud providers, Amazon, is taking care of this for 'em. And, so, it's this "aha" moment, like you mentioned earlier. That you start to think, "Oh, it's not about where the data is sitting, per se, it's about scanning it as close to the storage spot. So, when it gets to the end user, it's safe and secure. And you can't rely on the end users' environment and system to be in place and up to date to handle it. So, it's that really, that lack of understanding that drives some of these folks into this, but for a while, we'll walk into customers and they'll say the same thing you said, John. "Why haven't I been doing this for so long?" And, it's because they didn't understand that it was such a risk. That's where that blind spot comes in. >> James, it's just a final note on your environment. What's your goals for the next year? How's things going over there in your side? How do you look at the security posture? What's on your agenda for the next year? How do you guys looking at the next level? >> Yeah, well, our goal as it relates to this is, to continue to move our existing applications over to AWS, to run natively there, which includes moving more data into S3 and leveraging the cloud storage security solution to scan that and ensure that it's, that there are no vulnerabilities that are getting in. >> And the ingestion? Is there like a bottlenecks, log jams? How do you guys see that scaling up? I mean, what's the strategy there? More, just add more S3? >> Well, S3 itself scales automatically for us and, the Cloud Storage Solution gives us levers to pull to do that. As Ed mentioned, we ingested a large amount of data during our initial migration, which created a bottleneck for us, as we were preparing to move our users over. We were able to, you know, make an adjustment in the admin console and spin up additional processes entirely behind the scenes and broke the log jam. So, I don't see any immediate concerns there. Being able to handle the load. >> You know, the term cloud-native and, you know, hyperscale-native, cloud-native, OneCloud, it's hybrid. All these things are native. We have anti-virus native coming soon. And I mean, this is what we're. You're basically doing is making it native into the workflows. Security native, and soon there's going to be security clouds out there. We're starting to see the rise of these new solutions. Can you guys share any thoughts or vision around how you see the industry evolving and what's needed, what's working and what's needed? Ed, we'll start with you. What's your vision? >> So, I think the notion of being able to look at and view the management plane and control that, has been where we're at right now. that's what everyone seems to be doing and going after. I think there are niche plays coming up, storage is one of them. But, we're going to get to a point where storage is just a blanket term for where you put your stuff. I mean, it kind of already is that, but, in AWS, it's going to be less about S3, less about work docs, less about EVS. It's going to be just storage and you're going to need a solution that can span all of that, to go along with where we're already at at the management plane. We're going to keep growing the data plane. >> James, what's your vision for what's needed in the industry? What's the gaps? What's working? And where do you see things going? >> Yeah, well, I think on the security front, specifically, Ed's probably a little bit better equipped to speak to them than I am. Since that's his primary focus. But I see the need for just expanded solutions that are cloud-native, that fit and fit nicely with the Amazon technologies, Whether that comes from Amazon or other partners like Cloud Storage Security, to fill those gaps. We're focused on, you know, the financial services and insurance industries. That's our niche. And we look to other partners, like Ed, to help be the experts in these areas. And so that's really what I'm looking for is, you know, the experts that we can partner with that are going to help fill those gaps as they come up and as they change in the future. >> Well, James, I really appreciate you coming on sharing your story. Ed, I'll give you the final word. Put a quick, spend a minute to talk about the company. I know Cloud Storage Security is an AWS partner, with the Security Software Competency. And is one of, I think, 16 partners listed in the competency and data category. So, take a minute to explain, you know, what's going on with the company, where people can find more information, how they buy and consume the products. >> Okay. >> Put the plug in. >> Yeah, thank you for that. So, we are a fast growing startup. We we've been in business for two and a half years, now. We have achieved our Security Competency. As John indicated, we're one of 16 data protection, Security Competent ISV vendors, globally. And, our goal is to expand and grow a platform that spans all storage types that you're going to be dealing with. And answer basic questions. "What do I have and where is it? Is it safe to use?" And, "Am I in proper control of it? Am I being alerted appropriately?" You know, so we're building this storage security platform, very laser-focused on the storage aspect of it. And, if people want to find out more information, you're more than welcome to go and try the software out on Amazon Marketplace. That's basically where we do most of our transacting. So, find it there, start a free trial, reach out to us directly from our website. We are happy to help you in any way that you need it, whether that's storage assessments, figuring out what data is important to you, and how to protect it. >> All right, Ed, thank you so much. Ed Casmer. Founder & CEO of Cloud Storage Security and of course James Johnson, AVP Research & Development, iPipeline customer. Gentlemen, thank you for sharing your story and featuring the company and the value proposition. It's certainly needed. This is season two, episode four. Thanks for joining us. Appreciate it. >> Thanks, John. >> Okay. I'm John Furrier. That is a wrap for this segment of the cybersecurity, season two, episode four. The ongoing series covering the exciting startups from Amazon's ecosystem. Thanks for watching. (gentle outro music)

(bright upbeat music) >> Hi, everyone, welcome back to theCUBE's Unstoppable Domains Partner Showcase. I'm John Furrier, host of theCUBE. This segment in this session is about expansion into Asia Pacific and Europe for Unstoppable Domains. It's a hot startup in the Web3 area, really creating a new innovation around NFTs, crypto, single sign-on, and digital identity, giving users the power like they should. We've got two great guests, Sajjad Rehman, Head of Europe, and Nilkanth, known as Nil, Iyer, head of Asia. Sajjad, Nil, welcome to this CUBE, and let's talk about the expansion. It's not really an expansion, the global economy is global, but showcase here about Unstoppables going to Europe. Thanks for coming on. >> Thanks for inviting us. >> Thanks John, for inviting us. >> So we're living in a global world, obviously, crypto, blockchain, decentralized applications. You're starting to see mainstream adoption, which means the shift is happening. There are more apps coming, and it means more infrastructure, and things got to get easier, right? So, reduce the steps it takes to do stuff, makes the wallets better, give people more secure access and control of their data. This is what Unstoppable is all about. You guys are in the middle of it, you're on this wave. What is the potential of Web3 with Unstoppable, and in general, in Asia and in Europe? >> I can go first. So, now, let's look at the Asia market. I mean, typically, we see the US market, the Europe markets, for typical Web 2.0 software and infrastructure is definitely the larger markets, with US typically accounting for about 60%, and Europe about 20 to 30%, and Asia has always been small. But we see in this whole world of blockchain, crypto, Web 3.0, Asia already has about 160 million users. They have more than 35 local exchanges. And if you really look at the number of countries, in terms of the rate of adoption, many of the Asian countries, which probably you'd have never even heard of, like Vietnam, actually topping the list, right? One of the reasons that this is happening, again, if you go through the Asian Development Bank's latest report, you have these Gen Zs and millennials, of that's 50% of the Asian population. And if you really look at 50% of the Asian population, that's 1.1 billion people out of the total, 1.8 billion Gen Z and millennials that you have have in the world. And these folks are digitally native, they're people, in fact, the Gen Zs are mobile first, and millennials, many of us, like myself, at least, are people who are digital, and 20% of the world's economy is currently digital, and the rest, 40 to 50%, which is going to happen in the Web 3.0 world, and that's going to be driven by millennials and Gen Zs. I think that's why this whole space is so exciting, because it's being driven by the users, by the new generation. I mean, that's my broad thought on this whole thing. >> Before we get get this started, I want to just comment, Asia, also, in other areas where mobile first came, you had the younger demographics absolutely driving the change, because they're like, "Well, I don't want the old way." They go right from scratch at the beginning, they're using the technologies. That has propelled the crypto world. I mean, that is absolutely true. Everyone's kind of seeing that. And that's now influencing some of these developer nations, like say, in Europe, for instance, and even North America, I think Europe's more advanced than North America, in my opinion, but we'll get to that. Oh, so potential in Europe. Sajjad, take us through your thoughts on... As head of Europe, for our audience. >> Absolutely, so, Nil's right. I think Asia is way ahead in terms of Gen Z user adopting crypto, Europe is actually a distant second, but it's surprising to note that Europe actually has the highest transactional activity in crypto over the last year and a half. And if you dig a bit deeper, I'd say, arguably, for Europe, I think the opportunity in Web3 is perhaps the largest. And then perhaps it can mean the most for Europe. Europe, for the last decade, has been trailing behind Asia and North America, when it comes to birthing unicorns, and I think Web3 can provide a StepChain opportunity. This belief, for me, stems from the fact that Europe's policy, right, like, for example, GDPR, is focused on enabling your data ownership. And I think I recently read a very good paper out of Stanford, by Patrick Henson. He speaks about Web3 being the best part, here, for Europe enabling patient sovereignty. So what that means is users control the data, they're paying to enter it, and they harness the value from it. And on one hand, while Europe is enabling that regulation, that's entered in that code, Web3 actually brings it into action. So I think with more enablement, better regulation, and we'll see more hubs, like the Crypto Valley in Switzerland pop up, that will bring, I think, I'd rather be careful, better to say, not over-regulation, the right regulation. We can expect more in prop capital, more builder talent, that then drives more adoption. So I think the prospects for Europe in terms of usage, as well as builders, are quite bright. >> Yeah, and I think, also, you guys are in areas where the cultural shift is so dramatic. You mentioned Asia, the demographics, even the entrepreneurial culture in Europe right now is booming. You look at all the venture-backed startups, and the young generation building companies! And again, cloud computing is a big part of that, obviously. But look at, compared to the United States, you go back 15 years ago, Europe was way behind, on the startup scene. Now it's booming and pumping on all cylinders. And it kind of points at this cultural shift. It's almost like a generational... It's like the digital hippies changing the world. The Web3, it's kind of, "I don't want to be Web2, Web2 is so old, I don't want to do that." And then it's all because it's changing, right? And there are things inadequate with Web2, on the naming system. Also the arbitrage around fake information, bots, users being manipulated, and also merchandised and monetized through these portals. Okay, that's kind of ending. So talk about the dynamic of Web2, 3, at those areas. You've got users and you've got companies, who build applications. They're going to shift and be forced, in our opinion, and I want to get your reaction to that. Do you think applications are going to have to be Web3, or users will reject them? >> Yeah, I think that I'll jump in and add to there in Nil's part. I think the Web3 is built on three principles, right? They're decentralization, ownership, and composability. And I think these are not binary. So if I look further on in the future, I don't see a future where you have just Web3. I think there's going to be coexistence or cooperation between Web2 companies, Web3, building bridges. I think there's going to be... There's a sliding scale to decentralization, versus centralization. Similarly, ownership. And I think users will find what works best for them in different contexts. I think what Unstoppable is doing is essentially providing the identity system for Web3, and that's way more powerful when it comes to being built on blockchains, than with the naming system we had for Web2, right? The identity system can serve the purpose of taking a user's personal identifier, password, blockchain, domain name, and attaching all kinds of attributes that define who you are, both in the physical and digital world, and filling out information that you can transact on the basis of. And I think the users would, as we go to a no-code and low-code future, right, where in Web2, more of the users were essentially consumers, or readers of the internet. And in Web3, with more low-code and no-code technology platforms taking shape and getting proliferation, you would see more users being actually writers, publishers, and developers on the internet. And they would value owning their data, and to harness the most amount of value from it. So I think that's the power concept, and I think that's the future I see, where Web3 will dominate. Nil, what do you think? >> Well, I think you put it very, very nicely, Sajjad. I think you covered most of the points, I think. But I'm seeing a lot of different things that are happening at the ground. I think a lot of the governments, a lot of the Web 2.0 players, the traditional banks, these guys are not sitting quiet on the blockchain space. There are a lot of pilots happening in the blockchain space, right? I mean, I can give you real life examples. I mean, one of the biggest examples is in my home state of Maharashtra, where Mumbai is. They actually partnered with Polygon (MATIC), right? Actually built a private blockchain-based capability to kind of deliver your COVID vaccination certificates with the QR code, right? And that's the only way they could deliver that kind of volumes in that short a time, with the kind of user control, the user control the user has on the data. That could only be possible because of blockchain. Of course, it's still private, because it's healthcare data, they still want to keep it, something that's not fully on a blockchain. But that is something. Similarly, there is a consortium of about nine banks who have actually trying to work on making things like remittances or trade finance much, much easier. I mean, remittances through a traditional, Web 2.0 world is very, very costly. And especially in the Asian countries, a lot of people from Southeast Asia work across the world and send back money home. It's a very costly and a time-taking affair. So they have actually partnered and built a blockchain-based capability, again, in a pilot stage, to kind of reduce the transaction costs. For example, if you just look at the trade finance days where there are 14 million traders, who do 2.4, 5 trillion dollars, of transaction, they were able to actually reduce the time that it takes from eight to nine days, to about two to three days. And so, to add on to what you're saying, I think these two worlds are going to meet, and meet very soon. And when they meet, what they need is a single digital identity, a human-readable way of being able to send and receive and do commerce. I think that's where I see Unstoppable Domains, very nicely positioned to be able to integrate these two worlds, so that's my thought on all the logistics. >> That was a great point. I was going to get into which industries, and kind of what areas, you see in your geographies. But it's a good point about saving time. I like how you brought that up, because in these new waves, you either got to reduce the steps it takes to do something, or save time, make it easy. And this is the successful formula, in anything, whether it's an app or UI or whatever, but what specifically are they doing in your areas? And what about Unstoppable are they attracted to? Is it because of the identity? Is it because of the apps? Is it because of the single sign-on? What is the reason that they're leaning in, and unpacking this further into their pilots? >> Sajjad, do you want to take that? >> Yeah, absolutely, man. >> Because. >> Yeah, I'm happy. Please jump in if you want. So I think, and let me clarify the question, John, you're talking about Web2 companies, looking to partner in software, or potential partnerships, right? >> Yeah, what are they seeing, and what are they seeing as the value that these pilots we heard from Nilkanth around the financial industry? And obviously, gaming's one, it's obvious. Huge: financial, healthcare, I mean, these are obviously verticals that are going to be heavily impacted in a positive way. What are they seeing as value? What's getting them motivated to do these pilots? Why are they jumping in, with both feet, if you will, on these projects? Is it because it's saving money, is it time, or both, is it ease of use, is it the user's expectations? Trying to tease out how you guys see that evolving. >> Yeah, yeah, I think... This is still, the space is, the movement is going very fast, but I think the space is still young. And right now, a lot of these companies are seeing the potential that Web3 offers. And I think the key, key dimensions, right, composability, decentralization, and ownership. So I think the key thing I'm seeing in EU is these Web2 companies seeing the momentum and looking to harness that by enabling bridges to Web3. One of the key trends in Europe has been Fintech, I think over the last five to six years, we have the Revolut, N26, e-TOTAL creating platforms, new banks and super finance, super apps rising to the forefront. And they are all enabling, or also connecting a bridge with Web3 in some shape and form, either enabling creating of crypto, some are launching their own native wallets, and these are, essentially, ways that they can, one, attract users. So the Gen Z who are looking for more friction in finance, to get them on board, but also to look to enable more adoption by their own users, who are not using these services that potentially create new revenue streams, and create allocation of capital that they could not access, to have access to otherwise. So I think that's one trend I'm seeing over here. I think the other key trend is, in Europe, at least, has been games. And again, dead links or damaged, web creators would call the metaverse. So a lot of game companies are looking to step into Game Fire, which is, again, a completely different business model to what traditional game companies used to use. Similarly, metaverse is where again, ownership creates a different business model and they see that users and gamers of the future would want to engage with that, versus just being monetized on the basis of subscription or ads. And I think that's something that they're becoming aware of, and moving quickly in the space, launching their own metaverses, or game by applications. Or creating interoperability with these decentralized applications. >> You know, I wanted to get into this point, but I was going to ask about the community empowerment piece of this equation, 'cause digital identity is about the user's identity, which implies they're part of a community. Web3 is very community-centric. But you mentioned gaming, I mean, people who have been watching the gaming world, like ourselves, know that communities and marketplaces have been very active for years, many years, over 15 years. Community, games, currency, in-game activity, has been out there, right, but siloed within the games themselves. So now, it seems that that paradigm's coming in and empowering all communities. Is this something that you guys see and agree with? And if so, what's different about that? How are communities being empowered? I guess that's the question. >> Yeah, I can maybe take that, Sajjad. So, I mean, I must have heard of Axie Infinity, I mean, 40% of their user base is in Vietnam. And the average earning that a person makes in a month, out of playing this game, is more than the national, daily or minimum wage that is there, right? So that's the kind of potential. Actually, going back, as a combination of actually answering your earlier question, and I think over and above what Sajjad said, what's very unique in Asia is we still have a lot of unbanked people, right? So if you really look at the total unbanked population of the world, it's 1.6 billion, and 24% of that is in Asia, so almost 375 million people are in Asia. So these are people who do not have access to finance or credit. So the whole idea is, how do we get these people on to a banking system, onto peer-to-peer lending, or peer-to-peer finance kind of capabilities. I think, again, Unstoppable Domains kind of helps in that, right? If you just look at the pure Web 3.0 world, and the complex, technical way in which money or other crypto is transferred from one wallet to the other, it's very difficult for an unbanked person who probably cannot even do basic communication, cannot read and write, to actually be able to do it. But something that's very human-readable, something that's very easy for him to understand, something that's visual, something that he can see on his mobile. With 2G network, we are not talking of... The world is talking about 5G, but there are parts of Asia, which are still using 2G and 2.5G kind of network, right? So I think that's one key use case. I think the banks are trying to solve because for them, this is a whole new customer segment. And, sorry, I actually went back a little bit, to your earlier question, but coming to this whole community-building, right? So on March 8th, we're launching something called this Women of Web3, or, oh, that is WoW3, right? This is basically to, again, empower. So if you, again, look at Asia, women need a lot of training, they need a lot of enablement, for them to be able to leverage the power of Web 3.0. I can talk about India, of course, being from India. A lot of the women do not... They do all the small businesses, but the money is taken by middlemen, or taken by their husbands. With Web 3.0, fundamentally, the money comes to them, because that's what they use to educate their children. And it's the same thing in a lot of other Southeast Asian countries as well. I think it's very important to build those communities, communities of women entrepreneurs. I think this is a big opportunity to really get the section of society, which probably will take 10 more years, if we go through the normal Web1 to Web 2.0 progression, where the power is with corporations, and not with the individuals. >> And that's a great announcement, by the way, you mentioned the $10 million worth of domains being issued out for... This is democratization, it's what it's all about. Again, this is a new revolution. I mean, this is a new thing. So great stuff, more education, more learning. And going to get the banks up and running, get those people banking, 'cause once they're banking, they get wallets, right? So they need the wallets. So let's get to the real meat here. You guys are in the territory, Europe and Asia, where there's a lot of wallets. There's a lot of exchanges, 'cause that's... They're not in the United States. There's a few of them there, but most of them outside the United States. And you've got a lot of dApps developing, decentralized applications, okay? So you got all this coming together in your territory. What's the strategy, how you going to attack that? You got the wallets, you got the exchanges, and you got D applications. DApps. >> Yeah, I'm happy to (indistinct). So I think, and just quickly there, I think one point is, and Nil really expressed it beautifully, is finding inclusion. That is something that has inspired me, how Web3 can make the internet more inclusive. That inspired my move here. Yeah, I think, for us, I think we are at the base start when it comes to Europe, right? And the key focus, in terms of our approach in Europe would be that, we want to do two things. One, we want to increase the utility of these domain names. And the second thing is, we will invite proliferation with our partners. So when I speak about utility, I think utility is when you have a universal identifier, which is a domain name, and then you have these attributes around it, right? What then defines your identity. So in the context, in Europe, we would look to find partners to help us enrich that identity around the domain name. And that adds value for users, in terms of acquiring these domains and new clients. And on the other end, when it comes to proliferation, I think it's about working with all those crypto, and crypto and Web3, Web3 participants as well as Web3-adjacent companies, brands, and services, who can help us educate current and future, and upcoming Web3 users about the utility of domain names, and help us onboard them to the decentralized internet. So I think that's going to be the general focus. I think the key is that, as, oh, and hopefully, we'll be having one, overarching regulation, EU, that allowed us to do this at a vision level. But I would say I think it's going to be tackling it country by country, identifying countries where there's deeper penetration for Web3, and then making sure that we are partnered with local, trusted partners that are already developing for local communities there. So, yeah, that's my view and Nil, I believe those are wants in, for Asia. >> Oh, I think, yeah, so again, in Asia, one is you have a significant part of humanity living in Asia, right? So obviously, all the other challenges and the opportunities that we talk about, I think the first area of focus would be educating the people on the massive opportunity that they have, and if you're able to get them in early, I think it's great for them as well, right? Because by the time governments, regulations, large banking, financial companies move, but if you can get the larger population into this whole space, it's good for them, so they are first movers in that space. I think we are doing a lot of things on this, worldwide. I think we've done more than 100 past podcasts, just educating people on what is Web 3.0, what are NFT domains? What is DeFi, and so on and so forth. I think it would need some bit of localization, customization, in Asia, given that India itself has about 22 languages. And then there are the other countries which, each of them with their own local languages and syntax, semantics and all those things, right? So I think that that is very important, to be able to disseminate the knowledge, although it's global, but I think to get the grassroot people to understand the opportunity, I think it would need some amount of work there. I think also building communities, I think, John, you talked about communities, so did Sajjad talk about communities. I think it's very important to build communities, because communities create ideation. It talks about... People share their challenges, so that people don't repeat the same mistakes. So I think it's very important to build communities based on interest. I think we all know in the technology world, you can build communities around Elegram, Telegram, Discord, Twitter spaces, and all those things. But, again, when you're talking of financial inclusion, you're talking of a different kind of community-building. I think that that would be important. And then of course I will kind of, primarily from a company perspective, I think getting the 35 odd exchanges in Asia, the wallets to partner with us. Just as an example, MATIC. They had, until September of last year, about 3,500 apps. In just one quarter, it doubled to 7,000 dApps on their platform. But that is the pace, or the speed of innovation that we are seeing on this whole 3.0 space. I think it's very important to get those key partners, Who are developing those dApps. See the power of single sign-on, having a human-readable, digital identity, being able to seamlessly transfer all your assets, digital assets, across multiple cryptos, across multiple NFT marketplaces, and so on and so forth. >> Yeah, and I think the whole community thing, too, is also you seeing the communities being part of, certainly in the entertainment area, and the artistry, creator world, the users are art of the community, they own it, too. So it goes both ways, but this brings up the marketplace, too, as well, because you guys have the opportunity to have trust built into the software layer, right? So now you can keep the reputation data. You can be anonymous, but it's trustworthy, versus bots, which we all know bots can be killed and then started again with... And no one knows what the tagalong has been around. So the whole inadequacy of Web2, which is just growing pains, right? This is what it evolution looks like, next abstraction layer. So I love that vibe. How advanced do you think that thinking is, where people are saying, Hey, we need this abstraction layer. We need this digital identity. We need to start expanding our applications so that the users can move across these and break down those silos where the data is, 'cause that's... This is like the nerd problem, right? It's the data silos that are holding it back. What's your guys' reaction to that? The killing the silos and making it horizontally scalable? >> Yeah, I think it's a nerd problem. It is a problem of people who understand technology. It's a problem of a lot of the people in the business who want to compete effectively against those giants, which are holding all the data. So I think those are the people who will innovate and move. Again, coming back to financial inclusion, coming back to the unbanked, those guys just want to do their business. They want to live their daily life. I think that's not where you'll see... You will see innovation in a different form, but they're not going to disrupt the disrupters. I think that would be the people, Fintechs, I think they would be the first to move on to something like that. I mean, that's my humble opinion. >> Sajjad, you heard. >> Yeah, I think- >> Go ahead. >> I mean, absolutely. I think, I mean, I touched on creators, right? So, like I said earlier, right, we are heading to a future where more people will be creators on the internet. Whether you're publishing, writing something, you're creating video content, and that means that they have data they own, but that's their data, they bring it to the internet. That's more powerful, more useful, and they should be able to transact on that basis. So I think people are recognizing that, and they will increasingly look to do so. And as they do that, they would want these systems that enable them to hold permission to their data. They will want to be able to control what their permission and what they want to provide, dApp. And at the end of the day, these applications have to work backwards from customers, and the customer's looking for that. That's where... That's what they will build. >> The users want freedom. They want to be able to be connected, and not be restricted. They want to freely move around the global internet and do whatever they want with the friends and apps that they want to consume, and not feel arbitraged. They don't want to feel like they're kind of nailed into a walled garden and stuck there and having to come back. It's the new normal. >> They don't want to be the product, right, so. >> They don't want to be the product. Gentlemen, great to have you on, great conversation. We're going to continue this later. Certainly want to keep the updates coming. You guys are in a very hot area in Europe and Asia Pacific. That's where a lot of the action is happening. We see the entrepreneurial activity, the business transformation, certainly with the new paradigm shift, and this big wave that's coming. It's here, it's mainstream. Thanks for coming on and sharing your insights. Appreciate it. >> Thanks, John. >> Thanks, John, Thanks for the opportunity, have a good day. >> Okay, okay, great conversation. All the action's moving and happening real fast. This is theCUBE Unstoppable Domains Partner Showcase. I'm John Furrier, your host. Thanks for watching. (contemplative music)

(upbeat music) >> Hey everyone. Welcome to theCUBE's coverage of Women In Tech, International Women's Day 2022. I'm your host, Lisa Martin. I have two guests from AWS here with me. Carolina Pina joins us, the head of Enterprise Enablement for LATAM and Laura Alvarez Modernel is here as well, Public Sector Programs Manager at AWS. Ladies, it's great to have you on theCUBE. >> Nice to meet you. >> Thank you for having us. >> Carolina, let's start with you. Talk to me a little bit about your role, what it is that you're doing there. >> So my role in AWS is to actually create mechanisms of massive training to try to close the talent gap that we have in the region. And when I mentioned talent gap, I'm talking about obviously digital and cloud-computing skills. So that's, that's, in a nutshell what my role entails. >> Lisa: Got it. How long have you been in that role? Just curious. >> So I've been at AWS a little bit over, over two years. I was actually in the public sector team when I joined, leading the education vertical for Latin American Canada. And I recently joined the commercial sector now leading these massive training efforts for the region for LATAM. >> And Laura, you're in public sector. Talk to me a little bit about your role. >> Yes, I'm in public sector. I'm also based in Buenos Aires, Argentina. So yeah, I'm from Latin America, and I lead educational and community impact programs in the Southern cone of Latin America. I also lead diversity, equity and inclusion efforts and I'm part of the Women at Amazon global board. That's our affinity group to make sure we make efforts towards building a more equal world. And on a personal note I'm really passionate about the topic of gender equality because I truly think it affects us all as women and as Latins. So that's something that I'm always interested in collaborating with. >> Lisa: Excellent. Carolina back to you. If we think about from an enablement perspective how is AWS partnering with its customers and its partners to train and employ women particularly in technology? >> Oh, sure. Lisa, so it's not a surprise. We, like I mentioned, you know we have a big cloud skills, talent gap in the region. In fact, you know, 69% of companies have reported talent shortages and difficulty hiring. So, and this represents a 15 year high. So, many of these companies are actually, you know, our own commercial customers. So they approach us saying, you know, asking for for support training and developing their talent. So like I mentioned, in my role I create massive training efforts and initiatives. So we always take into consideration women, minorities, underrepresented community, and not just for the current talent, meaning like the people that are currently employed, but also to ensure that we are proactively implementing initiatives to develop a talent of younger you know, a younger generation and a talent. So we can, you know, to inspire them and, and ensure that they, that we're seeing them represented in companies like AWS, you know and our customers, and in our partners. And obviously we, when we sit down with customers to craft these massive trainings you know, leveraging their ecosystems and communities, we actually try to use all our AWS training and certification portfolio which includes, you know, in live in class with live in structures, in classroom trainings. We also have our AWS Skill Builder platform which is the platform that allows us to, you know to reach a broader audience because it has, you know over 500 free and on-demand classes. And we also have a lot of different other programs that touches in different audiences. You know, we have AWS re/Start for underrepresented, and underemployed minorities. We also have AWS Academy, which is the program that we have for higher education institutions. And we have AWS, you know, Educate which also touches, you know, cloud beginners. So in every single of these programs, we ensure that we are encompassing and really speaking to women and developing training and developing women. >> Lisa: That's a great focus there. Laura, talk to me about upskilling. I know AWS is very much about promoting from within. What are some of the things that it's doing to help women in Latin America develop those tech skills and upskill from where, maybe where they are now? >> Well, Lisa, I think that is super interesting because there's definitely a skills gap problem, right? We have all heard about. And what's funny is also that we have this huge opportunity in Latin America to train people and to help further develop the countries. And we have the companies that need the talent. So why is there still a gap, right? And I think that's because there's no magic solution to solving this problem. No, like epic Hollywood movie scene that it's going to show how we close the gap. And it takes stepping out of our comfort zone. And as Carolina mentioned, collaborating. So, we at AWS have a commitment to help 29 million people globally to grow their technical skills with free cloud-computing skills training by 2025. I know that sounds a lot through educational programs but we do have as Carolina mentioned, a Skill Builder you can go into the website for free, enter, choose your path, get trained. We have Academy that we implement with universities. Re/Start that is a program that's already available in Argentina, Brazil, Chile, Colombia, Mexico, Peru, and Costa Rica. So there are a lot of opportunities, but you also mentioned something else that I would like to dive a bit deeper that is Latin American women. And yesterday we had the opportunity to record a panel about intersectionality with three amazing Latin women. And what we have to learn from that is that these are two minorities that intersect, right. We're talking about females that are minority. Latinas are minority. And in tech, that is also something that is even bigger minority. So there are more difficulties there and we need to make sure that we are meeting that talent that is there that is in Latin America, that exists. We know for sure we have unicorns in Latin America that are even AWS customers like Mercado Libre, and we have to meet them with the opportunities. And that's why we created a program that came from identifying how this problem evolves in Latin America, that there is a lack of confidence in women also that they don't feel prepared or equipped. There is a cultural component why we don't choose tech careers. And we partner with universities, more than 12 universities in Latin America with the International American Development Bank as well to create tech skills that's a free five weeks program in order to get students and get female in Latin America, into the tech world. And we also have them with mentorship. So I think that is an opportunity to truly collaborate because we as AWS are not going to solve these by ourselves, right? We need everyone pitching in on that. >> Lisa: Right. It's absolutely a team effort. You mentioned something important in terms of helping women, and especially minorities get out of their comfort zone. Carolina, I'm curious when you're talking with women and getting them into the program and sharing with them all of the enablement programs that you have, how do you help them be confident to get out of that comfort zone? That's a hard thing to do. >> Yeah, no, for sure. For sure, Lisa, well, I, you know, a lot of times actually I use myself as an example because, you know, I studied engineering and industrial systems engineering many years ago. And you know, a lot of my career has been in in higher education and innovation and startups. And as I mentioned in the intro I've been at AWS for a little bit over two years. So I, my career has not been in cloud and I recently joined the cloud. So I actually had to go through our own trainings and get our own certifications. So I, that's, you know a lot of times I actually, I use my own example, so people understand that you don't have to come from tech, you don't have to come, you can actually be a non-tech person and, and also see the the benefits of the cloud. And you don't have to only, you know, learn cloud if you're in the IT department or in an IT team. So sometimes, I also emphasize that the cloud and the future is absolutely the cloud. In fact, the world economic foreign, you know teaches us that cloud-computing is that the technology that's going to be mostly adopted by 2025. So that's why we need to ensure that every single person, women and others are really knowledgeable in the cloud. So that's why, you know, technical and untechnical. But I, you know, I use myself as an example for them to say, you know, you can actually do it. And obviously also I collaborate with Laura and a lot of the women at Amazon Latin America Group to also you know, ensure that we're doing webinars and panels. So we show them ourselves as role model like, Laura is an incredible role model for our community. And so it's also to to show examples of what the possibilities are. And that's what we do. >> Lisa: I love that you're sharing >> And can I make a note there also? >> Please, yes. >> To add to that. I think it also requires the companies and the, and the private sector to get out of their comfort zone, right? Because we are not going to find solutions doing what we are already doing. We truly need to go and get near these persons with a new message. Their interest is there in these programs we have reached more than 3,000 women already in Latin America with tech skills. So it's not that women are not interested. It's like, how do we reach them with a message that resounds with them, right? Like how we can explain the power of technology to transform the world and to actually improve their communities. I think there's something there also that we need to think further of. >> It's so important. You know, we say often when we're talking about women in tech, that she needs to see what she can be or if she can't see it, she can't be it. So having those role models and those mentors and sponsors is absolutely critical for women to get, I call it getting comfortably uncomfortable out of that comfort zone and recognizing there's so many opportunities. Carolina, to your point, you know, these days every company is a tech company, a data company whether you're talking about a car dealer, a grocery market. So your point about, you know, and obviously the future being cloud there's so much opportunity that that opens up, for everybody really, but that's an important thing for people to recognize how they can be a part of that get out of their comfort zone and try something that they maybe hadn't considered before. >> Yes. And, actually, Lisa I would love to share an example. So we have a group, O Boticário, which is one of our customers one of the, the lead retails in Brazil. And they've been a customer of AWS since 2013 when they realized that, you know the urgency and the importance of embracing state of the art technology, to your point, like, you know this is a retail company that understands that needs to be, you know embrace digital transformation, especially because, you know they get very busy during mother's days and other holidays during the year. So they realized that they, instead of outsourcing their IT requirements to technology experts they decided to actually start developing and bringing the talent, you know within itself, within, you know, technology in-house. So they decided to start training within. And that's when we, obviously we partnered with them to also create a very comprehensive training and certification plan that started with, you know a lot of the infrastructure and security teams but then it was actually then implemented in the rest of the company. So going back to the point like everybody really needs to know. And what we also love about O Boticário is they they really care about the diversion and inclusion aspect of this equation. And we actually collaborated with them as well through this program called Desenvolve with the Brazilian government. And Desenvolve means developing Portuguese and they this program really ensures that we are also closing that gender and that race gap and ensuring that they're actually, you know, developing talent in cloud for Brazil. So we, you know, obviously have been very successful with them and we will continue to do even more things with them particular for this topic. >> Lisa: I've always known how customer focused AWS is every time we get to go to re:Invent or some of the events but it's so nice to hear these the educational programs that you're doing with customers to help them improve DEI to help them enable their own women in their organizations to learn skills. I didn't realize that. I think that's fantastic very much a symbiotic part of AWS. If we think about the theme for this year's International Women's Day, Breaking The Bias I want to get both of your opinions and Laura we'll start with you, what that means to you, and where do you think we are in Latin America with breaking the bias? >> Well, I think breaking the bias is the first step to truly being who we are every day and being able to bring that to our work as well. I think we are in a learning curve of that. The companies are changing culturally, as Carolina mentioned we have customers that are aware of the importance of having women. And as we say at AWS not only because there is a good business reason because there is, because there are studies that show that we can increase the country's CPD, but also because it's important and it's the right thing to do. So in terms of breaking the bias I think we are learning and we have a long way to go. I talked a bit earlier about intersectionality and that is something that is also important to highlight, right? Because we are talking about females but we are also talking about another minorities. We're talking about underrepresented communities, Indigenous People, Latins. So when these overlap, we face even bigger challenges to get where we want to get, right? And to get to decision making places because technology is transforming the ways we take decisions, we live, and we need someone like us taking those decisions. So I think it's important at first to be aware and to see that you can get there and eventually to start the conversation going and to build the conversation, not to just leave it but to make sure we hear people and their input and what they're going through. >> Lisa: Yes. We definitely need to hear them. Carolina, what's your take on breaking the bias and where do you from your experience, where do you think we are with it? >> Yeah, no, I'm as passionate as Laura on this topic. And that's why we, you know we're collaborating in the Women at Amazon Latin America Chapter, because we're both very, I think breaking the bias starts with us and ourselves. And we are very proactive within AWS and externally. And I feel it's also, I mean, Lisa, what we've been doing is not only, obviously gathering you know, the troops and really making sure that, that we have very aggressive goals internally, but also bringing you know, bringing our male counterparts, and other, you know, other members of the other communities, because the change, we're not going to make it alone. Like the change where it is not women only talking to women is going to make the change. We actually need to make sure the male and other groups are represented. And the dialogue that they're that we're very conscious about that. And I feel like we're seeing more and more that the topic is becoming more of a priority not only within AWS and Amazon but we also see it because now that I meet with when I meet with customers around the region they really want to see how we can collaborate in these diversion and inclusion initiatives. So I think we are breaking the bias because now this topic is more top of mind. And then we are being more proactively addressing it and and training people and educating people. And I feel we're really in a pivoted point where the change that we've really been wanting to we will see in the next you know, few years which is very exciting. >> Lisa: Excellent, and we'll see that with the help of women like you guys. Thank you so much for joining me today, talking about what you're doing, how you're helping organizations across AWS's ecosystem, customers, partners, and helping, of course, folks from within you, right. It's a holistic effort, but we are on our way to breaking that bias and again, I thank you both for your insights. >> Thank you. >> Thank you, Lisa, for the opportunity. >> My pleasure. For Carolina Pina and Laura Alvarez Modernel, I'm Lisa Martin. You're watching theCUBE's coverage of Women in Tech, International Women's Day 2022. (upbeat music)

(upbeat music) >> Hello everyone, my name is Dave Vellante, and we're digging into the many facets of the software supply chain and how to better manage digital risk. I'd like to introduce Kirsten Newcomer, who is the Director of Cloud and DevSecOps Strategy at Red Hat. Hello Kirsten, welcome. >> Hello Dave, great to be here with you today. >> Let's dive right in. What technologies and practices should we be thinking about that can help improve the security posture within the software supply chain? >> So I think the most important thing for folks to think about really is adopting DevSecOps. And while organizations talk about DevSecOps, and many folks have adopted DevOps, they tend to forget the security part of DevSecOps. And so for me, DevSecOps is both DevSec, how do I shift security left into my supply chain, and SecOps which is a better understood and more common piece of the puzzle, but then closing that loop between what issues are discovered in production and feeding that back to the development team to ensure that we're really addressing that supply chain. >> Yeah I heard a stat. I don't know what the source is, I don't know if it's true, but it probably is that around 50% of the organizations in North America, don't even have a SecOps team. Now of course that probably includes a lot of smaller organizations, but the SecOps team, they're not doing DevSecOps, but so what are organizations doing for supply chain security today? >> Yeah, I think the most common practice, that people have adopted is vulnerability scanning. And so they will do that as part of their development process. They might do it at one particular point, they might do it at more than one point. But one of the challenges that, we see first of all, is that, that's the only security gate that they've integrated into their supply chain, into their pipeline. So they may be scanning code that they get externally, they may be scanning their own code. But the second challenge is that the results take so much work to triage. This is static vulnerability scanning. You get information that is not in full context, because you don't know whether a vulnerability is truly exploitable, unless you know how exposed that particular part of the code is to the internet, for example, or to other aspects. And so it's just a real challenge for organizations, who are only looking at static vulnerability data, to figure out what the right steps to take are to manage those. And there's no way we're going to wind up with zero vulnerabilities, in the code that we're all working with today. Things just move too quickly. >> Is that idea of vulnerability scanning, is it almost like sampling where you may or may not find the weakest link? >> I would say that it's more comprehensive than that. The vulnerability scanners that are available, are generally pretty strong, but they are, again, if it's a static environment, a lot of them rely on NVD database, which typically it's going to give you the worst case scenario, and by nature can't account for things like, was the software that you're scanning built with controls, mitigations built in. It's just going to tell you, this is the package, and this is the known vulnerabilities associated with that package. It's not going to tell you whether there were compiler time flags, that may be mitigated that vulnerability. And so it's almost overwhelming for organizations, to prioritize that information, and really understand it in context. And so when I think about the closed loop feedback, you really want not just that static scan, but also analysis that takes into account, the configuration of the application, and the runtime environment and any mitigations that might be present there. >> I see, thank you for that. So, given that this digital risk and software supply chains are now front and center, we read about them all the time now, how do you think organizations are responding? What's the future of software supply chain going to look like? >> That's a great one. So I think organizations are scrambling. We've certainly at Red Hat, We've seen an increase in questions, about Red Hat's own supply chain security, and we've got lots of information that we can share and make available. But I think also we're starting to see, this strong increased interest, in security bill of materials. So I actually started working with, automation and standards around security bill of materials, a number of years ago. I participated in The Linux Foundation, SPDX project. There are other projects like CycloneDX. But I think all organizations are going to need to, those of us who deliver software, we're going to need to provide S-bombs and consumers of our software should be looking for S-bombs, to help them understand, to build transparency across the projects. And to facilitate that automation, you can leverage the data, in a software package list, to get a quick view of vulnerabilities. Again, you don't have that runtime context yet, but it saves you that step, perhaps of having to do the initial scanning. And then there are additional things that folks are looking at. Attested pipelines is going to be key, for building your custom software. As you pull the code in and your developers build their solutions, their applications, being able to vet the steps in your pipeline, and attest that nothing has happened in that pipeline, is really going to be key. >> So the software bill of materials is going to give you, a granular picture of your software, and then what the chain of, providence if you will or? >> Well, an S-bomb depending on the format, an S-bomb absolutely can provide a chain of providence. But another thing when we think about it, from the security angles, so there's the providence, where did this come from? Who provided it to me? But also with that bill of materials, that list of packages, you can leverage tooling, that will give you information about vulnerability information about those packages. At Red Hat we don't think that vulnerability info should be included in the S-bomb, because vulnerability data changes everyday. But, it saves you a step potentially. Then you don't necessarily have to be so concerned about doing the scan, you can pull data about known vulnerabilities for those packages without a scan. Similarly the attestation in the pipeline, that's about things like ensuring that, the code that you pull into your pipeline is signed. Signatures are in many ways of more important piece for defining providence and getting trust. >> Got it. So I was talking to Asiso the other day, and was asking her okay, what are your main challenges, kind of the standard analyst questions, if you will. She said look, I got great people, but I just don't have enough depth of talent, to handle, the challenges I'm always sort of playing catch up. That leads one to the conclusion, okay, automation is potentially an answer to address that problem, but the same time, people have said to me, sometimes we put too much faith in automation. some say okay, hey Kirsten help me square the circle. I want to automate because I lack the talent, but it's not, it's not sufficient. What are your thoughts on automation? >> So I think in the world we're in today, especially with cloud native applications, you can't manage without automation, because things are moving too quickly. So I think the way that you assess whether automation is meeting your goals becomes critical. And so looking for external guidance, such as the NIST's Secure Software Development Framework, that can help. But again, when we come back, I think, look for an opinionated position from the vendors, from the folks you're working with, from your advisors, on what are the appropriate set of gates. And we've talked about vulnerability scanning, but analyzing the configed data for your apps it's just as important. And so I think we have to work together as an industry, to figure out what are the key security gates, how do we audit the automation, so that I can validate that automation and be comfortable, that it is actually meeting the needs. But I don't see how we move forward without automation. >> Excellent. Thank you. We were forced into digital, without a lot of thought. Some folks, it's a spectrum, some organizations are better shape than others, but many had to just dive right in without a lot of strategy. And now people have sat back and said, okay, let's be more planful, more thoughtful. So as you, and then of course, you've got, the supply chain hacks, et cetera. How do you think the whole narrative and the strategy is going to change? How should it change the way in which we create, maintain, consume softwares as both organizations and individuals? >> Yeah. So again, I think there's going to be, and there's already, need request for more transparency, from software vendors. This is a place where S-bombs play a role, but there's also a lot of conversation out there about zero trust. So what does that mean in, you have to have a relationship with your vendor, that provides transparency, so that you can assess the level of trust. You also have to, in your organization, determine to your point earlier about people with skills and automation. How do you trust, but verify? This is not just with your vendor, but also with your internal supply chain. So trust and verify remains key. That's been a concept that's been around for a while. Cloud native doesn't change that, but it may change the tools that we use. And we may also decide what are our trust boundaries. Are they where are we comfortable trusting? Where do we think that zero trust is more applicable place, a more applicable frame to apply? But I do think back to the automation piece, and again, it is hard for everybody to keep up. I think we have to break down silos, we have to ensure that teams are talking across those silos, so that we can leverage each other's skills. And we need to think about managing everything as code. What I like about the everything is code including security, is it does create auditability in new ways. If you're managing your infrastructure, and get Ops like approach your security policies, with a get Ops like approach, it provides visibility and auditability, and it enables your dev team to participate in new ways. >> So when you're talking about zero trust I think, okay, I can't trust users, I got to trust the verified users, machines, employees, my software, my partners. >> Yap >> Every possible connection point. >> Absolutely. And this is where both attestation and identity become key. So being able to, I mean, the SolarWinds team has done a really interesting set of things with their supply chain, after they were, in response to the hack they were dealing with. They're now using Tekton CD chains, to ensure that they have, attested every step in their supply chain process, and that they can replicate that with automation. So they're doing a combination of, yep. We've got humans who need to interact with the chain, and then we can validate every step in that chain. And then workload identity, is a key thing for us to think about too. So how do we assert identity for the workloads that are being deployed to the cloud and verify whether that's with SPIFFE SPIRE, or related projects verify, that the workload is the one that we meant to deploy and also runtime behavioral analysis. I know we've been talking about supply chain, but again, I think we have to do this closed loop. You can't just think about shifting security left. And I know you mentioned earlier, a lot of teams don't have SecOps, but there are solutions available, that help assess the behavior and runtime, and that information can be fed back to the app dev team, to help them adjust and verify and validate. Where do I need to tighten my security? >> Am glad you brought up the SolarWinds to Kirsten what they're doing. And as I remember after 911, everyone was afraid to fly, but it was probably the safest time in history to fly. And so same analogy here. SolarWinds probably has learned more about this and its reputation took a huge hit. But if you had to compare, what SolarWinds has learned and applied, at the speed at which they've done it with maybe, some other software suppliers, you might find that they've actually done a better job. It's just, unfortunately, that something hit that we never saw before. To me it was Stuxnet, like we'd never seen anything like this before, and then boom, we've entered a whole new era. I'll give you the last word Kirsten. >> No just to agree with you. And I think, again, as an industry, it's pushed us all to think harder and more carefully about where do we need to improve? What tools do we need to build to help ourselves? Again, S-bombs have been around, for a good 10 years or so, but they are enjoying a resurgence of importance signing, image signing, manifest signing. That's been around for ages, but we haven't made it easy to integrate that into the supply chain, and that's work that's happening today. Similarly that attestation of a supply chain, of a pipeline that's happening. So I think as a industry, we've all recognized, that we need to step up, and there's a lot of creative energy going into improving in this space. >> Excellent Kirsten Newcomer, thanks so much for your perspectives. Excellent conversation. >> My pleasure, thanks so much. >> You're welcome. And you're watching theCUBE, the leader in tech coverage. (soft music)

(upbeat music) >> Hello, everyone. Welcome to theCUBE's coverage of the "AWS Startup Showcase", season two, episode one. I'm Lisa Martin, and I'm excited to be joined by Snyk, next in this episode. Liran Tal joins me, the director of developer advocacy. Liran, welcome to the program. >> Lisa, thank you for having me. This is so cool. >> Isn't it cool? (Liran chuckles) All the things that we can do remotely. So I had the opportunity to speak with your CEO, Peter McKay, just about a month or so ago at AWS re:Invent. So much growth and momentum going on with Snyk, it's incredible. But I wanted to talk to you about specifically, let's start with your role from a developer advocate perspective, 'cause Snyk is saying modern development is changing, so traditional AppSec gatekeeping doesn't apply anymore. Talk to me about your role as a developer advocate. >> It is definitely. The landscape is changing, both developer and security, it's just not what it was before, and what we're seeing is developers need to be empowered. They need some help, just working through all of those security issues, security incidents happening, using open source, building cloud native applications. So my role is basically about making them successful, helping them any way we can. And so getting that security awareness out, or making sure people are having those best practices, making sure we understand what are the frustrations developers have, what are the things that we can help them with, to be successful day to day. And how they can be a really good part of the organization in terms of fixing security issues, not just knowing about it, but actually being proactively on it. >> And one of the things also that I was reading is, Shift Left is not a new concept. We've been talking about it for a long time. But Snyk's saying it was missing some things and proactivity is one of those things that it was missing. What else was it missing and how does Snyk help to fix that gap? >> So I think Shift Left is a good idea. In general, the idea is we want to fix security issues as soon as we can. We want to find them. Which I think that is a small nuance that what's kind of missing in the industry. And usually what we've seen with traditional security before was, 'cause notice that, the security department has like a silo that organizations once they find some findings they push it over to the development team, the R&D leader or things like that, but until it actually trickles down, it takes a lot of time. And what we needed to do is basically put those developer security tools, which is what Snyk is building, this whole security platform. Is putting that at the hands and at the scale of, and speed of modern development into developers. So, for example, instead of just finding security issues in your open source dependencies, what we actually do at Snyk is not just tell you about them, but you actually open a poll request to your source codes version and management system. And through that we are able to tell you, now you can actually merge it, you can actually review it, you can actually have it as part of your day-to-day workflows. And we're doing that through so many other ways that are really helpful and actually remediating the problem. So another example would be the IDE. So we are actually embedding an extension within your IDEs. So, once you actually type in your own codes, that is when we actually find the vulnerabilities that could exist within your own code, if that's like insecure code, and we can tell you about it as you hit Command + S and you will save the file. Which is totally different than what SaaS tools starting up application security testing was before because, when things started, you usually had SaaS tools running in the background and like CI jobs at the weekend and in deltas of code bases, because they were so slow to run, but developers really need to be at speed. They're developing really fast. They need to deploy. One development is deployed to production several times a day. So we need to really enable developers to find and fix those security issues as fast as we can. >> Yeah, that speed that you mentioned is absolutely critical to their workflow and what they're expecting. And one of the unique things about Snyk, you mentioned, the integration into how this works within development workflow with IDE, CIDC, they get environment enabling them to work at speed and not have to be security experts. I imagine are two important elements to the culture of the developer environment, right? >> Correct, yes. It says, a large part is we don't expect developers to be security experts. We want to help them, we want to, again, give them the tools, give them the knowledge. So we do it in several ways. For example, that IDE extension has a really cool thing that's like kind of unique to it that I really like, and that is, when we find, for example, you're writing code and maybe there's a batch traversal vulnerability in the function that you just wrote, what we'll actually do when we tell you about it, it will actually tell you, hey, look, these are some other commits made by other open source projects where we found the same vulnerability and those commits actually fixed it. So actually giving you example cases of what potentially good code looks like. So if you think about it, like who knows what patch reversal is, but prototype pollution like many types of vulnerabilities, but at the same time, we don't expect developers to actually know, the deep aspects of security. So they're left off with, having some findings, but not really, they want to fix them, but they don't really have the expertise to do it. So what we're doing is we're bridging that gap and we're being helpful. So I think this is what really proactive security is for developers, that says helping them remediate it. And I can give like more examples, like the security database, it's like a wonderful place where we also like provide examples and references of like, where does their vulnerability come from if there's like, what's fogging in open-source package? And we highlight that with a lot of references that provide you with things, the pull requests that fixed date, or the issue with where this was discussed. You have like an entire context of what is the... What made this vulnerability happen. So you have like a little bit more context than just specifically, emerging some stuff and updating, and there's a ton more. I'm happy to like dive more into this. >> Well, I can hear your enthusiasm for it, a developer advocate it seems like you are. But talking about the burdens of the gaps that you guys are filling it also seems like the developers and the security folks that this is also a bridge for those teams to work better together. >> Correct. I think that is not siloed anymore. I think the idea of having security champions or having threat modeling activities are really, really good, or like insightful both like developers and security, but more than just being insightful, useful practices that organizations should actually do actually bringing a discussion together to actually creating a more cohesive environment for both of those kind of like expertise, development and security to work together towards some of these aspects of like just mitigating security issues. And one of the things that actually Snyk is doing in that, in bringing their security into the developer mindset is also providing them with the ability to prioritize and understand what policies to put in place. So a lot of the times security organizations actually, the security org wants to do is put just, guardrails to make sure that developers have a good leeway to work around, but they're not like doing things that like, they definitely shouldn't do that, like prior to bringing a big risk into today organizations. And that's what I think we're doing also like great, which is the fact that we're providing the security folks to like put the policies in place and then developers who actually like, work really well within those understand how to prioritize vulnerabilities is an important part. And we kind of like quantify that, we put like an urgency score that says, hey, you should fix this vulnerability first. Why? Because it has, first of all, well, you can upgrade really quickly. It has a fix right there. Secondly, there's like an exploit in the wild. It means potentially an attacker can weaponize this vulnerability and like attack your organizations, in an automated fashion. So you definitely want to put that put like a lead on that, on that broken window, if so to say. So we ended up other kind of metrics that we can quantify and put this as like an urgency score, which we called a priority score that helps again, developers really know what to fix first, because like they could get a scan of like hundreds of vulnerabilities, but like, what do I start first with? So I find that like very useful for both the security and the developers working together. >> Right, and especially now, as we've seen such changes in the last couple of years to the threat landscape, the vulnerabilities, the security issues that are impacting every industry. The ability to empower developers to not only work at the speed with which they are accustomed and need to work, but also to be able to find those vulnerabilities faster prioritize which ones need to be fixed. I mean, I think of Log4Shell, for example, and when the challenge is going on with the supply chain, that this is really a critical capability from a developer empowerment perspective, but also from a overall business health and growth perspective. >> Definitely. I think, first of all, like if you want to step just a step back in terms of like, what has changed. Like what is the landscape? So I think we're seeing several things happening. First of all, there's this big, tremendous... I would call it a trend, but now it's like the default. Like of the growth of open source software. So first of all as developers are using more and more open source and that's like a growing trend of have like drafts of this. And it's like always increasing across, by the way, every ecosystem go, rust, .net, Java, JavaScript, whatever you're building, that's probably like on a growing trend, more open source. And that is, we will talk about it in a second what are the risks there. But that is one trend that we're saying. The other one is cloud native applications, which is also worth to like, I think dive deep into it in terms of the way that we're building applications today has completely shifted. And I think what AWS is doing in that sense is also creating a tremendous shift in the mindset of things. For example, out of the cloud infrastructure has basically democratized infrastructure. I do not need to, own my servers and own my monitoring and configure everything out. I can actually write codes that when I deploy it, when something parses this and runs this, it actually creates servers and monitoring, logging, different kinds of things for me. So it democratize the whole sense of building applications from what it was decades ago. And this whole thing is important and really, really fast. It makes things scalable. It also introduces some rates. For example, some of these configuration. So there's a lot that has been changed. And in that landscape of like what modern developer is and I think in that sense, we kind of can need a lead to a little bit more, be helpful to developers and help them like avoid all those cases. And I'm like happy to dive into like the open source and the cloud native. That was like follow-ups on this one. >> I want to get into a little bit more about your relationship with AWS. When I spoke with Peter McKay for re:Invent, he talked about the partnership being a couple of years old, but there's some kind of really interesting things that AWS is doing in terms of leveraging, Snyk. Talk to me about that. >> Indeed. So Snyky integrates with almost, I think probably a lot of services, but probably almost all of those that are unique and related to developers building on top of the AWS platform. And for example, that would be, if you actually are building your code, it connects like the source code editor. If you are pushing that code over, it integrates with code commits. As you build and CIS are running, maybe code build is something you're using that's in code pipeline. That is something that you have like native integrations. At the end of the day, like you have your container registry or Lambda. If you're using like functions as a service for your obligations, what we're doing is integrating with all of that. So at the end of the day, you really have all of that... It depends where you're integrating, but on all of those points of integration, you have like Snyk there to help you out and like make sure that if we find on any of those, any potential issues, anything from like licenses to vulnerabilities in your containers or just your code or your open source code in those, they actually find it at that point and mitigate the issue. So this kind of like if you're using Snyk, when you're a development machine, it kind of like accompanies you through this journey all over what a CIC kind of like landscape looks like as an architectural landscape for development, kind of like all the way there. And I think what you kind of might be I think more interested, I think to like put your on and an emphasis would be this recent integration with the Amazon Inspector. Which is as it's like very pivotal parts on the AWS platform to provide a lot of, integrate a lot of services and provide you with those insights on security. And I think the idea that now that is able to leverage vulnerability data from the Snyk's security intelligence database that says that's tremendous. And we can talk about that. We'd look for shell and recent issues. >> Yeah. Let's dig into that. We've have a few minutes left, but that was obviously a huge issue in November of 2021, when obviously we're in a very dynamic global situation period, but it's now not a matter of if an organization is going to be hit by vulnerabilities and security threats. It's a matter of when. Talk to me about really how impactful Snyk was in the Log4Shell vulnerability and how you help customers evade probably some serious threats, and that could have really impacted revenue growth, customer satisfaction, brand reputation. >> Definitely. The Log4Shell is, well, I mean was a vulnerability that was disclosed, but it's probably still a major part and going to be probably for the foreseeable future. An issue for organizations as they would need to deal with us. And we'll dive in a second and figure out like why, but in like a summary here, Log4Shell was the vulnerability that actually was found in Java library called Log4J. A logging library that is so popular today and used. And the thing is having the ability to react fast to those new vulnerabilities being disclosed is really a vital part of the organizations, because when it is asking factful, as we've seen Log4Shell being that is when, it determines where the security tool you're using is actually helping you, or is like just an added thing on like a checkbox to do. And that is what I think made Snyk's so unique in the sense. We have a team of those folks that are really boats, manually curating the ecosystem of CVEs and like finding by ourselves, but also there's like an entire, kind of like an intelligence platform beyond us. So we get a lot of notifications on chatter that happens. And so when someone opens an issue on an open source repository says, Hey, I found an issue here. Maybe that's an XSS or code injection or something like that. We find it really fast. And we at that point, before it goes to CVE requirement and stuff like that through like a miter and NVD, we find it really fast and can add it to the database. So this has been something that we've done with Log4Shell, where we found that as it was disclosed, not on the open source, but just on the open source system, but it was generally disclosed to everyone at that point. But not only that, because look for J as the library had several iterations of fixes they needed. So they fixed one version. Then that was the recommendation to upgrade to then that was actually found as vulnerable. So they needed to fix the another time and then another time and so on. So being able to react fast, which is, what I think helped a ton of customers and users of Snyk is that aspect. And what I really liked in the way that this has been received very well is we were very fast on creating those command line tools that allow developers to actually find cases of the Log4J library, embedded into (indistinct) but not true a package manifest. So sometimes you have those like legacy applications, deployed somewhere, probably not even legacy, just like the Log4J libraries, like bundled into a net or Java source code base. So you may not even know that you're using it in a sense. And so what we've done is we've like exposed with Snyk CLI tool and a command line argument that allows you to search for all of those cases. Like we can find them and help you, try and mitigate those issues. So that has been amazing. >> So you've talked in great length, Liran about, and detail about how Snyk is really enabling and empowering developers. One last question for you is when I spoke with Peter last month at re:Invent, he talked about the goal of reaching 28 million developers. Your passion as a director of developer advocacy is palpable. I can feel it through the screen here. Talk to me about where you guys are on that journey of reaching those 28 million developers and what personally excites you about what you're doing here. >> Oh, yeah. So many things. (laughs) Don't know where to start. We are constantly talking to developers on community days and things like that. So it's a couple of examples. We have like this dev site community, which is a growing and kicking community of developers and security people coming together and trying to work and understand, and like, just learn from each other. We have those events coming up. We actually have this, "The Big Fix". It's a big security event that we're launching on February 25th. And the idea is, want to help the ecosystem secure security obligations, open source or even if it's closed source. We like help you fix that though that yeah, it's like helping them. We've launched this Snyk ambassadors program, which is developers and security people, CSOs are even in there. And the idea is how can we help them also be helpful to the community? Because they are like known, they are passionate as we are, on application security and like helping developers code securely, build securely. So we launching all of those programs. We have like social impact related programs and the way that we like work with organizations, like maybe non-profit maybe they just need help, like getting, the security part of things kind of like figured out, students and things like that. Like, there's like a ton of those initiatives all over the boards, helping basically the world be a little bit more secure. >> Well, we could absolutely use Snyk's help in making the world more secure. Liran it's been great talking to you. Like I said, your passion for what you do and what Snyk is able to facilitate and enable is palpable. And it was a great conversation. I appreciate that. And we look forward to hearing what transpires during 2022 for Snyk so you got to come back. >> I will. Thank you. Thank you, Lisa. This has been fun. >> All right. Excellent. Liran Tal, I'm Lisa Martin. You're watching theCUBE's second season, season two of the "AWS Startup Showcase". This has been episode one. Stay tuned for more great episodes, full of fantastic content. We'll see you soon. (upbeat music)

(upbeat music) >> Hello everyone, my name is Dave Vellante, and we're digging into the many facets of the software supply chain and how to better manage digital risk. I'd like to introduce Kirsten Newcomer, who is the Director of Cloud and DevSecOps Strategy at Red Hat. Hello Kirsten, welcome. >> Hello Dave, great to be here with you today. >> Let's dive right in. What technologies and practices should we be thinking about that can help improve the security posture within the software supply chain? >> So I think the most important thing for folks to think about really is adopting DevSecOps. And while organizations talk about DevSecOps, and many folks have adopted DevOps, they tend to forget the security part of DevSecOps. And so for me, DevSecOps is both DevSec, how do I shift security left into my supply chain, and SecOps which is a better understood and more common piece of the puzzle, but then closing that loop between what issues are discovered in production and feeding that back to the development team to ensure that we're really addressing that supply chain. >> Yeah I heard a stat. I don't know what the source is, I don't know if it's true, but it probably is that around 50% of the organizations in North America, don't even have a SecOps team. Now of course that probably includes a lot of smaller organizations, but the SecOps team, they're not doing DevSecOps, but so what are organizations doing for supply chain security today? >> Yeah, I think the most common practice, that people have adopted is vulnerability scanning. And so they will do that as part of their development process. They might do it at one particular point, they might do it at more than one point. But one of the challenges that, we see first of all, is that, that's the only security gate that they've integrated into their supply chain, into their pipeline. So they may be scanning code that they get externally, they may be scanning their own code. But the second challenge is that the results take so much work to triage. This is static vulnerability scanning. You get information that is not in full context, because you don't know whether a vulnerability is truly exploitable, unless you know how exposed that particular part of the code is to the internet, for example, or to other aspects. And so it's just a real challenge for organizations, who are only looking at static vulnerability data, to figure out what the right steps to take are to manage those. And there's no way we're going to wind up with zero vulnerabilities, in the code that we're all working with today. Things just move too quickly. >> Is that idea of vulnerability scanning, is it almost like sampling where you may or may not find the weakest link? >> I would say that it's more comprehensive than that. The vulnerability scanners that are available, are generally pretty strong, but they are, again, if it's a static environment, a lot of them rely on NVD database, which typically it's going to give you the worst case scenario, and by nature can't account for things like, was the software that you're scanning built with controls, mitigations built in. It's just going to tell you, this is the package, and this is the known vulnerabilities associated with that package. It's not going to tell you whether there were compiler time flags, that may be mitigated that vulnerability. And so it's almost overwhelming for organizations, to prioritize that information, and really understand it in context. And so when I think about the closed loop feedback, you really want not just that static scan, but also analysis that takes into account, the configuration of the application, and the runtime environment and any mitigations that might be present there. >> I see, thank you for that. So, given that this digital risk and software supply chains are now front and center, we read about them all the time now, how do you think organizations are responding? What's the future of software supply chain going to look like? >> That's a great one. So I think organizations are scrambling. We've certainly at Red Hat, We've seen an increase in questions, about Red Hat's own supply chain security, and we've got lots of information that we can share and make available. But I think also we're starting to see, this strong increased interest, in security bill of materials. So I actually started working with, automation and standards around security bill of materials, a number of years ago. I participated in The Linux Foundation, SPDX project. There are other projects like CycloneDX. But I think all organizations are going to need to, those of us who deliver software, we're going to need to provide S-bombs and consumers of our software should be looking for S-bombs, to help them understand, to build transparency across the projects. And to facilitate that automation, you can leverage the data, in a software package list, to get a quick view of vulnerabilities. Again, you don't have that runtime context yet, but it saves you that step, perhaps of having to do the initial scanning. And then there are additional things that folks are looking at. Attested pipelines is going to be key, for building your custom software. As you pull the code in and your developers build their solutions, their applications, being able to vet the steps in your pipeline, and attest that nothing has happened in that pipeline, is really going to be key. >> So the software bill of materials is going to give you, a granular picture of your software, and then what the chain of, providence if you will or? >> Well, an S-bomb depending on the format, an S-bomb absolutely can provide a chain of providence. But another thing when we think about it, from the security angles, so there's the providence, where did this come from? Who provided it to me? But also with that bill of materials, that list of packages, you can leverage tooling, that will give you information about vulnerability information about those packages. At Red Hat we don't think that vulnerability info should be included in the S-bomb, because vulnerability data changes everyday. But, it saves you a step potentially. Then you don't necessarily have to be so concerned about doing the scan, you can pull data about known vulnerabilities for those packages without a scan. Similarly the attestation in the pipeline, that's about things like ensuring that, the code that you pull into your pipeline is signed. Signatures are in many ways of more important piece for defining providence and getting trust. >> Got it. So I was talking to Asiso the other day, and was asking her okay, what are your main challenges, kind of the standard analyst questions, if you will. She said look, I got great people, but I just don't have enough depth of talent, to handle, the challenges I'm always sort of playing catch up. That leads one to the conclusion, okay, automation is potentially an answer to address that problem, but the same time, people have said to me, sometimes we put too much faith in automation. some say okay, hey Kirsten help me square the circle. I want to automate because I lack the talent, but it's not, it's not sufficient. What are your thoughts on automation? >> So I think in the world we're in today, especially with cloud native applications, you can't manage without automation, because things are moving too quickly. So I think the way that you assess whether automation is meeting your goals becomes critical. And so looking for external guidance, such as the NIST's Secure Software Development Framework, that can help. But again, when we come back, I think, look for an opinionated position from the vendors, from the folks you're working with, from your advisors, on what are the appropriate set of gates. And we've talked about vulnerability scanning, but analyzing the configed data for your apps it's just as important. And so I think we have to work together as an industry, to figure out what are the key security gates, how do we audit the automation, so that I can validate that automation and be comfortable, that it is actually meeting the needs. But I don't see how we move forward without automation. >> Excellent. Thank you. We were forced into digital, without a lot of thought. Some folks, it's a spectrum, some organizations are better shape than others, but many had to just dive right in without a lot of strategy. And now people have sat back and said, okay, let's be more planful, more thoughtful. So as you, and then of course, you've got, the supply chain hacks, et cetera. How do you think the whole narrative and the strategy is going to change? How should it change the way in which we create, maintain, consume softwares as both organizations and individuals? >> Yeah. So again, I think there's going to be, and there's already, need request for more transparency, from software vendors. This is a place where S-bombs play a role, but there's also a lot of conversation out there about zero trust. So what does that mean in, you have to have a relationship with your vendor, that provides transparency, so that you can assess the level of trust. You also have to, in your organization, determine to your point earlier about people with skills and automation. How do you trust, but verify? This is not just with your vendor, but also with your internal supply chain. So trust and verify remains key. That's been a concept that's been around for a while. Cloud native doesn't change that, but it may change the tools that we use. And we may also decide what are our trust boundaries. Are they where are we comfortable trusting? Where do we think that zero trust is more applicable place, a more applicable frame to apply? But I do think back to the automation piece, and again, it is hard for everybody to keep up. I think we have to break down silos, we have to ensure that teams are talking across those silos, so that we can leverage each other's skills. And we need to think about managing everything as code. What I like about the everything is code including security, is it does create auditability in new ways. If you're managing your infrastructure, and get Ops like approach your security policies, with a get Ops like approach, it provides visibility and auditability, and it enables your dev team to participate in new ways. >> So when you're talking about zero trust I think, okay, I can't trust users, I got to trust the verified users, machines, employees, my software, my partners. >> Yap >> Every possible connection point. >> Absolutely. And this is where both attestation and identity become key. So being able to, I mean, the SolarWinds team has done a really interesting set of things with their supply chain, after they were, in response to the hack they were dealing with. They're now using Tekton CD chains, to ensure that they have, attested every step in their supply chain process, and that they can replicate that with automation. So they're doing a combination of, yep. We've got humans who need to interact with the chain, and then we can validate every step in that chain. And then workload identity, is a key thing for us to think about too. So how do we assert identity for the workloads that are being deployed to the cloud and verify whether that's with SPIFFE SPIRE, or related projects verify, that the workload is the one that we meant to deploy and also runtime behavioral analysis. I know we've been talking about supply chain, but again, I think we have to do this closed loop. You can't just think about shifting security left. And I know you mentioned earlier, a lot of teams don't have SecOps, but there are solutions available, that help assess the behavior and runtime, and that information can be fed back to the app dev team, to help them adjust and verify and validate. Where do I need to tighten my security? >> Am glad you brought up the SolarWinds to Kirsten what they're doing. And as I remember after 911, everyone was afraid to fly, but it was probably the safest time in history to fly. And so same analogy here. SolarWinds probably has learned more about this and its reputation took a huge hit. But if you had to compare, what SolarWinds has learned and applied, at the speed at which they've done it with maybe, some other software suppliers, you might find that they've actually done a better job. It's just, unfortunately, that something hit that we never saw before. To me it was Stuxnet, like we'd never seen anything like this before, and then boom, we've entered a whole new era. I'll give you the last word Kirsten. >> No just to agree with you. And I think, again, as an industry, it's pushed us all to think harder and more carefully about where do we need to improve? What tools do we need to build to help ourselves? Again, S-bombs have been around, for a good 10 years or so, but they are enjoying a resurgence of importance signing, image signing, manifest signing. That's been around for ages, but we haven't made it easy to integrate that into the supply chain, and that's work that's happening today. Similarly that attestation of a supply chain, of a pipeline that's happening. So I think as a industry, we've all recognized, that we need to step up, and there's a lot of creative energy going into improving in this space. >> Excellent Kirsten Newcomer, thanks so much for your perspectives. Excellent conversation. >> My pleasure, thanks so much. >> You're welcome. And you're watching theCUBE, the leader in tech coverage. (soft music)

(upbeat music) >> Hello everyone, my name is Dave Vellante, and we're digging into the many facets of the software supply chain and how to better manage digital risk. I'd like to introduce Kirsten Newcomer, who is the Director of Cloud and DevSecOps Strategy at Red Hat. Hello Kirsten, welcome. >> Hello Dave, great to be here with you today. >> Let's dive right in. What technologies and practices should we be thinking about that can help improve the security posture within the software supply chain? >> So I think the most important thing for folks to think about really is adopting DevSecOps. And while organizations talk about DevSecOps, and many folks have adopted DevOps, they tend to forget the security part of DevSecOps. And so for me, DevSecOps is both DevSec, how do I shift security left into my supply chain, and SecOps which is a better understood and more common piece of the puzzle, but then closing that loop between what issues are discovered in production and feeding that back to the development team to ensure that we're really addressing that supply chain. >> Yeah I heard a stat. I don't know what the source is, I don't know if it's true, but it probably is that around 50% of the organizations in North America, don't even have a SecOps team. Now of course that probably includes a lot of smaller organizations, but the SecOps team, they're not doing DevSecOps, but so what are organizations doing for supply chain security today? >> Yeah, I think the most common practice, that people have adopted is vulnerability scanning. And so they will do that as part of their development process. They might do it at one particular point, they might do it at more than one point. But one of the challenges that, we see first of all, is that, that's the only security gate that they've integrated into their supply chain, into their pipeline. So they may be scanning code that they get externally, they may be scanning their own code. But the second challenge is that the results take so much work to triage. This is static vulnerability scanning. You get information that is not in full context, because you don't know whether a vulnerability is truly exploitable, unless you know how exposed that particular part of the code is to the internet, for example, or to other aspects. And so it's just a real challenge for organizations, who are only looking at static vulnerability data, to figure out what the right steps to take are to manage those. And there's no way we're going to wind up with zero vulnerabilities, in the code that we're all working with today. Things just move too quickly. >> Is that idea of vulnerability scanning, is it almost like sampling where you may or may not find the weakest link? >> I would say that it's more comprehensive than that. The vulnerability scanners that are available, are generally pretty strong, but they are, again, if it's a static environment, a lot of them rely on NVD database, which typically it's going to give you the worst case scenario, and by nature can't account for things like, was the software that you're scanning built with controls, mitigations built in. It's just going to tell you, this is the package, and this is the known vulnerabilities associated with that package. It's not going to tell you whether there were compiler time flags, that may be mitigated that vulnerability. And so it's almost overwhelming for organizations, to prioritize that information, and really understand it in context. And so when I think about the closed loop feedback, you really want not just that static scan, but also analysis that takes into account, the configuration of the application, and the runtime environment and any mitigations that might be present there. >> I see, thank you for that. So, given that this digital risk and software supply chains are now front and center, we read about them all the time now, how do you think organizations are responding? What's the future of software supply chain going to look like? >> That's a great one. So I think organizations are scrambling. We've certainly at Red Hat, We've seen an increase in questions, about Red Hat's own supply chain security, and we've got lots of information that we can share and make available. But I think also we're starting to see, this strong increased interest, in security bill of materials. So I actually started working with, automation and standards around security bill of materials, a number of years ago. I participated in The Linux Foundation, SPDX project. There are other projects like CycloneDX. But I think all organizations are going to need to, those of us who deliver software, we're going to need to provide S-bombs and consumers of our software should be looking for S-bombs, to help them understand, to build transparency across the projects. And to facilitate that automation, you can leverage the data, in a software package list, to get a quick view of vulnerabilities. Again, you don't have that runtime context yet, but it saves you that step, perhaps of having to do the initial scanning. And then there are additional things that folks are looking at. Attested pipelines is going to be key, for building your custom software. As you pull the code in and your developers build their solutions, their applications, being able to vet the steps in your pipeline, and attest that nothing has happened in that pipeline, is really going to be key. >> So the software bill of materials is going to give you, a granular picture of your software, and then what the chain of, providence if you will or? >> Well, an S-bomb depending on the format, an S-bomb absolutely can provide a chain of providence. But another thing when we think about it, from the security angles, so there's the providence, where did this come from? Who provided it to me? But also with that bill of materials, that list of packages, you can leverage tooling, that will give you information about vulnerability information about those packages. At Red Hat we don't think that vulnerability info should be included in the S-bomb, because vulnerability data changes everyday. But, it saves you a step potentially. Then you don't necessarily have to be so concerned about doing the scan, you can pull data about known vulnerabilities for those packages without a scan. Similarly the attestation in the pipeline, that's about things like ensuring that, the code that you pull into your pipeline is signed. Signatures are in many ways of more important piece for defining providence and getting trust. >> Got it. So I was talking to Asiso the other day, and was asking her okay, what are your main challenges, kind of the standard analyst questions, if you will. She said look, I got great people, but I just don't have enough depth of talent, to handle, the challenges I'm always sort of playing catch up. That leads one to the conclusion, okay, automation is potentially an answer to address that problem, but the same time, people have said to me, sometimes we put too much faith in automation. some say okay, hey Kirsten help me square the circle. I want to automate because I lack the talent, but it's not, it's not sufficient. What are your thoughts on automation? >> So I think in the world we're in today, especially with cloud native applications, you can't manage without automation, because things are moving too quickly. So I think the way that you assess whether automation is meeting your goals becomes critical. And so looking for external guidance, such as the NIST's Secure Software Development Framework, that can help. But again, when we come back, I think, look for an opinionated position from the vendors, from the folks you're working with, from your advisors, on what are the appropriate set of gates. And we've talked about vulnerability scanning, but analyzing the configed data for your apps it's just as important. And so I think we have to work together as an industry, to figure out what are the key security gates, how do we audit the automation, so that I can validate that automation and be comfortable, that it is actually meeting the needs. But I don't see how we move forward without automation. >> Excellent. Thank you. We were forced into digital, without a lot of thought. Some folks, it's a spectrum, some organizations are better shape than others, but many had to just dive right in without a lot of strategy. And now people have sat back and said, okay, let's be more planful, more thoughtful. So as you, and then of course, you've got, the supply chain hacks, et cetera. How do you think the whole narrative and the strategy is going to change? How should it change the way in which we create, maintain, consume softwares as both organizations and individuals? >> Yeah. So again, I think there's going to be, and there's already, need request for more transparency, from software vendors. This is a place where S-bombs play a role, but there's also a lot of conversation out there about zero trust. So what does that mean in, you have to have a relationship with your vendor, that provides transparency, so that you can assess the level of trust. You also have to, in your organization, determine to your point earlier about people with skills and automation. How do you trust, but verify? This is not just with your vendor, but also with your internal supply chain. So trust and verify remains key. That's been a concept that's been around for a while. Cloud native doesn't change that, but it may change the tools that we use. And we may also decide what are our trust boundaries. Are they where are we comfortable trusting? Where do we think that zero trust is more applicable place, a more applicable frame to apply? But I do think back to the automation piece, and again, it is hard for everybody to keep up. I think we have to break down silos, we have to ensure that teams are talking across those silos, so that we can leverage each other's skills. And we need to think about managing everything as code. What I like about the everything is code including security, is it does create auditability in new ways. If you're managing your infrastructure, and get Ops like approach your security policies, with a get Ops like approach, it provides visibility and auditability, and it enables your dev team to participate in new ways. >> So when you're talking about zero trust I think, okay, I can't trust users, I got to trust the verified users, machines, employees, my software, my partners. >> Yap >> Every possible connection point. >> Absolutely. And this is where both attestation and identity become key. So being able to, I mean, the SolarWinds team has done a really interesting set of things with their supply chain, after they were, in response to the hack they were dealing with. They're now using Tekton CD chains, to ensure that they have, attested every step in their supply chain process, and that they can replicate that with automation. So they're doing a combination of, yep. We've got humans who need to interact with the chain, and then we can validate every step in that chain. And then workload identity, is a key thing for us to think about too. So how do we assert identity for the workloads that are being deployed to the cloud and verify whether that's with SPIFFE SPIRE, or related projects verify, that the workload is the one that we meant to deploy and also runtime behavioral analysis. I know we've been talking about supply chain, but again, I think we have to do this closed loop. You can't just think about shifting security left. And I know you mentioned earlier, a lot of teams don't have SecOps, but there are solutions available, that help assess the behavior and runtime, and that information can be fed back to the app dev team, to help them adjust and verify and validate. Where do I need to tighten my security? >> Am glad you brought up the SolarWinds to Kirsten what they're doing. And as I remember after 911, everyone was afraid to fly, but it was probably the safest time in history to fly. And so same analogy here. SolarWinds probably has learned more about this and its reputation took a huge hit. But if you had to compare, what SolarWinds has learned and applied, at the speed at which they've done it with maybe, some other software suppliers, you might find that they've actually done a better job. It's just, unfortunately, that something hit that we never saw before. To me it was Stuxnet, like we'd never seen anything like this before, and then boom, we've entered a whole new era. I'll give you the last word Kirsten. >> No just to agree with you. And I think, again, as an industry, it's pushed us all to think harder and more carefully about where do we need to improve? What tools do we need to build to help ourselves? Again, S-bombs have been around, for a good 10 years or so, but they are enjoying a resurgence of importance signing, image signing, manifest signing. That's been around for ages, but we haven't made it easy to integrate that into the supply chain, and that's work that's happening today. Similarly that attestation of a supply chain, of a pipeline that's happening. So I think as a industry, we've all recognized, that we need to step up, and there's a lot of creative energy going into improving in this space. >> Excellent Kirsten Newcomer, thanks so much for your perspectives. Excellent conversation. >> My pleasure, thanks so much. >> You're welcome. And you're watching theCUBE, the leader in tech coverage. (soft music)