>> from the Silicon Angle Media Office in Boston, Massachusetts. It's the cue Now, here's your host. Day Volonte. >> Hi, buddy. This is David Lantz. Welcome to this cube. Conversation with Dr Rico is the CMO of infinite out. It's still I still have a hard time saying that doctor or an engineer and I love having you on because we could talk storage. We could go deep and we could talk trends and marketing trends, too. But so welcome. Thanks for coming on my sled. So tell me what's new since the scale to win launch that you guys had. Tell me what you know. Is everything shipping Now What's the uptake been like with customers? And the reaction? Yeah, >> they're the reaction has been phenomenal. This, as you may recall, you were there. It was biggest launch in our history, which was fantastic. And the reaction has just been overwhelmingly positive, with customers with partners with analysts. Human scum cases with competitors is an interesting you know, we had a lot of things that were already shipping. They were an early customer release. There were a few things that we had started shipping in December on the things that we said we'd be coming in three Q. We G eight on time. So there, there now all generally available except the stuff that we talked about that would be available in 2020 which right now looks like it's on track. It's doing very, very well. >> So VM wear VM world eyes coming up later on this month, things are obviously changing. There was announcement recently that that VM wears gonna choir pivotal. So a little bit of financial engineering going on stock stock rose 77% on the day when the Dow dropped 800. So okay, the funny money. But things are changing in the V m where ecosystem you certainly saw we we This is our 10th year the M world. We go back and you hear Tod Nielsen back in the day, talk about for every dollar spent on a V M where lice and 15 was spent a Negro system, you know, we're kinda del izing vm wear now, which is sort of interesting, but I'm curious as to what you're seeing what that all means to you. I mean, still half a million 600,000 customers, you've got to be there you guys have great success at that show. So your thoughts what's going on? But VM world this year? Yeah, I >> kind of kind of loaded their first of all congratulations on the milestone. That's great. 10 years is super. Remember, probably seeing you with the 1st 1 there. Of course we knew each other longer. Uh, you know, and sure I get the incestuous, you know, money changing of hand there, I think I think it's it's good in one respect. You certainly CBM where, you know, making big inroads with VM wear on AWS. And this isn't now with Pivotal will be a good launching platform for Della's well, a svm where to be a little bit more in control of their own destiny. And it's certainly the way a lot of people are going. We're doing a lot of that ourselves. Not so much, in a sense. We don't have a cloud platform that we sell is a total encompassing platform. But of course, with new tricks cloud on big players and then certainly a large portion of our our customer base, our cloud service providers, they love our stuff. It helps them compete. It actually gives them in some respects, a competitive advantage, but VM world itself. Lots going on there. We have amplified our presence once again because VM where does represent a large portion of our customer base? So we're we're very proud of that. We're very proud to be a technology alliance partner of the M wears Andi. We're expecting to see a really good show in a really good cloud. A cloud crowd has they return back to their home base in San Francisco for us this year, it's It's gonna be a different experience. Were tellingme or of the software story, more of the portfolio story more about how you scare scale the win. We have a virtual presence this year, which is going to be very helpful in telling that story. Customers can come in and they can see more than just a ah box that in our world is really not important because it's for us. It's all about the software and stuff we do. We even in Booth Theater, we have some private meeting spaces well, to take people into a bigger, deeper drill down. But the virtual experience will allow them to touch and feel stuff that maybe they didn't get to do before, and that's gonna be kind of exciting as well. >> So you mentioned C S P s. We had Michael Gray thrive on a while back, and you know, he was saying that Look, he likes your product because it allows him to do other things. And don't worry about, you know, the old sort of tuning and managing and ableto re shift labor. I felt like that was an interesting discussion, primarily because you've got all these cloud service providers that everybody thought aws was just gonna kill. And if anything, it's elevated them. What are you seeing in the CSP space? Yeah, you know, >> Michael had a lot of interesting things to say that definitely love the fact that we enable multiple workloads without them having to do lots of cautious planning and re planning and shifting and shuffling. And we are seeing C S P is becoming more value. Add to a lot of businesses, especially the mid market and the smaller enterprise where people may want more than just infrastructure. You know, they don't they need that application level support and companies like thrive in some of our other really good customer, US signal and you know they're all capable of Flex Central's. Another one they're all capable of providing service is beyond the hardware they're capable of providing that application support the guidance and, in the case of Thrive, the cybersecurity guidance especial Really, which is really, really critical. So they're growing, and they're also, by the way, working with eight of us and Google and Azure to provide that capabilities well, when necessary. >> Well, that leads me to the sort of multi cloud discussion in our industry. We tend to have this alphabet soup of acronyms like another reason I like talking to you because we can kind of cut through that. And, you know, I love the marketing. I think marketing helps people understand what's going on differentiate. It gives you an indication of where the industry is going, and multi cloud is one of those things that I mean. I've kind of said it's a symptom of multi vendor and more so than a strategy. But increasingly it seems like it's becoming a strategy with customers, and you just gave an example of thrive working with multiple cloud vendors. Clearly, VM where wants to be in that business. What your thoughts on multi cloud and and hybrid. What does it mean for for infinite at What's your strategy there? You know, it's it's interesting because I >> just read an article the other day about you know, the definition of multi cloud on whether it's being abused and, you know, I I look at it as someone just trying to tell their story and give it. Give it some favor. I think at the end of the day, uh, every business is going to be talking to multiple platforms whether they want to or not. You know, there are many customers and companies out there, businesses who are in our customers who have gone the way of the cloud and repatriated. Certain things is they've they found that it it may work. It may not work, and there are many cloud providers who were trying to do things to accelerate migration of applications because they see that certain applications don't work. You know, we got one of the cloud providers buying Ah, now as provider, another one buying very recently, you know, an envy me based flash company to try to pick up those loose workloads where they might struggle today. But the end of the day everybody's going to be multiple. And whether it's because they're using cloud service is from from a software perspective or whether they just need to basically broker and maintain sort of that that independence so that they can maintain some cost control, availability, control, security, control and in some cases it will remain on premises. And some of things will be off just so they could get the applications closer to their end users. So you know what is multi Cloud? Multi Cloud really is just one of those terms that literally means what it says. It's your business running in multiple places. It doesn't have to necessarily be simultaneously by the same application. >> A big part of your value proposition is the simplicity. We've heard that from your customers, and you guys obviously push that out there. I want to ask you because you mentioned repatriation and you know, Cloud keeps growing like crazy. Sure, and the on prem not so much. You guys are smaller company. You're growing your stealing share, So yep. So maybe is that simplicity thing. Here's my question. So it's around automation. The cloud providers, generally an Amazon specifically have have driven automation. They've attacked the IittIe labor problem and they're able to charge for that on Dhe. So my question is, are you seeing that you're able to attack that labor problem in a similar sense and bring forth the value proposition to customers is Look, we can create a cloud like experience on Prem if you want MacLeod. Great. But if you want to stay on Prem, you're gonna get the benefit of being able to shift. Resource is two more strategic things and not have to worry about all this heavy, heavy lifting. You You seeing tangible evidence of that? >> We're seeing significant tangible evidence of that on and, you know, a couple of things. You know, you talk about growth, right? And I think when we did the launch, you know, only a few months ago we were at about 4.6 exabytes of capacity shipped. We just passed 5.1. That's some significant growth in in just a few months. It's like a 33% growth just from the same time last year, which is which is fairly significant. And of course, if you're familiar with the way we talk, you know you have an engineer is the head of marketing. We like to tell the truth. You know, we don't like to mask, do many things and confuse people. We don't like talking about effective storage because effective capacity doesn't really mean much to some people. So that's, you know, this is what we This is what we shipped and it's growing rapidly. And a lot of that is growing, in part because of the significance of the message and in part because of this need to control costs, contain costs and really operate in a more modern way. So get back to your comments about cloud and cloud operation. That's really what people want. People like the consumption model of cloud. They don't always like the cost on hidden costs. So simplifying that, but giving them the flexibility Thio have either an op X or cap ex that allows him to grow and shrink as they move workloads around. Because everybody grows even on Prem is growing. It's just, you know, it's the law of numbers, right? Cloud is growing, absolutely. But on Prem really is growing. And then the other thing I want is they want the operational flexibility. And that's what we talked about in our elastic data fabric. They don't like constantly having to re jigger and re balance workloads. Infinite box by itself. The platform of infinite Box takes away a lot of that mystery and magic, because it it kind of hides all of the complexity of that workload. And it, you know, we take the randomness out of the I o. I think maybe Craig Hibbert mentioned in his video is he was describing in detail how that happens. Remember Michael Gray talking about that as well, you know, So those those things come out in a single infinite box. But even if you said well, I still want to move my workload from, uh, you know this data center to an adjacent data center or perhaps a data center in another facility. Um, excuse me, Another city. So that's closer to the end user. Making that transparent to the applications is critically important. >> Yes, he talked about growth in about 1/2 a PETA bite. Sorry, half an exabyte in just a few months. A couple months? Really Right. That's that's growth. But I want to ask you about petabytes. Petabytes scales. Kind of key of companies that don't do that in a year day, eh? Exactly. So that's a petabytes scale. Is big party of marketing two questions? Why is that relevant? Or is that relevant to VM? Where customers? Why so and then, does it scare some people owe you? Asked a great question. >> It absolutely scared some people. And I know that there are some pundits out their industry pundits who who basically don't agree with our messaging. But this is this is the business problem that we we targeted the solve rate. Um, there are a lot of people out there who don't think they're petabytes scale yet because maybe they're individual applications aren't petabytes scale. But when you add it up, they get there and a lot of our customers are existing. Customers didn't start with infinite at at petabytes scale. They started a couple 100 terabytes, perhaps, but they're petabytes skill now. In fact, over 80% of the customers and systems that we have out there today or above the petty bite. We have customers that are in the tens of petabytes. We have customers that are in the hundreds of petabytes. They grow, they grow rapidly on. Why is that? Well, to two factors. Really. Number one, if you go back to. Probably when I first met you back when I had your hair, at least in quantity, way had way. Were kind of crusting that terabyte mark. Right? Right. And what was the problem? The problem was nobody could figure out how to deal with the performance. Nobody wanted to put that much risk on a single platform, so they couldn't deal with the availability. And they really didn't know how to deal with even the serviceability of that scale. So terabyte was a problem solved No, 25 years ago, and then things were rapidly from there. Now we're at the same juncture, just three orders of magnitude later. Right? >> Well, that's interesting, because, you know, you're right. People didn't want to put all all that capacity under an actuator that cost performance problems. They were concerned about, you know, just availability. And then two things happen so simultaneously, flash comes along. And, you know, you would say was put sort of a Band aid to some of the performance problems. Sure. And you guys came up with, like, this magic sauce to actually use spinning disc and get the same performance or better performance you would argue with flash. And so as a result, you were now able to do a lot Maur with the data, the concerns about that much date under the actuator somewhat attenuated because, I mean, you've got now so much data, you've got to do something that's almost that's flywheel effective. You've got tons of data machine intelligence and a I. Now, coming into the picture, you've got Cloud, which has been this huge tail when for the industry and for data creation in general. And so I see. You know, you see, like the I. D. C numbers and for forecasting growth of data and storage could be low. I mean, the curve could be bending, you know, kind of more than exponentially your thoughts on that. >> Yeah, it's an interesting, interesting observation. I think what it really comes down to is our storyline is math is greater than media, all right? And when you when you look at the flash being, you know, the panacea to performance it was just a step in the evolution, right? You go back and and say, spinning disc was the same solution to the performance problem 20 years ago. 25 years ago, even it was 5400 rpm discs and then very rapidly. Servers got faster. The interconnects got a little bit faster. They were still mostly differential. Scuzzy. There was 7200 rpm discs. And I promise you, by the way, that if you're running 5400 rpm desk, you install 7200 rpm. All yours performance problems will go away until the day you install it. And then it was 10,000 rpm discs and I was 15,000 rpm disc, and it still wasn't getting fast enough because, you know, you went to Fibre Channel One Gig Fibre channel and then to Geek Fibre, Channel four, Gig fibre, Channel eight, gig fibre channel. The unified connects got faster. The servers got faster. That was more cash on the servers. Then this thing came along, cuts called solid state disc. Right. And then it was it was SLC single layer cell technology. But don't worry about it's very expensive. Not a problem. You only need 4% of your application, right? Jerry? No, no, I'm sorry. percent. No, I'm sorry. 30%. What the heck? You know, M l c is now a little bit more reliable, so let's just make make it all slash. Right? So that was the end of the story, right? No. Servers continue to get faster. Uh, the media continue to get faster and denser, right? So now the interconnect isn't fast enough, So envy me. Is that the answer to life? The universe and everything? Well, wait. I got a better answer for your test. CIA storage class memory in parallel with that. By the way, there are some vendors out there who said that's still not fast enough. We want to put more d ram and the servers and do things in memory. We went in memory databases. I guarantee whatever you do from a media perspective on my personal guarantee to you, it's obsolete by the time you're up and running. By the time you get your applications migrated, configured and running with business value, it's already obsolete. Some vendors got something better coming out. The right answers. This stuff you talked about, the right answer is everything that you're doing for your business. APs. It's a it's a Mel. It's solving the problems in software and, you know, you said we use disc and make it fast. It's not despite itself, of course, right? It's D Bram. It's a lot of the Ram, which, by the way, is orders of magnitude faster than flash the NAND flash. And even if its ECM and still orders of magnitude faster than that, what we use the disk for today in the architecture is the cost factor. We take the random ization out in the flash and we take the >> end and in the in the diagram >> and we used the SAS in the back end to manage costs. But we use it in a way that it performs well, which is highly sequential, massively parallel. And we take full advantage of that Beck and Ben with to do that with that massive dear am front end. Our cash ratios are unparalleled in the industry and and we use it even more effectively that way. But if architecture already evolves, so if if SCM becomes more stable and becomes more cost effective, we can replace that that S S D layer with the cm. And if you know, if the economics of Q L C or something beyond that. Come down will replace the back end with that, do you? Do >> you ever look at what you're doing today as sort of a modern day symmetric. So I mean, a lot of things you just said. I mean, you've got a lot of memory. You've got a massive back end. You know, those were two of the characteristics of symmetric snow. Of course. Fast forward. Whatever. 30 years, right. But a lot of it was sort of intelligence and understanding. Sure. So how data works, is it Is it a fair sort of, or is it radically different? Well, in terms of mindset, I mean, I know the implementation is >> right, right? >> Yeah. I mean, it's not an unfair comparison. I mean, tiered storage was around before some metrics. Right? So it's certainly existed existed then, too. It was just at the time. It was a significant innovation course to layer at the time, right? A big cash front, ending some slower media and then taking advantage of the media on the back end. The big difference today is that if you look at what some metrics became through its Evolution's DMX and V Max and now Power Max. It's still tiered storage, you know, you still have some cash. That's that's for unending some faster media with power. Max, you're you're dealing now with us with an SS a back end. But what happened with those types of architectures is the tearing became more automated. But you're still moving information around. You're still moving Information from one said it This to another set of this leader in the cycle. You're still trying to promote things you know, to to the cash up front. We're doing it in real time. We're >> doing it by analyzing >> the data on the way it comes in. We're reassembling it again, taking the random ization out we're reassembling it and storing it across multiple disks in a way that it it increases our probability of pulling that information associated information back when we need it later. So there's there's no movement. Once its place, we don't have to replace it. You know it's already associated with other data that makes sense, and that gives us a lot of value. >> And secret sauce is the outcome of the secret sauce is you're able to very efficiently. Well, historically, you haven't been able to do a lot of garbage collection, a lot of data movement, and that just kills performance. There's >> really no garbage collection necessary in our in our world way. Also use very modern data structures or patents. Ah, lot of them on our neural cash Deal with the fact that we use a try data structure. So we're not using old fashioned hash tables and you know, l are you algorithms, You know it Sze very, very rapid traverse a ll of these trees >> and you're taking advantage of machine intelligence inside the software architecture. That really is some of the new innovation that really wasn't around to be able to take advantage of that 20 years ago. Maybe it was it was just not cost effective. Do the math was there, put it that the math of the mouth was there and >> there there There's been lots of evolutions of that over the years, a swell, but we continue to evolve and innovate. And, you know, one of the one of the cool things I think about working infinite at is is the multiple multiple generations of engineer where you've got people who understand that math they understand the real nuances of what it means to operate in a world of storage, which is quite a bit different than operating, saying networks or proceed be used because data integrity is paramount. There's lots of lots of things that go on there as well. But we also have younger generations, generations who like new challenges and like to re invent things so they find newer and greater ways to do things. >> This is exciting. So systems, thinkers and I mean server thinkers. I mean, people who understand, you know, systems designed it all the way through and and, you know, newbies who are super smart like you say, wanna learn and solve problems? Go back to the petabytes scale discussion, >> solve problems at petabytes scale, right? Even if the customer doesn't need that necessarily to solve that problem is critically important because even if you look at Les, just take, you know NFS, for example, most NFS systems deal with thousands of objects. Hundreds to thousands of objects are an F s. Implementation deals with billions, right? Do you need billions? How many applications you know that have billions of objects, But being able to do that in a way where performance doesn't degrade over time and also do it in a way where we say our nlm implementation isn't impacted by any any type of service events, we can take a note out, and it doesn't impact in ln There's no no degradation and performance. There's no impact or outage in service. All that's important. Even when you're dealing with smaller application sizes because they add up, they really do add up. He also brought up the point about, you know, density and actually intensity. Great. You know, back 25 years ago, when we were dealing with, you know, the first terabyte storage system, you know, how much how much stories did you have on your laptop? How much you have today, right? You know, you're probably more than a terabyte. They were laughing about putting things terabyte on the floor. And now you get more than a terabyte on your laptop. Things changing? >> Yeah. Um, I wanna ask you where you see the competition. We talked about all flash. We've had a long conversation, long, many conversations in the past about this, But you really, you know, the all flashy kind of described it as a Band Aid, essentially my words, but it was sort of a step function. Okay, great. Um, you have one company, really us who achieve escape velocity in that business in terms of pure But is that where you see in competition and you're seeing it from, you know, the hyper scale er's where you Yeah, you know, >> it's interesting. You know, you look at companies like, you know, we admire what they dio, especially with regard to marketing. They do a really good job of that. They also, um I have some really interesting ideas innovating the media, which is which is great. It helps us in the long run as well. Um, we just look at it as a component of our system, not these system, which makes it different. We don't really see the A f a. You know, the small scale a FAA is are the majority of our competition. We do run into them, but typically it the lower end of the opportunity. Even within the bigger companies that have competitors to those products, we run into them and smaller opportunities, not bigger opportunities where we run into them where there's a significant performance advantage as long as you don't mind the scale out approach to solving the problem. Unfortunately, when you're using a phase two skill out, you know you're putting all of the intelligence requirements on some poor storage administrator or system administrator to figure out what those where right, we take all of that away. So once it starts to scale, that's where we come in a plan. We don't see tons of competition there. Certainly, we're seeing competition from the clouds. And the competition from the clouds is more born of customer mandates and company mandates. Sometimes they I'm not quite sure that everybody knows why there who think to the cloud and we're problem they're trying to solve. But once they start to see a story that says, Hey, if the reasons are and you do understand those reasons, if the reasons are agility and financial flexibility and operational agility not as well as his acquisition agility, you know, we have answers to that and it starts to become a little bit more interesting and compelling. >> All right. One of the highlights of the M world each year is your dinner. Your customer I crashed in a couple of years ago when there were no other analysts there. And then last year again, it was in Vegas. Shows a nice steak house. This year we're in San Francisco, but But I had some great conversations with customers. I remember speaking to one customer about juxtaposing the sand thio to infinite debts platform. And you know the difference. The Sands taken off doing really well, but But he helped me understand the thinking from their standpoint of how they're applying it to solve problems and why v san wasn't a good fit. Your system was, um that was just one of many conversations last year had again other great conversations with customers. What do you do in this year? You have a customer dinner. We are? Yeah. We love to have you in and gave the invitation there. Yeah, the invitation. Is that definitely there? You know, a couple of >> years ago we didn't invite analysts, and you know what it was? It was a mistake. We and we learned that lesson into a large part. We credit you for for showing us how wrong we are. Our customers are very loyal. They're some of the most loyal in the industry. Don't take my word for it going. The gardener Pierre Insights and and look at our numbers compared to everybody else's any pick. Pick a vendor. We're at the top of the list with regard to not only the ratings but, more importantly, the customers willingness to recommend in every category, too. By the way, it's It's not just product quality and performance, and it's it's service support. It's easy doing business. It's an entirely different experience. So we love having the customers there, and the customers love having you there, too. They love having you and your appears in the industry there because they love learning from you and they love answering the questions and getting new insights. And we'd love to have you there. We're gonna be in the Mint this year. San Francisco meant not the not the current one that that's pretty coins, but the original historical site on duh. You know we have. We have invitations out thio to about 130 people because there's only so much room we have it at the event, but we're looking forward to a great time and a great meal and good conversation. >> That's great. Well, VM World is obviously one of the marquee events in our industry. It's the It's the fat middle of where the IittIe pro goes on dhe We're excited. Used to be Labor Day started the fall season. Now it's VM world. Well, Doc will see you out there. Thanks very much for your good to see you. All right. Excellent. All right. Thank you for watching everybody. This is day Volonte in the Cube will see you next time we'll see you at the M World 2019.

>> live from San Francisco. It's the Cube covering Google Club Next nineteen Rodeo by Google Cloud and its ecosystem partners. >> Hey, welcome back. Everyone's the live Cube covers here in San Francisco for Google Cloud. Next nineteen. I'm Javert Day Volante here on the ground floor, day two of three days of wall to wall coverage to great guests. We got Kartik lost. Meena Ryan, product management director of Cloud Identity for Google and Kim parent chief security officer for Doctor on Demand. Guys, welcome to the Cube. Appreciated Coming on. >> Great to be here. >> Thank you so honestly Way covering Google Cloud and Google for many, many years. And one of the things that jumps out at me, besides allows the transformation for the enterprise is Google's always had great technology, and last year I did an interview, and we learned a lot about what's going on the chip level with the devices you got. Chrome browser. Always extension. All these security features built into a lot of the edge devices that Google has, so there's definitely a security DNA in there and Google the world. But now, when you start getting into cloud access and permissions yesterday and the Kino, Thomas Kurian and Jennifer Lin said, Hey, let's focus on agility. Not all his access stuff. This is kind of really were identity matters. Kartik talk about what's going on with cloud identity. Where are we? What's the big news? >> Yeah, thank you. So clouded. Entities are solution to manage identity devices and the whole axis management for the clouds. And you must have heard of beyond Corp and the whole zero trust model and access. One thing we know about the cloud if you don't make the access simple and easy and at the same time you don't provide security. You can get it right. So you need security and you need that consumer level simplicity. >> Think it meant explain beyond core. This is important. Just take a minute to refresh for the folks that might not know some of the innovations. They're just start >> awesome. Yeah. So traditional on premises world, the security model was your corporate network. Your trust smaller. Lose The corporate network invested a lot to get to keep the bad people out. You get the right people on and that made ten T applications on premises. Your data was on premises now the Internet being a new network, you work from anywhere. Work is no longer a thing. You work from anywhere. What gets done right? So what is the new access? More look like? That's what people have been struggling with. What Google came up with in two thousand eleven is this model called Beyond Core versus Security Access Model will rely on three things. Who you are is a user authentication the device identity and security question and last but not least, the context off. What are you trying to access in very trying to access from So these things together from how you security and access model And this is all about identity. And this is Bianca. >> And anyone who has a mobile device knows what two factor authentication is. That's when you get a text messages. That's just two factor M. F. A multi factor. Authentication really is where the action is, and you mentioned three of them. There's also other dimensions. This is where you guys are really taking to the next level. Yeah, where are we with FAA and some of the advances around multi factor >> s O. So I think keeping you on the highlight is wear always about customer choice. We meet customers where they are. So customers today have invested in things like one time use passwords and things like that. So we support all of that here in cloud identity. But a technology that we are super excited about the security, Keith. And it's built on the fighter standard. And it's inserted this into your USB slot of that make sense. And we just announced here at next you can now use your android phone as a security key. So this basically means you don't have to enter any codes because all those codes you enter can be fished on way. Have this thing at Google and we talked about it last time. Since we roll our security keys. No Google account, it's >> harder for the hackers. Really Good job, Kim. Let's get the reality. You run a business. You've been involved in a lot of start ups. You've been cloud nated with your company. Now talk about your environment does at the end of the year, the chief security officer, the buck stops with you. You've got to figure this out. How are you dealing with all this? These threats at the same time trying to be innovative with your company. >> So for clarity. So I've been there six years since the very beginning of the company. And we started the company with zero hardware, all cloud and before there was beaten beyond Corp. Where there was it was called de-perimeterization. And that's effectively the posture we took from the very beginning so our users could go anywhere. And our I always say, our corporate network is like your local coffee shop. You know, WiFi like that's the way we view it. We wanted to be just a secure there at the coffee shop, you know, we don't care. Like we always have people assessing us and they're looking at a corporate network saying, You know, where your switches that you're, you know, like where your hardware like, we want to come in and look at all like we don't have anything like, >> there's no force. The scan >> is like way. Just all go to the Starbucks will be the same thing. So that's part of it. And now you know, when we started like way wanted to wrap a lot of our services in the Google, but we had the problem with hip a compliance. So in the early days, Google didn't have six years ago. In our early days, Google didn't have a lot of hip, a compliant services. Now they do. Now we're moving. We're trying to move everything we do almost in the Google. That's not because we just love everything about Google. It's for me. I have assessed Google security are team has assessed their security. We have contracts with them and in health care. It's very hard to take on new vendors and say Hey, is there security? Okay, are their contracts okay? It's like a months long process and then even at the end of the day, you still have another vendor out there that sharing your day, that you're sharing your data with them and it's precarious for me. It just it doubles my threat landscape. When I go from Google toe one more, it's like if I put my data there, >> so you're saying multi vendor the old way. This is actually a problematic situation for you. Both technically and what operate timewise or both are super >> problematic for me in terms of like where we spread our data to like It just means that company every hack against that company is brutal for us, like And you know, the other side of the equation is Google has really good pricing. Comparatively, yes, Today we're talking about Big Query, for example, and they wanted to compare Big Query to some other systems and be crazy. G, c p. And And we looked at the other systems and we couldn't find the pricing online. And, like Google's pricing was right there was completely transparent. Easy to understand. The >> security's been vetted. The security's >> exactly Kim. Can you explain when you said the multi vendor of creates problems for you? Why is this? Is it not so much that one vendor is better? The other assistant? It's different. It's different processes or their discernible differences in the quality of the security. >> There are definitely discernible differences in quality, for sure. Yeah, >> and then add to that different processes. Skill sets. Is that writer? Yes, Double click on that E >> everybody away. There's always some I mean almost every vendor. You know, there's always something that you're not perfectly okay with. On the part of the security is something you don't totally like about it. And the more vendors you add, you have. Okay. This person, they're not too good on their physical security at their data center or they're not too good on their policies. They're not too good on their disaster recovery. Like there's you always give a little bit somewhere. I hate to say it, but it's true. It's like nobody's super >> perfect like it's It's so it's a multiplication effects on the trade offs that you have to make. Yeah, it's necessarily bad, but it's just not the way you want to do it. All right? Okay. >> All the time. So you got to get in an S L A u have meetings. You gotta do something vetting. It's learning curves like on the airport taking your shoes off. Yeah. Yeah. And then there's the >> other part. Beyond the security is also downtime. Like if they suffer downtime. How much is that going to impact our company? >> Karthik, you talked about this This new access mall, this three layer who authentication that is the device trusted in the context. I don't understand how you balance the ratio between sort of false positives versus blocking. I think for authentication and devices pretty clear I can authenticate. You are. I don't trust this device. You're not getting in, but the context is interesting. Is that like a tap on the shoulder with with looking at mail? Hey, be careful. Or how are you balancing that? The context realm? >> Yeah, I think it's all about customer choice. Again, customers have, but they look at their application footprint there, making clear decisions on Hey, this is a parole application is a super sensitive as an example, maybe about based meeting application. Brotherly, not a sensitive. So when they're making decisions about hey, you have a manage device. I will need a manage device in order for you to access the payroll application. But if you have you bring your own device. I'm off perfectly fine if you launch a meeting from that. So those are the levels that people are making decisions on today, and it's super easy to segment and classify your application. >> Talk about the the people that are out there watching might say, You know what? I've been really struggling with identity. I've had, you know, l'd app servers at all this stuff out there, you name it. They've all kinds of access medals over the years, the perimeters now gone. So I got a deal to coffee shop, kind of working experience and multiple devices. All these things are reality. I gotta put a plan together. So the folks that are trying to figure this out, what's that? You guys have both weigh in on on approach to take or certain framework. What's what's? How does someone get the first few steps off to go out towards good cloud identity? >> Sure, I only go first, so I think many ways. That's what we try to simplify it. One solution that we call cloud identity because what people want is I want that model. Seems like a huge mountain in front of me, like how do I figure these things out? I'm getting a lot of these terminologies, so I think the key is to just get started on. We've given them lots of ways. You can take the whole of cloud identity solution back to Kim's point. It can be one license from us, that's it and you're done. It's one unified. You I thinks like that. You can also, if you just want to run state three applications on DCP we have something called identity ofher Proxy. It's very fast. Just load yaps random on disability and experience this beyond >> work Classic enterprise Khun >> Yeah, you run all the applications and dcpd and you can And now they're announcing some things that help you connect back with John Thomas application. That's a great way to get started. >> Karthik painted this picture of Okay, it's no perimeter. You can't just dig a moat. The queen wants to leave the castle. All the security, you know, metaphors that we use. I'm interested in how you're approaching response to these days because you have to make trade us because there are discernible differences with different vendors. Make the assumption that people are going to get in so response becomes increasingly important. What have you changed to respond more quickly? What is Google doing to help? >> Well, yeah, So in a model where we are using, a lot of different vendors were having to like they're not necessarily giving us response and detection. Google. Every service we'd wrap into them automatically gets effectively gets wrapped into our security dashboard. There's a couple of different passwords we can use and weaken. Do reporting. We do it. A tremendous amount of compliance content, compliance controls on our DLP, out of e mail out of Dr and there's detection. There's like it's like we don't have to buy an extra tool for detection for every different type of service we have, it's just built into the Google platform, which is it's It's phenomenal from >> detection baked in, It's just >> baked in. We're not to pay extra for it. In fact, I mean way by the enterprise license because it's completely worth it for us. Um, you know, assumes that came out, the enterprise part of it and all the extra tools. We were just immediately on that because the vault is a big thing for us as well. It's like not only response, but how you dig through your assets toe. Look for evidence of things like, if you have some sort of legal case, you need vault, Tio, you know, make the proper ah, data store for that stuff >> is prioritization to Is it not like, figure it out? Okay, which, which threats to actually go after and step out? And I guess other automation. I mean, I don't know if you're automating your run book and things of that nature. But automation is our friends. Ah, big friend of starting >> on the product measures I What's the roadmap looks like and you share any insight into what your priorities are to go the next level. Aussie Enterprise Focus. For Google Cloud is clear Customs on stage. You guys have got a lot of integration points from Chromebooks G Sweep all the way down through Big Query with Auto ML All the stuff's happening. What's on your plate for road map? What things are you innovating around? >> I mean, it's beyond car vision that we're continuing to roll out. We've just ruled out this bit of a sweet access, for example, but all these conditions come in. Do you want to take that to G et? You're gonna look. We're looking at extending that context framework with all the third party applications that we have even answers Thing called beyond our devices FBI and beyond Corp Alliance, because we know it's not just Google security posture. Customers are made investments and other security companies and you want to make sure all of that interoperate really nicely. So you see a lot more of that coming out >> immigration with other security platform. Certainly, enterprises require that I buy everything on the planet these days to protect themselves >> Like there's another company. Let's say that you're using for securing your devices. That sends a signal thing. I trust this device. It security, passing my checks. You want to make sure that that comes through and >> now we're gonna go. But what's your boss's title? Kim Theo, you report to the CEO. Yeah, Awesome guys. >> Creation. Thank you >> way. We've seen a lot of shifts in where security is usually now pretty much right. Strategic is core for the operations with their own practices. So, guys, thanks for coming on. Thanks for the thing you think of the show so far. What's the What's The takeaway came I'll go to you first. What's your What's the vibe of the >> show? It's a little tough for me because I have one of my senior security engineers here, and he's been going to a lot of the events and he comes to me and just >> look at all >> this stuff that they have like, way were just going over before this. I was like, Oh my God, we want to go back to our r R R office and take it all in right today. You know, if we could So yeah, it's a little tough because >> in the candy store way >> love it because again, it's like it's already paying for it. It's like they're just adding on services that we wanted, that we're gonna pay for it now. It's >> and carted quickly. Just get the last word I know was commenting on our opening this morning around how Google's got all five been falling Google since really the beginning of the company and I know for a fact is a tana big day that secures all spread for the company matter. Just kind of getting it. Yeah, share some inside quickly about what's inside Google. From a security asset standpoint, I p software. >> Absolutely. I mean, security's built from the ground up. We've been seeing that and going back to the candy store analogy. It feels like you've always had this amazing candy, but now there's like a stampede to get it, and it's just built in from the ground up. I love the solution. Focus that you found the keynotes and all the sessions that's happening. >> That's handsome connective tissue like Antos. Maybe the kind of people together. >> Yeah. I don't like >> guys. Thanks for coming on. We appreciate Kartik, Kim. Thanks for coming on. It's accused. Live coverage here on the ground floor were on the floor here. Day two of Google Cloud next here in San Francisco on Jeffrey David Lantz Stevens for more coverage after this short break.

>> From our studios in the heart of Silicon Valley. HOLLOWAY ALTO, California It is a cube conversation. >> Welcome to the special. Keep conversation here in Palo Alto, California. I'm John for a co host of the Cube. Were Arsenal was a C I S O. C. So for Microsoft also corporate vice President, Chief information security. Thanks for joining me today. >> Thank you. >> Appreciate it. Thanks. So you have a really big job. You're a warrior in the industry, security is the hardest job on the planet. >> And hang in sight >> of every skirt. Officer is so hard. Tell us about the role of Microsoft. You have overlooked the entire thing. You report to the board, give us an overview of what >> happens. Yeah. I >> mean, it's you know, obviously we're pretty busy. Ah, in this world we have today with a lot of adversaries going on, an operational issues happening. And so I have responsibility. Accountability for obviously protecting Microsoft assets are customer assets. And then ah, And for me, with the trend also responsibility for business continuity Disaster recovery company >> on the sea. So job has been evolving. We're talking before the camera came on that it's coming to CEO CF roll years ago involved to a business leader. Where is the sea? So roll now in your industry is our is a formal title is it establishes their clear lines of reporting. How's it evolved? What's the current state of the market in terms of the sea? So it's roll? >> Yeah, the role is involved. A lot. Like you said, I think like the CIA or twenty years ago, you know, start from the back room of the front room and I think the, you know, one of things I look at in the role is it's really made it before things. There's technical architecture, there's business enablement. There's operational expert excellence. And then there's risk management and the older ah, what does find the right word? But the early see so model was really about the technical architecture. Today. It's really a blend of those four things. How do you enable your business to move forward? How do you take calculated risks or manage risks? And then how do you do it really effectively and efficiently, which is really a new suit and you look at them. You'LL see people evolving to those four functions. >> And who's your boss? Would you report to >> I report to a gentleman by the name of a curtain. Little Benny on DH. He is the chief digital officer, which would be a combination of Seo did officer and transformation as well as all of Microsoft corporate strategy >> and this broad board visibility, actually in security. >> Yeah, you >> guys, how is Microsoft evolved? You've been with the company for a long time >> in the >> old days ahead perimeters, and we talk about on the Cube all the time. When a criminalist environment. Now there's no perimeter. Yeah, the world's changed. How is Microsoft evolved? Its its view on security Has it evolved from central groups to decentralize? How is it how how was it managed? What's the what's the current state of the art for security organization? >> Well, I think that, you know, you raise a good point, though things have changed. And so in this idea, where there is this, you know, perimeter and you demanded everything through the network that was great. But in a client to cloak cloud world, we have today with mobile devices and proliferation or cloud services, and I ot the model just doesn't work anymore. So we sort of simplified it down into Well, we should go with this, you know, people calls your trust, I refer to It is just don't talk to strangers. But the idea being is this really so simplified, which is you've got to have a good identity, strong identity to participate. You have to have managed in healthy device to participate, to talk to, ah, Microsoft Asset. And then you have to have data in telemetry that surrounds that all the time. And so you basically have a trust, trust and then verify model between those three things. And that's really the fundamental. It's really that simple. >> David Lava as Pascal senior with twenty twelve when he was M. C before he was the C E O. V M. Where he said, You know his security do over and he was like, Yes, it's going to be a do over its opportunity. What's your thoughts on that perspective? Has there been a do over? Is it to do over our people looking at security and a whole new way? What's your thoughts? >> Yeah, I mean, I've been around security for a long time, and it's there's obviously changes in Massa nations that happened obviously, at Microsoft. At one point we had a security division. I was the CTO in that division, and we really thought the better way to do it was make security baked in all the products that we do. Everything has security baked in. And so we step back and really change the way we thought about it. To make it easier for developers for end users for admin, that is just a holistic part of the experience. So again, the technology really should disappear. If you really want to be affected, I think >> don't make it a happy thought. Make it baked in from Day one on new product development and new opportunity. >> Yeah, basically, shift the whole thing left. Put it right in from the beginning. And so then, therefore, it's a better experience for everyone using it. >> So one of things we've observed over the past ten years of doing the Cube when do first rolled up with scene, you know, big data role of date has been critical, and I think one of the things that's interesting is, as you get data into the system, you can use day that contextually and look at the contextual behavioral data. It's really is create some visibility into things you, Meyer may not have seen before. Your thoughts and reaction to the concept of leveraging data because you guys get a lot of data. How do you leverage the data? What's the view of data? New data will make things different. Different perspectives creates more visibility. Is that the right view? What's your thoughts on the role of Data World Data plays? >> Well, they're gonna say, You know, we had this idea. There's identity, there's device. And then there's the data telemetry. That platform becomes everything we do, what there's just security and are anomalous behavior like you were talking about. It is how do we improve the user experience all the way through? And so we use it to the service health indicator as well. I think the one thing we've learned, though, is I was building where the biggest data repositories your head for some time. Like we look at about a six point five trillion different security events a day in any given day, and so sort of. How do you filter through that? Manage? That's pretty amazing, says six point five trillion >> per day >> events per day as >> coming into Microsoft's >> that we run through the >> ecosystem your systems. Your computers? >> Yeah. About thirty five hundred people. Reason over that. So you can Certainly the math. You need us. Um, pretty good. Pretty good technology to make it work effectively for you and efficiently >> at RC A Heard a quote on the floor and on the q kind of echoing the same sentiment is you can't hire your way to success in this market is just not enough people qualified and jobs available to handle the volume and the velocity of the data coming in. Automation plays a critical role. Your reaction to that comment thoughts on? >> Well, I think I think the cure there, John, those when you talk about the volume of the data because there's what we used to call speeds and feeds, right? How big is it? And I used to get great network data so I can share a little because we've talked, like from the nineties or whatever period that were there. Like the network was everything, but it turns out much like a diverse workforce creates the best products. It turns out diverse data is more important than speeds and feeds. So, for example, authentication data map to, you know, email data map to end point data map. TEO SERVICE DATA Soon you're hosting, you know, the number of customers. We are like financial sector data vs Healthcare Data. And so it's the ability Teo actually do correlation across that diverse set of data that really differentiates it. So X is an example. We update one point two billion devices every single month. We do six hundred thirty billion authentications every single month. And so the ability to start correlating those things and movement give us a set of insights to protect people like we never had before. >> That's interesting telemetry you're getting in the marketplace. Plus, you have the systems to bring it in >> a pressure pressure coming just realized. And this all with this consent we don't do without consent, we would never do without consent. >> Of course, you guys have the terms of service. You guys do a good job on that, But I think the point that I'm seeing there is that you guys are Microsoft. Microsoft got a lot of access. Get a lot of stuff out there. How does an enterprise move to that divers model because they will have email, obviously. But they have devices. So you guys are kind of operating? I would say tear one of the level of that environment cause you're Microsoft. I'm sure the big scale players to that. I'm just an enterprising I'm a bank or I'm an insurance company or I'm in oil and gas, Whatever the vertical. Maybe. What do I do if I'm the sea? So they're So what does that mean, Diversity? How should they? >> Well, I think they have a diverse set of data as well. Also, if they participate, you know, even in our platform today, we you know, we have this thing called the security graph, which is an FBI people can tap into and tap into the same graph that I use and so they can use that same graph particular for them. They can use our security experts to help them with that if they don't have the all the resource and staff to go do that. So we provide both both models for that to happen, and I think that's why a unique perspective I should think should remind myself of which is we should have these three things. We have a really good security operations group we have. I think that makes us pretty unique that people can leverage. We build this stuff into the product, which I think is good. But then the partnership, the other partners who play in the graph, it's not just us. So there's lots of people who play on that as well. >> So like to ask you two lines of questions. Wanting on the internal complex is that organizations will have on the external complexity and realities of threats and coming in. How do they? How do you balance that out? What's your vision on that? Because, you know, actually, there's technology, his culture and people, you know in those gaps and capabilities on on all three. Yeah, internally just getting the culture right and then dealing with the external. How does a C so about his company's balance? Those realities? >> Well, I think you raised a really good point, which is how do you move the culture for? That's a big conversation We always have. And that was sort of, you know, it's interesting because the the one side we have thirty five hundred people who have security title in their job, But there's over one hundred thousand people who every day part of their job is doing security, making sure they'LL understand that and know that is a key part we should reinforce everyday on DSO. But I think balancing it is, is for me. It's actually simplifying just a set of priorities because there's no shortage of, you know, vendors who play in the space. There's no shortage of things you can read about. And so for us it was just simplifying it down and getting it. That simplifies simplified view of these are the three things we're going to go do we build onerous platform to prioritize relative to threat, and then and then we ensure we're building quality products. Those five things make it happen. >> I'd like to get your thoughts on common You have again Before I came on camera around how you guys view simplification terminal. You know, you guys have a lot of countries, the board level, and then also you made a common around trust of security and you an analogy around putting that drops in a bucket. So first talk about the simplification, how you guys simplifying it and why? Why is that important? >> You think we supply two things one was just supplying the message to people understood the identity of the device and making sure everything is emitting the right telemetry. The second part that was like for us but a Z to be illustrative security passwords like we started with this technology thing and we're going to do to FAA. We had cards and we had readers and oh, my God, we go talk to a user. We say we're going to put two FAA everywhere and you could just see recoil and please, >> no. And then >> just a simple change of being vision letters. And how about this? We're just going to get rid of passwords then People loved like they're super excited about it. And so, you know, we moved to this idea of, you know, we always said this know something, know something new, how something have something like a card And they said, What about just be something and be done with it? And so, you know, we built a lot of the capability natively into the product into windows, obviously, but I supported energies environment. So I you know, I support a lot of Mac clinics and IOS and Android as well So you've read it. Both models you could use by or you could use your device. >> That's that. That's that seems to be a trend. Actually, See that with phones as well as this. Who you are is the password and why is the support? Because Is it because of these abuses? Just easy to program? What's the thought process? >> I think there's two things that make it super helpful for us. One is when you do the biometric model. Well, first of all, to your point, the the user experience is so much better. Like we walk up to a device and it just comes on. So there's no typing this in No miss typing my password. And, you know, we talked earlier, and that was the most popular passwords in Seattle with Seahawks two thousand seventeen. You can guess why, but it would meet the complexity requirements. And so the idea is, just eliminate all that altogether. You walk up machine, recognize you, and you're often running s o. The user experience is great, but plus it's Actually the entropy is harder in the biometric, which makes it harder for people to break it, but also more importantly, it's bound locally to the device. You can't run it from somewhere else. And that's the big thing that I think people misunderstanding that scenario, which is you have to be local to that. To me, that's a >> great example of rethinking the security paradigm. Exactly. Let's talk about trust and security. You you have an opinion on this. I want to get your thoughts, the difference between trust and security so they go hand in hand at the same time. They could be confused. Your thoughts on this >> well being. You can have great trust. You can, so you can have great security. But you generally and you would hope that would equate like a direct correlation to trust. But it's not. You need to you build trust. I think our CEO said it best a long time ago. You put one bucket of water, one bucket. Sorry, one truffle water in the bucket every time. And that's how you build trust. Over time, my teenager will tell you that, and then you kick it over and you put it on the floor. So you have to. It's always this ratcheting up bar that builds trust. >> They doing great you got a bucket of water, you got a lot of trust, that one breach. It's over right, >> and you've got to go rebuild it and you've got to start all over again. And so key, obviously, is not to have that happen. But then, that's why we make sure you have operational rigor and >> great example that just totally is looking Facebook. Great. They have massive great security. What really went down this past week, but still the trust factor on just some of the other or societal questions? >> Yeah, >> and that something Do it. >> Security. Yeah, I think that's a large part of making sure you know you're being true. That's what I said before about, you know, we make sure we have consent. We're transparent about how we do the things we do, and that's probably the best ways to build trust. >> Okay, so you guys have been successful in Microsoft, just kind of tight the company for second to your role. It's pretty well documented that the stock prices at an all time high. So if Donatella Cube alumni, by the way, has been on the cue before he he took over and clear he didn't pivot. He just said we'd go in the cloud. And so the great moves, he don't eat a lot of great stuff. Open source from open compute to over the source. And this ship has turned and everything's going great. But that cheering the cloud has been great for the company. So I gotta ask you, as you guys move to the cloud, the impact to your businesses multi fold one products, ecosystem suppliers. All these things are changing. How has security role in the sea? So position been impact that what have you guys done? How does that impact security in general? Thoughts? >> Yeah, I think we obviously were like any other enterprise we had thousands of online are thousands of line of business applications, and we did a transformation, and we took a method logical approach with risk management. And we said, Okay, well, this thirty percent we should just get rid of and decommission these. We should, you know, optimize and just lifting shifting application. That cloud was okay, but it turns out there's massive benefit there, like for elasticity. Think of things that quarterly reporting or and you'll surveys or things like that where you could just dynamically grow and shrink your platform, which was awesome linear scale that we never had Cause those events I talk about would require re architectures. Separate function now becomes linear. And so I think there is a lot of things from a security perspective I could do in a much more efficient must wear a fish. In fact, they're then I had to have done it before, but also much more effective. I just have compute capability. Didn't have I have signal I didn't have. And so we had to wrap her head around that right and and figure out how to really leverage that. And to be honest, get the point. We're exploited because you were the MySpace. I have disaster and continent and business. This is processed stuff. And so, you know, everyone build dark fiber, big data centers, storage, active, active. And now when you use a platform is a service like on that kind of azure. You could just click a Bach and say, I want this thing to replicate. It also feeds your >> most diverse data and getting the data into the system that you throw a bunch of computer at that scale. So What diverse data? How does that impact the good guys and the bad guys? That doesn't tip the scales? Because if you have divers date and you have his ability, it's a race for who has the most data because more data diversity increases the aperture and our visibility into events. >> Yeah, I you >> know, I should be careful. I feel like I always This's a job. You always feel like you're treading water and trying to trying to stay ahead. But I think that, um, I think for the first time in my tenure do this. I feel there's an asymmetry that benefits. They're good guys in this case because of the fact that your ability to reason over large sets of data like that and is computed data intensive and it will be much harder for them like they could generally use encryption were effectively than some organization because the one the many relationship that happens in that scenario. But in the data center you can't. So at least for now, I feel like there's a tip This. The scales have tipped a bit for the >> guy that you're right on that one. I think it's good observation I think that industry inside look at the activity around, from new fund adventures to overall activity on the analytics side. Clearly, the data edge is going to be an advantage. I think that's a great point. Okay, that's how about the explosion of devices we're seeing now. An explosion of pipe enabled devices, Internet of things to the edge. Operational technologies are out there that in factory floors, everything being I P enables, kind of reminds me of the old days. Were Internet population you'd never uses on the Internet is growing, and >> that costs a lot >> of change in value, creation and opportunities devices. Air coming on both physical and software enabled at a massive rate is causing a lot of change in the industry. Certainly from a security posture standpoint, you have more surface area, but they're still in opportunity to either help on the do over, but also create value your thoughts on this exploding device a landscape, >> I think your Boston background. So Metcalfe's law was the value the net because the number of the nodes on the network squared right, and so it was a tense to still be true, and it continues to grow. I think there's a huge value and the device is there. I mean, if you look at the things we could do today, whether it's this watch or you know your smartphone or your smart home or whatever it is, it's just it's pretty unprecedented the capabilities and not just in those, but even in emerging markets where you see the things people are doing with, you know, with phones and Lauren phones that you just didn't have access to from information, you know, democratization of information and analysis. I think it's fantastic. I do think, though, on the devices there's a set of devices that don't have the same capabilities as some of the more markets, so they don't have encryption capability. They don't have some of those things. And, you know, one of Microsoft's responses to that was everything. Has an M see you in it, right? And so we, you know, without your spirit, we created our own emcee. That did give you the ability to update it, to secure, to run it and manage it. And I think that's one of the things we're doing to try to help, which is to start making these I, O. T or Smart devices, but at a very low cost point that still gives you the ability because the farm would not be healed Update, which we learn an O. T. Is that over time new techniques happen And you I can't update the system >> from That's getting down to the product level with security and also having the data great threats. So final final talk Tracking one today with you on this, your warrior in the industry, I said earlier. See, so is a hard job you're constantly dealing with compliance to, you know, current attacks, new vector, new strains of malware. And it's all over the map. You got it. You got got the inbound coming in and you got to deal with all that the blocking and tackling of the organization. >> What do you What do >> you finding as best practice? What's the what if some of the things on the cso's checklist that you're constantly worried about and or investing in what some of >> the yeah, >> the day to day take us through the day to day life >> of visited a lot? Yeah, it >> starts with not a Leslie. That's the first thing you have to get used to, but I think the you know again, like I said, there's risk Manager. Just prioritize your center. This is different for every company like for us. You know, hackers don't break and they just log in. And so identity still is one of the top things. People have to go work on him. You know, get rid of passwords is good for the user, but good for the system. We see a lot in supply chain going on right now. Obviously, you mentioned in the Cambridge Analytical Analytics where we had that issue. It's just down the supply chain. And when you look at not just third party but forthe party fifth party supply and just the time it takes to respond is longer. So that's something that we need to continue to work on. And then I think you know that those are some of the other big thing that was again about this. How do you become effective and efficient and how you managed that supply chain like, You know, I've been on a mission for three years to reduce my number of suppliers by about fifty percent, and there's still lots of work to do there, but it's just getting better leverage from the supplier I have, as well as taking on new capability or things that we maybe providing natively. But at the end of the day, if you have one system that could do what four systems going Teo going back to the war for talent, having people, no forces and versus one system, it's just way better for official use of talent. And and obviously, simplicity is the is the friend of security. Where is entropy is not, >> and also you mentioned quality data diversity it is you're into. But also there's also quality date of you have quality and diverse data. You could have a nice, nice mechanism to get machine learning going well, but that's kind of complex, because in the thie modes of security breaches, you got pre breached in breech post breach. All have different data characteristics all flowing together, so you can't just throw that answer across as a prism across the problem sets correct. This is super important, kind of fundamentally, >> yeah, but I think I >> would I would. The way I would characterize those is it's honestly, well, better lessons. I think I learned was living how to understand. Talk with CFO, and I really think we're just two things. There's technical debt that we're all working on. Everybody has. And then there's future proofing the company. And so we have a set of efforts that go onto like Red Team. Another actually think like bad people break them before they break you, you know, break it yourself and then go work on it. And so we're always balancing how much we're spending on the technical, that cleanup, you know, modernizing systems and things that are more capable. And then also the future proofing. If you're seeing things coming around the corner like cryptography and and other other element >> by chain blockchain, my supply chain is another good, great mechanism. So you constantly testing and R and D also practical mechanisms. >> And there in the red team's, which are the teams that attacking pen everything, which is again, break yourself first on this super super helpful for us >> well bred. You've seen a lot of ways of innovation have been involved in multiple ways computer industry client server all through the through the days, so feel. No, I feel good about this you know, because it reminds me and put me for broken the business together. But this is the interesting point I want to get to is there's a lot of younger Si SOS coming in, and a lot of young talent is being attractive. Security has kind of a game revived to it. You know, most people, my friends, at a security expert, they're all gamers. They love game, and now the thrill of it. It's exciting, but it's also challenging. Young people coming might not have experience. You have lessons you've learned. Share some thoughts over the years that scar either scar tissue or best practices share some advice. Some of the younger folks coming in breaking into the business of, you know, current situation. What you learned over the years it's Apple Apple. But now the industry. >> Yeah, sadly, I'd probably say it's no different than a lot of the general advice I would have in the space, which is there's you value experience. But it turns out I value enthusiasm and passion more here so you can teach about anybody whose passion enthusiastic and smart anything they want. So we get great data people and make them great security people, and we have people of a passion like you know, this person. It's his mission is to limit all passwords everywhere and like that passion. Take your passion and driver wherever you need to go do. And I >> think the nice >> thing about security is it is something that is technically complex. Human sociology complex, right? Like you said, changing culture. And it affects everything we do, whether it's enterprise, small, medium business, large international, it's actually a pretty It's a fasten, if you like hard problem. If you're a puzzle person, it's a great It's a great profession >> to me. I like how you said Puzzle. That's I think that's exactly it. They also bring up a good point. I want to get your thoughts on quickly. Is the talent gap is is really not about getting just computer science majors? It's bigger than that. In fact, I've heard many experts say, and you don't have to be a computer scientist. You could be a lot of cross disciplines. So is there a formula or industry or profession, a college degree? Or is it doesn't matter. It's just smart person >> again. It depends if your job's a hundred percent. Security is one thing, but like what we're trying to do is make not we don't have security for developers you want have developed to understand oppa security and what they build is an example on DSO. Same with administrators and other components. I do think again I would say the passion thing is a key piece for us, but But there's all aspects of the profession, like the risk managers air, you know, on the actuarial side. Then there's math people I had one of my favorite people was working on his phD and maladaptive behavior, and he was super valuable for helping us understand what actually makes things stick when you're trying to train their educate people. And what doesn't make that stick anthropologist or super helpful in this field like anthropologist, Really? Yeah, anthropologist are great in this field. So yeah, >> and sociology, too, you mentioned. That would think that's a big fact because you've got human aspect interests, human piece of it. You have society impact, so that's really not really one thing. It's really cross section, depending upon where you want to sit in the spectrum of opportunity, >> knowing it gives us a chance to really hire like we hire a big thing for us has been hard earlier in career and building time because it's just not all available. But then also you, well, you know, hire from military from law enforcement from people returning back. It's been actually, it's been a really fascinating thing from a management perspective that I didn't expect when I did. The role on has been fantastic. >> The mission. Personal question. Final question. What's getting you excited these days? I mean, honestly, you had a very challenging job and you have got attend all the big board meetings, but the risk management compliance. There's a lot of stuff going on, but it's a lot >> of >> technology fund in here to a lot of hard problems to solve. What's getting you excited? What what trends or things in the industry gets you excited? >> Well, I'm hopeful we're making progress on the bad guys, which I think is exciting. But honestly, this idea the you know, a long history of studying safety when I did this and I would love to see security become the air bags of the technology industry, right? It's just always there on new president. But you don't even know it's there until you need it. And I think that getting to that vision would be awesome. >> And then really kind of helping move the trust equation to a whole other level reputation. New data sets so data, bits of data business. >> It's total data business >> breath. Thanks for coming on the Q. Appreciate your insights, but also no see. So the chief information security officer at Microsoft, also corporate vice president here inside the Cuban Palo Alto. This is cute conversations. I'm John Career. Thanks for watching. >> Thank you.

Silicon Valley, it's theCUBE covering People First Network. Brought to you by Mayfield. >> Hello, I'm John Furrier here in Palo Alto for an exclusive conversation, CUBE conversation, part of the People First Network with theCUBE and Mayfield fund. I'm here with John Chambers at his house in Palo Alto. John Chambers is the former CEO/Chairman of Cisco Systems, now running J2C, JC2 Ventures. Great to see you, thanks for spending time! >> It's a pleasure to be together again. >> I'm here for two reasons. One, I wanted a conversation about People First and technology waves, but also, I want to talk about your new book, which is exciting, called Connecting the Dots. And it's not your standard business book, where, you know, hey, rah-rah, you know, like a media post these days on the internet; it's some personal stories weaved in with the lessons you've learned through the interactions you've had with many people over the years, so exciting book and I'm looking forward to talking about that. >> Thank you! >> Again, John Chambers, legend, Cisco, 1991 when you joined the company from Wang before that. 400 employees, one product, 70 million in revenue. And when you retired in 2015, not so much retired, 'cos you've got some--. >> I'm working on my next chapter! >> You've got your next chapter (laughs)! 180 acquisitions, 447 billion in revenue, you made 10,000 people millionaires, you created a lot of value, probably one of the biggest inflection points in computer history, the evolution of inter-networking and tying systems together, it was probably one of the biggest waves somewhat before the wave we're on now. So an amazing journey, now you're running JC2 Ventures and investing in game-changing start-ups. So you're not retired? >> No. It was only my next chapter. I made my decision almost 10 years before I left Cisco first, to make for a very smooth transition because it's my family, and out of the 75,000 people, I hired all but 23 of them! And in terms of what I wanted to do next, I really wanted to both give back, create more jobs, get our start-up engine going again in this country, and it's currently broken, and I want to do that on a global basis, in places like France and India as well. So I'm on to my next chapter, but the fun part in this chapter is that I do the things that I love. >> And you've got a great team behind you, but also, you have a great personal network. And I want to get into that, of your personal stories as well as your social network in business and in the community; but one of the things I want to get up front, because I think this is important for this conversation is, you've been very strong. I've seen you present many times over the years, going way back into the 90's. You're eloquent, you're people-oriented, but you have a knack for finding the waves, seeing transitions, you've been through many waves. >> Yes I have, good and bad. >> Good and bad. But one of the big ones, how do you spot those transitions? And what wave are we in now? I mean, talk about the wave that's happening now, it's unprecedented on many levels, but, different, but it's still a wave. >> It is, and outgoing market transitions and often combined with either economic changes or business model changes with technology. And part of the reason that I've been fortunate to be able to identify many of them is I listen to customers very carefully, but also, you're often a product of your prior experiences. Having experienced West Virginia, one of the top states in the US in terms of the chemical industry, uh, during the 40's and 50's and 60's when I was growing up there, and literally more millionaires in West Virginia than there were in the entire Great Britain. We were on top of the world in the chemical industry, and the coal industry, and yet, because we missed transitions, and we should've seen them coming, the state fell a long way, so now we're trying to correct that with some of the start-up activity we'll talk about later. As you see this, and then I went to Boston, 128, we were talking earlier, Wang Laboratories, the mini-computer era, but I was in IBM first out of the central part of the nation, so I watched IBM and Mainframes, and then I watched them miss on going to the mini-computer, and then miss in terms of the internet. So I was able to see the transitions that occurred in Boston, Route 128, where we were the Silicon Valley of the world, and we knew it, and this unusual area out in California called Silicon Valley, we paid almost no attention to, and we didn't realize we failed to make a transition from the mini-computer era to the pc and the internet era. Then I joined Cisco, and saw the internet era. So part of it is, you're a product of your experiences, and know the tremendous pain that occurs, because Boston 128 is nowhere near what it used to be, so there's no entitlement in this new world out of the thousand high-tech companies that I was associated with, including four or five giants in mini-computers, none of them are really in existence today, so it shows you, if you don't identify the transitions, number one, you're going to have an opportunity to benefit by them, but number two, you sure have an opportunity to get hurt by them. >> And you know, these waves also create a lot of wealth and value; not just personal wealth, but community wealth, and Cisco in particular had a good thing going for them, you know, TCP-IP was a defact-- not even a standard, it was a defacto standard at that time, IBM and these kinds of digital equipment corporations dominated the network protocol. Even today, people are still trying to take out Cisco competitively, and they can't because they connected the world. Now the world's connected with digital, it's connected with mobile, so we're kind of seeing this connected wave globally. How do you think about that, now that you've seen the movie at the plumbing levels at Cisco, you now have been traveling the world, we're all connected. >> We are. And it's important to understand that I'm completely arms-length with Cisco, it's their company to run now, and I'm excited about their future. But I'm focused on the next chapter in my life, and while I think about the people at Cisco everyday, I'm into the start-up world now, so how do I think about it now? I think most of the innovation over the next decade will come from start-ups. The majority of the top engineering students, for example, at a Stanford or an MIT or a Polytechnique in France, which is the top engineering school, I think, in Europe, or at the ITs in India, they are all thinking about going to start-ups, which means this is where innovations going to come from. And if you think about a digital world going from the time you and I, we almost recruited you to Cisco, and then we finally did; there's only a thousand devices connected then when Cisco was founded. Today there are about 20 billion devices connected to the internet; in the future, it's going to be 500 billion in a decade, and so this concept of digitalization combined with artificial intelligence, all of a sudden we'll get the right information at the right time to the right person or machine to make the right decision, sounds complex, and it is. And it's ability to do that, I think start-ups are well-positioned to play a key role in, especially in innovation. So while the first stage of the internet, and before that were all dominated by the very large companies, I think you're going to see, in this next phase of digitalization, you're going to see a number of start-ups really emerge, in terms of the innovation leaders, and that's what I'm trying to do with my 16 investments I've made, but also coaching probably another 50 uh, start-ups around the world on a regular basis. >> And the impact of outside Silicon Valley, globally, how do you see that ecosystem developing with the entrepreneurship models that are now globally connected in with these connection points like Silicon Valley? >> It will partially in parallel, partially, it's a new phenomenon. I sold the movie of Boston 128, as I said earlier, and on top of the world, and there is no entitlement. The same thing's true with Cisco, um, sorry, of Silicon Valley today; there's no entitlement for the future, and just because we've led up until this point in time, doesn't mean we will in 10 years, so you can't take anything for granted. What you are seeing, since almost all job creation will be from start-ups, and small companies getting bigger, the large companies in total will probably not add any head count over this next decade because of artificial intelligence and digitization, and so you're now going to see job growth coming from those smaller companies, if these small companies don't get a forum to all 50 states, if they don't get a chance to grow their head count there, and the economic benefits of that, then we're going to leave whole states behind. So I think it's very important that we look at the next wave of innovation, I think there's a very good probability that it will be more inclusive, both by geography, by gender, and all diversity measures, and I'm optimistic about the future, but there are no guarantees, and we'll see how it plays out. >> Let's talk about your next chapter. I was going to wait, but I want to jump while we're on the topic. JC2 is a global start-up, game-changing start-up focus that you have. What is the thesis? What are you looking for, and talk about your mission? >> Well, our mission is very simple. I had a chance to change the world one time with Cisco, and many people, when I said Cisco's going to change the way the world works, lives, learns, and plays by enabling the internet, everybody said nice marketing, but you're a router company. And yet, I think most people would agree, probably more than any other company, we had the leadership role in changing the internet and the direction going on, and now, a chance to do it again, because I think the next wave of innovation will come from the start-ups, and it doesn't come easy. They need coaches, they need strategic partners, they need mentors as much as they need the venture capitalists, so I would think of as this focusing on disruptive start-ups that get very excited in these new areas of technology, ranging from physical and virtual worlds coming together, to artificial intelligence and automation everywhere, to the major capabilities on cyber security across that to the internet of things, so we're trying to say, how do we help these companies grow in skill? But if I was just after financial returns, I'd stay right here in the Valley. I can channel anybody, VC's here that I trust and they trust me, and it would be a better financial return. But I'm after, how do you do this across a number of states, already in seven states, and how do you do it in France and India as role models? >> It's got a lot of purpose. It's not just a financial purpose. I mean, entrepreneurs want to make money, too, but you've made some good money over the years, but this is a mission for you, this is a purpose. >> It is, but you referred to it in your opening comments. When we were at Cisco, I've always believed that the most successful owe an obligation to give back, and we did. We won almost every corporate social responsibility award there was. We won it from the Democrats and the Republicans, from Condie Rice and George Bush and from Hillary Clinton and President Obama. We also, as you said, made 10,000 Cisco employees millionaires just in the first decade. And we tried to give back to society with training programs like Network Academies and trained seven million students. And I think it's very important for the next generation of leaders here in the Valley to be good at giving back. And it's something that I think they owe an obligation to do, and I think we're in danger now of not doing it as well as we should, and for my start-ups, I try to pick young CEOs that understand, they want to make a financial return, and they want to get a great product out of this, but they also want to be fair and giving back to society and make it a win-win, if you will. >> And I think that's key. Mission-driven companies are attracting the best talent, too, these days, because people are more cognizant of that. I want to get into some of your personal stories. You mentioned giving back. And reading your book, your parents have had a big role in your life--. >> Yes, they have. >> And being in West Virginia has had a big role in your life. You mentioned it having a prosperity environment, and then missing that transition. Talk about the story of West Virginia and the role your parents played, because, they were doctors, so they were in the medical field. The combination of those two things, the culture where you were brought up, and your family impacted your career. >> I'm very proud of being from West Virginia, and very proud of the people in West Virginia, and you see it as you travel around the world. All of us who, whether we're in West Virginia, or came out of it, care about the state a great deal. The people are just plain good people, and I think they care about treating people with respect. If I were ever run off a road at night in the middle of the night, I'd want to be in West Virginia, (both laugh) when I go up to knock on that door. And I think it carries through. And also, the image of our state is one that people tend to identify in terms of a area that you like the people. Now what I'm trying to do in West Virginia, and what we just announced since last week, was to take the same model we did on doing acquisitions, 180 of them, and say here's the playbook, the innovation playbook for doing acquisitions better than anyone else, and take the model that we did on country digitization, which we did in Israel and France and India with the very top leaders, with Netanyahu and Shimon Peres in Israel, with Macron in France and with Modi in India, and drove it through, and then do the same thing in terms of how we take the tremendous prosperity and growth that you see in Silicon Valley, and make it more uniform across the country, especially as traditional business won't be adding head count. And while I'd like to tell you the chemical industry will come back to West Virginia and mining industry will come back in terms of job creation, they probably won't, a lot of that will be automated in the future. And so it is the ability to get a generation of start-ups, and do it in a unique way! And the hub of this has to be the university. They have to set the pace. Gordon Gee, the President there, gets this. He's created a start-up mentality across the university. The Dean of the business school, Javier Reyes is going across all of the university, in terms of how you do start-ups together with business school, with engineering, with computer science, with med school, et cetera. And then how do you attract students who will want to really be a part of this, how do you bring in venture capital, how do you get the Governor and the President and the Senate and the Speaker of the House on board? How do you get our two national senators, Shelly Moore Capito and also Joe Manchin, a Democrat and a Republican working together on common goals? And then how do you say here's what's possible, write the press release, be the model for how a country, or a state, comes from behind and that at one time, then a slow faller, how do we leap frog? And before you say it can't be done, that was exactly what people said first about India, when I said India would be the strongest growing economy in the world, and it is today, probably going to grow another seven to 10%. That means you double the per capita of everyone in India, done right, every seven to 10 years. And France being the innovation engine in Europe to place your new business, you and I would have said John, no way, just five years ago, yet it has become the start-up engine for Europe. >> It's interesting, you mentioned playbook, and I always see people try to replicate Silicon Valley. I moved out here from the East Coast in 1999, and it's almost magical here, it's hard to replicate, but you can reproduce some things. One of the common threads, though, is education. The role of education in the ecosystem of these new environments seems to be a key ingredient. Your thoughts about how education's going to play a role in these ecosystems, because education and grit, and entrepreneurial zeal, are kind of the magic formula. >> Well they are in many ways. It's about leadership, it's about the education foundation, it's about getting the best and brightest into your companies, and then having the ability to dream, and role models you can learn from. We were talking about Hewlett-Packard earlier, a great role model of a company that did the original start-up and Lou Platt, who was the President of HP when I came out here, I called him up and said, you don't know me, Lou, I'm with a company you've probably never heard of, and we have 400 people, but I don't know the Valley, can you teach me? And he did, and he met with me every quarter for three years, and then when I said what can I do to repay you back, because at that time, Cisco was on a roll, he said John, do it for the next generation. And so, that's what I'm trying to do, in terms of, you've got to have role models that you can learn from and can help you through this. The education's a huge part. At the core of almost all great start-up engines is a really world-class university. Not just with really smart students, but also with an entrepreneur skill and the ability to really create start-ups. John Hennessey, Stanford did an amazing thing over the last 17 years on how to create that here at Stanford, the best in the world, probably 40% of the companies, when I was with Cisco, we bought were direct or indirect outgrowth of Stanford. Draw a parallel. Mercury just across the way, and this isn't a Stanford/CAL issue, (both laugh) equally great students, very good focus on interdisciplinary activities, but I didn't buy a single company out of there. You did not see the start-ups grow with anywhere near the speed, and that was four times the number of students. This goes back to the educational institution, it has to have a focus on start-ups, it has to say how they drive it through, this is what MIT did in Boston, and then lost it when 128 lost it's opportunity, and this is what we're trying to do at West Virginia. Make a start-up engine where you've got a President, Gordon Gee, who really wants to drive this through, bring the political leaders in the state, and bring the Mountaineers, the global Mountaineers to bare, and then bring financial resources, and then do it differently. So to your point, people try to mimic Silicon Valley, but they do it in silos. What made Silicon Valley go was an ecosystem, an education system, a environment for risk-taking, role models that you could steal people from--. >> And unwritten rules, too. They had these unwritten rules like pay it forward, your experience with Lou Platt, Steve Jobs talks about his relationship with David Packard, and this goes on and on and on. This is an important part. Because I want to just--. >> Debt for good is a big, big issue. Last comment on education, it's important for this country to know, our K through 12 system is broken. We're non-competitive. People talk about STEM, and that's important, but if I were only educating people in three things, entrepreneurship, how to use technology, and artificial intelligence; I would build that into the curriculum where we lose a lot of our diversity, especially among females in the third, fourth, fifth grade, so you haveta really, I think, get people excited about this at a much earlier age. If we can become an innovation engine again, in this country, we are not today. We're not number one in innovation, we're number 11! Imagine that for America? >> I totally agree with ya! And I don't want to rant and waste a lot of time, but my rants are all on Facebook and Twitter. (both laugh) Education's a problem. It's like linear, it's like a slow linear train wreck, in my opinion, but now you have that skills gaps, you mentioned AI. So AI and community are two hot trends right now. I'm going to stay with community for a minute. You mentioned paying it forward. Open source software, these new forms of operational scale, cloud computing, open source software, that all have this ethos of pay it forward; community. And now, community is more important than ever. Not just from the tech world, but you're talking about in West Virginia, now on a global scale. How does the tech industry, how can the tech industry, in your opinion, nurture community at local, regional, global scale? >> This is a tough one John, and I'd probably answer it more carefully if I was still involved directly with Cisco. But the fun thing is, now I represent myself. >> In your own opinion, not Cisco. There's a cultural thing. This is, Silicon Valley has magic here, and community is part of it. >> Yes, well it's more basic than that. I think, basically, we were known for two decades, not just Cisco, but all of the Valley as tech for good, and we gave back to the communities, and we paid it forward all the time, and I use the example of Cisco winning the awards, but so do many of our peers. We're going to Palestine and helping to rebuild Palestine in terms of creating jobs, et cetera. We went in with the Intels of the world, and the Oracles and the other players and HP together, even though at times we might compete. I think today, it's not a given. I think there is a tug of war going on here, in terms of what is the underlying purpose of the Valley. Is it primarily to have major economic benefits, and a little bit of arm's length from the average citizen from government, or is it do well financially, but also do very well in giving back and making it inclusive. That tug of war is not a given. When you travel throughout the US, today, or around the world, there are almost as many people that view tech for bad as they do tech for good, so I think it's going to be interesting to watch how this plays out. And I do think there are almost competing forces here in the Valley about which way should that go and why. The good news is, I think we'll eventually get it right. The bad news is, it's 50/50 right now. >> Let's talk about the skill gap. A lot of leaders in companies right now are looking at a work force that needs to be leveled up, and as new jobs are coming online that haven't been trained for, these openings they don't have skills for because they haven't been taught. AI is one example, IOT you mentioned a few of those. How do great leaders, proactively and reactively, too, get the skills gaps closed? What strategies can you do, what's the playbook there? >> Well two separate issues. How do they get it closed, in terms of their employees, and second issue, how do we train dramatically better than we've done before? Let's go to the first one. In terms of the companies, I think that your ability to track the millennials, the young people, is based upon your vision of doing more than quote just making a profit, and you want to be an exciting place to work with a great culture, and part of that culture should be giving back. Having said that, however, the majority of the young people today, and I'm talking about the tops out of the key engineering schools, et cetera, they want to go to start-ups. So what you're going to see is, how well established companies work with start-ups, in a unique partnership, is going to be one of the textbook opportunities for the future, because most companies, just like they didn't know how to acquire tech companies and most of all tech acquisitions failed, even through today. We wrote the textbook on how to do it differently. I think how these companies work with start-ups and how they create a strategic relationship with a company they know has at least a 50/50 probability of going out of business. And how do you create that working relationship so that you can tap into these young innovative ideas and partnerships, and so, what you see with the Spark Cognition, 200 people out of Texas, brilliant, brilliant CEO there in terms of what he is focused on, partnering with Boeing in that 50/50 joint venture, 50/50 joint venture to do the next FAA architecture for unmanned aircraft in this country. So you're going to see these companies relate to these start-ups in ways they haven't done before. >> Partnership and collaboration and acquisitions are still rampant on the horizon, certainly as a success for you. Recently in the tech industry we're seeing big acquisitions, Dell, EMC, IBM bought Red Hat, and there's some software ones out there. One was just going public and got bought, just recently, by SAP, how do you do the acqui-- you've done 180 of them? How do you do them successfully without losing the innovation and losing the people before they invest and leave; and this is a key dynamic, how do companies maintain innovation in an era of collaboration, partnerships, and enmity? >> I had that discussion this morning at Techonomy with David Kirkpatrick, and David said how do you do this. And then as I walked out of the room, I had a chance to talk with other people and one of them from one of the very largest technology companies said, John, we've watched you do this again and again; we assumed that when we acquired a company, we'd get them to adjust to our culture and it almost never worked, and we lost the people at a tremendously fast pace, especially after their lock-in of 18 to 24 months came up. We did the reverse. What we did was develop a replicatible innovation playbook, and I talk about it in that book, but we did this for almost everything we did at Cisco, and I would've originally called that, bureaucracy, John. (both laugh) I would've said that's what slow companies do. And actually, if done right, allows you to move with tremendous speed and agility, and so we'd outline what we'd look for in terms of strategy and vision; if our cultures weren't the same, we didn't acquire them. And if we couldn't keep the people, to generate the next generation of product, that was a bad financial decision for us, as well. So our attrition rate averaged probably about 5% or over while I was at Cisco for 20 years. Our voluntary attrition rate of our acquired companies, which normally runs 20% in these companies, we had about four. So we kept the people, we got the next generation product out, and we went in with that attitude in terms of you're acquiring to be able to keep the people and make them a part of your family and culture. And I realize that that might sound corny today, but I disagree. I think to attract people, to get them to stay at your company, it is like a family, it is like how you succeed and occasionally lose together, and how you build that family attitude under every employee, spouse, or their children that was life-threatening, and we were there for them in the ways that others were not. So you're there when your employees have a crisis, or your customer does, and that's how you form trust in relationships. >> And here's the question, what does People First mean to you? >> Well people first is our customer first. It means your action and everything you do puts your customers and your people first, that's what we did at Cisco. Any customer you would talk to, almost every customer I've ever met in my life would do business with us again, or with me again, because your currency in today's world is trust, track record, and relationships, and we built that very deep. Same thing with the employees. I still get many, many notes from people we helped 10 or 15 years ago; here's the picture of my child that you all helped make a difference in, Cisco and John, and you were there for us when we needed you most. And then in customers. It surprises you, when you help them through a crisis, they remember that more than when you helped them be successful, and they're there for you. >> Talk about failure and successes. You talk about this in the book. This is part of entrepreneurship, you can't succeed without failures. Handling failures is just as important as handling successes, your thoughts on people should think about that from a mindset standpoint? >> Well, you know, what's fun is those of you who are parents, or who will be parents in the future, when your child scores a goal in soccer or makes a good grade on a test, you're proud for them, but that isn't what worries you. What worries you is when they have their inevitable setbacks, everybody has that in life. How do you learn to deal with them? How do you understand how much were self-inflicted and how much of it was done by other causes, and how they navigate through that determines who they are. Point back to the West Virginia roots, I'm dyslexic, which means that I read backwards. Some people in early grade school thought I might not even graduate from high school much less go to college. My parents were doctors, they got it, but how I handled that was key. And while I write in the book about our successes, I spend as much time on when disaster strikes, how you handle that determines who you are in the future. Jack Welch told me in the 90's, he said John, you have a very good company, and I said Jack, you're good at teaching me something there, we're about to become the most valuable company in the world, we've won all of the leadership awards and everything else, what does it take to have a great company? He said a near-death experience. At the time I didn't understand it. At the end of 2001 after the dot com bubble, he called me up, he said, you now have a great company, I said Jack, it doesn't feel like it. Our stock price is down dramatically, people are questioning can I even run the company now, many of the people who were so positive turned very tough and--. >> How did you handle that? How did you personally handle that, 'cos--. >> It's a part of leadership. It's easy to be a leader when everything goes well, it's how you handle when things are tough, and leadership is lonely, you're by yourself. No matter how many friends you have around you, it's about leadership, and so you'd lead it through it. So 2001, took a real hard look, we made the mistake of focusing, me, on the numbers, and my numbers in the first week of December were growing at 70% year over year. We'd never had anything negative to speak of, much less below even 30% growth, and by the middle of January, we were -30%. And so you have to be realistic, how much was self-inflicted, how much the market, I felt the majority of it was market-inflicted, I said at the time it's a hundred year flood. I said to the employees, here's how we're going to go forward, we need to bring our head count back in line to a new reality, and we did it in 51 days. And then you paint the picture from the very beginning of what you look like as you recover and in the future and why your employees want to stay here, your customers stay with you and your shareholders. It wiped out most of our competitors. Jack Welch said, John, this is probably your best leadership year ever, and I said Jack, you're the only one that's going to say that. He said probably, and he has been. >> And you've got the scar tissue to prove it. And I love this story. >> But you're a product of your scars. And do you learn how to deal with them? >> Yeah, and how you-- and be proud of them, it's what, who you are. >> I don't know if proud's the right word. >> Well, badge of honor. (both laugh) >> Red badge of honor, they're painful! >> Just don't do it again twice, right? >> We still make the same mistake twice, but at the same time when I teach all these start-ups, I expect you to make mistakes. If you don't make mistakes, you're not taking enough risk. And while people might've, might say John, one of your criticisms is that you spread yourself a little bit too thin in the company at times, and you were too aggressive. After thinking about it, I respectfully disagree. If I had to do it over, I'd be even bolder, and more aggressive, and take more risks, and I would dream bigger dreams. With these start-ups, that's what I'm teaching them, that's what I'm doing myself. >> And you know, this is such a big point, because the risk is key. Managing risk is actually, you want to be as risky as possible, just don't cut an artery, you know, do the right things. But in your book, you mention this about how you identify transitions, but also you made the reference to your parents again. This is, I think, important to bring up, because we have an expression in our company: let's put the patient on the table and let's look at the problem. Solving the problems and not going out of business at that time, but your competitors did, you had to look at this holistically, and in the book, you mentioned that experience your parents taught you, being from West Virginia, that it changed how you do problem solving. Can you share what that, with that in conscience? >> Well, both parents were doctors, and the good news is, you got a lot of help, the bad news is, you didn't get a lot of self 'cos they'd fix you. But they always taught me to focus on the real, underlying issue, to your point. What is the real issue, not what the symptom is, the temperature, or something else. And then you want to determine how much of that was self-inflicted, and how much of it was market, and if your strategy's working before, continue, if your strategy was starting to get long in the tooth, how do you change it, and then you got to have the courage to reinvent yourself again and again. And so they taught me how to deal with that. I start off the book by talking about how I almost drowned at six years of age, and as I got pulled down through the rapids, I could still see my dad in my mind today running down the side of the river yelling hold on to the fishing pole. It was an ugly fishing pole. Might've cost $5. But he was concerned about the fishing pole, so therefore I obviously couldn't be drowning so I focused both hands on the fishing pole and as I poked my head above water, I could still see him running down. He got way down river, swam out, pulled me in, set me on the side, and taught me about how you deal when you find yourself with major setbacks. How do you not panic, how do you not try to swim against the tide or the current, how you be realistic of the situation that you're in, work your way to the side, and then you know what he did? He put me right back in the rapids and let me do it myself. And taught me how to deal with it. Dad taught me the business picture and how you deal with challenges, Mom, uh, who was internal medicine, psychiatry, taught me the emotional IQ side of the house, in terms of how you connect with people, and I believe, this whole chapter, I build relationships for life. And I really mean it. I think your currency is trust, relationships, and track record. >> And having that holistic picture to pull back and understand what to focus on, and this is a challenge for entrepreneurs. You're now dealing with a lot of entrepreneurs and coaching them; a lot of times they get caught in the forest and miss the trees, right? Or have board meetings or have, worry about the wrong metrics, or hey, I got to get financing. How should an entrepreneur, or even a business leader, let's talk about entrepreneur first and then business leader, handle their advisors, their investors, how do they manage that, how do they tap into that? A lot of people say, ah, they don't add much value, I just need money. This is important, because this could save them, this could be the pole for them. >> It could, or it could also be the pole that causes the tent to collapse (both laugh). So I think the first thing when you advise young entrepreneurs, is realize you're an advisor, not a part of management. And I only take young entrepreneurs who want to be coached. And as I advise them, I say all I'm asking is that you listen to my thoughts and then you make the decision, and I'll support you either way you go, once you've listened to the trade-offs. And I think you want to very quickly realize where they are in vision and strategy, and where they are on building the right team and evolving the team and changing the team, where they are in culture, and where they are on their communication skills because communication skills were important to me, they might not have been to Jack Welch, the generation in front of me, but they were extremely important to ours. And today, your communication mismatch on social media could cost your company a billion dollars. If you're not good at listening, if you're not good at communicating with people and painting the picture, you've got a problem. So how do you teach that to the young players? Then most importantly, regardless of whether you're in a big company or a small company, public or private sector, you know what you know and know what you don't. Many people who, especially if they're really good in one area, assume that carries over to others, and assume they'll be equally as good in the others, that's huge mistake; it's like an engineer hiring a good sales lead, very rarely does it happen. They recruit business development people who appeals to an engineer, not the customer. (both laugh) So, know what you know, know what you don't. For those things you don't know, surround yourself with those people in your leadership team and with your advisors to help you navigate through that. And I had, during my career, through three companies, I always had a number of advisors, formal and informal, that I went to and still go to today. Some of them were very notable players, like our President Clinton or President Bush, Shimon Peres, Henry Kissinger, or names that were just really technical leads within companies, or people that really understood PR like Thomas Freedman out of the New York Times, or things of that. >> You always love being in the trenches. I noticed that in Cisco as an observer. But now that you're in start-ups, it's even more trenches deeper (laughs) and you've got to be seeing the playing field, so I got to ask ya a personal question. How do you look back at the tech trends that's happening right now, globally, both political, regulatory technology, what advice would you give your 23-year-old self if you were breaking into the business, you were at Wang and you were going to make your move; in this world today, what's going on, what would you be doing? >> Well the first thing on the tech trend is, don't get too short-term focused. Picture the ones that are longer term, what we refer to as digitization, artificial intelligence, et cetera. If I were 23 years old, or better yet, 19 years old, and were two years through college and thinking what did I want to do in college and then on to MBA school and perhaps beyond that, legal degree if I'd followed the prior path. I would focus on entrepreneurship and really understand it in a lot more detail. I learned it over 40 years in the business. And I learned it from my dad and my mom, but also from the companies I went into before. I would focus on entrepreneurship, I'd focus on technology that enables entrepreneurship, I would probably focus on what artificial intelligence can do for that and that's what we're doing at West Virginia, to your point earlier. And then I would think about security across that. If you want really uh, job security and creativity for the future, if you're a really good entrepreneur, with artificial intelligence capability, and security capability, you're going to be a very desired resource. >> So, we saw you, obviously networking is a big part of it. You got to be networking with other people and in the industry, would you be hosting meet ups? Young John Chambers right now, tech meet ups, would you be at conferences, would you be writing code, would you be doing a start-up? >> Well, if we were talking about me advising them? >> No, you're 23-years-old right now. >> No, I'd just be fooling around. No, I'd be in MBA school and I'd be forming my own company. (both laugh) And I would be listening to customers. I think it's important to meet with your peers, but while I developed strong relationships in the high-tech industry, I spent the majority of time with my customers and with our employees. And so, I think at that age, my advice to people is there was only one Steve Jobs. He just somehow knew what to build and how to build it. And when you think about where they were, it still took him seven years (laughs). I would say, really get close to your customers, don't get too far away; if there's one golden rule that a start-up ought to think about, it's learning and staying close to your customers. There too, understand your differentiation and your strategy. Well John, thanks so much. And the book, Connecting the Dots, great read, it's again, not a business book in the sense of boring, a lot of personal stories, a lot of great lessons and thanks so much for giving the time for our conversation. >> John, it was my pleasure. Great to see you again. >> I'm John Furrier here with the People First interview on theCUBE, co-created content with Mayfield. Thanks for watching! (upbeat electronic music)

>> Announcer: Live, from Las Vegas, it's theCUBE, covering Fortinet Accelerate18. Brought to you buy Fortinet. (upbeat digital music) >> Welcome back to theCUBE's continuing coverage of Fortinet Accelerate 2018. I'm Lisa Martin, with my co-host Peter Burris, and we are now joined by the CISO of Ingram Micro Kevin Kealy. Welcome to theCUBE. >> Thank you both very much. It's nice to be here. >> I love your title, the Prince of Security Weirdness, your other title. >> Yeah, right. >> Tell us about where you got that and why you like it. >> I was at a customer engagement years ago, when I was working for AT&T, in of all places, Moline, Illinois, and I was working with a lady whose business card actually said Protocol Princess. And the customers, based on what we were actually there to do, the customer decided that if she was the Protocol Princess, then I had to be the Prince of Security Weirdness, because the problem ended up being a combination of something very odd that was happening with their security appliances plus the network itself. And so, of course she spread that when we got back to the office and it just kind of stuck from thereon. I kind of like it. If a company found something weird that was going on with security, they'd just go, "Send him, he'll sort it out." And I did. >> So you've seen probably a really interesting evolution of security. >> Kevin: Oh yeah. >> You've been the CISO for almost a couple years. >> Kevin: Yep, almost two years, yeah. Longest tenured one in a while, I think. >> And you have an interesting kind of strategic perspective. Tell us a little bit about that and what makes that unique. >> Sure, so from a CISO perspective it used to be the CISO was the C-E NO. You know, the place where business goes to die. My feeling is, if I'm not adding lift to the business, then I'm adding drag. And if you're adding drag then you're not being a responsible custodian of the company's money or it's direction. So my feeling is, and my strategic objective is, always partner with business to help them achieve what they need to achieve, but to do it safely and in a way that doesn't add risk to the company. So, I like to say you look through your lens at something, it looks ridiculous. Somebody's doing something truly stupid. But if you pivot your perspective and you look at what they're doing it for, they have a perfectly reasonable and rational expectation of their results and what they're trying to achieve. What you need to do is to adjust your thinking to understand what you currently don't understand in order to pivot them to get to a safe perspective, and therefore business. >> So one of the key differences between business and digital business, is the role that data plays. But we could also take a security perspective. Business was about securing and limiting access. Digital business is about sharing and making possible access. >> Kevin: Right. >> So is that kind of what you mean when you say that you're not the C-NO? You're not the C-YES necessarily, but you're really focused on how to appropriately share? >> Completely agree. My approach is always, let's consult with each other, tell me what you're trying to achieve and let's not look at what's caused me to be in your business today, let's look at what you're trying to achieve. What's your end goal? Right, now let's work together to achieve that in a way that adds limited... 'cuz you can't ever have a solution that exposes stuff without adding any risk,. But there's always an acceptable risk appetite that you have to maintain in order to do business, right? With risk comes opportunity and reward, right? So you can never eliminate all risk. So my approach is, understand what they're trying to do. Look at how much risk there is in any different way of doing it, and then choose the way that offers you the most risk reduction for the least capital expenditure and operational expenditure. And gets them to market the quickest. At that point now, I know I've done my responsible part of keeping risk under control. I maintain a risk register, tells me as a whole the company has accepted this much risk. If we do this extra thing, this might put you over what you, the board of directors and management have accepted before. Let's see what we can do to reign that back in here. I have a solution here that's nearly what you want, will that do? You know, another mantra I cite is, don't let perfect be the enemy of good enough. Too many of my peers in the CISO realm keep chasing perfection. You know they see NIST 800 as an achievable goal. They see, you know, total PCI compliance as an achievable goal. My feeling is, as soon as you get to the point where you are PCI compliant, and you still have things to do, then you need to start concentrating on other more risky things that are going on in your business. You can never achieve NIST 800 unless you have a government's funding. I don't know too many CISOs who have a government's funding, right? So my feeling is never let good enough fail to be good enough. Achieve good enough then go and solve other riskier things, and then come back, maybe in a year, couple of years, when it's time to refresh that solution, and see if now that's not good enough anymore. Maybe you need to do something different. But in all cases I'm partnering with business to make sure that whatever I'm doing is adding lift for them, not drag. >> So, Ingram Micro, we just had Eric Kohl on a little bit ago. So Ingram's been a partner with Fortinet for 10 years or so, but you, on your side and your CISO role, are a customer of Fortinet. >> Kevin: Absolutely. >> So in the last couple of years when you came on board, some of the things I'm hearing that you're talking about, sounds like potentially a cultural shift. Talk to us about maybe some of the weirdness that you found in from a security perspective, and how Fortinet is helping you guys on the Ingram, achieve security transformations so that you can evolve. >> Sure, so, Fortinet's been a great partner for me. They have a truly wonderful suite of products. I mean, everything from the edge protection for the dissolving perimeter, all the way out to small and SOHO type firewalls. And then we have wireless access points that are strong and well fortified with the ability to separate between multiple networks, all the way down to FortiDB, which I use to protect our databases. So we do our database monitoring for our critical databases. As a suite of things that I can manage with one console, it helps me minimize the number of operational staff and the operational training they have to do. And then, from my perspective as a customer, Fortinet's always there for me. I know that I can just call them, and within five minutes somebody's calling me back and we can get the right resources right on the phone. That kind of partnership, you can't put a price on that. You know, everybody's at some point in their lives, bought a product that's failed, and then you can't get any customer support on it, and eventually you have to toss it out. Fortinet's always there for me. They're always checking to make sure that we're doing the right thing. And to give you an example of how Fortinet is part of our company fabric, and I use the word in both it's terms, we chose Fortinet gear to protect our CEO's house. Alright? Our CEO, of course, has a lot of, you know, he's a high net worth individual. He has a lot of high value assets that he takes home to work from home. You know he's clearly a target. So for protecting his home and infrastructure there, we deployed Fortinet gear. >> That's a very interesting use case. >> Yeah, and all my staff, including myself, we have Fortinet gear at home as well. So this is the stuff we trust to protect ourselves, when we're in our most vulnerable environment. A lot of people don't think about that. You take these well secured devices and you take them outside the company perimeter. Now they're on their own. You know, if you can take them to a safe environment though, it makes them a lot safer. From an engagement perspective, as the buyer of things for a company like Ingram, one of the first partnerships I made when I first joined the company was with Eric. Because I want to make sure that I'm supporting our sales side as well. So if anybody comes to me and says, "Hey, I have the perfect solution for you." The very first question I ask them is, "Are you a re-seller with us?" And if the answer is no, it's like, call this guy. This Eric Kohl chap, he'll be able to have a very interesting conversation with you. So, Fortinet being such a long-term partner with Ingram, it's an easy purchasing decision for me. Number one on the technology side. Number on on the partner side. You know what that old story is, nobody got fired for buying IBM? At Ingram, nobody got fired for buying Fortinet gear. And it helps that it's the best on the books, for me anyway, for the stuff that I use it for. I'm very excited about the new Fabric. >> Tell us about that, from a visibility perspective internally, complexity, mitigation standpoint, TCO. How is that going to help you at Ingram? >> So, you said the word, visibility. One of the first things I did when I got to Ingram, was I realized I couldn't see all the way to the edges and to the bottom of my network. So I started to increase the visibility with a combination of the Fortinet product suite, I think I'll be able to get the edge-to-edge, top-to-bottom visibility. And I'm really excited about the web-based CASD solution. 'Cuz what I really don't want to do, and one of the talks this morning, the keynote was talking about it, is the vendor, just the vendor pile of different things that have to be managed. All the different people we have to get training from. All of the currency that you have to maintain. If I can manage it all through one console, And I only have to train my staff in one suite of products, that makes the overall work that they do that much simpler to execute. And I love the concept of being able to make those contextual rules. You know, if this device is in this class then don't let it go over to this data that's in this class. That's so simple to describe. And I love the fact that you can then orchestrate that deployment. So when as we go to a virtualized environment, and we roll into cloud and so on, being able to push a policy like that and being able to push that context is going to be so exciting for me. >> One of the challenges of integration is that you get dependencies. >> Yes. >> So as a CISO, and you start looking at a fabric, and as you said, it's a very rich fabric, it does a lot of work. How do you ensure that you don't find, 'cuz if there's a vulnerability inside the fabric, then the whole fabric gets affected. So what is that trade-off between integration and dependency for you? >> So, that's a great question. Back in 1998,'99, I was at AT&T during what was, it became known as the Great Frame Relay Outage, that AT&T had. Many people will remember that. >> Not to laugh at you. >> Do you remember it, though? >> I do remember it. >> Right? >> Kevin: And the cause of that was, the company was entirely CISCO on the back burner. I was one of the engineers that was there trying to fix it all. CISCO had a self-deploying patch protocol where you drop a patch onto a device and it would automatically push the patch to all its neighboring devices and so on. Well you dropped the patch on this device, it would push the patch towards its neighbors, then it would crash and reboot. But it had already had time to push the patch to all its neighbors. So one by one, every single router and switch in the entire network, received a patch and then crashed and rebooted. And that became a three-week problem known as The Great Frame Relay Outage of 1998. So at that point, our then CISO, Edward Amoroso, he decided that we wanted vendor diversity in our network. And at AT&T at the time, then, we went to CISCO on the edge, Juniper in the core. And the reason was, we wanted the network to be able to stay up and routing, even if we has a problem on the edge. And of course, automatic patch push protocol was disabled. (laughing) From my perspective, I think, there's a fine line to be managed here. Southwest Airlines has made a very concrete and a very risky, but certainly it's worked out for them right now, decision. All their aircraft are Boeing 737s. So they only have to train their maintenance staff to maintain one airplane. All their pilots can fly all their airplanes. >> Lisa: My brother's a pilot for them, yes. >> Right? >> Yeah. >> Kevin: All of them are 737s, but if the FAA grounds 737s, all of Southwest is out of business, for the duration of the flying ban, right? So Southwest has decided they don't need vendor diversity across their fleet. I know they bought Allegiant, and that's got a number of Boeing aircraft, however, from the perspective of their original business plan, all 737s because they now have a very, very well defined TCO. From my perspective I think, there's a line to be drawn here, but Fortinet has me covered. They have their APIs. They work with the other vendors. So if I have a SIM or a log manager or something like Splunk deployed, they already have that partnership in place. It means they can manage the data within the device as though it's my own data, as though it's within the Fortinet Fabric. And that then keeps me happy. Because I then get the benefits of the additional features perhaps that I would get from a Splunk rather than a Fortinet tool, but I also get the vendor diversity that's there. See Splunk for me is not just a security tool, it's a VI tool and there are many other groups that are leveraging the capabilities that it has. So for me, if I went to something like the Fortinet SIM, that would be a very selfish solution. It would be just a security thing. That's not really partnering with business. My investment in Splunk, I've got six other groups within the company leveraging it, and I just invited the seventh one in today. Now those people are all using Splunk for their own things. I'm footing the bill for them so they get all this VI for free. That's been a real big win for me, because I'm now known as the guy that's providing stuff that the company can actually use. That's a very powerful position to be in as the CISO because when I come asking for something that normally they would've said no to, all I have to do is remind them, "Hey, you know you're using my Splunk solution? "Well now, would you mind helping me out? "I need you to do this thing "with your laptops in your organization." And they're much more receptive because they know of me as a partner. >> So would you say, one of the things we were talking about a number of times today, Peter, with guests, is getting, how, does a CISO get this, well maybe it's enable the balance, at the speed at which a business needs to transform digitally to be profitable and grow and compete and manage that with risk? Where do you think that your are on getting that balance? Sounds like there's a lot of collaboration within what you've been able to achieve. >> So, there's a couple of rules that I go with. The first is I go meet the business leaders and introduce myself. And I say, I know you may have heard this before, but this time I mean it, I'm here to help. Tell me what your pain points are. How can I help you, right? And that's a very powerful question. I always try to end every meeting with "How can I help you?" Alright. If you end the meeting with that question, that last memory they have of you will be, you were offering to help last time I saw you. I'm willing to give you another audience. And then, it's by action. Like my Splunk investment. I invested in it, and now other people are using it. I'm showing by my actions that I'm actually not just all talk. And other people have noticed. They would come to one of my predecessors and say, "Hey, I want to do X." and they would be told straight out, "No." My answer is always, okay. How are you planning to do it? Something brought you here today. Let's talk about it. And then when they show me how they are planning to do it, it's like, you know what, I see opportunity here. You guys can do it in three fewer steps and at significantly less risk if you just let me help you in this area, and then we do it this way, and we use this tool that I've already bought and you don't have to pay for. Now all of a sudden they've got a yes. It's already through. It's through architecture review. They've got the solution in place, but I get the logs and I get to put my own encryption solution in or whatever else it is, and I get to absorb the risk for the company. And again, it's all by actions too. You know, if you make sure that you never say the word no. People say, "No, because." Try to change it to, "Yes, and." And by pivoting the conversation that way all of a sudden people aren't arguing with you. They're trying to sell you something. And when somebody's trying to sell you something and you're buying it now you've got the upper hand, right? So now I'm the buyer. Right, it's like, "Let's buy it, but let's do it like this." >> So I have another question for you. Something that's related to one of the conversations that we've had many times today. I'm going to paint a scenario for you. A CEO is sitting in front of a group of investors. And talking about strategic flexibility and the things that their assets allows her to do. My balance sheet will allow us to do this. My sales force will allow us to do this. When are we going to see the first CEO say, "My security, my digital security, "will allow us to do this, "things that our competitors can't do." >> That's an excellent question, I hope it's soon. I'd like to be right in the vanguard of that. Ingram Micro already uses us as an enabler. >> I'm sorry, what was that? >> Ingram Micro already uses me and my group as an enabler. This year we've been able to negotiate a reduction in our corporate insurance rates, for cyber risk, simply because I was able to show the value in what we've achieved over the last two years. And show how materially we've affected the company's risk envelope and our acceptance of risk. So by doing that, I've already added value to the bottom line because insurance costs money and it's a dead sunk cost, right? So I've already reduced the cost of that. So now all of a sudden I'm enabling the business. And I'm also meaning that we can actually uplift our coverage too, so now we're reducing risk even more. We can displace more risk to the outside of the business. This conversation with Eric, you know, I'm about to award an RFP. Before I award an RFP, I'll go and see Eric. Is there a strategic reason for me to award it to this vendor or this other vendor? Now of course we're negotiating on the sale side and the buy side together. That's a very powerful story. So certainly at Ingram, I think I'm already partnering with the business in such a way that we can make that a compelling message. In terms of the overall industry, I really hope that it'll be soon. I think the CISO and the CIO roles are merging together. I think as the CIO is rolling less hardware and is rolling more into virtual and policy and direction and technology choices, I think people are going to have to realize that security has to be built into that. Because if you try to bake it on later, or bolt it on, it's never as effective. It's always more expensive. You look at something like the Fortinet Fabric, you roll that as part of your orchestrated virtual environment, you've turned the whole attack chain on it's head, now. Now it's going to cost so much to try and compromise any part of that infrastructure, you're going to see it so quickly, you've turned it all around. Now it's way too expensive to try and attack companies with that kind of fabric. Now the boot is on the foot. Okay, so invent something I can't see. You know, we've got contextual threat intelligence here, that's able to spot patterns. We've got polyform on the outside here. Everything's working in concert, okay. >> So you're not worried about being put out of a job any time soon. >> I think sadly this job is around for a while. I used to joke that it was Bill Gates and his company that provided us with permanent job security. Now it's the cyber criminals. I tell you what though, today the simplest attacks are still the ones that work. It's phishing, phishing, phishing, phishing, phishing. People clicking on links. >> Human beings. >> Human beings are always easier to hack than computers. >> So you've given us, last question as we have a minute or so left, you've given us a great perspective of the impact that you've been able to make using Fortinet on the customer side. You talk to a lot of partners in Ingram's ecosystem. How do you impart your wisdom and your expertise on the partners from that enablement, such so that they can go and talk to customers and really share best practices from the CISO suite? >> So again, I partner with Eric's cybersecurity advisory committee, where he has a number of our key security partners who come along. And for two years running now, I've participated. I've spoken. I spent two days with those folks. I'll answer any question they have. I'll spend the evenings with them. We'll have a beer together. And I'll do a panel and I'll have discussions just like this with them. And share with them some of the things that I've done with the company that have worked, and some of the things that haven't worked out quite so well. No holds barred. I'm a big believer in herd immunity. You know, it's an old joke, you don't want to be the fastest antelope, but you sure as hell don't want to be the slowest one either. So from my perspective, the more of us that share that kind of intel, the easier things will be as we go forward. Because together as a herd we'll be more immune. So from my perspective, even if it's a competitor's CISO, I'll still sit down, have a coffee with them and chat with them. And it will be very much open kimono. Because I feel like we can never share enough of this intelligence with each other. We're not seeking to gain a competitive advantage individually. We're seeking to make the field and the companies, and if you like, the white hats, less vulnerable. And I think that's a compelling value message. >> I noticed your clothes. I guess you're an All Blacks fan? >> Well, you know, being South African I have to be a Springboks, but, uh, you know, it was such a sad day when Jonha Lumo died. That was such a sad day. I got to meet him once and he was a mountain of a man, but such a gentleman. Yep, that was good. But yes, rugby is definitely my sport, so thank you. >> Well, Kevin, thank you so much for stopping by theCUBE and sharing your insights, what you've been able to achieve on the consumer side, or consuming Fortinet's technology and what you're able to impart on your partners. We wish you great success in 2018 and look forward to having you back on the show. >> That sounds great, thank you very much. Thanks for having me, it's been a great pleasure, thanks. >> Excellent. And we want to thank you for watching theCUBE from Fortinet Accelerate 2018. I'm Lisa Martin with my cohost Peter Burris, after this short break we will be right back. (upbeat digital music)

>> Narrator: Live, from Munich, Germany, it's the CUBE. Covering IBM, Fast Track Your Data. Brought to you by IBM. >> Welcome to Munich everybody. This is a special presentation of the CUBE, Fast Track Your Data, brought to you by IBM. My name is Dave Vellante. And I'm here with my cohost, Jim Kobielus. Jim, good to see you. Really good to see you in Munich. >> Jim: I'm glad I made it. >> Thanks for being here. So last year Jim and I hosted a panel at New York City on the CUBE. And it was quite an experience. We had, I think it was nine or 10 data scientists and we felt like that was a lot of people to organize and talk about data science. Well today, we're going to do a repeat of that. With a little bit of twist on topics. And we've got five data scientists. We're here live, in Munich. And we're going to kick off the Fast Track Your Data event with this data science panel. So I'm going to now introduce some of the panelists, or all of the panelists. Then we'll get into the discussions. I'm going to start with Lillian Pierson. Lillian thanks very much for being on the panel. You are in data science. You focus on training executives, students, and you're really a coach but with a lot of data science expertise based in Thailand, so welcome. >> Thank you, thank you so much for having me. >> Dave: You're very welcome. And so, I want to start with sort of when you focus on training people, data science, where do you start? >> Well it depends on the course that I'm teaching. But I try and start at the beginning so for my Big Data course, I actually start back at the fundamental concepts and definitions they would even need to understand in order to understand the basics of what Big Data is, data engineering. So, terms like data governance. Going into the vocabulary that makes up the very introduction of the course, so that later on the students can really grasp the concepts I present to them. You know I'm teaching a deep learning course as well, so in that case I start at a lot more advanced concepts. So it just really depends on the level of the course. >> Great, and we're going to come back to this topic of women in tech. But you know, we looked at some CUBE data the other day. About 17% of the technology industry comprises women. And so we're a little bit over that on our data science panel, we're about 20% today. So we'll come back to that topic. But I don't know if there's anything you would add? >> I'm really passionate about women in tech and women who code, in particular. And I'm connected with a lot of female programmers through Instagram. And we're supporting each other. So I'd love to take any questions you have on what we're doing in that space. At least as far as what's happening across the Instagram platform. >> Great, we'll circle back to that. All right, let me introduce Chris Penn. Chris, Boston based, all right, SMI. Chris is a marketing expert. Really trying to help people understand how to get, turn data into value from a marketing perspective. It's a very important topic. Not only because we get people to buy stuff but also understanding some of the risks associated with things like GDPR, which is coming up. So Chris, tell us a little bit about your background and your practice. >> So I actually started in IT and worked at a start up. And that's where I made the transition to marketing. Because marketing has much better parties. But what's really interesting about the way data science is infiltrating marketing is the technology came in first. You know, everything went digital. And now we're at a point where there's so much data. And most marketers, they kind of got into marketing as sort of the arts and crafts field. And are realizing now, they need a very strong, mathematical, statistical background. So one of the things, Adam, the reason why we're here and IBM is helping out tremendously is, making a lot of the data more accessible to people who do not have a data science background and probably never will. >> Great, okay thank you. I'm going to introduce Ronald Van Loon. Ronald, your practice is really all about helping people extract value out of data, driving competitive advantage, business advantage, or organizational excellence. Tell us a little bit about yourself, your background, and your practice. >> Basically, I've three different backgrounds. On one hand, I'm a director at a data consultancy firm called Adversitement. Where we help companies to become data driven. Mainly large companies. I'm an advisory board member at Simply Learn, which is an e-learning platform, especially also for big data analytics. And on the other hand I'm a blogger and I host a series of webinars. >> Okay, great, now Dez, Dez Blanchfield, I met you on Twitter, you know, probably a couple of years ago. We first really started to collaborate last year. We've spend a fair amount of time together. You are a data scientist, but you're also a jack of all trades. You've got a technology background. You sit on a number of boards. You work very active with public policy. So tell us a little bit more about what you're doing these days, a little bit more about your background. >> Sure, I think my primary challenge these days is communication. Trying to join the dots between my technical background and deeply technical pedigree, to just plain English, every day language, and business speak. So bridging that technical world with what's happening in the boardroom. Toe to toe with the geeks to plain English to execs in boards. And just hand hold them and steward them through the journey of the challenges they're facing. Whether it's the enormous rapid of change and the pace of change, that's just almost exhaustive and causing them to sprint. But not just sprint in one race but in multiple lanes at the same time. As well as some of the really big things that are coming up, that we've seen like GDPR. So it's that communication challenge and just hand holding people through that journey and that mix of technical and commercial experience. >> Great, thank you, and finally Joe Caserta. Founder and president of Caserta Concepts. Joe you're a practitioner. You're in the front lines, helping organizations, similar to Ronald. Extracting value from data. Translate that into competitive advantage. Tell us a little bit about what you're doing these days in Caserta Concepts. >> Thanks Dave, thanks for having me. Yeah, so Caserta's been around. I've been doing this for 30 years now. And natural progressions have been just getting more from application development, to data warehousing, to big data analytics, to data science. Very, very organically, that's just because it's where businesses need the help the most, over the years. And right now, the big focus is governance. At least in my world. Trying to govern when you have a bunch of disparate data coming from a bunch of systems that you have no control over, right? Like social media, and third party data systems. Bringing it in and how to you organize it? How do you ingest it? How do you govern it? How do you keep it safe? And also help to define ownership of the data within an organization within an enterprise? That's also a very hot topic. Which ties back into GDPR. >> Great, okay, so we're going to be unpacking a lot of topics associated with the expertise that these individuals have. I'm going to bring in Jim Kobielus, to the conversation. Jim, the newest Wikibon analyst. And newest member of the SiliconANGLE Media Team. Jim, get us started off. >> Yeah, so we're at an event, at an IBM event where machine learning and data science are at the heart of it. There are really three core themes here. Machine learning and data science, on the one hand. Unified governance on the other. And hybrid data management. I want to circle back or focus on machine learning. Machine learning is the coin of the realm, right now in all things data. Machine learning is the heart of AI. Machine learning, everybody is going, hiring, data scientists to do machine learning. I want to get a sense from our panel, who are experts in this area, what are the chief innovations and trends right now on machine learning. Not deep learning, the core of machine learning. What's super hot? What's in terms of new techniques, new technologies, new ways of organizing teams to build and to train machine learning models? I'd like to open it up. Let's just start with Lillian. What are your thoughts about trends in machine learning? What's really hot? >> It's funny that you excluded deep learning from the response for this, because I think the hottest space in machine learning is deep learning. And deep learning is machine learning. I see a lot of collaborative platforms coming out, where people, data scientists are able to work together with other sorts of data professionals to reduce redundancies in workflows. And create more efficient data science systems. >> Is there much uptake of these crowd sourcing environments for training machine learning wells. Like CrowdFlower, or Amazon Mechanical Turk, or Mighty AI? Is that a huge trend in terms of the workflow of data science or machine learning, a lot of that? >> I don't see that crowdsourcing is like, okay maybe I've been out of the crowdsourcing space for a while. But I was working with Standby Task Force back in 2013. And we were doing a lot of crowdsourcing. And I haven't seen the industry has been increasing, but I could be wrong. I mean, because there's no, if you're building automation models, most of the, a lot of the work that's being crowdsourced could actually be automated if someone took the time to just build the scripts and build the models. And so I don't imagine that, that's going to be a trend that's increasing. >> Well, automation machine learning pipeline is fairly hot, in terms of I'm seeing more and more research. Google's doing a fair amount of automated machine learning. The panel, what do you think about automation, in terms of the core modeling tasks involved in machine learning. Is that coming along? Are data scientists in danger of automating themselves out of a job? >> I don't think there's a risk of data scientist's being put out of a job. Let's just put that on the thing. I do think we need to get a bit clearer about this meme of the mythical unicorn. But to your call point about machine learning, I think what you'll see, we saw the cloud become baked into products, just as a given. I think machine learning is already crossed this threshold. We just haven't necessarily noticed or caught up. And if we look at, we're at an IBM event, so let's just do a call out for them. The data science experience platform, for example. Machine learning's built into a whole range of things around algorithm and data classification. And there's an assisted, guided model for how you get to certain steps, where you don't actually have to understand how machine learning works. You don't have to understand how the algorithms work. It shows you the different options you've got and you can choose them. So you might choose regression. And it'll give you different options on how to do that. So I think we've already crossed this threshold of baking in machine learning and baking in the data science tools. And we've seen that with Cloud and other technologies where, you know, the Office 365 is not, you can't get a non Cloud Office 365 account, right? I think that's already happened in machine learning. What we're seeing though, is organizations even as large as the Googles still in catch up mode, in my view, on some of the shift that's taken place. So we've seen them write little games and apps where people do doodles and then it runs through the ML library and says, "Well that's a cow, or a unicorn, or a duck." And you get awards, and gold coins, and whatnot. But you know, as far as 12 years ago I was working on a project, where we had full size airplanes acting as drones. And we mapped with two and 3-D imagery. With 2-D high res imagery and LiDAR for 3-D point Clouds. We were finding poles and wires for utility companies, using ML before it even became a trend. And baking it right into the tools. And used to store on our web page and clicked and pointed on. >> To counter Lillian's point, it's not crowdsourcing but crowd sharing that's really powering a lot of the rapid leaps forward. If you look at, you know, DSX from IBM. Or you look at Node-RED, huge number of free workflows that someone has probably already done the thing that you are trying to do. Go out and find in the libraries, through Jupyter and R Notebooks, there's an ability-- >> Chris can you define before you go-- >> Chris: Sure. >> This is great, crowdsourcing versus crowd sharing. What's the distinction? >> Well, so crowdsourcing, kind of, where in the context of the question you ask is like I'm looking for stuff that other people, getting people to do stuff that, for me. It's like asking people to mine classifieds. Whereas crowd sharing, someone has done the thing already, it already exists. You're not purpose built, saying, "Jim, help me build this thing." It's like, "Oh Jim, you already "built this thing, cool. "So can I fork it and make my own from it?" >> Okay, I see what you mean, keep going. >> And then, again, going back to earlier. In terms of the advancements. Really deep learning, it probably is a good idea to just sort of define these things. Machine learning is how machines do things without being explicitly programmed to do them. Deep learning's like if you can imagine a stack of pancakes, right? Each pancake is a type of machine learning algorithm. And your data is the syrup. You pour the data on it. It goes from layer, to layer, to layer, to layer, and what you end up with at the end is breakfast. That's the easiest analogy for what deep learning is. Now imagine a stack of pancakes, 500 or 1,000 high, that's where deep learning's going now. >> Sure, multi layered machine learning models, essentially, that have the ability to do higher levels of abstraction. Like image analysis, Lillian? >> I had a comment to add about automation and data science. Because there are a lot of tools that are able to, or applications that are able to use data science algorithms and output results. But the reason that data scientists aren't in risk of losing their jobs, is because just because you can get the result, you also have to be able to interpret it. Which means you have to understand it. And that involves deep math and statistical understanding. Plus domain expertise. So, okay, great, you took out the coding element but that doesn't mean you can codify a person's ability to understand and apply that insight. >> Dave: Joe, you have something to add? >> I could just add that I see the trend. Really, the reason we're talking about it today is machine learning is not necessarily, it's not new, like Dez was saying. But what's different is the accessibility of it now. It's just so easily accessible. All of the tools that are coming out, for data, have machine learning built into it. So the machine learning algorithms, which used to be a black art, you know, years ago, now is just very easily accessible. That you can get, it's part of everyone's toolbox. And the other reason that we're talking about it more, is that data science is starting to become a core curriculum in higher education. Which is something that's new, right? That didn't exist 10 years ago? But over the past five years, I'd say, you know, it's becoming more and more easily accessible for education. So now, people understand it. And now we have it accessible in our tool sets. So now we can apply it. And I think that's, those two things coming together is really making it becoming part of the standard of doing analytics. And I guess the last part is, once we can train the machines to start doing the analytics, right? And get smarter as it ingests more data. And then we can actually take that and embed it in our applications. That's the part that you still need data scientists to create that. But once we can have standalone appliances that are intelligent, that's when we're going to start seeing, really, machine learning and artificial intelligence really start to take off even more. >> Dave: So I'd like to switch gears a little bit and bring Ronald on. >> Okay, yes. >> Here you go, there. >> Ronald, the bromide in this sort of big data world we live in is, the data is the new oil. You got to be a data driven company and many other cliches. But when you talk to organizations and you start to peel the onion. You find that most companies really don't have a good way to connect data with business impact and business value. What are you seeing with your clients and just generally in the community, with how companies are doing that? How should they do that? I mean, is that something that is a viable approach? You don't see accountants, for example, quantifying the value of data on a balance sheet. There's no standards for doing that. And so it's sort of this fuzzy concept. How are and how should organizations take advantage of data and turn it into value. >> So, I think in general, if you look how companies look at data. They have departments and within the departments they have tools specific for this department. And what you see is that there's no central, let's say, data collection. There's no central management of governance. There's no central management of quality. There's no central management of security. Each department is manages their data on their own. So if you didn't ask, on one hand, "Okay, how should they do it?" It's basically go back to the drawing table and say, "Okay, how should we do it?" We should collect centrally, the data. And we should take care for central governance. We should take care for central data quality. We should take care for centrally managing this data. And look from a company perspective and not from a department perspective what the value of data is. So, look at the perspective from your whole company. And this means that it has to be brought on one end to, whether it's from C level, where most of them still fail to understand what it really means. And what the impact can be for that company. >> It's a hard problem. Because data by its' very nature is now so decentralized. But Chris you have a-- >> The thing I want to add to that is, think about in terms of valuing data. Look at what it would cost you for data breach. Like what is the expensive of having your data compromised. If you don't have governance. If you don't have policy in place. Look at the major breaches of the last couple years. And how many billions of dollars those companies lost in market value, and trust, and all that stuff. That's one way you can value data very easily. "What will it cost us if we mess this up?" >> So a lot of CEOs will hear that and say, "Okay, I get it. "I have to spend to protect myself, "but I'd like to make a little money off of this data thing. "How do I do that?" >> Well, I like to think of it, you know, I think data's definitely an asset within an organization. And is becoming more and more of an asset as the years go by. But data is still a raw material. And that's the way I think about it. In order to actually get the value, just like if you're creating any product, you start with raw materials and then you refine it. And then it becomes a product. For data, data is a raw material. You need to refine it. And then the insight is the product. And that's really where the value is. And the insight is absolutely, you can monetize your insight. >> So data is, abundant insights are scarce. >> Well, you know, actually you could say that intermediate between insights and the data are the models themselves. The statistical, predictive, machine learning models. That are a crystallization of insights that have been gained by people called data scientists. What are your thoughts on that? Are statistical, predictive, machine learning models something, an asset, that companies, organizations, should manage governance of on a centralized basis or not? >> Well the models are essentially the refinery system, right? So as you're refining your data, you need to have process around how you exactly do that. Just like refining anything else. It needs to be controlled and it needs to be governed. And I think that data is no different from that. And I think that it's very undisciplined right now, in the market or in the industry. And I think maturing that discipline around data science, I think is something that's going to be a very high focus in this year and next. >> You were mentioning, "How do you make money from data?" Because there's all this risk associated with security breaches. But at the risk of sounding simplistic, you can generate revenue from system optimization, or from developing products and services. Using data to develop products and services that better meet the demands and requirements of your markets. So that you can sell more. So either you are using data to earn more money. Or you're using data to optimize your system so you have less cost. And that's a simple answer for how you're going to be making money from the data. But yes, there is always the counter to that, which is the security risks. >> Well, and my question really relates to, you know, when you think of talking to C level executives, they kind of think about running the business, growing the business, and transforming the business. And a lot of times they can't fund these transformations. And so I would agree, there's many, many opportunities to monetize data, cut costs, increase revenue. But organizations seem to struggle to either make a business case. And actually implement that transformation. >> Dave, I'd love to have a crack at that. I think this conversation epitomizes the type of things that are happening in board rooms and C suites already. So we've really quickly dived into the detail of data. And the detail of machine learning. And the detail of data science, without actually stopping and taking a breath and saying, "Well, we've "got lots of it, but what have we got? "Where is it? "What's the value of it? "Is there any value in it at all?" And, "How much time and money should we invest in it?" For example, we talk of being about a resource. I look at data as a utility. When I turn the tap on to get a drink of water, it's there as a utility. I counted it being there but I don't always sample the quality of the water and I probably should. It could have Giardia in it, right? But what's interesting is I trust the water at home, in Sydney. Because we have a fairly good experience with good quality water. If I were to go to some other nation. I probably wouldn't trust that water. And I think, when you think about it, what's happening in organizations. It's almost the same as what we're seeing here today. We're having a lot of fun, diving into the detail. But what we've forgotten to do is ask the question, "Well why is data even important? "What's the reasoning to the business? "Why are we in business? "What are we doing as an organization? "And where does data fit into that?" As opposed to becoming so fixated on data because it's a media hyped topic. I think once you can wind that back a bit and say, "Well, we have lot's of data, "but is it good data? "Is it quality data? "Where's it coming from? "Is it ours? "Are we allowed to have it? "What treatment are we allowed to give that data?" As you said, "Are we controlling it? "And where are we controlling it? "Who owns it?" There's so many questions to be asked. But the first question I like to ask people in plain English is, "Well is there any value "in data in the first place? "What decisions are you making that data can help drive? "What things are in your organizations, "KPIs and milestones you're trying to meet "that data might be a support?" So then instead of becoming fixated with data as a thing in itself, it becomes part of your DNA. Does that make sense? >> Think about what money means. The Economists' Rhyme, "Money is a measure for, "a systems for, a medium, a measure, and exchange." So it's a medium of exchange. A measure of value, a way to exchange something. And a way to store value. Data, good clean data, well governed, fits all four of those. So if you're trying to figure out, "How do we make money out of stuff." Figure out how money works. And then figure out how you map data to it. >> So if we approach and we start with a company, we always start with business case, which is quite clear. And defined use case, basically, start with a team on one hand, marketing people, sales people, operational people, and also the whole data science team. So start with this case. It's like, defining, basically a movie. If you want to create the movie, You know where you're going to. You know what you want to achieve to create the customer experience. And this is basically the same with a business case. Where you define, "This is the case. "And this is how we're going to derive value, "start with it and deliver value within a month." And after the month, you check, "Okay, where are we and how can we move forward? "And what's the value that we've brought?" >> Now I as well, start with business case. I've done thousands of business cases in my life, with organizations. And unless that organization was kind of a data broker, the business case rarely has a discreet component around data. Is that changing, in your experience? >> Yes, so we guide companies into be data driven. So initially, indeed, they don't like to use the data. They don't like to use the analysis. So that's why, how we help. And is it changing? Yes, they understand that they need to change. But changing people is not always easy. So, you see, it's hard if you're not involved and you're not guiding it, they fall back in doing the daily tasks. So it's changing, but it's a hard change. >> Well and that's where this common parlance comes in. And Lillian, you, sort of, this is what you do for a living, is helping people understand these things, as you've been sort of evangelizing that common parlance. But do you have anything to add? >> I wanted to add that for organizational implementations, another key component to success is to start small. Start in one small line of business. And then when you've mastered that area and made it successful, then try and deploy it in more areas of the business. And as far as initializing big data implementation, that's generally how to do it successfully. >> There's the whole issue of putting a value on data as a discreet asset. Then there's the issue, how do you put a value on a data lake? Because a data lake, is essentially an asset you build on spec. It's an exploratory archive, essentially, of all kinds of data that might yield some insights, but you have to have a team of data scientists doing exploration and modeling. But it's all on spec. How do you put a value on a data lake? And at what point does the data lake itself become a burden? Because you got to store that data and manage it. At what point do you drain that lake? At what point, do the costs of maintaining that lake outweigh the opportunity costs of not holding onto it? >> So each Hadoop note is approximately $20,000 per year cost for storage. So I think that there needs to be a test and a diagnostic, before even inputting, ingesting the data and storing it. "Is this actually going to be useful? "What value do we plan to create from this?" Because really, you can't store all the data. And it's a lot cheaper to store data in Hadoop then it was in traditional systems but it's definitely not free. So people need to be applying this test before even ingesting the data. Why do we need this? What business value? >> I think the question we need to also ask around this is, "Why are we building data lakes "in the first place? "So what's the function it's going to perform for you?" There's been a huge drive to this idea. "We need a data lake. "We need to put it all somewhere." But invariably they become data swamps. And we only half jokingly say that because I've seen 90 day projects turn from a great idea, to a really bad nightmare. And as Lillian said, it is cheaper in some ways to put it into a HDFS platform, in a technical sense. But when we look at all the fully burdened components, it's actually more expensive to find Hadoop specialists and Spark specialists to maintain that cluster. And invariably I'm finding that big data, quote unquote, is not actually so much lots of data, it's complex data. And as Lillian said, "You don't always "need to store it all." So I think if we go back to the question of, "What's the function of a data lake in the first place? "Why are we building one?" And then start to build some fully burdened cost components around that. We'll quickly find that we don't actually need a data lake, per se. We just need an interim data store. So we might take last years' data and tokenize it, and analyze it, and do some analytics on it, and just keep the meta data. So I think there is this rush, for a whole range of reasons, particularly vendor driven. To build data lakes because we think they're a necessity, when in reality they may just be an interim requirement and we don't need to keep them for a long term. >> I'm going to attempt to, the last few questions, put them all together. And I think, they all belong together because one of the reasons why there's such hesitation about progress within the data world is because there's just so much accumulated tech debt already. Where there's a new idea. We go out and we build it. And six months, three years, it really depends on how big the idea is, millions of dollars is spent. And then by the time things are built the idea is pretty much obsolete, no one really cares anymore. And I think what's exciting now is that the speed to value is just so much faster than it's ever been before. And I think that, you know, what makes that possible is this concept of, I don't think of a data lake as a thing. I think of a data lake as an ecosystem. And that ecosystem has evolved so much more, probably in the last three years than it has in the past 30 years. And it's exciting times, because now once we have this ecosystem in place, if we have a new idea, we can actually do it in minutes not years. And that's really the exciting part. And I think, you know, data lake versus a data swamp, comes back to just traditional data architecture. And if you architect your data lake right, you're going to have something that's substantial, that's you're going to be able to harness and grow. If you don't do it right. If you just throw data. If you buy Hadoop cluster or a Cloud platform and just throw your data out there and say, "We have a lake now." yeah, you're going to create a mess. And I think taking the time to really understand, you know, the new paradigm of data architecture and modern data engineering, and actually doing it in a very disciplined way. If you think about it, what we're doing is we're building laboratories. And if you have a shabby, poorly built laboratory, the best scientist in the world isn't going to be able to prove his theories. So if you have a well built laboratory and a clean room, then, you know a scientist can get what he needs done very, very, very efficiently. And that's the goal, I think, of data management today. >> I'd like to just quickly add that I totally agree with the challenge between on premise and Cloud mode. And I think one of the strong themes of today is going to be the hybrid data management challenge. And I think organizations, some organizations, have rushed to adopt Cloud. And thinking it's a really good place to dump the data and someone else has to manage the problem. And then they've ended up with a very expensive death by 1,000 cuts in some senses. And then others have been very reluctant as a result of not gotten access to rapid moving and disruptive technology. So I think there's a really big challenge to get a basic conversation going around what's the value using Cloud technology as in adopting it, versus what are the risks? And when's the right time to move? For example, should we Cloud Burst for workloads? Do we move whole data sets in there? You know, moving half a petabyte of data into a Cloud platform back is a non-trivial exercise. But moving a terabyte isn't actually that big a deal anymore. So, you know, should we keep stuff behind the firewalls? I'd be interested in seeing this week where 80% of the data, supposedly is. And just push out for Cloud tools, machine learning, data science tools, whatever they might be, cognitive analytics, et cetera. And keep the bulk of the data on premise. Or should we just move whole spools into the Cloud? There is no one size fits all. There's no silver bullet. Every organization has it's own quirks and own nuances they need to think through and make a decision themselves. >> Very often, Dez, organizations have zonal architectures so you'll have a data lake that consists of a no sequel platform that might be used for say, mobile applications. A Hadoop platform that might be used for unstructured data refinement, so forth. A streaming platform, so forth and so on. And then you'll have machine learning models that are built and optimized for those different platforms. So, you know, think of it in terms of then, your data lake, is a set of zones that-- >> It gets even more complex just playing on that theme, when you think about what Cisco started, called Folk Computing. I don't really like that term. But edge analytics, or computing at the edge. We've seen with the internet coming along where we couldn't deliver everything with a central data center. So we started creating this concept of content delivery networks, right? I think the same thing, I know the same thing has happened in data analysis and data processing. Where we've been pulling social media out of the Cloud, per se, and bringing it back to a central source. And doing analytics on it. But when you think of something like, say for example, when the Dreamliner 787 from Boeing came out, this airplane created 1/2 a terabyte of data per flight. Now let's just do some quick, back of the envelope math. There's 87,400 fights a day, just in the domestic airspace in the USA alone, per day. Now 87,400 by 1/2 a terabyte, that's 43 point five petabytes a day. You physically can't copy that from quote unquote in the Cloud, if you'll pardon the pun, back to the data center. So now we've got the challenge, a lot of our Enterprise data's behind a firewall, supposedly 80% of it. But what's out at the edge of the network. Where's the value in that data? So there are zonal challenges. Now what do I do with my Enterprise versus the open data, the mobile data, the machine data. >> Yeah, we've seen some recent data from IDC that says, "About 43% of the data "is going to stay at the edge." We think that, that's way understated, just given the examples. We think it's closer to 90% is going to stay at the edge. >> Just on the airplane topic, right? So Airbus wasn't going to be outdone. Boeing put 4,000 sensors or something in their 787 Dreamliner six years ago. Airbus just announced an 83, 81,000 with 10,000 sensors in it. Do the same math. Now the FAA in the US said that all aircraft and all carriers have to be, by early next year, I think it's like March or April next year, have to be at the same level of BIOS. Or the same capability of data collection and so forth. It's kind of like a mini GDPR for airlines. So with the 83, 81,000 with 10,000 sensors, that becomes two point five terabytes per flight. If you do the math, it's 220 petabytes of data just in one day's traffic, domestically in the US. Now, it's just so mind boggling that we're going to have to completely turn our thinking on its' head, on what do we do behind the firewall? What do we do in the Cloud versus what we might have to do in the airplane? I mean, think about edge analytics in the airplane processing data, as you said, Jim, streaming analytics in flight. >> Yeah that's a big topic within Wikibon, so, within the team. Me and David Floyer, and my other colleagues. They're talking about the whole notion of edge architecture. Not only will most of the data be persisted at the edge, most of the deep learning models like TensorFlow will be executed at the edge. To some degree, the training of those models will happen in the Cloud. But much of that will be pushed in a federated fashion to the edge, or at least I'm predicting. We're already seeing some industry moves in that direction, in terms of architectures. Google has a federated training, project or initiative. >> Chris: Look at TensorFlow Lite. >> Which is really fascinating for it's geared to IOT, I'm sorry, go ahead. >> Look at TensorFlow Lite. I mean in the announcement of having every Android device having ML capabilities, is Google's essential acknowledgment, "We can't do it all." So we need to essentially, sort of like a setting at home. Everyone's smartphone top TV box just to help with the processing. >> Now we're talking about this, this sort of leads to this IOT discussion but I want to underscore the operating model. As you were saying, "You can't just "lift and shift to the Cloud." You're not going to, CEOs aren't going to get the billion dollar hit by just doing that. So you got to change the operating model. And that leads to, this discussion of IOT. And an entirely new operating model. >> Well, there are companies that are like Sisense who have worked with Intel. And they've taken this concept. They've taken the business logic and not just putting it in the chip, but actually putting it in memory, in the chip. So as data's going through the chip it's not just actually being processed but it's actually being baked in memory. So level one, two, and three cache. Now this is a game changer. Because as Chris was saying, even if we were to get the data back to a central location, the compute load, I saw a real interesting thing from I think it was Google the other day, one of the guys was doing a talk. And he spoke about what it meant to add cognitive and voice processing into just the Android platform. And they used some number, like that had, double the amount of compute they had, just to add voice for free, to the Android platform. Now even for Google, that's a nontrivial exercise. So as Chris was saying, I think we have to again, flip it on its' head and say, "How much can we put "at the edge of the network?" Because think about these phones. I mean, even your fridge and microwave, right? We put a man on the moon with something that these days, we make for $89 at home, on the Raspberry Pie computer, right? And even that was 1,000 times more powerful. When we start looking at what's going into the chips, we've seen people build new, not even GPUs, but deep learning and stream analytics capable chips. Like Google, for example. That's going to make its' way into consumer products. So that, now the compute capacity in phones, is going to, I think transmogrify in some ways because there is some magic in there. To the point where, as Chris was saying, "We're going to have the smarts in our phone." And a lot of that workload is going to move closer to us. And only the metadata that we need to move is going to go centrally. >> Well here's the thing. The edge isn't the technology. The edge is actually the people. When you look at, for example, the MIT language Scratch. This is kids programming language. It's drag and drop. You know, kids can assemble really fun animations and make little movies. We're training them to build for IOT. Because if you look at a system like Node-RED, it's an IBM interface that is drag and drop. Your workflow is for IOT. And you can push that to a device. Scratch has a converter for doing those. So the edge is what those thousands and millions of kids who are learning how to code, learning how to think architecturally and algorithmically. What they're going to create that is beyond what any of us can possibly imagine. >> I'd like to add one other thing, as well. I think there's a topic we've got to start tabling. And that is what I refer to as the gravity of data. So when you think about how planets are formed, right? Particles of dust accrete. They form into planets. Planets develop gravity. And the reason we're not flying into space right now is that there's gravitational force. Even though it's one of the weakest forces, it keeps us on our feet. Oftentimes in organizations, I ask them to start thinking about, "Where is the center "of your universe with regard to the gravity of data." Because if you can follow the center of your universe and the gravity of your data, you can often, as Chris is saying, find where the business logic needs to be. And it could be that you got to think about a storage problem. You can think about a compute problem. You can think about a streaming analytics problem. But if you can find where the center of your universe and the center of your gravity for your data is, often you can get a really good insight into where you can start focusing on where the workloads are going to be where the smarts are going to be. Whether it's small, medium, or large. >> So this brings up the topic of data governance. One of the themes here at Fast Track Your Data is GDPR. What it means. It's one of the reasons, I think IBM selected Europe, generally, Munich specifically. So let's talk about GDPR. We had a really interesting discussion last night. So let's kind of recreate some of that. I'd like somebody in the panel to start with, what is GDPR? And why does it matter, Ronald? >> Yeah, maybe I can start. Maybe a little bit more in general unified governance. So if i talk to companies and I need to explain to them what's governance, I basically compare it with a crime scene. So in a crime scene if something happens, they start with securing all the evidence. So they start sealing the environment. And take care that all the evidence is collected. And on the other hand, you see that they need to protect this evidence. There are all kinds of policies. There are all kinds of procedures. There are all kinds of rules, that need to be followed. To take care that the whole evidence is secured well. And once you start, basically, investigating. So you have the crime scene investigators. You have the research lab. You have all different kind of people. They need to have consent before they can use all this evidence. And the whole reason why they're doing this is in order to collect the villain, the crook. To catch him and on the other hand, once he's there, to convict him. And we do this to have trust in the materials. Or trust in basically, the analytics. And on the other hand to, the public have trust in everything what's happened with the data. So if you look to a company, where data is basically the evidence, this is the value of your data. It's similar to like the evidence within a crime scene. But most companies don't treat it like this. So if we then look to GDPR, GDPR basically shifts the power and the ownership of the data from the company to the person that created it. Which is often, let's say the consumer. And there's a lot of paradox in this. Because all the companies say, "We need to have this customer data. "Because we need to improve the customer experience." So if you make it concrete and let's say it's 1st of June, so GDPR is active. And it's first of June 2018. And I go to iTunes, so I use iTunes. Let's go to iTunes said, "Okay, Apple please "give me access to my data." I want to see which kind of personal information you have stored for me. On the other end, I want to have the right to rectify all this data. I want to be able to change it and give them a different level of how they can use my data. So I ask this to iTunes. And then I say to them, okay, "I basically don't like you anymore. "I want to go to Spotify. "So please transfer all my personal data to Spotify." So that's possible once it's June 18. Then I go back to iTunes and say, "Okay, I don't like it anymore. "Please reduce my consent. "I withdraw my consent. "And I want you to remove all my "personal data for everything that you use." And I go to Spotify and I give them, let's say, consent for using my data. So this is a shift where you can, as a person be the owner of the data. And this has a lot of consequences, of course, for organizations, how to manage this. So it's quite simple for the consumer. They get the power, it's maturing the whole law system. But it's a big consequence of course for organizations. >> This is going to be a nightmare for marketers. But fill in some of the gaps there. >> Let's go back, so GDPR, the General Data Protection Regulation, was passed by the EU in 2016, in May of 2016. It is, as Ronald was saying, it's four basic things. The right to privacy. The right to be forgotten. Privacy built into systems by default. And the right to data transfer. >> Joe: It takes effect next year. >> It is already in effect. GDPR took effect in May of 2016. The enforcement penalties take place the 25th of May 2018. Now here's where, there's two things on the penalty side that are important for everyone to know. Now number one, GDPR is extra territorial. Which means that an EU citizen, anywhere on the planet has GDPR, goes with them. So say you're a pizza shop in Nebraska. And an EU citizen walks in, orders a pizza. Gives her the credit card and stuff like that. If you for some reason, store that data, GDPR now applies to you, Mr. Pizza shop, whether or not you do business in the EU. Because an EU citizen's data is with you. Two, the penalties are much stiffer then they ever have been. In the old days companies could simply write off penalties as saying, "That's the cost of doing business." With GDPR the penalties are up to 4% of your annual revenue or 20 million Euros, whichever is greater. And there may be criminal sanctions, charges, against key company executives. So there's a lot of questions about how this is going to be implemented. But one of the first impacts you'll see from a marketing perspective is all the advertising we do, targeting people by their age, by their personally identifiable information, by their demographics. Between now and May 25th 2018, a good chunk of that may have to go away because there's no way for you to say, "Well this person's an EU citizen, this person's not." People give false information all the time online. So how do you differentiate it? Every company, regardless of whether they're in the EU or not will have to adapt to it, or deal with the penalties. >> So Lillian, as a consumer this is designed to protect you. But you had a very negative perception of this regulation. >> I've looked over the GDPR and to me it actually looks like a socialist agenda. It looks like (panel laughs) no, it looks like a full assault on free enterprise and capitalism. And on its' face from a legal perspective, its' completely and wholly unenforceable. Because they're assigning jurisdictional rights to the citizen. But what are they going to do? They're going to go to Nebraska and they're going to call in the guy from the pizza shop? And call him into what court? The EU court? It's unenforceable from a legal perspective. And if you write a law that's unenforceable, you know, it's got to be enforceable in every element. It can't be just, "Oh, we're only "going to enforce it for Facebook and for Google. "But it's not enforceable for," it needs to be written so that it's a complete and actionable law. And it's not written in that way. And from a technological perspective it's not implementable. I think you said something like 652 EU regulators or political people voted for this and 10 voted against it. But what do they know about actually implementing it? Is it possible? There's all sorts of regulations out there that aren't possible to implement. I come from an environmental engineering background. And it's absolutely ridiculous because these agencies will pass laws that actually, it's not possible to implement those in practice. The cost would be too great. And it's not even needed. So I don't know, I just saw this and I thought, "You know, if the EU wants to," what they're essentially trying to do is regulate what the rest of the world does on the internet. And if they want to build their own internet like China has and police it the way that they want to. But Ronald here, made an analogy between data, and free enterprise, and a crime scene. Now to me, that's absolutely ridiculous. What does data and someone signing up for an email list have to do with a crime scene? And if EU wants to make it that way they can police their own internet. But they can't go across the world. They can't go to Singapore and tell Singapore, or go to the pizza shop in Nebraska and tell them how to run their business. >> You know, EU overreach in the post Brexit era, of what you're saying has a lot of validity. How far can the tentacles of the EU reach into other sovereign nations. >> What court are they going to call them into? >> Yeah. >> I'd like to weigh in on this. There are lots of unknowns, right? So I'd like us to focus on the things we do know. We've already dealt with similar situations before. In Australia, we introduced a goods and sales tax. Completely foreign concept. Everything you bought had 10% on it. No one knew how to deal with this. It was a completely new practice in accounting. There's a whole bunch of new software that had to be written. MYRB had to have new capability, but we coped. No one actually went to jail yet. It's decades later, for not complying with GST. So what it was, was a framework on how to shift from non sales tax related revenue collection. To sales tax related revenue collection. I agree that there are some egregious things built into this. I don't disagree with that at all. But I think if I put my slightly broader view of the world hat on, we have well and truly gone past the point in my mind, where data was respected, data was treated in a sensible way. I mean I get emails from companies I've never done business with. And when I follow it up, it's because I did business with a credit card company, that gave it to a service provider, that thought that I was going to, when I bought a holiday to come to Europe, that I might want travel insurance. Now some might say there's value in that. And other's say there's not, there's the debate. But let's just focus on what we're talking about. We're talking about a framework for governance of the treatment of data. If we remove all the emotive component, what we are talking about is a series of guidelines, backed by laws, that say, "We would like you to do this," in an ideal world. But I don't think anyone's going to go to jail, on day one. They may go to jail on day 180. If they continue to do nothing about it. So they're asking you to sort of sit up and pay attention. Do something about it. There's a whole bunch of relief around how you approach it. The big thing for me, is there's no get out of jail card, right? There is no get out of jail card for not complying. But there's plenty of support. I mean, we're going to have ambulance chasers everywhere. We're going to have class actions. We're going to have individual suits. The greatest thing to do right now is get into GDPR law. Because you seem to think data scientists are unicorn? >> What kind of life is that if there's ambulance chasers everywhere? You want to live like that? >> Well I think we've seen ad blocking. I use ad blocking as an example, right? A lot of organizations with advertising broke the internet by just throwing too much content on pages, to the point where they're just unusable. And so we had this response with ad blocking. I think in many ways, GDPR is a regional response to a situation where I don't think it's the exact right answer. But it's the next evolutional step. We'll see things evolve over time. >> It's funny you mentioned it because in the United States one of the things that has happened, is that with the change in political administrations, the regulations on what companies can do with your data have actually been laxened, to the point where, for example, your internet service provider can resell your browsing history, with or without your consent. Or your consent's probably buried in there, on page 47. And so, GDPR is kind of a response to saying, "You know what? "You guys over there across the Atlantic "are kind of doing some fairly "irresponsible things with what you allow companies to do." Now, to Lillian's point, no one's probably going to go after the pizza shop in Nebraska because they don't do business in the EU. They don't have an EU presence. And it's unlikely that an EU regulator's going to get on a plane from Brussels and fly to Topeka and say, or Omaha, sorry, "Come on Joe, let's get the pizza shop in order here." But for companies, particularly Cloud companies, that have offices and operations within the EU, they have to sit up and pay attention. So if you have any kind of EU operations, or any kind of fiscal presence in the EU, you need to get on board. >> But to Lillian's point it becomes a boondoggle for lawyers in the EU who want to go after deep pocketed companies like Facebook and Google. >> What's the value in that? It seems like regulators are just trying to create work for themselves. >> What about the things that say advertisers can do, not so much with the data that they have? With the data that they don't have. In other words, they have people called data scientists who build models that can do inferences on sparse data. And do amazing things in terms of personalization. What do you do about all those gray areas? Where you got machine learning models and so forth? >> But it applies-- >> It applies to personally identifiable information. But if you have a talented enough data scientist, you don't need the PII or even the inferred characteristics. If a certain type of behavior happens on your website, for example. And this path of 17 pages almost always leads to a conversion, it doesn't matter who you are or where you're coming from. If you're a good enough data scientist, you can build a model that will track that. >> Like you know, target, infer some young woman was pregnant. And they inferred correctly even though that was never divulged. I mean, there's all those gray areas that, how can you stop that slippery slope? >> Well I'm going to weigh in really quickly. A really interesting experiment for people to do. When people get very emotional about it I say to them, "Go to Google.com, "view source, put it in seven point Courier "font in Word and count how many pages it is." I guess you can't guess how many pages? It's 52 pages of seven point Courier font, HTML to render one logo, and a search field, and a click button. Now why do we need 52 pages of HTML source code and Java script just to take a search query. Think about what's being done in that. It's effectively a mini operating system, to figure out who you are, and what you're doing, and where you been. Now is that a good or bad thing? I don't know, I'm not going to make a judgment call. But what I'm saying is we need to stop and take a deep breath and say, "Does anybody need a 52 page, "home page to take a search query?" Because that's just the tip of the iceberg. >> To that point, I like the results that Google gives me. That's why I use Google and not Bing. Because I get better search results. So, yeah, I don't mind if you mine my personal data and give me, our Facebook ads, those are the only ads, I saw in your article that GDPR is going to take out targeted advertising. The only ads in the entire world, that I like are Facebook ads. Because I actually see products I'm interested in. And I'm happy to learn about that. I think, "Oh I want to research that. "I want to see this new line of products "and what are their competitors?" And I like the targeted advertising. I like the targeted search results because it's giving me more of the information that I'm actually interested in. >> And that's exactly what it's about. You can still decide, yourself, if you want to have this targeted advertising. If not, then you don't give consent. If you like it, you give consent. So if a company gives you value, you give consent back. So it's not that it's restricting everything. It's giving consent. And I think it's similar to what happened and the same type of response, what happened, we had the Mad Cow Disease here in Europe, where you had the whole food chain that needed to be tracked. And everybody said, "No, it's not required." But now it's implemented. Everybody in Europe does it. So it's the same, what probably going to happen over here as well. >> So what does GDPR mean for data scientists? >> I think GDPR is, I think it is needed. I think one of the things that may be slowing data science down is fear. People are afraid to share their data. Because they don't know what's going to be done with it. If there are some guidelines around it that should be enforced and I think, you know, I think it's been said but as long as a company could prove that it's doing due diligence to protect your data, I think no one is going to go to jail. I think when there's, you know, we reference a crime scene, if there's a heinous crime being committed, all right, then it's going to become obvious. And then you do go directly to jail. But I think having guidelines and even laws around privacy and protection of data is not necessarily a bad thing. You can do a lot of data, really meaningful data science, without understanding that it's Joe Caserta. All of the demographics about me. All of the characteristics about me as a human being, I think are still on the table. All that they're saying is that you can't go after Joe, himself, directly. And I think that's okay. You know, there's still a lot of things. We could still cure diseases without knowing that I'm Joe Caserta, right? As long as you know everything else about me. And I think that's really at the core, that's what we're trying to do. We're trying to protect the individual and the individual's data about themselves. But I think as far as how it affects data science, you know, a lot of our clients, they're afraid to implement things because they don't exactly understand what the guideline is. And they don't want to go to jail. So they wind up doing nothing. So now that we have something in writing that, at least, it's something that we can work towards, I think is a good thing. >> In many ways, organizations are suffering from the deer in the headlight problem. They don't understand it. And so they just end up frozen in the headlights. But I just want to go back one step if I could. We could get really excited about what it is and is not. But for me, the most critical thing there is to remember though, data breaches are happening. There are over 1,400 data breaches, on average, per day. And most of them are not trivial. And when we saw 1/2 a billion from Yahoo. And then one point one billion and then one point five billion. I mean, think about what that actually means. There were 47,500 Mongodbs breached in an 18 hour window, after an automated upgrade. And they were airlines, they were banks, they were police stations. They were hospitals. So when I think about frameworks like GDPR, I'm less worried about whether I'm going to see ads and be sold stuff. I'm more worried about, and I'll give you one example. My 12 year old son has an account at a platform called Edmodo. Now I'm not going to pick on that brand for any reason but it's a current issue. Something like, I think it was like 19 million children in the world had their username, password, email address, home address, and all this social interaction on this Facebook for kids platform called Edmodo, breached in one night. Now I got my hands on a copy. And everything about my son is there. Now I have a major issue with that. Because I can't do anything to undo that, nothing. The fact that I was able to get a copy, within hours on a dark website, for free. The fact that his first name, last name, email, mobile phone number, all these personal messages from friends. Nobody has the right to allow that to breach on my son. Or your children, or our children. For me, GDPR, is a framework for us to try and behave better about really big issues. Whether it's a socialist issue. Whether someone's got an issue with advertising. I'm actually not interested in that at all. What I'm interested in is companies need to behave much better about the treatment of data when it's the type of data that's being breached. And I get really emotional when it's my son, or someone else's child. Because I don't care if my bank account gets hacked. Because they hedge that. They underwrite and insure themselves and the money arrives back to my bank. But when it's my wife who donated blood and a blood donor website got breached and her details got lost. Even things like sexual preferences. That they ask questions on, is out there. My 12 year old son is out there. Nobody has the right to allow that to happen. For me, GDPR is the framework for us to focus on that. >> Dave: Lillian, is there a comment you have? >> Yeah, I think that, I think that security concerns are 100% and definitely a serious issue. Security needs to be addressed. And I think a lot of the stuff that's happening is due to, I think we need better security personnel. I think we need better people working in the security area where they're actually looking and securing. Because I don't think you can regulate I was just, I wanted to take the microphone back when you were talking about taking someone to jail. Okay, I have a background in law. And if you look at this, you guys are calling it a framework. But it's not a framework. What they're trying to do is take 4% of your business revenues per infraction. They want to say, "If a person signs up "on your email list and you didn't "like, necessarily give whatever "disclaimer that the EU said you need to give. "Per infraction, we're going to take "4% of your business revenue." That's a law, that they're trying to put into place. And you guys are talking about taking people to jail. What jail are you? EU is not a country. What jurisdiction do they have? Like, you're going to take pizza man Joe and put him in the EU jail? Is there an EU jail? Are you going to take them to a UN jail? I mean, it's just on its' face it doesn't hold up to legal tests. I don't understand how they could enforce this. >> I'd like to just answer the question on-- >> Security is a serious issue. I would be extremely upset if I were you. >> I personally know, people who work for companies who've had data breaches. And I respect them all. They're really smart people. They've got 25 plus years in security. And they are shocked that they've allowed a breach to take place. What they've invariably all agreed on is that a whole range of drivers have caused them to get to a bad practice. So then, for example, the donate blood website. The young person who was assist admin with all the right skills and all the right experience just made a basic mistake. They took a db dump of a mysql database before they upgraded their Wordpress website for the business. And they happened to leave it in a folder that was indexable by Google. And so somebody wrote a radio expression to search in Google to find sql backups. Now this person, I personally respect them. I think they're an amazing practitioner. They just made a mistake. So what does that bring us back to? It brings us back to the point that we need a safety net or a framework or whatever you want to call it. Where organizations have checks and balances no matter what they do. Whether it's an upgrade, a backup, a modification, you know. And they all think they do, but invariably we've seen from the hundreds of thousands of breaches, they don't. Now on the point of law, we could debate that all day. I mean the EU does have a remit. If I was caught speeding in Germany, as an Australian, I would be thrown into a German jail. If I got caught as an organization in France, breaching GDPR, I would be held accountable to the law in that region, by the organization pursuing me. So I think it's a bit of a misnomer saying I can't go to an EU jail. I don't disagree with you, totally, but I think it's regional. If I get a speeding fine and break the law of driving fast in EU, it's in the country, in the region, that I'm caught. And I think GDPR's going to be enforced in that same approach. >> All right folks, unfortunately the 60 minutes flew right by. And it does when you have great guests like yourselves. So thank you very much for joining this panel today. And we have an action packed day here. So we're going to cut over. The CUBE is going to have its' interview format starting in about 1/2 hour. And then we cut over to the main tent. Who's on the main tent? Dez, you're doing a main stage presentation today. Data Science is a Team Sport. Hillary Mason, has a breakout session. We also have a breakout session on GDPR and what it means for you. Are you ready for GDPR? Check out ibmgo.com. It's all free content, it's all open. You do have to sign in to see the Hillary Mason and the GDPR sessions. And we'll be back in about 1/2 hour with the CUBE. We'll be running replays all day on SiliconAngle.tv and also ibmgo.com. So thanks for watching everybody. Keep it right there, we'll be back in about 1/2 hour with the CUBE interviews. We're live from Munich, Germany, at Fast Track Your Data. This is Dave Vellante with Jim Kobielus, we'll see you shortly. (electronic music)

okay we're back this is Dave Volante with Jeff Kelly we're with Ricky bond on organ this is the cubes silicon angles flagship product we go out to the events we extract the signal from the noise we bring you the tech athletes who are really changing the industry and we have one here today christiane sabo is the CEO the leader the spiritual leader of of this conference and of Tablo Kristin welcome to the cube thanks for having me yeah it's our pleasure great keynote the other day I just got back from Italy so I'm full of superlatives right it really was magnificent I was inspired I think the whole audience was inspired by your enthusiasm and what struck me is I'm a big fan of simon Sinek who says that people don't buy what you do they buy why you do it and your whole speech was about why you're here everybody can talk about their you know differentiators they can talk about what they sell you talked about why you're here was awesome so congratulations I appreciate that yeah so um so why did you start then you and your colleagues tableau well it's how below really started with a series of breakthrough research innovations that was this seed there are three co-founders of tableau myself dr. crystal T and professor Pat Hanrahan and those two are brilliant inventors and designers and researchers and the real hero of the tableau story and the company formed when they met on entrepreneur and a customer I had spent several years as a data analyst when I first came out of college and I understood the problems making sense of data and so when I encountered the research advancements they had made I saw a vision of the future a much better world that could bring the power of data to a vastly larger number of people yeah and it's really that simple isn't it and and so you gave some fantastic examples them in the way in which penicillin you know was discovered you know happenstance and many many others so those things inspire you to to create this innovation or was it the other way around you've created this innovation and said let's look around and see what others have done well I think the thing that we're really excited about is simply put as making databases and spreadsheets easy for people to use I can talk to someone who knows nothing about business intelligence technology or databases or anything but if I say hey do you have any spreadsheets or data files or databases you you just feel like it could it could get in there and answer some questions and put it all together and see the big picture and maybe find a thing or two everyone not everyone has been in that situation if nothing else with the spreadsheet full of stuff like your readership or the linkage the look the the traffic flow on on the cube website everyone can relate to that idea of geez why can't I just have a google for databases and that's what tableau is doing right right so you've kind of got this it's really not a war it's just two front two vectors you know sometimes I did I did tweet out they have a two-front war yeah what'd you call it the traditional BI business I love how you slow down your kids and you do that and then Excel but the point I made on Twitter in 140 characters was you it will be longer here I'm a little long-winded sometimes on the cube but you've got really entrenched you know bi usage and you've got Excel which is ubiquitous so it sounds easy to compete with those it's not it's really not you have to have a 10x plus value problem solutely talked about that a little bit well I think the most important thing we're doing is we're bringing the power of data and analytics to a much broader population of people so the reason the answer that way is that if you look at these traditional solutions that you described they have names like and these are the product brand names forget who owns them but the product brand names people are used to hearing when it comes to enterprise bi technology our names like Business Objects and Cognos and MicroStrategy and Oracle Oh bi and big heavy complicated develop intensive platforms and surprise surprise they're not in the hands of very many people they're just too complicated and development heavy to use so when we go into the worlds even the world's biggest companies this was a shocker for us even when we go into the world's most sophisticated fortune 500 companies and the most cutting-edge industries with the top-notch people most of the people in their organization aren't using those platforms because of theirs their complication and expense and development pull and so usually what we end up doing is just bringing the power of easy analytics and dashboards and visualization and easy QA with data to people who have nothing other than maybe a spreadsheet on their desk so in that sense it's actually a little easier than it sounds well you know I have to tell you I just have a cio consultancy and back in the day and we used to go in and do application portfolio analysis and we would look at the applications and we always advise the CIOs that the value of an application is a function of its use how much is being adopted and the impact of that use you know productivity of the users right and you'd always find that this is the dss system the decision support system like you said there were maybe 3 to 15 users yeah and an organization of tens of thousands of people yeah if they were very productive so imagine if you can you can permeate the other you know hundreds of thousands of users that are out there do you see that kind of impact that productivity impact as the potential for your marketplace absolutely I you know the person who I think said it best was the CEO of Cisco John Chambers and I'll paraphrase him here but he has this great thing he said which is he said you know if I can get each of the people on my team consulting data say oh I don't know twice per day before making a decision and they do the same thing with their people and their people and so you know that's a million decisions a month you did the math better made than my competition I don't want people waiting around for top top management to consult some data before making a decision I want all of our people all the time Consulting data before making a decision and that's the real the real spirit of this new age of BI for too long it's been in the hands of a high priesthood of people who know how to operate these complicated convoluted enterprise bi systems and the revolution is here people are fed up with it they're taking power into their hands and they're driving their organizations forward with the power of data thanks to the magic of an easy-to-use suite like tableau well it's a perfect storm right because everybody wants to be a data-driven organization absolutely data-driven if you don't have the tools to be able to visualize the data absolutely so Jeff if you want to jump in well Christian so in your keynote you talked for the majority of the keynote about human intuition and the human element talk a little bit about that because when we hear about in the press these days about big data it's oh well the the volume of data will tell you what the answer is you don't need much of the human element talk about why you think the human element is so important to data-driven decision-making and how you incorporate that into your design philosophy when you're building the product and you're you know adding new features how does the human element play in that scenario yeah I mean it's funny dated the data driven moniker is coming these days and we're tableaus a big big believer in the power of data we use our tools internally but of course no one really wants to be data driven if you drive your company completely based on data say hello to the cliff wall you will drive it off a cliff you really want people intelligent domain experts using a combination of act and intuition and instinct to make data informed decisions to make great decisions along the way so although pure mining has some role in the scheme of analytics frankly it's a minor role what we really need to do is make analytic software that as I said yesterday is like a bicycle for our minds this was the great Steve Jobs quote about computers that their best are like bicycles for our mind effortless machines that just make us go so much faster than any other species with no more effort expended right that's the spirit of computers when they're at our best Google Google is effortless to use and makes my brain a thousand times smarter than it is right unfortunately over an analytic software we've never seen software that does tap in business intelligence software there's so much development weight and complexity and expense and slow rollout schedules that were never able to get that augmentation of the brain that can help lead to better decisions so at tableau in terms of design we value our product requirements documents say things like intuition and feel and design and instinct and user experience they're focused on the journey of working with data not just some magic algorithm that's gonna spit out some answer that tells you what to do yeah I mean I've often wondered where that bi business would be that traditional decision support business if it weren't for sarbanes-oxley I mean it gave it a new life right because you had to have a single version of the truth that was mandated by by the government here we had Bruce Boston on yesterday who works over eight for a company that shall not be named but anyway he was talking about okay Bruce in case you're watching we're sticking to our promise but he was talking about intent desire and satisfaction things those are three things intent desire and satisfaction that machines can't do like the point being you just you know it was the old bromide you can't take the humans in the last mile yeah I guess yeah do you see that ever changing no I mean I think you know I I went to a friend a friend of mine I just haven't seen in a while a friend of mine once said he was an he was an artificial intelligence expert had Emilie's PhD in a professorship in AI and once I naively asked him I said so do we have artificial intelligence do we have it or not and we've been talking about for decades like is it here and he said you're asking the wrong question the question is how smart our computers right so I just think we're analytics is going is we want to make our computers smarter and smarter and smarter there'll be no one day we're sudden when we flip a switch over and the computer now makes the decision so in that sense the answer to your question is I keep I see things going is there is it going now but underneath the covers of human human based decision making it are going to be fantastic advancements and the technology to support good decision making to help people do things like feel and and and chase findings and shift perspectives on a problem and actually be creative using data I think there's I think it's gonna be a great decade ahead ahead of us so I think part of the challenge Christian in doing that and making that that that evolution is we've you know in the way I come the economy and and a lot of jobs work over the last century is you know you're you're a cog in a wheel your this is how you do your job you go you do it the same way every day and it's more of that kind of almost assembly line type of thinking and now we're you know we're shifting now we're really the to get ahead in your career you've got to be as good but at an artist you've got to create B you've got to make a difference is the challenge do you see a challenge there in terms of getting people to embrace this new kind of creativity and again how do you as a company and as a you know provider of data visualization technology help change some of those attitudes and make people kind of help people make that shift to more of less of a you know a cog in a larger organization to a creative force inside that organ well mostly I feel like we support what people natively want to do so there are there are some challenges but I mostly see opportunity there in category after category of human activity we're seeing people go from consumers to makers look at publishing from 20 years ago to now self-publishing come a few blogs and Twitter's Network exactly I mean we've gone from consumers to makers everyone's now a maker and we have an ecosystem of ideas that's so positive people naturally want to go that way I mean people's best days on the job are when they feel they're creating something and have that sense of achievement of having had an idea and seeing some progress their hands made on that idea so in a sense we're just fueling the natural human desire to have more participation with data to id8 with data to be more involved with data then they've been able to in the past and again like other industries what we're seeing in this category of technology which is the one I know we're going from this very waterfall cog in a wheel type process is something that's much more agile and collaborative and real-time and so it's hard to be creative and inspired when you're just a cog stuck in a long waterfall development process so it's mostly just opportunity and really we're just fueling the fire that I think is already there yeah you talked about that yesterday in your talk you gave a great FAA example the Mayan writing system example was fantastic so I just really loved that story you in your talk yesterday basically told the audience first of all you have very you know you have clarity of vision you seem to have certainty in your vision of passion for your vision but the same time you said you know sometimes data can be confusing and you're not really certain where it's going don't worry about that it's no it's okay you know I was like all will be answered eventually what but what about uncertainty you know in your minds as the you know chief executive of this organization as a leader in a new industry what things are uncertain to you what are the what are the potential blind spots for you that you worry about do you mean for tableau as a company for people working with data general resource for tableau as a company oh I see well I think there's always you know I got a trip through the spirit of the question but we're growing a company we're going a disruptive technology company and we want to embrace all the tall the technologies that exist around us right we want to help to foster day to day data-driven decision-making in all of its places in forms and it seems to me that virtually every breakthrough technology company has gone through one or two major Journal technology transformations or technology shocks to the industry that they never anticipated when they founded the company okay probably the most recent example is Facebook and mobile I mean even though even though mobile the mobile revolution was well in play when when Facebook was founded it really hadn't taken off and that was a blind Facebook was found in oh seven right and look what happened to them right after and here's that here's new was the company you can get it was founded in oh seven yeah right so most companies I mean look how many companies were sort of shocked by the internet or shocked by the iPod or shocked by the emergence of a tablet right or shocked by the social graph you know I think for us in tableaus journey if this was the spirit of the thought of the question we will have our own shocks happen the first was the tablet I mean when we founded tableau like the rest of the world we never would have anticipated that that a brilliant company would finally come along and crack the tablet opportunity wide open and before in a blink of an eye hundreds of millions of people are walking around with powerful multi-touch graphic devices in their I mean who would have guessed people wouldn't have guessed it no six let alone oh three know what and so luckily that's what that's I mean so this is the good kind of uncertainty we've been able to really rally around that there are our developers love to work on this area and today we have probably the most innovative mobile analytics offering on the market but it's one we never could have anticipated so I think the biggest things in terms of big categories of uncertainty that we'll see going forward are similar shocks like that and our success will be determined by how well we're able to adapt to those so why is it and how is it that you're able to respond so quickly as an organization to some of those tectonic shifts well I think the most important thing is having a really fleet-footed R&D team we have just an exceptional group of developers who we have largely not hired from business technology companies we have something very distributed going a tableau yeah one of the amazing things about R&D key our R&D team is when we decided to build just this amazing high-wattage cutting-edge R&D team and focus them on analytics and data we decided not to hire from other business intelligence companies because we didn't think those companies made great products so we've actually been hiring from places like Google and Facebook and Stanford and MIT and computer gaming companies if you look at the R&D engineers who work on gaming companies in terms of the graphic displays and the response times and the high dimensional data there are actually hundreds of times more sophisticated in their thinking and their engineering then some engineer who was working for an enterprise bi reporting company so this incredible horsepower this unique team of inspired zealots and high wattage engineers we have in our R&D team like Apple that's the key to being able to respond to these disruptive shocks every once in a while and rule and really sees them as an opportunity well they're fun to I mean think of something on the stage yesterday and yeah we're in fucky hats and very comfortable there's never been an R&D team like ours assembled in analytics it's been done in other industries right Google and Facebook famously but in analytics there's never been such an amazing team of engineers and Christian what struck me one of the things that struck me yesterday during your keynote or the second half of the keynote was bringing up the developers and talking about the specific features and functions you're gonna add to the product and hearing the crowd kind of erupt at different different announcements different features that you're adding and it's clear that you're very customer focused at this at tableau of you I mean you're responding to the the needs and the requests of your customers and I that's clearly evident again in the in the passion that these customers have for your for your product for your company how do you know first I'm happy how do you maintain that or how do you get get to that point in the first place where you're so customer focused and as you go forward being a public company now you're gonna get pressure from Wall Street and quarter results and all that that you know that comes with that kind of comes with the territory how do you remain that focused on the customer kind of as your you know you're going to be under a lot of pressure to grow and and you know drive revenue yeah I keep that focus well there's two things we do it's a it's always a challenge to stay really connected to your customers as you get big but it's what we pride ourselves on doing and there's two specific things we do to foster it the first is that we really try to focus the company and we try to make a positive aspect of the culture the idea of impact what is the impact of the work we're having and in fact a great example of how we foster that is we bring our entire support and R&D team to this conference no matter where it is we take we fly I mean in this case we literally flew the entire R&D team and product management team and whatnot across country and the time they get here face to face face to face with customers and hearing the customer stories and the victories and actually seeing the feedback you just described really inspires them it gives them specific ideas literally to go back and start working on but it also just gives them a sense of who comes first in a way that if you don't leave the office and you don't focus on that really doesn't materialize and the way you want it the second thing we do is we are we are big followers of I guess what's called the dog food philosophy of eat your own dog so drink your own champagne and so one of our core company values that tableau is we use our products facility a stated value of the company we use our products and into an every group at tableau in tests in bug regressions in development in sales and marketing and planning and finance and HR every sip marketing marketing is so much data these these every group uses tableau to run our own business and make decisions and what happens Matt what's really nice about a company because you know we're getting close to a thousand people now and so it's keeping the spirit you just described alive is really important it becomes quite challenging vectors leagues for it because when that's one of your values and that's the way the culture has been built every single person in the company is a customer everyone understands the customer's situation and the frustrations and the feature requests and knows how to support them when they meet them and can empathize with them when they're on the phone and is a tester automatically by virtue of using the product so we just try to focus on a few very authentic things to keep our connection with the customer as close as possible I'll say christen your company is a rising star we've been talking all this week of the similarities that we were talking off about the similarities with with ServiceNow just in terms of the passion within the customer base we're tracking companies like workday you know great companies that are that are that are being built new emerging disruptive companies we put you in that in that category and we're very excited for different reasons you know different different business altogether but but there are some similar dynamics that we're watching so as observers it's independent observers what kinds of things do you want us to be focused on watching you over the next 12 18 24 months what should we be paying attention to well I think the most important thing is tableau ultimately is a product company and we view ourselves very early in our product development lifecycle I think people who don't really understand tableau think it's a visualization company or a visualization tool I don't I don't really understand that when you talk about the vision a lot but okay sure we can visualization but there's just something much bigger I mean you asked about people watching the company I think what's important to watch is that as I spoke about makino yesterday tableau believes what is called the business intelligence industry what's called the business analytics technology stack needs to be completely rewritten from scratch that's what we believe to do over it's a do-over it's based on technology from a prior hair prior era of computing there's been very little innovation the R&D investment ratios which you can look up online of the companies in this space are pathetically low and have been for decades and this industry needs a Google it needs an apple it's a Facebook an RD machine that is passionate and driven and is leveraging the most recent advances in computing to deliver products that people actually love using so that people start to enjoy doing analytics and have fun with it and make data-driven driven decision in a very in a very in a way that's just woven into their into their into their enjoyment and work style every every single day so the big series of product releases you're going to see from us over the next five years that's the thing to watch and we unveiled a few of them yesterday but trust me there's a lot more that's you a lot of applause christina is awesome you can see you know the passion that you're putting forth your great vision so congratulations in the progress you've made I know I know you're not done we'll be watching it thanks very much for coming to me I'm really a pleasure thank you all right keep right there everybody we're going wall to wall we got a break coming up next and then we'll be back this afternoon and this is Dave Volante with Jeff Kelly this is the cube we'll be right back