(upbeat music) >> Hello everyone, welcome to the special CUBE presentation of the AWS Partner Showcase season one, episode two. I'm John Furrier, your host of theCUBE. We've got two great guest here. Douglas Ko, Director of product marketing at Cohesity and Sabina Joseph General Manager of AWS, Amazon Web Services. Welcome to the show. >> Thank you for having us. >> Great to see you Sabina and Douglas. Great to see you, congratulations at Cohesity. Loved the shirt, got the colors wearing there on Cohesity, Always good I can't miss your booth at the shows, can't wait to get back in person, but thanks for coming in remotely. I got to say it's super excited to chat with you, appreciate it. >> Yeah, pleasure to be here. >> What are the trends you're seeing in the market when it comes to ransomware threats right now. You guys are in the middle of it right now more than ever. I was hearing more and more about security, cloud scale, cloud refactoring. You guys are in the middle of it. What's the latest trends in ransomware? >> Yeah, I have to say John, it's a pleasure to be here but on the other hand, when you asked me about ransomware, right? The data and the statistics are pretty sobering right now. If we look at what just happened in 2020 to 2021, we saw a tenfold increase in a ransomware attacks. We also saw the prediction of a ransomware attack happening every 11 seconds meaning by the time I finished this sentence there's going to be another company falling victim to ransomware. And it's also expected by 2031 that the global impact of ransomware across businesses will be over $260 billion, right? So, that's huge. And even at Cohesisity, right, what we saw, we did our own survey, and this one actually directly to end users and consumers. And what we found was over 70% of them would reconsider doing business with a company that paid a ransom. So all these things are pretty alarming and pretty big problems that we face today in our industry. >> Yeah, there's so many dimensions to it. I mean, you guys at Cohesity have been doing a while. It's being baked in from day one, security in the cloud and backup recovery, all that is kind of all in one thing now. So to protect against ransomware and other threats is huge Sabina, I got to ask you Amazon's view of ransomware is serious. You guys take it very seriously. What's the posture and specifically, what is AWS doing to protect customers from this threat? >> Yeah, so as Doug mentioned, right, there's no industry that's immune to ransomware attacks. And just as so we all level set, right? What it means is somebody taking control over and locking your data as an individual or as a company, and then demanding a ransom for it, right? According to the NIST, the National Institute of Standards and Technology cybersecurity framework, there are basically five main functions which are needed in order to plan and manage these kind of cybersecurity ransomware attacks. They go across identifying what do you need to protect, actually implementing the things that you need in order to protect yourself, detecting things if there is an attack that's going on, then also responding, how do you get out of this attack? And then bringing things, recovery, right? Bringing things back to where they were before the attack. As we all know, AWS takes security very seriously. We want to make sure that our customer's data is always protected. We have a number of native security solutions, but we are also looking to see how we can work with partners. And this is in fact when in the fall of 2019, the Cohesity CEO, Mohit Aron, myself and a couple of us, we met and we brainstorm, what could we do something that is differentiated in the market? When we built this data management as a service native solution on top of AWS, it's a first of a kind solution, John. It doesn't exist anywhere else in the market, even to even today. And we really focused on using the well architected review, the five pillars of security, reliability, operational excellence, performance, and cost optimization. And we built this differentiated solution together, and it was launched in April, 2020. And then of course from a customer viewpoint, they should use a comprehensive set of solutions. And going back to that security, that cyber security framework that I mentioned, the Cohesity data management as a service solution really falls into that recovery, that last area that I mentioned and solution actually provides, granular management of data, protection of data. Customers can spin up things very quickly and really scale their solution across the globe. And ensure that there is compliance, no matter how many times we do data changes, ads and so on across the world. >> Yeah, Sabina, that's a great point about that because a lot of the ransomware actually got bad actors, but also customers can misconfigure things. They don't follow the best practice. So having that native solutions are super important. So that's a great call out. Douglas, I got to go back to you because you're on the Cohesity side and a the partner of AWS. They have all these best practices that for the good actors, got to pay attention to the best practices and the bad actors also trying to get in creates a two, challenge an opportunity. So how do organizations protect their data against these attacks? And also how do they maintain their best practices? Because that's half the battle too, is the best practices to make sure you're following the guidelines on AWS side, as well as protecting the attacks. What's your thoughts? >> Yeah, absolutely. First and foremost, right? As an organization, you need to understand how ransomware operates and how it's evolved over the years. And when you first look at it, Sabina already mentioned it, they started with consumers, small businesses, attacking their data, right? And some of these, consumers or businesses didn't have any backup. So the first step is just to make sure your data is backed up, but then the criminals kind of went up market, right? They understood that big organizations had big pocket and purses. So they went after them and the larger organizations do have backup and recovery solutions in place. So the criminals knew that they had to go deeper, right? And what they did was they went after the backup systems themselves and went to attack, delete, tamper with those backup systems and make it difficult or impossible to recover. And that really highlighted some solutions is out there that had some vulnerabilities with their data immutability and capabilities around WORM. And those are areas we suggest customers look at, that have immutability and WORM. And more recently again, given the way attacks have happened now is really to add another layer of defense and protection. And that includes, traditionally what we used to call, the 3-2-1 rule. And that basically means, three copies of data on two different sets of media with one piece of that data offsite, right? And in today's world and the cloud, right? That's a great opportunity to kind of modernize your environment. I wish that was all that ransomware guys we're doing right now and the criminals were doing, but unfortunately that's not the case. And what we've seen is over the past two years specifically, we've seen a huge increase in what you would call data theft or data exfiltration. And that essentially is them taking that data, a specific sense of the data and they're threatening to expose it to the dark web or selling it to the highest bidder. So in this situation it's honestly very difficult to manage. And the biggest thing you could do is obviously harden your security systems, but also you need a good understanding about your data, right? Where all that sensitive information is, who has access to it and what are the potential risks of that data being exposed. So that takes another step in terms of leveraging a bunch of technologies to help with that problem set. >> What can businesses do from an architectural standpoint and platform standpoint that you guys see there's key guiding principles around how their mindset should be? What's the examples of other approaches- >> Yeah. >> Approach here? >> No, I think they are both us at Cohesity and I'll speak for Sabina, AWS, we believe in a platform approach. And the reason for that is this a very complicated problem and the more tools and more things you have in there, you add risk of complexity, even potential new attack surfaces that the criminals can go after. So we believe the architecture approach should kind of have some key elements. One is around data resiliency, right? And that again comes from things like data encryption, your own data is encrypted by your own keys, that the data is immutable and has that, right, want to read many or WORM capabilities, so the bad guys can't temper with your data, right? That's just step one. Step two is really understanding and having the right access controls within your environment, right? And that means having multi factor authentication, quorum, meaning having two keys for the closet before you can actually have access to it. But it's got to go beyond there as well too. We got to leverage some newer technologies like AI and machine learning. And that can help you with detection and analysis of both where all your sensitive information is, right? As well as understanding potential anomalies that could signify attack or threat in progress. So, those are all key elements. And the last one of course is I think it takes a village, right? To fight the ransomware war. So we know we can't do it alone so, that's why we partner with people like AWS. That's why we also partner with other people in the security space to ensure you really have a full ecosystem support to manage all those things around that framework. >> That's awesome. Before I get to Sabina, I want to get into the relationship real quick, but I want to come back and highlight what you said about the data management as a service. This is a joint collaboration. This is some of the innovation that Cohesity and AWS are bringing to the market to combat ransomware. Can you elaborate more on that piece 'cause this is important. It's a collaboration that we're going to gather. So it's a partner and you guys were going to take us through what that means for the customer and to you guys. I mean, that's a compelling offering. >> So when we start to work with partners, right? we want to make sure that we are solving a customer problem. That's the whole working backwards from a customer. We are adding something more that the customer could not do. That's why when either my team or me, we start to either work on a new partnership or a new solution, it's always focused on, okay, is this solution enabling our customer to do something that they couldn't do before? And this approach has really helped us, John, in enabling majority of the fortune 500 companies and 90% of the fortune 100 companies use partner solutions successfully. But it's not just focused on innovation and technology, it's also focused on the business side. How are we helping partners grow their business? And we've been scaling our field teams, our AWS sales teams globally. But what we realized is through partner feedback, in fact, that we were not doing a great job in helping our partners close those opportunities and also bring net new opportunities. So in our field, we actually introduced a new role called the ISV Success Manager, ISMs that are embedded in our field to help partners either close existing opportunities, but also bring net new opportunities to them. And then at re:Invent 2020, we also launched the ISB accelerate program, which enables our field teams, the AWS field teams to get incentive to work with our partners. Cohesity, of course, participates in all of these programs and has access to all of these resources. And they've done a great job in leveraging and bringing our field teams together, which has resulted in hundreds of wins for this data management as a service solution that was launched. >> So you're bringing customers to Cohesity. >> Absolutely. >> Okay, I got to get the side. So they're helping you, how's this relationship going? Could you talk about the relationship on the customer side? How's that going? Douglas, what's your take on that? >> Yeah, absolutely. I mean, it's going great. That's why we chose to partner with AWS and to be quite honest, as Sabina mentioned, we really only launched data management and service back in 2020, late 2020. And at that time we launched with just one service then, right, when we first launched with backup as a service. Now about 15 months later, right? We're on the brink of launching four services that are running on AWS cloud. So, without the level of support, both from a go to market standpoint that Sabina mentioned as well as the engineering and the available technology services that are on the AWS Cloud, right? There's no way we would've been able to spin up new services in such a short period of time. >> Is that Fort Knox and Data Govern, those are the services you're talking about Or is that- >> Yeah, so let me walk you through it. Yeah, so we have Cohesity DataProtect, which is our backup as a service solution. And that helps customers back their data to the cloud, on-prem, SaaS, cloud data like AWS, all in a single service and allows you to recover from ransomware, right? But a couple months ago we also announced a couple new services that you're alluding to John. And that is around Fort Knox and DataGovern. And basically Fort Knox, it is basically our SaaS solution for data isolation to a vaulted copy in the AWS cloud. And the goal of that is to really make it very simple for customers, not only to provide data immutability, but also that extra layer of protection by moving that data offsite and keeping it secure and vaulted away from cyber criminals and ransomware. And what we're doing is simplifying the whole process that normally is manual, right? You either do it manually with tapes or you'll manually replicate data to another data center or even to the cloud, but we're providing it as a service model, basically providing a modern 3-2-1 approach, right? For the cloud era. So, that's what's cool about Fort Knox, DataGovern, right? That's also a new service that we announced a few months ago and that really provides data governance and user behavior analytics services that leverages a lot that AI machine learning that everybody's so excited about. But really the application of that is to automate the discovery of sensitive data. So that could be your credit card numbers, healthcare records, a personal information of customers. So understanding where all that data is, is very important because that's the data that the criminals are going to go after and hold you host. So that's kind of step one. And then step two is again, leveraging machine learning, actually looking at how users are accessing and managing that data is also super important because that's going to help you identify potential anomalies, such as people sharing that data externally, which could be a threat. It could be in improper vault permissions, or other suspicious behaviors that could potentially signify data exfiltration or ransomware attack in progress. >> That's some great innovation. You got the data resiliency, of course, the control mechanism, but the AI piece machine learning is awesome. So congratulations on that innovation. Sabina, I'm listening to conversation and hear you talk. And it reminds me of our chat at re:Invent. And the whole theme of the conference was about the innovation and rapid innovations and how companies are refactoring with the cloud and this NextGen kind of journey. This is a fundamental pillar of AWS's rapid innovation concept with your partners. And I won't say it's new, but it's highly accelerated. How are you guys helping partners be with this rapid innovation, 'cause you're seeing benefits can come faster now, Agile is here. What are some of the programs that you're doing? How are you helping customers take advantage of the rapid innovation with the secret sauce of AWS? >> Yeah, so we have a number of leadership principles, John, and one of them, of course, is customer obsession. We are very focused on making sure we are developing things that our customers need. And we look for these very same qualities when we work with partners such as Cohesity. We want to make sure that it's a win-win approach for both sides because that's what will make the partnership durable over time. And this John, our leadership team at AWS, right from our CEO down believes that partners are critical to our success and as partners lean in, we lean in further. And that's why we signed the strategic collaboration agreement with Cohesity in April, 2020, where data management as a service solution was launch as part of that agreement. And for us, we've launched this solution now and as Doug said, what are the next things we could be doing, right? And just to go back a little bit when Cohesity was developing this solution with us, they used a number of our programs. Especially on the technical side, they used our SaaS factory program, which really helped them build this differentiated solution, especially focused around security compliance and cost optimizing the solution. Now that we've launched this solution, just like Doug mentioned, we are now focused on leveraging other services like security, AIML, and also our analytic services. And the reason for that is Cohesity, as we all know, protects, manages this data for the customer, but we want to make sure that the customer is extracting value from this data. That is why we continue to look, what can we do to continue to differentiate this solution in this market. >> That's awesome. You guys did a great job. I got to say, as it gets more scale, there's more needs for this rapid, I won't say prototyping, but rapid innovation and the Cohesity side does was you guys have been always on point on the back and recovery and now with security and the new modern application development, you guys are in the front row seats of all the action. So, I'll give you the final worry what's going on at Cohesity, give an update on what you guys are doing. What's it like over there these days? How's life give a quick plug for Cohesity. >> Yeah, Cohesity is doing great, right? We're always adding folks to the team, on our team, we have a few open racks open both on the marketing side, as well as the technology advocacy side. And of course, some of our other departments too, and engineering and sales and also our partner teams as well, working with AWS partners such as that. So, in our mind, the data delusion and growth is not going to slow down, right? So in this case, I think all tides raises all the boats here and we're glad to be innovative leader in this space and really looking to be really, the new wave of NextGen data management providers out there that leverages things like AI that leverages cybersecurity at the core and has an ecosystem of partners that we're working with, like AWS, that we're building out to help customers better manage their data. >> It's all great. Data is in the mid center of the value proposition. Sabina, great to see you again, thanks for sharing. And Douglas, great to see you too. Thanks for sharing this experience here in theCUBE. >> Thanks, John. >> Okay, this is theCUBE's AWS Partner Showcase special presentation, speeding innovation with AWS. I'm John Furrier your host of theCUBE. Thanks for watching. (upbeat music)

>> Narrator: From around the globe, it's theCube. With digital coverage of AWS re:Invent 2020. Special coverage sponsored by AWS worldwide public sector. >> Hello and welcome to theCube virtual, and our coverage of AWS re:Invent 2020 with special coverage of public sector. We are theCube virtual and I'm your host, Justin Warren, and today I'm joined by two people. We have Jim Richberg the CISO for Public Sector from Fortinet who comes to us from Washington DC. Jim, welcome. >> Thank you. Thank you, Justin. >> And we also have Kenny Holmes. Who's the head of worldwide Public Sector Go-to-market from Fortinet as well. And he comes to us from Chicago in Illinois. Kenny, thanks. >> Yes, thank you. Thank you, Justin. >> Gentlemen, welcome to theCube. Now this year has been pretty dramatic and for a lot of us as I'm sure you're very well aware and it's been a bit of an accelerator for people's interest in public cloud in particular for the public sector. So what have you seen, Kenny? Sorry, Jim, we'll start with you around the federal government's interest in cloud. What have you noticed in their adoption of public cloud and AWS in this year? >> So, we used to joke in the federal government in my 34 years, they'll never let a good crisis go to waste. That you can make an upside out of any situation. And as you noted, Justin this has been a dramatic accelerator to federal government's adoption of cloud. Three quarters of the agencies were already moving in the direction of the cloud and planning to spend roughly $8 billion on it this year. And that was pre COVID. And the pace certainly picked up. We had the guidance that came out of DHS, the interim guidance that facilitated abilities to let these now as of mid-March remote teleworkers connect directly to the cloud without having to connect back through their agency infrastructure. So they issued very quick guidance to say, look you got to get the job done. You got to get it done in the cloud. So they did that as a way to accelerate it in the short term. And then they put out the guidance later this year for a trusted internet connection access which had a use case that was built around again facilitating the ability to say you can connect directly to the cloud with security in that direct line stack. You no longer have to haul your data back to the enterprise edge, to the data center on-premise to then go straight out to the cloud. So the federal government said we will give you the ability to move in the direction of cloud and the agencies have been using this at scale. And that's why roughly half of the federal workforce is now working from home. And many of them are using cloud-based applications and services. So the dramatic impact on the federal government. >> Yeah, we've seen it here in Nate in my home of Australia. The federal government is very keen on that but there's other levels of government as I'm sure we're all aware. Particularly as state and even local governments. So Kenny, maybe you could give us a bit of a flavor for how does local and that more regional government have they been doing it basically the same as federal government or is there something unique to the way that they've had to adapt? >> Well, state and local governments are certainly facing the really the perfect storm of the rising demand and declining resources. The pandemic has certainly driven, a lower tax base and lower revenues. And as a result of that, we've seen adjustments in budgets, et cetera but we're also in a position uniquely where it's also driving digital innovation at the same time. So we're seeing the two of those and they don't necessarily have kind of diabolically opposed if you think about it. So, the two of those are coming together but so they're doing more with less and they're using digital transformation to get there where in the commercial world a lot of folks who've been doing digital transformation for a long time. Now, government is being more forced into doing it. And they're really embracing that from our perspective. So we've seen traditionally security be at the top of their demands from a CIO perspective and their most important initiatives. The now we're seeing digital transformation and more specifically we're seeing cloud, right be a key part of that. So, they've done things initially, obviously moving email and some of those things but today we're seeing an increasing amount of workloads that we're seeing them, move from maybe a previous provider, over to AWS et cetera. So, those are some of the things that we're seeing from our state and local perspective >> To build on Kenny's point. I think the key differentiator Justin, between the federal and the state and local experience has been the resources, the federal government with COVID. The federal government runs a deficit. We've seen the deficit balloon, federal spending is up 17 to 20%, not what it's passed out of the stimulus money but simply what government is spending at the federal level. So we are using cloud at the federal level to do more as Kenny noted, state governments and local governments because they're funded exclusively by taxes they can't run a deficit. They have had to say we need to spend smarter because we can't spend more. We can't even spend as much and oh my goodness we have to deliver more digital services at the same time. So for them it has been a matter of having to eke greater efficiencies out of every dollar which has pointed them in the direction of AWS and the cloud in a different sense. And the federal government that said there's greater efficiencies because we need our remote telework people to get the job done, state government, it's the perfect storm. And if they don't do this they're literally going to have to curtail vital services. >> Yeah and as we've seen the security challenge pretty much is the same everywhere. I mean, there's some variations in exactly one sort of threat you might have as a federal government compared to local but broadly speaking, the malware and ransomware and things of that nature is pretty much just a miasma that we have to wade through. So what does, Fortinet helping with these customers, particularly as they move to as you mentioned, they're moving a lot of things into AWS. So what is Fortinet's role there in helping customers make better use of public cloud? >> So I think one of the things that Fortinet really has brought to this equation is they really are a very broad based cybersecurity provider. The biggest problem that organizations typically have, of course, you know in the cloud, it's misconfiguration by the customer. It's not AWS that's making the mistake 99% plus of the time it's misconfiguration by the customer. So having the ability to say if you know how to do your security in an on-premise environment, and you've got controls, capabilities and settings that you're comfortable with you can migrate those intact if they work for you into your cloud environment. So the fact that we are soup to nuts, that we have things at the edge and offer that same suite of capabilities in AWS allows us to be able to tell, help the users if they've configured it right, not have to go back and start from scratch and say, well, now that I'm in AWS I need to reconfigure other than as you have to do it because it's a different platform, but if you've got the policies in place that are managing security managing risk well for your enterprise carry them forward to a different environment. >> I think Kenny is that a particular opportunity there for local government? As you mentioned that restrained resources means that it's much more difficult for them to correctly configure their environments but also to make this level of change, they have a lot of other responsibilities it's difficult to become cybersecurity experts. Is that where you see Fortinet helping a great deal in more local government. >> Yes it is one of the key areas. The best way you can think of it is the ability to do what Jim was saying in a single pane of glass. And the fact that we can do that. That's something you don't hear a lot about anymore, but Fortinet actually is one of the largest security providers in the world. Has it single pane of glass across, being able to manage your on-prem infrastructure being able to manage whether if someone's migrating away from another cloud over to AWS and being able to look at these holistically it's just a fantastic way for them to be efficient as well as around training and certifications and helping our customers to be able to take advantage of the products without additional costs or other things that I've been throwing down the gauntlet for other providers to say, hey, security shouldn't be something else that they have to invest. They're going to invest in your technology. You should provide them with the training, provide them with security awareness, sobriety with certifications around your product that should be table stakes. >> And we do see a lot of that structure of how to do this and provide that training tends to be the same regardless of where you are. Is that something that we see say to getting defined at federal government level with some of the standards and then that then sort of trickles down into more local government. Kenny, is that something that you see happening at all? Or are we seeing things defined at local government that are actually going back the other way? >> Yeah, well, compliance runs across both. I mean, there's probably more compliance on the federal side that Jim could speak to but there's certainly compliance is always a major factor. And it can't be that just we need to do one-off solutions for a particular compliance issue. It needs to be holistic as we're talking about it. If I have to pick solutions based on what and where they're protecting. And now I have to think about the compliance for those as well. That's yet another thing to think about, I don't see our customers thinking that way. They don't have the skillsets to continue to evolve that way. That's an expanded, use of what they're doing and they just don't have those resources. So they have to be able to do more with less we've talking about, and to be able to take a platform like the fabric that Fortinet it offers it really offers that to them. >> At the federal level I'm not even sure that I would characterize it as compliance and regulatory things that state local government have to do, but the National Institute of Standards and Technology NIST tends to promulgate what are considered best practices. Then your cybersecurity framework has basically been adopted globally modified by certain places. And I did too in different ways, but when NIST comes up with something like zero trust architecture, new standards are understood, the 800 Series. I'm surprised people in local government where we'll talk about 800-53 or 800-207, just like we fed geeks too. So it's really setting best practices and standards that are different from compliance but to build on Kenny's point about resources where I think Kenny has flown the other way from local government up has been in the direction of saying state and local government had been the Canary in the coal mine on saying, you have to migrate to the cloud as a way of doing more with less. So the federal government has been turning the printing press, turning the crank faster and faster that will change, and this is one where can say you're spending smarter by moving in the direction of AWS and in accelerating that growth into the cloud, because my prediction as a former intelligence analyst is probably this time next year, a lot of federal agencies will be having the discussion about how to live in a much tightened budgetary environment because we went through something called sequestration 10 years ago that made for very tight zero sum budgeting. That's going to be a coming attraction and that's going to push federal government even more, so with the saying, I got to get the data off of Graham. I've got to continue to telework, Hey, and look we can follow the best practices of state and local government in this case. >> Well, it certainly sounds like we'll be able to learn from each other and adapt it. It's not going away. We're certainly going to have cybersecurity issues for the foreseeable future, but it sounds like there's a lot of work happening and there is room for happiness about how things are generally going. So, gentlemen, thank you so much for joining us here and please thank you to my guest Jim Richberg and Kenny Holmes from Fortinet. You've been watching theCube virtual and our coverage of AWS re:Invent 2020 with special coverage of the public sector. Make sure you check out all the rest of our coverage on your desktop laptop or phone wherever you might be. I've been your host, Justin Warren. I look forward to seeing you again soon. (soft upbeat music)

>>From the cube studios in Palo Alto in Boston. It's the cube covering the IBM thing brought to you by IBM. Everybody we're back. This is Dave Vellante the cube, and this is our wall-to-wall coverage, IBM's digital thing experienced for 2020. We're really excited to have Jerry Cuomo on. He's the, uh, vice president of blockchain technologies and an IBM fellow and longtime cube alum. Jerry, good to see you again. Thanks for coming on and wish we were face to face, but yeah, this'll do. Good to see you too. Yes, thanks for having me. So we've been talking a lot of and talking to, I've been running a CEO series a, of course, a lot of the interviews around, uh, IBM think are focused on, on COBIT 19. But I wonder if you could start off by just talking a little bit about, you know, blockchain, why blockchain, why now, especially in the context of this pandemic. >>David's, it's as if we've been working out in the gym, but not knowing why we needed to be fixed. And I know now why we need to be fit. You know, blockchain is coming just in time. Mmm. You know, with the trust factor and the preserving privacy factor. Okay. The way we move forward the world is now becoming more digital than ever people working from home. Um, the reliance and online services is, that's critical. our ability to work as a community accompanies companies. The shared data is critical. you know, blockchain brings a magical ingredient and that's the ingredient of trust, you know, in sharing data. Okay. When, if that data and the sources that are providing that data arc okay. From verified and trusted, we're more likely to use that data and you the, any friction that's caused for fear of trepidation that the data is going to be misused. >>Mmm. It goes start to go away. And when that happens, you speed up an exchange and we need speed. Time is of the essence. So blockchain brings a platform for trusted data exchange while preserving privacy. And that provides a foundation. I can do some amazing things in this time of crisis, right? Yeah. And it's, it's not only trust, it's also expediency and you know, cutting out a lot of the red tape. And I want to talk about some of the applications. You're heavily involved in that in the distributed ledger, a project, you know, one of the early leads on that. Um, talk about some of the ways in which you're flying that distributed a ledger. And let's go into some of the examples. So we're, we're really fortunate to be an early adopter blockchain and, and provider of blockchain technology and kind of the fruit of that. >>Um, as I said, it couldn't happen any sooner where we have, Mmm, I would say over a thousand, alright. Users using IBM blockchain, which is powered by the opensource Hyperledger fabric, I'd say over a hundred of those users, um, have reached a level of production networks. you know, it's been great to see some of the proprietors of those networks now repurpose the networks towards hastening the relief of, uh, and one, a couple of examples that stand out, Dave. Mmm. You've seen what's happening to our supply chain. And then I think we got some rebound happening as we speak, but companies all of a sudden woke up one morning and their supply chains were, I'm exhausted. So suppliers, we're out of key goods and the buyers needed very rapidly to expand. They're, the supplier is in their, in their supply chain. there are laws and regulations about what it takes to onboard a new supplier. >>You want to make sure you're not onboarding bad actors. So in IBM for example, we have over 20,000 suppliers to our business and it takes 30 to 40 days who, uh, validate and verify one of those suppliers. We don't have 30 to 45 days, you know, think about you're a healthcare company or a food company. So working with a partner called Jane yard, uh, co-created a network called trust yourself buyer. And we've been able to repurpose, trust your supplier now or companies that are looking, you know, around Kobe 19 to rapidly okay, expand, you know, their, their supply chain. So if you imagine that taking us 45 days or 40 days to onboard a new supplier, okay. Pick, pick a company in our supply chain, Lenovo, that supplier may very well want to go to Lenovo to and provide services to them. Well guess what, it's going to take 40 days, the onboard to Lenovo. >>But if they're part of the trust or supplier network and they've already onboarded to IBM, they're well on their way. You're being visible to all of these other buyers that are part of the IBM network, like Lenovo and many others. And instead of taking 40 days, maybe it only takes five days. All right. So radically, radically, you know, improving the time it takes them. You know, with companies like Ford making ventilators and masks, it will kind of be able to onboard Ford into, you know, health care, uh, companies. But you know, we want to be able to do it with speed. So trust your supplier is a great use of blockchain. Two, expand a buyer and suppliers. Mmm. Exposure. Mmm. And they expand their network to quickly onboard. And you know, with the trust that you get an exchanging data from blockchain with the Mmm provenance, that Hey, this company information was truly vetted by one of the trusted members of the network. >>There's no fee or trepidation that somehow these records were tampered with or, or misused. So that's one example they have of using blockchain. That's a huge, uh, example that you gave because you're right, there are thousands and thousands of companies that are pivoting to making, like you said, ventilators and masks and yeah, they're moving so fast and there's gotta be a trust involved. On the one hand, they're moving fast to try to save their businesses or you know, in the case of Ford, you help save the, the country or the world. On the other hand, you know, there's risks there. So that, that helps. I want to understand me. Pasa basically is, if I understand it, you can privately share, uh, information on folks that are asymptomatic but might be carriers of covert 19. Am I getting that right on? Okay. So me Pasa starts as a project, uh, from a company called has Sarah and their CEO Jonathan Levy. >>And among other things, Jonathan Levy is an amazing, uh, software developer and he's helped us and the community at large, bill, the Hyperledger fabric, uh, blockchain technology, that's part of IBM. Mmm. The power is IBM blockchain. So Jonathan, I have this idea because w what was happening is there were many, many data sources, you know, from the very popular and well known, uh, Johns Hopkins source. And we have information coming from the weather company. There are other governments, um, putting out data. Jonathan had this, this idea of a verified Mmm. Data hub, right? So how do we kind of bring that information together in a hub where a developer can now to get access to not just one feed, but many feeds knowing that both the data is an a normalized format. So that's easy to consume. And like if you're consuming 10 different data sources, you don't have to think about 10 different ways to interact it. >>No kind of normalizing it through a fewer, like maybe one, but also that we really authentically know that this is the world health organization. This is indeed John Hopkins. So we have that trust. So, okay. Yeah. With me, Pasa being I'm a data hub four, uh, information verified information related to the Kronos virus, really laying a foundation now for a new class of applications that can mash up information to create new insights, perhaps applying Mmm. Artificial intelligence machine learning to really look not just at any one of those, uh, data sources, but now look across data sources, um, and start to make some informed decisions. No, I have to say operate with the lights on, uh, and with certainty that the information is correct. So me Pasa is that foundation and we have a call for code happening that IBM is hosting for developers to come out and okay. Bring their best ideas forward and X for exposing me Pasa as a service to the, in this hackathon so that developers can bring some of their best ideas and kind of help those best ideas come alive with me. Me has a resource. >>That's great. So we've got two, we got the supply chain, we just need to share the Pasa. There's the other one then I think we can all relate to is the secure key authentication, >>which I love. >>Uh, maybe you can explain that and talk about the role that blockchain >>we're launching fits, right. So you know, there is people working from home and digital identity verification. It is key. You know, think about it. You're working remotely, you're using tools like zoom. Um, there's a huge spike in calls and online requests from tele-health or government benefits programs. Yeah. So this is all happening. Everything behind the scenes is, yeah. Around that is, is this user who they say they are, is this doctor who they say they are, et cetera. And there are scams and frauds out there. So working with speed, it means working with certainty. and with the verified me networks set out to do a couple of years ago and the beautiful part is, you know, it's ready to go now for this, for this particular usage it's been using. Mmm. Basically think about it as my identity is my identity and I get to lease out information too different institutions to use it for my benefit, not necessarily just for their benefit. >>So it's almost like digital rights management. Like if you put out a digital piece of art or music, you can control the rights. Who gets to use it? What's the terms and conditions, um, on, on your terms? So verified me, um, allows through a mobile app users to invite institutions who represent them, verify them. No. And so I'll allow my department of motor vehicle and my employer, Mmm. Two to verify me, right? Because I want to go back to work sooner. I want to make sure my work environment, um, I'm making this up. I want to make sure my work environment, the people have been tested and vaccinated, but I don't want to necessarily, you know, kind of abuse people's privacy. Right? So I'll opt in, I'll share that information. I'll get my, my doctor and my, uh, department of motor vehicle to say, yes, this is Gary. >>He's from this address. Yes, he has been vaccinated and now I can kind of onboard to services as much quicker whether that service is going through TSA. Do you get on an airplane badging back into my office or you know, signing on to a, you know, telemedicine, a service or government, a benefits program, et cetera. So verify me is using the self, uh, at the station through a mobile application to help speed up the process of knowing that that is truly you and you truly want this service. Uh, and you are also calling the shots as to that. What happens with your information that, you know, it's not spread all over the interweb it's under your control at all time. Right. So I think it's the best of all worlds. The national Institute for standards and technology looked at, verified me. They're like, Oh my gosh, this is like the perfect storm of goodness for identity. >>They actually appointed, yeah, it has a term, it's called triple blind data exchange. It sounds like a magical act. A triple blind data exchange means the requester. Mmm. Doesn't know who the provider is and less know the requester. Um, allows the provider to know, Mmm, the provider doesn't know who the requester requested, doesn't know who the prior provider is that is double-blind. And then the network provider doesn't know either. Right. But somehow across disformed and that's the magic of blockchain. I'm allowing that to happen and with that we can move forward knowing we're sharing information where it matters without the risk of it leaking out to places we don't want to do. So great application of secure key and verified me. Yeah, I love that. Then the whole concept of being able to control your own data. You hear so much today about, you know, testing and in contact tracing using mobile technology to do that. >>But big privacy concerns. I've always felt like, you know, blockchain for so many applications in healthcare or just being able to, as you say, control your own data. I want to better understand the technology behind this. When I think about blockchain, Mmm. I obviously you don't think about it. Cryptography, you've mentioned developers a number of times. There's software engineering. Yeah. Distributed ledger. Um, I mean there's, there's game theory in the, in the, in the cryptocurrency world, we're not talking about that, but there's the confluence of these technologies coming to them. What's the technology underneath these, these applications? Talking about it there, there is an open source, an organization called Hyperledger. It's part of the Linux foundation. They're the gold standard and open source, openly governed, Mmm. Technology you know, early on in 2018 yep. 18, 26. I mean, we got involved, started contributing code and developers. >>Two Hyperledger fabric, which is the industry's first permissioned blockchain technology. Permission meaning members are accountable. So the network versus Bitcoin where members are anonymous and to pass industry Reggie regulations, you can't be anonymous. You have to be accountable. Um, that's not to say that you can't, okay. Work privately, you know, so you're accountable. But transactions in the network, Mmm. Only gets shared with those that have a need, need to know. So that the foundation is Hyperledger fabric. And IBM has a commercial offering called the IBM blockchain platform that embodies that. That kind of is a commercial distribution of Hyperledger fabric plus a set of advanced tools to make it really easy to work with. The open source. All the networks that I talked about are operating their network across the worldwide IBM public cloud. And so cloud technology lays a really big part of blockchain because blockchains are networks. >>Mmm. You know, our technology, IBM blockchain platform runs really well in the IBM wow. But it also allows you to run anywhere, right? Or like to say where it matters most. So you may have companies, I'm running blockchain nodes in the IBM cloud. You may have others running it on their own premises behind their firewall. You might have others running an Amazon and Microsoft Azure. Right. So we use, um, you may have heard of red hat open shift, the container technology so that we can run Mmm. Parts of a blockchain network, I guess they said where they matter most and you get strengthened a blockchain network based on the diversity of the operators. Because if it was all operated by one operator, there would be a chance maybe that there can be some collusion happening. But now if you could run it know across different geographies across the IBM cloud. >>So almost three networks all run on use this technology or run on the IBM cloud. And Dave, one more thing. If you look at these applications, they're just modern application, you know, their mobile front ends, their web portals and all of that kind of, okay. Okay. The blockchain part of these applications, usually it's only 20% of the overall endeavor that companies are going through. The other 80% it's business as usual. I'm building a modern cloud application. So what we're doing in IBM with, but you know, red hat with OpenShift with our cloud packs, which brings various enterprise software across different disciplines, blends and domains like integration, application, data, security. All of those things come together to fill the other 80% the above and beyond blockchain. So these three companies, okay. You know, 99 plus others are building applications as modern cloud applications that leverage this blockchain technology. So you don't have to be a cryptographer or you know, a distributed database expert. It's all, it's all embodied in this code. Mmm. Available on the IBM cloud, 29 cents a CPU hour. It was approximately the price. So it's quite affordable. And you know, that's what we've delivered. >>Well, the thing about that, that last point about the cloud is it law, it allows organizations, enterprises to experiment very cheaply, uh, and so they can get, uh, an MVP out or a proof of concept out very quickly, very cheaply, and then iterate, uh, extremely quickly. That to me is the real benefit, the cloud era and the pricing model. >>I just mentioned, David, as I said it when I started, you know, it's like we were working out in a gym, but we weren't quite sure. We knew why we were, we were so keen on getting fit. And what I see now is this, you know, blossoming of users who are looking at, you know, a new agreement. We thought we understood digital transformation. Mmm. But there's a whole new nice to be digitized right now. You know, we're probably not going to be jumping on planes and trains, uh, working as, as, as more intimately as we were face to face. So the need for new digital applications that link people together. Uh, w we're seeing so many use cases from, um, trade finance to food safety, to proxy voting for stock, know all of these applications that we're kind of moving along at a normal speed. I've been hyper accelerated, uh, because of the crisis we're in. So blockchain no. Couldn't come any sooner. >>Yeah. You know, I want to ask you, as a technologist, uh, you know, I've learned over the years, there's a lot of ways to skin a cat. Um, could you do the types of things that you're talking about without blockchain? Um, I'm, I'm sure there are ways, but, but why is blockchain sort of the right path, >>Dave? Mmm. You can, you can certainly do things with databases. Mmm. But if you want the trust, it's as simple as this. A database traditionally has a single administrator that sets the rules up for when a transaction comes in. Mmm. What it takes to commit that transaction. And if the rules are met, the transactions committed, um, the database administrator has access who commands like delete and update. So at some level you can never be a hundred percent sure that that data was the data that was intended in there. With a blockchain, there's multiple administrators to the ledger. So the ledger is distributed and shared across multiple administrators. When a transaction is submitted, it is first proposed for those administrators, a process of consent happens. And then, and only then when the majority of the group agrees that it's a valid transaction, is it committed? And when it's committed, it's committed in a way that's cryptographically linked two other transactions in the ledger, I'm making it. >>Mmm tamper-proof right. Or very difficult to tamper with. And unlike databases, blockchains are append only so they don't have update and delete. Okay. All right. So if you really want that center of trusted data that is a tested, you know, that has checks and balances across different organizations, um, blockchain is the key to do it, you know? So could you do it in data with a database? Yes. But you have to trust that central organization. And for many applications, that's just fine. All right. But if we want to move quickly, we really want to share systems of record. Mmm. I hear you. Sharing a system of record, you have regulatory obligations, you can say, Oh, sorry, the record was wrong, but it was put in there by, by this other company. Well, they'll say, well, >>okay, >>nice for the other company, but sorry, you're the one in trouble. So with a blockchain, we have to bring assurances that we can't get into that kind of situation, right? So that shared Mmm. Distributed database that is kind of provides this tamper resistant audit log becomes the Colonel cross. And then with the privacy preservation that you get from encryption and privacy techniques, um, like we have like these things, both channels, um, you can transact, um Hm. And be accountable, but also, Mmm. Only share of transactions with those that have a need to know, right? So you get that level of privacy in there. And that combination of trust and privacy is the secret sauce that makes blockchain unique and quite timely for this. So yeah, check it out. I mean, on the IBM cloud, it's effortless. So to get up and running, you know, building a cloud native application with blockchain and you know, if you're used to doing things, um, on other clouds or back at the home base, we have the IBM blockchain software, which you can deploy. Yeah. Open shift anywhere. So we have what you need in a time of need. >>And as a technologist, again, you're being really, I think, honest and careful about the word tamper. You call it tamper resistant. And if I understand it right, that, I mean, obviously you can fish for somebody's credentials. Yeah. That's, you know, that's one thing. But if I understand that, that more than 50% of the peers in the community, it must agree to tamper in order for the system. You tampered with it. And, and that is the beauty of, of blockchain and the brilliance. Okay. >>Okay. Yeah. And, and, and for, um, performance reasons we've created optimizations. Like you can set a consensus policy up because maybe one transaction it's okay just to have a couple people agree and say, Oh, well, you know, out of the a hundred nodes, Mmm. Three agree, it's good enough. Okay. Other, other policies may be more stringent depending on the nature of the data and the transaction, right? So you can tone, you can kind of tune that in based on the class of transaction. And so it's kind of good and that's how we can get performance levels in the, you know, thousand plus. In fact, IBM and RBC, um, recently did, um, a series of performance analysis because RBC said, Hey, can I use this for some of my bank to bank exchanges and we need to support over a thousand transactions per second. They were able, in their use case, there's support over 3000. Transact for a second. Okay. Mmm. You know, that we were very encouraged by that. I'm glad you clarified that because, so essentially you're saying you can risk adjust the policies if you will. >>That's great to know. Mmm. I could go on forever on this topic. Well, we're unfortunately, Jerry, we're well over our time, but I want to thank you for coming back, planning this important topic. Thrilled. IBM has taken a leadership position here, and I think, you know, to your point, this pandemic is just going to, can accelerate a lot of things and blockchain is, but in my view anyway, one of them. Thank you, Dave. Oh, great questions and I really appreciate it. So everyone out there, um, stay safe. Stay healthy. All right. Thank you Jerry, and thank you for watching everybody. This is Dave Volante for the cube. Our coverage of the IBM think digital 2020 event. We'll be right back. Perfect. The short break.

>> Presenter: Live from San Francisco, celebrating 10 years of high tech coverage, it's the Cube. Covering vmworld 2019. Brought to you by vmware and its ecosystem partners. >> So good to have you here with us on the first day of three days of live coverage here in San Francisco as The Cube continues its 10th year of coverage at vmworld 2019. Along with John Troyer, I'm John Walls, glad to have you with us. We're joined now by Bina Hallman who is the vice president of storage at IBM. Bina good to have you with us with this afternoon. >> Thanks for having me. >> You bet. You know, your everyday assignment is keeping so many people up at night and that's how do we defend ourselves, cyber. How do we develop these resilient networks, resilient services. Let's take a step back for a second and try to paint the scope of the problem in terms of what you're seeing at IBM in terms of cyber intrusions, the nature of those attacks and the areas where those are happening. >> I'll tell you from a client industry perspective, right touch on that a little bit. But cyber resiliency, cyber security it's a huge topic. This is something that every business is thinking about, is talking about. It's not just a discussion in the different departments, it's at the C Suite level, the board level. Because if you think about it, cyber crimes as frequent as they are and as impactful as they are, they can really affect the overall company's revenue generation. The cost of recovering from them can be very expensive. >> We're talking about more than just breeches here. Every week we hear ransomware is very interesting, it's very prevalent, it's here. I honestly hear a lot of government small town governments, or state governments, municipal governments maybe because they have reporting requirements. I don't know what goes on underneath in the private sector, but does it seem like that is one things? >> That's right that's right. We hear it in the news a lot. We hear about ransomware quite a bit as data breeches, as other types of things. When you look at some of the analyst statistics and what they say about the frequency of these types of events, and the likelihood of a business getting affected, the likelihood of a business getting affected by a cyber event is 1 in 3. It used to be 1 in 4 a couple years ago, now 1 in 3 over the next two years. Ransomware itself is increasing frequency. I think it was like every 14 seconds there is a ransomware attack somewhere in the world. The cost of this is tremendous. It's in the trillions of dollars. Both from recovering from that attack, the loss in business and revenue generation and actually the impact to the company's reputation. Again, not just ransomware, it's happening in many industries. You talked about government, it's in manufacturing, it's in financial, it's in health, it's in transportation. When you step back and say, how is it so broad, when you think about every organization to some extent is going through some level of transformation. There's digital transformation. They're leveraging capabilities like hybrid multi cloud, having resources on prim, workloads on prim some services in the cloud. They've got team members that are using mobile devices. Some companies depending on their business might have IOT. So when you look at all of those entry points, these are new ways that the bad guys can get into an organization. That creates the scale and complexity, just gets very large. It used to be that you have a backup. The traditional way for business resiliency used to be you do a backup, you have the data on an external system, you restore it if something happened. And then there was the business continuity. You would have a secondary infrastructure that in the case of an accident or some kind of a natural disaster, which didn't happen very often, you would have somewhere, a secondary infrastructure. All of those were designed with the likelihood being very low of happening. Then the recovery times and the disruption to business was somewhat tolerable. These days, with all of the dynamics we're talking about, and the potential areas of entry you need more of an end to end solution. That's a cyber resiliency strategy that is really comprehensive and that's what a lot of the businesses are thinking about today. How do I make sure I have a complete solution and a strategy that allows me to survive through and come up very quickly after an attack happens. I think most people recognize that they're going to get impacted at some point. It's not if, but it's when and when it does how do I quickly recover. >> You said it with the statistic, that 1 in 3 every two years. So my math tells me in six years time, I'm going to get hit by that standard. But it tells me that it's not if, it is when. So in terms of the strategies that companies are adopting, what do you recommend? What do you suggest now? You paint a realistically grim picture that there's so many different avenues, different opportunities and it's hard to put your fingers in all those holes. >> There's a lot happening in this space and I think that, you know, there are different standards, a lot of regulations but one that has been accepted and being leveraged in the US is around a framework and some guidance the NIST organization, National Institute of Standards in Technology. It's a framework that they put in place, a guidance on how do you plan for, how do you detect and then recover from these types of situations. I'll talk about it a little bit, but it's a very good approach. It starts with an organization needs to start by identifying what are some of the critical business services that their business is dependent on. What are they, what are the systems, what are the workloads, what are the applications. They identify and then what's the tolerance level. How quickly do you need to come up. What's the RPO, RTF. Based on that, develop and prioritize a plan. That plan has to be holistic. It involves from the CIO to the CSA, security office to the operations to the business continuity, to the data owners, the line of business. And then in this environment, you've got partners, you've got services you're leveraging. All of that has to be encompassing for those key services that you identify and prioritize as a client that you need up and running. And up and running very quickly. One of the examples of a client, financial institution. They determined they had 300 services they needed up and running within 24 hours in case there was an attack or in case something happened to their data or their environment. That they defined as what their requirement was. Then you go about working with them to do a few things. You identify and then there are other phases around that I can talk about that as well. >> I was going to go over to IBM a little bit in that obviously, you're with IBM and we're talking about storage, people may not realize how integral storage is now in security, but IBM brings to the table a lot more than just storage. >> Absolutely. >> So can you talk a little bit about that portfolio and IBM's approach? >> Sure, so when I talk about the NIST framework and I talk about the identify stage, there's also things around protection, protecting the environment and those services and those systems. The infrastructure, we do a lot in that space. It's around detection. So now that you've got the protection, and protection might include things like having identity management, having access control, just making sure that the applications are at the latest code levels. Often times that's when the vulnerability comes in when you don't have those security patches installed. Data protection and when it comes to that segment, we've got a very rich portfolio of data protection capabilities with our Spectrum Protect offerings. From a protection perspective, going into an encryption, having capabilities where the infrastructure is designed to have multiple types. You can have physical separation, so you can have an air gap, things like tape are ideal for that because it's physically separated. Tiering to the cloud. You can have technologies like write once read many where they're immutable, you can't change those. You can read them but you can't change them. We've done a lot of work in innovation around what we call safeguarded copies. This is making snapshots, but those snapshots are not deletable, they're access controlled, they're read-only. That allows you to very quickly bring up an environment. >> I think people don't realize that, I see some patterns of, sometimes these things hide. They'll be in there and they will be innocuous so you can't just restore the last backup. >> That's right. >> They may try to rewrite the backup so you may have to go back and find a good one. >> Absolutely, and detection is very important. Detecting that as early as possible is the best way to reduce the cost of recovering from these kinds of events. But like you said, I think I want to say 160 days, your environment might be exposed for 160 days before you detect it. So having capabilities in a portfolio in our offerings, and we do a lot working with a research team our security team on things like our data protection where we have algorithms built in where we look for patterns and we look for anomalies. As soon as we see the patterns for malware, ransomware, we alert the operator so you don't allow it to be resident for that period of time. You quickly try to identify it. Another example is in our infrastructure management software. You can see your whole heterogeneous storage environment. You typically start out by base lining a normal environment, similar to the backup piece but then it looks for anomalies, and are there certain things happening in the network, the storage that warns the operator. >> I almost get the feeling that sometimes it's almost like termites. You don't realize you have a problem until it's too late because they haven't been visible. In a 160 day window, whatever it might be, you might be passed that but because whatever that attack was, it was malicious and as clandestine enough that you didn't find it and it does cause problems so as we're wrapping up here, what kind of confidence do you want to share with the end users with people to let them know that there are tools that they can deploy. That it's not all grim reaper. But it is difficult. >> It is difficult, it's very real. But it's absolutely something that every business can have under control, have a plan around. From an IBM perspective, we are number one leader in security, we're the leader in security. Our focus is not just at a software level, it's starting from the chips we design to the servers we deliver to the storage, the flash core modules, FIPS 140 compliance, the storage software, the data protection, the storage management software all the way through the stack. All the way through our cloud infrastructure. Having that comprehensive end to end security and we have those capabilities, we also have services. Our services and security organization work with clients to establish these, evaluate the environment, establish these strategies and interim plans. It's really about creating the plan, prioritizing it and implementing it, making sure the whole organization is aware and educated on it. >> You got to prepare no doubt about that. Thanks for the time Bina, we appreciate that. And it's not all doom and gloom but it is tough. Tough work and very necessary work. Back with more here on The Cube. You're watching our coverage from vmworld 2019, Here in San Francisco.

>> Announcer: Live from Chicago, Illinois, it's the Cube covering VeeamON 2018. Brought to you by Veeam. >> Welcome back to Chicago, everybody. This is the Cube, the leader in live tech coverage, and you're watching our exclusive coverage of VEEAMON 2018. #VeeamON. My name is Dave Vallante and I'm here with my cohost Stuart Miniman. Stu, great to be working with you again. >> Thanks Dave. Admiral, David G. Simpson is here. He's a former Chief Public Safety and homeland Security Bureau and CEO, currently, of Pelorus, a consultancy that helps organizations think through some of the risk factors that they face. David, welcome to the Cube. Thanks so much for taking time out. >> It's my pleasure to be here. >> So, as I was saying, we, we missed a big chunk of your keynote this morning cause we had to come back to the cube and do our open, but let's start with your background and kind of why you're here. >> Sure, well, I spent over three decades in the Navy where my responsibilities throughout included the resiliency of the ability to command and control forces in areas around the world not always so nice and often arduous and often at sea. So, that experience really has given me a very good appreciation, not only for how important economy of operations is, but how difficult it can be and how important the details are, so I am a natural fan of what FEMA's doing to make that easier for organizations. After DOD, I was recruited by the chairman of the FCC to lead the Public Safety Homeland Security Bureau for the Federal Communications Commission. And, in that position, I have responsibility for the nation's climate one system, emergency alerting, and the resiliency of over 30,000 telecommunication companies in the domestic market, so both experiences really have given me a very good insight into the need, the consequence of not getting it right, how to prepare to get it right, but also an ability to look at what's coming down the pike with the new telecommunications technologies that will really be game changers for functionality in the new internet of things environment. >> So, three decades of public service. First of all, thank you. >> Thank you. It's quite an accomplishment. And then, we had talked off camera that we, a couple of years ago, had Robert Gates on and we were gettin' detailed into how the experience that someone like you has had in the public sector translated to the private sector. It used to be there was just such a huge gap between, you know, what you did and what a, what a company had to, had to worry about. Do you see that gap closing? And, maybe, you could add some color to that. >> Sure, and in particular, in the cyber arena, you know, cyber, unlike the land, sea, and air domains, is a domain of Man's own making and the constraints around that domain are of our own choosing. And, we're not constrained by physics, we're constrained by the investment decisions we make and the contours of that expanding environment. But, the internet started out as a DOD research and development project, ARPA, so it has not been unusual for DOD to be out in front in some of the development aspects where counterintuitively we would, normally, see industry out in front. The same occurred I believe with cyber when our intelligence community over 10 years ago said, hey, this is a great thing, this internet thing. And, it's super that we're doing more and more communications, that we're talking with devices at the edge around the battle space, but it's vulnerable to attack and we need to organize, so that we are capable in the defense of that great cyber set of functionality that we've built. >> Could you expand? Just, so, you're doing some teaching in the cyber security world too. Maybe you could share a little bit what you're doing and what you see as kind of the state of this today >> Yeah, well, thank you for asking that about a year ago, the dean of the business school of Virginia Tech, asked me if I wouldn't consider building a cyber program for the business school. Tech has always had a strong engineering component to cyber security and it's led by a good friend of mine Dr. Charles Clancy with some superb research going on, but, increasingly, over two thirds of the work roles, in cyber security are not engineering. They really have much more to do with traditional business functions. Yet, most business leaders aren't well prepared to assess that risk environment, let alone appreciate it, and then, drive investments to address risk reduction. So, at Virginia Tech, we've built a series of four courses that in the MBA programs, the Masters of Accounting, the Masters of Business IT, we are now teaching prospective business leaders how to look at the risk environment and organize an investment structure using the NIST, or National Institute of the Standards of Technology, risk management framework, so that can be done in a repeatable way that communicates well with industry. And, companies like Veeam have an important role to play in that space because Veeam really translates much of the engineering complexities into business understandable conditions by which decisions about that data space can really be made. >> I want to share an observation that we had on the Cube last year, one of my favorite interviews was with a gentleman from ICIT, James Scott. He's a security expert, you may know him. And, we asked him what the biggest threat was to United States and his answer surprised me. I thought it was going to be, you know, cyber warfare or risks to critical infrastructure, he said the weaponization of social media was the number one threat, like wow. And, we had a really interesting discussion about that and, you know, I think of, you know, your background, loose lips sink ships, people on social give up there credentials, all of a sudden, you've got some outside bad actors controlling the narrative, controlling the meme and controlling the population without firing a shot. Wow, so what are your thoughts on social media and it's risk to our society and how to deal with it? >> Well, we're seeing in the last year, that he's very prescient, right, in that you can lockdown all the bits and the bytes and get the integrity, the confidentiality, and the availability of your data sets taken care of, but in a world where the public square, if you will, is now a virtual public square, if an adversary can change the perception of reality in that public square, or if they can cause our democracy to lose confidence in that public square, then an adversary can really achieve a kill, if you will, a desired effect in a way that is very negative for the country, so I don't see that though as being completely distinguished from cyber security. I see, in my mind, that we need to expand the universe, to protect the universe of cyber into that cognitive space. And, we need to understand, increasingly, the origin of comment in the social media arena. We need to understand therole algorithms have to play in amplifying a message and suppressing other messages. And, we need to, I think, have a greater accountability for businesses that are in that virtual public square line of business to help consumers and communities continue to have confidence in that public square and we're, we're challenged in that area. 'cause see Mark Zuckerberg's testimony, right >> Sure. >> Illuminated some big challenges there. >> Yeah, I mean, my heart went out to Zuckerberg, it was, I was like the poor guy, he's just trying to build out a social network and now he's getting, you know, attacked by politicians who are saying, wow you mean you use data for political gain, or you allowed somebody to do it. >> He was in a tough spot. >> And politicians themselves, I think, were a bit embarrassed in revealing their lack of tech savvy in a world where we should expect policy makers to be at least aware enough of the parameters around the virtual public square where they can help develop the right policy to ensure that this continues to be a net asset for the United States, for communities, and for consumers. >> Technology kind of got us into this problem, but, technology, in and of itself, is not going to get out of, get us out of this problem >> Right. >> It's others in the organization, the lines of business, the policies, the practices, some of the work that you do in your teachings, may be >> Yeah, absolutely and when I talk to aspiring business leaders, I communicate a couple of things to them. One, they need to get their heads out of being the decider as the CEO. Increasingly, they will be creating decision environments, right, where decision operations occur and are driven by algorithms, by machine learning, and AI, and so they've got to be thinking, about how do they create those environments to deliver the right kind of decision results that they're looking for. The second piece that I talk to them about, that's counterintuitive, is that they need to, as they bring in network functional virtualization and more and more software oriented things that used to be hardware, they've got to understand the risk exposure from that and bring in, they can, a way to address cyber risk as they introduce new functionality in the market. >> Well, it's interesting of an Admiral talking about network function virtualization, I'm very impressed. Admiral Simpson, thanks very much for coming on the Cube. >> Sure. >> Really a pleasure having you and best of luck in your work. >> Well, thank you and it's great to be here with the Veeam professionals that, I think, are really building a command and control layer of an enterprise of data space that will be very important for the future. >> Alright, okay, thanks for watching everybody. We will be right back, Stu Miniman and Dave Vallante from VeeamOn 2018, you're watching the Cube. >> Great thanks. (upbeat music)

(techy music playing) >> Hi, I'm Peter Burris and welcome to another CUBEConversation. I'm here with Tom Joyce, CEO of Pensa, from our beautiful Palo Alto theCUBE Studios, and we're talking a bit about some of the trends and most importantly, some of the real business value reasons behind some of the new network virtualization technologies, but before we get there, Tom, tell us a little bit about yourself, how did you get here? >> Okay, thank you, Peter, thanks for having me in today. I am CEO of Pensa, I've been there for about six months, company's about three years old, so I joined them when a lot of the engineering work had already been done and I've been around the tech industry, mostly on the enterprise side, for a long time. I worked with Hewlett-Packard in a number of different roles, I worked at Dell, I worked at EMC and a number of startups. So, I've been through, you know, a lot of different transitions in tech, as you have, over the years, and got excited about this because I think we're on the cusp of a number of big transitions with some of the things that are coming down the road that make a company like Pensa really interesting and have a lot of potential. So, it's been a tremendous amount of fun working in startup land again. >> So, what does Pensa do? >> So, Pensa is a software company and again, we're based here in Mountain View. Most of our operations are here. We also have an engineering team over in India, and they're all people that are focused on networking technology. They have a long history there and what we do is help primarily service providers, you can think the classic telecommunications industry, but also other modern service providers, build modern networks. We're very focused on network functions, virtualization technology or NFE, which is about building network services that are highly flexible in software that you can deploy on industry standard server technologies, you know, kind of cloud native network service development as opposed to, you know, what many folks have done with hardware-based and siloed networking technologies in that industry for a really long time. So, what we help them do is use intelligent automation to make it easy to build those things in incredible combinations with a lot of complexity, but do it fast, do it correctly every time, and deliver those network services in a way that they can actually transform their businesses and develop new apps a lot faster than they could do otherwise. >> So, Tom, I got to tell you, I'm an analyst, I've been around for a long time and every so often someone comes along and says, "Yeah, the tel-cos are finally going to "break out of their malaise and do something different," yet they always don't quite get there. What is it about this transition that makes it more likely that they succeed at becoming more than just a hauler of data to actual digital services provider? >> Yeah, I mean, it's an excellent question. Frankly, you know, it's one that I face all the time. You know, as you traffic around Silicon Valley people are focused on certain hot topics, and you know, getting folks to understand that, you know, we are at a cusp point where this industry's going to fundamentally change and there's a huge amount of money that's actually being spent and a lot more coming. You know, a lot of folks don't necessarily, who don't spend their time there everyday, realize what's happening in these communications service providers, which you know, we used to call tel-cos, because what's happened, and I think, you know, I'm interested in your perspective on this, over time you see long periods in that industry of things don't change and then everything changes at once. >> Yeah. >> We've seen that many, many times, you know, and the disruptions in that industry, which were very public, you know, 15 years ago and then another 10 years before that, those were trigger points when the industry had to change, and we strongly believe that we're at that point right now where if you look at the rest of, like, enterprise IT where I've spent most of my career, we've gone through 15 years of going from hardware-based, proprietary, siloed to software-based, industry standard servers, cloud, and cloud native. >> Peter: And service-based. >> And service-based, right, and the formerly known as tel-co business is late to the party, you know. So, it's almost like that industry is the last domino to fall in this transition to new technology, and right now they're under enormous pressure. They have been for a while, I mean, I think if you look at the industry it's a trillion dollar plus business that touches basically every business and every person in the world, and every business and every person has gone to wireless and data from wire-line and the old way of doing things, and these service providers have pretty much squeezed as much as they can possibly get out of the old technology model and doing a great job of adapting to wireless and delivering new services, but now there's a whole new wave of growth coming and there's new technologies coming that the old model won't adapt to, and so frankly, the industry's been trying to figure this out for about five years through standards and cooperation and investment and open-source stuff, and it's kind of only at the point now where a lot of these technologies work, but our job is to come in and figure out how do we make them, you know, work in production. How do we make it scalable, and so you know, that's why we're focused there is because there's an enormous amount of money that gets spent here, there are real problems. It's not crowded with startups, you know. We have kind of a free shot on goal to actually do something big, and that's why I'm excited about being part of this company. >> Well, the network industry is always, unlike the server and storage industries, always been a series of step functions, and it's largely because of exactly what you said, that the tel-cos, which I'll still call them tel-cos, but those network service providers historically have tied their services and their rates back to capital investments. >> Tom: You're right, yeah. >> And so they'd wait and they'd wait and they'd wait before they pulled the trigger on that capital investment-- >> Tom: Mm-hm. >> Because there was no smooth way of doing it. >> Tom: Right, yeah. >> And so as a consequence you've got these horrible step functions, and customers, enterprises like a more smooth set of transitions, >> Tom: Yeah. and so it's not surprising that more of the money's been going to the server and the storage guys and the traditional networking types of technologies. >> Mm-hm, yeah. >> But this raises an interested question. Does some of the technology that you're providing make it possible for the tel-co or the network service provider. >> Tom: Yeah, yeah. >> To say, "You know what, I can use NFV "as a way of smoothing out my investments "and enter into markets faster with a little bit "more agility so that I can make my customers "happy by showing a smoother program forward." You know, make my rates, adjust my rates accordingly, but ultimately be more likely to be successful because I don't have to put two or three or $10 billion behind a new service. I can put just what's needed and use NFV to help me scale that. >> That's exactly right, I mean, we're really bringing software programmability and devops kinds of capabilities to this industry, us and other folks that are involved in this, you know, this transition, which we think is enormous. I mean, it's probably one of the biggest transitions that's left to happen in tech, and the old model of set it and forget it. I put in my hardware based router, my switch, build out my, make a big investment, that step function you talked about, and depreciate it over a long period of time doesn't work it anymore, because during that long period of time new opportunities emerge, and these communication service providers haven't gotten all the growth because other people have jumped into those opportunities, the over-the-top people, the Netflixes, probably increasingly cloud players and saying we're going to take that growth, and so if you're one of these... You know, there's a few hundred large communication service providers throughout the world. This is an existential problem for them. They have to figure out how to adapt, so when the next thing comes along they can reprogram that network. You know, if there's an opportunity to drop a server in a remote branch and offer a whole range of services on it, they want to be able to continually reprogram that, update those, and you know, we've seen the first signs of that, we saw-- >> And let me stop-- >> Right, as an example of that. >> But not just take a hardware approach to adding new services and improving the quality of the experience that the customers have. >> That's exactly right, they want to have software programmability. They want to behave like everybody else in the world now-- >> Right. >> And take advantage, frankly, of a lot of things that have been proven to work in other spheres. >> So, the fundamental value proposition that you guys are providing to them is bring some of these new software disciplines to your traditional way of building out your infrastructure so that you can add new services more smoothly, grow them in a way that's natural and organic, establish rates that don't require a 30-year visibility in what your capital expenses are. >> That's right, I mean, so one of our, you know, our flagship customers is Nokia. Nokia you can think about as kind of a classic network equipment supplier to many of those service providers, but they also provide software based services through things like Nuage that they own and some things they got from Alcatel-Lucent, and they do system integration and they've been kind of on the leading edge in using our technology to help with that of saying, "Look, let's deliver you "industry standard, intel-based servers, "running network functions in software," and what we help them do is actually design, validate, build those capabilities that they ship to their customers, and you know, without something like Pensa... Somebody has to go in and code it up. Somebody has to really understand how to make these different parts work together. I've got a router from one place. I've got a virtual network function from someplace else. Interoperability is a challenge. We automate all of that. >> Peter: Right. >> And we're using intelligence to do it, so you can kind of go much faster than you otherwise could. >> Which means that you're bringing value to them and at the same time essentially fitting their operating model of how they operate. >> Exactly, yeah. >> So, you're not forcing dramatic change in how they think about their assets, but there are some real serious changes on the horizon. 5G, net neutrality and what that means and whether or not these service providers are going to be able to enter into new markets, so it does seem like there's a triple witching hour here of the need for new capital investment because those new services are going to have to be required, and there's new competitors that are coming after them. We like to think that, or we think in many respects the companies that are really in AWS's crosshairs are the tel-cos, and you guys are trying to give them approach so that they can introduce new agility or be more agile, introduce some services, and break that bond of rate-based, capital investment-based innovation. >> Yeah, exactly right, and also, frankly, break the bond of having to buy everything from the same tel-co equipment provider they've done for the last 20 years in extraordinary margins. People want to have flexibility to combine things in different combinations as these changes hit. You know, 5G, you mentioned, is probably the biggest one, you know, and I'd say even a year ago it was clearly on the horizon but way out in the distance, and now almost every day you're seeing production deployments in certain areas, and it is going to fundamentally change how the relationship works between businesses and consumers and the service providers and the cloud people. All of a sudden you have the ability to slice up a network, you have the ability to program it remotely, you have the ability to deliver all kinds of new video-based apps and there's a whole bunch of stuff we can't even conceive of. The key thing is you need to be able to program it in software and change it when change is required, and they don't have that with technology like this. >> That's right, and 5G provides that density of services that can actually truly be provided in a wireless way. >> Exactly. >> All right, but so this raises an issue. Look, we're talking about big problems here. These are big, big, big problems, and no company, let alone Pensa, has unlimited resources. >> Tom: Hm. >> So, where are you driving your engineers and your team to place their design and engineering bets? >> Yeah, I mean, look, there's clearly a set of problems that need to be solved, and then there's some things that we do particularly well. We have some technology that we think is actually unique in a couple of areas. Probably the heart of it is intelligently validating that the network you designed works. So, let's say you are a person in a service provider or you're an SI providing a solution to a service provider, you make choices based on the requirements, because you're a network engineer, that I'm going to use this router, I'm going to use a Palo Alto Networks firewall, I'm going to use Nginx, I'm going to use Nuage, whatever that combination is, so I've got my network service. Very often they don't have a way to figure out that it's going to work when they deploy it. >> Peter: Hm. >> And we build, effectively, models for every single element and understand the relationships of how they work together. So, we can, you know, pretty much on-the-fly validate that a new network service is going to work. The next thing we do is go match that to the hardware that's required. I mean, servers, you know, they're not all the same and configurations matter. I mean, we know that obviously from the enterprise space and we can make sure that what you're actually intending to deploy you have a server configuration or underlying network infrastructure that can support it. So, our goal is to say, you know, we do everything, frankly, from import network services or onboard them from different vendors and test them from an interoperability standpoint, help you do the design, but the real heart of what we do is in that validation area. I think the key design choice that we are making, and frankly, have had to make is to be integratable and interoperable, and what that means is, you know, these service providers are working with multiple different other vendors. They might have two different orchestration software platforms. They might have some old stuff they want to work with. What we're going to do is kind of be integratable with all of the major players out there. We're not going to come in and force, you know, our orchestrator down your throat. We're going to work with all of the major open-source ones that are there and be integratable with them. You know, we believe strongly in kind of an API economy where we've got to make our APIs available and be integratable because, as you said, it's a big problem. We're not going to solve it all ourselves. We've got to work with other choices that one of these customers makes. >> So, we like to say at Wikibon that in many respects the goal of some of these technologies, the NFV software defined networking technologies, needs to be to move away from the device being the primary citizen to truly the API being the primary citizen. >> Mm-hm. >> People talk about the network economy without actually explaining what it means. Well, in many respects what it really means is networks of APIs. >> Tom: Yes. >> Is that kind of the direction that you see your product going and how are you going to rely on the open-source community, or not, to get there, because there's a lot of ancillary activity going on in creating new inventive and innovative capabilities. >> Yeah, I think, I mean, that's a really big question and to kind of tackle the key parts of it in my mind... You know, open-source is extremely valuable, and if you were a communication service provider you may want to use open-source because it gives you the ability to innovate. You can have your programmers go in and make changes and do something other folks might not do, but the other side of the coin for these service providers is they need it to be bullet-proof. >> Peter: Right. >> They can't have networks that go down, and that's the value of validation and proving that it works, but they also need commercial software companies to be able to work with the major open-source components and bring them together in a way that when they deploy it they know it's going to work, and so we've joined the Linux Foundation. We're one of the founding members of Linux Foundation networking, which now has open NFV, and has ONAP, and a number of other critical programs, and we're working with them. We've also joined OSM, which is part of the European Telecommunications Standards Institute, which is another big standards organization. I'm not aware of another company in our space or related to NFV that's working with both, and so we feel positively about open-source but we think that there's a role for commercial software companies to help make it bullet-proof for that buyer and make... If you are a very large service provider you want somebody that you can work with that will stand behind it and support it, and that's what we intend to do. >> Well, as you said, your fundamental value proposition sounds like yeah, you're doing network virtualization, you're doing the, you're adding the elements required for interoperability and integration, but also you're adding that layer of operational affinity to how tel-cos, or how service providers actually work. >> Tom: Mm-hm. >> That is a tough computing model. I don't know that open-source is going to do that. There's always going to be a need to try to ensure that all these technologies can fit into the way a business actually works. >> Tom: Yeah. >> And that's going to be a software, an enterprise software approach, whoever the target customer is, do you agree? >> Yeah, we use a great partnership between the open-source community, commercial software companies like us, and the service providers-- >> Peter: Right. >> To build this thing, and we've seen that happen in enterprise. Devops was that kind of a phenomenon. You have winning commercial software providers, you have a lot of open-source, and you have the users themselves, and we think a lot of those concepts are going into this service provider space, and you know, for us it's all about at the end of the day we want to have the ability to get people to do their job faster. You know, if things change in the industry, a service provider using Pensa or an SI using Pensa can design, validate, build and run that next thing and blow it out to their network faster than anybody else. >> Peter: Time to value. So, it's time to value. >> Right, time to value. >> And certainty that it'll work. >> And in many respects, at the end of the day we all want to be big, digital businesses, but if you don't have a network that supports your digital business you don't have a digital business. >> That is correct. >> All right, so last question. >> Tom: Yes. >> Pensa two years from now... >> Tom: Hm. >> What does it look like? >> Yeah, I think we're, our goal right now is to line up with some of the leading industry players here. You know, folks that service those large service providers and help them build these solutions and do it faster. I think our goal over the next two years is to become a control point before service providers and again, folks like SIs that work for them and sometimes help run their networks for them. Give them a control point to adapt to new opportunities and respond to new threats by being able to rapidly change and modify and roll out new network services for new opportunities. You know, the thing we learned in the whole mobile transition is you really can't conceive of what's next. What's next two years from now in this space, who knows? You know, if your model is buy a bunch of hardware and depreciate it over five years you won't be able to adapt. We want to be-- >> You do know that. >> We know that, you know, we want to be one of those control points-- >> Peter: Right. >> That helps you do that quickly without having to go wade into the code. You know, so our goal is to allow... You know, our whole tagline is think faster, which means use intelligent technology to drive your business faster, and that's what we intend to be in two years. >> Excellent, Tom Joyce, CEO of Pensa. Thanks very much for being on theCUBE. >> Thank you very much. >> And for all of you, this is Peter Burris. Once again, another great CUBEConversation from our Palo Alto Studios. Look forward to seeing you on another CUBEConversation. (techy music playing)