>>I'm john free with the Q we are here. It's exciting news around the next evolution switching, Sony jean Donny, co founder and chief business officer Pensando and David Hughes chief product and technology officer Aruba HP. Welcome back. We just heard from Antonio neary and john Chambers about the HPV Ruba partnership with Pensando and the new switching platform. Tell me more about the exciting news you're announcing? >>Yeah, I'm really excited today to be introducing the CX 10,000 distributed services switch. It's a brand new class of switch way bringing together the best of Aruba switching technology adding to R C X portfolio combining with Pence Sandoz technology that technology embedded in the platform. The problem we're solving is that in a traditional data center, all of those services like fire walling and low balancing provided by centralized appliances. And while that might be okay for north south traffic traffic that's going in and out of the data center. It's not scalable and it's not cost effective to apply to every service in every port to every flow traversing their data center As we all know with microservices more and more of the traffickers east west over 70% today and growing and so what we're doing here with the C X 10,000 is giving enterprises away to take the smart nick technology that's been proven out by hyper scholars and introduce it into their data centers in a very cost effective and easy to deploy way we're embedding that capability in the top of rack switch so that we can apply Fireable services, low balancing services to every port To every flow, delivering 100 times a scale in terms of a CLS 10 times of performance, in terms of encryption at a third of the cost of those traditional network architectures. So it's a super exciting time, >>love the speed, love the energy there. But I gotta ask what makes this a new category of switch. >>Well if you take a look at the journey we have been on as we have evolved our data centers and the applications have evolved for our customers. Uh and the world is now a bold new world of multi cloud. Uh the architecture is in the data center which are leaves spine architectures have become the new norm. Software defined, networking is pervasively deployed by our customers but as this journey began five or seven or even about 10 years ago uh and has culminated into a much more mature set of building blocks. We have taken the problem from one space of automating networks in the data center to then introducing lots and lots of expensive appliances to bring about security for example, or the state full services, whether it's load balancing or whether it's encryption and visibility and telemetry types of services. Now the customers had to try, you know, trombone all the traffic in and out of these appliances driving up the cost uh and the complexity and when time comes to troubleshoot these environments, it's extremely complex because you're trying to rationalize fabrics coming from one place appliances coming from four or five different vendors, maintaining all the software elements that need to be kept track off. Uh and as more and more customers want to aspire towards zero trust security model. Uh we need to start to embrace a lot of the principles that have been implemented by the hyper scholars and the cloud vendors, which is doing away with the appliances doing away with agent technology on servers, but instead to bring that technology for east west uh into play as well as to ensure that if there are bad actors that are landing inside of the data centers that they do not have the ability to, you know, create attack surfaces with complete lateral movement. Today, that is possible. Uh if you look at 70% of all the attacks that have been happening here in the past few years, it's as a result of having a attack surface which is pretty large in the data centers. And that gets further complicated when you move towards a multi cloud environment where the perimeter of the data center is now moving into the edge. Whether that edges, whether fleet resides for our customers or whether that edge happens to be a co location edge where you're building your own rampant off ramps. So I think the compelling event essentially is driven by the whole notion of distribution of services and having them available from a security and from a services point of view and these are state full services as close to the workload as you possibly can get them. >>So you guys really hit on some key points, their cloud, native microservices East west, north south, um no perimeter edge. These are topics that we would talk about kind of individually over the years, it's happening now all at the same time, this is causing a lot of complexities and then the security challenges you just laid out are everywhere. This brings up a big conversation around solving this. How does this new architecture, this solution solve the complexity and the security challenges in the data center. >>If you look at the use cases that our customers are talking about. The first, the initial use case really is to bring about security and state full security for east west traffic right into the fabric of their data centers. So having the ability to deliver that while eliminating the complex appliances only to do the job which they do very well, which is not South protection of services. Uh that also allows us the ability then to start to deliver visibility and telemetry at the same time that we're delivering state full security firewall and micro segmentation services because what I cannot see, I cannot secure. Uh so those two elements are initial use cases out of the box for our customers as we deliver this platform to them and then as more and more use cases that are becoming evident to us through customer interactions come into play. For example, the co location edge that I would like. David to walk you through a bit more in terms of how we help solve for that use case. >>So for the cooler use case, I think we're moving from a world where people talk about data centers to now talking about centers of data and those centers of data. Yes, they can be in a core private data center, they could be in the cloud but more and more they're going to be distributed around the edge in co location environments. And what we need to be able to do is extend those services that were provided in the data center to be provided in those Kahlo's at the edge And again we want to do that without having to deploy a whole rack of appliances that may be cost more than a computer itself and so with the CX- 10,000 we can have that as a top of rack switch for that polo. And from that switch deploy all of the encryption and firewall ng services that that polo requires. And what's important is that we're doing it with the same policy framework under the same management system across the whole enterprise in the data center as well as in these co location environments and out into the cloud. >>So you guys mentioned visibility and a quick follow up on this question because you mentioned visibility can't see it, you can't protect it. But also there's a lot of workloads that people are trying to automate. These are two factors. Can you guys just double down on that? I want to just get that out there because I think this becomes a big thing. >>I think policy having the ability to have an intent based policy that is a foundational technology building block that we are brought together is a very important element. And then when you map it back to tools that Aruba is extending support for including this platform, become very valuable. So David, why don't you walk us >>through? You know, I think one of the advantages that we bring is that this is an extension of the Aruba C X switching portfolio. So yeah, it's a cloud native microservices, very modern switch architecture and we have a comprehensive management platform, the Aruba fabric controller. And so what we are doing is making sure that everything fits together nicely, that we're delivering a complete solution to our customers. But one important thing to mention here is that we are thinking about how customers can do this step by step. So no, we're not requiring them to rebuild their entire data center, They can do this one rack at a time. We can work with their existing spine and deploy one leaf at a time in a very measured way. And so we think it's a great way for enterprises to be able to consume this modern distributed platform. >>That's a great segment. The next question. I mean I totally see this as you guys are talking about the cloud native trend, driving a cloud operational model to every edge. The data center is just another edge. It's a center of data. Love that. I love that line. So I have to kind of ask the operational side of the question, how would an enterprise customers manage all this take us through the nuts and bolts of deploying and managing of his gum? A customer >>That's a very good question. If you take a look at the customer's deployment models and let's let's take the example of they want to now bring in this technology and build a part or highly secure part with it for east west and to make sure that they're protecting 100% of that east west traffic. I think that leveraging all the building blocks that we have innovated between us and Aruba. We want to make sure that the ecosystem that the customer has built, they want whether they have built it with companies like Splunk and service now or Guardianco, they want integration points will be made available to them. If you take a look at, take a step back and say for these environments as you aspire to go toward zero trade security. The issues of inserting security appliances into network flows and having the ability to map it to the knowledge of applications and their dependencies for policy becomes an important function to tackle. So once you accept that, Okay, I have state full security functions built into this top of rack device available for my applications and all workloads, whether they're container workloads, bare metal workload, virtualized workloads uh and I have complete visibility into those workloads without compromising on connectivity and I can control through enforcement of policy where I need it because now security is part of the fabric, it's not a bolt on. Then comes the job of integration with an ecosystem. So whether you're looking at seem and sold companies where we are delivering in close collaboration with Splunk, A Pensando app for Splunk there's also going to be the availability of an elastic module, A plug in module. Uh then turn attention to what's more automation and devops and civil playbooks for the C X 10-K will be made available day one so that where you do not have the ability to deploy the A. F. C. You can use your existing answerable toolkit and they're making those playbooks available to our customers. Uh They want integration with application discovery mapping companies like Guardianco, allowing them to discover who's talking to whom and push and enforce that policy through the C X 10-K will allow for more automated deployments of those policies and finally, compliance integration with vendors like too thin for continuous security compliance monitoring becomes extremely important as the screen depicts a lot of lot of visualization capabilities with companies like Elk which are in beta today and answerable and Splunk and Elk will all be targeted at first customer shipment. So again, telemetry visibility with the integration of the ecosystem. Uh, it becomes a very powerful combination for the customers as they look to operationalize this for day to day three and they, you know, day one, day two, day three automation. >>That's awesome. David, I'd like to let you weigh in on this whole question of operations because you're hitting all the marks here that are relevant cloud, native microservices, apps, explosion and data volume and velocity, hyper scale operational cloud operations, performance, price point security all in this one solution. This is big. Um, it's not like you mentioned earlier, it's not a rip and replace but you can roll it out how how do you see a customer best operational izing this new, >>You know, I think the answer is a little bit different for each customer but you are very careful at the beginning, we introduced this. It's an evolution of switching. It's not a revolution where we have to replace everything and I think that's really exciting is that it builds on the foundational architecture of leaf and spine. And what we're able to do is let that customer introduced these new capabilities one leaf at a time. So maybe when they're upgrading from 10 gigs to 25 gigs, it's a great time for them to introduce this capability into their data center um and then depending on their application, you know, it may be, as Sony said that they've got one particular application, a crown jewel application and so they want to build out that in one rack and provide, you know, very, very robust East west as well as north south um security around that application, but there's so many different ways that customers can deploy this technology and what's really exciting is now is we're beginning to work with our customers, learning about these new use cases and then feeding that back into our roadmap and we all >>know, as you get down lower in the network layer, security is distributed architecture. So everything is paramount like security, super relevant, great conversation, I gotta ask what's next with this technology. Yeah, >>well, you know the teams, the two engineering teams are working together and this is step one on, on a really exciting new path, I don't know, Sony, what would you say? >>I think there's a lot more to come here. This is just a starting point. We have an incredibly strong partnership and go to market partnership here with Uber team with this platform. It is just the beginning uh and it will lead our customers onto the multi cloud journey. Uh and last but not least, I would like to say that you know, in closing uh that are seldom opportunities where you look at disrupting the way things are happening while fitting into customers existing models. So this is, as I said with everything being software defined, you will continue to see as delivering at great velocity more and more software defined services, whether it's encryption, Lord balancing and other state full services over time. Making this technology easier to deploy by fitting into the existing ecosystem and continuing to provide them with the 100 extra scale, 10 X. The performance as well as the ability to do it at a third of the same, you know, at the third of the cost of what they would need to if they had to build this uh today with disparate devices, >>exciting news in the industry. You guys are the pros you've seen all the waves of innovation over the years. I guess my final final question would be, how would you summarize this point in time right now? This is pretty um exciting all this is all happening At the same time, customers are having opportunity to innovate the pandemic has shown a lot of scale and and the need for stability and security. This is a special moment. How would you guys weigh in on that? >>Yeah, I think about it every decade, there's a change in how data centers a belt. And so this is the change that's happening this decade. Moving to a distributed services, switch. The other big mega trend that I see is this move, as I said from data centers to stand as a data and the opportunity for customers to use this technology as they move out to the edge. Have distributed compute and tell us, what do you think Sony? >>I think I couldn't agree more. I think there are so many various technology transitions occurring now. The cloud being the biggest one. Uh the explosion of data and uh, you know, the customers making decisions of having a distributed model And if indeed two thirds, if not 75% of all data will be processed at the edge over the next few years. This architecture is prime for the enterprise to go leverage their best practices of today while they can gradually move that architecture is for the future, which is a multi cloud future >>centers of data, large scale cloud operations automation. The speed of innovation has never seen this before. Uh It's exciting time. Sunny, thank you for coming on. And David, thanks for chatting about this exciting new announcement. Thank you very much. >>Thank you. Thank you. >>This is the power of and hp. Ruba and Pensando partnership. I'm john forward the cube. Thanks for watching. Mhm

>>Welcome back to the doctor khan cube conversation. Dr khan 2021 virtual. I'm john for your host of the cube of mulch, Donny co founder and CTO and see so for accurate hot startup hot company. Uh, thanks for coming on the cube for dr continent and talking cybersecurity and cloud native. Super important. Thanks for coming on, >>appreciate john. Thanks for having me. >>So here dr khan. Obviously the conversations around developer experience, um, making things more productive. Obviously cloud scale cloud native with docker containers with kubernetes all lining up right in line with the trend that's now going mainstream and all commercial enterprises. I mean developer productivity security is a huge times thing if you don't get it right. So, you know, shifting left is that everyone's talking about, but this is a huge challenge. Can you, can you talk about what you guys do at your company and specifically why it relates to this conversation for developers at dr khan. >>Sure. Um, so john as we understand today, there are millions of uh, you know, code comments that are happening in cloud native environments on daily basis. Um, you know, in a recent report, Airbnb reported, they've checked in 125,000 plus times ham charts in an ear. And what that means is that, you know, the guitars revolution is here. Uh, and that also means that, well, you got your kubernetes clusters sinking up with infrastructure as code, such as ham chart customized and yarrow files right almost several times a day now, what that also means is that the opportunity to make sure that your clusters are being deployed securely by these infrastructure as code templates and deployment has called template is available before the deployment happens and not after the deployment. Also, in order to reduce the cost or detecting security challenges. The best option and opportunity is during the development time and during the deployment time, which is the pipeline time and that's what we offer. We shift your cloud, native security posture detection to left. We detect all your security posture related issues while the code is in development in the design phase as well as while it is about to get deployed, that is within the guitars pipelines or your traditional develops pipelines and not only with detect where we sell feel the code as well, specifically infrastructure as code. So we detect the problems and we fix the problem by generating the remediation code which we like to call it as remediation is called. The detection mechanisms like all this policy is called. That's the primary use case that we offer. We help developers reduce the cost of remediation and also meantime to the mediations for security problems >>and actually see them a boatload of hassle to going back and figure out how they wrote the code at that time. And kind of what happened always is a problem. Um, I gotta Okay, so I'm gonna get into this policy is code. You mentioned that also you mentioned Getafe's revolution. Let's get to that in a second. But first I want you to explain to the folks what is cloud native security and what does that mean? And what kind of attacks emerge as that surface area becomes apparent? >>Absolutely. So cloud native security is a very interesting new paradigm. Uh it's not just related with one single control pain like take, for example, Cuban haters, it's not just that, it's also the supply chain elements that go into the deployment of your cloud native clusters. Like see if kubernetes cluster you need to secure not just the application code which is running inside your container images, but also the container image itself, then the pod, then the name space, then the cluster. And also you need to do all the other cyber hygienic, high generated things that we were doing previously. So it's so much of complexity because availability of different control planes, you need to be able to make sure that you are doing security, not just right, but at a very, very cost effective in a very, very cost effective manner. And the kind of attacks that we are predicting we're going to see in cloud native world are going to be very different from what we have seen so far. Especially there's a new attack type that I am have coined. I call that as cloud native waterhole attack. What it means is that imagine that most of the cloud native infrastructures are developed out of a lot of different open source components and pieces. So imagine you're pulling up a container image from a open source container agency and that continued which contains a man there container image can directly land into your cluster and not only can enter into your so called secure cluster environment. Usually the cluster control planes are not exposed to internet but deployment of one supply chain element like a Mallory's container image and exposed to an entire cluster. And that's what is waterhole attack when it comes to chlorinated water hole attacks to supply chains. So these are some very innovative and noble attacks that you know, we Uh you know, predict are going to come to our weigh in next 12-18 months. >>So you say it's a waterhole attack. That's the that's the coin term that you've made. So basically what you're saying is the container could be infected with all the properties that is containing into a secure cluster. It's almost been penetrated like malware would or spear phishing attack, it targets the cluster and then infects it. >>So not only that because your continuing images that you're pulling in um from your registries registries can be located anywhere right? If you do not do proper sanitization and checking off your supply chain components such as a continuing image, it can land insecure zones like this. So not only in a cluster, it can become part of a system named space very soon and and that's where the risks are that, you know, you had a parameter, you know, at least of some sort when it was non cloud native environments. And now you have a kind of false sense of security that I have equivalent is cluster, which sort of air gap in one way like there's no exposure to internet of the control plane control being a P. I. Is not supposed to Internet, that doesn't mean anything. A container enters into your cluster can take over the entire cluster. >>All right, so that's cool. So I love that attacks kind of attack. So back to cloud native security definition. So you're defining cloud native security as cloud native clusters. Is it specific around kubernetes or what specifically the cloud native security? What's the category? If the if water holds the attack vector, what's cloud native security means? >>So what it means is that you need to worry about multiple different control planes in a cloud native environment. It's not just a single control pain that you have to worry about. You have to worry about your uh as I said, kubernetes control plane, you have service measures on top of it, You could have server less layers on top of it and when you have to worry about so many different control pains, but it also means is that the security needs to become part of and has to get baked into the entire process of building cloud native environment, not afterthought or it shouldn't happen after the fact. >>See the containers for containers that watch the containers security for the security to watch the security. So you get so let's get we'll get to that. I want to get back to the solution, but one more thing. Um this one piece. So your c so um there you have a lot of shops in there from your background, I know that. Um So if if people out there, other Csos are looking at expanding, You know, day one day 2 ongoing, you know, ai ops get upstate to operate what everyone call it cloud native environments. How do they consider figuring out how to deploy and understand cloud need to secure? What do they have to do if you're a c So knowing what, you know, what steps are you taking? >>Yeah, it's funny that, you know, there's a big silo today between the sea, so organizations and the devops and get ops teams. Uh so the number one priority, in my opinion, that the sea so s uh you know, have to really follow is having visibility into the uh developers. So developers who are developing not just code but also infrastructure as code. So there is a slight difference between writing python code versus writing uh say ham charts or customized templates. Right? So you need as a see saw, you know, see so our needs to have full visibility into Okay, out of 100 developers, how many do I have who are writing deployment as code? And then how many of them are continuously checking in code and introducing security issues? Those issues have to be visualized while the issues are written in code and as they are getting checked into the repositories, so catch the security issues while the code is getting checked into the repository. And the next best stages catch the issues while the pipelines are picking up the code from the repository. So sisters needs to have visibility into this. I call it as shift left visibility for CSOS. So sisters need to know, okay, what are my top 10 developers who are writing infrastructure as code? How many of those developers are committing wonderful code. How many of these pull requests which have been raised have got security violations? How many of them have been fixed and how many have not been fixed? That's what is the visibility that can uh you know, provide opportunities to seize organizations to >>react and more things to put KPI S around two to understand where the gaps are and where the potential blind spots are. Okay, shift left visibility to see. So if you've got the get ups revolution, you got the waterhole attacks. You have multiple control planes obviously complex. The benefits of cloud native though are significant and people doing modern applications are seeing that. So clearly this is direction that everyone's going. The consensus is clear. So how do you solve this? You mentioned policy as code. I'm kind of connecting the dots here. If I'm going to understand what's going on in real time as the code is in flight as it's checking in. For instance, this is kind of in the pipeline as you say. So this has to be solved. What is the answer to this? Because it's clearly the way people want it. No one wants to come back and say we got hacked or development being pulled off task to figure out what they fixed or didn't do what's the policy is code angle? >>So um you know, of course, you know, there could be more than one ways to solve this problem. The way we are solving this problem is that first thing we are bringing all top type of infrastructure as code and the control planes into a single uniform format, which we like to call it as cloud, as code. The reason why we do that so that we can normalize the representation of these different data sets in one single normalized format. And then we apply open policy agent which is a C N C F uh graduated project, which is kind of the de facto standard to do any kind of policy is called use cases in the cloud native world today. So we apply open policy agent to this middleware that we create, which basically brings all these different control plane data, all the different infrastructures code into anomalous format. We apply O P A and we use policies to apply uh Opie on this data this way. What happens is that we write, for example, we want to write a policy, you don't want certain parts to be exposed to Internet in a given name space. You can write such a policy. This policy, you can run on life cluster as well as on the hand charts, which is your development side of the artifact. Right. Because we're bringing both these datasets into middleware. So in short, one of the solutions that we are proposing is that different control planes, different infrastructures, code has to be brought into a normalized format. And then you apply frameworks like Opie a open policy agent to achieve your policy is called use cases. >>What is the attraction for this direction? O. P. A. In particular obviously controlled planes. I get that. I can see the benefit of having this abstraction away with the normalization. I think that would enable a lot of innovation on top of it. Um Makes a lot of sense, totally cool. What's the attraction? What's the vibe? Are people reacting to this? Uh Some people might say whoa hold on, you're taking on too much uh your eyes are bigger than your stomach. You're taking on too much territory. Whoa, slow down. I can I I want to own that control plane. There's a lot of people trying to own the control plane. So again it's a little bit of politics here. What's your what's your thoughts on the momentum? What's the support, what's it look like? >>Yeah, I think you are getting it right, the political side of things. So, um, you know, one responses that, look, we have launched our open source project contour a scan uh last year and uh you know, we're doing pretty well. It's a full opium based uh in a project which allows you to do policies code on not only new cloud control planes, like, you know, kubernetes and others, but also the traditional control planes provided by CSP s like cloud security, cloud service providers. So parents can can be used not just for hand charts and customized, but also for terra form. What we are uh promoting is open culture. With scan. We want community to contribute, become part of it. Um yes, we are promoting a middleware here uh but we want to do it with the help of the community and our reaction what we're getting is very very good. We are in our commercial offering also we use opa we have good adoption going on right now. We believe will be able to uh you know with the developer community, you have this thing going for us. >>I love cloud as code. It's so much more broader than infrastructure as code and I'll see the control plane benefits. You know when I talk to customers, I want to get your reaction to this because I really appreciate your experience and and leadership here. I talked to customers all the time and I wont say name, I won't name names but they're big, big and fintech and you'll big and life sciences in other areas. They all say we want to bring best to breed together but it's too hard to make it all work. We can get it done, but it's a lot of energy. So obviously building code and getting into production that is just brute force. Anyway, they got to get that done and they're working on their pipe lining. But getting other best of breed stuff together and making it work is really hard. Does this solve that? Do you, are you helping solve that problem? Is this an integration opportunity? >>Yes, that and that is true and we have realized it, you know, uh long back. So that's why we do not introduce any new tooling into the existing developer workflows, no new tool whatsoever. We integrate with all existing developer workflows. So if you are a, you know, modern uh, you know, get off shop and you're using flux or Argo, we integrate terrace can seamlessly integrated flux in Argo, you don't even get to know that you already have what policy is called enabled if you're using flux Argo or any equivalent, you know, getups, toolkit. Likewise, if you are using any kind of uh, you know, say existing developer pipeline or workflows such as, you know, the pipelines available on guitar, get lab, you know, get bucket and other pipelines. We seamlessly integrate our motor is very, very simple. We don't want to introduce one more two for developers, we want to introduce one more per security. We want to get good old days, >>no one wants another tool in the tool shed. I mean it's like, it's like really like the tool shit, they get all these tools laying around. But everyone again, this is back to the platform wars in the old days when I was younger. Breaking into the early days of the web platforms were everything you have to build your own proprietary platform Wasn't some open source being used, but mostly it was full stack. Now platforms are inter operating with hybrid and now Edge. So I want to get your thoughts on and I'm just really a little bit off topic. But it's kind of related. How should companies think about platform engineering? Because you now have the cloud scale, which in a way is half a stack. You don't really if you're gonna have horizontal scalability and you're gonna have these kind of unified control planes and infrastructure as code. Then in a way you don't really need that full stack developer. I mean I could program the network. I don't need to get into the weeds on that. I got now open policy agent on with terrorists. Can I really can focus on developing this is kind of like an OS concept. So how should companies think about platforms and hiring platform engineers and and something that will scale and have automation and all the benefits and goodness of the cloud scale. >>Yeah, I mean you actually nailed it when you began uh we've been experienced since we've been experiencing now since last at least 18 months that and if I were specifically also, I'll touch based on the security side of things as well. But platform engineering and platforms, especially now everything is about interoperability and uh, what we have started experiencing is that it has to be open. The credibility any platform can gain is only through openness interoperability and also neutrality. If these three elements are missing, it's very hard to push and capture the mind share of the users to adopt the platform. And why do you want to build a platform to actually attract partners who can build integrations and also to build apps on top of it or plug ins on top of it? And that can only be encouraged if there is, you know, totally openness, key components have to be open source, especially in security. I can give you several examples. The future of security is absolutely open source, the credibility cannot be gained without that. A quick example of that is cystic. I mean, who thought they were gonna be pulling such a huge, you know, funding round, of course that all is on the background of Falco, Right? So what I'm trying to play and sing and same for psyllium, Right? So what I'm clearly able to see is the science are that especially in cybersecurity community, you are delivering open source based platforms, you will have the credibility because that's where you will get the mindshare developers will come and you know, and work with you of course, you know, I have no shame naming fellow vendors right, who are doing this right and this is the right way to do it. >>Yeah. And I think it's it's totally true and you see the validation on that just to verify your point out that we have a little love fest here on open source, it's pretty obvious the the end user communities are controlled not the hard core and users like the hyper scholars, you know, classic enterprises are are starting not only contribute participate but add value more than they've ever have. The question I want to ask you is okay. I totally agree on open as data becomes super important because remember data is only as good as what you have and the more data the better the machine learning the better the data scale, um, sharing is important. So open sharing kind of ties into open source. What's your thoughts on data? Data policy, is this going to extend out into data control planes? What's your thoughts there? I'd love to get your input. >>We are a little little bit early in that thought. I think it's gonna take a little while uh for you know, the uh for the industry bosses to come to terms to that uh data lakes and uh you know, data control planes eventually will open up. But you know, I I see there is resistance in that space today uh but eventually it's gonna come around. You know, that has because that would be the next level of openness, you know, once the platforms uh in a mature as an example right today. Um you want to write uh you know, any kind of say policies for your same products, right. Uh you have the option available to write policies and customized, you know, languages. But then many platforms are coming up which are supporting policy is developed in in languages which are open and that's data which is going to open up, you know very soon. So you will not be measured in terms of how many policies you have as a product, but you will be measured. Can you consume? Open policies are not so i that it is going to go there, it's going to take a little while, but I think he is going to move that. >>It makes sense. Get the apparatus built on the infrastructure side. Once you have some open policy capability that's going to build an abstraction on top of it, then you can program data to be more policy driven or dynamic based upon contextual behavioural dynamics. So it makes a lot of sense. Oh, great insight here, love the conversation, Congratulations on your success. Love the vision. Love the openness. I'll see. We think uh data as code is big too. Obviously media's data where CUBA is open. We have we have the same philosophy. So thanks for sharing. Love the vision. Take a minute to plug the company. What are you guys looking to do? Uh you guys hiring, take a minute to put the plug out for the for the company? >>Absolutely. We are absolutely hiring great ingenious, you know, a great startup mind folks who want to come and work for a very, very innovative environment. Uh we are very research and development, you know driven and have brought various positions available today. Um we are trying to do something which has not been attempted before. Our focus is 100% on reducing the cost of security. And uh you know, in order to do that, you really have to do things that previously were not in development environments. And that's where we're going. We're open source uh, you know, open source initiatives, big open source lovers and we welcome people come in and apply our positions, >>reduce the cost of security, do the heavy lifting for the customer with code and have great performance, that's the ultimate goal. Great stuff. Cloud need security, threat modeling, deV stickups, shifting left in real time. You guys got a lot of hard problems you're attacking? >>Um well, you know, some of the good things uh that we're doing is also because of the team that we have right. Most of our co team comes from very heavy threat modeling, threat analysis and third intelligence background. So we have we're blending a very unique perspective of allowing developers to tackle the threats, which they're not supposed to even understand how they work. We do the heavy lifting from threat intelligence point of view, we just let the developers work on the code that we generate for them to fix those threats. So we're shipping threat intelligence and threat modeling also to left. Uh we're one of the first companies to create threat models just out of infrastructure is called, we read your infrastructure as code and we create a digital twin of your cloud late at one time, even before it has been actually built. So we do some of those things which we like to call it just advanced bridge card prediction where we can predict whether you have reach parts a lot in your runtime environment that would have been committed. >>And then the Holy Grail obviously the automation and self healing um is really kind of where you've got to get to. Right, that's the whole that's the whole ballgame, right? They're making that productive. Oh, thank you for coming on a cube here. Dr khan 2021 sharing your insights, co founder and CTO and see so. Oh much Danny. Thank you for coming on. I appreciate it, >>monsieur john thank you for having >>Okay Cube coverage of Dr Khan 2021. Um your host, John Fury? The Cube. Thanks for watching. Yeah.

[Music] Andre one of the things that have come up is your relation with Russia as we talked about so I have to ask you a direct question do you to work with sanctioned Russian entities or Russian companies shown we and c5 we do not work with any company that's sanctioned from any country including Russia and the same applies to me we take sanctions very very seriously the one thing you don't mess with is US sanctions which has application worldwide and so you always have to stay absolutely on the right side of the law when it comes to sanctions so nothing nothing that's something that's connection nets are trying to make they're also the other connection is a guy named Victor Vail Selberg Viktor Vekselberg Vekselberg to go with the Russian names as people know what is your relationship with Viktor Vekselberg so victim Viktor Vekselberg is a is a very well known Russian businessman he's perhaps one of the best known Russian businessman in the West because he also lived in the US for a period of time it's a very well-known personality in in in Europe he's a donor for example to the Clinton Foundation and he has aggregated the largest collection of Faberge eggs in the world as part of national Russian treasure so he's a very well known business personality and of course during the course of my career which has focused heavily on also doing investigations on Russian related issues I have come across Viktor Vekselberg and I've had the opportunity to meet with him and so I know him as a as a business leader but c5 has no relationship with Viktor Vekselberg and we've never accepted any investment from him we've never asked him for an investment and our firm a venture capital firm has no ties to Viktor Vekselberg so you've worked had a relationship at some point in your career but no I wouldn't on a daily basis you don't have a deep relationship can you explain how deep that relationship is what were the interactions you had with him so clarify that point so so I know Viktor Vekselberg and I've met him on more than one occasion in different settings and as I shared with you I served on the board of a South African mining company which is black owned for a period of a year and which Renova had a minority investment alongside an Australian company called South 32 and that's the extent of the contact and exposure I've had to so casual business run-ins and interactions not like again that's correct deep joint ventures are very kind of okay let's get back to c5 for a minute cause I want to ask you it but just do just a circle just one last issue and Viktor Vekselberg Viktor Vekselberg is the chairman of scope over the Russian technology innovation park that we discussed and he became the chairman under the presidency of President Dmitry Medvedev during the time when Hillary Clinton was doing a reset on Russian relations and during that time so vekselberg have built up very effective relationships with all of the or many of the leading big US technology companies and today you can find the roster of those partners the list of those partners on the scope of our website and those nuclear drove that yes Victor drove that Victor drove that during during in the Clinton Secretary of this started the scope of our project started during the the Medvedev presidency and in the period 2010-2011 you'll find many photographs of mr. vekselberg signing partnership agreements with very well known technology companies for Skolkovo and most of those companies still in one way or another remain involved in the Skolkovo project this has been the feature the article so there are I think and I've read all the other places where they wanted to make this decision Valley of Russia correct there's a lot of Russian programmers who work for American companies I know a few of them that do so there's technology they get great programmers in Russia but certainly they have technology so oracles they're ibm's they're cisco say we talked about earlier there is US presence there are you do you have a presence there and does Amazon Web service have a presence on do you see five it and that's knowing I was alright it's well it's a warning in the wrong oh sorry about that what's the Skog Obama's called spoke over so Andres Kokomo's this has been well report it's the Silicon Valley of Russia and so a lot of American companies they're IBM Oracle Cisco you mentioned earlier I can imagine it makes sense they a lot of recruiting little labs going on we see people hire Russian engineers all the time you know c5 have a presence there and does AWS have a presence there and do you work together in a TBS in that area explain that relationship certainly c5 Amazon individually or you can't speak for Amazon but let's see if I've have there and do you work with Amazon in any way there c-5m there's no work in Russia and neither does any of our portfolio companies c5 has no relationship with the Skolkovo Technology Park and as I said the parties for this spoke of a Technology Park is a matter of record is only website anyone can take a look at it and our name is not amongst those partners and I think this was this is an issue which I which I fault the BBC report on because if the BBC report was fair and accurate they would have disclosed the fact that there's a long list of partners with a scope of our project very well known companies many of them competitors in the Jedi process but that was not the case the BBC programme in a very misleading and deceptive way created the impression that for some reason somehow c5 was involved in Skolkovo without disclosing the fact that many other companies are involved they and of course we are not involved and your only relationship with Declan Berg Viktor Vekselberg was through the c5 raiser bid three c5 no no Viktor Vekselberg was never involved in c5 raiser Petco we had Vladimir Kuznetsov as a man not as a minority investor day and when we diligence him one of our key findings was that he was acting in independent capacity and he was investing his own money as a you national aniseh Swiss resident so you if you've had no business dealings with Viktor Vekselberg other than casual working c-5 has had no business dealings with with Viktor Vekselberg in a in a personal capacity earlier before the onset of sanctions I served on the board of a black-owned South African mining company and which Renault bombs the Vekselberg company as a minority investment alongside an Australian company called South 32 and my motivation for doing so was to support African entrepreneurship because this was one of the first black owned mining companies in the country was established with a British investment in which I was involved in and I was very supportive of the work that this company does to develop manganese mining in the Kalahari Desert and your role there was advisory formal what was the role there it was an advisory role so no ownership no ownership no equity no engagement you call them to help out on a project I was asked to support the company at the crucial time when they had a dispute on royalties when they were looking at the future of the Kalahari basin and the future of the manganese reserve say and also to help the company through a transition of the black leadership the black executive leadership of the cut year is that roughly 2017 so recently okay let on the ownership of c5 can you explain who owns c5 I mean you're described as the owner if it's a venture capital firm you probably of investors so your managing director you probably have some carry of some sort and then talk about the relationship between c5 razor bidco the Russian special purpose vehicle that was created is that owning what does it fit is it a subordinate role so see my capital so Jones to start with c5 razor boot code was was never a Russian special purpose vehicle this was a British special purpose vehicle which we established for our own investment into a European enterprise software company vladimir kuznetsov later invested as an angel investor into the same company and we required him to do it through our structure because it was transparent and subject to FCA regulation there's no ties back to c5 he's been not an owner in any way of c5 no not on c5 so C fibers owned by five families who helped to establish the business and grow the business and partner in the business these are blue chip very well known European and American families it's a small transatlantic community or family investors who believe that it's important to use private capital for the greater good right history dealing with Russians can you talk about your career you mentioned your career in South Africa earlier talk about your career deal in Russia when did you start working with Russian people I was the international stage Russian Russia's that time in 90s and 2000 and now certainly has changed a lot let's talk about your history and deal with the Russians so percent of the Soviet Union I think there was a significant window for Western investment into Russia and Western investment during this time also grew very significantly during my career as an investigator I often dealt with Russian organized crime cases and in fact I established my consulting business with a former head of the Central European division of the CIA who was an expert on Russia and probably one of the world's leading experts on Russia so to get his name William Lofgren so during the course of of building this business we helped many Western investors with problems and issues related to their investments in Russia so you were working for the West I was waiting for the West so you are the good side and but when you were absolutely and when and when you do work of this kind of course you get to know a lot of people in Russia and you make Russian contacts and like in any other country as as Alexander Solzhenitsyn the great Russian dissident wrote the line that separates good and evil doesn't run between countries it runs through the hearts of people and so in this context there are there are people in Russia who crossed my path and across my professional career who were good people who were working in a constructive way for Russia's freedom and for Russia's independence and that I continue to hold in high regard and you find there's no technical security risk the United States of America with your relationship with c5 and Russia well my my investigative work that related to Russia cases are all in the past this was all done in the past as you said I was acting in the interest of Western corporations and Western governments in their relations with Russia that's documented and you'd be prepared to be transparent about that absolutely that's all those many of those cases are well documented to corporations for which my consulting firm acted are very well known very well known businesses and it's pretty much all on the on the Podesta gaiting corruption we were we were we were helping Western corporations invest into Russia in a way that that that meant that they did not get in meshed in corruption that meant they didn't get blackmailed by Russia organized crime groups which meant that their investments were sustainable and compliant with the Foreign Corrupt Practices Act and other bribery regulation at war for everyone who I know that lives in Europe that's my age said when the EU was established there's a flight of Eastern Europeans and Russians into Western Europe and they don't have the same business practices so I'd imagine you'd run into some pretty seedy scenarios in this course of business well in drug-dealing under I mean a lot of underground stuff was going on they're different they're different government they're different economy I mean it wasn't like a structure so you probably were exposed to a lot many many post-conflict countries suffer from predatory predatory organized crime groups and I think what changed and of course of my invested investigative career was that many of these groups became digital and a lot of organized crime that was purely based in the physical world went into the into the digital world which was one of the other major reasons which led me to focus on cyber security and to invest in cyber security well gets that in a minute well that's great I may only imagine some of the things you're investigated it's easy to connect people with things when yeah things are orbiting around them so appreciate the candid response there I wanna move on to the other area I see in the stories national security risk conflict of interest in some of the stories you seeing this well is there conflict of interest this is an IT playbook I've seen over the years federal deals well you're gonna create some Fahd fear uncertainty and doubt there's always kind of accusations you know there's accusations around well are they self dealing and you know these companies or I've seen this before so I gotta ask you they're involved with you bought a company called s DB advisors it was one of the transactions that they're in I see connecting to in my research with the DoD Sally Donnelly who is Sally Donnelly why did you buy her business so I didn't buy Sonny Donnelly's business again so Sally Tony let's start with Sally darling so Sally Donny was introduced to me by Apple Mike Mullen as a former chairman of the Joint Chiefs of Staff and Sally served as his special advisor when he was the chairman of the Joint Chiefs of Staff Apple Mullen was one of the first operating parties which we had in c5 and he continues to serve Admiral Mullen the four start yes sir okay and he continues to serve as one of operating partners to this day salad only and that will Mike worked very closely with the Duke of Westminster on one of his charitable projects which we supported and which is close to my heart which is established a new veteran rehabilitation center for Britain upgrading our facility which dates back to the Second World War which is called Headley court to a brand-new state-of-the-art facility which was a half a billion dollar public-private partnership which Duke led and in this context that Ron Mullen and Sally helped the Duke and it's team to meet some of the best experts in the US on veteran rehabilitation on veteran care and on providing for veterans at the end of the service and this was a this was a great service which it did to the to this new center which is called the defense and national rehabilitation center which opened up last summer in Britain and is a terrific asset not only for Britain but also for allies and and so the acquisition she went on to work with secretary Manus in the Department of Defense yes in February Feb 9 you through the transaction yes in February 2017 Sally decided to do public service and support of safety matters when he joined the current administration when she left her firm she sold it free and clear to a group of local Washington entrepreneurs and she had to do that very quickly because the appointment of secretary mattis wasn't expected he wasn't involved in any political campaigns he was called back to come and serve his country in the nation's interest very unexpectedly and Sally and a colleague of us Tony de Martino because of their loyalty to him and the law did to the mission followed him into public service and my understanding is it's an EAJA to sell a business in a matter of a day or two to be able to be free and clear of title and to have no compliance issues while she was in government her consulting business didn't do any work for the government it was really focused on advising corporations on working with the government and on defense and national security issues I didn't buy Sonny's business one of c-5 portfolio companies a year later acquired SPD advisors from the owner supported with a view to establishing and expanding one of our cyber advising businesses into the US market and this is part of a broader bind bolt project which is called Haven ITC secure and this was just one of several acquisitions that this platform made so just for the record c5 didn't buy her company she repeat relieved herself of any kind of conflict of interest going into the public service your portfolio company acquired the company in short order because they knew the synergies because it would be were close to it so I know it's arm's length but as a venture capitalist you have no real influence other than having an investment or board seat on these companies right so they act independent in your structure absolutely make sure I get that's exactly right John but but not much more importantly only had no influence over the Jedi contract she acted as secretary mitosis chief of staff for a period of a year and have functions as described by the Government Accounting Office was really of a ministerial nature so she was much more focused on the Secretary's diary than she was focused on any contracting issues as you know government contracting is very complex it's very technical sally has as many wonderful talents and attributes but she's never claimed to be a cloud computing expert and of equal importance was when sally joined the government in february 17 jeddah wasn't even on the radar it wasn't even conceived as a possibility why did yet I cannot just for just for the record the Jedi contract my understanding is that and I'm not an expert on one government contracting but my understanding is that the RFP the request for proposals for the July contract came out in quarter three of this year for the first time earlier this year there was a publication of an intention to put out an RFP I think that happened in at the end of quarter one five yep classic yeah and then the RFP came out and called a three bits had to go in in November and I understand a decision will be made sometime next year what's your relationship well where's she now what she still was so sunny left finished the public service and and I think February March of this year and she's since gone on to do a fellowship with a think-tank she's also reestablished her own business in her own right and although we remain to be good friends I'm in no way involved in a business or a business deal I have a lot of friends in DC I'm not a really policy wonk of any kind we have a lot of friends who are it's it's common when it administrations turnover people you know or either appointed or parked a work force they leave and they go could they go to consultancy until the next yeah until the next and frustration comes along yeah and that's pretty common that's pretty cool this is what goes on yeah and I think this whole issue of potential conflicts of interest that salad only or Tony the Martino might have had has been addressed by the Government Accounting Office in its ruling which is on the public record where the GAO very clearly state that neither of these two individuals were anywhere near the team that was writing the terms for the general contract and that their functions were really as described by the GAO as ministerial so XI salient Antonia was such a long way away from this contact there's just no way that they could have influenced it in in in any respect and their relation to c5 is advisory do they and do they both are they have relations with you now what's the current relationship since since Sally and Tony went to do public service we've had no contact with them we have no reason of course to have contact with them in any way they were doing public service they were serving the country and serving the nation and since they've come out of public service we've we've not reestablished any commercial relationship so we talked earlier about the relation with AWS there's only if have a field support two incubators its accelerator does c5 have any portfolio companies that are actually bidding or working on the Jedi contract none what Santa John not zero zero so outside of c5 having relation with Amazon and no portfolios working with a Jedi contract there's no link to c5 other than a portfolio company buying Sally Donnelly who's kind of connected to general mattis up here yeah Selleck has six degrees of separation yes I think this is a constant theme in this conspiracy theory Jonas is six degrees of separation it's it's taking relationships that that that developed in a small community in Washington and trying to draw nefarious and sinister conclusions from them instead of focusing on competing on performance competing on innovation and competing on price and perhaps that's not taking place because the companies that are trying to do this do not have the capability to do so Andre I really appreciate you coming on and answering these tough questions I want to talk about what's going on with c5 now but I got to say you know I want to ask you one more time because I think this is critical you've worked for big-time company Kroll with terminus international market very crazy time time transformation wise you've worked with the CIA in Quantico the FBI nuclei in Quantico on a collaboration you were to know you've done work for the good guys you have see if I've got multiple years operating why why are you being put as a bad guy here I mean you're gonna you know being you being put out there with if you search your name on Google it says you're a spy all these evil all these things are connecting and we're kind of digging through them they kind of don't Joan I've had the privilege of a tremendous career I've had the privilege of working with with great leaders and having had great mentors if you do anything of significance if you do anything that's helping to make a difference or to make a change you should first expect scrutiny but also expect criticism when that scrutiny and criticism are fact-based that's helpful and that's good for society and for the health of society when on the other hand it is fake news or it is the construct of elaborate conspiracy theories that's not good for the health of society it's not good for the national interest is not good for for doing good business you've been very after you're doing business for the for the credibility people questioning your credibility what do you want to tell people that are watching this about your credibility that's in question again with this stuff you've done and you're continuing to do what's the one share something to the folks that might mean something to them you can sway them or you want to say something directly what would you say the measure of a person it is his or her conduct in c-five we are continuing to build our business we continue to invest in great companies we continue to put cravat private capital to work to help drive innovation including in the US market we will continue to surround ourselves with good people and we will continue to set the highest standards for the way in which we invest and build our businesses it's common I guess I would say that I'm getting out as deep as you are in the in term over the years with looking at these patterns but the pattern that I see is very simple when bad guys get found out they leave the jurisdiction they flee they go do something else and they reinvent themselves and scam someone else you've been doing this for many many years got a great back record c5 now is still doing business continuing not skipping a beat the story comes out hopefully kind of derail this or something else will think we're gonna dig into it so than angle for sure but you still have investments you're deploying globally talk about what c5 is doing today tomorrow next few months the next year you have deals going down you're still doing business you have business out there our business has not slowed down for a moment we have the support of tremendous investors we have the support of tremendous partners in our portfolio companies we have the support of a great group of operating partners and most important of all we have a highly dedicated highly focused group of investment teams of very experienced and skilled professionals who are making profitable investments and so we are continuing to build our business we have a very full deal pipeline we will be completing more investment transactions next week and we are continue to scalar assets under management next year we will have half a billion dollars of assets under management and we continue to focus on our mission which is to use private capital to help innovate and drive a change for good after again thank you we have the story in the BBC kicked all this off the 12th no one's else picked it up I think other journals have you mentioned earlier you think this there's actually people putting this out you you call out let's got John wheeler we're going to look into him do you think there's an organized campaign right now organized to go after you go after Amazon are you just collateral damage you mentioned that earlier is there a funded effort here well Bloomberg has reported on the fact that that one of the competitors for this bit of trying to bring together a group of companies behind a concerted effort specifically to block Amazon Web Services and so we hear these reports we see this press speculation if that was the case of course that would not be good for a fair and open and competitive bidding process which is I think is the Department of Defense's intention and what is in the interests of the country at a time when national security innovation will determine not only the fate of future Wars but also the fate of a sons and daughters who are war fighters and to be fair to process having something undermine it like a paid-for dossier which I have multiple sources confirming that's happened it's kind of infiltrating the journalists and so that's kind of where I'm looking at right now is that okay the BBC story just didn't feel right to me credible outlet you work for them you did investigations for them back in the day have you talked to them yes no we are we are we are in correspondence with the BBC I think in particular we want them to address the fact that they've conflated facts in this story playing this parlor game of six degrees of separation we want them to address the important principle of the independence of the in editorial integrity at the fact that they did not disclose that they expert on this program actually has significant conflicts of interests of his own and finally we want them to disclose the fact that it's not c5 and Amazon Web Services who have had a relationship with the scope of our technology park the scope of our technology park actually has a very broad set of Western partners still highly engaged there and even in recent weeks of hosted major cloud contracts and conferences there and and all of this should have been part of the story in on the record well we're certainly going to dig into it I appreciate your answer the tough questions we're gonna certainly look into this dossier if this is true this is bad and if there's people behind it acting behind it then certainly we're gonna report on that and I know these were tough questions thanks for taking the time Andre to to answer them with us Joan thanks for doing a deep dive on us okay this is the Q exclusive conversation here in Palo Alto authority narc who's the founder of c-5 capital venture capital firm in the center of a controversy around this BBC story which we're going to dig into more this has been exclusive conversation I'm John Tory thanks for watching [Music] you