>> Announcer: Live from Miami Beach, Florida, it's theCUBE covering UiPath Forward Americas, brought to you by UiPath. (upbeat music) >> Welcome back to Miami Beach, everybody. I'm Dave Vellante with Stu Miniman. This is UiPathForward Americas. We're talking about robotic process automation. We're seeing the ascendancy of a new marketplace. You're watching theCUBE, the leader in live tech coverage. Let's see, let's get into it. So Param Kahlon is here. He's the UiPath's Chief Product Officer. Welcome, so we're going to get into some of the product stuff. We haven't really dug down deep today, so that's great. >> Thank you. >> Jairo Quiros is here. He's the Vice President of Global Shared Services, an RPA COE, center of excellence, leader at Equifax. Welcome, thanks for coming on theCUBE. >> Thank you, thank you. >> Jairo, let's start with you. Tell us about your role. I love the title. (Jairo laughs) You got automation in your title. Do people embrace you when they see you coming or run? >> No, no, no. Actually, that's very interesting. I've been with the company for 20 years now, so I'm responsible to lead Global Shared Services all across from business operations, financing, accounting, you name it, IT security, right? So, coming along with automation has been quite a journey for us. First of all, we love the product so thank you, Param for everything you guys do at the service, as well. But truly, automation, what it means to us is pushing our workforce to do stuff that is of more valued added to our customers, removing the but out of the human which is critical to us, so no fear of buts anymore. And it's been two years. >> The product's at the tip of the iceberg, I'm hearing. There's a whole lot of other stuff beneath it, culture, obviously process, mindset. >> Jairo: Yeah, correct. >> We will get into some of that. But Param, tell us about your role as Chief Product Officer. You make it all happen. (Param laughs) >> I'm responsible for making sure we can listen to what our customers want, what the market wants, translate that into requirements, and deliver that in the form of products. That's all I do, it's very simple. >> You're a translator. >> We translate it, transform it into requirements that can be given to the product team, their development team that can go write software for it. >> Kind of like that AI layer in UiPath that translates all this data into something that's actionable, right? >> Param: Absolutely. >> Jairo, you were saying you liked the product before. I mean, our personal experience is we could actually download it and play with it, and we're not ultra technical, some of our guys are. What do you like about the product? >> Well, I think many things. I mean, first of all, I think it's very easy to use, right? So, it's built for execution, right? For instance, in our case, we're having a lot of junior engineers coming on board. So we go out to colleges and recruit people that are passionate about process. So what UiPath offer us is a way for them to entry our operation and actually perform tasks and do, and realize results pretty easily. So then, they can see the work being done and appreciate it. >> So who are the users in your organization? Is it a spectrum? You got the sort of RPA developers and then you got business users, as well? Describe that. >> Well, it's a combination, right? So we built the COE over the past couple years. It's inclusive of not only configurators, but also analysts and people that can understand the business. So when you look at through the process, start thinking about how do you design for automation? So this tool allows a very comprehensive very easy to use and we see they make progress release after release, so it's very exciting. >> Alright, Param, why don't you walk us through the announcements that you made? What's new to the platform? Some enhancement to the community. >> Yeah, so we've done some really key announcements in this event today. The first one that we're very excited about is UiPath Go, which is our marketplace that enables broad innovation across our entire ecosystem of customers and partners. We can create on a platform or we can put it in a marketplace and then everybody else can easily access the innovation that's available there. We also released 2018.3 which is the third release we've done this year, but probably the most comprehensive release that we've done 'til date in the history of Enterprise Automation. So we're very excited about launching that release today, as well. And third, we've announced a $20 million fund that will fund our partners that will co-innovate together with us in bringing out new RPA capabilities, new machine learning and AI capabilities into the marketplace. Those are three key announcements. >> What are the-- >> I'm just-- Sorry, but from my understanding, you run on a quarterly cadence for the release of the primary product, correct? >> We're in a quarterly cadence, yes. >> What are the critical aspects of the new release? >> So, there's a few things we've done in the main release. One of the first things we've done is we've allowed for re-usability of the software. So if you're using a lot of components, if you've built a way to automate a certain process, it could be as simple as, here's how I log into a application, a financial application. The rest of the people in my organization don't have to go reinvent that thing themselves. They can reuse the component, the way I've built it, so they can be reused to process every single aspect of the customer, as well. We've made it very easy for our customers to upgrade to new versions of the software, as we're releasing very rapidly, we want to make sure that the upgrades are easy, but the upgrades are also seamless as in they don't affect any of the existing processes that are running in production. So we support version management and package management so we make it easier for people to manage that. There's some other capabilities that we've done. We've supported internationalization of the platform, so now customers in Japan can use our product in Japanese, customers can use it in Spanish, they can use it in Deutsche, German, so we've allowed that in this release, as well. Another cool thing we've done is allowing humans to provide input to what the robots need to do by putting a form that they can use to provide input to them, so it can provide a better symbiosis of humans working together with robots to achieve more processes and more automation in the ecosystems. There's a lot of stuff, this is some of the highlights. >> So what do you think? I mean, what of those, what of that compendium is of interest to you? >> I think, you know, I've been a member for a year now, from, of their customer advisory board, so they truly listen to what we need to say, right? Because the robotic aspect of it is critical, but there's so many other aspects, such as the analytics. So, understanding the business outcome, right? What's the bot producing? Not necessarily the bot that's up and running, but really, what's the impact to the business? I think that's part of the feedback that we've been given in UiPath, they're really working hard on that. The other aspect which is important also is how do you move forward from simple RPA to more complex automations? So, the human in the loop approach to things is important. We call that those small black boxes, you know people with 20 years of experience, they understand how to make decisions but those aren't documented, right? So, now we're giving the opportunity for that human to become part of the process, right? So that is very powerful to us. >> So one of the aspects we've been looking at, the marketplace seems interesting. I'm wondering if you've had a chance to look at that, are there things that you would consider using, and anything that you might even consider contributing in the future? >> I think so. I think this is a whole movement, it's a community today, so no matter where you are, developers, they love it. My guys are telling me, "When is this out?" Because, you know, they have I mean, they're so much hungry to get stuff done and to share what they can do, it makes a difference not only for our company, but for the world, right? So it means something. >> That's interesting. Your company's been around for a long time. You're not worried about, I mean, this open mindset is really intriguing to us, you're not worried about putting your IP in there? Or do you feel like, this open community, we're going to get back as much as we give? >> No, of course. Of course, there are controls in place, and of course, there'll be a protocol in place, but you know, at the end, you're making a difference in the world. So if someone wants to, for instance, have a mortgage because they're wanting to buy a house, you want to make it easy, right? At the end, that's the end goal. You know, for EquiFax and for all the institutions that are in the same sector. >> So from a product standpoint, we just have Craig LeClair on, he couldn't directly call out UiPath. It's not cool, right? I mean, he has to be independent. But, look, he wrote the report, UiPath went from third on the list to first on the list, out of I don't know, 10, 15 vendors. It's like the Gardiner magic quadrants, all these rating systems, right? We don't do 'em, but we read them because they're good, and they're informative. He said in there that last year's features have become this year's table stakes. And some of the things that are differentiating companies, and obviously UiPath won so I presume you have the differentiation ears. Analytics and governance. Those are two big areas, I see the heads nodding. Maybe you guys could each talk about that, Jairo let's start with you, why are those things important? You address the analytics, you kind of address governance, as well, but maybe you can summarize. >> I mean, we address governance as the get-go, and it's an evolution. So for instance, you know, really, truly when we're looking into RPA, it's not only so much about a tactical approach to a specific problem, but it's really turned into a strategy, right? So if you want to scale, you need to have the proper controls in place. So, these guys have done an amazing job integrating with tools such as Cyberart, for instance which is reall important for many companies. They're trying to secure their systems and make sure that the bots are operating on their very secure environment. >> So you guys not only you were in the place position, now you're in the lead. Now the pressure's really on. It's like the Red Sox, Stu. (laughs) So, how'd you get there? What is that enables that? Architecture? Mindset? Culture? You know, give us the insights there. >> Yeah, first of all, let's say we're super excited about being in the first place. I think it's really good, it's a really good testament to the hard work the team is putting in there, so we're super excited about that. We believe that our success and the product roadmap depends upon hearing a lot from customers and making sure that we're responding to their customers. So I think that's what we have done for the most part is ensuring that if there are things that our customers need, if there are things that our customers think our platform and technology is moving toward, we're actually doing the kinds of things that'll actually take us there. So a lot of the innovation that we've done on the platform has come from a direct result of engagement and working with customers and bringing their success into there. Specifically, the governance and analytics, those are very important aspects of what we're doing on a product. Most of our customers are very large corporations like Equifax, other corporations. They will not use our technology if we couldn't support the level of governance and compliance that they need from the ability to run those processes, especially when they're running autonomously without having a human look over what's happening. So that was a core part of what we've invested in. Analytics is also something that we've invested but we'll continue to make more investments there. We're now hearing from Equifax and other customers that people don't want to just get analytics that is responding to what the robots are doing but they want to understand what sort of business impact the robots are having on the corporation. So we want to build an analytics platform that is ingesting not just the robot workloads but bringing in information about line of business systems, as well, to be able to give the reports and perspectives that somebody can look at that and say the robots have done so much for me. Not just in terms of number of hours, but in terms of the business outcomes that I've achieved through the work the robots are executing. >> Jairo, I want to ask you about innovation at Equifax. We've observed many times in theCUBE that innovation in the tech industry used to march at the cadence of Moore's Law. Oh, new chip's out! We've got to do, we can now put better, faster data warehouse. You know, more storage, whatever it was. The innovation model is changing dramatically. And we've observed that it's a combination now, it seems, of data plus AI plus cloud, for scale. So, what do you think about that sort of innovation sandwich? Do you buy into it? How are you guys applying innovation in your business? >> I mean, I'll tell you I got a similar question the other day, you know. It's about, you know, I live in Costa Rica, right? So we surf all the time, right? So it's about riding, you know, the wave, right? So it's not about riding it, right? If you don't ride it, then you're going to drop, right? And then you're going to fall behind. >> Dave: You're going to be driftwood. >> So, yeah, innovation is there, you know. It's that demand for all companies. For us, innovating not only about how do we approach customers and consumers and we put them first in everything we do, but in how we operate internally. Creating a culture that drives automation, right? So giving time for people to think about stuff, you know, that makes a difference, right? I think that's how I can summarize innovation as of this moment. >> So, Stu had a question. >> So, if I understand this right now, we can blame the robots if our credit score isn't good enough now, right? (laughs) >> What do you think? Blame the robots, right? >> Blame the robots, always. >> Blame the innocent, as we say. Well, guys, thanks very much for coming to theCUBE. >> Param: Thank you. >> Param and Jairo, it was great to have you, appreciate it. >> Thank you again. >> Alright, keep it right there. Stu and I will be back with our next guest from UiPath Forward Americas. You're watching theCUBE. (upbeat music)

hi everybody welcome back to re invent 2022. this is thecube's exclusive coverage we're here at the satellite set it's up on the fifth floor of the Venetian Conference Center and this is part of the global startup program the AWS startup showcase series that we've been running all through last year and and into this year with AWS and featuring some of its its Global Partners Ed wallson series the CEO of chaos search many times Cube Alum and Kevin Miller there's also a cube Alum vice president GM of S3 at AWS guys good to see you again yeah great to see you Dave hi Kevin this is we call this our Super Bowl so this must be like your I don't know uh World Cup it's a pretty big event yeah it's the World Cup for sure yeah so a lot of S3 talk you know I mean that's what got us all started in 2006 so absolutely what's new in S3 yeah it's been a great show we've had a number of really interesting launches over the last few weeks and a few at the show as well so you know we've been really focused on helping customers that are running Mass scale data Lakes including you know whether it's structured or unstructured data we actually announced just a few just an hour ago I think it was a new capability to give customers cross-account access points for sharing data securely with other parts of the organization and that's something that we'd heard from customers is as they are growing and have more data sets and they're looking to to get more out of their data they are increasingly looking to enable multiple teams across their businesses to access those data sets securely and that's what we provide with cross-count access points we also launched yesterday our multi-region access point failover capabilities and so again this is where customers have data sets and they're using multiple regions for certain critical workloads they're now able to to use that to fail to control the failover between different regions in AWS and then one other launch I would just highlight is some improvements we made to storage lens which is our really a very novel and you need capability to help customers really understand what storage they have where who's accessing it when it's being accessed and we added a bunch of new metrics storage lens has been pretty exciting for a lot of customers in fact we looked at the data and saw that customers who have adopted storage lens typically within six months they saved more than six times what they had invested in turning storage lens on and certainly in this environment right now we have a lot of customers who are it's pretty top of mind they're looking for ways to optimize their their costs in the cloud and take some of those savings and be able to reinvest them in new innovation so pretty exciting with the storage lens launch I think what's interesting about S3 is that you know pre-cloud Object Store was this kind of a niche right and then of course you guys announced you know S3 in 2006 as I said and okay great you know cheap and deep storage simple get put now the conversations about how to enable value from from data absolutely analytics and it's just a whole new world and Ed you've talked many times I love the term yeah we built chaos search on the on the shoulders of giants right and so the under underlying that is S3 but the value that you can build on top of that has been key and I don't think we've talked about his shoulders and Giants but we've talked about how we literally you know we have a big Vision right so hard to kind of solve the challenge to analytics at scale we really focus on the you know the you know Big Data coming environment get analytics so we talk about the on the shoulders Giants obviously Isaac Newton's you know metaphor of I learned from everything before and we layer on top so really when you talk about all the things come from S3 like I just smile because like we picked it up naturally we went all in an S3 and this is where I think you're going Dave but everyone is so let's just cut the chase like so any of the data platforms you're using S3 is what you're building but we did it a little bit differently so at first people using a cold storage like you said and then they ETL it up into a different platforms for analytics of different sorts now people are using it closer they're doing caching layers and cashing out and they're that's where but that's where the attributes of a scale or reliability are what we did is we actually make S3 a database so literally we have no persistence outside that three and that kind of comes in so it's working really well with clients because most of the thing is we pick up all these attributes of scale reliability and it shows up in the clients environments and so when you launch all these new scalable things we just see it like our clients constantly comment like one of our biggest customers fintech in uh Europe they go to Black Friday again black Friday's not one days and they lose scale from what is it 58 terabytes a day and they're going up to 187 terabytes a day and we don't Flinch they say how do you do that well we built our platform on S3 as long as you can stream it to S3 so they're saying I can't overrun S3 and it's a natural play so it's it's really nice that but we take out those attributes but same thing that's why we're able to you know help clients get you know really you know Equifax is a good example maybe they're able to consolidate 12 their divisions on one platform we couldn't have done that without the scale and the performance of what you can get S3 but also they saved 90 I'm able to do that but that's really because the only persistence is S3 and what you guys are delivering but and then we really for focus on shoulders Giants we're doing on top of that innovating on top of your platforms and bringing that out so things like you know we have a unique data representation that makes it easy to ingest this data because it's kind of coming at you four v's of big data we allow you to do that make it performant on s3h so now you're doing hot analytics on S3 as if it's just a native database in memory but there's no memory SSC caching and then multi-model once you get it there don't move it leverage it in place so you know elasticsearch access you know Cabana grafana access or SQL access with your tools so we're seeing that constantly but we always talk about on the shoulders of giants but even this week I get comments from our customers like how did you do that and most of it is because we built on top of what you guys provided so it's really working out pretty well and you know we talk a lot about digital transformation of course we had the pleasure sitting down with Adam solipski prior John Furrier flew to Seattle sits down his annual one-on-one with the AWS CEO which is kind of cool yeah it was it's good it's like study for the test you know and uh and so but but one of the interesting things he said was you know we're one of our challenges going forward is is how do we go Beyond digital transformation into business transformation like okay well that's that's interesting I was talking to a customer today AWS customer and obviously others because they're 100 year old company and they're basically their business was they call them like the Uber for for servicing appliances when your Appliance breaks you got to get a person to serve it a service if it's out of warranty you know these guys do that so they got to basically have a you know a network of technicians yeah and they gotta deal with the customers no phone right so they had a completely you know that was a business transformation right they're becoming you know everybody says they're coming a software company but they're building it of course yeah right on the cloud so wonder if you guys could each talk about what's what you're seeing in terms of changing not only in the sort of I.T and the digital transformation but also the business transformation yeah I know I I 100 agree that I think business transformation is probably that one of the top themes I'm hearing from customers of all sizes right now even in this environment I think customers are looking for what can I do to drive top line or you know improve bottom line or just improve my customer experience and really you know sort of have that effect where I'm helping customers get more done and you know it is it is very tricky because to do that successfully the customers that are doing that successfully I think are really getting into the lines of businesses and figuring out you know it's probably a different skill set possibly a different culture different norms and practices and process and so it's it's a lot more than just a like you said a lot more than just the technology involved but when it you know we sort of liquidate it down into the data that's where absolutely we see that as a critical function for lines of businesses to become more comfortable first off knowing what data sets they have what data they they could access but possibly aren't today and then starting to tap into those data sources and then as as that progresses figuring out how to share and collaborate with data sets across a company to you know to correlate across those data sets and and drive more insights and then as all that's being done of course it's important to measure the results and be able to really see is this what what effect is this having and proving that effect and certainly I've seen plenty of customers be able to show you know this is a percentage increase in top or bottom line and uh so that pattern is playing out a lot and actually a lot of how we think about where we're going with S3 is related to how do we make it easier for customers to to do everything that I just described to have to understand what data they have to make it accessible and you know it's great to have such a great ecosystem of partners that are then building on top of that and innovating to help customers connect really directly with the businesses that they're running and driving those insights well and customers are hours today one of the things I loved that Adam said he said where Amazon is strategically very very patient but tactically we're really impatient and the customers out there like how are you going to help me increase Revenue how are you going to help me cut costs you know we were talking about how off off camera how you know software can actually help do that yeah it's deflationary I love the quote right so software's deflationary as costs come up how do you go drive it also free up the team and you nail it it's like okay everyone wants to save money but they're not putting off these projects in fact the digital transformation or the business it's actually moving forward but they're getting a little bit bigger but everyone's looking for creative ways to look at their architecture and it becomes larger larger we talked about a couple of those examples but like even like uh things like observability they want to give this tool set this data to all the developers all their sres same data to all the security team and then to do that they need to find a way an architect should do that scale and save money simultaneously so we see constantly people who are pairing us up with some of these larger firms like uh or like keep your data dog keep your Splunk use us to reduce the cost that one and one is actually cheaper than what you have but then they use it either to save money we're saving 50 to 80 hard dollars but more importantly to free up your team from the toil and then they they turn around and make that budget neutral and then allowed to get the same tools to more people across the org because they're sometimes constrained of getting the access to everyone explain that a little bit more let's say I got a Splunk or data dog I'm sifting through you know logs how exactly do you help so it's pretty simple I'll use dad dog example so let's say using data dog preservability so it's just your developers your sres managing environments all these platforms are really good at being a monitoring alerting type of tool what they're not necessarily great at is keeping the data for longer periods like the log data the bigger data that's where we're strong what you see is like a data dog let's say you're using it for a minister for to keep 30 days of logs which is not enough like let's say you're running environment you're finding that performance issue you kind of want to look to last quarter in last month in or maybe last Black Friday so 30 days is not enough but will charge you two eighty two dollars and eighty cents a gigabyte don't focus on just 280 and then if you just turn the knob and keep seven days but keep two years of data on us which is on S3 it goes down to 22 cents plus our list price of 80 cents goes to a dollar two compared to 280. so here's the thing what they're able to do is just turn a knob get more data we do an integration so you can go right from data dog or grafana directly into our platform so the user doesn't see it but they save money A lot of times they don't just save the money now they use that to go fund and get data dog to a lot more people make sense so it's a creativity they're looking at it and they're looking at tools we see the same thing with a grafana if you look at the whole grafana play which is hey you can't put it in one place but put Prometheus for metrics or traces we fit well with logs but they're using that to bring down their costs because a lot of this data just really bogs down these applications the alerting monitoring are good at small data they're not good at the big data which is what we're really good at and then the one and one is actually less than you paid for the one so it and it works pretty well so things are really unpredictable right now in the economy you know during the pandemic we've sort of lockdown and then the stock market went crazy we're like okay it's going to end it's going to end and then it looked like it was going to end and then it you know but last year it reinvented just just in that sweet spot before Omicron so we we tucked it in which which was awesome right it was a great great event we really really missed one physical reinvent you know which was very rare so that's cool but I've called it the slingshot economy it feels like you know you're driving down the highway and you got to hit the brakes and then all of a sudden you're going okay we're through it Oh no you're gonna hit the brakes again yeah so it's very very hard to predict and I was listening to jassy this morning he was talking about yeah consumers they're still spending but what they're doing is they're they're shopping for more features they might be you know buying a TV that's less expensive you know more value for the money so okay so hopefully the consumer spending will get us out of this but you don't really know you know and I don't yeah you know we don't seem to have the algorithms we've never been through something like this before so what are you guys seeing in terms of customer Behavior given that uncertainty well one thing I would highlight that I think particularly going back to what we were just talking about as far as business and digital transformation I think some customers are still appreciating the fact that where you know yesterday you may have had to to buy some Capital put out some capital and commit to something for a large upfront expenditure is that you know today the value of being able to experiment and scale up and then most importantly scale down and dynamically based on is the experiment working out am I seeing real value from it and doing that on a time scale of a day or a week or a few months that is so important right now because again it gets to I am looking for a ways to innovate and to drive Top Line growth but I I can't commit to a multi-year sort of uh set of costs to to do that so and I think plenty of customers are finding that even a few months of experimentation gives them some really valuable insight as far as is this going to be successful or not and so I think that again just of course with S3 and storage from day one we've been elastic pay for what you use if you're not using the storage you don't get charged for it and I think that particularly right now having the applications and the rest of the ecosystem around the storage and the data be able to scale up and scale down is is just ever more important and when people see that like typically they're looking to do more with it so if they find you usually find these little Department projects but they see a way to actually move faster and save money I think it is a mix of those two they're looking to expand it which can be a nightmare for sales Cycles because they take longer but people are looking well why don't you leverage this and go across division so we do see people trying to leverage it because they're still I don't think digital transformation is slowing down but a lot more to be honest a lot more approvals at this point for everything it is you know Adam and another great quote in his in his keynote he said if you want to save money the Cloud's a place to do it absolutely and I read an article recently and I was looking through and I said this is the first time you know AWS has ever seen a downturn because the cloud was too early back then I'm like you weren't paying attention in 2008 because that was the first major inflection point for cloud adoption where CFO said okay stop the capex we're going to Opex and you saw the cloud take off and then 2010 started this you know amazing cycle that we really haven't seen anything like it where they were doubling down in Investments and they were real hardcore investment it wasn't like 1998 99 was all just going out the door for no clear reason yeah so that Foundation is now in place and I think it makes a lot of sense and it could be here for for a while where people are saying Hey I want to optimize and I'm going to do that on the cloud yeah no I mean I've obviously I certainly agree with Adam's quote I think really that's been in aws's DNA from from day one right is that ability to scale costs with with the actual consumption and paying for what you use and I think that you know certainly moments like now are ones that can really motivate change in an organization in a way that might not have been as palatable when it just it didn't feel like it was as necessary yeah all right we got to go give you a last word uh I think it's been a great event I love all your announcements I think this is wonderful uh it's been a great show I love uh in fact how many people are here at reinvent north of 50 000. yeah I mean I feel like it was it's as big if not bigger than 2019. people have said ah 2019 was a record when you count out all the professors I don't know it feels it feels as big if not bigger so there's great energy yeah it's quite amazing and uh and we're thrilled to be part of it guys thanks for coming on thecube again really appreciate it face to face all right thank you for watching this is Dave vellante for the cube your leader in Enterprise and emerging Tech coverage we'll be right back foreign

foreign welcome back everyone to our special presentation here at thecube with Horizon 3.a I'm John Furrier host thecube here in Palo Alto back it's niho and Tony CEO and co-founder of horizon 3 for deep dive on going under the hood around the big news and also the platform autonomous pen testing changing the game and security great to see you welcome back thank you John I love what you guys have been doing with the cube huge fan been here a bunch of times and yeah looking forward to the conversation let's get into it all right so what what's the market look like and how do you see it evolving we're in a down Market relative to startups some say our data we're reporting on siliconangle in the cube that yeah there might be a bit of downturn in the economy with inflation but the tech Market is booming because the hyperscalers are still pumping out massive scale and still innovating so so you know for the first time in history this is a recession or downturn where there's now Cloud scale players that are an economic engine what's your view on this where's the market heading relative to the downturn and how are you guys navigating that so um I think about it one the there's a lot of belief out there that we're going to hit a downturn and we started to see that we started to see deals get longer and longer to close back in May across the board in the industry we continue to see deals get at least backloaded in the quarter as people understand their procurement how much money they really have to spend what their earnings are going to be so we're seeing this across the board one is quarters becoming lumpier for tech companies and we think that that's going to become kind of the norm over the next over the next year but what's interesting in our space of security testing is a very basic supply and demand problem the demand for security testing has skyrocketed when I was a CIO eight years ago I only had to worry about my on-prem attack surface my perimeter and Insider threat those are my primary threat vectors now if I was a CIO I have to include multiple clouds all of the data in my SAS offerings my Salesforce account and so on as well as work from home threat vectors and other pieces and I've got Regulatory Compliance in Europe in Asia in in the U.S tons of demand for testing and there's just not enough Supply there's only 5 000 certified pen testers in the United States so I think for starters you have a fundamental supply and demand problem that plays to our strength because we're able to bring a tremendous amount of pen testing supply to the table but now let's flip to if you are the CEO of a large security company or whether it's a Consulting shop or so on you've got a whole bunch of deferred revenue in your business model around security testing services and what we've done in our past in previous companies I worked at is if we didn't think we were going to make the money the quarter with product Revenue we would start to unlock some of that deferred Services Revenue to make the number to hit what we expected Wall Street to hit what Wall Street expected of us in testing that's not possible because there's not enough Supply except us so if I'm the CEO of an mssp or a large security company and I need I see a huge backlog of security testing revenue on the table the easy button to convert that to recognized revenue is Horizon 3. and when I think about the next six months and the amount of Revenue misses we're going to see in security shops especially those that can't fulfill their orders I think there's a ripe opportunity for us to win yeah one of the few opportunities where on any Market you win because the forces will drive your flywheel that's exactly right very basic supply and demand forces that are only increasing with pressure and there's no way it takes 10 years just to build a master hacker just it's a very hard complex space we become the easy button to address that supply problem yeah and this and the autonomous aspect makes appsec reviews as new things get pushed with Cloud native developers they're shifting left but still the security policies need to stay Pace as these new vectors threat vectors appear yeah I mean because that's what's happening a new new thing makes a vector possible that's exactly right I think there's two aspects one is the as you in increase change in your environment you need to increase testing they are absolutely correlated the second thing though is you know for 20 years we focused on remote code execution or rces as an industry what was the latest rce that gave an attacker access to my environment but if you look over the past few years that entire mindset has shifted credentials are the new code execution what I mean by that is if I have a large organization with a hundred a thousand ten thousand employees all it takes is one of them to have a password I can crack in credential spray and gain access to as an attacker and once I've gained access to a single user I'm going to systematically snowball that into something of consequence and so I think that the attackers have shifted away from looking for code execution and looked more towards harvesting credentials and cascading credentials from a regular domain user into an admin this brings up the conversation I would like to do it more Deep dive now shift into more of like the real kind of landscape of the market and your positioning and value proposition in that and that is managed services are becoming really popular as we move into this next next wave of super cloud and multi-cloud and hybrid Cloud because I mean multi-cloud and hybrid hybrid than multi-cloud sounds good on paper but the security Ops become big and one of the things we're reporting with here on the cube and siliconangle the past six months is devops has made the developer the IT team because they've essentially run it now in CI CD pipeline as they say that means it's replaced by data Ops or AI Ops or security Ops and data and security kind of go hand in hand so I can see that playing out do you believe that to be true that that's kind of the new operational kind of beach head that's critical and if so secure if data is part of security that makes security the new it yeah I I think that if you think about organizations hell even for Horizon 3 right now I don't need to hire a CIO I'll have a CSO and that CSO will own it and governance risk and compliance and security operations because at the end of the day the most pressing question for me to answer as a CEO is my security posture IIT is a supporting function of that security posture and we see that at say or a growth stage company like Horizon 3 but when I thought about my time at GE Capital we really shifted to this mindset of security by Design architecture as code and it was very much security driven conversation and I think that is the norm going forward and how do you view the idea that you have to enable a managed service provider with security also managing comp and which then manages the company to enable them to have agile security um security is code because what you're getting at is this autonomous layer that's going to be automated away to make the next talented layer whether it's coder or architect scale so the question is what is abstracted away at at automation seems to be the conversation that's coming out of this big cloud native or super cloud next wave of cloud scale I think there's uh there's two Dimensions to that and honestly I think the more interesting Dimension is not the technical side of it but rather think of the Equifax hack a bunch of years ago had Equifax used a managed security services provider would the CEO have been fired after the breach and the answer is probably not I think the CEO would have transferred enough reputational risk in operational risk to the third party mssp to save his job from being you know from him being fired you can look at that across the board I think that if if I were a CIO again I would be hard-pressed to build my own internal security function because I'm accepting that risk as an executive and we saw what just happened at Uber there's a ton of risk coming with that with the with accepting that as a security person so I think in the future the role of the mssp becomes more significant as a mechanism for transferring enough reputational and operational and legal risk to a third party so that you as the Core Company are able to protect yourself and your people now then what you think is a super cloud printables and Concepts being applied at mssp scale and I think that becomes really interesting talk about the talent opportunity because I think the managed service providers point to markets that are growing and changing also having managed service means that the customers can't always hire Talent hence they go to a Channel or a partner this seems to be a key part of the growth in your area talk about the talent aspect of it yeah um think back to what we saw in Cloud so as as Cloud picked up we saw IBM HP other Hardware companies sell more servers but to fewer customers Amazon Google and others right and so I think something similar is going to happen in the security space where I think you're going to see security tools providers selling more volume but to fewer customers that are just really big mssps so that is the the path forward and I think that the underlying Talent issue gives us economies at scale and that's what we saw this with Cloud we're going to see the same thing in the mssp space I've got a density of Talent Plus a density of automation plus a density of of relationships and ecosystem that give mssps a huge economies of scale advantage over everybody else I mean I want to get into the mssp business sounds like I make a lot of money yeah definitely it's profitable no doubt about it like that I got to ask more on the more of the burden side of it because if you're a partner I don't need another training class I don't need another tool I don't need someone saying this is the highest margin product I need to actually downsize my tools so right now there's hundreds of tools that mssps have all the time dealing with and does the customer so tools platforms we've kind of teased this out in previous conversations together but more more relevant to the mssp is what they do to the customers so talk about this uh burden of tools and the socks out there in the in in the landscape how do you how do you view that and what's the conversation like on average an organization has 130 different cyber security tools installed none of those tools were designed to work together none of those tools are from the same vendor and in fact oftentimes they're from vendors that have competing products and so what we don't have and they're still getting breached in the industry we don't have a tools problem we have an Effectiveness problem we have to reduce the number of tools we have get more out of out of the the effectiveness out of the existing infrastructure build muscle memory you know how to detect and respond to a breach and continuously verify that posture I think that's what the the most successful security organizations have mastered the fundamentals and they mastered that by making sure they were effective in detection and response not mastering it by buying the next shiny AI tool on the defensive side okay so you mentioned supply and demand early since you're brought up economics we'll get into the economic equations here when you have great profits that's going to attract more entrance into the marketplace so as more mssps enter the market you're going to start to see a little bit of competition maybe some fud maybe some price competitive price penetration all kinds of different Tactics get out go on there um how does that impact you because now does that impact your price or are you now part of them just competing on their own value what's that mean for the channel as more entrants come in hey you know I can compete against that other one does that create conflict is that an opportunity does are you neutral on that what's the position it's a great question actually I think the way it plays out is one we are neutral two the mssp has to stand on their own with their own unique value proposition otherwise they're going to become commoditized we saw this in the early cloud provider days the cloud providers that were just basically wrapping existing Hardware with with a race to the bottom pricing model didn't survive those that use the the cloud infrastructure as a starting point to build higher value capabilities they're the ones that have succeeded to this day the same Mo I think will occur in mssps which is there's a base level of capability that they've got to be able to deliver and it is the burden of the mssp to innovate effectively to elevate their value problem it's interesting Dynamic and I brought it up mainly because if you believe that this is going to be a growing New Market price erosion is more in mature markets so it's interesting to see that Dynamic come up and we'll see how that handles on the on the economics and just the macro side of it getting more into kind of like the next gen autonomous pen testing is a leading indicator that a new kind of security assessment is here um if I said that to you how do you respond to that what is this new security assessment mean what does that mean for the customer and to the partner and that that relationship down that whole chain yeah um back to I'm wearing a CIO hat right now don't tell me we're secure in PowerPoint show me we're secure Today Show me where we're secure tomorrow and then show me we're secure again next week because that's what matters to me if you can show me we're secure I can understand the risk I'm accepting and articulate it up to my board to my Regulators up until now we've had a PowerPoint tell me where secure culture and security and I just don't think that's going to last all that much longer so I think the future of security testing and assessment is this shift from a PowerPoint report to truly showing me that my I'm secure enough you guys auto-generate those statements now you mentioned that earlier that's exactly right because the other part is you know the classic way to do security reports was garbage in garbage out you had a human kind of theoretically fill out a spreadsheet that magically came up with the risk score or security posture that doesn't work that's a check the box mentality what you want to have is an accurate High Fidelity understanding of your blind spots your threat vectors what data is at risk what credentials are at risk you want to look at those results over time how quickly did I find problems how quickly did I fix them how often did they reoccur and that is how you get to a show me where secure culture whether I'm a company or I'm a channel partner working with Horizon 3.ai I have to put my name on the line and say Here's a service level agreement I'm going to stand behind there's levels of compliance you mentioned that earlier how do you guys help that area because that becomes I call the you know below the line I got to do it anyway usually it's you know they grind out the work but it has to be fundamental because if the threats vectors are increasing and you're handling it like you say you are the way it is real time today tomorrow the next day you got to have that other stuff flow into it can you describe how that works under the hood yeah there's there's two parts to it the first part is that attackers don't have to hack in with zero days they log in with credentials that they found but often what attackers are doing is chaining together different types of problems so if you have 10 different tactics you can chain those together a number of different ways it's not just 10 to the 10th it's it's actually because you don't you don't have to use all the tactics at once this is a very large number of combinations that an attacker can apply upon you is what it comes down to and so at the base level what you want to have is what are the the primary tactics that are being used and those tactics are always being added to and evolving what are the primary outcomes that an attacker is trying to achieve steal your data disrupt your systems become a domain admin and borrow and now what you have is it actually looks more like a chess game algorithm than it does any sort of hard-coded automation or anything else which is based on the pieces on the board the the it infrastructure I've discovered what is the next best action to become a domain admin or steal your data and that's the underlying innovation in IP we've created which is next best action Knowledge Graph analytics and adaptiveness to figure out how to combine different problems together to achieve an objective that an attacker cares about so the 3D chess players out there I'd say that's more like 3D chess are the practitioners implementing it but when I think about compliance managers I don't see 3D chess players I see back office accountants in my mind like okay are they actually even understand what comes out of that so how do you handle the compliance side do you guys just check the boxes there is it not part of it is it yeah I I know I don't Envision the compliance guys on the front lines identifying vectors do you know what it doesn't even know what it means yeah it's a great question when you think about uh the market segmentation I think there are we've seen are three basic types of users you've got the the really mature high frequency security testing purple team type folks and for them we are the the force multiplier for them to secure the environment you then have the middle group where the IT person and the security person are the same individual they are barely Treading Water they don't know what their attack surface is and they don't know what to focus on we end up that's actually where we started with the barely Treading Water Persona and that's why we had a product that helped those Network Engineers become superheroes the third segment are those that view security and compliance as synonymous and they don't really care about continuous they care about running and checking the box for PCI and forever else and those customers while they use us they are better served by our partner ecosystem and that's really so the the first two categories tend to use us directly self-service pen tests as often as they want that compliance-minded folks end up going through our partners because they're better served there steel great to have you on thanks for this deep dive on um under the hood section of the interview appreciate it and I think autonomous is is an indicator Beyond pen testing pen testing has become like okay penetration security but this is not going away where do you see this evolving what's next what's next for Horizon take a minute to give a plug for what's going on with copy how do you see it I know you got good margins you're raising Capital always raising money you're not yet public um looking good right now as they say yeah yeah well I think the first thing is our company strategy is in three chapters chapter one is become the best security testing platform in the industry period that's it and be very good at helping you find and fix your security blind spots that's chapter one we've been crushing it there with great customer attraction great partner traction chapter two which we've started to enter is look at our results over time to help that that GRC officer or auditor accurately assess the security posture of an organization and we're going to enter that chapter about this time next year longer term though the big Vision I have is how do I use offense to inform defense so for me chapter three is how do I get away from just security testing towards autonomous security overall where you can use our security testing platform to identify ways to attack that informs defensive tools exactly where to focus how to adjust and so on and now you've got offset and integrated learning Loop between attack and defense that's the future never been done before Master the art of attack to become a better Defender is the bigger vision of the company love the new paradigm security congratulations been following you guys we will continue to follow you thanks for coming on the Special Report congratulations on the new Market expansion International going indirect that a big way congratulations thank you John appreciate it okay this is a special presentation with the cube and Horizon 3.ai I'm John Furrier your host thanks for watching thank you

(bright music) >> Welcome back everyone. theCube's live coverage here. Day two, of two sets, three days of theCube coverage here at VMware Explore. This is our 12th year covering VMware's annual conference, formerly called VM World. I'm John Furrier, with Dave Vellante. We'd love seeing the progress and we've got great security comes Tom Gill, senior vices, president general manager, networking and advanced security business group at VMware. Great to see you. Thanks for coming on. >> Thanks. for having me. >> Yeah, really happy we could have you on. >> I think this is my sixth edition on the theCube. Do I get frequent flyer points or anything? >> Yeah. >> You first get the VIP badge. We'll make that happen. You can start getting credits. >> Okay, there we go. >> We won't interrupt you. Seriously, you got a great story in security here. The security story is kind of embedded everywhere, so it's not called out and blown up and talked specifically about on stage. It's kind of in all the narratives in the VM World for this year. But you guys have an amazing security story. So let's just step back and to set context. Tell us the security story for what's going on here at VMware and what that means to this supercloud, multi-cloud and ongoing innovation with VMware. >> Yeah, sure thing. So probably the first thing I'll point out is that security's not just built in at VMware. It's built differently. So, we're not just taking existing security controls and cut and pasting them into our software. But we can do things because of our platform, because of the virtualization layer that you really can't do with other security tools. And where we're very, very focused is what we call lateral security or East-West movement of an attacker. 'Cause frankly, that's the name of the game these days. Attackers, you've got to assume that they're already in your network. Already assume that they're there. Then how do we make it hard for them to get to the stuff that you really want? Which is the data that they're going after. And that's where we really should. >> All right. So we've been talking a lot, coming into VMware Explore, and here, the event. About two things. Security, as a state. >> Yeah. >> I'm secure right now. >> Yeah. >> Or I think I'm secure right now, even though someone might be in my network or in my environment. To the notion of being defensible. >> Yeah. >> Meaning I have to defend and be ready at a moment's notice to attack, fight, push back, red team, blue team. Whatever you're going to call it. But something's happening. I got to be able to defend. >> Yeah. So what you're talking about is the principle of Zero Trust. When I first started doing security, the model was we have a perimeter. And everything on one side of the perimeter is dirty, ugly, old internet. And everything on this side, known good, trusted. What could possibly go wrong. And I think we've seen that no matter how good you make that perimeter, bad guys find a way in. So Zero Trust says, you know what? Let's just assume they're already in. Let's assume they're there. How do we make it hard for them to move around within the infrastructure and get to the really valuable assets? 'Cause for example, if they bust into your laptop, you click on a link and they get code running on your machine. They might find some interesting things on your machine. But they're not going to find 250 million credit cards. >> Right. >> Or the script of a new movie or the super secret aircraft plans. That lives in a database somewhere. And so it's that movement from your laptop to that database. That's where the damage is done and that's where VMware shines. >> So if they don't have the right to get to that database, they're not in. >> And it's not even just the right. So they're so clever and so sneaky that they'll steal a credential off your machine, go to another machine, steal a credential off of that. So, it's like they have the key to unlock each one of these doors. And we've gotten good enough where we can look at that lateral movement, even though it has a credential and a key, we're like wait a minute. That's not a real CIS Admin making a change. That's ransomware. And that's where you. >> You have to earn your way in. >> That's right. That's right. Yeah. >> And we're all kinds of configuration errors. But also some user problems. I've heard one story where there's so many passwords and username and passwords and systems that the bad guys scour, the dark web for passwords that have been exposed. >> Correct. >> And go test them against different accounts. Oh one hit over here. >> Correct. >> And people don't change their passwords all the time. >> Correct. >> That's a known vector. >> Just the idea that users are going to be perfect and never make a mistake. How long have we been doing this? Humans are the weakest link. So people are going to make mistakes. Attackers are going to be in. Here's another way of thinking about it. Remember log4j? Remember that whole fiasco? Remember that was at Christmas time. That was nine months ago. And whoever came up with that vulnerability, they basically had a skeleton key that could access every network on the planet. I don't know if a single customer that said, "Oh yeah, I wasn't impacted by log4j." So here's some organized entity had access to every network on the planet. What was the big breach? What was that movie script that got stolen? So there wasn't one, right? We haven't heard anything. So the point is, the goal of attackers is to get in and stay in. Imagine someone breaks into your house, steals your laptop and runs. That's a breach. Imagine someone breaks into your house and stays for nine months. It's untenable, in the real world, right? >> Right. >> We don't know in there, hiding in the closet. >> They're still in. >> They're watching everything. >> Hiding in your closet, exactly. >> Moving around, nibbling on your cookies. >> Drinking your beer. >> Yeah. >> So let's talk about how this translates into the new reality of cloud-native. Because now you hear about automated pentesting is a new hot thing right now. You got antivirus on data is hot within APIs, for instance. >> Yeah. >> API security. So all kinds of new hot areas. Cloud-native is very iterative. You know, you can't do a pentest every week. >> Right. >> You got to do it every second. >> So this is where it's going. It's not so much simulation. It's actually real testing. >> Right. Right. >> How do you view that? How does that fit into this? 'cause that seems like a good direction to me. >> Yeah. If it's right in, and you were talking to my buddy, Ahjay, earlier about what VMware can do to help our customers build cloud native applications with Tanzu. My team is focused on how do we secure those applications? So where VMware wants to be the best in the world is securing these applications from within. Looking at the individual piece parts and how they talk to each other and figuring out, wait a minute, that should never happen. By almost having an x-ray machine on the innards of the application. So we do it for both for VMs and for container based applications. So traditional apps are VM based. Modern apps are container based. And we have a slightly different insertion mechanism. It's the same idea. So for VMs, we do it with a hypervisor with NSX. We see all the inner workings. In a container world we have this thing called a service mesh that lets us look at each little snippet of code and how they talk to each other. And once you can see that stuff, then you can actually apply. It's almost like common sense logic of like, wait a minute. This API is giving back credit card numbers and it gives five an hour. All of a sudden, it's now asking for 20,000 or a million credit cards. That doesn't make any sense. The anomalies stick out like a sore thumb. If you can see them. At VMware, our unique focus in the infrastructure is that we can see each one of these little transactions and understand the conversation. That's what makes us so good at that East-West or lateral security. >> You don't belong in this room, get out or that that's some weird call from an in memory database, something over here. >> Exactly. Where other security solutions won't even see that. It's not like there algorithms aren't as good as ours or better or worse. It's the access to the data. We see the inner plumbing of the app and therefore we can protect the app from. >> And there's another dimension that I want to get in the table here. 'Cause to my knowledge only AWS, Google, I believe Microsoft and Alibaba and VMware have this. >> Correct >> It's Nitro. The equivalent of a Nitro. >> Yes. >> Project Monterey. >> Yeah. >> That's unique. It's the future of computing architectures. Everybody needs a Nitro. I've written about this. >> Yeah. >> Right. So explain your version. >> Yeah. >> It's now real. >> Yeah. >> It's now in the market, right? >> Yeah. >> Or soon will be. >> Here's our mission. >> Salient aspects. >> Yeah. Here's our mission of VMware. Is that we want to make every one of our enterprise customers. We want their private cloud to be as nimble, as agile, as efficient as the public cloud. >> And secure. >> And secure. In fact, I'll argue, we can make it actually more secure because we're thinking about putting security everywhere in this infrastructure. Not just on the edges of it. Okay. How do we go on that journey? As you pointed out, the public cloud providers realized five years ago that the right way to build computers was not just a CPU and a graphics process unit, GPU. But there's this third thing that the industry's calling a DPU, data processing unit. And so there's kind of three pieces of a computer. And the DPU is sometimes called a Smartnic. It's the network interface card. It does all that network handling and analytics and it takes it off the CPU. So they've been building and deploying those systems themselves. That's what Nitro is. And so we have been working with the major Silicon vendors to bring that architecture to everybody. So with vSphere 8, we have the ability to take the network processing, that East-West inspection I talked about, take it off of the CPU and put it into this dedicated processing element called the DPU and free up the CPU to run the applications that Ahjay and team are building. >> So no performance degradation at all? >> Correct. To CPU offload. >> So even the opposite, right? I mean you're running it basically Bare Metal speeds. >> Yes, yes and yes. >> And you're also isolating the storage from the security, the management, and. >> There's an isolation angle to this, which is that firewall, that we're putting everywhere. Not just that the perimeter, but we put it in each little piece of the server is running when it runs on one of these DPUs it's a different memory space. So even if an attacker gets to root in the OS, they it's very, very, never say never, but it's very difficult. >> So who has access to that resource? >> Pretty much just the infrastructure layer, the cloud provider. So it's Amazon, Google, Microsoft, and the enterprise. >> Application can't get in. >> Can't get in there. Cause you would've to literally bridge from one memory space to another. Never say never, but it would be very. >> But it hasn't earned the trust to get. >> It's more than barbwire. It's multiple walls. >> Yes. And it's like an air gap. It puts an air gap in the server itself so that if the server is compromised, it's not going to get into the network. Really powerful. >> What's the big thing that you're seeing with this supercloud transition. We're seeing multi-cloud and this new, not just SaaS hosted on the cloud. >> Yeah. >> You're seeing a much different dynamic of, combination of large scale CapEx, cloud-native, and then now cloud-native drills on premises and edge. Kind of changing what a cloud looks like if the cloud's on a cloud. >> Yeah. >> So we're the customer, I'm building on a cloud and I have on premise stuff. So, I'm getting scale CapEx relief from the hyperscalers. >> I think there's an important nuance on what you're talking about. Which is in the early days of the cloud customers. Remember those first skepticism? Oh, it'll never work. Oh, that's consumer grade. Oh, that's not really going to work. Oh some people realize. >> It's not secure. >> Yeah. It's not secure. >> That one's like, no, no, no it's secure. It works. And it's good. So then there was this sort of over rush. Let's put everything on the cloud. And I had a lot of customers that took VM based applications said, I'm going to move those onto the cloud. You got to take them all apart, put them on the cloud and put them all back together again. And little tiny details like changing an IP address. It's actually much harder than it looks. So my argument is, for existing workloads for VM based workloads, we are VMware. We're so good at running VM based workloads. And now we run them on anybody's cloud. So whether it's your east coast data center, your west coast data center, Amazon, Google, Microsoft, Alibaba, IBM keep going. We pretty much every. >> And the benefit of the customer is what. >> You can literally VMotion and just pick it up and move it from private to public, public to private, private to public, Back and forth. >> Remember when we called Vmotion BS, years ago? >> Yeah. Yeah. >> VMotion is powerful. >> We were very skeptical. We're like, that'll never happen. I mean we were. This supposed to be pat ourselves on the back. >> Well because alchemy. It seems like what you can't possibly do that. And now we do it across clouds. So it's not quite VMotion, but it's the same idea. You can just move these things over. I have one customer that had a production data center in the Ukraine. Things got super tense, super fast and they had to go from their private cloud data center in the Ukraine, to a public cloud data center out of harm's way. They did it over a weekend. 48 hours. If you've ever migrated a data center, that's usually six months. Right. And a lot of heartburn and a lot of angst. Boop. They just drag and dropped and moved it on over. That's the power of what we call the cloud operating model. And you can only do this when all your infrastructures defined in software. If you're relying on hardware, load balancers, hardware, firewalls, you can't move those. They're like a boat anchor. You're stuck with them. And by the way, they're really, really expensive. And by the way, they eat a lot of power. So that was an architecture from the 90's. In the cloud operating model your data center. And this comes back to what you were talking about is just racks and racks of X86 with these magic DPUs, or smart nics, to make any individual node go blisteringly fast and do all the functions that you used to do in network appliances. >> We just had Ahjay taking us to school, and everyone else to school on applications, middleware, abstraction layer. And Kit Culbert was also talking about this across cloud. We're talking supercloud, super pass. If this continues to happen, which we would think it will happen. What does the security posture look like? It feels to me, and again, this is your wheelhouse. If supercloud happens with this kind of past layer where there's vMotioning going on. All kinds of spanning applications and data across environments. >> Yeah. Assume there's an operating system working on behind the scenes. >> Right. >> What's the security posture in all this? >> Yeah. So remember my narrative about the bad guys are getting in and they're moving around and they're so sneaky that they're using legitimate pathways. The only way to stop that stuff, is you've got to understand it at what we call Layer 7. At the application layer. Trying to do security to the infrastructure layer. It was interesting 20 years ago, kind of less interesting 10 years ago. And now it's becoming irrelevant because the infrastructure is oftentimes not even visible. It's buried in some cloud provider. So Layer 7 understanding, application awareness, understanding the APIs and reading the content. That's the name of the game in security. That's what we've been focused on. Nothing to do with the infrastructure. >> And where's the progress bar on that paradigm. One to ten. Ten being everyone's doing it. >> Right now. Well, okay. So we as a vendor can do this today. All the stuff I talked about, reading APIs, understanding the individual services looking at, Hey, wait a minute this credit card anomalies, that's all shipping production code. Where is it in customer adoption life cycle? Early days 10%. So there's a whole lot of headroom for people to understand, Hey, I can put these controls in place. They're software based. They don't require appliances. It's Layer 7, so it has contextual awareness and it's works on every single cloud. >> We talked about the pandemic being an accelerator. It really was a catalyst to really rethink. Remember we used to talk about Pat as a security do over. He's like, yes, if it's the last thing I do, I'm going to fix security. Well, he decided to go try to fix Intel instead. >> He's getting some help from the government. >> But it seems like CISOs have totally rethought their security strategy. And at least in part, as a function of the pandemic. >> When I started at VMware four years ago, Pat sat me down in his office and he said to me what he said to you, which is like, "Tom," he said, "I feel like we have fundamentally changed servers. We fundamentally change storage. We fundamentally change networking. The last piece of the puzzle of security. I want you to go fundamentally change it." And I'll argue that the work that we're doing with this horizontal security, understanding the lateral movement. East- West inspection. It fundamentally changes how security works. It's got nothing to do with firewalls. It's got nothing to do with Endpoint. It's a unique capability that VMware is uniquely suited to deliver on. And so Pat, thanks for the mission. We delivered it and it's available now. >> Those WET web applications firewall for instance are around, I mean. But to your point, the perimeter's gone. >> Exactly. >> And so you got to get, there's no perimeter. so it's a surface area problem. >> Correct. And access. And entry. >> Correct. >> They're entering here easy from some manual error, or misconfiguration or bad password that shouldn't be there. They're in. >> Think about it this way. You put the front door of your house, you put a big strong door and a big lock. That's a firewall. Bad guys come in the window. >> And then the windows open. With a ladder. >> Oh my God. Cause it's hot, bad user behavior trumps good security every time. >> And then they move around room to room. We're the room to room people. We see each little piece of the thing. Wait, that shouldn't happen. Right. >> I want to get you a question that we've been seeing and maybe we're early on this or it might be just a false data point. A lot of CSOs and we're talking to are, and people in industry in the customer environment are looking at CISOs and CSOs, two roles. Chief information security officer, and then chief security officer. Amazon, actually Steven Schmidt is now CSO at Reinforce. They actually called that out. And the interesting point that he made, we had some other situations that verified this, is that physical security is now tied to online, to your point about the service area. If I get a password, I still got the keys to the physical goods too. >> Right. So physical security, whether it's warehouse for them or store or retail. Digital is coming in there. >> Yeah. So is there a CISO anymore? Is it just CSO? What's the role? Or are there two roles you see that evolving? Or is that just circumstance. >> I think it's just one. And I think that the stakes are incredibly high in security. Just look at the impact that these security attacks are having on. Companies get taken down. Equifax market cap was cut 80% with a security breach. So security's gone from being sort of a nuisance to being something that can impact your whole kind of business operation. And then there's a whole nother domain where politics get involved. It determines the fate of nations. I know that sounds grand, but it's true. And so companies care so much about it they're looking for one leader, one throat to choke. One person that's going to lead security in the virtual domain, in the physical domain, in the cyber domain, in the actual. >> I mean, you mention that, but I mean, you look at Ukraine. I mean that cyber is a component of that war. I mean, it's very clear. I mean, that's new. We've never seen. this. >> And in my opinion, the stuff that we see happening in the Ukraine is small potatoes compared to what could happen. >> Yeah. >> So the US, we have a policy of strategic deterrence. Where we develop some of the most sophisticated cyber weapons in the world. We don't use them. And we hope never to use them. Because our adversaries, who could do stuff like, I don't know, wipe out every bank account in North America. Or turn off the lights in New York City. They know that if they were to do something like that, we could do something back. >> This is the red line conversation I want to go there. So, I had this discussion with Robert Gates in 2016 and he said, "We have a lot more to lose." Which is really your point. >> So this brand. >> I agree that there's to have freedom and liberty, you got to strike back with divorce. And that's been our way to balance things out. But with cyber, the red line, people are already in banks. So they're are operating below the red line line. Red line meaning before we know you're in there. So do we move the red line down because, hey, Sony got hacked. The movie. Because they don't have their own militia. >> Yeah. >> If their were physical troops on the shores of LA breaking into the file cabinets. The government would've intervened. >> I agree with you that it creates tension for us in the US because our adversaries don't have the clear delineation between public and private sector. Here you're very, very clear if you're working for the government. Or you work for an private entity. There's no ambiguity on that. >> Collaboration, Tom, and the vendor community. I mean, we've seen efforts to try to. >> That's a good question. >> Monetize private data and private reports. >> So at VMware, I'm very proud of the security capabilities we've built. But we also partner with people that I think of as direct competitors. We've got firewall vendors and Endpoint vendors that we work with and integrate. And so coopetition is something that exists. It's hard. Because when you have these kind of competing. So, could we do more? Of course we probably could. But I do think we've done a fair amount of cooperation, data sharing, product integration, et cetera. And as the threats get worse, you'll probably see us continue to do more. >> And the government is going to trying to force that too. >> And the government also drives standards. So let's talk about crypto. Okay. So there's a new form of encryption coming out called processing quantum. >> Quantum. Quantum computers have the potential to crack any crypto cipher we have today. That's bad. Okay. That's not good at all because our whole system is built around these private communications. So the industry is having conversations about crypto agility. How can we put in place the ability to rapidly iterate the ciphers in encryption. So, when the day quantum becomes available, we can change them and stay ahead of these quantum people. >> Well, didn't NIST just put out a quantum proof algo that's being tested right now by the community? >> There's a lot of work around that. Correct. And NIST is taking the lead on this, but Google's working on it. VMware's working on it. We're very, very active in how do we keep ahead of the attackers and the bad guys? Because this quantum thing is a, it's an x-ray machine. It's like a dilithium crystal that can power a whole ship. It's a really, really, really powerful tool. >> Bad things will happen. >> Bad things could happen. >> Well, Tom, great to have you on the theCube. Thanks for coming on. Take the last minute to just give a plug for what's going on for you here at VMWorld this year, just VMware Explore this year. >> Yeah. We announced a bunch of exciting things. We announced enhancements to our NSX family, with our advanced load balancer. With our edge firewall. And they're all in service of one thing, which is helping our customers make their private cloud like the public cloud. So I like to say 0, 0, 0. If you are in the cloud operating model, you have zero proprietary appliances. You have zero tickets to launch a workload. You have zero network taps and Zero Trust built into everything you do. And that's what we're working on. Pushing that further and further. >> Tom Gill, senior vices president, head of the networking at VMware. Thanks for coming on. We do appreciate it. >> Thanks for having us. >> Always getting the security data. That's killer data and security of the two ops that get the most conversations around DevOps and Cloud Native. This is The theCube bringing you all the action here in San Francisco for VMware Explore 2022. I'm John Furrier with Dave Vellante. Thanks for watching. (bright music)

>>Welcome back everyone Cube's live coverage here. Day two, two sets, three days of cube coverage here at VMware Explorer. This is our 12th year covering VMware's annual conference, formally called world I'm Jean Dave ante. We'd love seeing the progress and we've got great security comes Tom Gill, senior rights, president general manager, networking and advanced security business group at VMware. Great to see you. Thanks for coming on. Thanks >>For having me. Yeah, really happy we could have you on, you know, I think, I think this is my sixth edition on the cube. Like, do I get freaking flyer points or anything? >>Yeah, you get first get the VIP badge. We'll make that happen. You can start getting credits. >>Okay. There we go. >>We won't interrupt you. No, seriously, you got a great story in security here. The security story is kind of embedded everywhere, so it's not like called out and, and blown up and talked specifically about on stage. It's kind of in all the narratives in, in the VM world for this year. Yeah. But you guys have an amazing security story. So let's just step back into set context. Tell us the security story for what's going on here at VMware and what that means to this super cloud multi-cloud and ongoing innovation with VMware. Yeah, >>Sure thing. So, so probably the first thing I'll point out is that, that security's not just built in at VMware it's built differently, right? So we're not just taking existing security controls and cut and pasting them into, into our software. But we can do things because of our platform because of the virtualization layer that you really can't do with other security tools and where we're very, very focused is what we call lateral security or east west movement of an attacker. Cuz frankly, that's the name of the game these days. Right? Attackers, you gotta assume that they're already in your network. Okay. Already assume that they're there, then how do we make it hard for them to get to what the, the stuff that you really want, which is the data that they're, they're going after. Right. And that's where we, >>We really should. All right. So we've been talking a lot coming into world VMware Explorer and here the event about two things security as a state. Yeah. I'm secure right now. Yeah. Or I, I think I'm secure right now, even though someone might be in my network or in my environment to the notion of being defensible. Yeah. Meaning I have to defend and be ready at a moment's notice to attack, fight, push back red team, blue team, whatever you're gonna call it, but something's happening. I gotta be a to defend. Yeah. >>So you, what you're talking about is the principle of zero trust. So the, the, when we, when I first started doing security, the model was we have a perimeter and everything on one side of the perimeter is dirty, ugly, old internet and everything on this side known good, trusted what could possibly go wrong. And I think we've seen that no matter how good you make that perimeter, bad guys find a way in. So zero trust says, you know what? Let's just assume they're already in. Let's assume they're there. How do we make it hard for them to move around within the infrastructure and get to the really valuable assets? Cuz for example, if they bust into your laptop, you click on a link and they get code running on your machine. They might find some interesting things on your machine, but they're not gonna find 250 million credit cards. Right. Or the, the script of a new movie or the super secret aircraft plans, right. That lives in a database somewhere. And so it's that movement from your laptop to that database. That's where the damage is done. Yeah. And that's where VMware shines. If they don't >>Have the right to get to that database, they're >>Not >>In and it's not even just the right, like, so they're so clever. And so sneaky that they'll steal a credential off your machine, go to another machine, steal a credential off of that. So it's like they have the key to unlock each one of these doors and we've gotten good enough where we can look at that lateral movement, even though it has a credential and a key where like, wait a minute, that's not a real CIS admin making a change. That's ransomware. Yeah. Right. And that's, that's where we, you have to earn your way in. That's right. That's >>Right. Yeah. And we're all, there's all kinds of configuration errors. But also some, some I'll just user problems. I've heard one story where there's so many passwords and username and passwords and systems that the bad guy's scour, the dark web for passwords that have been exposed. Correct. And go test them against different accounts. Oh one hit over here. Correct. And people don't change their passwords all the time. Correct? Correct. That's a known, known vector. We, >>We just, the idea that users are gonna be perfect and never make mistake. Like how long have we been doing this? Like humans with the weakest link. Right. So, so, so people are gonna make mistakes. Attackers are gonna be in here's another way of thinking about it. Remember log for J. Remember that whole ago, remember that was a Christmas time. That was nine months ago. And whoever came up with that, that vulnerability, they basically had a skeleton key that could access every network on the planet. I don't know if a single customer that was said, oh yeah, I wasn't impacted by log for J. So seers, some organized entity had access to every network on the planet. What was the big breach? What was that movie script that got stolen? So there wasn't one. Right? We haven't heard anything. So the point is the goal of attackers is to get in and stay in. Imagine someone breaks into your house, steals your laptop and runs. That's a breach. Imagine someone breaks into your house and stays for nine months. Like it's untenable, the real world. Right, right. >>We don't even go in there. They're still in there >>Watching your closet. Exactly. Moving around, nibbling on your ni line, your cookies. You know what I mean? Drinking your beer. >>Yeah. So, so let's talk about how this translates into the new reality of cloud native, because now know you hear about, you know, automated pen testing is a, a new hot thing right now you got antivirus on data. Yeah. Is hot is hot within APIs, for instance. Yeah. API security. So all kinds of new hot areas, cloud native is very iterative. You know, you, you can't do a pen test every week. Right. You gotta do it every second. Right. So this is where it's going. It's not so much simulation. It's actually real testing. Right. Right. How do you view that? How does that fit into this? Cuz that seems like a good direction to me. >>Yeah. It, it, it fits right in. And you were talking to my buddy AJ earlier about what VMware can do to help our customers build cloud native applications with, with Zu, my team is focused on how do we secure those applications? So where VMware wants to be the best in the world is securing these applications from within looking at the individual piece parts and how they talk to each other and figuring out, wait a minute. That, that, that, that, that should never happen by like almost having an x-ray machine on the ins of the application. So we do it for both for VMs and for container based applications. So traditional apps are VM based. Modern apps are container based and we, and we have a slightly different insertion mechanism. It's the same idea. So for VMs, we do it with the hypervisor, with NSX, we see all the inner workings in a container world. >>We have this thing called a service me that lets us look at each little snippet of code and how they talk to each other. And once you can see that stuff, then you can actually apply. It's almost like common sense logic of like, wait a minute. You know, this API is giving back credit card numbers and it gives five an hour. All of a sudden, it's now asking for 20,000 or a million credit card that doesn't make any sense. Right? The anomalies stick out like a sore thumb. If you can see them. And VMware, our unique focus in the infrastructure is that we can see each one of these little transactions and understand the conversation. That's what makes us so good at that east west or lateral >>Security. Yeah. You don't belong in this room, get out or that that's right. Some weird call from an in-memory database, something over >>Here. Exactly. Where other, other security solutions won't even see that. Right. It's not like there algorithms aren't as good as ours or, or better or worse. It's that, it's the access to the data. We see the, the, the, the inner plumbing of the app. And therefore we can protect >>The app from, and there's another dimension that I wanna get in the table here, cuz to my knowledge only AWS, Google, I, I believe Microsoft and Alibaba and VMware have this, it nitro the equivalent of a nitro. Yes. Project Monterey. Yeah. That's unique. It's the future of computing architectures. Everybody needs a nitro. I've I've written about this. Yeah. Right. So explain your version. Yeah. Project. It's now real. It's now in the market right. Or soon will be. Yeah. Here. Here's our mission salient aspects. Yeah. >>Here's our mission of VMware is that we wanna make every one of our enterprise customers. We want their private cloud to be as nimble, as agile, as efficient as the public cloud >>And secure >>And secure. In fact, I'll argue, we can make it actually more secure because we're thinking about putting security everywhere in this infrastructure. Right. Not just on the edges of it. So, so, so, okay. How do we go on that journey? As you pointed out, the public cloud providers realized, you know, five years ago that the right way to build computers was not just a CPU and a GPU graphics process, unit GPU, but there's this third thing that the industry's calling a DPU data processing unit. So there's kind of three pieces of a computer. And the DPU is sometimes called a smart Nick it's the network interface card. It does all that network handling and analytics and it takes it off the CPU. So they've been building and deploying those systems themselves. That's what nitro is. And so we have been working with the major Silicon vendors to bring that architecture to everybody. So, so with vSphere eight, we have the ability to take the network processing that east west inspection. I talked about, take it off of the CPU and put it into this dedicated processing element called the DPU and free up the CPU to run the applications that AJ and team are building. >>So no performance degradation at all, correct. >>To CPU >>Offload. So even the opposite, right? I mean you're running it basically bare metal speeds. >>Yes, yes. And yes. >>And, and, and you're also isolating the, the storage right from the, from the, the, the security, the management. And >>There's an isolation angle to this, which is that firewall that we're putting everywhere. Not just that the perimeter, we put it in each little piece of the server is running when it runs on one of these DPU, it's a different memory space. So even if, if an attacker gets to root in the OS, they it's very, very, never say never, but it's very difficult. >>So who has access to that? That, that resource >>Pretty much just the infrastructure layer, the cloud provider. So it's Google Microsoft, you know, and the enterprise, the >>Application can't get in, >>Can't get in there. Cause it, you would've to literally bridge from one memory space to another, never say never, but it would be very, very, >>It hasn't earned the trust >>To get it's more than Bob wire. It's, it's, it's multiple walls and, and >>It's like an air gap. It puts an air gap in the server itself so that if the server's compromised, it's not gonna get into the network really powerful. >>What's the big thing that you're seeing with this super cloud transition we're seeing, we're seeing, you know, multicloud and this new, not just SAS hosted on the cloud. Yeah. You're seeing a much different dynamic of combination of large scale CapEx, cloud native. And then now cloud native develops on premises and edge kind of changing what a cloud looks like if the cloud's on a cloud. So rubber customer, I'm building on a cloud and I have on-prem stuff. So I'm getting scale CapEx relief from the, from the cap, from the hyperscalers. >>I, I think there's an important nuance on what you're talking about, which is, is in the early days of the cloud customers. Remember those first skepticism? Oh, it'll never work. Oh, that's consumer grade. Oh, that's not really gonna work. And some people realize >>It's not secure. Yeah. >>It, it's not secure that one's like, no, no, no, it's secure. It works. And it, and it's good. So then there was this sort of over rush. Like let's put everything on the cloud. And I had a lot of customers that took VM based applications said, I'm gonna move those onto the cloud. You gotta take 'em all apart, put 'em on the cloud and put 'em all back together again. And little tiny details, like changing an IP address. It's actually much harder than it looks. So my argument is for existing workloads for VM based workloads, we are VMware. We're so good at running VM based workloads. And now we run them on anybody's cloud. So whether it's your east coast data center, your west coast data center, Amazon, Google, Microsoft, Alibaba, IBM keep going. Right. We pretty much every, and >>The benefit of the customer is what you >>Can literally vMotion and just pick it up and move it from private to public public, to private, private, to public, public, back and forth. >>Remember when we called VMO BS years ago. Yeah, yeah, yeah. >>We were really, skeptic is >>Powerful. We were very skeptical. We're like, that'll never happen. I mean, we were, I mean, it's supposed to be pat ourselves on the back. We, well, >>Because it's alchemy, it seems like what you can't possibly do that. Right. And so, so, so, and now we do it across clouds, right? So we can, you know, it's not quite VMO, but it's the same idea. You can just move these things over. I have one customer that had a production data center in the Ukraine, things got super tense, super fast, and they had to go from their private cloud data center in the Ukraine to a public cloud data center outta harm's way. They did it over a weekend, 48 hours. If you've ever migrated data, that's usually six months, right? And a lot of heartburn and a lot of angst, boom. They just drag and drop, moved it on over. That's the power of what we call the cloud operating model. And you can only do this when all your infrastructure's defined in software. >>If you're relying on hardware, load, balancers, hardware, firewalls, you can't move those. They're like a boat anchor. You're stuck with them. And by the way, really, really expensive. And by the way, they eat a lot of power, right? So that was an architecture from the nineties in the cloud operating model, your data center. And this goes back to what you were talking about is just racks and racks of X 86 with these magic DPU or smart necks to make any individual node go blisteringly fast and do all the functions that you used to do in network appliances. >>We just said, AJ taking us to school and everyone else to school on applications, middleware abstraction layer. Yeah. And kit Culver was also talking about this across cloud. We're talking super cloud, super pass. If this continues to happen, which we would think it will happen. What does the security posture look like? It has. It feels to me. And again, this is, this is your wheelhouse. If super cloud happens with this kind of past layer where there's B motioning going on, all kinds of yeah. Spanning applications and data. Yeah. Across environments. Yeah. Assume there's an operating system working on behind the scenes. Right. What's the security posture in all this. Yeah. >>So remember my narrative about like VA guys are getting in and they're moving around and they're so sneaky that they're using legitimate pathways. The only way to stop that stuff is you've gotta understand it at what, you know, we call layer seven at the application layer the in, you know, trying to do security, the infrastructure layer. It was interesting 20 years ago, kind of less interesting 10 years ago. And now it's becoming irrelevant because the infrastructure is oftentimes not even visible, right. It's buried in some cloud provider. So layer seven, understanding, application awareness, understanding the APIs and reading the content. That's the name of the game in security. That's what we've been focused on. Right. Nothing to do with >>The infras. And where's the progress bar on that, that paradigm early one at the 10, 10 being everyone's doing it >>Right now. Well, okay. So we, as a vendor can do this today. All the stuff I talked about about reading APIs, understanding the, the individual services looking at, Hey, wait a minute. This credit card anomalies, that's all shipping production code. Where is it in customer adoption life cycle, early days, 10%. So, so there's a whole lot of headroom. We, for people to understand, Hey, I can put these controls in place. There's software based. They don't require appliances. It's layer seven. So it has contextual awareness and it's works on every single cloud. >>You know, we talk about the pandemic. Being an accelerator really was a catalyst to really rethink. Remember we used to talk about pat his security a do over. He's like, yes, if it's the last thing I'm due, I'm gonna fix security. Well, he decided to go try to fix Intel instead, but, >>But, but he's getting some help from the government, >>But it seems like, you know, CISOs have totally rethought, you know, their security strategy. And, and at least in part is a function of the pandemic. >>When I started at VMware four years ago, pat sat me down in his office and he said to me what he said to you, which is like Tom, he said, I feel like we have fundamentally changed servers. We fundamentally changed storage. We fundamentally changed networking. The last piece of the puzzle of security. I want you to go fundamentally change it. And I'll argue that the work that we're doing with this, this horizontal security understanding the lateral movement east west inspection, it fundamentally changes how security works. It's got nothing to do with firewalls. It's got nothing to do with endpoint. It's a unique capability that VMware is uniquely suited to deliver on. And so pat, thanks for the mission. We delivered it and available >>Those, those wet like web applications firewall for instance are, are around. I mean, but to your point, the perimeter's gone. Exactly. And so you gotta get, there's no perimeter. So it's a surface area problem. Correct. And access and entry, correct. They're entering here easy from some manual error or misconfiguration or bad password that shouldn't be there. They're >>In. Think about it this way. You put the front door of your house, you put a big strong door and a big lock. That's a firewall bad guys, come in the window. Right. And >>Then the window's open and the window with a ladder room. Oh my >>God. Cause it's hot, bad user behavior. Trump's good security >>Every time. And then they move around room to room. We're the room to room people. Yeah. We see each little piece of the thing. Wait, that shouldn't happen. Right. >>I wanna get you a question that we've been seeing and maybe we're early on this, or it might be just a, a false data point. A lot of CSOs and we're talking to are, and people in industry in the customer environment are looking at CSOs and CSOs, two roles, chief information security officer, and then chief security officer Amazon, actually, Steven Schmidt is now CSO at reinforced. They actually called that out. Yeah. And the, and the interesting point that he made, we've had some other situations that verified. This is that physical security is now tied to online to your point about the service area. If I get a password, I still at the keys to the physical goods too. Right. Right. So physical security, whether it's warehouse for them is, or store or retail digital is coming in there. Yeah. So is there a CSO anymore? Is it just CSO? What's the role or are there two roles you see that evolving or is that just, >>Well, >>I circumstance, >>I, I think it's just one. And I think that, that, you know, the stakes are incredibly high in security. Just look at the impact that these security attacks are having on it. It, you know, companies get taken down, Equifax market cap was cut, you know, 80% with a security breach. So security's gone from being sort of a nuisance to being something that can impact your whole kind of business operation. And then there's a whole nother domain where politics get involved. Right. It determines the fate of nations. I know that sounds grand, but it's true. Yeah. And so, so, so companies care so much about it. They're looking for one liter, one throat to choke, you know, one person that's gonna lead security in the virtual domain, in the physical domain, in the cyber domain, in, in, you know, in the actual, well, it is, >>I mean, you mentioned that, but I mean, mean you look at Ukraine. I mean the, the, that, that, that cyber is a component of that war. I mean, that's very clear. I mean, that's, that's new, we've never seen >>This. And in my opinion, the stuff that we see happening in the Ukraine is small potatoes compared to what could happen. Yeah, yeah. Right. So the us, we have a policy of, of strategic deterrents where we develop some of the most sophisticated cyber weapons in the world. We don't use them and we hope never to use them because the, the, our adversaries who could do stuff like, oh, I don't know, wipe out every bank account in north America, or turn off the lights in New York city. They know that if they were to do something like that, we could do something back. >>I, this discuss, >>This is the red line conversation I wanna go there. So >>I had this discussion with Robert Gates in 2016 and he said, we have a lot more to lose, which is really >>Your point. So this brand, so I agree that there's the, to have freedom and Liberty, you gotta strike back with divorce and that's been our way to, to balance things out. Yeah. But with cyber, the red line, people are already in banks. So they're addresses are operating below the red line, red line, meaning before we know you're in there. So do we move the red line down because Hey, Sony got hacked the movie because they don't have their own militia. Yeah. If they were physical troops on the shores of LA breaking into the file cabinets. Yeah. The government would've intervened. >>I, I, I agree with you that it creates, it creates tension for us in the us because our, our adversaries don't have the clear delineation between public and private sector here. You're very, very clear if you're working for the government or you work for an private entity, there's no ambiguity on that. And so, so we have different missions in each department. Other countries will use the same cyber capabilities to steal intellectual, you know, a car design as they would to, you know, penetrate a military network. And that creates a huge hazard for us on the us. Cause we don't know how to respond. Yeah. Is that a civil issue? Is that a, a, a military issue? And so, so it creates policy ambiguity. I still love the clarity of separation of, you know, sort of the various branches of government separation of government from, >>But that, but, but bureau on multinational corporation, you then have to, your cyber is a defensible. You have to build the defenses >>A hundred percent. And I will also say that even though there's a clear D mark between government and private sector, there's an awful lot of cooperation. So, so our CSO, Alex toshe is actively involved in the whole intelligence community. He's on boards and standards and we're sharing because we have a common objective, right? We're all working together to fight these bad guys. And that's one of the things I love about cyber is that that even direct competitors, two big banks that are rivals on the street are working together to share security information and, and private, is >>There enough? Is collaboration Tom in the vendor community? I mean, we've seen efforts to try to, that's a good question, monetize private data, you know? Yeah. And private reports and, >>And, you know, like, so at VMware, we, we, I'm very proud of the security capabilities we've built, but we also partner with people that I think of as direct competitors, we've got firewall vendors and endpoint vendors that we work with and integrate. And so cooperation is something that exists. It's hard, you know, because when you have these kind of competing, you know, so could we do more? Of course we probably could, but I do think we've done a fair amount of cooperation, data sharing, product integration, et cetera, you know, and, you know, as the threats get worse, you'll probably see us continue to do more. >>And the governments is gonna trying to force that too. >>And, and the government also drives standards. So let's talk about crypto. Okay. So there's a new form of encryption coming out called quantum processing, calling out. Yeah. Yeah. Quantum, quantum computers have the potential to crack any crypto cipher we have today. That's bad. Okay. Right. That's not good at all because our whole system is built around these private communications. So, so the industry is having conversations about crypto agility. How can we put in place the ability to rapidly iterate the ciphers in encryption? So when the day quantum becomes available, we can change them and stay ahead of these quantum people. Well, >>Didn't this just put out a quantum proof algo that's being tested right now by the, the community. >>There's a lot of work around that. Correct. And, and, and this is taking the lead on this, but you know, Google's working on it, VMware's working on it. We're very, very active in how do we keep ahead of the attackers and the bad guys? Because this quantum thing is like a, it's a, it's a x-ray machine. You know, it's like, it's like a, a, a di lithium crystal that can power a whole ship. Right. It's a really, really, really powerful >>Tool. It's bad. Things will happen. >>Bad things could happen. >>Well, Tom, great to have you on the cube. Thanks for coming. Take the last minute to just give a plug for what's going on for you here at world this year, VMware explore this year. Yeah. >>We announced a bunch of exciting things. We announced enhancements to our, our NSX family, with our advanced load balancer, with our edge firewall. And they're all in service of one thing, which is helping our customers make their private cloud like the public cloud. So I like to say 0, 0, 0. If you are in the cloud operating model, you have zero proprietary appliances. You have zero tickets to launch a workload. You have zero network taps and zero trust built into everything you do. And that's, that's what we're working on and pushing that further and further. >>Tom Gill, senior vices president head of the networking at VMware. Thanks for coming up for you. Appreciate >>It. Yes. Thanks for having guys >>Always getting the security data. That's killer data and security of the two ops that get the most conversations around dev ops and cloud native. This is the queue bringing you all the action here in San Francisco for VMware. Explore 2022. I'm John furrier with Dave, Alan. Thanks for watching.

(upbeat music) >> Welcome back to Boston, everybody. This is the birthplace of theCUBE. In 2010, May of 2010 at EMC World, right in this very venue, John Furrier called it the chowder and lobster post. I'm Dave Vellante. We're here at RE:INFORCE 2022, Ed Walsh, CEO of ChaosSearch. Doing a drive by Ed. Thanks so much for stopping in. You're going to help me wrap up in our final editorial segment. >> Looking forward to it. >> I really appreciate it. >> Thank you for including me. >> How about that? 2010. >> That's amazing. It was really in this-- >> Really in this building. Yeah, we had to sort of bury our way in, tunnel our way into the Blogger Lounge. We did four days. >> Weekends, yeah. >> It was epic. It was really epic. But I'm glad they're back in Boston. AWS was going to do June in Houston. >> Okay. >> Which would've been awful. >> Yeah, yeah. No, this is perfect. >> Yeah. Thank God they came back. You saw Boston in summer is great. I know it's been hot, And of course you and I are from this area. >> Yeah. >> So how you been? What's going on? I mean, it's a little crazy out there. The stock market's going crazy. >> Sure. >> Having the tech lash, what are you seeing? >> So it's an interesting time. So I ran a company in 2008. So we've been through this before. By the way, the world's not ending, we'll get through this. But it is an interesting conversation as an investor, but also even the customers. There's some hesitation but you have to basically have the right value prop, otherwise things are going to get sold. So we are seeing longer sales cycles. But it's nothing that you can't overcome. But it has to be something not nice to have, has to be a need to have. But I think we all get through it. And then there is some, on the VC side, it's now buckle down, let's figure out what to do which is always a challenge for startup plans. >> In pre 2000 you, maybe you weren't a CEO but you were definitely an executive. And so now it's different and a lot of younger people haven't seen this. You've got interest rates now rising. Okay, we've seen that before but it looks like you've got inflation, you got interest rates rising. >> Yep. >> The consumer spending patterns are changing. You had 6$, $7 gas at one point. So you have these weird crosscurrents, >> Yup. >> And people are thinking, "Okay post-September now, maybe because of the recession, the Fed won't have to keep raising interest rates and tightening. But I don't know what to root for. It's like half full, half empty. (Ed laughing) >> But we haven't been in an environment with high inflation. At least not in my career. >> Right. Right. >> I mean, I got into 92, like that was long gone, right?. >> Yeah. >> So it is a interesting regime change that we're going to have to deal with, but there's a lot of analogies between 2008 and now that you still have to work through too, right?. So, anyway, I don't think the world's ending. I do think you have to run a tight shop. So I think the grow all costs is gone. I do think discipline's back in which, for most of us, discipline never left, right?. So, to me that's the name of the game. >> What do you tell just generally, I mean you've been the CEO of a lot of private companies. And of course one of the things that you do to retain people and attract people is you give 'em stock and it's great and everybody's excited. >> Yeah. >> I'm sure they're excited cause you guys are a rocket ship. But so what's the message now that, Okay the market's down, valuations are down, the trees don't grow to the moon, we all know that. But what are you telling your people? What's their reaction? How do you keep 'em motivated? >> So like anything, you want over communicate during these times. So I actually over communicate, you get all these you know, the Sequoia decks, 2008 and the recent... >> (chuckles) Rest in peace good times, that one right? >> I literally share it. Why? It's like, Hey, this is what's going on in the real world. It's going to affect us. It has almost nothing to do with us specifically, but it will affect us. Now we can't not pay attention to it. It does change how you're going to raise money, so you got to make sure you have the right runway to be there. So it does change what you do, but I think you over communicate. So that's what I've been doing and I think it's more like a student of the game, so I try to share it, and I say some appreciate it others, I'm just saying, this is normal, we'll get through this and this is what happened in 2008 and trust me, once the market hits bottom, give it another month afterwards. Then everyone says, oh, the bottom's in and we're back to business. Valuations don't go immediately back up, but right now, no one knows where the bottom is and that's where kind of the world's ending type of things. >> Well, it's interesting because you talked about, I said rest in peace good times >> Yeah >> that was the Sequoia deck, and the message was tighten up. Okay, and I'm not saying you shouldn't tighten up now, but the difference is, there was this period of two years of easy money and even before that, it was pretty easy money. >> Yeah. >> And so companies are well capitalized, they have runway so it's like, okay, I was talking to Frank Slootman about this now of course there are public companies, like we're not taking the foot off the gas. We're inherently profitable, >> Yeah. >> we're growing like crazy, we're going for it. You know? So that's a little bit of a different dynamic. There's a lot of good runway out there, isn't there? >> But also you look at the different companies that were either born or were able to power through those environments are actually better off. You come out stronger in a more dominant position. So Frank, listen, if you see what Frank's done, it's been unbelievable to watch his career, right?. In fact, he was at Data Domain, I was Avamar so, but look at what he's done since, he's crushed it. Right? >> Yeah. >> So for him to say, Hey, I'm going to literally hit the gas and keep going. I think that's the right thing for Snowflake and a right thing for a lot of people. But for people in different roles, I literally say that you have to take it seriously. What you can't be is, well, Frank's in a different situation. What is it...? How many billion does he have in the bank? So it's... >> He's over a billion, you know, over a billion. Well, you're on your way Ed. >> No, no, no, it's good. (Dave chuckles) Okay, I want to ask you about this concept that we've sort of we coined this term called Supercloud. >> Sure. >> You could think of it as the next generation of multi-cloud. The basic premises that multi-cloud was largely a symptom of multi-vendor. Okay. I've done some M&A, I've got some Shadow IT, spinning up, you know, Shadow clouds, projects. But it really wasn't a strategy to have a continuum across clouds. And now we're starting to see ecosystems really build, you know, you've used the term before, standing on the shoulders of giants, you've used that a lot. >> Yep. >> And so we're seeing that. Jerry Chen wrote a seminal piece on Castles in The Cloud, so we coined this term SuperCloud to connote this abstraction layer that hides the underlying complexities and primitives of the individual clouds and then adds value on top of it and can adjudicate and manage, irrespective of physical location, Supercloud. >> Yeah. >> Okay. What do you think about that concept?. How does it maybe relate to some of the things that you're seeing in the industry? >> So, standing on shoulders of giants, right? So I always like to do hard tech either at big company, small companies. So we're probably your definition of a Supercloud. We had a big vision, how to literally solve the core challenge of analytics at scale. How are you going to do that? You're not going to build on your own. So literally we're leveraging the primitives, everything you can get out of the Amazon cloud, everything get out of Google cloud. In fact, we're even looking at what it can get out of this Snowflake cloud, and how do we abstract that out, add value to it? That's where all our patents are. But it becomes a simplified approach. The customers don't care. Well, they care where their data is. But they don't care how you got there, they just want to know the end result. So you simplify, but you gain the advantages. One thing's interesting is, in this particular company, ChaosSearch, people try to always say, at some point the sales cycle they say, no way, hold on, no way that can be fast no way, or whatever the different issue. And initially we used to try to explain our technology, and I would say 60% was explaining the public, cloud capabilities and then how we, harvest those I guess, make them better add value on top and what you're able to get is something you couldn't get from the public clouds themselves and then how we did that across public clouds and then extracted it. So if you think about that like, it's the Shoulders of giants. But what we now do, literally to avoid that conversation because it became a lengthy conversation. So, how do you have a platform for analytics that you can't possibly overwhelm for ingest. All your messy data, no pipelines. Well, you leverage things like S3 and EC2, and you do the different security things. You can go to environments say, you can't possibly overrun me, I could not say that. If I didn't literally build on the shoulders giants of all these public clouds. But the value. So if you're going to do hard tech as a startup, you're going to build, you're going to be the principles of Supercloud. Maybe they're not the same size of Supercloud just looking at Snowflake, but basically, you're going to leverage all that, you abstract it out and that's where you're able to have a lot of values at that. >> So let me ask you, so I don't know if there's a strict definition of Supercloud, We sort of put it out to the community and said, help us define it. So you got to span multiple clouds. It's not just running in each cloud. There's a metadata layer that kind of understands where you're pulling data from. Like you said you can pull data from Snowflake, it sounds like we're not running on Snowflake, correct? >> No, complimentary to them in their different customers. >> Yeah. Okay. >> They want to build on top of a data platform, data apps. >> Right. And of course they're going cross cloud. >> Right. >> Is there a PaaS layer in there? We've said there's probably a Super PaaS layer. You're probably not doing that, but you're allowing people to bring their own, bring your own PaaS sort of thing maybe. >> So we're a little bit different but basically we publish open APIs. We don't have a user interface. We say, keep the user interface. Again, we're solving the challenge of analytics at scale, we're not trying to retrain your analytics, either analysts or your DevOps or your SOV or your Secop team. They use the tools they already use. Elastic search APIs, SQL APIs. So really they program, they build applications on top of us, Equifax is a good example. Case said it coming out later on this week, after 18 months in production but, basically they're building, we provide the abstraction layer, the quote, I'm going to kill it, Jeff Tincher, who owns all of SREs worldwide, said to the effect of, Hey I'm able to rethink what I do for my data pipelines. But then he also talked about how, that he really doesn't have to worry about the data he puts in it. We deal with that. And he just has to, just query on the other side. That simplicity. We couldn't have done that without that. So anyway, what I like about the definition is, if you were going to do something harder in the world, why would you try to rebuild what Amazon, Google and Azure or Snowflake did? You're going to add things on top. We can still do intellectual property. We're still doing patents. So five grand patents all in this. But literally the abstraction layer is the simplification. The end users do not want to know that complexity, even though they ask the questions. >> And I think too, the other attribute is it's ecosystem enablement. Whereas I think, >> Absolutely >> in general, in the Multicloud 1.0 era, the ecosystem wasn't thinking about, okay, how do I build on top and abstract that. So maybe it is Multicloud 2.0, We chose to use Supercloud. So I'm wondering, we're at the security conference, >> RE: INFORCE is there a security Supercloud? Maybe Snyk has the developer Supercloud or maybe Okta has the identity Supercloud. I think CrowdStrike maybe not. Cause CrowdStrike competes with Microsoft. So maybe, because Microsoft, what's interesting, Merritt Bear was just saying, look, we don't show up in the spending data for security because we're not charging for most of our security. We're not trying to make a big business. So that's kind of interesting, but is there a potential for the security Supercloud? >> So, I think so. But also, I'll give you one thing I talked to, just today, at least three different conversations where everyone wants to log data. It's a little bit specific to us, but basically they want to do the security data lake. The idea of, and Snowflake talks about this too. But the idea of putting all the data in one repository and then how do you abstract out and get value from it? Maybe not the perfect, but it becomes simple to do but hard to get value out. So the different players are going to do that. That's what we do. We're able to, once you land it in your S3 or it doesn't matter, cloud of choice, simple storage, we allow you to get after that data, but we take the primitives and hide them from you. And all you do is query the data and we're spinning up stateless computer to go after it. So then if I look around the floor. There's going to be a bunch of these players. I don't think, why would someone in this floor try to recreate what Amazon or Google or Azure had. They're going to build on top of it. And now the key thing is, do you leave it in standard? And now we're open APIs. People are building on top of my open APIs or do you try to put 'em in a walled garden? And they're in, now your Supercloud. Our belief is, part of it is, it needs to be open access and let you go after it. >> Well. And build your applications on top of it openly. >> They come back to snowflake. That's what Snowflake's doing. And they're basically saying, Hey come into our proprietary environment. And the benefit is, and I think both can win. There's a big market. >> I agree. But I think the benefit of Snowflake's is, okay, we're going to have federated governance, we're going to have data sharing, you're going to have access to all the ecosystem players. >> Yep. >> And as everything's going to be controlled and you know what you're getting. The flip side of that is, Databricks is the other end >> Yeah. >> of that spectrum, which is no, no, you got to be open. >> Yeah. >> So what's going to happen, well what's happening clearly, is Snowflake's saying, okay we've got Snowpark. we're going to allow Python, we're going to have an Apache Iceberg. We're going to have open source tooling that you can access. By the way, it's not going to be as good as our waled garden where the flip side of that is you get Databricks coming at it from a data science and data engineering perspective. And there's a lot of gaps in between, aren't there? >> And I think they both win. Like for instance, so we didn't do Snowpark integration. But we work with people building data apps on top of Snowflake or data bricks. And what we do is, we can add value to that, or what we've done, again, using all the Supercloud stuff we're done. But we deal with the unstructured data, the four V's coming at you. You can't pipeline that to save. So we actually could be additive. As they're trying to do like a security data cloud inside of Snowflake or do the same thing in Databricks. That's where we can play. Now, we play with them at the application level that they get some data from them and some data for us. But I believe there's a partnership there that will do it inside their environment. To us they're just another large scaler environment that my customers want to get after data. And they want me to abstract it out and give value. >> So it's another repository to you. >> Yeah. >> Okay. So I think Snowflake recently added support for unstructured data. You chose not to do Snowpark because why? >> Well, so the way they're doing the unstructured data is not bad. It's JSON data. Basically, This is the dilemma. Everyone wants their application developers to be flexible, move fast, securely but just productivity. So you get, give 'em flexibility. The problem with that is analytics on the end want to be structured to be performant. And this is where Snowflake, they have to somehow get that raw data. And it's changing every day because you just let the developers do what they want now, in some structured base, but do what you need to do your business fast and securely. So it completely destroys. So they have large customers trying to do big integrations for this messy data. And it doesn't quite work, cause you literally just can't make the pipelines work. So that's where we're complimentary do it. So now, the particular integration wasn't, we need a little bit deeper integration to do that. So we're integrating, actually, at the data app layer. But we could, see us and I don't, listen. I think Snowflake's a good actor. They're trying to figure out what's best for the customers. And I think we just participate in that. >> Yeah. And I think they're trying to figure out >> Yeah. >> how to grow their ecosystem. Because they know they can't do it all, in fact, >> And we solve the key thing, they just can't do certain things. And we do that well. Yeah, I have SQL but that's where it ends. >> Yeah. >> I do the messy data and how to play with them. >> And when you talk to one of their founders, anyway, Benoit, he comes on the cube and he's like, we start with simple. >> Yeah. >> It reminds me of the guy's some Pure Storage, that guy Coz, he's always like, no, if it starts to get too complicated. So that's why they said all right, we're not going to start out trying to figure out how to do complex joins and workload management. And they turn that into a feature. So like you say, I think both can win. It's a big market. >> I think it's a good model. And I love to see Frank, you know, move. >> Yeah. I forgot So you AVMAR... >> In the day. >> You guys used to hate each other, right? >> No, no, no >> No. I mean, it's all good. >> But the thing is, look what he's done. Like I wouldn't bet against Frank. I think it's a good message. You can see clients trying to do it. Same thing with Databricks, same thing with BigQuery. We get a lot of same dynamic in BigQuery. It's good for a lot of things, but it's not everything you need to do. And there's ways for the ecosystem to play together. >> Well, what's interesting about BigQuery is, it is truly cloud native, as is Snowflake. You know, whereas Amazon Redshift was sort of Parexel, it's cobbled together now. It's great engineering, but BigQuery gets a lot of high marks. But again, there's limitations to everything. That's why companies like yours can exist. >> And that's why.. so back to the Supercloud. It allows me as a company to participate in that because I'm leveraging all the underlying pieces. Which we couldn't be doing what we're doing now, without leveraging the Supercloud concepts right, so... >> Ed, I really appreciate you coming by, help me wrap up today in RE:INFORCE. Always a pleasure seeing you, my friend. >> Thank you. >> All right. Okay, this is a wrap on day one. We'll be back tomorrow. I'll be solo. John Furrier had to fly out but we'll be following what he's doing. This is RE:INFORCE 2022. You're watching theCUBE. I'll see you tomorrow.

(upbeat music) >> Man: We're good. >> Hey everyone. Welcome back to theCube's live coverage of AWS Summit NYC. We're in New York City, been here all day. Lisa Martin, John Furrier, talking with AWS partners ecosystem folks, customers, AWS folks, you name it. Next up, one of our alumni, rejoins us. Please welcome Anshu Sharma the co-founder and CEO of Skyflow. Anshu great to have you back on theCube. >> Likewise, I'm excited to be back. >> So I love how you guys founded this company. Your inspiration was the zero trust data privacy vault pioneered by two of our favorites, Apple and Netflix. You started with a simple question. What if privacy had an API? So you built a data privacy vault delivered as an API. Talk to us, and it's only in the last three and a half years. Talk to us about a data privacy vault and what's so unique about it. >> Sure. I think if you think about all the key challenges we are seeing in our personal lives when we are dealing with technology companies a lot of anxiety is around what happens to my data, right? If you want to go to a pharmacy they want to know not just your health ID number but they want to know your social security number your credit card number, your phone number and all of that information is actually useful because they need to be able to engage with you. And it's true for hospitals, health systems. It's true for your bank. It's true for pretty much anybody you do business with even an event like this. But then question that keeps coming up is where does this data go? And how is it protected? And the state of the art here has always been to keep kind of, keep it protected when it's in storage but almost all the breaches, all the hacks happen not because you've steal somebody's disc, but because someone enters through an API or a portal. So the question we asked was we've been building different shapes of containers for different types of data. You don't store your logs in a data warehouse. You don't store your analytical data in a regular RDBMS. Similarly, you don't store your passwords and usernames you store them in identity systems. So if PI is so special why isn't it a container that's used for storing PII? So that's how the idea of Pii.World came up. >> So you guys just got a recent funding, a series B financing which means for the folks out there that don't know the inside baseball, must people do, means you're doing well. It's hard to get that round of funding means you're up and growing to the right. What's the differentiator? Why are you guys so successful? Why the investment growth, what's the momentum driver? >> So I think in some ways we took one of the most complex problems, data privacy, like half the people can't even describe like, does data privacy mean like I have to be GDPR compliant or does it actually mean I'm protecting the data? So you have multiple stakeholders in any company. If you're a pharma company, you may have a chief privacy officer, a data officer, this officer, that officer, and all of these people were talking and the answer was buy more tools. So if you look around behind our back, there's probably dozens of companies out there. One protecting data in an API call another protecting data in a database, another one data warehouse. But as a CEO, CTO, I want to know what happens to my social security number from a customer end to end. So we said, if you can radically simplify the whole thing and the key insight was you can simplify it by actually isolating and protecting this data. And this architecture evolved on its own at companies like Apple and other places, but it takes dozens of engineers for those companies to build it out. So we like, well, the pattern will makes sense. It logically kind is just common sense. So instead of selling dozens of tools, we can just give you a very simple product, which is like one API call, you know, protect this data... >> So like Stripe is for a plugin for a financial transaction you plug it into the app, similar dynamic here, right? >> Exactly. So it's Stripe for payments, Twilio for Telephony. We have API for everything, but if you have social security numbers or pan numbers you still are like relying on DIY. So I think what differentiated us and attracted the investors was, if this works, >> It's huge. every company needs it. >> Well, that's the integration has become the key thing. I got to ask you because you mentioned GDPR and all the complexities around the laws and the different regulations. That could be a real blocker in a wet blanket for innovation. >> Anshu: Yes. >> And with the market we're seeing here at, at your Summit New York, small event. 10,000 people, more people here than were at Snowflake Summit as an example. And they're the hottest company in data. So this small little New York event is proven that that world is growing. So why should this wet blanket, these rules slow it down? How do you balance it? 'Cause that's a concern. If you checking all the boxes you're never actually building anything. >> So, you know, we just ran into a couple of customers who still are struggling with moving from the data center to AWS Cloud. Now the fact that here means they want to but something is holding them back. I also met the AI team of Amazon. They're doing some amazing work and they're like, the biggest hindrance for them is making customers feel safe when they do the machine learning. Because now you're opening up the data sets to more people. And in all of those cases your innovation basically stops because CSO is like, look you can't put PII in the cloud unprotected. And with the vault architecture we call it privacy by architecture. So there's a term called privacy by design. I'm like what the, is privacy by design, right? >> John: It's an architecture. (John laughing) >> But if you are an architecture and a developer like me I was like, I know what architecture is. I don't know what privacy by design is. >> So you guys are basically have that architecture by design which means foundational based services. So you're providing that as a service. So other people don't have to build the complex. >> Anshu: Exactly. >> You know that you will be Apple's backend team to build that privacy with you you get all that benefit. >> Exactly. And traditionally, people have had to make compromises. If you encrypt the data and secure it, then you can't use it. Using a proprietary polymorphic encryption technology you can actually have your cake and eat it to. So what that means for customers is, if you want to protect data in Snowflake or REDshare, use Skyflow with it. We have integrations to databases, to data lakes, all the common workflow tools. >> Can you give us a customer example that you think really articulates the value of what Skyflow is delivering? >> Well, I'll give you two examples. One in the FinTech space, one in the health space. So in the FinTech space this is a company called Nomi Health. They're a large payments processor for the health insurance market. And funnily enough, their CTO actually came from Goldman Sachs. He actually built apple card. (John laughing) Right? That if we all have in our phones. And he saw our product and he's like, for my new company, I'm going to just use you guys because I don't want to go hire 20 engineers. So for them, we had a HIPAA compliant environment a PCI compliant environment, SOC 2 compliant environment. And he can sleep better at night because he doesn't have to worry what is my engineer in Poland or Ukraine doing right now? I have a vault. I have rules set up. I can audit it. Everything is logged. Similarly for Science 37, they run clinical trials globally. They wanted to solve data residency. So for them the problem was, how do I run one common global instance? When the rules say you have to break everything up and that's very expensive. >> And so I love this. I'm a customer. For them a customer. I love it. You had me at hello, API integration. I love it. How much does it cost? What's it going to cost me? How do I need to think about my operationalizing? 'Cause I know with an API, I can do that. Am I paying by the usage, by the drink? How do I figure out? >> So we have programs for startups where it's really really inexpensive. We get them credits. And then for enterprises, we basically have a platform fee. And then based on the amount of data PII, we charge them. We don't nickel and dime the customers. We don't like the usage based model because, you don't know how many times you're going to hit an API. So we usually just based on the number of customer records that you have and you can hit them as many time as you want. There's no API limits. >> So unlimited record based. >> Exactly. that's your variable. >> Exactly. We think about you buying odd zero, for example, for authentication you pay them by the number of active users you have. So something similar. >> So you run on AWS, but you just announced a couple of new GTM partners, MuleSoft and plan. Can you talk to us about, start with MuleSoft? What are you doing and why? And the same with VLA? >> Sure. I mean, MuleSoft was very interesting customers who were adopting our products at, you know, we are buying this product for our new applications but what about our legacy code? We can't go in there and add APIs there. So the simplest way to do integration in the legacy world is to use an integration broker. So that's where MuleSoft integration came out and we announced that. It's a logical place for you to swap out real social security numbers with, you know, fake ones. And then we also announced a partnership with SnowFlake, same thing. I think every workload as it's moving to the cloud needs some kind of data protection with it. So I think going forward we are going to be announcing even more partnerships. So you can imagine all the places you're storing PII today whether it's in a call center solution or analytics solution, there's a PII story there. >> Talk about the integration aspect because I love the momentum. I get everything makes secure the customers all these environments, integrations are super important to plug into. And then how do I essentially operate you on my side? Do I import the records? How do you connect to my environment in my databases? >> So it's really, really easy when you encrypt the data and use Skyflow wall, we create what is called a format preserving token, which is essentially replacing a social security number with something that looks like an SSN but it's not. So that there's no schema changes involved. You just have to do that one time swap over and then in terms of integrations, most of these integrations are prebuilt. So Snowflake integration is prebuilt. MuleSoft integration is prebuilt. We're going to announce some new ones. So the goal is for off the table in platforms like Snowflake and MuleSoft, we prebuilt all the integrations. You can build your own. It takes about like a day. And then in terms of data import basically it's the same standard process that you would use with any other data store. >> Got to ask you about data breaches. Obviously the numbers in 2021 were huge. We're seeing so much change in the cyber security landscape ransomware becoming a household word, a matter of when but not if... How does Skyflow help organizations protect themselves or reduce the number of breaches so that they are not the next headline? >> You know, the funny thing about breaches is again and again, we see people doing the same mistakes, right? So Equifax had a breach four years ago where a customer portal, you know, no customer support rep should have access to a 100 million people's data. Like is that customer agent really accessing 100 million? But because we've been using legacy security tools they either give you access or don't give you access. And that's not how it's going to work. Because if I'm going to engage with the pharmacy and airline they need to be able to use my data in multiple different places. So you need to have fine grain controls around it. So I think the reason we keep getting breaches is cybersecurity industry is selling, 10s of billions of dollars worth of tools in the name of security but they cannot be applied at a fine grain level enough. I can't say things like for my call center agent that's living in Phoenix, Arizona they can only verify last four digits, but the same call center worker in Philippines can't even see that. So how do you get all that granular control in place? Is really why we keep seeing data breaches. So the Equifax breach, the Shopify breach the Twitter breaches, they're all the same. Like again and again, it's either an inside person or an external person who's gotten in. And once you're in and this is the whole idea of zero trust as you know. Once you're in, you can access all the data. Zero trust means that you don't assume that you actually isolate PII separately. >> A lot of the cybersecurity issues as you were talking about, are people based. Somebody clicking on something or gaining access. And I always talk to security experts about how do you control for the people aspect besides training, awareness, education. Is Skyflow a facilitator of that in a way that we haven't seen before? >> Yeah. So I think what ends up happening is, people even after they have breaches, they will lock down the system that had the breach, but then they have the same data sitting in a partner database, maybe a customer database maybe a billing system. So by centralizing and isolating PII in one system you can then post roles based access control rules. You can put limitations around it. But if you try to do that across hundreds of DS bases, you're just not going to be able to do it because it's basically just literally impossible, so... >> My final question for you is on, for me is you're here at AWS Summits, 10,000 people like I said. More people here than some big events and we're just in New York city. Okay. You actually work with AWS. What's next for you guys as you got the fresh funding, you guys looking for more talent, what's your next mountain you're going to climb? Tell us what's next for the company. Share your vision, put a plug in for the company. >> Well, it's actually very simple. Today we actually announced that we have a new chief revenue officer who's joining us. Tammy, she's joined us from LaunchDarkly which is it grew from like, you know, single digits to like over nine digits in revenue. And the reason she's joining Skyflow is because she sees the same inflection point hitting us. And for us that means more marketing, more sales, more growth in more geographies and more partnerships. And we think there's never been a better time to solve privacy. Literally everything that we deal with even things like rove evade issues eventually ties back into a issue around privacy. >> Lisa: Yes. >> AWS gets the model API, you know, come on, right? That's their model. >> Exactly. So I think if you look at the largest best companies that have been built in the last 20 years they took something that should have been simple but was not. There used to be Avayas of the world, selling Telephony intel, Twilio came and said, look an API. And we are trying to do the same to the entire security compliance and privacy industry is to narrow the problem down and solve it once. >> (indistinct) have it. We're going to get theCube API. (Lisa laughing) That's what we're going to do. All right. >> Thank you so much. >> Awesome. Anshu, thank you for joining us, talking to us about what's new at Skyflow. It sounds like you got that big funding investment. Probably lots of strategic innovation about to happen. So you'll have to come back in a few months and maybe at next reinvent in six months and tell us what's new, what's going on. >> Last theCube interview was very well received. People really like the kind of questions you guys asked. So I love this show and I think... >> It's great when you're a star like you, you got good market, great team, smart. I mean, look at this. I mean, what slow down are we talking about here? >> Yeah. I don't see... >> There is no slow down on the enterprise. >> Privacy's hot and it's incredibly important and we're only going to be seeing more and more of it. >> You can talk to any CIO, CSO, CTO or the board and they will tell you there is no limit to the budget they have for solving the core privacy issues. We love that. >> John: So you want to move on to building? >> Lisa: Obviously that must make you smile. >> John: You solved a big problem. >> Thank you. >> Awesome. Anshu, thank you again. Congrats on the momentum and we'll see you next time and hear more on the evolution of Skyflow. Thank you for your time. >> Thank you. >> For John furrier, I'm Lisa Martin. You're watching theCube live from New York City at AWS Summit NYC 22. We'll be right back with our next guest. So stick around. (upbeat music)

(upbeat music) >> Hello, welcome to theCUBE's special showcase with Unstoppable Domains. I'm John Furrier, your host of theCUBE here in Palo Alto, California. And Matt Gould who's the founder and CEO of Unstoppable Domains. Matt, great to come on. Congratulations on the success of your company, Unstoppable Domains. Thanks for kicking off this showcase. >> Well, thank you, happy to be here. >> So first of all, love the story you've got going on here. Love the approach, very innovative, but you're also on the big Web3 wave, which we know that leads into, metaverse unlimited new ways, people are consuming information, content, applications are being built differently. This is a major wave and it's happening. Some people are trying to squint through the hype versus reality, but you don't have to be a rocket science to realize that it's a cultural shift and a technical shift going on with Web3. So this is kind of what's happening in the market. So give us your take. What's your reaction? You're in the middle of it. You're on this wave. >> Yeah, well, I would say it's a torrent of change that got unleashed just over a decade ago with Bitcoin coming out and giving people the ability to have digital items that they could actually own themselves online. And this is a new thing. And people coming, especially from my generation of millennials, they spend their time online in these digital spaces and they've wanted to be able to own these items and you see it from, you know Gaming and Fortnite and Skins and Warcraft and all these other places. But this is really being enabled by this new crypto technology to just extend to a whole lot more applications, from money, which everyone's familiar with, to NFT projects like Board Apes or CryptoBucks. >> You know, I was listening to your podcast. You guys got a great pod. I think you're on 117 episodes now and growing. You guys do a deep dive, so people watching check out the Unstoppable Podcast. But on the last podcast, Matt, you mentioned some of the older generations like me, I grew up with IP addresses and before the web, they called it information super highway. It wasn't even called the web yet, but IP was generated by the United States Department of Commerce and R&D, that became the internet, the internet became the web. Back then it was just get some web pages up and find what you're looking for. Very analog compared to what's now today, now you mentioned gaming. You mentioned how people are changing. Can you talk about your view of this cultural shift? And we've been talking about the queue for many, many years now, but it's at actually happening now where the expectation of the audience and the users and the people consuming and communicating and bonding in groups, whether it's gaming or communities are expecting new behaviors, new applications, and it's a forcing function. This shift is having now, what's your reaction to that? What's your explanation? >> Yeah, well, I think it just goes back to the shift of people's where are they spending their time? And if you look today, most people spend 50% plus of their time in front of a screen. And that's just a tremendous amount of effort. But if you look at how much of their assets are digital, it's like less than 1% of their portfolio would be some sort of digital asset compared to literally 50% of every day sitting in front of a screen. And simultaneously what's happening is these new technologies are emerging around cryptocurrencies, blockchain systems, ways for you to track digital ownership of things, and then kind of bring that into your different applications. So one of the big things that's happening with Web3 is this concept of data portability, meaning that I can own something on one application and then I could potentially take that with me to several other applications across the internet. And so this is like the emerging digital property rights that are happening right now as we transition from a model in Web2, where you are on a hosted service like Facebook, it's a walled garden, they own and control everything. You are the product, they're mining you for data and they're just selling ads, right? To a system where it's much more open. You can go into these worlds and experiences. You can take things with you and you can leave with them. And most people are doing this with cryptocurrency. Maybe you earn an end-game currency, you can leave and take that to a different game, and you can spend it somewhere else. So the user is now enable to bring their data to the party. Whereas before now, you couldn't really do that. And that data includes their money or that includes their digital items. And so I think that's the big shift that we're seeing and that changes a lot in how applications serve up to users. It's going to change their user experiences for instance. >> I think the script has flipped and you're right on. I agree with you. I think you guys are smart to see it. And I think everyone who's on this wave will see it. Let's get into that because this is happening. People are saying, "I'm done with being mined "and being manipulated by the big Facebook "and the LinkedIns of the world who are using the user." Now, the contract was a free product and you gave up your data, but then it got too far. Now people want to be in charge of their data. They want to broker their data. They want to collect their digital exhaust, maybe collect some things in a game, or maybe do some commerce in an application or marketplace. So these are the new use cases. How does a digital identity architecture work with Unstoppable? How would you guys enabling that? Can you take us through the vision of where you guys came on this because it's unique, you had an NFT and kind of the domain name concept coming together, can you explain? >> Yeah, so we think we approach the problem for if we're going to rebuild the way that people interact online, what are kind of the first primitives that they're going to need in order to make that possible? And we thought that one of the things that you have on every network, like when you log on Twitter, you have a Twitter handle, when you log on Instagram, you have an Instagram handle. It's your name, right? You have that name that's on those applications. And right now what happens is if users get kicked off the platform, they lose a 100% of their followers, right? And they also, in some cases, they can't even directly contact their followers on some of these platforms. There's no way for them to retain this social network. So you have all these influencers, who are today's small businesses, who build up these large, you know profitable, small businesses online, being key opinion leaders to their demographic. And then they could be deplatformed, or they're unable to take this data and move to another platform if that platform raises their fees. You've seen several platforms increase their take rates. You have 10, 20, 30, 40%, and they're getting locked in and they're getting squeezed, right? So we just said, "You know what, "the first thing you're going to want to own "that this is going to be your piece of digital property "is going to be your name across these applications." If you look at every computing network in the history of computing networks, they end up with a naming system. And when we looked back at DNS, you know which came out in the 90s, it was just a way for people to find these webpages much easier instead of mapping these IP addresses. And then we said to ourselves, "What's going to happen in the future?" Is just like everyone has an email address that they use in their Web2 world in order to identify themselves as they log into all these applications. They're going to have an NFT domain in the Web3 world in order to authenticate and bring their data with them across these applications. So we saw a direct correlation there between DNS and what we're doing with NFT domain name systems. And the bigger breakthrough here is that NFT domain systems all of these NFT assets that live on a blockchain. They are owned by users. They're built on these open systems so that multiple applications could read data off of them and that makes them portable. So we were looking for an infrastructure play like a picks and shovels play for the emerging Web3 metaverse. And we thought that names were just something that if we wanted a future to happen, where all 3.5 billion people with cell phones are sending crypto and digital assets back and forth, they're going to need to have a name to make this a lot easier instead of these long IP addresses or hex addresses in the case of crypto. >> Yeah, and also people have multiple wallets too. It's not like there's all kinds of wallet, variations, name verification, you see the link tree is everywhere. You know, that's essentially just an app. I mean, doesn't really do anything. I mean, so you're seeing people trying to figure it out. I got a github handle. I got a LinkedIn handle. I mean, what do you do with it? >> Yeah, and then specific to crypto, there was a very hair on fire use case for people who buy their first Bitcoin. And for those in the audience who haven't done this yet, when you go in and you go into an app and you buy your first Bitcoin or Ethereum or whatever cryptocurrency, and then the first time you try to send it, there's this field where you want to send it and it's this very long hex address. And it looks like an IP address from the 1980s, right? And it's like a bank number and no one's going to use that to send money back and forth to each other. And so just like domain names and the D apps system replace IP addresses, NFT domains on blockchain systems replace hex addresses for sending and receiving cryptocurrency, Bitcoin, Ethereum, whatever. And that's its first use case is it really plugs in there. So when you want to send money to someone, you can just instead of sending money to a large hex address that you have to copy and paste, you could have an error, or you could send it to the wrong place, it's pretty scary. You could send it to johnfurrier.nft. And so we thought that you're just not going to get global adoption without better UX, same thing it worked with .com domains. And this is the same thing for Bitcoin and other crypto. >> It's interesting, look at the Web2 or trend one to two, Web1 went to two, it was all about use, ease of use, right? And making things simpler, clutter, more pages can't find things that was search, that was Google. Since then, has there actually been an advancement? >> Hmm. >> Facebook certainly is not an advancement, they're hoarding all the data. So I think we're broken between that step of a free search to all the resources in the world, to which by the way, they're mining a lot of data too, with the Toolbar and Chrome. But now where's that Web3 crossover? So take us through your vision on digital identity on Web2, Google searching, Facebook's broken, democracy's broken, users aren't in charge to Web3? >> Got it. Well, we can start at Web1. So the way that I think about it is if you go to Web1, it was very simple, just text web pages. So it was just a way for someone to like put up a billboard and here's a piece of information and here's some things that you could read about it, right? And then what happened with Web2, was you started having applications being built that had backend infrastructure to provide services. So if you think about Web2, these are all websites or web portals that have services attached to them, whether that's a social network service or a search engine or whatever. And then as we move to Web3, the new thing that's happening here, is the user is coming onto that experience and they're able to connect in their wallet or their Web3 identity to that app and they can bring their data to the party. So it's kind of like Web1, you just have a static web page, Web2, you have a static webpage with a service, like a server back here, and then Web3, the user can come in and bring their database with them in order to have much better app experiences. So how does that change things? Well, for one, that means that you want data to be portable across apps. So we touched on gaming earlier and maybe if I have an in-game item for one game that I'm playing for a certain company, I can take it across two or three different games. It also impacts money. Money is just digital information. So now I can connect to a bunch of different apps and I can just use cryptocurrency to make those payments across those things instead of having to use a credit card. But then another thing that happens is I can bring unlimited amount of additional information about myself when I plug in my wallet. And as an example, when I plug into Google search, for instance, they could take a look at my wallet that I've connected and they could pull information about me that I enable that I share with them. And this means that I'm going to get a much more personalized experience on these websites and I'm also going to have much more control over my data. There's a lot of people out there right now who are worried about data privacy, especially in places like Europe. And one of the ways to solve that is simply to not store the data and instead have the user bring it with them. >> You know, I've always thought about this and always debated it with Dave a lot and my co-host, does top down governance privacy laws outweigh the organic bottoms up innovation? So what you're getting at here is, "Hey, if you can actually have that solved "(laughing) before it even starts." It was almost as if those services were built for the problem of Web2. >> Yes. >> Not three. >> Right. >> What's your reaction to that? >> I think that is right on the money. And if you look at it as a security, like if I put my security researcher hat on, I think the biggest problem we have with security and privacy on the web today is that we have these large organizations that are collecting so much data on us and they just become these honeypots and there have been huge breaches. Like Equifax, you know a few years back is a big one and this all your credit card data got leaked, right? And all your credit information got leaked. And we just have this model where these big companies silo your data, they create a giant database, which is worth hundreds of millions of dollars, if not billions, to be attack. And then someone eventually is going to hack that in order to pull that information. Well, if instead, and you can look at this at Web3. So for those in the audience who have used, a Web3 application, one of these D app, to trade cryptocurrencies or something, you'll know that when you go there, you actually connect your wall. So when you're working with these web, you connect, you bring your information with you and you connect it. That means that the app has none of that stored, right? So these apps that people are using for crypto trading cryptocurrency on apps or whatever, they have no stored information. So if someone hacks one of these defi exchanges, for instance, there's nothing to steal. And that's because the only time the information is being accessed is when the user is actively using the site. And so as someone who cares about security and privacy, I go, "Wow, that's a much better or data model." And that gives so much more control of user 'cause the user just permissions access to the data only during the time period in which they're interacting with the application. And so I think you're right and like we are very excited to be building these tools, right? Because I see it like if you look at Europe, they basically pass GDPR and then all the companies are going, "We can't comply with that." They keep postponing it or like changing it a little bit and trying to make it easier to comply with. But honestly we just need to switch the data models. So the companies aren't even taking the data and then they're going to be in a much better spot. >> And GDPR is again a nightmare. I think it's the wrong approach. I always said it was screwed up because most companies don't even know where stuff is stored and nevermind how they delete someone's entry in a database. They don't even know what they're collecting. Some at some level they become so complicated. So right on the money there good, good call out. There question for you. Is this then? Okay, so do you decouple the wallet from the ID or are they together and is it going to be a universal wallet? Do you guys see yourselves as universal domains? Take me through the thinking around how you're looking at the wallet and the actual identity of the user, which obviously is important on the identity side, wallet is that just universal or is that going to be coming together? >> Well, I think so. The way that we kind of think about it is that wallets are where people have their financial interactions online. And then identity is much more about, it's kind of like being your passport. So it's like your driver's license for the internet. So these are two kind of separate products we see longer term and actually work together. So, if you have a domain name, it actually is easier to make deposits into your wallet because it's easier to remember to send money to mattgloud.crypto. And that way it's easier for me to receive payments or whatever. And then inside my wallet, I'm going to be doing defi trades or whatever. And that doesn't really have an interaction with names necessarily in order to do those transactions. But then if I want to sign into a website or something, I could connect that with my NFT domain. And I do think that these two things are kind of separate. I think we're going to... Still early, so figuring out exactly how the industry is going to shake out over like a five to 10 year time horizon and maybe a little bit more difficult and we could see some other emerging... What you would consider like cornerstones of the crypto ecosystem. But I do think identity and reputation is one of those. And I also think that your financial applications of defi are going to be another. So those are the two areas where I see it. And just a note on this, when you have a wallet that usually has multiple cryptocurrency addresses, so you're going to have like 50 cryptocurrency addresses in a wallet. You're going to want to have one domain name that links back to all those, because you're just not going to remember those 50 different addresses. So that's how I think that they collaborate and we collaborate with several large wallets as well, like blockchain.com and another 30 plus of these to make it easier for sending out and receiving cryptocurrency. >> So the wallet basically is a D app, the way you look at it, the integrated. >> Yeah. >> Whatever you want, just integrate in. How do I log into decentralized application with my NFT domain name? Because this becomes okay. I got to love the idea, love my identity. I'm an my own NFT. I mean, how this video's going to be an NFT soon. We get on board with the program here, but how do I log into my app? I'm going to have a D app and I got my domain name. Do I have to submit is there benchmarking? Is there approval process? Is there APIs and SDK kind of thinking around it? How are you thinking about dealing with the apps? >> Yeah, so all of the above. And what we're trying to do here is build like an SSO solution, but it's consumer based. So what we've done is adapted some SSO protocols that other people have used, the standard ones, in order to connect that back to an NFT domain in this case. And that way you GET the best of both worlds. So you can use these authorization protocols for data permissioning that are, you know, standard Web2 APIs, but then the permissioning system is actually based on the user-controlled NFT. So they're assigning it that with their private public key pair in order to make those updates. So that allows you to connect into both of these systems. We think that that's how technology typically impacts the world is it's not like you have something that just replaces something overnight. You have an integration of these technologies over time. And we really see these Web3 components and net two domains integrating nicely into regular apps. So as an example in the future, when you log in right now, you see Google off, Facebook off, or you can type in an email address, you could see NFT, Unstoppable Domains or NFT authorization. And you can SSO in to that website. When you go to a website like an e-commerce website, you could share information about yourself, 'cause you've connected your wallet now. So you could say, "Yes, I am a unique individual. "I do live in New York and I just bought a new house." And then when you permission all that information about yourself to that application, you can serve up a new user experience for you. And we think it's going to be very interesting for doing rewards and discounts online for e-commerce specifically in the future because that opens up a whole new market. 'Cause they can ask you questions about yourself and you can deliver that information directly to the app. >> I really think that the gaming market has totally nailed the future use case, which is in game currency, in game end engagement, in game data. And now bringing that to kind of a horizontally scalable like surface areas is huge, right? So, you know, I think that's a huge success on the concept. The question I have to ask you is you getting any pushback from, ICANN, the International Corporation of Naming and Numbers, they got dot everything now.club, 'cause the clubhouse, they got dot, party.live. I mean the real domain name people are over here, Web2, you guys are coming out with the Web3. Where is that connect for people who are not following along the Web3 trend? How do you rationalize the domain angle here? >> Yeah, well, so I would say that NFT domains are what domains on DNS were always meant to be 30 plus years ago. And they just didn't have blockchain systems back in the nineties when they were building these things. So there's no way to make them for individuals. So what happened was for DNS, it actually ended up being business. So if you look at DNS names, there's about 350 million registrations. They're basically all small business. And it's like, 20 to 50 million small businesses who own the majority of these.com or these regular DNS domain names. And that's their focus. NFT domains, because all of a sudden you have the wallet, you have them in your wallet and your crypto wallet, they're actually for individuals. So that market, instead of being for small businesses is actually end users. So instead of being for 20 to 50 million small businesses, we're talking about being useful for three to four billion people who have an internet connection. And so we actually think that the market size for NFT domains is somewhere 50 to a hundred X, the market size for traditional domain names. And then the use cases are going to be much more for individuals on a day to day basis. So it's like people are going to want you on a use them for receiving cryptocurrency or receiving dollars or payments or USCC coin, where they're going to want to use them as identifiers on social networks, where they're going to want to use them for SSO. And they're not going to want to use them as much for things like websites, which is what Web2 is. And if I'm being perfectly honest, if I'm looking out 10 years from now, I think that these traditional domain name systems are going to want to work with and adopt this new NFT technology, 'cause they're going to want to have these features for the domain names. So like in short, I think NFT domain names are domain names with superpowers. This is the next generation of naming systems. And naming systems were always meant to be identity networks. >> Yeah, they hit a glass ceiling. I mean they just can't, they're not built for that. And having people, having their own names, is essentially what decentralization is all about. 'Cause we, what is a company? It's a collection of humans that aren't working in one place, they're decentralized. So then you decentralize the identity and everything's been changed. So completely love it. I think you guys are onto something really huge here. You pretty much laid out what's next for Web3, but you guys are in this state of growth. You've seen people signing up for names. That's great. What are the best practices? What are the steps are people taking? What's the common use case for folks who are putting this to work right now for you guys? Why do you see, what's the progression? >> Yeah, so the thing that we want to solve for people most immediately, is we want to make it easier for sending and receiving crypto payments. And I know that sounds like a niche market, but there's over 200 million people right now who have some form of cryptocurrency, right? And 99.9% of them are still sending crypto using these really long hex addresses. And that market is growing at 60 to 100% year over year. So first we need to get crypto into everybody's pocket and that's going to happen over the next three to five years. Let's call it, if it doubles every year for the next five years, we'll be there. And then we want to make it easier for all those people to send crypto back and forth. And I will admit I'm a big fan of these stable coins and these like... I would say utility focused tokens that are coming out just to make it easier for transferring money from here to Turkey and back or whatever. And that's the really the first step for NFT domain names. But what happens is when you have an NFT domain and that's what you're using to receive payments, and then you realize, oh, I can also use this to log into my favorite apps. It starts building that identity piece. And so we're also building products and services to make it more like your identity. And we think that it's going to build up over time. So instead of like doing an identity network top down where you're like a government or corporation, you say, oh, you have to have ID, here's your password, you have to have it. We're going to do it, bottoms up. We're going to give everyone on the planet and up to you domain name, it's going to give them some utility to make it easier to send, receive cryptocurrency. And we're going to say, "Hey, do you want to verify your Twitter profile?" Yes. Okay, great. You just attach that back. Hey, you want to verify your Reddit? Yes, Instagram? Yes, TikTok, yes. You want to verify your driver's license? Okay, yeah, we can attach that back. And then what happens is you end up building up organically digital identifiers for people using these blockchain naming systems. And once they have that, they're going to just... They're going to be able to share that information and that's going to lead to better experiences online for both commerce, but also just better user experiences in general. >> Every company when they web came along first, everyone pro proved the web once. Oh, it's terrible. A bad idea. Oh, it's so, unreliable, so slow. Hard to find things. Web2, everyone bought a domain name for their company, but then as they added webpages, these premalinks became so long, the webpage address fully qualified, permalink string, they bought keywords. And then that's another layer on top. So you started to see that evolution in the web. Now it's kind of hit ceiling. Here, everyone gets their NFT, they start doing more things. Then it becomes much more of a use case where it's more usable, not just for one thing. So we saw that movie before, so it's like a permalink, permanent. >> Yeah. >> Excellent. >> Yes indeed. I mean, if we're lucky it will be a decentralized bottoms up global identity that appreciates user privacy and allows people to opt in. And that's what we want to build. >> And the gas prices thing that's always come out always an objection here that, I mean, blockchain's perfect for this 'cause it's, imitable, it's written on the chain. All good, totally secure. What about the efficiency? How do you see that evolving real quick? >> Well, so a couple comments on efficiency. First of all, we picked domains as first product to market. 'Cause you need to take a look and see if the technology is capable of handling what you're trying to do and for domain names, you're not updating that every day. So like, if you look at traditional domain names, you only update it a couple times per year. So, the usage for that to set this up and configure it, most people set it up and configure it and then they only have a few changes per year. First of all, the overall you, it's not like a game. >> An IO problem. >> Right, right, right. So that part's good. So we picked a good place to start for going to market. And then the second piece is like, you're really just asking, are computer systems going to get more efficient over time? And if you know, the history of that has always been yes. And I remember the 90s, I had a modem and it was 14 kilobits and then it was 28 and then 56 and then 100. And now I have a hundred megabits up and down. And I look at blockchain systems and I don't know if anyone has a law for this yet, but throughput of blockchains is going up over time and there's going to be continued improvements over this over the next decade. We need them. We're going to use all of it. And you just need to make sure you're planning a business makes sense for the current environment. Just as an example, if you would try to launch Netflix for online streaming in 1990, you would've had a bad time because no one had bandwidth. So yeah, some applications are going to be wait to be a little bit later on in the cycle, but I actually think identity is perfectly fine to go ahead and get off the ground now. >> Yeah, the motivated parties for innovations here, I mean a point cast failed miserably that was like, they tried to stream video over T1 lines, but back in the days, nothing. So again, we've seen those speeds, double, triple in homes right now. Matt, congratulations, great stuff. Final, TikTok moment here. How would you summarize in a short clip, the difference between digital identity and Web2 and Web3. >> In Web2, you don't get to own your own online presidence, and in Web3 you do get to own it. So I think if you were going to simplify it, really Web3 is about ownership and we're excited to give everyone on the planet a chance to own their name and choose when and where and how they want to share information about themselves. >> So now users are in charge. >> Exactly, you got it. >> They're not the product anymore. If you got to be the product you might as well monetize the product, and that's the data. Real quick thoughts just to close out the roll of data and all this, your view. >> We haven't enabled users to own their data online since the beginning of the internet. And we're now starting to do that. It's going to have profound changes for how every application on the planet interacts with their users. >> Awesome stuff, Matt, take a minute to give a plug for the company. How many employees you got? What are you guys looking for for hiring, fundraising? Give a quick commercial for what's going on Unstoppable Domains. >> Yeah, so if you haven't already, check us out at unstoppabledomains.com, we're also on Twitter at Unstoppable web. And we have a wonderful podcast as well that you should check out if you haven't already. And we are just crossed a hundred people. We're growing, three to five hundred percent year over year. We're basically hiring every position across the company right now. So if you're interested in getting into Web3, even if you're coming from a traditional to background, please reach out. We love teaching people about this new world and how you can be a part of it. >> And you're a virtual company. You have a little headquarters or is it all virtual? What's the situation there? >> Yeah, I actually just assumed we are 100% remote and asynchronous and we're currently in five countries across the planet in mostly concentrated in the US and the EU areas. >> I heard a rumor too. Maybe you can confirm or admit or deny this rumor. I heard a rumor that you have mandatory vacation policy. >> This is true. And that's because we are a team of people who like to get things done. But we also know that recovery is an important part of any organization. So if you push too hard, we want to remind people we're on a marathon, right? This is not a sprint. And so we want people to be with us long term, and we do think that this is a 10 year move. And so yeah, do force people. We'll unplug you at the end of the year, if you- >> That's what I was going to ask you. So what's the consequence of, I don't take vacation. >> Yeah, we literally unplug you. (both laughing) >> You won't be able to get into slack. Right, and that's (indistinct). >> Well, when people start having their avatars be their bought and you don't even know what you're unplugging at some point, that's where you guys come in with the NFT saying that that's not the real person, it's not the real human. >> Yeah, exactly. We'll be able to check. >> NFT is great innovation, great use case, Matt congratulations. Thanks for coming on and sharing the story to kick off this showcase with theCUBE. Thanks for sharing all that great insight. Appreciate it. >> Yeah, John had a wonderful time. >> All right, this is theCUBE Unstoppable Domains showcasing. We've got 10 great pieces of content we're dropping all today. Check them out. Stay with us for more coverage. I'm John Furrier with theCUBE. Thanks for watching. (upbeat music)

>>Hello, and welcome to the cubes. Special showcase with unstoppable domains. I'm John furrier, your host of the cube here in Palo Alto, California and Matt Gould, who is the founder and CEO of unstoppable domains. Matt, great to come on. Congratulations on the success of your company on stumbled domains. Thanks for kicking off this showcase. >>Thank you. Happy to be here. So >>Love, first of all, love the story you got going on here. Love the approach, very innovative, but you're also on the big web three wave, which we know where that leads into. Metaverse unlimited new ways. People are consuming information, content applications are being built differently. This is a major wave and it's happening. Some people are trying to squint through the hype versus reality, but you don't have to be a rocket science to realize that it's a cultural shift and a technical shift going on with web three. So this is kind of the what's happening in the market. So give us your take. What's your reaction? You're in the middle of it. You're on this wave. >>Yeah. Well, I would say it's a torrent of change and the get unleashed just over a decade ago with Bitcoin coming out and giving people the ability to have a digital items that they could actually own themselves online. And this is a new thing. And people coming, especially from my generation of millennials, they spend their time online in these digital spaces and they've wanted to be able to own these items. Do you see it from, you know, gaming and Fortnite and skins and Warcraft and all these other places, but this is really being enabled by this new crypto technology to just extend a whole lot more, uh, applications for money, which everyone's familiar with, uh, to, uh, NFT projects, uh, like boarding school. >>You know, I was listening to your podcast. You guys got a great pot. I think you're on a 117 episodes now and growing, you guys do a deep dive. So people watching check out the unstoppable podcast, but in the last podcast, man, you mentioned, you know, some of the older generations like me, I grew up with IP addresses and before the web, they called it information super highway. It wasn't even called the web yet. Um, but IP was, was generated by the United States department of commerce and R and D that became the internet. The internet became the web back then it was just get some webpages up and find what you're looking for. Right. Very analog compared to what's. Now, today, now you mentioned gaming, you mentioned, uh, how people are changing. Can you talk about your view of this cultural shift? And we've been talking about in the queue for many, many years now, but it's actually happening now where the expectation of the audience and the users and the people consuming and communicating and bonding and groups, whether it's gaming or communities are expecting new behaviors, new applications, and it's a forcing function. >>This shift is having now, what's your reaction to that? What's your explanation? >>Yeah, well, I think, uh, it just goes back to the shift of peoples, where are they spending their time? And if you look today, most people spend 50% plus of their time in front of a screen. And that's just a tremendous amount of effort. But if you look at how much, how much of assets are digital, it's like less than 1% of their portfolio would be some sort of digital asset, uh, compared to, you know, literally 50% of every day sitting in front of a screen and simultaneously what's happening is these new technologies are emerging around, uh, cryptocurrencies, blockchain systems, uh, ways for you to track the digital ownership of things, and then kind of bring that into, uh, your different applications. So one of the big things that's happening with web three is this concept of data portability, meaning that I can own something on one application. >>And I could potentially take that with me to several other applications across the internet. And so this is like the emerging digital property rights that are happening right now. As we transitioned from a model in web to where you're on a hosted service, like Facebook, it's a walled garden, they own and control everything. You are the product, you know, they're mining you for data and they're just selling ads, right? So to assist them where it's much more open, you can go into these worlds and experiences. You can take things with you, uh, and you can, you can leave with them. And most people are doing this with cryptocurrency. Maybe you earn an in-game currency, you can leave and take that to a different game and you can spend it somewhere else. Uh, so the user is now enabled to bring their data to the party. Whereas before now you couldn't really do that. And that data includes their money or that includes their digital items. And so I think that's the big shift that we're seeing and that changes a lot and how applications, uh, serve up to user. So it's going to change their user experiences. For instance, >>The flip, the script has flipped and you're right on. I agree with you. I think you guys are smart to see it. And I think everyone who's on this wave will see it. Let's get into that because this is happening. People are saying I'm done with being mined and being manipulated by the big Facebooks and the LinkedIns of the world who were using the user. Now, the contract was a free product and you gave it your data, but then it got too far. Now people want to be in charge of their data. They want to broker their data. They want to collect their digital exhaust, maybe collect some things in a game, or maybe do some commerce in an application or a marketplace. So these are the new use cases. How does the digital identity architecture work with unstoppable? How are you guys enabling that? Could you take us through the vision of where you guys came on this because it's unique in an NFT and kind of the domain name concept coming together? Can you explain? >>Yeah. So, uh, we think we approach the problem for if we're going to rebuild the way that people interact online, uh, what are kind of the first primitives that they're going to need in order to make that possible? And we thought that one of the things that you have on every network, like when you log on Twitter, you have a Twitter handle. When you log on, uh, you know, Instagram, you have an Instagram handle, it's your name, right? You have that name that's that's on those applications. And right now what happens is if users get kicked off the platform, they lose a hundred percent of their followers, right? And theirs. And they also, in some cases, they can't even directly contact their followers on some of these platforms. There's no way for them to retain this social network. So you have all these influencers who are, today's small businesses who build up these large, you know, profitable, small businesses online, uh, you know, being key opinion leaders to their demographic. >>Uh, and then they could be D platform, or they're unable to take this data and move to another platform. If that platform raised their fees, you've seen several platforms, increase their take rates. You have 10, 20, 30, 40%, and they're getting locked in and they're getting squeezed. Right. Uh, so we just said, you know what, the first thing you're going to want to own that this is going to be your piece of digital property. It's going to be your name across these applications. And if you look at every computer network in the history of computing networks, the end up with a naming system, and when we've looked back at DDA desk, which came out in the nineties, uh, it was just a way for people to find these webpages much easier, you know, instead of mapping these IP addresses. Uh, and then we said to ourselves, you know, uh, what's going to happen in the future is just like everyone has an email address that they use in their web two world in order to, uh, identify themselves as they log into all these applications. >>They're going to have an NFT domain in the web three world in order to authenticate and, and, uh, bring their data with them across these applications. So we saw a direct correlation there between DNS and what we're doing with NFT domain name systems. Um, and the bigger breakthrough here is at NMT domain systems or these NFT assets that live on a blockchain. They are owned by users to build on these open systems so that multiple applications could read data off of them. And that makes them portable. So we were looking for an infrastructure play like a picks and shovels play for the emerging web three metaverse. Uh, and we thought that names were just something that if we wanted a future to happen, where all 3.5 billion people, you know, with cell phones are sending crypto and digital assets back and forth, they're gonna need to have a name to make this a lot easier instead of, you know, these long IP addresses or a hex addresses in the case of Porto. >>So people have multiple wallets too. It's not like there's all kinds of wallet, variations, name, verification, you see link trees everywhere. You know, that's essentially just an app and it doesn't really do anything. I mean, so you're seeing people kind of trying to figure it out. I mean, you've got to get up, Angela got a LinkedIn handle. I mean, what do you do with it? >>Yeah. And, and then specific to crypto, there was a very hair on fire use case for people who buy their first Bitcoin. And for those in the audience who haven't done this yet, when you go in and you go into an app, you buy your first Bitcoin or Ethereum or whatever cryptocurrency. And then the first time you try to send it, there's this, there's this field where you want to send it. And it's this very long text address. And it looks like an IP address from the 1980s, right? And it's, it's like a bank number and no one's going to use that to send money back and forth to each other. And so just like domain names and the DNS system replace IP addresses in Ft domains, uh, on blockchain systems, replace hex addresses for sending and receiving, you know, cryptocurrency, Bitcoin, Ethereum, whatever. And that's its first use case is it really plugs in there. So when you want to send money to someone, you can just, instead of sending money to a large hex address that you have to copy and paste, you can have an error or you can send it to the wrong place. It's pretty scary. You could send it to John furrier dot, uh, NFT. And uh, so we thought that you're just not going to get global adoption without better UX, same thing. It worked with the.com domains. And this is the same thing for the coin and other >>Crypto. It's interesting to look at the web two or trend one to two web one went to two. It was all about user ease of use, right? And making things simpler. Clutter, you have more pages. You can't find things that was search that was Google since then. Has there actually been an advancement? Facebook certainly is not an advancement. They're hoarding all the data. So I think we're broken between that step of, you know, a free search to all the resources in the world, to which, by the way, they're mining a lot of data too, with the toolbar and Chrome. But now where's that web three crossover. So take us through your vision on digital identity on web to Google searching, Facebook's broken democracy is broken users. Aren't in charge to web three. >>Got it. Well, we can start at web one. So the way that I think about it is if you go to web one, it was very simple, just text web pages. So it was just a way for someone to like put up a billboard and here's a piece of information and here's some things that you could read about it. Right. Uh, and then what happened with web two was you started having applications being built that had backend infrastructure to provide services. So if you think about web two, these are all, you know, these are websites or web portals that have services attached to them, whether that's a social network service or search engine or whatever. And then as we moved to web three, the new thing that's happening here is the user is coming on to that experience. And they're able to connect in their wallet or their web three identity, uh, to that app and they can bring their data to the party. >>So it's kind of like web one, you just have a static web page whip, two, you have a static web page with a service, like a server back here. And then with three, the user can come in and bring their database with them, uh, in order to have much better app experiences. So how does that change things? Well, for one, that means that the, you want data to be portable across apps. So we've touched on gaming earlier and maybe if I have an end game item for one, a game that I'm playing for a certain company, I can take it across two or three different games. Uh, it also impacts money. Money is just digital information. So now I can connect to a bunch of different apps and I can just use cryptocurrency to make those payments across those things instead of having to use a credit card. >>Uh, but then another thing that happens is I can bring in from, you know, an unlimited amount of additional information about myself. When I plug in my wallet, uh, as an example, when I plug in to Google search, for instance, they could take a look at my wallet that I've connected and they could pull information about me that I enabled that I share with them. And this means that I'm going to get a much more personalized experience on these websites. And I'm also going to have much more control over my data. There's a lot of people out there right now who are worried about data privacy, especially in places like Europe. And one of the ways to solve that is simply to not store the data and instead have the user bring it with them. >>I always thought about this and I always debated it with David laundry. My cohost does top down governance, privacy laws outweigh the organic bottoms up innovation. So what you're getting at here is, Hey, if you can actually have that solved before it even starts, it was almost as if those services were built for the problem of web two. Yes, not three. Write your reaction to that. >>I think that is, uh, right on the money. And, uh, if you look at it as a security, like if I put my security researcher hat on, I think the biggest problem we have with security and privacy on the web today is that we have these large organizations that are collecting so much data on us and they just become these honeypots. And there have been huge, uh, breaches like Equifax, you know, a few years back is a big one and just all your credit card data got leaked, right? And all your, uh, credit information got leaked. And we just have this model where these big companies silo your data. They create a giant database, which is worth hundreds of millions of dollars, if not, billions, to be attacked. And then someone eventually is going to hack that in order to pull that information. Well, if instead, and you can look at this at web three. >>So for those of the audience who have used the web three application, one of these depths, um, you know, trade cryptocurrencies or something, you'll know that when you go there, you actually connect to your wall. So when you're working with these web, you connect, you, you know, you bring your information with you and you connect it. That means that the app has none of that storage, right? So these apps that people are using for crypto trading cryptocurrency on depths or whatever, they have no stored information. So if someone hacks one of these DFI exchanges, for instance, uh, there's nothing to steal. And that's because the only time the information is being accessed is when the users actively using the site. And so as someone who cares about security and privacy, I go, wow, that's a much better data model. And that give so much more control of user because the user just permissions access to the data only during the time period in which they're interacting with the application. Um, and so I think you're right. And like, we are very excited to be building these tools, right? Because I see, like, if you look at Europe, they basically pass GDPR. And then all the companies are going, we can't comply with that and they keep postponing it or like changing a little bit and trying to make it easier to comply with. But honestly we just need to switch the data models. So the companies aren't even taking the data and then they're gonna be in a much better spot. >>The GDPR is again, a nightmare. I think it's the wrong approach. Oh, I said it was screwed up because most companies don't even know where stuff is stored. Nevermind how they delete someone's entering a database. They don't even know what they're collecting. Some at some level it becomes so complicated. So right on the money are good. Good call out there. Question for you. Is this then? Okay. So do you decouple the wallet from the ID or are they together? Uh, and is it going to be a universal wallet? Do you guys see yourselves as universal domains? Take me through the thinking around how you're looking at the wallet and the actual identity of the user, which obviously is super important on the identity side while it, is that just universal or is that going to be coming together? >>Well, I think so. The way that we kind of think about it is that wallets are where people have their financial interactions online. Right. And then identity is much more about, it's kind of like being your passport. So it's like your driver's license for the internet. So these are two kind of separate products we see longer term, uh, and they actually work together. So, you know, like if you have a domain name, it actually is easier to make deposits into your wallet because it's easier to remember to send money to, you know, method, rules dot crypto. And that way it's easier for me to receive payments or whatever. And then inside my wallet, I'm going to be doing defy trades or whatever. And doesn't really have an interaction with names necessarily in order to do those transactions. But then if I want to, uh, you know, sign into a website or something, I could connect that with my NFT domain. >>And I do think that these two things are kind of separate. I think there's, we're gonna still early. So figuring out exactly how the industry is gonna shake out over like a five to 10 year time horizon. And it may be a little bit more difficult and we could see some other emerging, uh, what you would consider like cornerstones of the crypto ecosystem. But I do think identity and reputation is one of those. Uh, and I also think that your financial applications of defy are going to be another. So those are the two areas where I see it. Um, and just to, you know, a note on this, when you have a wallet, it usually has multiple cryptocurrency address. So you're going to have like 50 cryptocurrency addresses in a wallet. Uh, you're going to want to have one domain name that links back to all those, because you're just not going to remember those 50 different addresses. So that's how I think that they collaborate. And we collaborate with several large wallets as well, uh, like blockchain.com, uh, and you know, another 30 plus of these, uh, to make it easier for sending out and receiving cryptocurrency. >>So the wallet, basically as a D app, the way you look at it, you integrate whatever you want, just integrate in. How do I log into decentralized applications with my NFT domain name? Because this becomes okay, I got to love the idea, love my identity. I'm in my own NFT. I mean, hell, this video is going to be an NFT. Soon. We get on board with the program here. Uh, but I do, I log into my app, I'm going to have a D app and I got my domain name. Do I have to submit, is there benchmarking, is there approval process? Is there API APIs and a SDK kind of thinking around it? How do you thinking about dealing with the apps? >>Yeah, so all of the above and what we're trying to, what we're trying to do here is build like an SSO solution. Uh, but that it's consumer based. So, uh, what we've done is adapted some SSL protocols that other people have used the standard ones, uh, in order to connect that back to an NFT domain in this case. And that way you keep the best of both worlds. So you can use these authorization protocols for data permissioning that are standard web to API APIs. Uh, but then the permissioning system is actually based on the user controlled in FTE. So they're assigning that with their private public key pair order to make those updates. Um, so that, that allows you to connect into both of these systems. Uh, we think that that's how technology typically impacts the world is it's not like you have something that just replaces something overnight. >>You have an integration of these technologies over time. Uh, and we really see these three components in MTU domains integrating nicely into regular apps. So as an example in the future, when you log in right now, you see Google or Facebook, or you can type in an email address, you can see not ensemble domains or NFT, uh, authorization, and you can SSO in with that, to that website. When you go to a website like an e-commerce website, you could share information about yourself because you've connected your wallet now. So you could say, yes, I am a unique individual. I do live in New York, uh, and I just bought a new house. Right. And then when you permission all that information about yourself to that application, you can serve up a new user experience for you. Um, and we think it's going to be very interesting for doing rewards and discounts, um, online for e-commerce specifically, uh, in the future, because that opens up a whole new market because they can ask you questions about yourself and you can deliver that information. >>Yeah. I really think that the gaming market has totally nailed the future use case, which is in game currency in game to engagement in game data. And now bringing that, so kind of a horizontally scalable, like surface areas is huge, right? So, you know, I think you're, that's huge success on the concept. The question I have to ask you is, um, you getting any pushback from ICANN, the international corporates have name and numbers. They got dot everything now.club, cause the clubhouse, they got dot, you know, party.live. I mean, so the real domain name people are over here, web too. You guys are coming out with the web three where's that connect for people who are not following along the web three trend. How do they, how do you rationalize the, the domain angle here? >>Yeah, well, uh, so I would say that NFTE domains or what domains on DNS were always meant to be 30 plus years ago and they just didn't have blockchain systems back in the nineties when they were building these things. So there's no way to make them for individuals. So what happened was for DNS, it actually ended up being the business. So if you look at DNS names, there's about 350 million registrations. They're basically all small business. And it's like, you know, 20 to 50 million small businesses, uh, who, uh, own the majority of these, uh, these.com or these regular DNS domain names. And that's their focus NFTE domains because all of a sudden you have the, uh, the Walton, if you have them in your wallet and your crypto wallet, they're actually for individuals. So that market, instead of being for small businesses is actually end-users. So, and instead of being for, you know, 20 to 50 million small businesses, we're talking about being useful for three to 4 billion people who have an internet connection. >>Uh, and so we actually think that the market size we're in a few domains and somewhere 50 to 100 X, the market size for traditional domain names. And then the use cases are going to be much more for, uh, individuals on a day-to-day basis. So it's like people are gonna want you on to use them for receiving cryptocurrency versus receiving dollars or payments or USCC point where they're going to want to use them as identifiers on social networks, where they're going to want to use them for SSO. Uh, and they're not gonna want to use them as much for things like websites, which is what web is. And if I'm being perfectly honest, if I'm looking out 10 years from now, I think that these traditional domain name systems are gonna want to work with and adopt this new NFC technology. Cause they're going to want to have these features for the domain next. So like in short, I think NMT domain names or domain names with superpowers, this is the next generation of, uh, naming systems and naming systems were always meant to be identity networks. >>Yeah. They hit a car, they hit a glass ceiling. I mean, they just can't, they're not built for that. Right. So I mean, and, and having people, having their own names is essentially what decentralization is all about. Cause what does a company, it's a collection of humans that aren't working in one place they're decentralized. So, and then you decentralize the identity and everything's can been changed so completely love it. I think you guys are onto something really huge here. Um, you pretty much laid out what's next for web three, but you guys are in this state of, of growth. You've seen people signing up for names. That's great. What are the, what are the, um, best practices? What are the steps are people taking? What's the common, uh, use case for folks we're putting this to work right now for you guys? Why do you see what's the progression? >>Yeah. So the, the thing that we want to solve for people most immediately is, uh, we want to make it easier for sending and receiving crypto payments. And I, and I know that sounds like a niche market, but there's over 200 million people right now who have some form of cryptocurrency, right? And 99.9% of them are still sending crypto using these really long hex addresses. And that market is growing at 60 to a hundred percent year over year. So, uh, first we need to get crypto into everybody's pocket and that's going to happen over the next three to five years. Let's call it if it doubles every year for the next five years, we'll be there. Uh, and then we want to make it easier for all those people to sit encrypted back and forth. And I, and I will admit I'm a big fan of these stable coins and these like, you know, I would say utility focused, uh, tokens that are coming out just to make it easier for, you know, transferring money from here to Turkey and back or whatever. >>Uh, and that's the really the first step freight FTE domain names. But what happens is when you have an NFTE domain and that's what you're using to receive payments, um, and then you realize, oh, I can also use this to log into my favorite apps. It starts building that identity piece. And so we're also building products and services to make it more like your identity. And we think that it's going to build up over time. So instead of like doing an identity network, top-down where you're like a government or a corporation say, oh, you have to have ID. Here's your password. You have to have it. We're going to do a bottoms up. We're going to give everyone on the planet, NFTE domain name, it's going to give them to the utility to make it easier to send, receive cryptocurrency. They're going to say, Hey, do you want to verify your Twitter profile? Yes. Okay, great. You test that back. Hey, you want to verify your Reddit? Yes. Instagram. Yes. Tik TOK. Yes. You want to verify your driver's license? Okay. Yeah, we can attach that back. Uh, and then what happens is you end up building up organically, uh, digital identifiers for people using these blockchain, uh, naming systems. And once they have that, they're gonna just, they're going to be able to share that information. Uh, and that's gonna lead to better experiences online for, uh, both commerce, but also just better user experiences. >>You know, every company when they web came along, first of all, everyone, poo-pooed the web ones. That was terrible, bad idea. Oh. And so unreliable. So slow, hard to find things. Web two, everyone bought a domain name for their company, but then as they added webpages, these permalinks became so long. The web page address fully qualified, you know, permalink string, they bought keywords. And then that's another layer on top. So you started to see that evolution in the web. Now it's kind of hit a ceiling here. Everyone gets their NFT. They, they started doing more things. Then it becomes much more of a use case where it's more usable, not just for one thing. Um, so we saw that movie before, so it's like a permalink permanent. Yeah. >>Yes. I mean, if we're lucky, it will be a decentralized bottoms up global identity, uh, that appreciates user privacy and allows people to opt in. And that's what we want to build. >>And the gas prices thing that's always coming. That's always an objection here that, I mean, blockchain is perfect for this because it's immutable, it's written on the chain. All good, totally secure. What about the efficiency? How do you see that evolving real quick? >>Well, so a couple of comments on efficiency. Uh, first of all, we picked domains as a first product to market because, you know, as you need to take a look and see if the technology is capable of handling what you're trying to do, uh, and for domain names, you're not updating that every day. Right? So like, if you look at traditional domain names, you only update it a couple of times per year. So, so the usage for that to set this up and configure it, you know, most people set up and configure it and then it'll have a few changes for years. First of all, the overall it's not like a game problem. Right, right, right. So, so that, that part's good. We picked a good place to start for going to market. And then the second piece is like, you're really just asking our computer, system's going to get more efficient over time. >>And if you know, the history of that has always been yes. Uh, and you know, I remember the nineties, I had a modem and it was, you know, whatever, 14 kilobits and then it was 28 and then 56, then 100. And now I have a hundred megabits up and down. Uh, and I look at blockchain systems and I don't know if anyone has a law for this yet, but throughput of blockchains is going up over time. And you know, there's, there's going to be continued improvements over this over the next decade. We need them. We're going to use all of it. Uh, and you just need to make sure you're planning a business makes sense for the current environment. Just as an example, if you had tried to launch Netflix for online streaming in 1990, you would have had a bad time because no one had bandwidth. So yeah. Some applications are going to wait to be a little bit later on in the cycle, but I actually think identity is perfectly fine to go ahead and get off the ground now. >>Yeah. The motivated parties for innovations here, I mean, a point cast failed miserably that was like the, they try to stream video over T1 lines, but back in the days, nothing. So again, we've seen those speeds double, triple on homes right now, Matt. Congratulations. Great stuff. Final tick, tock moment here. How would you summarize short in a short clip? The difference between digital identity in web two and web three, >>Uh, in, in web too, you don't get to own your own online presidents and in web three, you do get to own it. So I think if you were gonna simplify it really web three is about ownership and we're excited to give everyone on the planet a chance to own their name and choose when and where and how they want to share information about themselves. >>So now users are in charge. >>Exactly. >>They're not the product anymore. Going to be the product might as well monetize the product. And that's the data. Um, real quick thoughts just to close out the role of data in all this, your view. >>We haven't enabled users to own their data online since the beginning of the internet. And we're now starting to do that. It's going to have profound changes for how every application on the planet interacts with >>Awesome stuff, man, I take a minute to give a plug for the company. How many employees you got? What do you guys looking for for hiring, um, fundraising, give a quick, a quick commercial for what's going on, on unstoppable domains. Yeah. >>So if you haven't already check us out@ensembledomains.com, we're also on Twitter at unstoppable web, and we have a wonderful podcast as well that you should check out if you haven't already. And, uh, we are just crossed a hundred people. We've, we're growing, you know, three to five, a hundred percent year over year. Uh, we're basically hiring every position across the company right now. So if you're interested in getting into web three, even if you're coming from a traditional web two background, please reach out. Uh, we love teaching people about this new world and how you can be a part of it. >>And you're a virtual company. Do you have a little headquarters or is it all virtual? What's the situation there? >>Yeah, I actually just assumed we were a hundred percent remote and asynchronous and we're currently in five countries across the planet. Uh, mostly concentrated in the U S and EU areas, >>Rumor to maybe you can confirm or admit or deny this rumor. I heard a rumor that you have mandatory vacation policy. >>Uh, this is true. Uh, and that's because we are a team of people who like to get things done. And, but we also know that recovery is an important part of any organizations. So if you push too hard, uh, we want to remind people we're on a marathon, right? This is not a sprint. Uh, and so we want people to be with us term. Uh, we do think that this is a ten-year move. And so yeah. Do force people. We'll unplug you at the end of the year, if you have >>To ask me, so what's the consequence of, I don't think vacation. >>Yeah. We literally unplug it. You won't be able to get it. You won't be able to get into slack. Right. And that's a, that's how we regulate. >>Well, when people start having their avatars be their bot and you don't even know what you're unplugging at some point, that's where you guys come in with the NFD saying that that's not the real person. It's not the real human And FTS. Great innovation, great use case, Matt. Congratulations. Thanks for coming on and sharing the story to kick off this showcase with the cube. Thanks for sharing all that great insight. Appreciate it. >>John had a wonderful time. All right. Just the >>Cube unstoppable domains showcasing. We got great 10 great pieces of content we're dropping all today. Check them out. Stay with us for more coverage on John furrier with cube. Thanks for watching.

>>Welcome everyone to the cubes presentation of the AWS startup showcase open cloud innovations. This is season two episode one of the ongoing series and we're covering exciting and innovative startups from the AWS ecosystem. Today. We're going to focus on the open source community. I'm your host, Dave Vellante. And right now we're going to talk about open source security and mitigating risk in light of a recent discovery of a zero day flaw in log for J a Java logging utility and a related white house executive order that points to the FTC pursuing companies that don't properly secure consumer data as a result of this vulnerability and with me to discuss this critical issue and how to more broadly address software supply chain risk is Don Fisher. Who's the CEO of tide lift. Thank you for coming on the program, Donald. >>Thanks for having me excited to be here. Yeah, pleasure. >>So look, there's a lot of buzz. You open the news, you go to your favorite news site and you see this, you know, a log for J this is an, a project otherwise known as logged for shell. It's this logging tool. My understanding is it's, it's both ubiquitous and very easy to exploit. Maybe you could explain that in a little bit more detail. And how do you think this vulnerability is going to affect things this year? >>Yeah, happy to, happy to dig in a little bit in orient around this. So, you know, just a little definitions to start with. So log for J is a very widely used course component that's been around for quite a while. It's actually an amazing piece of technology log for J is used in practically every serious enterprise Java application over the last 10 going on 20 years. So it's, you know, log for J itself is fantastic. The challenge that organization organizations have been facing relate to a specific security vulnerability that was discovered in log for J and that has been given this sort of brand's name as it happens these days. Folks may remember Heartbleed around the openness to sell vulnerability some years back. This one has been dubbed logged for shell. And the reason why it was given that name is that this is a form of security vulnerability that actually allows attackers. >>You know, if a system is found that hasn't been patched to remediate it, it allows hackers to get full control of a, of a system of a server that has the software running on it, or includes this log for J component. And that means that they can do anything. They can access, you know, private customer data on that system, or really do anything and so-called shell level access. So, you know, that's the sort of definitions of what it is, but the reason why it's important is in the, in the small, you know, this is a open door, right? It's a, if, if organizations haven't patched this, they need to respond to it. But one of the things that's kind of, you know, I think important to recognize here is that this log for J is just one of literally thousands of independently created open source components that flow into the applications that almost every organization built and all of them all software is going to have security vulnerabilities. And so I think that log for J is, has been a catalyst for organizations to say, okay, we've got to solve this specific problem, but we all also have to think ahead about how is this all gonna work. If our software supply chain originates with independent creators across thousands of projects across the internet, how are we going to put a better plan in place to think ahead to the next log for J log for shell style incident? And for sure there will be more >>Okay. So you see this incident as a catalyst to maybe more broadly thinking about how to secure the, the digital supply chain. >>Absolutely. Yeah, it's a, this is proving a point that, you know, a variety of folks have been making for a number of years. Hey, we depend, I mean, honestly these days more than 70% of most applications, most custom applications are comprised of this third party open source code. Project's very similar in origin and governance to log for J that's just reality. It's actually great. That's an amazing thing that the humans collaborating on the internet have caused to be possible that we have this rich comments of open source software to build with, but we also have to be practical about it and say, Hey, how are we going to work together to make sure that that software as much as possible is vetted to ensure that it meets commercial standards, enterprise standards ahead of time. And then when the inevitable issues arise like this incident around the log for J library, that we have a great plan in place to respond to it and to, you know, close the close the door on vulnerabilities when they, when they show up. >>I mean, you know, when you listen to the high level narrative, it's easy to point fingers at organizations, Hey, you're not doing enough now. Of course the U S government has definitely made attempts to emphasize this and, and shore up in, in, in, in, in push people to shore up the software supply chain, they've released an executive order last may, but, but specifically, I mean, it's just a complicated situation. So what steps should organizations really take to make sure that they don't fall prey to these future supply chain attacks, which, you know, are, as you pointed out are inevitable. >>Yeah. I mean, it's, it's a great point that you make that the us federal government has taken proactive steps starting last year, 2021 in the fallout of the solar winds breach, you know, about 12 months ago from the time that we're talking, talking here, the U S government actually was a bit ahead of the game, both in flagging the severity of this, you know, area of concern and also directing organizations on how to respond to it. So the, in May, 2021, the white house issued an executive order on cybersecurity and it S directed federal agencies to undertake a whole bunch of new measures to ensure the security of different aspects of their technology and software supply chain specifically called out open source software as an area where they put, you know, hard requirements around federal agencies when they're acquiring technology. And one of the things that the federal government that the white house cybersecurity executive order directed was that organizations need to start with creating a list of the third-party open source. >>That's flowing into their applications, just that even have a table of contents or an index to start working with. And that's, that's called a, a software bill of materials or S bomb is how some people pronounce that acronym. So th the federal government basically requires federal agencies to now create Nessbaum for their applications to demand a software bill of materials from vendors that are doing business with the government and the strategy there has been to expressly use the purchasing power of the us government to level up industry as a whole, and create the necessary incentives for organizations to, to take this seriously. >>You know, I, I feel like the solar winds hack that you mentioned, of course it was widely affected the government. So we kind of woke them up, but I feel like it was almost like a stuck set Stuxnet moment. Donald were very sophisticated. I mean, for the first time patches that were supposed to be helping us protect, now we have to be careful with them. And you mentioned the, the bill of its software, bill of materials. We have to really inspect that. And so let's get to what you guys do. How do you help organizations deal with this problem and secure their open source software supply chain? >>Yeah, absolutely happy to tell you about, about tide lift and, and how we're looking to help. So, you know, the company, I co-founded the company with a couple of colleagues, all of whom are long-term open source folks. You know, I've been working in around commercializing open source for the last 20 years that companies like red hat and, and a number of others as have my co-founders the opportunity that we saw is that, you know, while there have been vendors for some of the traditional systems level, open source components and stacks like Linux, you know, of course there's red hat and other vendors for Linux, or for Kubernetes, or for some of the databases, you know, there's standalone companies for these logs, for shell style projects, there just hasn't been a vendor for them. And part of it is there's a challenge to cover a really vast territory, a typical enterprise that we inspect has, you know, upwards of 10,000 log for shell log for J like components flowing into their application. >>So how do they get a hand around their hands around that challenge of managing that and ensuring it needs, you know, reasonable commercial standards. That's what tide lifts sets out to do. And we do it through a combination of two elements, both of which are fairly unique in the market. The first of those is a purpose-built software solution that we've created that keeps track of the third-party open source, flowing into your applications, inserts itself into your DevSecOps tool chain, your developer tooling, your application development process. And you can kind of think of it as next to the point in your release process, where you run your unit test to ensure the business logic in the code that your team is writing is accurate and sort of passes tests. We do a inspection to look at the state of the third-party open source packages like Apache log for J that are flowing into your, into your application. >>So there's a software element to it. That's a multi-tenant SAS service. We're excited to be partnered with, with AWS. And one of the reasons why we're here in this venue, talking about how we are making that available jointly with AWS to, to drink customers deploying on AWS platforms. Now, the other piece of the, of our solution is really, really unique. And that's the set of relationships that Tyler has built directly with these independent open source maintainers, the folks behind these open source packages that organizations rely on. And, you know, this is where we sort of have this idea. Somebody is making that software in the first place, right? And so would those folks be interested? Could we create a set of aligned incentives to encourage them, to make sure that that software meets a bunch of enterprise standards and areas around security, like, you know, relating to the log for J vulnerability, but also other complicated parts of open source consumption like licensing and open source license, accuracy, and compatibility, and also maintenance. >>Like if somebody looking after the software going forward. So just trying to basically invite open source creators, to partner with us, to level up their packages through those relationships, we get really, really clean, clear first party data from the folks who create, maintain the software. And we can flow that through the tools that I described so that end organizations can know that they're building with open source components that have been vetted to meet these standards, by the way, there's a really cool side effect of this business model, which is that we pay these open source maintainers to do this work with us. And so now we're creating a new income stream around what previously had been primarily a volunteer activity done for impact in this universe of open source software. We're helping these open source maintainers kind of GoPro on an aspect of what they do around open source. And that means they can spend more time applying more process and tools and methodology to making that open source software even better. And that's good for our customers. And it's good for everyone who relies on open source software, which is really everyone in society these days. That's interesting. I >>Was going to ask you what's their incentive other than doing the right thing. Can you give us an example of, of maybe a example of an open source maintainer that you're working with? >>Yeah. I mean, w we're working with hundreds of open source maintainers and a few of the key open source foundations in different areas across JavaScript, Java PHP, Ruby python.net, and, you know, like examples of categories of projects that we're working with, just to be clear, are things like, you know, web frameworks or parser libraries or logging libraries, like a, you know, log for J and all the other languages, right? Or, you know, time and date manipulation libraries. I mean, they, these are sort of the, you know, kind of core building blocks of applications and individually, they, you know, they may seem like, you know, maybe a minor, a minor thing, but when you multiply them across how many applications these get used in and log for J is a really, really clarifying case for folks to understand this, you know, what can seemingly a small part of your overall application estate can have disproportionate impact on, on your operations? As we saw with many organizations that spent, you know, a weekend or a week, or a large part of the holidays, scrambling to patch and remediate this, a single vulnerability in one of those thousands of packages in that case log. >>Okay, got it. So you have this two, two headed, two vectors that I'm going to call it, your ecosystem, your relationship with these open source maintainers is kind of a, that just didn't happen overnight, and it develop those relationships. And now you get first party data. You monetize that with a software service that is purpose built as the monitor of the probe that actually tracks that third, third party activity. So >>Exactly right. Got it. >>Okay. So a lot of companies, Donald, I mean, this is, like I said before, it's a complicated situation. You know, a lot of people don't have the skillsets to deal with this. And so many companies just kind of stick their head in the sand and, you know, hope for the best, but that's not a great strategy. What are the implications for organizations if they don't really put the tools and processes into place to manage their open source, digital supply chain. >>Yeah. Ignoring the problem is not a viable strategy anymore, you know, and it's just become increasingly clear as these big headline incidents that happened like Heartbleed and solar winds. And now this logged for shell vulnerability. So you can, you can bet on that. Continuing into the future and organizations I think are, are realizing the ones that haven't gotten ahead of this problem are realizing this is a critical issue that they need to address, but they have help, right. You know, the federal government, another action beyond that cybersecurity executive order that was directed at federal agencies early last year, just in the last week or so, the FTC of the U S federal trade commission has made a much more direct warning to private companies and industry saying that, you know, issues like this log for J vulnerability risk exposing private, you know, consumer data. That is one of the express mandates of the FTC is to avoid that the FTC has said that this is, you know, bears on both the federal trade commission act, as well as the Gramm-Leach-Bliley act, which relates to consumer data privacy. >>And the FTC just came right out and said it, they said they cited the $700 million settlements that Equifax was subject to for their data breach that also related to open source component, by the way, that that had not been patched by, by Equifax. And they said the FTC intents to use its full legal authority to pursue companies that failed to take reasonable steps, to protect consumer data from exposure as a result of log for J or similar known vulnerabilities in the future. So the FTC is saying, you know, this is a critical issue for consumer privacy and consumer data. We are going to enforce against companies that do not take reasonable precautions. What are reasonable precautions? I think it's kind of a mosaic of solutions, but I'm glad to say tide lift is contributing a really different and novel solution to the mix that we hope will help organizations contend with this and avoid that kind of enforcement action from FTC or other regulators. >>Well, and the good news is that you can tap a tooling like tide lift in the cloud as a service and you know, much easier today than it was 10 or 15 years ago to, to resolve, or at least begin to demonstrate that you're taking action against this problem. >>Absolutely. There's new challenges. Now I'm moving into a world where we build on a foundation of independently created open source. We need new solutions and new ideas, and that's a, you know, that's part of what we're, we're, we're showing up with from the tide lift angle, but there's many other elements that are going to be necessary to provide the full solution around securing the open source supply chain going forward. >>Well, Donald Fisher of tide lift, thanks so much for coming to the cube and best of luck to your organization. Thanks for the good work that you guys do. >>Thanks, Dave. Really appreciate your partnership on this, getting the word out and yeah, thanks so much for today. >>Very welcome. And you are watching the AWS startup showcase open cloud innovations. Keep it right there for more action on the cube, your leader in enterprise tech coverage.

(bright upbeat music) >> Hello everyone. And we're back at AWS Re:Invent. You're watching theCUBE and we're here, day two. Actually we started Monday night and we got wall-to-wall coverage. We going all the way through Thursday, myself. I'm Dave Volante with the co-host, David Nicholson. Lisa Martin is also here. Of course, John Furrier. Partners, technologists, customers, the whole ecosystem. It's good to be back in the live event. Of course we have hybrid event as well a lot of people watching online. Anshu Sharma is here. He is the co-founder and CEO of Skyflow, new type of privacy company, really interested in this topic. Great to see you. Thanks for coming on. >> Thank you, thanks for bringing me here. >> It's timely, you know. Privacy, security, they're kind of two sides of the same coin. >> Yes. >> Why did you found Skyflow? >> Well, the idea for Skyflow really comes from my background in some ways. I spent my first nine years at Oracle, six years at Salesforce. And whether we were building databases or CRM products, customers would come to us and say, "Hey, you know, I have this very different type of data. It's things like social security numbers, frequent flyer card numbers, card numbers. You know, can you secure it better? Can you help me manage things like GDPR?" And to be honest, there was never a clear answer. There's a lot of technology solutions out there that do one thing at a time, you can walk around the booths here, there's like a hundred companies. And if you use all those hundred things correctly, maybe you could go tell your board that maybe a social security number is not going to be lost anymore. And I was like, "You know, we've simplified everything else. Why is it so hard to protect my social security number? It should be easy. It should be as easy as using Stripe or Twilio." And this idea just never went away and kept coming back till a few years ago, we learned about the Facebook privacy challenges, the Equifax challenges. And I was like, boy, it's the time. It's time to go do it now. >> You started the company in 2019. Right? >> Yes. >> I mean, your timing was pretty good, right? So what are the big sort of Uber trends that you're seeing? Obviously GDPR, the California Consumer Privacy Act. I heard this morning. Did you hear this? That like, if you post a picture on social media now without somebody's permission, you're now violating their privacy. It's like, you can see the smiles on Anshu's face. >> Its like every week, we're like every week, there's a new story that could be like, well, Skyflow. The new story is the question, the answer is Skyflow. But honestly I think what's happened is, the issue is put very simple. You know all we're trying to do is protect people's social security numbers, phone numbers, credit card numbers, things we hold dear. At the same time, it's complex. Like what does it mean to protect your social security number let's say? Does that mean I don't get to use it for filing your taxes? Well, I need your credit card number to process a payment. And we were like, this is just too complicated. Why, how do companies like Apple do it? How do companies like Netflix manage not have as many breaches as my hotel that barely has any data. And the answer is those companies actually have evolved to a completely different architecture, the zero trust data architecture. And that was our inspiration for starting this company. >> Yeah. I mean. How many times have you been asked to give your social security number? And you're like, why? why do you want it? What are you going to do with it? How do you protect it? And they go, "I don't know." >> You know, what's even, my favorite is like, you give your social security number to say TurboTax, how many days of the year do they need to use it? One. How many days of the year do they have it? And the thing is, it's a liability for those CTOs too. >> Yeah right. >> The CTO of Walgreens, the CTO of Intuit. They don't really want that social security number just so they can process your card once a year, or your social security number once a year. It's almost like we're forcing them to hold onto data. And then they have to bear the burden of having these stories. Like, you know, everybody wants to prevent a New York Times story that says, what Robin Hood had a breach, Twitter had a breach. >> So walk us through how Skyflow would address something like that. So take the, you know, take the make a generic version of TurboTax, social security members. There they are right now, they're sitting in a database somewhere. Hopefully there's some security wrapped around it in some way or another. What would you advise a customer like that to do? And what are you actually doing for them? >> So, look, it's very simple. You are not going to put your username passwords in a generic database. You're going to use something like OD Zero or Octa to do it. We're living in a world where we have polyglot data stores. Like there's a key value store. There's a time series database. There is a search database like Elastic. There's a log database like Splunk. But PII data, Somehow we think just fine. If it's in a hundred places and our answer is that we should do the same thing that companies like Apple, Netflix, Google, everybody, does. They take this data. They completely isolate it from the databases. And it gets stored in a custom data store in our case, that would be Skyflow. And essentially we'd give you encrypted tokens back and you can use these encrypted tokens that look like fake social security number. It's called a Format Preserving Encryption. So if you think about all the breakthroughs we've had in homomorphic encryption, on secure elements, like the way your phone works, the credit card number is stored in a secure element. So it's the same idea. There's a secure part of your data stack, which is Skyflow. That basically keeps the data always protected. And because we can compute and search on encrypted data, this is important, everybody can encrypt data at rest. Skyflow is the first company that's come out and said, "Look, you can keep your phone number and social security number, encrypted while I can run an aggregation query." So I can tell you what's the balance of your customer's account balance. And i can run that query without decrypting, a single row of data. The only other company I know that can do that internally is a certain Cupertino based company. >> So think about it. Anybody can walk something up to a certain degree, but allowing frictionless access at the same time. >> While it's encrypted. So how do you make that? Are you, is a strategy to make that a horizontal service? That I can put into my data protection service or my E-commerce service or whatever. >> It's a cloud-based service that runs on AWS and other clouds. We basically given instance just like, you'll get an instance of a post-grad store or you get an API handled to OD Zero. You basically instantiate Skyflow of what gets created. It can be in your AWS environment, dedicated VPC. So it's private to you and then you have a handle and then basically you just start using it. >> So how, how do you, what's the secret sauce? How do you do that? >> The secret source. Well, now that we filed the patents on it, I can reveal the secret sauce. So the holy grail of encryption right now, if you go talk to people at a leading company, is there's something called Fully Homomorphic Encryption. That's fundamentally the foundation on which things like Bitcoin are built actually. But the hard part about Fully Homomorphic Encryption is it works. You can actually do mathematical computations on it without decrypting the data, but it's about a million times slower. >> Yes slower, right. >> So nobody uses it. My insight was that we don't need to do multiplications and additions on phone numbers. You never take my phone number and divide by your social security number. (Dave laughing) These numbers are not numbers, they are data structures. So our insight was if you treat them as specialized data structures, we're all talking about basically about 80 different types of data across the globe. Every human being has an ID, date of birth, height, color of eyes. There's not that many fields. What we can do then is create specialized encryption schemes for each data type. We call this polymorphic data encryption. Poly means multiple. As a result of that, we can actually store the data encrypted and build indexes on it. Since we can index interpret data, it's kind of like, imagine you can run real-time queries on data that's encrypted. Every other data store, When you encrypt the data, it becomes invisible to database. And that's why we had to build this as a full stacked service. Just like the Snowflake guys had to start with the foundation of storage, rethink indexing, and build Snowflake. We did the same thing, except we built it for encrypted indexes Whereas they built it for encrypted, for regular data stores. >> So thinking, if you think about today's tech stack, it's evolving, right? The data protection and security are coming together. Where does this fit? Is it sort of now becoming a fundamental part of the-- >> We think every leading company, whether you're building a new brokerage application or you are the largest bank in the world, and we're talking to some of them right now. They're all going to have an internal service called a PII wall. This wall just like Apple and Google have their own internal walls. You're going to have a wall service in your service oriented architecture, essentially. And it's going to basically be the API. Every other application and database in your company is not going to store my social security number. The SSNs don't belong in 600 databases at a leading bank. They don't belong inside your customer support system. Think about what happened with Robinhood two weeks ago, right? Someone tricked one call center guy into giving the keys up, which is fine happens. But why did the call center guy have access to like a million email addresses? He's never used going to use that. So we think if you isolate the PII, every leading company is going to end up with a PII Wall, as part of their core architecture. Just like today, we have an Alt API, you have a Search API, you have a Logging API, you're going to have a PII API. And that's going to be part of your modern data stack. >> So okay. So this is definitely not a bolt on, right? It's going to be a fundamental company, just like security is, just like backup is. It's now, you got to have it. It's-- >> Yes. I mean, if you think about it, it just logically makes sense. Like you should be isolating this data. You don't keep your money and gold around at home. You put it either in a locker or a bank. I think the same applies for PII. We just haven't done it because companies would pay off a fine for $10,000 or a million dollars. And. >> Yeah. So you've recently raised $45 million to expand your efforts. Obviously that means that people are looking at this and saying there's opportunity, right? What does that look like when you think of growth, where during your go to market strategy at first you're convincing people that it's a good idea to do it. Do you think or hope for, hope one day that there's an inflection point where it's not that people are thinking, you know, let's do this because it's a good idea, but people are like, I have to do this because if I don't, it's irresponsible and I'm going to be penalized for not having it. It becomes something that isn't really a choice. It's something where you just do it. >> So, you know, when we were starting the company, we didn't even have a word to explain what we were trying to do. We would say things like what if there was a cloud service for XYZ. And, but over the last one year, I don't want to take credit for creating this market, but this market has been created in the last year and a half. And you know, we get tons of people, including some of the largest institutions emailing us, saying, "I'm looking to build a PII wall, API service inside my company. Can you tell me why your product meets that need?" And I thought that would take us three to five years to get there. And, you know, we've ended up creating a category, basically just like other companies have. And I think, you know, you don't get, I believe in market permission. You don't get to create a category. The market gives somebody the permission to create a category. Saying, "Look, this makes sense. Something like this should emerge." And if you're there at the right time, like you said. >> Yep. >> You get to take the opportunity. >> So where are you at as a company say for some, some capital is great. When do you scale? >> We're scaling now? So we just doubled our headcount in the last nine to 10 months. We're now 75 people. We think we'll be about 150 to 200 people in the next year. We are hiring across all regions. We just hired a head of Asia pack from segment.com. We just hired our first, you know, lead on international expansion. And in the US, we have an office in Palo Alto. We have an office in Bangalore. We just announced a data residency solution for Europe, data residency solution for India and emerging markets. Because data residency is another one of those things that's just emerging right now. And irrespective of whether you believe in security and privacy. Data residency is one of those things that you are mandated to implement. >> And where are you hiring? Is it combination to go to market? Tell me about your go to market. >> The go to market. We are direct sales organization, but we work with partners. So we haven't announced some of these partnerships, but you're working with some of the companies here who either are large database companies, large security companies. We think there is a win-win relationship between us and some of the partner. >> You're a partner model, partner channel model. >> So, direct sales but partner assisted. >> Yeah. Right. All right. We got to go. Hey, awesome story. Congratulations. Best of luck. >> Very interesting. >> Love to have you back and track the progress. >> Thank you, thank you so much. >> Okay. Thank you for watching theCUBE, the leader in and high-tech coverage. We're at Re-Invent 2021. Be right back (upbeat music)

(gentle music) >> Welcome to the new abnormal. Yes, you know, the pandemic, it did accelerate the shift to digital, but it's also created disorder in our world. I mean, every day it seems that companies are resetting their office reopening playbooks. They're rethinking policies on large gatherings and vaccination mandates. There's an acute labor shortage in many industries, and we're seeing an inventory glutton in certain goods, like bleach and hand sanitizer. Airline schedules and pricing algorithms, they're all unsettled. Is inflation transitory? Is that a real threat to the economy? GDP forecasts are seesawing. In short, the world is out of whack and the need for fast access to quality, trusted and governed data has never been greater. Can coherent data strategies help solve these problems, or will we have to wait for the world to reach some type of natural equilibrium? And how are companies, like Google, helping customers solve these problems in critical industries, like financial services, retail, manufacturing, and other sectors? And with me to share his perspectives on data is a long-time CUBE alum, Bruno Aziza. He's the head of data analytics at Google. Bruno, my friend, great to see you again, welcome. >> Great to see you, thanks for having me, Dave. >> So you heard my little narrative upfront, how do you see this crazy world of data today? >> I think you're right. I think there's a lot going on in the world of data analytics today. I mean, certainly over the last 30 years, we've all tried to just make the life of people better and give them access more readily to the information that they need. But certainly over the last year and half, two years, we've seen an amazing acceleration in digital transformation. And what I think we're seeing is that even after three decades of investment in the data analytics world, you know, the opportunity is still really out wide and is still available for organizations to get value out of their data. I was looking at some of the latest research in the market, and, you know, only 32% of companies are actually able to say that they get tangible, valuable insights out of their data. So after all these years, we still have a lot of opportunity ahead of us, of course, with the democratization of access to data, but also the advent in machine learning and AI, so that people can make better decisions faster than their competitors. >> So do you think that the pandemic has heightened that sort of awareness as they were sort of forced to pivot to digital, that they're maybe not getting enough out of their data strategies? That maybe their whatever, their organization, their technology, their way they were thinking about data was not adequate and didn't allow them to be agile enough? Why do you think that only 32% are getting that type of value? >> I think it's true. I think, one, digital transformation has been accelerated over the last two years. I think, you know, if you look at research the last two years, I've seen almost a decade of digital acceleration, you know, happening. But I also think that we're hitting a particular time where employees are expecting more from their employers in terms of the type of insights that can get. Consumers are now evolving, right? So they want more information. And I think now technology has evolved to a point where it's a lot easier to provision a data cloud environment so you can get more data out to your constituents. So I think the connection of these three things, expectation of employees, expectation of customers to better customer experiences, and, of course, the global environment, has accelerated quite a bit, you know, where the space can go. And for people like me, you know, 20 years ago, nobody really cared about databases and so forth. And now I feel like, you know, everybody's, you know, understands the value that we can get out of it. And we're kind of getting, you know, in the sexy territory, finally, data now is sexy for everyone and there's a lot of interest in the space. >> You and I met, of course, in the early days of Hadoop. And there were many things about Hadoop that were profound and, of course, many things that, you know, just were overly complex, et cetera. And one of the things we saw was this sort of decentralization. We thought that Hadoop was going to send five megabytes of code to petabytes of data. And what happened is everything, you know, came into this centralized repository and that centralized thinking, the data pipeline organization was very centralized. Are you seeing companies rethink that? I mean, has the cloud changed their thinking? You know, especially as the cloud expands to the edge, on-prem, everywhere. How are you seeing organizations rethink their regimes for data? >> Yeah, I think, you know, we've seen over the last three decades kind of the pendulum, right, from really centralizing everything and making the IT organization kind of the center of excellence for data analytics, all the way to now, you know, providing data as a self-service, you know, application for end-users. And I think what we're seeing now is there's a few forces happening. The first one is, of course, multicloud, right? So the world today is clearly multicloud and it's going to be multicloud for many, many years. So I think not only are now people considering their on-prem information, but they're also looking at data across multiple clouds. And so I think that is a huge force for chief data officers to consider is that, you know, you're not going to have data centralized in one place, nicely organized, because sometimes it's going to be a factor of where you want to be as an organization. Maybe you're going to be partnering with other organizations that have data in other clouds. And so you want to have an architecture that is modern and that accommodates this idea of an open cloud. The second problem that we see is this idea around data governance, intelligent data governance, right? So the world of managing data is becoming more complex because, of course, you're now dealing with many different speeds, you're dealing with many different types of data. And so you want to be able to empower people to get access to the information, without necessarily having to move this data, so they can make quick decisions on the data. So this idea of a data fabric is becoming really important. And then the third trend that we see, of course, is this idea around data sharing, right? People are now looking to use their own data to create a data economy around their business. And so the ability to augment their existing data with external data and create data products around it is becoming more and more important to the chief data officers. So it's really interesting we're seeing a switch from, you know, this chief data officer really only worried about governance, to this we're now worried about innovation, while making sure that security and governance is taken care of. You know, we call this freedom within the framework, which is a great challenge, but a great opportunity for many of these data leaders. >> You mentioned several things there. Self-service, multicloud, the governance key, especially if we can federate that governance in a decentralized world. Data fabric is interesting. I was talking to Zhamak Dehghani this weekend on email. She coined the term data mesh. And there seems to be some confusion, data mesh, data fabric. I think Gartner's using the term fabric. I know like NetApp, I think coined that term, which to me is like an infrastructure layer, you know. But what do you mean by data fabric? >> Well, the first thing that I would say is that it's not up to the vendors to define what it is. It really is up to the customer. The problem that we're seeing these customers trying to fix is you have a diversity of data, right? So you have data stored in the data mart, in a data lake, in a data warehouse, and they all have their specific, you know, reasons for being there. And so this idea of a data fabric is that without moving the data, can you, one, govern it intelligently? And, two, can you provide landing zones for people to actually do their work without having to go through the pain of setting up new infrastructure, or moving information left and right, and creating new applications? So it's this idea of basically taking advantage of your existing environment, but also governing it centrally, and also now providing self-service capabilities so people can do their job easily. So, you know, you might call it a data mesh, you might call it a data fabric. You know, the terminology to me, you know, doesn't seem to be the barrier. The issue today is how do we enable, you know, this freedom for customers? Because, you know, I think what we've seen with vendors out there is they're trying to just take the customer down to their paradigms. So if they believe in all the answers need to be in a data warehouse, they're going to guide the customer there. If they believe that, you know, everything needs to be in a data lake, they're going to guide the customer there. What we believe in is this idea of choice. You should be able to do every single use case. And we should be able to enable you to manage it intelligently, both from an access standpoint, as well as a governance standpoint. >> So when you think about those different, and I like that, you're making it somewhat technology agnostic, so whether it's a data warehouse, or a data lake, or a data hub, a data mart, those are nodes within the mesh or the fabric, right? That are discoverable, accessible, I guess, governed. I think that there's got to be some kind of centralized governance edict, but in a federated governance model so you don't have to move the data around. Is that how you're thinking about it? >> Absolutely, you know, in our recent event, in the Data Cloud Summit, we had Equifax. So the gentleman there was the VP of data governance and data fabric. So you can start seeing now these roles, you know, created around this problem. And really when you listen to what they're trying to do, they're trying to provide as much value as they can without changing the habits of their users. I think that's what's key here, is that the minute you start changing habits, force people into paradigms that maybe, you know, are useful for you as a vendor, but not so useful to the customer, you get into the danger zone. So the idea here is how can you provide a broad enough platform, a platform that is deep enough, so the data can be intelligently managed and also distributed and activated at the point of interaction for the end-user, so they can do their job a lot easier? And that's really what we're about, is how do you make data simpler? How do you make, you know, the process of getting to insight a lot more fluid without changing habits necessarily, both on the IT side and the business side? >> I want to get to specifics on what Google is doing, but the last sort of uber-trends I want to ask you about 'cause, again, we've known each other for a long time. We've seen this data world grow up. And you're right, 20, 30 years ago, nobody cared about database. Well, maybe 30 years ago. But 20 years ago, it was a boring market, right now it's like the hottest thing going. But we saw, you know, bromide like data is the new oil. Well, we found out, well, actually data is more valuable than oil 'cause you can use, you know, data in a lot of different places, oil you can use once. And then the term like data as an asset, and you said data sharing. And it brings up the notion that, you know, you don't want to share your assets, but you do want to share your data as long as it can be governed. So we're starting to change the language that we use to describe data and our thinking is changing. And so it says to me that the next 10 years, aren't going to be like the last 10 years. What are your thoughts on that? >> I think you're absolutely right. I think if you look at how companies are maturing their use of data, obviously the first barrier is, "How do I, as a company, make sure that I take advantage of my data as an asset? How do I turn, you know, all this information into a sustainable, competitive advantage, really top of mind for organizations?" The second piece around it is, "How do I create now this innovation flywheel so that I can create value for my customers, and my employees, and my partners?" And then, finally, "How do I use data as the center of a product that I can then further monetize and create further value into my ecosystem?" I think the piece that's been happening that people have not talked a lot about I think, with the cloud, what's come is it's given us the opportunity to think about data as an ecosystem. Now you and I are partnering on insights. You and I are creating assets that might be the combination of your data and my data. Maybe it's an intelligent application on top of that data that now has become an intelligent, rich experience, if you will, that we can either both monetize or that we can drive value from. And so I think, you know, it's just scratching the surface on that. But I think that's where the next 10 years, to your point, are going to be, is that the companies that win with data are going to create products, intelligent products, out of that data. And they're just going to take us to places that, you know, we are not even thinking about right now. >> Yeah, and I think you're right on. That is going to be one of the big differences in the coming years is data as product. And that brings up sort of the line of business, right? I mean the lines of business heads historically have been kind of removed from the data group, that's why I was asking you about the organization before. But let's get into Google. How do you describe Google's strategy, its approach, and why it's unique? >> You know, I think one of the reasons, so I just, you know, started about a year ago, and one of the reasons for why I found, you know, the Google mission interesting, is that it's really rooted at who we are and what we do. If you think about it, we make data simple. That's really what we're about. And we live that value. If you go to google.com today, what's happening? Right, as an end-user, you don't need any training. You're going to type in whatever it is that you're looking for, and then we're going to return to you highly personalized, highly actionable insights to you as a consumer of insights, if you will. And I think that's where the market is going to. Now, you know, making data simple doesn't mean that you have to have simple infrastructure. In fact, you need to be able to handle sophistication at scale. And so simply our differentiation here is how do we go from highly sophisticated world of the internet, disconnected data, changing all the time, vast volume, and a lot of different types of data, to a simple answer that's actionable to the end-user? It's intelligence. And so our differentiation is around that. Our mission is to make data simple and we use intelligence to take the sophistication and provide to you an answer that's highly actionable, highly relevant, highly personalized for you, so you can go on and do your job, 'cause ultimately the majority of people are not in the data business. And so they need to get the information just like you said, as a business user, that's relevant, actionable, timely, so they can go off and, you know, create value for their organization. >> So I don't think anybody would argue that Google, obviously, are data experts, arguably the best in the world. But it's interesting, some of the uniqueness here that I'm hearing in your language. You used the word multicloud, Amazon doesn't, you know, use that term. So that's a differentiation. And you sell a cloud, right? You sell cloud services, but you're talking about multicloud. You sell databases, but, of course, you host other databases, like Snowflake. So where do you fit in all this? Do you see your role, as the head of data analytics, is to sort of be the chef that helps combine all these different capabilities? Or are you sort of trying to help people adopt Google products and services? How should we think about that? >> Yeah, the best way to think about, you know, I spend 60 to 70% of my time with customers. And the best way I can think about our role is to be your innovation partner as an organization. And, you know, whichever is the scenario that you're going to be using, I think you talked about open cloud, I think another uniqueness of Google is that we have a very partner friendly, you know, approach to the business. Because we realized that when you walk into an enterprise or a digital native, and so forth, they already have a lot of assets that they have accumulated over the years. And it might be technology assets, but also might be knowledge, and know-how, right? So we want to be able to be the innovation vendor that enables you to take these assets, put them together, and create simplicity towards the data. You know, ultimately, you can have all types of complexity in the backend. But what we can do the best for you is make that really simple, really integrated, really unified, so you, as a business user, you don't have to worry about, "Where is my data? Do I need to think about moving data from here to there? Are there things that I can do only if the data is formatted that way and this way?" We want to remove all that complexity, just like we do it on google.com, so you can do your job. And so that's our job, and that's the reason for why people come to us, is because they see that we can be their best innovation partner, regardless where the data is and regardless, you know, what part of the stack they're using. >> Well, I want to take an example, because my example, I mean, I don't know Google's portfolio like you do, obviously, but one of the things I hear from customers is, "We're trying to inject as much machine intelligence into our data as possible. We see opportunities to automate." So I look at something like BigQuery, which has a strong affinity in embedded machine learning and machine intelligence, as an example, maybe of that simplification. But maybe you could pick up on that and give us some other concrete examples. >> Yeah, specifically on products, I mean, there are a lot products we can talk about, and certainly BigQuery has tremendous market momentum. You know, and it's really anchored on this idea that, you know, the idea behind BigQuery is that just add data and we'll do the rest, right? So that's kind of the idea where you can start small and you can scale at incredible, you know, volumes without really having to think about tuning it, about creating indexes, and so forth. Also, we think about BigQuery as the place that people start in order to build their ecosystem. That's why we've invested a lot in machine learning. Just a few years ago, we introduced this functionality called BigQuery Machine Learning, or BigQuery ML, if you're familiar with it. And you notice out of the top 100 customers we have, 80% of these customers are using machine learning right out of, you know, BigQuery. So now why is that? Why is it that it's so easy to use machine learning using BigQuery is because it's built in. It was built from the ground up. Instead of thinking about machine learning as an afterthought, or maybe something that only data scientists have access to that you're going to license just for narrow scenarios, we think about you have your data in a warehouse that can scale, that is equally awesome at small volume as very large volume, and we build on top of that. You know, similarly, we just announced our analytics exchange, which is basically the place where you can now build these data analytics assets that we discussed, so you can now build an ecosystem that creates value for end-users. And so BigQuery is really at the center of a lot of that strategy, but it's not unlike any of the other products that we have. We want to make it simple for people to onboard, simple to scale, to really accomplish, you know, whatever success is ahead of them. >> Well, I think ecosystems is another one of those big differences in the coming decade, because you're able to build ecosystems around data, especially if you can share that data, you know, and do so in a governed and secure way. But it leads to my question on industries, and I'm wondering if you see any patterns emerging in industries? And each industry seems to have its own unique disruption scenario. You know, retail obviously has been, you know, disrupted with online commerce. And healthcare with, of course, the pandemic. Financial services, you wonder, "Okay, are traditional banks going to lose control of payment systems?" Manufacturing you see our reliance on China's supply chain in, of course, North America. Are you seeing any patterns in industry as it pertains to data? And what can you share with us in terms of insights there? >> Yeah, we are. And, I mean, you know, there's obviously the industries that are, you know, very data savvy or data hungry. You think about, you know, the telecommunication industry, you think about manufacturing, you think about financial services and retail. I mean, financial services and retailers are particularly interesting, because they're kind of both in the retail business and having to deal with this level of complexity of they have physical locations and they also have a relationship with people online, so they really want to be able to bring these two worlds together. You know, I think, you know, about those scenarios of Carrefour, for instance. It's a large retailer in Europe that has been able to not only to, you know, onboard on our platform and they're using, you know, everything from BigQuery, all the way to Looker, but also now create the data assets that enable them to differentiate within their own industry. And so we see a lot of that happening across pretty much all industries. It's difficult to think about an industry that is not really taking a hard look at their data strategy recently, especially over the last two years, and really thought about how they're creating innovation. We have actually created what we call design patterns, which are basically blueprints for organization to take on. It's free, it's free guidance, it's free datasets and code that can accelerate their building of these innovative solutions. So think about the, you know, ability to determine propensity to purchase. Or build, you know, a big trend is recommendation systems. Another one is anomaly detection, and this was great because anomaly detection is a scenario that works in telco, but also in financial services. So we certainly are seeing now companies moving up in their level of maturity, because we're making it easier and simpler for them to assemble these technologies and create, you know, what we call data-rich experiences. >> The last question is how you see the emerging edge, IoT, analytics in that space? You know, a lot of the machine learning or AI today is modeling in the cloud, as you well know. But when you think about a lot of the consumer applications, whether it's voice recognition or, you know, or fingerprinting, et cetera, you're seeing some really interesting use cases that could bleed into the enterprise. And we think about AI inferencing at the edge as really driving a lot of value. How do you see that playing out and what's Google's role there? >> So there's a lot going on in that space. I'll give you just a simple example. Maybe something that's easy for the community to understand is there's still ways that we define certain metrics that are not taking into account what actually is happening in reality. I was just talking to a company whose job is to deliver meals to people. And what they have realized is that in order for them to predict exactly the time it's going to take them from the kitchen to your desk, they have to take into account the fact that distance sometimes it's not just horizontal, it's also vertical. So if you're distributing and you're delivering meals, you know, in Singapore, for instance, high density, you have to understand maybe the data coming from the elevators. So you can determine, "Oh, if you're on the 20th floor, now my distance to you, and my ability to forecast exactly when you're going to get that meal, is going to be different than if you are on the fifth floor. And, particularly, if you're ordering at 11:32, versus if you're ordering at 11:58." And so what's happening here is that as people are developing these intelligent systems, they're now starting to input a lot of information that historically we might not have thought about, but that actually is very relevant to the end-user. And so, you know, how do you do that? Again, and you have to have a platform that enables you to have a large diversity of use cases, and that thinks ahead, if you will, of the problems you might run into. Lots and lots of innovation in this space. I mean, we work with, you know, companies like Ford to, you know, reinvent the connected, you know, cars. We work with companies like Vodafone, 700 use cases, to think about how they're going to deal with what they call their data ocean. You know, I thought you would like this term, because we've gone from data lakes to data oceans. And so there is certainly a ton of innovation and certainly, you know, the chief data officers that I have the opportunity to work with are really not short of ideas. I think what's been happening up until now, they haven't had this kind of single, unified, simple experience that they can use in order to onboard quickly and then enable their people to build great, rich-data applications. >> Yeah, we certainly had fun with that over the years, data lake or data ocean. And thank you for remembering that, Bruno. Always a pleasure seeing you. Thanks so much for your time and sharing your perspectives, and informing us about what Google's up to. Can't wait to have you back. >> Thanks for having me, Dave. >> All right, and thank you for watching, everybody. This is Dave Vellante. Appreciate you watching this CUBE Conversation, and we'll see you next time. (gentle music)

>>From our studios in the heart of Silicon Valley. Palo Alto, California myth is a cute conversation. >>Hello and welcome to the cube studios in Palo Alto, California. For another cube conversation. We go in depth with thought leaders driving innovation across the tech industry. I'm your host, Peter Burris. It's a well known fact of life at this point in time. We're going to the cloud in some manner, way, shape or form. Every business that intends to undertake a digital transformation is going to find themselves in a situation where they are using cloud resources to build new classes of applications and accelerate their opportunities to create new markets that are more profitable. What folks haven't fully internalized yet though is what it means to govern those activities. What does it mean to use data that is in the cloud in a compliant and reliable way? What does it mean to allow rapid innovation while at the same time ensuring that our businesses are not compromised by new classes of risk, new classes of compliance issues as a result of making certain liberties, uh, with how we handle governance. So that's what we're going to talk about today and we've got a great conversation for you. Toby Knapp is a co founder and CTO of day two IQ and Charlie Betts is the principal analyst at Forrester. Toby. Charlie, welcome to the cube theater. All right, so Charlie, I'm going to start with you. I kind of outline the overall nature of the problem, but let's get it very specific. What is the problem that enterprises face today as they try to accelerate their use of technology in a way that doesn't compromise the risk and compliance concerns? >>Well, we are hearing the same story over and over again. Peter, uh, companies are starting on the cloud native journey and perhaps a dev ops journey. You know, there's some similarities there. You know, one leads to the other in many cases and they S they do a proof of concept and they do a pilot and they like the results. But both of those efforts had what from monopoly, we would call it a get out of jail free card. You know, they had a pass to bypass certain regulatory or governance or compliance controls. Now they want to scale it. They want to roll it out across the enterprise and you can't give every team a get out of jail free card. >>Well, let me dig into this because is it that the speed with which we're trying to create new things, is that the key issue? Is it that the new technologies like Coobernetti's lend themselves to new style that doesn't necessarily bring good governance along with it? What is, what are those factors that are driving this problem? >>I think the central factor, Peter, is the movement from stage gated governance to governance of continuous flow. We could unpack this in various ways, but really if you look at so many governance models and people ship them to us and we comb through them and it's getting, you know, doing a lot of out lately, what we see is over and over again, this idea that delivery pauses experts come in from their perspective with a checklist they go through, they check the delivery against the checklist, and then the Greenlight is given to move on. And this is how we've run digital systems for a long time now. But now we're moving towards continuous flow, continuous iteration, >>agile, agile, DevOps, >>dev ops, all the rest. And these methods are well suited to be supported by architectures like Coobernetti's. And there are certain things you can do with automation that are very beneficial in cloud native systems, but you're up against, you know, decades of policy that assume this older model is based on older guidance like ITIL and PIM, Bach and, and COBIT and all the rest. COBIT 2019 is still based on a plan build run model, >>which is not, is not necessarily a bad thing in the grand scheme of things, but it doesn't fit into a month long sprint. >>It doesn't fit. And more and more what we're seeing when I say stage Gates are going away, what we're seeing is that the life cycle becomes internalized to the team. You still plan, build, run. But it's not something that you can put controls >>on at the high level. And so the solution seems to be is that we need to be able to foster this kind of speedy acceleration that encourages the use of agile, uh, leads to a dev ops orientation. And somehow fold good solid governance practices right into the mix. What do you think the, let's take a look at 2025, what's it going to look like? And uh, even if we're not ready for it yet? >>Well, I think you were going to govern a lot more at the level of the outcome. You're going to govern what not how as much, but there are a lot of things that still are essential and just basic solid good practice such as not having 15 different ways or a hundred different ways to configure major pieces of infrastructure. You know, there's a, in the, some of the reports, uh, the state of DevOps report that came out, there was a, uh, a note in there or a finding in there that it was best to let the developers have a lot of choice. And I understand that developer autonomy is very important, but every time a development team chooses a new technology or a new way to configure an ex, an existing technology, that's an expansion of attack surface. And I'm very concerned about that, especially as we see things like Equifax with the, uh, the struts exploit, you know, we, we have to keep our environment secure, well patched up to date. And if you only have one or two ways that things are configured, that means your staff are more likely to do the right thing as opposed to, you know, infinite levels of variation, you know, on a hundred different ways of configuring. Coobernetti's >>well, presumably we don't want the infinite levels of variation to be revealed at the business level and not down at the infrastructure level. I think one of the things that folks mean or folks aren't intending or hope to be able to do with digital business you're alluding to this is creating a digital asset, a software based asset because ultimately it's going to be more integratable, but you lose the opportunity to integrate those things if you're increasing the transaction costs by introducing a plethora of discordant governance models. Is that what you're seeing as well, Toby? >>Absolutely. And I think, uh, you know, some aspects of cloud native that make this problem a lot bigger is actually, you know, cloud native encourages sort of a self service model for infrastructure. And also we're seeing our shift, um, off, uh, power and decision making towards developers, right? So you have developers introducing a lot of these new stacks, often in a very, you know, sort of bottoms up, um, organic way. So very quickly and enterprise finds themselves with, you know, 10, 15 different ways to provision infrastructure to provision communities, clusters. Um, and often, you know, the teams that are in charge of governance aren't even aware of these things, right? Yes. So, uh, I think it starts actually with that and you know, how can we find, uh, this balance of giving developers the flexibility they want, uh, you know, having them leverage the benefits of cloud native, but at the same time making the folks that are in charge of governance, uh, aware of what's going on in, in their enterprise, uh, making them aware of the different stacks that are provisioned. Uh, and then finding the right balance between that flexibility and enforcing governance. Uh, there's ways to do that. Um, you know, there what we see a lot is, is, uh, waste, uh, people building one stack on cloud provider, a different stack on cloud provider B, a third stack, you know, at the edge or in their data center. And so when it comes to patching, security issues, upgrading versions, you know, you, you're doing three, five times the, the amount of work. >>Well, let me ask you a question because we can see that the problem is this explosion in innovation at the digital level, uh, that is running into this, uh, the, the stricture of historical practices. And as a result, people are in running governance. What is it, I mean, if I think about this, it sounds to me like the developer tooling is getting better, faster than the governance tooling. Where are we in the marketplace in terms of thinking about technologies that can improve the productivity on the governance side so that we can bring governance models to the developers so they don't have to make decisions at that level? >>Right. I think where we are in the market is, um, so obviously cloud native and Kubernetes specifically has seen rapid adoption Indiana price, right? And I think, um, you know, the governance and tools are just now catching up. Right? Right. Um, so the typical journey we see is, uh, you know, folks try out Kubernetes, they try out cloud native technologies to have a very good first experience. It's easy. And so they kind of, uh, you know, forget some of the best practices that we've learned over the years for how to secure a production stack, how to make it upgradable, maintainable, how to govern workloads and versions, um, because they'll still, schools just simply didn't exist. Uh, so far we're now seeing these tools emerge. Um, and, and really it's the same approaches that have worked for us in the past for, for running these types of infrastructure. It's, um, you're having a central pane of class for visibility. What versions am I running? Uh, you know, first being aware of what's out there and then you'll centralizing management of these, of these stacks. Um, how do I, you know, lifecycle manage my, my Kubernetes clusters and all the related technologies. Those are the tools that are just now showing up in the market, >>but it's also got to be, I presume that, uh, a degree of, uh, presuming that the tooling itself does bring forward good governance practices into a modern world. If I got that right. >>Yeah, absolutely. I think this is one of the key things that the updated INO team, uh, the infrastructure and operations and our, our view is that these become platform teams. So we've maybe relieved the INO term behind we go with the platform teams. This is one thing that they should be doing is creating reference implementations. You know, the, you know, here's your hello world stack and it's perfectly compliant. Go solve your business problem and leave the undifferentiated heavy lifting to us. You know, and this is I think, uh, going should be a welcome message. Uh, assuming that the stack is providing all the services that the developer expects. >>Well it certainly suggests that there is a reasonable and rational separation of duties and function within a business. So the people that are close to the business of building the function that the business needs are out there doing it. Meanwhile, we've got infrastructure developers that are capable of building a platform that serves as multitude of purposes with the specificity required for each workload and in compliance with the overall organization. >>There's a key message that I want to reinforce with the audience as we think about the future of INO. I, we've been thinking a lot about it at Forester. What is the future of the traditional INO organization? If I say infrastructure that implies application and I'm talking about a stack that doesn't go away, you know, there will always be a stack, a layered architecture. What is being challenged is, when I say operations, that implies dev and I'm talking now about a life cycle. That's what's merging together. And so well, the life cycle becomes something that is held internally within your feature or component team and is no longer a suitable topic of governance. Absolutely. In terms of the layered infrastructure, this is where we, it's still a thing, you know, because yes, we will platform teams, component teams, feature teams facing the business or the end user. >>Well, it's all back to the idea that a resource is a reasonably well bound, but nonetheless with the appropriate separation, uh, of, of function that delivers some business outcome. And that's gonna include both infrastructure at a software level, an application at a software level. So look, we, you spent a lot of time talking to customers about these issues when they come back to you. Uh, where are you seeing successes most obviously and why? >>Yeah, so where we see successes is where, um, you know, organizations, um, figure out a way to give developers what they want, which is in the cloud native spaces. Every development team wants to own their own communities cluster. They want to, it is their sandbox. They want to install their own applications on there. They don't want to talk to different team when they install applications. So how can you give them that while at the same time enforcing the standards that you need to, right? How do you make sure those clusters follow a certain blueprint that have the right access control rules? Um, you know, sensitive information like, like credentials are distributed in the right way. The right versions of workloads are available. Organizations that figure out how to do that, uh, they are successful at this. So the government from a central place, they have um, you know, essential pane of glass. >>Um, you know, like our product commander where they essentially set up blueprints for teams. Um, each individual team can have their own cluster. It gets provisioned with this blueprint. And then from the central place I can say, all right, here is what my production clusters should look like. Right? Here are the secrets that should be available. Here are the access control rules that need to be set. And so you find the right balance that way, right? You can enforce your governance standards while at the same time giving developers their individual clusters that development their staging of production clusters. >>And here's the options and what is an edible option and what is not. Right. Yeah. So it seems to me as if I, I mentioned this earlier, if I think about digital business, it's the opportunity to not only turn process, we're increasingly digitized process, but the real promise also is to then find ways of bringing these things together, integrate the business in response to new opportunities or new, uh, competitive factors or regulatory factors, whatever else it might be, and literally reconfigure the business quickly. That has to be more difficult if we have a wide array of, of governance models and operational principles. Trolley is, you think about customer success, uh, what does it mean for the future to be able to foster innovation with governance so that the whole thing can come together when it needs to come together? >>Well, I think that we need to move to governing again, as I said earlier, governing >>what not. How uh, >>I believe that, uh, you know, teams should be, should be making certain promises and there's a whole idea of the theory that's out there. A guy named Mark Burgess who is, you know, well known in certain certain infrastructure as code circles. So what are the promises that the team makes within the larger construct of the team of teams and is that team being accountable to those promises? And I think this is the basis of some of the new operating models we're seeing like Holacracy and teal. I think we're in very early days of looking at this. But you know, yeah, you will be held accountable for you know, objectives and key results. But how you get there, you have more degrees of freedom and yet at an infrastructure level, this is also bounded by the fact that if this is a solved problem, if this is not interesting to the business, you shouldn't be burning brain power on solving it. You know, and maybe it was interesting, you know, a couple of years ago and there was a need to explore new technologies, but really the effort should be spent solving the customer's problems. Charlie Betts, principal analyst at Forrester, Toby not co founder and CTO of D to IQ. Thanks very much for being on the cube. Thank you. Thank you, Peter, and thank you for joining us for another cube conversation. Once again, I'm Peter Burris. See you next time..