(upbeat music) >> Okay, welcome back everyone. CUBE's coverage here in Boston, Massachusetts, AWS re:inforce 22, security conference. It's AWS' big security conference. Of course, theCUBE's here, all the reinvent, reese, remars, reinforced. We cover 'em all now and the summits. I'm John Furrier, my host Dave Vellante. We have IDC weighing in here with their analysts. We've got some great guests here, Jay Bretzmann research VP at IDC and Philip Bues research manager for Cloud security. Gentlemen, thanks for coming on. >> Thank you. >> Appreciate it. Great to be here. >> Appreciate coming. >> Got a full circle, right? (all laughing) Security's more interesting than storage, isn't it? (all laughing) >> Dave and Jay worked together. This is a great segment. I'm psyched that you guys are here. We had Crawford and Matt Eastwood on at HPE Discover a while back and really the data you guys are getting and the insights are fantastic. So congratulations to IDC. You guys doing great work. We appreciate your time. I want to get your reaction to the event and the keynotes. AWS has got some posture and they're very aggressive on some tones. Some things that we didn't hear. What's your reaction to the keynote? Share your assessment. >> So, you know, I manage two different research services at IDC right now. They are both Cloud security and identity and digital security, right? And what was really interesting is the intersection between the two this morning, because every one of those speakers that came on had something to say about identity or least privileged access, or enable MFA, or make sure that you control who gets access to what and deny explicitly. And it's always been a challenge a little bit in the identity world because a lot of people don't use MFA. And in RSA, that was another big theme at the RSA conference, MFA everywhere. Why don't they use it? Because it introduces friction and all of a sudden people can't get their jobs done. And the whole point of a network is letting people on to get that data they want to get to. So that was kind of interesting, but as we have in the industry, this shared responsibility model for Cloud computing, we've got shared responsibility for between Philip and I. (Philip laughing) I have done in the past more security of the Cloud and Philip is more security in the Cloud. >> So yeah. >> And now with Cloud operation Super Cloud, as we call it, you have on premises, private Cloud coming back, or hasn't really gone anywhere, all that on premises, Cloud operations, public Cloud, and now edge exploding with new requirements. It's really an ops challenge right now. Not so much dev. So the sec and op side is hot right now. >> Yeah, well, we've made this move from monolithic to microservices based applications. And so during the keynote this morning, the announcement around the GuardDuty Malware Protection component, and that being built into the pricing of current GuardDuty, I thought was really key. And there was also a lot of talk about partnering in security certifications, which is also so very important. So we're seeing this move towards filling in that talent gap, which I think we're all aware of in the security industry. >> So Jake, square the circle for me. So Kirk Coofell talked about Amazon AWS identity, where does AWS leave off, and companies like Okta or Ping identity or Cybertruck pickup, how are they working together? Does it just create more confusion and more tools for customers? We know the overused word of seamless. >> Yeah, yeah. >> It's never seamless, so how should we think about that? >> So, identity has been around for 35 years or something like that. Started with the mainframes and all that. And if you understand the history of it, you make more sense to the current market. You have to know where people came from and the baggage they're carrying, 'cause they're still carrying a lot of that baggage. Now, when it comes to the Cloud Service providers, they're more an accommodation from the identity standpoint. Let's make it easy inside of AWS to let you single sign on to anything in the Cloud that they have, right? Let's also introduce an additional MFA capability to keep people safer whenever we can and provide people with tools, to get into those applications somewhat easily, while leveraging identities that may live somewhere else. So there's a whole lot of the world that is still active, directory-centric, right? There's another portion of companies that were born in the Cloud that were able to jump on things like Okta and some of the other providers of these universal identities in the Cloud. So, like I said, if you understand where people came from in the beginning, you start to say, "Yeah, this makes sense." >> It's interesting you talk about mainframe. I always think about Rack F, you know. And I say, "Okay, who did what, when, where?" And you hear about a lot of those themes. So what's the best practice for MFA, that's non-SMS-based? Is it you got to wear something around your neck, is it to have sort of a third party authenticator? What are people doing that you guys would recommend? >> Yeah, one quick comment about adoption of MFA. If you ask different suppliers, what percent of your base that does SSO also does MFA, one of the biggest suppliers out there, Microsoft will tell you it's under 25%. That's pretty shocking. All the messaging that's come out about it. So another big player in the market was called Duo, Cisco bought them. >> Yep. >> And because they provide networks, a lot of people buy their MFA. They have probably the most prevalent type of MFA, it's called Push. And Push can be a red X and a green check mark to your phone, it can be a QR code, somewhere, it can be an email push as well. So that is the next easiest thing to adopt after SMS. And as you know, SMS has been denigrated by NIST and others saying, it's susceptible to man and middle attacks. It's built on a telephony protocol called SS7. Predates anything, there's no certification either side. The other real dynamic and identity is the whole adoption of PKI infrastructure. As you know, certificates are used for all kinds of things, network sessions, data encryption, well, identity increasingly. And a lot of the consumers and especially the work from anywhere, people these days have access through smart devices. And what you can do there, is you can have an agent on that smart device, generate your private key and then push out a public key and so the private key never leaves your device. That's one of the most secure ways to- >> So if our SIM card gets hacked, you're not going to be as vulnerable? >> Yeah, well, the SIM card is another challenge associated with the older ways, but yeah. >> So what do you guys think about the open source connection and they mentioned it up top. Don't bolt on security, implying shift left, which is embedding it in like sneak companies, like sneak do that. Very container oriented, a lot of Kubernetes kind of Cloud native services. So I want to get your reaction to that. And then also this reasoning angle they brought up. Kind of a higher level AI reasoning decisions. So open source, and this notion of AI reasoning. or AI reason. >> And you see more open source discussion happening, so you have your building maintaining and vetting of the upstream open source code, which is critical. And so I think AWS talking about that today, they're certainly hitting on a nerve, as you know, open source continues to proliferate. Around the automated reasoning, I think that makes sense. You want to provide guide rails and you want to provide roadmaps and you want to have sort of that guidance as to, okay, what's a correlation analysis of different tools and products? And so I think that's going to go over really well, yeah. >> One of the other key points about open source is, everybody's in a multi-cloud world, right? >> Yeah. >> And so they're worried about vendor lock in. They want an open source code base, so that they don't experience that. >> Yeah, and they can move the code around, and make sure it works well on each system. Dave and I were just talking about some of the dynamics around data control planes. So they mentioned encrypt everything which is great and I message by the way, I love that one. But oh, and he mentioned data at rest. I'm like, "What about data in flight? "Didn't hear that one." So one of the things we're seeing with SuperCloud, and now multi-cloud kind of as destinations of that, is that in digital transformation, customers are leaning into owning their data flows. >> Yeah. >> Independent of say the control plane aspects of what could come in. This is huge implications for security, where sharing data is huge, even Schmidt on stage said, we have billions and billions of things happening that we see things that no one else sees. So that implies, they're sharing- >> Quad trillion. >> Trillion, 15 zeros. (Jay laughs) >> 15 zeros. >> So that implies they're sharing that or using that pushing that into something. So sharing is huge with cyber security. So that implies open data, data flows. How do you guys see this evolving? I know it's kind of emerging, but it's becoming a nuanced point, that's critical to the architecture. >> Well, yeah, I think another way to look at that is the sharing of intelligence and some of the recent directives, from the executive branch, making it easier for private companies to share data and intelligence, which I think strengthens the cyber community overall. >> Depending upon the supplier, it's either an aggregate level of intelligence that has been anonymized or it's specific intelligence for your environment that everybody's got a threat feed, maybe two or three, right? (John laughs) But back to the encryption point, I mean, I was working for an encryption startup for a little while after I left IBM, and the thing is that people are scared of it. They're scared of key management and rotation. And so when you provide- >> Because they might lose the key. >> Exactly. >> Yeah. >> It's like shooting yourself in the foot, right? So that's when you have things like, KMS services from Amazon and stuff that really help out a lot. And help people understand, okay, I'm not alone in this. >> Yeah, crypto owners- >> They call that hybrid, the hybrid key, they don't know how they call the data, they call it the hybrid. What was that? >> Key management service? >> The hybrid- >> Oh, hybrid HSM, correct? >> Yeah, what is that? What is that? I didn't get that. I didn't understand what he meant by the hybrid post quantum key agreement. >> Hybrid post quantum key exchange. >> AWS never made a product name that didn't have four words in it. (John laughs) >> But he did reference the new NIST algos. And I think I inferred that they were quantum proof or they claim to be, and AWS was testing those. >> Correct, yeah. >> So that was kind of interesting, but I want to come back to identity for a second. So, this idea of bringing traditional IAM and Privileged Access Management together, is that a pipe dream, is that something that is actually going to happen? What's the timeframe, what's your take on that? >> So, there are aspects of privilege in every sort of identity. Back when it was only the back office that used computers for calculations, right? Then you were able to control how many people had access. There were two types of users, admins and users. These days, everybody has some aspect of- >> It's a real spectrum, really. >> Yeah. >> Granular. >> You got the C-suite, the finance people, the DevOps people, even partners and whatever. They all need some sort of privileged access, and the term you hear so much is least-privileged access, right? Shut it down, control it. So, in some of my research, I've been saying that vendors who are in the PAM space, Privilege Access Management space, will probably be growing their suites, playing a bigger role, building out a stack, because they have the expertise and the perspective that says, "We should control this better." How do we do that, right? And we've been seeing that recently. >> Is that a combination of old kind of antiquated systems meets for proprietary hyper scale, or kind of like build your own? 'Cause I mean, Amazon, these guys, Facebook, they all build their own stuff. >> Yes, they do. >> Then enterprises buy services from general purpose identity management systems. >> So as we were talking about knowing the past and whatever, Privileged Access Management used to be about compliance reporting. Just making sure that I knew who accessed what? And could prove it, so I didn't fail at all. >> It wasn't a critical infrastructure item. >> No, and now these days, what it's transitioning into, is much more risk management, okay. I know what our risk is, I'm ahead of it. And the other thing in the PAM space, was really session monitor. Everybody wanted to watch every keystroke, every screen's scrape, all that kind of stuff. A lot of the new Privileged Access Management, doesn't really require that. It's a nice to have feature. You kind of need it on the list, but is anybody really going to implement it? That's the question, right. And then if you do all that session monitoring, does anybody ever go back and look at it? There's only so many hours in the day. >> How about passwordless access? (Jay laughs) I've heard people talk about that. I mean, that's as a user, I can't wait but- >> Well, it's somewhere we want to all go. We all want identity security to just disappear and be recognized when we log in. So the thing with passwordless is, there's always a password somewhere. And it's usually part of a registration action. I'm going to register my device with a username password, and then beyond that I can use my biometrics, right? I want to register my device and get a private key, that I can put in my enclave, and I'll use that in the future. Maybe it's got to touch ID, maybe it doesn't, right? So even though there's been a lot of progress made, it's not quote, unquote, truly passwordless. There's a group, industry standards group called Fido. Which is Fast Identity Online. And what they realized was, these whole registration passwords, that's really a single point of failure. 'Cause if I can't recover my device, I'm in trouble. So they just did new extension to sort of what they were doing, which provides you with much more of like an iCloud vault that you can register that device in and other devices associated with that same identity. >> Get you to it if you have to. >> Exactly. >> I'm all over the place here, but I want to ask about ransomware. It may not be your wheelhouse. But back in the day, Jay, remember you used to cover tape. All the backup guys now are talking about ransomware. AWS mentioned it today and they showed a bunch of best practices and things you can do. Air gaps wasn't one of them. I was really surprised 'cause that's all every anybody ever talks about is air gaps and a lot of times that air gap could be a guess to the Cloud, I guess, I'm not sure. What are you guys seeing on ransomware apps? >> We've done a lot of great research around ransomware as a service and ransomware, and we just had some data come out recently, that I think in terms of spending and spend, and as a result of the Ukraine-Russia war, that ransomware assessments rate number one. And so it's something that we encourage, when we talk to vendors and in our services, in our publications that we write about taking advantage of those free strategic ransomware assessments, vulnerability assessments, as well and then security and training ranked very highly as well. So, we want to make sure that all of these areas are being funded well to try and stay ahead of the curve. >> Yeah, I was surprised to not see air gaps on the list, that's all everybody talks about. >> Well, the old model for air gaping in the land days, the novel days, you took your tapes home and put them in the sock drawer. (all laughing) >> Well, it's a form of air gap. (all laughing) >> Security and no one's going to go there and clean out. >> And then the internet came around and ruined it. >> Guys, final question we want to ask you, guys, we kind of zoom out, great commentary by the way. Appreciate it. We've seen this in many markets, a collection of tools emerge and then there's its tool sprawl. So cyber we're seeing the trend now where mon goes up on stage of all the ecosystems, probably other vendors doing the same thing where they're organizing a platform on top of AWS to be this super platform, for super Cloud capability by building a more platform thing. So we're saying there's a platform war going on, 'cause customers don't want the complexity. I got a tool but it's actually making it more complex if I buy the other tool. So the tool sprawl becomes a problem. How do you guys see this? Do you guys see this platform emerging? I mean tools won't go away, but they have to be easier. >> Yeah, we do see a consolidation of functionality and services. And we've been seeing that, I think through a 2020 Cloud security survey that we released that was definitely a trend. And that certainly happened for many companies over the last six to 24 months, I would say. And then platformization absolutely is something we talk and write about all the time so... >> Couple of years ago, I called the Amazon tool set an erector set because it really required assembly. And you see the emphasis on training here too, right? You definitely need to go to AWS University to be competent. >> It wasn't Lego blocks yet. >> No. >> It was erector set. >> Yeah. >> Very good distinction. >> Loose. >> And you lose a few. (chuckles) >> But still too many tools, right? You see, we need more consolidation. It's getting interesting because a lot of these companies have runway and you look at sale point at stock prices held up 'cause of the Thoma Bravo acquisition, but all the rest of the cyber stocks have been crushed especially the high flyers, like a Sentinel-1 one or a CrowdStrike, but just still M and A opportunity. >> So platform wars. Okay, final thoughts. What do you, think is happening next? What's your outlook for the next year or so? >> So, in the identity space, I'll talk about, Philip can cover Cloud for us. It really is more consolidation and more adoption of things that are beyond simple SSO. It was, just getting on the systems and now we really need to control what you're able to get to and who you are. And do it as transparently as we possibly can, because otherwise, people are going to lose productivity. They're not going to be able to get to what they want. And that's what causes the C-suite to say, "Wait a minute," DevOps, they want to update the product every day. Make it better. Can they do that or did security get in the way? People, every once in a while call security, the Department of No, right? >> They ditch it on stage. They want to be the Department of Yes. >> Exactly. >> Yeah. >> And the department that creates additional value. If you look at what's going on with B2C or CIAM, consumer oriented identity, that is all about opening up new direct channels and treating people like their old friends, not like you don't know them, you have to challenge them. >> We always say, you want to be in the boat together, it sinks or not. >> Yeah. Exactly. >> Philip I'm glad- >> Okay, what's your take? What's your outlook for the year? >> Yeah, I think, something that we've been seeing as consolidation and integration, and so companies looking at from built time to run time, investing in shift left infrastructure is code. And then also in the runtime detection, makes perfect sense to have both the agent and agent lists so that you're covering any of the gaps that might exist. >> Awesome, Jay Phillip, thanks for coming on "theCUBE" with IDC and sharing your- >> Oh, our pleasure- >> Perspective, commentary and insights and outlook. Appreciate it. >> You bet. >> Thank you. >> Okay, we've got the great direction here from IDC analyst here on the queue. I'm John Furrier, Dave Vellante. Be back more after this short break. (bright upbeat music)

>>Okay, welcome back everyone. Cube's coverage here in Boston, Massachusetts, AWS reinforced 22, the security conference. It's ADOS big security conference. Of course, the cubes here, all the reinvent res re Mars reinforce. We cover 'em all now and the summits. I'm John. Very my host, Dave ante have IDC weighing in here with their analysis. We've got some great guests here, Jay Brisbane, research VP at IDC and Philip who research managed for cloud security. Gentlemen, thanks for coming on. Thank you. Appreciate it. Great >>To, to be here. I appreciate the got the full >>Circle, right? Just, security's more interesting >>Than storage. Isn't it? >>Dave, Dave and Jay worked together. This is a, a great segment. I'm psyched that you guys are here. We had Crawford and Matt Eastwood on at HPE discover a while back and really the, the, the data you guys are getting and the insights are fantastic. So congratulations to IDC. You guys doing great work. We appreciate your time. I wanna get your reaction to the event and the keynotes. AWS has got some posture and they're very aggressive on some tones. Some things that they didn't, we didn't hear. What's your reaction to the keynote, share your, your assessment. >>So, you know, I managed two different research services at IDC right now. They are both cloud security and identity and, and digital security. Right. And what was really interesting is the intersection between the two this morning, because every one of those speakers that came on had something to say about identity or least privileged access, or, you know, enable MFA, or make sure that you, you know, control who gets access to what and deny explicitly. Right? And it's always been a challenge a little bit in the identity world because a lot of people don't use MFA. And in RSA, that was another big theme at the RSA conference, right? MFA everywhere. Why don't they use it because it introduces friction and all of a sudden people can't get their jobs done. Right. And the whole point of a network is letting people on to get that data they want to get to. So that was kind of interesting, but, you know, as we have in the industry, this shared responsibility model for cloud computing, we've got shared responsibility for between Philip and I, I have done in the ke past more security of the cloud and Philip is more security in the cloud, >>So yeah. And it's, and now with cloud operation, super cloud, as we call it, you have on premises, private cloud coming back, or hasn't really gone anywhere, all that on premises, cloud operations, public cloud, and now edge exploding with new requirements. Yeah. It's really an ops challenge right now. Not so much dev. So the sick and op side is hot right now. >>Yeah. Well, we've made this move from monolithic to microservices based applications. And so during the keynote this morning, the announcement around the guard duty malware protection component, and that being built into the pricing of current guard duty, I thought was, was really key. And there was also a lot of talk about partnering in security certifications. Yeah. Which is also so very important. So we're seeing this move towards filling in that talent gap, which I think we're all aware of in the security industry. >>So Jake square, the circle for me. So Kirk, Coel talked about Amazon AWS identity, where does AWS leave off and, and companies like Okta or ping identity or crock pickup, how are they working together? Does it just create more confusion and more tools for customers? We, we have, we know the over word overused word of seamless. Yeah. Yeah. It's never seamless. So how should we think about that? >>So, you know, identity has been around for 35 years or something like that started with the mainframes and all that. And if you understand the history of it, you make more sense to the current market. You have to know where people came from and the baggage they're carrying, cuz they're still carrying a lot of that baggage. Now, when it comes to the cloud service providers, they're more an accommodation from the identity standpoint, let's make it easy inside of AWS to let you single sign on to anything in the cloud that they have. Right. Let's also introduce an additional MFA capability to keep people safer whenever we can and, you know, provide people the tools to, to get into those applications somewhat easily, right. While leveraging identities that may live somewhere else. So, you know, there's a whole lot of the world that is still active directory centric, right? There's another portion of companies that were born in the cloud that were able to jump on things like Okta and some of the other providers of these universal identities in the cloud. So, you know, like I said, you, if you understand where people came from in the beginning, you start to, to say, yeah, this makes sense. >>It's, it's interesting. You talk about mainframe. I, I always think about rack F you know, and I say, okay, who did what, when, where, yeah. And you hear about a lot of those themes. What, so what's the best practice for MFA? That's, that's non SMS based. Is it, you gotta wear something around your neck, is it to have sort of a third party authenticator? What are people doing that is that, that, that you guys would recommend? >>Yeah. One quick comment about adoption of MFA. You know, if you ask different suppliers, what percent of your base that does SSO also does MFA one of the biggest suppliers out there Microsoft will tell you it's under 25%. That's pretty shocking. Right? All the messaging that's come out about it. So another big player in the market was called duo. Cisco bought them. Yep. Right. And because they provide networks, a lot of people buy their MFA. They have probably the most prevalent type of MFA it's called push. Right. And push can be, you know, a red X and a green check mark to your phone. It can be a QR code, you know, somewhere, it can be an email push as well. So that is the next easiest thing to adopt after SMS. And as you know, SMS has been denigrated by N and others saying, you know, it's susceptible to man and middle attacks. >>It's built on a telephony protocol called SS seven. Yep. You know, predates anything. There's no certification, either side. The other real dynamic and identity is the whole adoption of PKI infrastructure. As you know, certificates are used for all kinds of things, network sessions, data encryption, well identity increasingly, and a lot of the, you know, consumers and especially the work from anywhere, people these days have access through smart devices. Right. And what you can do there is you can have an agent on that smart device, generate your private key and then push out a public key. And so the private key never leaves your device. That's one of the most secure ways to, so if your >>SIM card gets hacked, you're not gonna be as at vulnerable >>Or as vulnerable. Well, the SIM card is another, you know, challenge associated with the, the older waste. But yeah. Yeah. >>So what do you guys think about the open source connection and, and they, they mentioned it up top don't bolt on security implying shift left, which is embedding it in like sneak companies, like sneak do that, right. Container oriented, a lot of Kubernetes kind of cloud native services. So I wanna get your reaction to that. And then also this reasoning angle, they brought up kind of a higher level AI reasoning decisions. So open source and this notion of AI reasoning >>Automation. Yeah. And, and you see more open source discussion happening, right. So you, you know, you have your building maintaining and vetting of the upstream open source code, which is critical. And so I think AWS talking about that today, they're certainly hitting on a nerve as, you know, open source continues to proliferate around the automated reasoning. I think that makes sense. You know, you want to provide guiderails and you want to provide roadmaps and you wanna have sort of that guidance as to okay. What's the, you know, a correlation analysis of different tools and products. And so I think that's gonna go over really well. >>Yeah. One of the other, you know, key points of what open source is, everybody's in a multi-cloud world, right? Yeah. And so they're worried about vendor lockin, they want an open source code base so that they don't experience that. >>Yeah. And they can move the code around and make sure it works well on each system. Dave and I were just talking about some of the dynamics around data control planes. So yeah. They mentioned encrypt everything, which is great. And I message, by the way, I love that one, but oh. And he mentioned data at rest. I'm like, what about data in flight? Didn't hear that one. So one of the things we're seeing with super cloud, and now multi-cloud kind of, as destinations of that, is that in digital transformation, customers are leaning into owning their data flows. >>Yeah. >>Independent of say the control plane aspects of what could come in. This is huge implications for security, where sharing data is huge. Even Schmidt on Steve said we have billions and billions of things happening that we see things that no one else else sees. So that implies, they're >>Sharing quad trillion, >>Trillion, 15 zeros trillion. Yeah. 15 >>Zeros, 15 zeros. Yeah. >>So that implies, they're sharing that or using that, pushing that into something. So sharing's huge with cyber security. So that implies open data, data flows. What do, how do you guys see this evolving? I know it's kind of emerging, but it's becoming a, a nuanced point that's critical to the architecture. >>Well, I, yeah, I think another way to look at that is the sharing of intelligence and some of the recent directives, you know, from the executive branch, making it easier for private companies to share data and intelligence, which I think strengthens the cyber community overall, >>Depending upon the supplier. Right? Yeah. It's either an aggregate level of intelligence that has been, you know, anonymized or it's specific intelligence for your environment that, you know, everybody's got a threat feed, maybe two or three, right. Yeah. But back to the encryption point, I mean, I was working for an encryption startup for a little while. Right after I left IBM. And the thing is that people are scared of it. Right. They're scared of key management and rotation. And so when you provide, >>Because they might lose the key. >>Exactly. Yeah. It's like shooting yourself in the foot. Right. So that's when you have things like, you know, KMS services from Amazon and stuff, they really help out a lot and help people understand, okay, I'm not alone in this. >>Yeah. Crypto >>Owners, they call that hybrid, the hybrid key, they call the, what they call the, today. They call it the hybrid. >>What was that? The management service. Yeah. The hybrid. So hybrid HSM, correct. >>Yeah. What is that? What is that? I didn't, I didn't get that. I didn't understand what he meant by the hybrid post hybrid, post quantum key agreement. Right. That still notes >>Hybrid, post quantum key exchange, >>You know, AWS never made a product name that didn't have four words in it, >>But he did, but he did reference the, the new N algos. And I think I inferred that they were quantum proof or the claim it be. Yeah. And AWS was testing those. Correct. >>Yeah. >>So that was kind of interesting, but I wanna come back to identity for a second. Okay. So, so this idea of bringing traditional IAM and, and privilege access management together, is that a pipe dream, is that something that is actually gonna happen? What's the timeframe, what's your take on that? >>So, you know, there are aspects of privilege in every sort of identity back when, you know, it was only the back office that used computers for calculations, right? Then you were able to control how many people had access. There were two types of users, admins, and users, right? These days, everybody has some aspect of, >>It's a real spectrum, really >>Granular. You got the, you know, the C suite, the finance people, the DevOps, people, you know, even partners and whatever, they all need some sort of privileged access. And the, the term you hear so much is least privileged access. Right? Shut it down, control it. So, you know, in some of my research, I've been saying that vendors who are in the Pam space privilege access management space will probably be growing their suites, playing a bigger role, building out a stack because they have, you know, the, the expertise and the, and the perspective that says we should control this better. How do we do that? Right. And we've been seeing that recently, >>Is that a combination of old kind of antiquated systems meets for proprietary hyperscale or kind of like build your own? Cause I mean, Amazon, these guys, they Facebook, they all build their own stuff. >>Yes. They >>Do enterprises buy services from general purpose identity management systems. >>So as we were talking about, you know, knowing the past and whatever privileged access management used to be about compliance reporting. Yeah. Right. Just making sure that I knew who accessed what and could prove it. So I didn't fail in art. It wasn't >>A critical infrastructure item. >>No. And now these days, what it's transitioning into is much more risk management. Okay. I know what our risk is. I'm ahead of it. And the other thing in the Pam space was really session monitor. Right. Everybody wanted to watch every keystroke, every screen's scrape, all that kind of stuff. A lot of the new privilege access Mon management doesn't really require that it's nice to have feature. You kind of need it on the list, but is anybody really gonna implement it? That's the question. Right. And then, you know, if, if you do all that session monitor, does anybody ever go back and look at it? There's only so many hours in the day. >>How about passwordless access? You know? Right. I've heard people talk about that. Yeah. I mean, that's as a user, I can't wait, but >>It's somewhere we want to all go. Yeah. Right. We all want identity security to just disappear and be recognized when we log in. So the, the thing with password list is there's always a password somewhere and it's usually part of a registration, you know, action. I'm gonna register my device with a username password. And then beyond that, I can use my biometrics. Right. I wanna register my device and get a private key that I can put in my enclave. And I'll use that in the future. Maybe it's gotta touch ID. Maybe it doesn't. Right. So even though there's been a lot of progress made, it's not quote unquote, truly passwordless, there's a group industry standards group called Fido. Right. Which is fast identity online. And what they realized was these whole registration passwords. That's really a single point of failure. Cuz if I can't recover my device, I'm in trouble. Yeah. So they just did a, a new extension to sort of what they were doing, which provides you with much more of a, like an iCloud vault, right. That you can register that device in and other devices associated with that same iPad that you can >>Get you to it. If you >>Have to. Exactly. I had >>Another have all over the place here, but I, I want to ask about ransomware. It may not be your wheelhouse. Yeah. But back in the day, Jay, remember you used to cover tape. All the, all the backup guys now are talking about ransomware. AWS mentioned it today and they showed a bunch of best practices and things you can do air gaps. Wasn't one, one of 'em. Right. I was really surprised cuz that's all, every anybody ever talks about is air gaps. And a lot of times that air gaps that air gap could be a guess to the cloud. I guess I'm not sure. What are you guys seeing on ransomware >>Apps? You know, we've done a lot of great research around ransomware as a service and ransomware and, and you know, we just had some data come out recently that I think in terms of spending and, and spend and in as a result of the Ukraine, Russia war, that ransomware assessments rate number one. And so it's something that we encourage, you know, when we talk to vendors and in our services, in our publications that we write about taking advantage of those free strategic ransomware assessments, vulnerability assessments, right. As well, and then security and training ranked very highly as well. So we wanna make sure that all of these areas are being funded well to try and stay ahead of the curve. >>Yeah. I was surprised that not the air gaps on the list, that's all everybody >>Talks about. Well, you know, the, the old model for air gaping in the, the land days, the Noel days, you took your tapes home and put 'em in the sock drawer. >>Well, it's a form of air gap security and no one's gonna go there >>Clean. And then the internet came around >>Guys. Final question. I want to ask you guys, we kind zoom out. Great, great commentary by the way. Appreciate it. As the, we've seen this in many markets, a collection of tools emerge and then there's it's tool sprawl. Oh yeah. Right? Yeah. So cyber we're seeing trend now where Mon goes up on stage of all the E probably other vendors doing the same thing where they're organizing a platform on top of AWS to be this super platform. If you super cloud ability by building more platform thing. So we're saying there's a platform war going on, cuz customers don't want the complexity. Yeah. I got a tool, but it's actually making it more complex if I buy the other tool. So the tool sprawl becomes a problem. How do you guys see this? Do you guys see this platform emerging? I mean, tools won't go away, but they have to be >>Easier. Yeah. We do see a, a consolidation of functionality and services. And we've been seeing that, I think through a 20, 20 flat security survey that we released, that that was definitely a trend. And you know, that certainly happened for many companies over the last six to 24 months, I would say. And then platformization absolutely is something we talk 'em right. About all the time. So >>More M and a couple of years ago, I called the, the Amazon tool set in rector set. Yeah. Because it really required assembly. Yeah. And you see the emphasis on training here too, right? Yeah. You definitely need to go to AWS university to be competent. It >>Wasn't Lego blocks yet. No, it was a rector set. Very good distinction rules, you know, and, and you lose a few. It's >>True. Still too many tools. Right. You see, we need more consolidation. That's getting interesting because a lot of these companies have runway and you look, you look at sale point, its stock prices held up cuz of the Toma Bravo acquisition, but all the rest of the cyber stocks have been crushed. Yeah. You know, especially the high flyers, like a Senti, a one or a crowd strike, but yeah, just still M and a opportunity >>Itself. So platform wars. Okay. Final thoughts. What do you thinks happening next? What's what's your outlook for the, the next year or so? >>So in the, in the identity space, I'll talk about Phillip can cover cloud force. You know, it really is more consolidation and more adoption of things that are beyond simple SSO, right. It was, you know, just getting on the systems and now we really need to control what you're able to get to and who you are and do it as transparently as we possibly can because otherwise, you know, people are gonna lose productivity, right. They're not gonna be able to get to what they want. And that's what causes the C-suite to say, wait a minute, you know, DevOps, they want to update the product every day. Right. Make it better. Can they do that? Or did security get in the way people every once in a while I'll call security, the department of no, right? Yeah. Well, >>Yeah. They did it on stage. Yeah. They wanna be the department of yes, >>Exactly. And the department that creates additional value. If you look at what's going on with B to C or C IAM, consumer identity, that is all about opening up new direct channels and treating people like, you know, they're old friends, right. Not like you don't know 'em you have to challenge >>'em we always say you wanna be in the boat together. It sinks or not. Yeah. Right. Exactly. >>Phillip, >>Okay. What's your take? What's your outlook for the year? >>Yeah. I think, you know, something that we've been seeing as consolidation and integration, and so, you know, companies looking at from built time to run time investing in shift left infrastructure is code. And then also in the runtime detection makes perfect sense to have both the agent and agentless so that you're covering any of the gaps that might exist. >>Awesome. Jerry, Phillip, thanks for coming on the queue with IDC and sharing >>Your oh our pleasure perspective. >>Commentary, have any insights and outlook. Appreciate it. You bet. Thank you. Okay. We've got the great direction here from IDC analyst here on the queue. I'm John for a Dave, we're back more after this shirt break.

>> From our studios, in the heart of Silicon Valley, Palo Alto, California, this is a CUBE Conversation. >> Welcome to this CUBE Conversation here in Palo Alto, California. I'm John Furrier, host of theCUBE. We are here with Arpit Joshipura, GM of Networking, Edge, IoT for the Linux Foundation. Arpit, great to see you again, welcome back to theCUBE, thanks for joining us. >> Thank you, thank you. Happy to be here. >> So obviously, we love the Linux Foundation. We've been following all the events; we've chatted in the past about networking. Computer storage and networking just doesn't seem to go away with cloud and on-premise hybrid cloud, multicloud, but open-source software continues to surpass expectations, growth, geographies outside the United States and North America, just overall, just greatness in software. Everything's an abstraction layer now; you've got Kubernetes, Cloud Native- so many good things going on with software, so congratulations. >> Well thank you. No, I think we're excited too. >> So you guys got a big event coming up in China: OSS, Open Source Summit, plus KubeCon. >> Yep. >> A lot of exciting things, I want to talk about that in a second. But I want to get your take on a couple key things. Edge and IoT, deep learning and AI, and networking. I want to kind of drill down with you. Tell us what's the updates on the projects around Linux Foundation. >> Okay. >> The exciting ones. I mean, we know Cloud Native CNCF is going to take up more logos, more members, keeps growing. >> Yep. >> Cloud Native clearly has a lot of opportunity. But the classic in the set, certainly, networking and computer storage is still kicking butt. >> Yeah. So, let me start off by Edge. And the fundamental assumption here is that what happened in the cloud and core is going to move to the Edge. And it's going to be 50, 100, 200 times larger in terms of opportunity, applications, spending, et cetera. And so what LF did was we announced a very exciting project called Linux Foundation Edge, as an umbrella, earlier in January. And it was announced with over 60 founding members, right. It's the largest founding member announcement we've had in quite some time. And the reason for that is very simple- the project aims at unifying the fragmented edge in IoT markets. So today, edge is completely fragmented. If you talk to clouds, they have a view of edge. Azure, Amazon, Baidu, Tencent, you name it. If you talk to the enterprise, they have a view of what edge needs to be. If you talk to the telcos, they are bringing the telecom stack close to the edge. And then if you talk to the IoT vendors, they have a perception of edge. So each of them are solving the edge problems differently. What LF Edge is doing, is it is unifying a framework and set of frameworks, that allow you to create a common life cycle management framework for edge computing. >> Yeah. >> Now the best part of it is, it's built on five exciting technologies. So people ask, "You know, why now?" So, there are five technologies that are converging at the same time. 5G, low latency. NFV, network function virtualization, so on demand. AI, so predictive analytics for machine learning. Container and microservices app development, so you can really write apps really fast. And then, hardware development: TPU, GPU, NPU. Lots of exciting different size and shapes. All five converging; put it close to the apps, and you have a whole new market. >> This is, first of all, complicated in the sense of... cluttered, fragmented, shifting grounds, so it's an opportunity. >> It's an opportunity. >> So, I get that- fragmented, you've got the clouds, you've got the enterprises, and you've got the telcos all doing their own thing. >> Yep. >> So, multiple technologies exploding. 5G, Wi-Fi 6, a bunch of other things you laid out, >> Mhmm. >> all happening. But also, you have all those suppliers, right? >> Yes. >> And, so you have different manufacturers-- >> And different layers. >> So it's multiple dimensions to the complexity. >> Correct, correct. >> What are you guys seeing, in terms of, as a solution, what's motivating the founding members; when you say unifying, what specifically does that mean? >> What that means is, the entire ecosystem from those markets are coming together to solve common problems. And I always sort of joke around, but it's true- the common problems are really the plumbing, right? It's the common life cycle management, how do you start, stop, boot, load, log, you know, things like that. How do you abstract? Now in the Edge, you've 400, 500 interfaces that comes into an IoT or an edge device. You know, Zigbee, Bluetooth, you've got protocols like M2T; things that are legacy and new. Then you have connectivity to the clouds. Devices of various forms and shapes. So there's a lot of end by end problems, as we call it. So, the cloud players. So for LF Edge for example, Tencent and Baidu and the cloud leaders are coming together and saying, "Let's solve it once." The industrial IoT player, like Dynamic, OSIsoft, they're coming in saying, "Let's solve it once." The telcos- AT&T, NTT, they're saying "Let's solve it once. And let's solve this problem in open-source. Because we all don't need to do it, and we'll differentiate on top." And then of course, the classic system vendors that support these markets are all joining hands. >> Talk about the business pressure real quick. I know, you look at, say, Alibaba for instance, and the folks you mentioned, Tencent, in China. They're perfecting the edge. You've got videos at the edge; all kinds of edge devices; people. >> Correct. >> So there's business pressures, as well. >> The business pressure is very simple. The innovation has to speed up. The cost has to go down. And new apps are coming up, so extra revenue, right? So because of these five technologies I mentioned, you've got the top killer apps in edge are anything that is, kind of, video but not YouTube. So, anything that the video comes from 360 venues, or drones, things like that. Plus, anything that moves, but that's not a phone. So things like connected cars, vehicles. All of those are edge applications. So in LF Edge, we are defining edge as an application that requires 20 milliseconds or less latency. >> I can't wait for someone to define- software define- "edge". Or, it probably is defined. A great example- I interviewed an R&D engineer at VMware yesterday in San Francisco, it was at the RADIO event- and we were just riffing on 5G, and talking about software at the edge. And one of the advances >> Yes. >> that's coming is splicing the frequency so that you can put software in the radios at the antennas, >> Correct. Yeah. >> so you can essentially provision, in real time. >> Correct, and that's a telco use case, >> Yeah. >> so our projects at the LF Edge are EdgeX Foundry, Akraino, Edge Virtualization Engine, Open Glossary, Home Edge. There's five and growing. And all of these software projects can allow you to put edge blueprints. And blueprints are really reference solutions for smart cities, manufacturing, telcos, industrial gateways, et cetera et cetera. So, lots of-- >> It's kind of your fertile ground for entrepreneurship, too, if you think about it, >> Correct; startups are huge. >> because, just the radio software that splices the radio spectrum is going to potentially maybe enable a service provider market, and towers, right? >> Correct, correct. >> Own my own land, I can own the tower and rent it out, one radio. >> Yep. >> So, business model innovations also an opportunity, >> It's a huge-- >> not just the business pressure to have an edge, but-- >> Correct. So technology, business, and market pressures. All three are colliding. >> Yeah, perfect storm. >> So edge is very exciting for us, and we had some new announcements come out in May, and more exciting news to come out in June, as well. >> And so, going back to Linux Foundation. If I want to learn more. >> LFEdge.org. >> That's kind of the CNCF of edge, if you will, right? Kind of thing. >> Yeah. It's an umbrella with all the projects, and that's equivalent to the CNCF, right. >> Yeah. >> And of course it's a huge group. >> So it's kind of momentum. 64 founding members-- >> Huge momentum. Yeah, now we are at 70 founding members, and growing. >> And how long has it been around? >> The umbrella has been around for about five months; some of the projects have been around for a couple of years, as they incubate. >> Well let us know when the events start kicking in. We'll get theCUBE down there to cover it. >> Absolutely. >> Super exciting. Again, multiple dimensions of innovation. Alright, next topic, one of my favorites, is AI and deep learning. AI's great. If you don't have data you can't really make AI work; deep learning requires data. So this is a data conversation. What's going on in the Linux Foundation around AI and deep learning? >> Yeah. So we have a foundation called LF Deep Learning, as you know. It was launched last year, and since then we have significantly moved it forward by adding more members, and obviously the key here is adding more projects, right. So our goal in the LF Deep Learning Foundation is to bring the community of data scientists, researchers, entrepreneurs, academia, and users to collaborate. And create frameworks and platforms that don't require a PhD to use. >> So a lot of data ingestion, managing data, so not a lot of coding, >> Platforms. >> more data analyst, and/or applications? >> It's more, I would say, platforms for use, right? >> Yeah. >> So frameworks that you can actually use to get business outcomes. So projects include Acumos, which is a machine learning framework and a marketplace which allows you to, sort of, use a lot of use cases that can be commonly put. And this is across all verticals. But I'll give you a telecom example. For example, there is a use case, which is drones inspecting base stations-- >> Yeah. >> And doing analytics for maintenance. That can be fed into a marketplace, used by other operators worldwide. You don't have to repeat that. And you don't need to understand the details of machine learning algorithms. >> Yeah. >> So we are trying to do that. There are projects that have been contributed from Tencent, Baidu, Uber, et cetera. Angel, Elastic Deep Learning, Pyro. >> Yeah. >> It's a huge investment for us. >> And everybody wins when there's contribution, because data's one of those things where if there's available, it just gets smarter. >> Correct. And if you look at deep learning, and machine learning, right. I mean obviously there's the classic definition; I won't go into that. But from our perspective, we look at data and how you can share the data, and so from an LF perspective, we have something called a CDLA license. So, think of an Apache for data. How do you share data? Because it's a big issue. >> Big deal. >> And we have solved that problem. Then you can say, "Hey, there's all these machine learning algorithms," you know, TensorFlow, and others, right. How can you use it? And have plugins to this framework? Then there's the infrastructure. Where do you run these machine learning? Like if you run it on edge, you can run predictive maintenance before a machine breaks down. If you run it in the core, you can do a lot more, right? So we've done that level of integration. >> So you're treating data like code. You can bring data to the table-- >> And then-- >> Apply some licensing best practices like Apache. >> Yes, and then integrate it with the machine learning, deep learning models, and create platforms and frameworks. Whether it's for cloud services, for sharing across clouds, elastic searching-- >> And Amazon does that in terms of they vertically integrate SageMaker, for instance. >> That's exactly right. >> So it's a similar-- >> And this is the open-source version of it. >> Got it- oh, that's awesome. So, how does someone get involved here, obviously developers are going to love this, but-- >> LF Deep Learning is the place to go, under Linux Foundation, similar to LF Edge, and CNCF. >> So it's not just developers. It's also people who have data, who might want to expose it in. >> Data scientists, databases, algorithmists, machine learning, and obviously, a whole bunch of startups. >> A new kind of developer, data developer. >> Right. Exactly. And a lot of verticals, like the security vertical, telecom vertical, enterprise verticals, finance, et cetera. >> You know, I've always said- you and I talked about this before, and I always rant on theCUBE about this- I believe that there's going to be a data development environment where data is code, kind of like what DevOps did with-- >> It's the new currency, yeah. >> It's the new currency. >> Yeah. Alright, so final area I want to chat with you before we get into the OSS China thing: networking. >> Yeah. >> Near and dear to your heart. >> Near and dear to my-- >> Networking's hot now, because if you bring IoT, edge, AI, networking, you've got to move things around-- >> Move things around, (laughs) right, so-- >> And you still need networking. >> So we're in the second year of the LF Networking journey, and we are really excited at the progress that has happened. So, projects like ONAP, OpenDaylight, Tungsten Fabric, OPNFV, FDio, I mean these are now, I wouldn't say household names, but business enterprise names. And if you've seen, pretty much all the telecom providers- almost 70% of the subscribers covered, enabled by the service providers, are now participating. Vendors are completely behind it. So we are moving into a phase which is really the deployment phase. And we are starting to see, not just PoCs [Proofs of Concept], but real deployments happening, some of the major carriers now. Very excited, you know, Dublin, ONAP's Dublin release is coming up, OPNFV just released the Hunter release. Lots of exciting work in Fido, to sort of connect-- >> Yeah. >> multiple projects together. So, we're looking at it, the big news there is the launch of what's called OVP. It's a compliance and verification program that cuts down the deployment time of a VNF by half. >> You know, it's interesting, Stu and I always talk about this- Stu Miniman, CUBE cohost with me- about networking, you know, virtualization came out and it was like, "Oh networking is going to change." It's actually helped networking. >> It helped networking. >> Now you're seeing programmable networks come out, you see Cisco >> And it's helped. >> doing a lot of things, Juniper as well, and you've got containers in Kubernetes right around the corner, so again, this is not going to change the need, it's going to- It's not going to change >> It's just a-- >> the desire and need of networking, it's going to change what networking is. How do you describe that to people? Someone saying, "Yeah, but tell me what's going on in networking? Virtualization, we got through that wave, now I've got the container, Kubernetes, service mesh wave, how does networking change? >> Yeah, so it's a four step process, right? The first step, as you rightly said, virtualization, moved into VMs. Then came disaggregation, which was enabled by the technology SDN, as we all know. Then came orchestration, which was last year. And that was enabled by projects like ONAP and automation. So now, all of the networks are automated, fully running, self healing, feedback closed control, all that stuff. And networks have to be automated before 5G and IoT and all of these things hit, because you're no longer talking about phones. You're talking about things that get connected, right. So that's where we are today. And that journey continues for another two years, and beyond. But very heavy focused on deployment. And while that's happening, we're looking at the hybrid version of VMs and containers running in the network. How do you make that happen? How do you translate one from the other? So, you know, VNFs, CNFs, everything going at the same time in your network. >> You know what's exciting is with the software abstractions emerging, the hard problems are starting to emerge because as it gets more complicated, end by end problems, as you said, there's a lot of new costs and complexities, for instance, the big conversation at the Edge is, you don't want to move data around. >> No, no. >> So you want to move compute to the edge, >> You can, yeah-- >> But it's still a networking problem, you've still got edge, so edge, AI, deep learning, networking all tied together-- >> They're all tied together, right, and this is where Linux Foundation, by developing these projects, in umbrellas, but then allowing working groups to collaborate between these projects, is a very simple governance mechanism we use. So for example, we have edge working groups in Kubernetes that work with LF Edge. We have Hyperledger syncs that work for telecoms. So LFN and Hyperledger, right? Then we have automotive-grade Linux, that have connected cars working on the edge. Massive collaboration. But, that's how it is. >> Yeah, you connect the dots but you don't, kind of, force any kind of semantic, or syntax >> No. >> into what people can build. >> Each project is autonomous, >> Yeah. >> and independent, but related. >> Yeah, it's smart. You guys have a good view, I'm a big fan of what you guys are doing. Okay, let's talk about the Open Source Summit and KubeCon, happening in China, the week of the 24th of June. >> Correct. >> What's going on, there's a lot of stuff going on beyond Cloud Native and Linux, what are some of the hot areas in China that you guys are going to be talking about? I know you're going over. >> Yeah, so, we're really excited to be there, and this is, again, life beyond Linux and Cloud Native; there's a whole dimension of projects there. Everything from the edge, and the excitement of Iot, cloud edge. We have keynotes from Tencent, and VMware, and all the Chinese- China Mobile and others, that are all focusing on the explosive growth of open-source in China, right. >> Yeah, and they have a lot of use cases; they've been very aggressive on mobility, Netdata, >> Very aggressive on mobility, data, right, and they have been a big contributor to open-source. >> Yeah. >> So all of that is going to happen there. A lot of tracks on AI and deep learning, as a lot more algorithms come out of the Tencents and the Baidus and the Alibabas of the world. So we have tracks there. We have huge tracks on networking, because 5G and implementation of ONAP and network automation is all part of the umbrella. So we're looking at a cross-section of projects in Open Source Summit and KubeCon, all integrated in Shanghai. >> And a lot of use cases are developing, certainly on the edge, in China. >> Correct. >> A lot of cross pollination-- >> Cross pollination. >> A lot of fragmentation has been addressed in China, so they've kind of solved some of those problems. >> Yeah, and I think the good news is, as a global community, which is open-source, whether it's Europe, Asia, China, India, Japan, the developers are coming together very nicely, through a common governance which crosses boundaries. >> Yeah. >> And building on use cases that are relevant to their community. >> And what's great about what you guys have done with Linux Foundation is that you're not taking positions on geographies, because let the clouds do that, because clouds have-- >> Clouds have geographies, >> Clouds, yeah they have agents-- >> Edge may have geography, they have regions. >> But software's software. (laughs) >> Software's software, yeah. (laughs) >> Arpit, thanks for coming in. Great insight, loved talking about networking, the deep learning- congratulations- and obviously the IoT Edge is hot, and-- >> Thank you very much, excited to be here. >> Have a good trip to China. Thanks for coming in. >> Thank you, thank you. >> I'm John Furrier here for CUBE Conversation with the Linux Foundation; big event in China, Open Source Summit, and KubeCon in Shanghai, week of June 24th. It's a CUBE Conversation, thanks for watching.

>> (narrator) Live from Copenhagen Denmark, it's theCUBE covering Kubecon and CloudNativeCon Europe 2018. Brought to you by the Cloud Native Computing Foundation and it's ecosystem partners. >> Hello and welcome to theCUBE. Exclusive coverage of Kubecon 2018 here in Europe. The Linux Foundation, theCUBE's coverage. Again, we're covering Kubecon, Cloud Native Conference, part of the CNCF. I'm John Furrier, host this week here in Europe with Lauren Cooney. Lauren, great to see you. >> Thank you. It's great to be here. >> Cloud, CloudNative is hot, obviously the Cloud Native Compute Foundation, CNCF, part of the Linux Foundation, driving really a pretty incredible growth. >> This is tremendous. >> Onboard and the logos, it's just pretty massive growth in microservices. >> It's just, you're seeing so many interesting things that are actually coming to this show. You know, A there's over 4,000 people here I heard. You know the taxi line was 20 people deep this morning to actually get here for the keynote. And I got to say that, you know, some of the technologies that are coming out are just really tremendous. I mean, we've got some great folks that are going to be coming on the show. Lew Tucker from Cisco and then we've got Tyler Jewell whose going to be talking about a new Cloud Native programming language. I think that's pretty interesting. >> And we've got some great influences as well. We're going to get the commentary. But the big story is, we're in Copenhagen Denmark. Sun's shining. It was raining yesterday but again, great European city. Feels like Amsterdam, got the canals. But the growth in Europe is just, it feels like I'm in North America in just terms of the volume. It's not like a satellite show. Normally in Europe, you see kind of the U.S., North America big tent events and then Europe's kind o' like a sidecar, no pun intended event. But no, it's pretty massive. I mean, you're seeing great developer uptake here in Europe. Cloud is hot. Kubernetes is the talk of the show, >> You know, I, >> SDO among other things. >> Exactly, you know, I think, I've been talking to folks around the conference center and so many of them as actually learning this for the first time and bringing it back to their, you know, large banks or some of their employers, you know, huge European companies that are actually looking to adopt this. And I think it's just phenomenal. >> I was chatting with Abby Kearns last night. I told her I'd give her a quick plug here on theCUBE. She's CEO of Cloud Foundry and we were having a chat. She just did a survey as part of the Cloud Foundry Group that found that outside of our bubble in Silicon Valley and certainly in the influencer sphere, most people have heard of Kubernetes, but actually don't know what it is and kind o' where it's going to be applied. It's one of those things where it's really taken the world by storm, certainly in the classic enterprises but application developers are seeing the goodness of what Kubernetes will do when you look at multiple workloads, workload portability, microservices as the growth of applications become cloudified. >> I think it's >> Kubernetes is key. >> It's key and I think the projects that really are inside of the CNCF are obviously super key as well, like Spyfy, who actually detects kind of workloads and types and you know, does that in an automated way. So, you know, the user doesn't have to figure that out anymore. I think those technologies are really the ones that are going to be you know, changing the landscape of platforms, you know, now and to come. >> Yeah. So Dan Kohn's up on stage, Lew Tucker's up on stage talking about multiclouds from Cisco's perspective. Lauren, you're out there on the streets working with some startups and big companies as they start to transform cloud, what do you see as the key themes of the show, what are the notable highlights for you that you see on the agenda and what are some of the things you're looking for this week in Europe? >> Well, I'm definitely looking to find out really what the news here is. You know, we've got some new projects. We've got some new end users. We've got some awards that are handed out. I really want to get to the root of what's new and what's happening. I think that there are some interesting things that are happening around. You know, we know that growth is explosive in this community. I think that, you know, is very clear. What I don't know is, you know, kind of clear to me yet at least, is really how large CNCF has gotten and how it really going to kind o' fit together and how users are going to take advantage of that entire ecosystem because they're just so many partners now and users. How do you actually pull that together in a way that's going to be workable from, you know, the perspective of a platform? >> To me the big story I like here and certainly what's notable is, and worth talking about is the role Google's playing. If you look at this show, you got some Microsoft here with Azure but really Google's at the centerpiece of this. See Red Hat and all the other industry players are here as well. But Google is driving a lot of open source standards. This is the real kind o', I won't say anti-AWS show but it's kind o' like you got Amazon re:Invent and then you got everybody else. And this is, this show represents to me everybody else because there's a real emphasis on multicloud and workload portability again, not getting a lot into one cloud. Google's pretty upfront about that and they're betting on open source to be that lever to get a good position in the cloud game. >> Well it has to be and I think really what's interesting to is AWS did show up here and they had a, you know, I was actually bouncing between some of the trainings that were going on with Fido, one of the projects and also, you know, what was going on with AWS. They call it their awesome day. And there were a lot of folks attending and a lot of folks interested. So I think it's going to be an interesting game here John. >> Well we have Adrian Cockcroft coming on, obviously, he's with AWS. He's leading the open source efforts for Amazon. And again, not to poke at Amazon but, you know, Amazon is so busy and they announce so much at re:Invent, they're so ahead of the game on cloud, cloud scale, just a number of services that Amazon... (techno music) the cloud has had significant impacts. We covered Amazon's earnings last week, again, at 50% increase. The profit that AWS is throwing off is so notable and so impressive that it really is a bellwhether to me on terms of this cloud transformation. And the key is applications. That is the number one focus we're seeing and how that makes the cloud scale an impact. What are you looking for with applications? What's interesting you, what's interested you there with the applications? >> Any applications that are running from public to, and private across that environment but I want to see multi-public cloud environments as well as on, you know, our private environments too. That to me is interesting. >> Well I want to get your thoughts on another topic that we're going to talk about this week and that is the role of the personnel inside the organization for cloud transformations. So for instance, the role of the admin operators out there, or admins and operators. Certainly at Cisco, DevNet Create that we were recently at, the role of the network manager is moving much more cloud oriented program or infrastructure. But you're seeing Google starting to talk about things like automation is good but yet the role of an operator, they call it at NASA a Site and Reliability Engineer, as the key position for cloud, what's your thought on the personnel equation for cloud within an enterprise within large companies. >> Well the SRE is the new hot role to have, right? I think that there is an increase interest in that audience because they are actually the ones that are troubleshooting a lot of this and looking at a lot of what this strategy is and where to take these things. I think that you know, it's also interesting because as people are looking to aspire to different roles, this is one of the ones that has become more established and is kind of shined upon in the developer world right now. And it's going to be interesting to see if that stays that way or if, you know, they're going to be, you know, what's kind of going to happen there. >> Thoughts on microservices in context, SDO service meshes. Again, last Kubecon we talked about SDO, the service mesh piece of it, with the notion of a modern architecture. How is that playing out in your mind? >> I think it's playing out pretty well. Everyone seems to be on the ciscobus. I also think that, you know, when we talk to Lew Tucker for example, I think we really need to ask him where he sees it going and what's going on with Cisco and the ecosystem at large on that. But everyone is playing and playing nice with those guys. >> I'm interested to get the security update. We're going to have some Google folks on. I want to find out what's new with that and also Google Next is coming up in July, their big cloud show. I'm expecting it be that pretty large event. Google is really going all in on cloud. Certainly, the cloud group within Google's got a lot of investment, a lot of enterprise folks. But the security question in Kubernetes is an interesting one. How to deploy, you know, endpoint security or is it an IOT thing? Is it ship set to operating system to application? I mean this is the open question on Kubernetes is security. >> I don't have a good answer for you there. I think that, you know, that is something we definitely need to dig into as a community and as developers. It's something that, you know, I think is was mentioned in the keynote today and I think we got to continue to to poke at that one. >> Awesome. Well we're here kicking off day one of two days of coverage here at CNCFs Kubecon, John Furrier with Lauren Cooney. Back with more live coverage here in Europe in Denmark. We're in Copenhagen for cube coverage at Kubecon 2018 Europe. (techno music)

>> Hey welcome back everybody, Jeff Frick here with The Cube. We're in downtown San Francisco at LinkedIn's headquarters at Data Privacy Day 2018. Second year we've been at the event, pretty interesting, you know there's a lot of stuff going on in privacy. It kind of follows the security track, gets less attention but with the impending changes in regulation it's getting much more play, much more media. So we're excited to be joined by our next guest. He's Jerrod Chong the Vice President of product at Yubico. Jerrod, welcome. >> Thank you Jeff. So for folks that aren't familiar with Yubico, what are you guys all about? >> We're all about protecting people's identities and privacies and making them the authenticate securely to online accounts. >> So identity, that's so, an increasingly important strategy for security. Don't worry about the wall, can we really figure out who this person is. So how has that been changing over the last couple years? >> Yes there's definitely a lot of things been changing. So we can think of identity as some some companies want to know who you are. But some companies actually are okay with you being anonymous but then they want to still know that is the person that they talk to is still the person. And so what we see in the wall of data is-- >> An anonymous person as opposed to a not-- >> Someone else. We want to make sure the anonymous person is the same anonymous person. >> Oh okay, okay, right. >> And that's important, right? If you can think of like a journalist and you think of they need to talk to the informer so they need to know that this is the real informer. And they don't want to have the fake informer tell them the wrong story. And so they need a way to actually strongly authenticate themselves. And so identity is a very interesting intersection of strong authentication. But at the same time, real identities as well as anonymous identities. And there are actually real life applications for both that can protect citizens, can protect dissidents but also at the same time can help governments do the right things when they know who you are. >> Right, so we're so far behind that I still can't understand why you dial into the customer service person and you put in your account number and they still want to know you're mom's maiden name. And we've told them all a thousand times that can't be much of a secret anymore. And then I read something else that said the ability to use a nine digit social security number and keep that actually private is basically, the chances of doing that are basically zero. So we're well past that stage in terms of some of these more sophisticated systems but we still kind of have regulations that are still asking you to put in your social security number. So what are the ways that you guys are kind of addressing that? And you're kind of taking a novel approach with an open source solution which is pretty cool. >> Yes we've created the open standard which is FIDO U2F standard and we actually co-created this with Google. And one of the key things is that what we call knowledge-base systems are just a thing of the past. Knowledge-base is anything that you try to remember including passwords. And what we call recovery questions. You know, you name the recovery question that you want to put in. >> Right right, your dog, your pet, you know your street. >> And you can get everything online from LinkedIn or Facebook. So why are we doing those systems? And obviously they are, we need to change that. But this open standard that we've created really allows you to physically prove yourself with a physical device. Like, so you want to tell who you are and there are a couple ways you can tell who you are online. You can tell by remembering something, by something that you have, and something that who you are, right? So these are the basics in how you can identify yourself over the wire. And what we've really focused on is the combination of something you have and something you know. But the something you know is not revealed to the world. The something you know is revealed to the device that you have. So it's kind of like your ATM card. You're not going to tell the PIN to the world. Nobody really has you ATM, nobody asks you for the ATM. Even the banks don't know what your ATM is and you can change that and only you know about it. And it's only on the card. And so we take that same concept and make it available for companies to implement these types of authentication systems for their own services. So today Google supports this open standard. Actually today Facebook supports it as well. And SalesForce and hosts of other services. Which means that you can actually authenticate yourself with a device and something you know. And that really allows you as an individual to not have to think about all these different things that you have to remember for every single site because that's what people are doing today. And so the beauty about this protocol as well is that, is what the developer's think, Is that these systems, they don't know that you have the same authenticator. Which is a great thing, so they can't collude and share and then pinpoint it was you. If you took this authenticator you can use it with many different things but all of them don't know that you have what we call the YubiKey. And so this is, the YubiKey that we-- >> So it's like the old RSA key, what we think a lot of people are familiar with. >> What people think, obviously we've, it's way beyond RSA key. >> Right, but it's the same kind of concept, you've got a USB a little device-- >> And that's what you bring with you and that's who you are. And you can strongly authenticate to the servers that you want. And I think that's really the foundation which is people want to take back the way that they authenticate through the systems and they want to own it. And that's really a big difference that we see rather than the banks that you must have this or you must have that and you can only use it with me you can't use it with somebody else. I want to bring my authenticator anywhere. >> So you said Google's using that. I'm a huge Google user, I don't have one of those things. So where's the application? Is that something that I choose because I want to add another layer of protection or is that something that Google says hey Jeff, you're such and such a level of customer user et cetera we think you should take this to the next level. How does that happen? >> So it's actually been available since the end of 2014. It's part of the step up authentication. The latest iteration of the work that Google has done is the Google advanced protection program. Which means that you can enable one of these devices as part of your account. And one of the things they've done is that for those users at risk you can only log in with these devices. Which really restricts-- >> So they define you as a high risk person because of whatever reason. >> And they encourage you, hey please protect yourself with additional security measures. And the old additional security measures used to be like, you know, send me an SMS text. But that's actually pretty broken right now. We've seen it being breached everywhere because of what we call phone hijacking. You know, I pretend to be you and I've got your phone number and you know, now I've got your phone. >> Shoot I thought that was a good one. >> That is known, there's lot video how you can do that. And so this is available now for everyone. Everyone has a gmail account, you can go into your account it says I want step up authentication. They call it two step verification. And then they walk you through the process. And then you get one of these in the mail? >> You actually have to buy these but Google has been providing within different communities, they've been seeding the market, we've been also doing a lot of advocacy work. Many different types, even here today we've distributed a lot of YubiKeys for all of the journalists to use. But in general users will go online to Amazon or something and you would buy one of these devices. >> So then and then once I have that key and I bought into that system is you're saying then I can use that key for not just Google but my Amazon account-- >> Anyone that supports-- >> Anyone that supports that standard? >> Exactly, anybody that supports the standard. And that standard is growing extremely rapidly and it's users, it's big companies using it, developers of sites are using it. So the thing that we created for the world back in 2014 is now being actually accelerated because of all these breaches. They are very relevant to data breaches, identity breaches, and people want to take control. >> Right, I'm just curious, I'm sure you have a point of view, you know why haven't the phone companies implemented more use of the biometric data piece that they have whether, now they're talking about the face recognition or your finger recognition and tied that back to the apps on my phone? I still am befuddled by the lack of that integration. >> There's definitely, there are definitely solutions in that area. And I think, but one of the challenges that just like a computer, just like a phone, it's a complicated piece of software. There's a lot of dependencies. All it takes is one software to get it wrong and the entire phone can be compromised. So you're back into complicated systems, complex systems, people write these systems, people write these apps. It takes one bad developer to mess it up for everybody else. So it's actually pretty hard unless you control every single ecosystem that you build which is vastly difficult now in the mobile space. The mobile carriers are not just, it's not just from AT&T, you've got the OS, you've got you know, Google, the Android phone. You've got AT&T, you've got the apps on the phone, you've got all the, you know, the various processes, the components that talk to different apps and you've got the calling app, you've got all of these other games. So because it's such a complicated device getting it right from a security perspective is actually pretty difficult. So, but there are definitely applications that have been working over the years that have been trying to leverage the built in capabilities. We actually see it as the YubiKey can actually be used with this device. And then you can use these devices after you bootstrap them. What we deemed as, what we call blasted device. So you can use multiple different things. And the standard doesn't always define that you just use the hardware device of the YubiKey. You can use a phone if you trust the phone. We want to give flexibility to the ecosystem. >> So I'm just curious in terms of the open standard's approach for this problem, how that's gaining traction. Because clearly, you know, open source is done very very well, you know far beyond Linux as an operating system. But you know so many apps and stuff run open source software, components of open source. So in terms of market penetration and kind of adoption of this technology versus the one single vendor key that you used to have, how is the uptake, how is the industry responding? Is this something that a lot of people are getting behind? >> It's definitely getting a lot of traction in the industry. So we started the journey with Google and what was happening was that in order to work with this prominent scale you have to believe that just between, you know, Yubico and Google can't solve this problem. And if the answer is you got to do my thing, no one's going to play in this game. Just a high level. So I think what we've done is that the open standard is the catalyst for other big players to participate. Without any one vendor going to necessarily win. So today if, there's a big plenary going on at FIDO and it's really iteration of what we've developed with Google. And now we're taking the next level with actually Microsoft. And we've called it FIDO 2. So from U2F, FIDO Universal Second Factor, to FIDO 2. And that entire work that we've done with Google is now being evolved into the Microsoft ecosystem. So, and we'll see in a couple months, you will start to see real Microsoft products being able to support the same standard. Which is really excellent because what do you use every day? You either use, there's three major platform players that you have today, right you have, you either use a Google type of device, Chrome or Android. You use a Microsoft device, you've got Windows everywhere. Or you use an Apple device. So, and the only way these large internet companies are going to collaborate is if it's open. If it's closed, if it's my stuff, Google's not going to implement it because it's Microsoft stuff, Microsoft's not going to implement Apple stuff. So the only way you can-- >> I dunno about the Apple part of that analogy but that's okay. >> That's true, that's true, but I think it's important that the security industry working with the identity issue, work together. And we need to move away from all this one up, proprietary things. Because it makes it really difficult for the users and the people to implement things. And if everybody's collaborating like an open standard, then you actually can make a dent in the problem that you see today. >> And to your point, right, with BYOD, which is now, used to be a thing, it's not a thing obviously everybody's bringing their own devices. To have an open standard so people at different types of companies with different types of ecosystems with different types of users using different types of devices have a standard by which they can build these things. >> Absolutely. >> Exciting times. >> Exciting times. >> Alright Jerrod, well thanks for taking a few minutes out of your day. We look forward to watching the Yubico story unfold. >> Exactly, thank you very much. >> Alright, very good. He's Jerrod, I'm Jeff, you're watching The Cube where Data Privacy Day 2018, thanks for watching.

(cheerful music) >> Announcer: Live from Los Angeles, it's theCUBE! Covering Open Source Summit North America 2017. Brought to you by The Linux Foundation and Red Hat. >> Welcome back, and we're live here in Los Angeles. This is theCUBE's special coverage of Open Source Summit North America. I'm John Furrier with Stu Miniman. Two days of wall-to-wall coverage. Our next guest, Ed Warnicke, who is a distinguished consulting engineer with Cisco. Welcome to theCUBE. >> Glad to be here! >> Thanks for coming on. Love to get into it. We love infrastructure as code. We love the cloud developers. The young generation loves it. Making things easy to use all sounds great, but there's still work to get done. The networking... So what's going on here at the Open Source? So this is the big tent event where there's a lot of cross-pollination around projects. Obviously the networking side, you guys at Cisco are doing your share. Give us the update. Networking is still a lot more work to be done. It's a very strategic part of the equation. Certainly making it easier up above makes it programmable. >> Yeah, you have to make the networking invisible even to the DevOps layer. There are certain things that you need from the network. They need isolation and reachability. They need service discovery and service routing. But they don't want to have to think about it. They don't want to be burdened with understanding the nitty gritty details. They don't want to know what subnet they're on, they don't want to have to worry about ACL's, they don't want to think about all of that. And the truth is, there's a lot of work that goes into making the network invisible and ubiquitous for people. And in particular, one of the challenges that we see arising as the world moves more cloud-native, as the microservices get smaller, as the shift happens toward serverless, as Kubernetes is coming on with containers, is that the network is really becoming the run time. And that run time has the need to scale and perform like it never has before. So the number of microservices you'd like to put on a server keeps going up, and that means you need to be able to actually handle that. The amount of traffic that people want to push through them continues to go up. So your performance has to keep up. And that brings a lot of distinct challenges, particularly when you're trying to achieve those in systems that were designed for a world where you had maybe two NIC's on the box, where you weren't really thinking when the original infrastructure was built about the fact that you were actually going to have to do a hell of a lot of routing inside the server because you now have currently hundreds, but hopefully someday thousands and tens of thousands of microservices running there. >> Ed, you know, I think when we've been talking about the last 15 or 20 years or so, I need to move faster with my deployment. It always seemed that networking was the thing that held everything up. It's like, okay, wait, when I virtualized, everything's great and everything, and I can just spit up a VM and do that. Oh, but I need to wait for the network to be provisioned. What are the things you've been working on, what open source projects? There's a lot of them out there helping us to really help that overall agility of work today. >> Absolutely. So one of the things I'm deeply involved in right now is a project called FD.io, usually pronounced Fido, because it's cute. And it means we can give away puppies at conferences. It's great. What FD.io is doing, is we have this core technology called VPP that gives you incredibly performant, incredibly scalable networking purely in user space. Which means from a developer velocity point of view, we can have new features every three months. From an extensibility point of view, you can bring new network features as separate plugins you drop as .so's into a plugin directory instead of having to wait for the kernel to rev on your server. And the revving process is also substantially less invasive. So if you need to take a microservice network as a user space thing and rev it, it's a restart of a process. You're talking microseconds, not 15-minute reboot cycles. You're talking levels of disruption where you don't lose your TCP state, where you don't lose any of those things. And that's really crucial to having the kind of agility that you want in the network. And when I talk about performance and scalability, I'm not kidding. So one of the things we recently clocked out with VPP was being able to route a terabyte per second of traffic with millions of routes in the forwarding tables on commodity servers with no hardware existence at all. And the workloads are starting to grow in that direction. It's going to take them a while to catch up, but to your point about the network being the long pull, we want to be far ahead of that curve so it's not the long pull anymore. So you can achieve the agility that you need in DevOps and move innovative products forward. >> Ed, one of the things that comes up all the time, I wanted to get your reaction to this because you're an important part of it, is developers say, look, I love DevOps. And even ops guys are saying, we want to promote DevOps, so there's a mind meld there if you will. But then what they don't want is a black box. They want to see debugging, and they want to have ease of manageability. So I don't mind pushing dev, if I'm an ops guy, send the dev down, but they need a path of visibility. They need to have access to debug fast. Get access to some of those things. What do you see as gates if you will, that we got to get through to make that seamless and clean right now? Obviously Kubernetes, lot of stuff going on with orchestration. And containers are providing a path. But still, the complaint and nervousness is okay, you can touch and program the infrastructure, but if something happens, you're going to be reactive. >> Yeah, that gets exactly to the point. Because the more invisible the network is, the more visibility you need when things go wrong. And for general operational use. And one of the cool things that's happening in FD.io around that, is number one, it's industrial scale. So you have all sorts of counters and telemetry information that you need from an historical point of view in networks to be able to figure out what's going on. But beyond that, there's a whole lot of innovation that's been happening in the network space that has yet to trickle down all the way to the server edge. A really classic example on the visibility front has to do with in-band iOAM. So we now have the technology, and this is present today in VPP, to be able to say, hey, I would like an in-band trace on the flow though the network of this flow for this customer who's giving me a complaint, where I can see hop by hop through the network including in the edge where VPP is, what's the latency between hops? What path it actually passed through. And there's even a feature there where you could say, at each hop, please send the packet capture at that hop to a third-party point where I can collect it so I can look at it in something like Wireshark. So you can look in Wireshark and say, okay I see where this went into that node and came out that node this way. Node by node by node. I don't know how much more visibility than that is actually physically possible. And that's one of the kinds of things that the velocity of features that you have in VPP has made very possible. That's the kind of thing that would take a long time to work into the traditional development line for networking. >> What's the Cisco internal vibe right now? Because we covered the DevNet Create event that Susie Wee put on, which was kind of like a cloud-native cool event. Kind of grassroots, kind of guerrilla. I love the mojo there. But then you've got the DevNet community at Cisco, which is a robust killer developer community on the Cisco side. How are those worlds coming together? I can imagine that the appetite for the Cisco DevNet teams, the DevNet developer community, is looking at cloud-native as an opportunity. Can you share some insight into what's the sentiment, what's the community vibe, what's going on? For folks that just got to run the networks, I mean this is serious stuff. In the past, they've been like, cloud-native, when you're ready we'll get there. But now there seems to be an onboarding of cloud-native. Talk about the dynamic. >> There has to be, because cloud-native won't wait. And there's a lot of things that the network can do to help you as the run time. The iOAM example is one, but there are a ton more. Again, cloud-native won't wait. They will find a way, and so you have to be able to bring those features at the pace at which cloud-native proceeds. You can't do it on six-month product cycles. You can't do it on 12-month product cycles. You have to be able to respond point by point as things more forward. A good example of this is a lot of the stuff that's happening with server meshes in Insteon. Which is coming really fast. Not quite here, but coming really fast. And for that, the real question is, what can the network do for DevOps? Because there's a synergistic relationship between DevOps and NetOps. >> So you were saying... Just to try to get at the point. So yes, are you seeing that the DevNet community is saying hey we love this stuff? Because they're smart, they know how to adapt. Moving from networks to DevOps. To me it seems like they're connecting the dots. You share some-- Are they, yes no maybe? >> They're absolutely connecting the dots, but there's a whole pipeline with all of this. And DevNet is at the short pointy end where it touches the DevOps people. But to get there, there's a lot of things that have to do with identifying what are the real needs, getting the code written to actually do it, figuring out the proper innovations, engaging with open source communities like Kubernetes so that they're utilized. And by the time you get to DevNet, now we're at the point where you can explain them to DevOps, where they can use them really cleanly. One of the other things is, you want it to come through transparently. Because people want to be able to pick their Kubernetes Helm charts off the web, take the collection of containers for the parts of their application they don't want to have to think about, at least right now, and have it work. So you have to make sure you're supporting all the stuff that's there, and you have to work to be able to take advantage of those new features in the existing API's. Or better yet, just have the results of those API's get better without having to think about new features. >> So they're in great shape. It's not a collision, it's not friction. >> No, no no. >> It's pretty much synergistic. Network guys get the DevOps equation. >> No, we get the DevOps equation, we get the need. There is a learning process for both sides. We deeply need each other. Applications without networking are completely uninteresting. And this is even more true in microservices where it's becoming the run time for the network. On the same side, networks without applications are completely uninteresting because there's no one to talk. And what's fascinating to me is how many of the same problems get described in different language and so we'll talk past each other. So DevOps people will talk about service discovery and service routing. And what they're really saying is, I want a thing, I don't want to have to think about how to get to it. On the network side, for 15 years now, we've been talking about identifier/locator separation. Basically the having an IP address for the thing you want, and having the ability to transparently map that to the location where that thing is without having to... It's the classic renumber your network problem. They're at a very fundamental level the same problem. But it's a different language. >> The game is still the same. There's some language nuances that I think I see some synergies. I see people getting it. It's like learning two languages. Okay, the worlds come together. It's not a collision. But the interesting thing is networking has always been enabling opportunity. This is a fundamental nuance. If you can get this right, it's invisible, as you said. That's the end game. >> Absolutely. That's really what you're looking for. You want invisibility in the normal mode, and you want total transparency when something has to be debugged. The classic example with networks is, when there's a network problem it's almost never the network. It's almost always some little niggle of configuration that went wrong along the way. And so you need that transparency to be able to figure out okay, what's the point where things broke? Or what's the point where things are running suboptimally? Or am I getting the level of service that I need? Am I getting the latency I need, and so forth. And there's been a tendency in the past to shorthand many of those things with networking concepts that are completely meaningless to the underlying problem. People will look at subnets, and say for the same subnet, we should have low latency. Bullshit. I mean basically, if you're on the same subnet, the guy could be on the other end of the WAN in the modern era with L2 overlays. So if you want latency, you should be able to ask for a particular latency guarantee. >> It felt to me that it took the networking community a while to fix things when it came to virtualization. (Ed laughs) but the punch line is, when it comes to containers, and what's happening at Kubernetes, it feels like the networking community is rallying a lot faster and getting ahead of it. So what's different this time? You've got kind of that historical view on it. Are we doing better as an industry now, and why is it? >> So a couple of things. The Kubernetes guys have done a really nice job of laying out their networking API's. They didn't get bogged down in the internal guts of the network that no DevOps guy ever wants to have to see. They got really to the heart of the matter. So if you look at the guarantees that you have in Kubernetes, what is it? Every pod can talk to every other pod at L3. So L2 isn't even in the picture. Which is beautiful, because in the cloud, you need to worry about subnets like you need a hole in the head. Then if you want isolation, you specify a network policy. And you don't talk about IP addresses when you do that. You talk about selectors on labels for pods, which is a beautiful way to go about it. Because you're talking about things you actually care about. And then with services, you're really talking about how do I discover the service I want so I never have to figure out a pod IP? The system does it for me. And there are gaps in terms of there being things that people are going to be able to need to do that are not completely specified on those API's yet. But the things they've covered have been covered so well, and they're being defended so thoroughly, that it's actually making it easier because we can't come in and introduce concepts that harm DevOps. We're forced to work in a paradigm that serves it. >> Okay, great. So this'll be easy, so we'll be ready to tackle serverless. What's that going to mean for the network? >> Serverless gets to be even more interesting because the level of agility that you want in your network goes up. Because you can imagine something in serverless where you don't even want to start a pod until someone has made a request. So there's an L7 piece that has to be dealt with but then you have to worry about the efficiency of how do you actually move that TCP session to the actual instance that's come up for serverless for that thing, and how do you move it to the next thing? Because you're working at an L7, where from the client's point of view, they think it's all the same server, but it's actually been vulcanized across all these microservices. And so you have to find an efficient way of making that transparent that minimizes the degree to which you have to hairpin through things all over the cluster because that just introduces more latency, less throughput, more load on the cluster. You've got to be able to avoid that. And so, by being able to bring sophisticated features quickly to the data plain with something like FD.io and VPP, you can actually start peeling those problems off progressively as serverless matures. Because the truth of the matter is, no one really knows what those things are going to look like. We all like to believe we do, but you're going to find new problems as you go. It's the unknown unknowns that require the velocity. >> So it sounds like you're excited about serverless, though. >> Ed: Usually, yes, definitely. >> So I love serverless too, and I always talk about it. So what is in your opinion the confusion? There are some people who are like, oh it's bullshit. I don't think it is personally. I think it's nirvana. I think it's what people want, what most developers want. There's a server behind it. It's not serverless per se. It's just from a developer standpoint, you don't have to provision hardware. >> Or containers, or VM's, or any of that. >> I personally think it's a good thing. Is it just a better naming convention? Give the people, what's the nuance? Why are people confused? >> I think it's much more fundamental than just the naming convention. Because historically, if you look at the virtualization of workloads, every movement we've had to date has been about some workload run time technology. VM's were about virtual machines. Containers are about containers to run technology. When you get to microservices and serverless, we've made the leap from talking about the underlying technology that most developers don't care about to talking about the philosophy that they do. >> Their run time is their app. Their run time assembly is their code sandwich, not to say the network. >> Just as in serverless, I don't think anyone doubts that the first run of serverless is going to be built on containers. But the philosophy is completely divorced for them. So I'll give you an example. One of the things that we have in VPP is we have an ultra high performance, ultra high scalability userspace TCP stack. We're talking the kind of thing that can trivially handle ten million simultaneous connections with 200,000 new connections coming in every second. And right now, you can scope that to an isolation scope of a container. But there's no reason, with the technology we have, you can't scope it all the way down to a process. So you control the network access at the level of a process. So there's a lot of headroom to go even smaller than containers, even lighter weight than containers. But the serverless philosophy changes not a wit as you have that improvement come in. >> That's beautiful. Ed, thanks so much for coming on theCUBE. We really appreciate your perspective. I'd like you to get one final word in to end the segment. Describe what's happening here because the OS Summit, or the Open Source Summit, is the first of its kind, a big tent event. What's your take on it? What's the purpose of the event? What's your experience? Share with the folks who aren't here what this event is all about. >> It's really exciting, because as much as we love The Linux Foundation, and as much as we've all enjoyed things like LinuxCon in the past, the truth is, for years it's been bleeding beyond just Linux. I don't see the OS Summit so much as a shift in focus, as a recognition of what's developed. Last year we had the Open Source Summit here. We just called it LinuxCon. The year before we had the Open Source Summit here. We just called it LinuxCon. And so what's really happening is, we're recognizing what is. There's actually no new creation happening here. It's the recognition of what's evolved. >> And that is open source as a tier one reality that goes way beyond Linux, which is by the way super valuable at the kernel. >> Ed: Oh, we all love Linux. >> All Linux apps... The only apps are Linux apps. But it's a bigger thing. The growth and scale that's coming is unprecedented. I think a lot of people still are pitching themselves, Stu and I were commenting, that what's coming is going to change the face of software development for generations to come. There's an exponential scale of software libraries coming on board. Up to 400 million was forecast by 2026? >> That sounds conservative to me. (laughs) >> You think so? Well, I mean, just to get the scale. So there's going to be some leadership opportunities for the community, in my opinion. >> Absolutely. And this is where the Open Source Summit actually... I mean, words matter because they shape the way we think about things. So where I think the shift to the Open Source Summit has huge value is that it starts to shift the thinking into this broader space. It's not just a recognition of what's happened. It's a new load of software here for the community. >> This is not a marking then, it's a recognition of what's actually happening. I love that quote. Open Source Summit, brilliant move by The Linux Foundation. Create a big tent event for cross-pollination, sharing of ideas. This is the ethos of open source. Ed, thanks so much for coming on theCUBE. This is theCUBE with live coverage from the Open Source Summit in North America, formerly LinuxCon and all the other great events here in Los Angeles. I'm John Furrier with Stu Miniman. More live coverage after this short break. (electronic music)

(cheerful music) >> Voiceover: Live, from Los Angeles, it's theCUBE covering Open Source Summit North America 2017, brought to you by the Linux Foundation and Red Hat. >> Okay, welcome back here when we're here live with theCUBE coverage of Linux Foundation Open Source Summit North America in Los Angeles, I'm John Furrier, Stu Miniman, our next guest is Arpit Joshipura, General Manager of Networking the Linux Foundation. Welcome back to theCUBE, great to see you. >> Thank you, nice to be here again. >> Always good to talk networking, as Stu and I always say networking is probably the most active audience in our community, because at the end of the day, everything rolls downhill to networking when the people complain. It's like "where the hell's my WiFi, "where's the patent latency," networking SDN was supposed to solve all that. Stu, we're still talking about networking. When are we going to fix the network? It's always in the network, but important. In all seriousness, a lot of action continues and innovation to networking. >> Absolutely. >> What's the update? >> Update is very exciting. So first of all, I can confidently say that open source networking, not just networking, but open source networking is now mainstream. And it's mainstream in the telcos, in the carriers, service providers, it's getting there in the enterprise. And Linux Foundation is really proud to host eight of the top 10 projects that are in open source networking. ONAP, ODL, OPNFV, Fido, you know, the list goes on. And we're really excited about each of these projects, so good momentum. >> We've been seeing and talking about it too, we all, joking aside, the intro there, but in all seriousness we've been saying, we get better the network, it's finally happening. Has it been a maturization of the network itself, has it been industry force and what have been the forces of innovations been? OpenStack has done some great work, they're not getting a lot of love these days with some people, but still we've seen a lot of production workflows at OpenStack, OpenStack's still there, rocking and rolling. New projects are onboarding, you see the telcos getting business models around digital. What's the drivers? Why is network mainstream now? >> I think it's a very simple answer to that, and that is before 5G and IoT hit the market, network better be automated. It's a very simple requirement. And the reason is very self-explanatory, right? You can't have an IoT device on the call on hold while you get your service up (laughs). So, it's IoT, right? And it is the same thing on 5G, a lot of new use cases around cars or around low latency apps. You need automation, and in order to have automation, a carrier or a solution provider goes through a simple journey. Am I virtualized? Yes or no? Am I using the building blocks of SDN and NFV? Yes or no? And the third, which is now reality, which is, am I using open source to do it? Yes, and I'm going to do it. And that's the driver right? I mean it's all- >> Automation, when you started throwing out a lot of TLAs, you talk about SDN and NFV, we've got a four-letter acronym that we need to talk about. The Open Network Automation Platform. Why don't you bring your audience up to speed, what that is, the news that you have this week. >> Absolutely, so ONAP was launched earlier in 2017. It's a combination of two open source projects, ECOMP and Open-O, and we wanted to bring the community together versus sort of fragmented, and because our end users are asking for a harmonized solution. So we brought it together. It was launched earlier this year as we talked about, but the most significant thing is it has received tremendous support from the member community. So at OSS today, we just announced that Vodafone has joined as a platinum member. They will be on our board, and as you know Vodafone is one of the top providers. So if you add up all the subscribers that are being influenced by ONAP, they come to 55%. So out of the 4.5 billion subscribers that exist, more than 55% will be influenced by ONAP and the work that happens. That includes China Mobile, China Telecom, China Unicom, all of the China, Bell Canada, AT&T obviously who sort of was the founding member, Orange, Reliance Jio from India. So we've got, Comcast joined earlier in the quarter, so we've got cable companies, carriers, all joining. And to be very honest, I'll probably just give you the list of all the networking vendors that are participating here, and I've list Amdocs, Cisco, Ericsson, GigaSpaces, Hua Wei, IBM, Intel, Nokia, Tech Mahindra, VMware, ZTE, Juniper, you know, you name it. >> Arpit, I mean the long story short is-- >> Just cause they're involved does that mean they're actually working-- >> They're active. Active. >> we're not going to be critical on this. >> But come on, even Cisco's involved in the open source stuff, right? >> They've very active. >> We've had lots of guests on from Cisco, Lulu Tucker's been on many many times. We know the open source there, but it used to be, networking was very proprietary. Now, it wasn't SDNs going to totally change everything, it's lots of different pieces, lots of different projects. It kind of felt like the river slowly wearing down the mountain as to this transition from proprietary to open source. >> I think what happened is if you just look at four years back, it was proprietary. Not because people liked it, that was the only game in town. When the open source industry, especially in the networking, and this is a hundred year old industry, telecom right? When it came in in the desegregated manner, hardware and software separated, control plane separated from data plane, all of that happened, and what happened suddenly was each components started becoming mature. So they're production-ready components, and what ONAP and what Linux Foundation is intending to do this year is trying to bring all the components into a system solution. So that it's easy to deploy, and all you have to do is point, click a service, everything below it will all be automated and integrated. >> Well the telcos are under a lot of pressure. I mean this has been a decade run, over-the-top they've been struggling with that from years ago, decade ago or more. But now they're getting their act together. We're seeing some signs, even VMworld. Stu, Pat Gelsinger said 5G's the next big kahuna in networking the next 20 years, you can validate it. This is going to be a 20 year changeover, so as the Linux Foundation, which essentially is the organic growth engine for this community, what do you guys see in that 20 years? Cause I see 5G's going to create all these connection points. IoT is going to be massive. That's going to increase the surface area for potential attacks. We're seeing a networking paradigm that's moving from old guards Cisco, Juniper, and some of the names you mentioned. They got to make some changes. How are they adjusting? What's going on so the next 20 years we don't have more conflict and more identity politics. >> I'll tell you one thing, I come from a vendor community, right? So I really appreciate the work they're doing. Part of the reason you would have seen in the past a vendor dragging their feet is because of fragmentation in the community. You as a vendor do not know where to put your resources, people, and where you put your money. What we're doing at the Linux Foundation is starting to harmonize all that. And once you do that and you have enough of a scale and enough of a community, there is no shortage of people and developers that the vendors are contributing to. >> John: What's some of the proof points that you can share? >> Okay, so ONAP, from start to now, about 1100 Wiki members already. That means 1100 unique developers are joining the project. Over 50 members. We ran out of VMs, I mean it's like that has not happened in any project for over five years. We had to fire up people more. So you can see that... And this is not just, these are competitors, but if you step back and look at it, they're competitors from an end user perspective, but they're solving the common problem in which they don't get any money. They don't make any money. These are things that absolutely need to happen. The plumbing, the infrastructure, the orchestration, the control layer, the data plane layer, all of that need to just happen, it should just work. And let them differentiate on top. We are actively seeing almost everybody participating significantly. >> Stu, let's hear your thoughts on this. You guys are both, I view you guys both as experts and influencers in this networking ecosystem, so I got to ask you both a question. CNCF has gotten a lot of traction with funding, sponsorships are off the charts, you're seeing massive tractions, Stu, where you also see that KubeCon Cloud Native, but you have native clouds, I call them native clouds, in Amazon and then soon-to-be enterprises that want to run software-defined networking. So the question is do you see the same kind of support going for your group as CNCF's getting? Is it just fashionable at this point, CNCF? Why isn't the networking getting as much love at least from a sponsorship standpoint. >> Let's define love. So if you define love as the 2017 ONS, which is our largest networking summit, we grew that 10%, everything was off the charts. The feedback, the content-- >> John: The attendance growth or sponsorships? >> Attendance, sponsorships, CFPs were 5x oversubscribed. Call for papers, for submissions, 5x oversubscribed. So we had a hard time picking the best of the best. ONS 2018 is going to be here in LA, we've already started getting requests on, you know, so we're the same boat. >> So you feel good. >> We feel good. >> Not about this, like you're winning. >> No, but I tell you-- >> There'll be positive numbers we know from the hype scale horses, Stu, answer your question and then maybe you guys can comment. So is it a matter of that there's more buzz in positioning involved in the hype side of CNCF now, and there's just meat and potatoes being done in the networking world, Stu? Cause you and I both know, if no one has nothing to say, they've got to kind of market themselves. >> So John, think back to five years ago, how much hype and buzz there was around SDN. John, you and I interviewed like Martin Casado, he just bought for $1.4 billion, all these startups, lots of VC investment, so I think we're further down the maturity curve. Now networking's always-- >> John: People going to work, they're doing their job. >> It's real, it's in production-- >> It's funny-- >> It's not parb, I always say when you move from PowerPoint to production, real things happen. >> I always say, if there's going to be sizzle, I better see some steak on the grill, so what's happening is steak is cooking right now. >> And John, so one of the things we say, networking, no offense to all my friends in networking, networking is never sexy. >> Oh, come on Stu, networking is totally sexy. >> I always say it's cool again. >> Networking has never lost its edge. >> It absolutely is majorly important, but Arpit, take us in, you know, Kubernetes is hot, containers get a lot of buzz and everything. Networking, critical piece of making sure that this works, feels like, I think back to the virtualization days, it took us 10 years to kind of solve those things that that abstraction layer broke. It feels like networking is further ahead than it was, it's moving faster, we understand it's not something that's just kind of oh we'll let the networking guys get to it eventually. Networking and security, which often has that networking tie are front and center now. >> Very good point, and I think what you have to also sort of step back and look at is what are the problems that need to be solved from an end user perspective? So the hardest networking problems at the data plane control layers, check. Next big problem that remain to be solved was orchestration, data analytics, and things like that. Check, solve, with ONAP. Now the next problems that need to be solved are containerization of enterprise app, which is where Kubernetes and... and then how does containerization work with networking? That's all the C&I, the interfaces. I would say next year, you will start to see the interworking and the blend of these "hot projects" where they can all come together. >> Stu, you were there in 2010, I looked right in the camera and said to Dave Vellante, storage is not as sexy. And Dave called it snoreage, cause snoreage is boring. (Stu laughs) >> And at that time, the storage industry went on a run. And we well-documented that. Sexy is, networking is sexy. And I think that we-- >> I call it cool. >> And I just tweeted, 25g is a good indicator of a 20 year run, and networking is the big kahuna as Pat Gelsinger said in IoT, so I think, Stu, I think it's going to be very apparent, sexy. I just don't see a lot of amplifications, so you don't see a lot of people marketing the sizzle. I think, being done I would agree, but Stu, there's more buzz and hype on the CNCF side than networking. >> That's fair. I think it is always as you said, it's the initial phase of any project that gets a lot of clicks and a lot of interest, and people want to know about it. A lot of the buzz is around, just awareness. The classic marketing cycle, and I think we're past that. It was therefore ONAP in January, we're past that. >> Alright, so here's the question, final question. So the steak is coming off the grill in our metaphor here, what are people-- what is that product, what's happening, what is the big deliverable right now from a networking standpoint that people can bet on and know that they can cross the bridge into the future with it. >> You will see a visible difference, you as in an end user, an enterprise, or a residential consumer. You will see a significant difference in terms of how you get services. It's as simple as that. Why? Because it's all automated. Network on-demand, disaster recovery, video conference services. Why did over-the-top players, why were they so successful? If you need a Gmail ID, you go in, you get one. It's right there. Try getting a T1 line five years ago. That would be six weeks, six months. So with the automation in place, the models are converging. >> So provisionings are automatically happening-- >> Provisionings, service, and then the thing that you will not see but you will see in the services impact, is the closed loop automation that has all the analytics built in. Huge, huge. I mean, network is the richest source, and by the way, I'll come back next year and I'll tell you why we are cool again. Because all of a sudden, it's like oh my god look at that data and the analytics that the network is giving me. What can I do with it? You can do AI, you can do machine learning, you can do all these things. >> Well, we're looking forward to it, the eye of the storm is kind of happening now I think in networking, Stu and I always have debates about this, cause we see a lot of great action. Question is, let's see the proof points, you guys are doing some good work. Thanks for sharing, Arpit, really appreciate, General Manager of Networking at Linux Foundation. It's theCUBE, more live coverage from Los Angeles, the Open Source Summit North America. I'm John Furrier, Stu Miniman, be back with more live coverage after this short break. (techno music)

(upbeat electronic music) >> Narrator: Live, from Santa Clara, California, it's theCube. Covering Open Networking Summit 2017. Brought to you by The Linux Foundation. >> Woman: Sure. Um, so, yeah, as you were saying, OpenDaylight really kind of kicked things off from a open source networking standpoint. I mean, there were certainly other open source controllers earlier, in sort of the market life cycle, but they kind of never really made their way out of the universities. OpenDaylight was the first that really had a lot of commercial participation and uptake, kind of in the real world, so to speak. Um, so with that, I think there was a lot of learning that happened, both on the vendor's side, with regard to open source, as well as on the user side. Um, and as the OpenDaylight platform matured and started coming to fruition, we started seeing a lot of other projects sort of both below at the platform layer as well as further up the stack. So at this point, and we've been talking about this quite a bit here at ONS, um, we've been talking a lot about the whole open networking stack that has sort of come to fruition now. You know, really low level stuff, DPDK was just announced today. Fido, which is sort of big data for networking. Then all the way up the stack to ONAP, which was just announced last month. ONAP is a bringing together of the ECOMP Project that was started by AT&T and then they brought it to The Linux Foundation and Open-O, which actually sort of germinated within The Linux Foundation with a lot of input from, um, a number of small vendors, as well as major carriers, particularly in Asia. So, um, bringing those things together at the orchestration layer, and so now we've got this sort of whole stack. Some of it, a lot of it is Linux Foundation projects, some of it is other projects with other open source foundations. All of which we work with very collaboratively across all those different projects. >> Man: Right, right. >> But at this point, we're really kind of looking at how do we enable people to consume this a little bit more easily from the user side? And then also from the developer side. There are a lot of developers who are involved in multiple different projects. Which of course means that they're spread very thin across all those projects. And we're looking at how do we make it a more feasible and scalable activity for them? >> Right. >> So for example, you know, OpenDaylight is upstream of a lot of other projects. There are a lot of other projects that have a lot of dependencies on OpenDaylight. So how do we streamline the release train in such a way that, you know, everybody gets what they need at the time that they need it, so they can do their releases on a timely basis and so forth and so on. And that just, you know, that makes things a lot easier from a developer standpoint. That also sort of naturally increases the, improves the integration points between those projects which is, of course, better for users. >> Man: Right. >> Um, so those are a lot of the things that we have in motion sort of across the Linux Foundation, um, and I think that the other thing that we've really seen over the last year come to fruition is a lot of the early adopters of OpenDaylight in particular have now spent enough time working with the open source community, either through their vendors or increasingly directly themselves, that they kind of get this open source thing, and they understand kind of what the processes are and why we do things they way they do. >> Right. >> And so they're willing to take a much more active role. AT&T is a prime example of that. They were working on ECOMP themselves internally, and they, very quickly, came to the realization that in order to scale it as quickly as they needed to, I mean, they were putting tens of thousands of their developers through specialized boot camps, right? >> Man: Right, right. >> The networking people to become networking developers. But at the same point, you just can't push people through the system that fast enough, nor can you hire enough people that fast enough. And so that's why this has decided to bring it to the open source community. >> Man: It seems like there's kind of an acceleration of carving out some piece of what was proprietary and putting it out to continue the development in an open source world. >> Any "why", you kind of answered the question just now in terms of there's not enough people. But more interestingly, you talked about some open source stuff just never gets going. What are some of the real secrets that make an open source project run? >> Yeah. >> Versus those that don't, or you know, die on the vine. >> Yeah. Um, there are a lot of different components, of course, like with anything. Some of it is technical, right? Do you have the right architecture? Is it one that can scale? Is it extensible? Are the right kinds of people involved in the project? Is the project being informed by the right kinds of people? So if you go and build something that nobody needs, either because you don't have the right people involved, or because you're not open to that feedback, it's going to die on the vine. So, you know, a successful project really has to have a strong community around it. And it's a-- >> Jeff: Chicken and egg. >> Chicken and egg thing, right? How do you get a strong community? Well, you have the right processes in place, but you also make sure that you have the right people involved so that they can build the right kind of thing. And that they have the skills to do it effectively. >> Right. And then the other interesting trend we're seeing is, The Linux Foundation is becoming kind of the hub where you put these things, um, to grow, and as you said, really to cross-pollinate with the other open source projects that have all these interdependencies. >> And that seems to be an accelerating trend as well, as least from the outside looking in. >> Lisa: Yeah, no, it absolutely is. And I think we learned a lot with, with OpenDaylight and also with OpenStack. You know, when OpenStack started, and OpenStack of course is even older than OpenDaylight, but when OpenStack started, I think there was all kinds of euphoria in the industry because open source was relatively new to infrastructure, and infrastructure people, it was like, "Oh, I can build everything "that I ever wanted to build now!" Um, and so there was this sort of irrational exuberance about feature proliferation. In some ways, kind of at the expense of platform stability initially. And at a certain point, the users, again, started getting involved and said, "That's great. We need the thing to actually work. "At scale, in real world environments. "Please focus on that." And you know, that's the real beauty and strength of open source, is when you have users who care, and see the possibility of a project, they can be actively involved and actively influence where the focus of the project is going to be. And that's how you get to something that's going to be useful to people quickly. >> Thank you. >> Well, it'd be great to hear a little bit more about how you-- on these, I'm always kind of mystified as an analyst or a journalist or whatever, when you see these things. The press release comes out, "ONAP is the new thing", right? There's a new thing every week. How do you ensure the success? How do you get the momentum behind it? I imagine there's a lot of stuff that's been happening behind the scenes for ONAP. >> Lisa: Yep. We try not to keep it too behind the scenes. It has always been part of open source culture and what's proven to be a best practice is openness and transparency of not just the code itself but the processes around it. >> Scott: Mhm. >> Um, if people feel like they understand what's going on, that things aren't being hidden from them, that they can have a voice. >> Scott: Right. >> They're much more actively willing to participate. So that's really kind of the key to building any kind of community. >> And how do you work with a big carrier, like, I mean, the fascinating part about this for me is for our viewers who don't know what ONAP and ONOS and ODL are, it's basically all this carrier software that's becoming open source and they're just putting it out there, saying, "It's no longer our family jewels. "Everybody can use it." I mean, that's a big leap for an AT&T, you know? Tell us how you work with AT&T or Verizon or some of these big, gigantic organizations. Like, they just hand you a thumb drive? (laughter) How do you get the intellectual property? How's that process start? >> In the case of AT&T, they reached out to The Linux Foundation and said, "We want and need to do this. "Help us do it. We don't know how this works. "Help us, teach us." But it's very much a, you know, a big part of the role of The Linux Foundation in all of this project proliferation and so forth is teaching people how to do open source effectively. Because, again, it's not just about throwing coders at a problem, 'cause you can do that inside your own organization as well. It's understanding how to do that in a collaborative manner, how to carve off what parts to open source, 'cause AT&T's ECOMP platform, not all of it has been open source. Some portion of it, the stuff that's really important and proprietary and is considered the crown jewels, that has stayed internal, but they've shared a reasonable, fairly large percentage of the base platform with the open source community. And learning to draw that line is an art. And figuring out what is commodity and really could and should be shared with the rest of the world so we're not all reinventing the same wheel. >> Scott: Right. >> But rather than having ten developers here doing that and ten developers here and duh duh duh dah, we can put 30 developers, all working together, to get the same thing more quickly. That shifted mindset can take a little bit of time, a bit of education, and that's kind of part of what The Linux Foundation brings to that process of onboarding new open source projects. >> Jeff: Right. And then on the other end, I always think of Randy Bias. He's one of our favorite guests, Especially with OpenStack, and he knows a couple OpenStack Silicon Valleys ago, where he was somewhat critical on the other end, saying we also have to kind of reign things in, and you have all this risks of stuff going all over the place, and how do you kind of have some organization at the top end because of successful growth can drive a bunch of different agendas and things can get forked. It's not a simple thing to manage. >> No, and we've tried different models and different approaches within different projects and we've learned a lot from that. OpenDaylight was very much a, you know, you guys figure it out, hands-off kind of model. Other open source projects have been very top-down, from their governant structure to everything else. Others, like Open-O are kind of in-between where they did specifically set up an architecture committee that was composed of the leading members of the project because, again, Open-O in particular is touching the business layer of these carriers. So they really need that architecture to be meeting their specifications. >> Right, right. >> Sort of a lower layer, so it's a little bit less critical. There are lots of different models and sort of a gradation of top-down versus bottom-up and, you know, let a thousand flowers bloom. (chuckling) There are pluses and minuses to all of them. I think that we've been sort of learning as we go through all of these different projects what works. And different--sometimes it's worth shifting the model and starting out one way and shifting as you go along as the project matures, too. >> Jeff: But the net-net, which I think, you said at the beginning, is that big companies are now really learning how to operate effectively in this world, in this open source paradigm. It's matured way, way, way beyond what, we used to always joke, years ago, is a free puppy, you know? (laughing) >> You know, I mean, I think Tokus understand now that it is, yes, it's a free puppy. You still have to do lots of work. I think that understanding is sort of starting to trickle into the enterprise. I still have, every time I do a briefing, people will ask me to tell them about my product, and I say, "I don't have a product. I can't sell you anything." I help bring together a bunch of building blocks that you and your vendors can put together. But I don't have a product. And that, you know, that's a major mind shift for, especially, enterprise IT, where they're used to buying things off the shelf. >> Right. >> So larger enterprises, um, are starting again. They tend to take their cues from the carriers as things get proven out in the carrier world. And so we're starting to see that the same level of understanding and also, drivers in large, especially very distributed types of organizations, where they have 50, a hundred, hundreds of different sites around the world that they need to have a centralized few of in some fashion. And the only way they can get there is with SDN and they have a very strong preference, very clear preference for open source. >> Scott: How big is The Linux Foundation now? >> Lisa: By what metric? >> Uh, people, I guess. >> Lisa: Oh, people. Um... We're a few hundred, no more. But it's not just--we're not the ones doing all the work, right? We organize things. We help things happen. We help teach people. We provide the infrastructure. >> It seems to be growing very fast, like new projects are being added and merged. >> Lisa: But again, it's vendors and it's users. >> Very grassroots. >> Yeah. We help provide the ground, the legal framework, and the technical test facilities and things like that, and kind of the organizational guide rails. But we're here to help, we're not the ones doing the work. >> Right, right. Alright, Lisa, so I'll give you the last word before we sign off here. As you look forward to 2017, what are some of your top priorities for this next year? >> Lisa: Yeah, so, several things. First order is really enabling our users to really be successful with the projects that they already have in hand. In many cases, they're well through the phase of proof of concept and all the way onto production, and we just want to make sure that they're continuing to get everything they want out of the project and supporting them and supporting their vendors. And really building out the commercial ecosystem around it, so that they have a strong base of support. So that's one thing. Certainly on the OpenDaylight side, with some of the newer projects, it's really about figuring out what are the best practices that we can implement for this project, for this project, and for this project in order to make sure that they're successful. And a lot of that, again, is that whole harmonization effort that we have going on. >> Right, right. Alright, Lisa Caywood. She knows all about bringing open source to the enterprise, and thanks for taking a few minutes out of your day. >> Thank you very much for having me. >> Absolutely. I'm Jeff Frick, he's Scott Raynovich. You're watching theCube from Open Networking Summit 2017 in Santa Clara, California. We'll be back after the short break. Thanks for watching. (electronic music)