(upbeat music) >> Narrator: theCUBE's live coverage is made possible by funding from Dell Technologies: creating technologies that drive human progress. (upbeat music) >> Welcome back to the Fira in Barcelona. You're watching theCUBE's Coverage day two of MWC 23. Check out SiliconANGLE.com for all the news, John Furrier in our Palo Alto studio, breaking that down. But we're here live Dave Vellante, Dave Nicholson and Lisa Martin. We're really excited. We're going to talk qubits. Vanessa Diaz is here. She's CEO of LuxQuanta And Antonio Acin is a professor of ICFO. Folks, welcome to theCUBE. We're going to talk quantum. Really excited about that. >> Vanessa: Thank you guys. >> What does quantum have to do with the network? Tell us. >> Right, so we are actually leaving the second quantum revolution. So the first one actually happened quite a few years ago. It enabled very much the communications that we have today. So in this second quantum revolution, if in the first one we learn about some very basic properties of quantum physics now our scientific community is able to actually work with the systems and ask them to do things. So quantum technologies mean right now, three main pillars, no areas of exploration. The first one is quantum computing. Everybody knows about that. Antonio knows a lot about that too so he can explain further. And it's about computers that now can do wonder. So the ability of of these computers to compute is amazing. So they'll be able to do amazing things. The other pillar is quantum communications but in fact it's slightly older than quantum computer, nobody knows that. And we are the ones that are coming to actually counteract the superpowers of quantum computers. And last but not least quantum sensing, that's the the application of again, quantum physics to measure things that were impossible to measure in with such level of quality, of precision than before. So that's very much where we are right now. >> Okay, so I think I missed the first wave of quantum computing Because, okay, but my, our understanding is ones and zeros, they can be both and the qubits aren't that stable, et cetera. But where are we today, Antonio in terms of actually being able to apply quantum computing? I'm inferring from what Vanessa said that we've actually already applied it but has it been more educational or is there actual work going on with quantum? >> Well, at the moment, I mean, typical question is like whether we have a quantum computer or not. I think we do have some quantum computers, some machines that are able to deal with these quantum bits. But of course, this first generation of quantum computers, they have noise, they're imperfect, they don't have many qubits. So we have to understand what we can do with these quantum computers today. Okay, this is science, but also technology working together to solve relevant problems. So at this moment is not clear what we can do with present quantum computers but we also know what we can do with a perfect quantum computer without noise with many quantum bits, with many qubits. And for instance, then we can solve problems that are out of reach for our classical computers. So the typical example is the problem of factorization that is very connected to what Vanessa does in her company. So we have identified problems that can be solved more efficiently with a quantum computer, with a very good quantum computer. People are working to have this very good quantum computer. At the moment, we have some imperfect quantum computers, we have to understand what we can do with these imperfect machines. >> Okay. So for the first wave was, okay, we have it working for a little while so we see the potential. Okay, and we have enough evidence almost like a little experiment. And now it's apply it to actually do some real work. >> Yeah, so now there is interest by companies so because they see a potential there. So they are investing and they're working together with scientists. We have to identify use cases, problems of relevance for all of us. And then once you identify a problem where a quantum computer can help you, try to solve it with existing machines and see if you can get an advantage. So now the community is really obsessed with getting a quantum advantage. So we really hope that we will get a quantum advantage. This, we know we will get it. We eventually have a very good quantum computer. But we want to have it now. And we're working on that. We have some results, there were I would say a bit academic situation in which a quantum advantage was proven. But to be honest with you on a really practical problem, this has not happened yet. But I believe the day that this happens and I mean it will be really a game changing. >> So you mentioned the word efficiency and you talked about the quantum advantage. Is the quantum advantage a qualitative advantage in that it is fundamentally different? Or is it simply a question of greater efficiency, so therefore a quantitative advantage? The example in the world we're used to, think about a card system where you're writing information on a card and putting it into a filing cabinet and then you want to retrieve it. Well, the information's all there, you can retrieve it. Computer system accelerates that process. It's not doing something that is fundamentally different unless you accept that the speed with which these things can be done gives it a separate quality. So how would you characterize that quantum versus non quantum? Is it just so much horse power changes the game or is it fundamentally different? >> Okay, so from a fundamental perspective, quantum physics is qualitatively different from classical physics. I mean, this year the Nobel Prize was given to three experimentalists who made experiments that proved that quantum physics is qualitatively different from classical physics. This is established, I mean, there have been experiments proving that. Now when we discuss about quantum computation, it's more a quantitative difference. So we have problems that you can solve, in principle you can solve with the classical computers but maybe the amount of time you need to solve them is we are talking about centuries and not with your laptop even with a classic super computer, these machines that are huge, where you have a building full of computers there are some problems for which computers take centuries to solve them. So you can say that it's quantitative, but in practice you may even say that it's impossible in practice and it will remain impossible. And now these problems become feasible with a quantum computer. So it's quantitative but almost qualitative I would say. >> Before we get into the problems, 'cause I want to understand some of those examples, but Vanessa, so your role at LuxQuanta is you're applying quantum in the communication sector for security purposes, correct? >> Vanessa: Correct. >> Because everybody talks about how quantum's going to ruin our lives in terms of taking all our passwords and figuring everything out. But can quantum help us defend against quantum and is that what you do? >> That's what we do. So one of the things that Antonio's explaining so our quantum computer will be able to solve in a reasonable amount of time something that today is impossible to solve unless you leave a laptop or super computer working for years. So one of those things is cryptography. So at the end, when use send a message and you want to preserve its confidentiality what you do is you destroy it but following certain rules which means they're using some kind of key and therefore you can send it through a public network which is the case for every communication that we have, we go through the internet and then the receiver is going to be able to reassemble it because they have that private key and nobody else has. So that private key is actually made of computational problems or mathematical problems that are very, very hard. We're talking about 40 years time for a super computer today to be able to hack it. However, we do not have the guarantee that there is already very smart mind that already have potentially the capacity also of a quantum computer even with enough, no millions, but maybe just a few qubits, it's enough to actually hack this cryptography. And there is also the fear that somebody could actually waiting for quantum computing to finally reach out this amazing capacity we harvesting now which means capturing all this confidential information storage in it. So when we are ready to have the power to unlock it and hack it and see what's behind. So we are talking about information as delicate as governmental, citizens information related to health for example, you name it. So what we do is we build a key to encrypt the information but it's not relying on a mathematical problem it's relying on the laws of quantum physics. So I'm going to have a channel that I'm going to pump photons there, light particles of light. And that quantum channel, because of the laws of physics is going to allow to detect somebody trying to sneak in and seeing the key that I'm establishing. If that happens, I will not create a key if it's clean and nobody was there, I'll give you a super key that nobody today or in the future, regardless of their computational power, will be able to hack. >> So it's like super zero trust. >> Super zero trust. >> Okay so but quantum can solve really challenging mathematical problems. If you had a quantum computer could you be a Bitcoin billionaire? >> Not that I know. I think people are, okay, now you move me a bit of my comfort zone. Because I know people have working on that. I don't think there is a lot of progress at least not that I am aware of. Okay, but I mean, in principle you have to understand that our society is based on information and computation. Computers are a key element in our society. And if you have a machine that computes better but much better than our existing machines, this gives you an advantage for many things. I mean, progress is locked by many computational problems we cannot solve. We can want to have better materials better medicines, better drugs. I mean this, you have to solve hard computational problems. If you have machine that gives you machine learning, big data. I mean, if you have a machine that gives you an advantage there, this may be a really real change. I'm not saying that we know how to do these things with a quantum computer. But if we understand how this machine that has been proven more powerful in some context can be adapted to some other context. I mean having a much better computer machine is an advantage. >> When? When are we going to have, you said we don't really have it today, we want it today. Are we five years away, 10 years away? Who's working on this? >> There are already quantum computers are there. It's just that the capacity that they have of right now is the order of a few hundred qubits. So people are, there are already companies harvesting, they're actually the companies that make these computers they're already putting them. People can access to them through the cloud and they can actually run certain algorithms that have been tailor made or translated to the language of a quantum computer to see how that performs there. So some people are already working with them. There is billions of investment across the world being put on different flavors of technologies that can reach to that quantum supremacy that we are talking about. The question though that you're asking is Q day it sounds like doomsday, you know, Q day. So depending on who you talk to, they will give you a different estimation. So some people say, well, 2030 for example but perhaps we could even think that it could be a more aggressive date, maybe 2027. So it is yet to be the final, let's say not that hard deadline but I think that the risk, that it can actually bring is big enough for us to pay attention to this and start preparing for it. So the end times of cryptography that's what quantum is doing is we have a system here that can actually prevent all your communications from being hacked. So if you think also about Q day and you go all the way back. So whatever tools you need to protect yourself from it, you need to deploy them, you need to see how they fit in your organization, evaluate the benefits, learn about it. So that, how close in time does that bring us? Because I believe that the time to start thinking about this is now. >> And it's likely it'll be some type of hybrid that will get us there, hybrid between existing applications. 'Cause you have to rewrite or write new applications and that's going to take some time. But it sounds like you feel like this decade we will see Q day. What probability would you give that? Is it better than 50/50? By 2030 we'll see Q day. >> But I'm optimistic by nature. So yes, I think it's much higher than 50. >> Like how much higher? >> 80, I would say yes. I'm pretty confident. I mean, but what I want to say also usually when I think there is a message here so you have your laptop, okay, in the past I had a Spectrum This is very small computer, it was more or less the same size but this machine is much more powerful. Why? Because we put information on smaller scales. So we always put information in smaller and smaller scale. This is why here you have for the same size, you have much more information because you put on smaller scales. So if you go small and small and small, you'll find the quantum word. So this is unavoidable. So our information devices are going to meet the quantum world and they're going to exploit it. I'm fully convinced about this, maybe not for the quantum computer we're imagining now but they will find it and they will use quantum effects. And also for cryptography, for me, this is unavoidable. >> And you brought the point there are several companies working on that. I mean, I can get quantum computers on in the cloud and Amazon and other suppliers. IBM of course is. >> The underlying technology, there are competing versions of how you actually create these qubits. pins of electrons and all sorts of different things. Does it need to be super cooled or not? >> Vanessa: There we go. >> At a fundamental stage we'd be getting ground. But what is, what does ChatGPT look like when it can leverage the quantum realm? >> Well, okay. >> I Mean are we all out of jobs at that point? Should we all just be planning for? >> No. >> Not you. >> I think all of us real estate in Portugal, should we all be looking? >> No, actually, I mean in machine learning there are some hopes about quantum competition because usually you have to deal with lots of data. And we know that in quantum physics you have a concept that is called superposition. So we, there are some hopes not in concrete yet but we have some hopes that these superpositions may allow you to explore this big data in a more efficient way. One has to if this can be confirmed. But one of the hopes creating this lots of qubits in this superpositions that you will have better artificial intelligence machines but, okay, this is quite science fiction what I'm saying now. >> At this point and when you say superposition, that's in contrast to the ones and zeros that we're used to. So when someone says it could be a one or zero or a one and a zero, that's referencing the concept of superposition. And so if this is great for encryption, doesn't that necessarily mean that bad actors can leverage it in a way that is now unhackable? >> I mean our technologies, again it's impossible to hack because it is the laws of physics what are allowing me to detect an intruder. So that's the beauty of it. It's not something that you're going to have to replace in the future because there will be a triple quantum computer, it is not going to affect us in any way but definitely the more capacity, computational capacity that we see out there in quantum computers in particular but in any other technologies in general, I mean, when we were coming to talk to you guys, Antonio and I, he was the one saying we do not know whether somebody has reached some relevant computational power already with the technologies that we have. And they've been able to hack already current cryptography and then they're not telling us. So it's a bit of, the message is a little bit like a paranoid message, but if you think about security that the amount of millions that means for a private institution know when there is a data breach, we see it every day. And also the amount of information that is relevant for the wellbeing of a country. Can you really put a reasonable amount of paranoid to that? Because I believe that it's worth exploring whatever tool is going to prevent you from putting any of those piece of information at risk. >> Super interesting topic guys. I know you're got to run. Thanks for stopping by theCUBE, it was great to have you on. >> Thank you guys. >> All right, so this is the SiliconANGLE theCUBE's coverage of Mobile World Congress, MWC now 23. We're live at the Fira Check out silicon SiliconANGLE.com and theCUBE.net for all the videos. Be right back, right after this short break. (relaxing music)

hello I'm John Furrier with thecube and welcome to this special presentation of the cube and Horizon 3.ai they're announcing a global partner first approach expanding their successful pen testing product Net Zero you're going to hear from leading experts in their staff their CEO positioning themselves for a successful Channel distribution expansion internationally in Europe Middle East Africa and Asia Pacific in this Cube special presentation you'll hear about the expansion the expanse partner program giving Partners a unique opportunity to offer Net Zero to their customers Innovation and Pen testing is going International with Horizon 3.ai enjoy the program [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're here with Jennifer Lee head of Channel sales at Horizon 3.ai Jennifer welcome to the cube thanks for coming on great well thank you for having me so big news around Horizon 3.aa driving Channel first commitment you guys are expanding the channel partner program to include all kinds of new rewards incentives training programs help educate you know Partners really drive more recurring Revenue certainly cloud and Cloud scale has done that you got a great product that fits into that kind of Channel model great Services you can wrap around it good stuff so let's get into it what are you guys doing what are what are you guys doing with this news why is this so important yeah for sure so um yeah we like you said we recently expanded our Channel partner program um the driving force behind it was really just um to align our like you said our Channel first commitment um and creating awareness around the importance of our partner ecosystems um so that's it's really how we go to market is is through the channel and a great International Focus I've talked with the CEO so you know about the solution and he broke down all the action on why it's important on the product side but why now on the go to market change what's the what's the why behind this big this news on the channel yeah for sure so um we are doing this now really to align our business strategy which is built on the concept of enabling our partners to create a high value high margin business on top of our platform and so um we offer a solution called node zero it provides autonomous pen testing as a service and it allows organizations to continuously verify their security posture um so we our company vision we have this tagline that states that our pen testing enables organizations to see themselves Through The Eyes of an attacker and um we use the like the attacker's perspective to identify exploitable weaknesses and vulnerabilities so we created this partner program from a perspective of the partner so the partner's perspective and we've built It Through The Eyes of our partner right so we're prioritizing really what the partner is looking for and uh will ensure like Mutual success for us yeah the partners always want to get in front of the customers and bring new stuff to them pen tests have traditionally been really expensive uh and so bringing it down in one to a service level that's one affordable and has flexibility to it allows a lot of capability so I imagine people getting excited by it so I have to ask you about the program What specifically are you guys doing can you share any details around what it means for the partners what they get what's in it for them can you just break down some of the mechanics and mechanisms or or details yeah yep um you know we're really looking to create business alignment um and like I said establish Mutual success with our partners so we've got two um two key elements that we were really focused on um that we bring to the partners so the opportunity the profit margin expansion is one of them and um a way for our partners to really differentiate themselves and stay relevant in the market so um we've restructured our discount model really um you know highlighting profitability and maximizing profitability and uh this includes our deal registration we've we've created deal registration program we've increased discount for partners who take part in our partner certification uh trainings and we've we have some other partner incentives uh that we we've created that that's going to help out there we've we put this all so we've recently Gone live with our partner portal um it's a Consolidated experience for our partners where they can access our our sales tools and we really view our partners as an extension of our sales and Technical teams and so we've extended all of our our training material that we use internally we've made it available to our partners through our partner portal um we've um I'm trying I'm thinking now back what else is in that partner portal here we've got our partner certification information so all the content that's delivered during that training can be found in the portal we've got deal registration uh um co-branded marketing materials pipeline management and so um this this portal gives our partners a One-Stop place to to go to find all that information um and then just really quickly on the second part of that that I mentioned is our technology really is um really disruptive to the market so you know like you said autonomous pen testing it's um it's still it's well it's still still relatively new topic uh for security practitioners and um it's proven to be really disruptive so um that on top of um just well recently we found an article that um that mentioned by markets and markets that reports that the global pen testing markets really expanding and so it's expected to grow to like 2.7 billion um by 2027. so the Market's there right the Market's expanding it's growing and so for our partners it's just really allows them to grow their revenue um across their customer base expand their customer base and offering this High profit margin while you know getting in early to Market on this just disruptive technology big Market a lot of opportunities to make some money people love to put more margin on on those deals especially when you can bring a great solution that everyone knows is hard to do so I think that's going to provide a lot of value is there is there a type of partner that you guys see emerging or you aligning with you mentioned the alignment with the partners I can see how that the training and the incentives are all there sounds like it's all going well is there a type of partner that's resonating the most or is there categories of partners that can take advantage of this yeah absolutely so we work with all different kinds of Partners we work with our traditional resale Partners um we've worked we're working with systems integrators we have a really strong MSP mssp program um we've got Consulting partners and the Consulting Partners especially with the ones that offer pen test services so we they use us as a as we act as a force multiplier just really offering them profit margin expansion um opportunity there we've got some technology partner partners that we really work with for co-cell opportunities and then we've got our Cloud Partners um you'd mentioned that earlier and so we are in AWS Marketplace so our ccpo partners we're part of the ISP accelerate program um so we we're doing a lot there with our Cloud partners and um of course we uh we go to market with uh distribution Partners as well gotta love the opportunity for more margin expansion every kind of partner wants to put more gross profit on their deals is there a certification involved I have to ask is there like do you get do people get certified or is it just you get trained is it self-paced training is it in person how are you guys doing the whole training certification thing because is that is that a requirement yeah absolutely so we do offer a certification program and um it's been very popular this includes a a seller's portion and an operator portion and and so um this is at no cost to our partners and um we operate both virtually it's it's law it's virtually but live it's not self-paced and we also have in person um you know sessions as well and we also can customize these to any partners that have a large group of people and we can just we can do one in person or virtual just specifically for that partner well any kind of incentive opportunities and marketing opportunities everyone loves to get the uh get the deals just kind of rolling in leads from what we can see if our early reporting this looks like a hot product price wise service level wise what incentive do you guys thinking about and and Joint marketing you mentioned co-sell earlier in pipeline so I was kind of kind of honing in on that piece sure and yes and then to follow along with our partner certification program we do incentivize our partners there if they have a certain number certified their discount increases so that's part of it we have our deal registration program that increases discount as well um and then we do have some um some partner incentives that are wrapped around meeting setting and um moving moving opportunities along to uh proof of value gotta love the education driving value I have to ask you so you've been around the industry you've seen the channel relationships out there you're seeing companies old school new school you know uh Horizon 3.ai is kind of like that new school very cloud specific a lot of Leverage with we mentioned AWS and all the clouds um why is the company so hot right now why did you join them and what's why are people attracted to this company what's the what's the attraction what's the vibe what do you what do you see and what what do you use what did you see in in this company well this is just you know like I said it's very disruptive um it's really in high demand right now and um and and just because because it's new to Market and uh a newer technology so we are we can collaborate with a manual pen tester um we can you know we can allow our customers to run their pen test um with with no specialty teams and um and and then so we and like you know like I said we can allow our partners can actually build businesses profitable businesses so we can they can use our product to increase their services revenue and um and build their business model you know around around our services what's interesting about the pen test thing is that it's very expensive and time consuming the people who do them are very talented people that could be working on really bigger things in the in absolutely customers so bringing this into the channel allows them if you look at the price Delta between a pen test and then what you guys are offering I mean that's a huge margin Gap between street price of say today's pen test and what you guys offer when you show people that they follow do they say too good to be true I mean what are some of the things that people say when you kind of show them that are they like scratch their head like come on what's the what's the catch here right so the cost savings is a huge is huge for us um and then also you know like I said working as a force multiplier with a pen testing company that offers the services and so they can they can do their their annual manual pen tests that may be required around compliance regulations and then we can we can act as the continuous verification of their security um um you know that that they can run um weekly and so it's just um you know it's just an addition to to what they're offering already and an expansion so Jennifer thanks for coming on thecube really appreciate you uh coming on sharing the insights on the channel uh what's next what can we expect from the channel group what are you thinking what's going on right so we're really looking to expand our our Channel um footprint and um very strategically uh we've got um we've got some big plans um for for Horizon 3.ai awesome well thanks for coming on really appreciate it you're watching thecube the leader in high tech Enterprise coverage [Music] [Music] hello and welcome to the Cube's special presentation with Horizon 3.ai with Raina Richter vice president of emea Europe Middle East and Africa and Asia Pacific APAC for Horizon 3 today welcome to this special Cube presentation thanks for joining us thank you for the invitation so Horizon 3 a guy driving Global expansion big international news with a partner first approach you guys are expanding internationally let's get into it you guys are driving this new expanse partner program to new heights tell us about it what are you seeing in the momentum why the expansion what's all the news about well I would say uh yeah in in international we have I would say a similar similar situation like in the US um there is a global shortage of well-educated penetration testers on the one hand side on the other side um we have a raising demand of uh network and infrastructure security and with our approach of an uh autonomous penetration testing I I believe we are totally on top of the game um especially as we have also now uh starting with an international instance that means for example if a customer in Europe is using uh our service node zero he will be connected to a node zero instance which is located inside the European Union and therefore he has doesn't have to worry about the conflict between the European the gdpr regulations versus the US Cloud act and I would say there we have a total good package for our partners that they can provide differentiators to their customers you know we've had great conversations here on thecube with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company and honestly I can just Connect the Dots here but I'd like you to weigh in more on how that translates into the go to market here because you got great Cloud scale with with the security product you guys are having success with great leverage there I've seen a lot of success there what's the momentum on the channel partner program internationally why is it so important to you is it just the regional segmentation is it the economics why the momentum well there are it's there are multiple issues first of all there is a raising demand in penetration testing um and don't forget that uh in international we have a much higher level in number a number or percentage in SMB and mid-market customers so these customers typically most of them even didn't have a pen test done once a year so for them pen testing was just too expensive now with our offering together with our partners we can provide different uh ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with with a traditional manual paint test so and that is because we have our uh Consulting plus package which is for typically pain testers they can go out and can do a much faster much quicker and their pain test at many customers once in after each other so they can do more pain tests on a lower more attractive price on the other side there are others what even the same ones who are providing um node zero as an mssp service so they can go after s p customers saying okay well you only have a couple of hundred uh IP addresses no worries we have the perfect package for you and then you have let's say the mid Market let's say the thousands and more employees then they might even have an annual subscription very traditional but for all of them it's all the same the customer or the service provider doesn't need a piece of Hardware they only need to install a small piece of a Docker container and that's it and that makes it so so smooth to go in and say okay Mr customer we just put in this this virtual attacker into your network and that's it and and all the rest is done and within within three clicks they are they can act like a pen tester with 20 years of experience and that's going to be very Channel friendly and partner friendly I can almost imagine so I have to ask you and thank you for calling the break calling out that breakdown and and segmentation that was good that was very helpful for me to understand but I want to follow up if you don't mind um what type of partners are you seeing the most traction with and why well I would say at the beginning typically you have the the innovators the early adapters typically Boutique size of Partners they start because they they are always looking for Innovation and those are the ones you they start in the beginning so we have a wide range of Partners having mostly even um managed by the owner of the company so uh they immediately understand okay there is the value and they can change their offering they're changing their offering in terms of penetration testing because they can do more pen tests and they can then add other ones or we have those ones who offer 10 tests services but they did not have their own pen testers so they had to go out on the open market and Source paint testing experts um to get the pen test at a particular customer done and now with node zero they're totally independent they can't go out and say okay Mr customer here's the here's the service that's it we turn it on and within an hour you're up and running totally yeah and those pen tests are usually expensive and hard to do now it's right in line with the sales delivery pretty interesting for a partner absolutely but on the other hand side we are not killing the pain testers business we do something we're providing with no tiers I would call something like the foundation work the foundational work of having an an ongoing penetration testing of the infrastructure the operating system and the pen testers by themselves they can concentrate in the future on things like application pen testing for example so those Services which we we're not touching so we're not killing the paint tester Market we're just taking away the ongoing um let's say foundation work call it that way yeah yeah that was one of my questions I was going to ask is there's a lot of interest in this autonomous pen testing one because it's expensive to do because those skills are required are in need and they're expensive so you kind of cover the entry level and the blockers that are in there I've seen people say to me this pen test becomes a blocker for getting things done so there's been a lot of interest in the autonomous pen testing and for organizations to have that posture and it's an overseas issue too because now you have that that ongoing thing so can you explain that particular benefit for an organization to have that continuously verifying an organization's posture yep certainly so I would say um typically you are you you have to do your patches you have to bring in new versions of operating systems of different Services of uh um operating systems of some components and and they are always bringing new vulnerabilities the difference here is that with node zero we are telling the customer or the partner package we're telling them which are the executable vulnerabilities because previously they might have had um a vulnerability scanner so this vulnerability scanner brought up hundreds or even thousands of cves but didn't say anything about which of them are vulnerable really executable and then you need an expert digging in one cve after the other finding out is it is it really executable yes or no and that is where you need highly paid experts which we have a shortage so with notes here now we can say okay we tell you exactly which ones are the ones you should work on because those are the ones which are executable we rank them accordingly to the risk level how easily they can be used and by a sudden and then the good thing is convert it or indifference to the traditional penetration test they don't have to wait for a year for the next pain test to find out if the fixing was effective they weren't just the next scan and say Yes closed vulnerability is gone the time is really valuable and if you're doing any devops Cloud native you're always pushing new things so pen test ongoing pen testing is actually a benefit just in general as a kind of hygiene so really really interesting solution really bring that global scale is going to be a new new coverage area for us for sure I have to ask you if you don't mind answering what particular region are you focused on or plan to Target for this next phase of growth well at this moment we are concentrating on the countries inside the European Union Plus the United Kingdom um but we are and they are of course logically I'm based into Frankfurt area that means we cover more or less the countries just around so it's like the total dark region Germany Switzerland Austria plus the Netherlands but we also already have Partners in the nordics like in Finland or in Sweden um so it's it's it it's rapidly we have Partners already in the UK and it's rapidly growing so I'm for example we are now starting with some activities in Singapore um um and also in the in the Middle East area um very important we uh depending on let's say the the way how to do business currently we try to concentrate on those countries where we can have um let's say um at least English as an accepted business language great is there any particular region you're having the most success with right now is it sounds like European Union's um kind of first wave what's them yes that's the first definitely that's the first wave and now we're also getting the uh the European instance up and running it's clearly our commitment also to the market saying okay we know there are certain dedicated uh requirements and we take care of this and and we're just launching it we're building up this one uh the instance um in the AWS uh service center here in Frankfurt also with some dedicated Hardware internet in a data center in Frankfurt where we have with the date six by the way uh the highest internet interconnection bandwidth on the planet so we have very short latency to wherever you are on on the globe that's a great that's a great call outfit benefit too I was going to ask that what are some of the benefits your partners are seeing in emea and Asia Pacific well I would say um the the benefits is for them it's clearly they can they can uh talk with customers and can offer customers penetration testing which they before and even didn't think about because it penetrates penetration testing in a traditional way was simply too expensive for them too complex the preparation time was too long um they didn't have even have the capacity uh to um to support a pain an external pain tester now with this service you can go in and say even if they Mr customer we can do a test with you in a couple of minutes within we have installed the docker container within 10 minutes we have the pen test started that's it and then we just wait and and I would say that is we'll we are we are seeing so many aha moments then now because on the partner side when they see node zero the first time working it's like this wow that is great and then they work out to customers and and show it to their typically at the beginning mostly the friendly customers like wow that's great I need that and and I would say um the feedback from the partners is that is a service where I do not have to evangelize the customer everybody understands penetration testing I don't have to say describe what it is they understand the customer understanding immediately yes penetration testing good about that I know I should do it but uh too complex too expensive now with the name is for example as an mssp service provided from one of our partners but it's getting easy yeah it's great and it's great great benefit there I mean I gotta say I'm a huge fan of what you guys are doing I like this continuous automation that's a major benefit to anyone doing devops or any kind of modern application development this is just a godsend for them this is really good and like you said the pen testers that are doing it they were kind of coming down from their expertise to kind of do things that should have been automated they get to focus on the bigger ticket items that's a really big point so we free them we free the pain testers for the higher level elements of the penetration testing segment and that is typically the application testing which is currently far away from being automated yeah and that's where the most critical workloads are and I think this is the nice balance congratulations on the international expansion of the program and thanks for coming on this special presentation really I really appreciate it thank you you're welcome okay this is thecube special presentation you know check out pen test automation International expansion Horizon 3 dot AI uh really Innovative solution in our next segment Chris Hill sector head for strategic accounts will discuss the power of Horizon 3.ai and Splunk in action you're watching the cube the leader in high tech Enterprise coverage foreign [Music] [Music] welcome back everyone to the cube and Horizon 3.ai special presentation I'm John Furrier host of thecube we're with Chris Hill sector head for strategic accounts and federal at Horizon 3.ai a great Innovative company Chris great to see you thanks for coming on thecube yeah like I said uh you know great to meet you John long time listener first time caller so excited to be here with you guys yeah we were talking before camera you had Splunk back in 2013 and I think 2012 was our first splunk.com and boy man you know talk about being in the right place at the right time now we're at another inflection point and Splunk continues to be relevant um and continuing to have that data driving Security in that interplay and your CEO former CTO of his plug as well at Horizon who's been on before really Innovative product you guys have but you know yeah don't wait for a breach to find out if you're logging the right data this is the topic of this thread Splunk is very much part of this new international expansion announcement uh with you guys tell us what are some of the challenges that you see where this is relevant for the Splunk and Horizon AI as you guys expand uh node zero out internationally yeah well so across so you know my role uh within Splunk it was uh working with our most strategic accounts and so I looked back to 2013 and I think about the sales process like working with with our small customers you know it was um it was still very siled back then like I was selling to an I.T team that was either using this for it operations um we generally would always even say yeah although we do security we weren't really designed for it we're a log management tool and we I'm sure you remember back then John we were like sort of stepping into the security space and and the public sector domain that I was in you know security was 70 of what we did when I look back to sort of uh the transformation that I was witnessing in that digital transformation um you know when I look at like 2019 to today you look at how uh the IT team and the security teams are being have been forced to break down those barriers that they used to sort of be silent away would not commute communicate one you know the security guys would be like oh this is my box I.T you're not allowed in today you can't get away with that and I think that the value that we bring to you know and of course Splunk has been a huge leader in that space and continues to do Innovation across the board but I think what we've we're seeing in the space and I was talking with Patrick Coughlin the SVP of uh security markets about this is that you know what we've been able to do with Splunk is build a purpose-built solution that allows Splunk to eat more data so Splunk itself is ulk know it's an ingest engine right the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it but without data it doesn't do anything right so how do you drive and how do you bring more data in and most importantly from a customer perspective how do you bring the right data in and so if you think about what node zero and what we're doing in a horizon 3 is that sure we do pen testing but because we're an autonomous pen testing tool we do it continuously so this whole thought I'd be like oh crud like my customers oh yeah we got a pen test coming up it's gonna be six weeks the week oh yeah you know and everyone's gonna sit on their hands call me back in two months Chris we'll talk to you then right not not a real efficient way to test your environment and shoot we saw that with Uber this week right um you know and that's a case where we could have helped oh just right we could explain the Uber thing because it was a contractor just give a quick highlight of what happened so you can connect the doctor yeah no problem so um it was uh I got I think it was yeah one of those uh you know games where they would try and test an environment um and with the uh pen tester did was he kept on calling them MFA guys being like I need to reset my password we need to set my right password and eventually the um the customer service guy said okay I'm resetting it once he had reset and bypassed the multi-factor authentication he then was able to get in and get access to the building area that he was in or I think not the domain but he was able to gain access to a partial part of that Network he then paralleled over to what I would assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains and So within minutes they had access and that's the sort of stuff that we do you know a lot of these tools like um you know you think about the cacophony of tools that are out there in a GTA architect architecture right I'm gonna get like a z-scale or I'm going to have uh octum and I have a Splunk I've been into the solar system I mean I don't mean to name names we have crowdstriker or Sentinel one in there it's just it's a cacophony of things that don't work together they weren't designed work together and so we have seen so many times in our business through our customer support and just working with customers when we do their pen tests that there will be 5 000 servers out there three are misconfigured those three misconfigurations will create the open door because remember the hacker only needs to be right once the defender needs to be right all the time and that's the challenge and so that's what I'm really passionate about what we're doing uh here at Horizon three I see this my digital transformation migration and security going on which uh we're at the tip of the spear it's why I joined sey Hall coming on this journey uh and just super excited about where the path's going and super excited about the relationship with Splunk I get into more details on some of the specifics of that but um you know well you're nailing I mean we've been doing a lot of things on super cloud and this next gen environment we're calling it next gen you're really seeing devops obviously devsecops has already won the it role has moved to the developer shift left is an indicator of that it's one of the many examples higher velocity code software supply chain you hear these things that means that it is now in the developer hands it is replaced by the new Ops data Ops teams and security where there's a lot of horizontal thinking to your point about access there's no more perimeter huge 100 right is really right on things one time you know to get in there once you're in then you can hang out move around move laterally big problem okay so we get that now the challenges for these teams as they are transitioning organizationally how do they figure out what to do okay this is the next step they already have Splunk so now they're kind of in transition while protecting for a hundred percent ratio of success so how would you look at that and describe the challenge is what do they do what is it what are the teams facing with their data and what's next what are they what are they what action do they take so let's use some vernacular that folks will know so if I think about devsecops right we both know what that means that I'm going to build security into the app it normally talks about sec devops right how am I building security around the perimeter of what's going inside my ecosystem and what are they doing and so if you think about what we're able to do with somebody like Splunk is we can pen test the entire environment from Soup To Nuts right so I'm going to test the end points through to its I'm going to look for misconfigurations I'm going to I'm going to look for um uh credential exposed credentials you know I'm going to look for anything I can in the environment again I'm going to do it at light speed and and what what we're doing for that SEC devops space is to you know did you detect that we were in your environment so did we alert Splunk or the Sim that there's someone in the environment laterally moving around did they more importantly did they log us into their environment and when do they detect that log to trigger that log did they alert on us and then finally most importantly for every CSO out there is going to be did they stop us and so that's how we we do this and I think you when speaking with um stay Hall before you know we've come up with this um boils but we call it fine fix verifying so what we do is we go in is we act as the attacker right we act in a production environment so we're not going to be we're a passive attacker but we will go in on credentialed on agents but we have to assume to have an assumed breach model which means we're going to put a Docker container in your environment and then we're going to fingerprint the environment so we're going to go out and do an asset survey now that's something that's not something that Splunk does super well you know so can Splunk see all the assets do the same assets marry up we're going to log all that data and think and then put load that into this long Sim or the smoke logging tools just to have it in Enterprise right that's an immediate future ad that they've got um and then we've got the fix so once we've completed our pen test um we are then going to generate a report and we can talk about these in a little bit later but the reports will show an executive summary the assets that we found which would be your asset Discovery aspect of that a fix report and the fixed report I think is probably the most important one it will go down and identify what we did how we did it and then how to fix that and then from that the pen tester or the organization should fix those then they go back and run another test and then they validate like a change detection environment to see hey did those fixes taste play take place and you know snehaw when he was the CTO of jsoc he shared with me a number of times about it's like man there would be 15 more items on next week's punch sheet that we didn't know about and it's and it has to do with how we you know how they were uh prioritizing the cves and whatnot because they would take all CBDs it was critical or non-critical and it's like we are able to create context in that environment that feeds better information into Splunk and whatnot that brings that brings up the efficiency for Splunk specifically the teams out there by the way the burnout thing is real I mean this whole I just finished my list and I got 15 more or whatever the list just can keeps growing how did node zero specifically help Splunk teams be more efficient like that's the question I want to get at because this seems like a very scale way for Splunk customers and teams service teams to be more so the question is how does node zero help make Splunk specifically their service teams be more efficient so so today in our early interactions we're building customers we've seen are five things um and I'll start with sort of identifying the blind spots right so kind of what I just talked about with you did we detect did we log did we alert did they stop node zero right and so I would I put that you know a more Layman's third grade term and if I was going to beat a fifth grader at this game would be we can be the sparring partner for a Splunk Enterprise customer a Splunk Essentials customer someone using Splunk soar or even just an Enterprise Splunk customer that may be a small shop with three people and just wants to know where am I exposed so by creating and generating these reports and then having um the API that actually generates the dashboard they can take all of these events that we've logged and log them in and then where that then comes in is number two is how do we prioritize those logs right so how do we create visibility to logs that that um are have critical impacts and again as I mentioned earlier not all cves are high impact regard and also not all or low right so if you daisy chain a bunch of low cves together boom I've got a mission critical AP uh CPE that needs to be fixed now such as a credential moving to an NT box that's got a text file with a bunch of passwords on it that would be very bad um and then third would be uh verifying that you have all of the hosts so one of the things that splunk's not particularly great at and they'll literate themselves they don't do asset Discovery so dude what assets do we see and what are they logging from that um and then for from um for every event that they are able to identify one of the cool things that we can do is actually create this low code no code environment so they could let you know Splunk customers can use Splunk sword to actually triage events and prioritize that event so where they're being routed within it to optimize the Sox team time to Market or time to triage any given event obviously reducing MTR and then finally I think one of the neatest things that we'll be seeing us develop is um our ability to build glass cables so behind me you'll see one of our triage events and how we build uh a Lockheed Martin kill chain on that with a glass table which is very familiar to the community we're going to have the ability and not too distant future to allow people to search observe on those iocs and if people aren't familiar with it ioc it's an instant of a compromise so that's a vector that we want to drill into and of course who's better at Drilling in the data and smoke yeah this is a critter this is an awesome Synergy there I mean I can see a Splunk customer going man this just gives me so much more capability action actionability and also real understanding and I think this is what I want to dig into if you don't mind understanding that critical impact okay is kind of where I see this coming got the data data ingest now data's data but the question is what not to log you know where are things misconfigured these are critical questions so can you talk about what it means to understand critical impact yeah so I think you know going back to the things that I just spoke about a lot of those cves where you'll see um uh low low low and then you daisy chain together and they're suddenly like oh this is high now but then your other impact of like if you're if you're a Splunk customer you know and I had it I had several of them I had one customer that you know terabytes of McAfee data being brought in and it was like all right there's a lot of other data that you probably also want to bring but they could only afford wanted to do certain data sets because that's and they didn't know how to prioritize or filter those data sets and so we provide that opportunity to say hey these are the critical ones to bring in but there's also the ones that you don't necessarily need to bring in because low cve in this case really does mean low cve like an ILO server would be one that um that's the print server uh where the uh your admin credentials are on on like a printer and so there will be credentials on that that's something that a hacker might go in to look at so although the cve on it is low is if you daisy chain with somebody that's able to get into that you might say Ah that's high and we would then potentially rank it giving our AI logic to say that's a moderate so put it on the scale and we prioritize those versus uh of all of these scanners just going to give you a bunch of CDs and good luck and translating that if I if I can and tell me if I'm wrong that kind of speaks to that whole lateral movement that's it challenge right print serve a great example looks stupid low end who's going to want to deal with the print server oh but it's connected into a critical system there's a path is that kind of what you're getting at yeah I use Daisy Chain I think that's from the community they came from uh but it's just a lateral movement it's exactly what they're doing in those low level low critical lateral movements is where the hackers are getting in right so that's the beauty thing about the uh the Uber example is that who would have thought you know I've got my monthly Factor authentication going in a human made a mistake we can't we can't not expect humans to make mistakes we're fallible right the reality is is once they were in the environment they could have protected themselves by running enough pen tests to know that they had certain uh exposed credentials that would have stopped the breach and they did not had not done that in their environment and I'm not poking yeah but it's an interesting Trend though I mean it's obvious if sometimes those low end items are also not protected well so it's easy to get at from a hacker standpoint but also the people in charge of them can be fished easily or spearfished because they're not paying attention because they don't have to no one ever told them hey be careful yeah for the community that I came from John that's exactly how they they would uh meet you at a uh an International Event um introduce themselves as a graduate student these are National actor States uh would you mind reviewing my thesis on such and such and I was at Adobe at the time that I was working on this instead of having to get the PDF they opened the PDF and whoever that customer was launches and I don't know if you remember back in like 2008 time frame there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it and John that's or LinkedIn hey I want to get a joke we want to hire you double the salary oh I'm gonna click on that for sure you know yeah right exactly yeah the one thing I would say to you is like uh when we look at like sort of you know because I think we did 10 000 pen tests last year is it's probably over that now you know we have these sort of top 10 ways that we think and find people coming into the environment the funniest thing is that only one of them is a cve related vulnerability like uh you know you guys know what they are right so it's it but it's it's like two percent of the attacks are occurring through the cves but yeah there's all that attention spent to that and very little attention spent to this pen testing side which is sort of this continuous threat you know monitoring space and and this vulnerability space where I think we play a such an important role and I'm so excited to be a part of the tip of the spear on this one yeah I'm old enough to know the movie sneakers which I loved as a you know watching that movie you know professional hackers are testing testing always testing the environment I love this I got to ask you as we kind of wrap up here Chris if you don't mind the the benefits to Professional Services from this Alliance big news Splunk and you guys work well together we see that clearly what are what other benefits do Professional Services teams see from the Splunk and Horizon 3.ai Alliance so if you're I think for from our our from both of our uh Partners uh as we bring these guys together and many of them already are the same partner right uh is that uh first off the licensing model is probably one of the key areas that we really excel at so if you're an end user you can buy uh for the Enterprise by the number of IP addresses you're using um but uh if you're a partner working with this there's solution ways that you can go in and we'll license as to msps and what that business model on msps looks like but the unique thing that we do here is this C plus license and so the Consulting plus license allows like a uh somebody a small to mid-sized to some very large uh you know Fortune 100 uh consulting firms use this uh by buying into a license called um Consulting plus where they can have unlimited uh access to as many IPS as they want but you can only run one test at a time and as you can imagine when we're going and hacking passwords and um checking hashes and decrypting hashes that can take a while so but for the right customer it's it's a perfect tool and so I I'm so excited about our ability to go to market with uh our partners so that we understand ourselves understand how not to just sell to or not tell just to sell through but we know how to sell with them as a good vendor partner I think that that's one thing that we've done a really good job building bring it into the market yeah I think also the Splunk has had great success how they've enabled uh partners and Professional Services absolutely you know the services that layer on top of Splunk are multi-fold tons of great benefits so you guys Vector right into that ride that way with friction and and the cool thing is that in you know in one of our reports which could be totally customized uh with someone else's logo we're going to generate you know so I I used to work in another organization it wasn't Splunk but we we did uh you know pen testing as for for customers and my pen testers would come on site they'd do the engagement and they would leave and then another release someone would be oh shoot we got another sector that was breached and they'd call you back you know four weeks later and so by August our entire pen testings teams would be sold out and it would be like well even in March maybe and they're like no no I gotta breach now and and and then when they do go in they go through do the pen test and they hand over a PDF and they pack on the back and say there's where your problems are you need to fix it and the reality is that what we're going to generate completely autonomously with no human interaction is we're going to go and find all the permutations of anything we found and the fix for those permutations and then once you've fixed everything you just go back and run another pen test it's you know for what people pay for one pen test they can have a tool that does that every every Pat patch on Tuesday and that's on Wednesday you know triage throughout the week green yellow red I wanted to see the colors show me green green is good right not red and one CIO doesn't want who doesn't want that dashboard right it's it's exactly it and we can help bring I think that you know I'm really excited about helping drive this with the Splunk team because they get that they understand that it's the green yellow red dashboard and and how do we help them find more green uh so that the other guys are in red yeah and get in the data and do the right thing and be efficient with how you use the data know what to look at so many things to pay attention to you know the combination of both and then go to market strategy real brilliant congratulations Chris thanks for coming on and sharing um this news with the detail around the Splunk in action around the alliance thanks for sharing John my pleasure thanks look forward to seeing you soon all right great we'll follow up and do another segment on devops and I.T and security teams as the new new Ops but and super cloud a bunch of other stuff so thanks for coming on and our next segment the CEO of horizon 3.aa will break down all the new news for us here on thecube you're watching thecube the leader in high tech Enterprise coverage [Music] yeah the partner program for us has been fantastic you know I think prior to that you know as most organizations most uh uh most Farmers most mssps might not necessarily have a a bench at all for penetration testing uh maybe they subcontract this work out or maybe they do it themselves but trying to staff that kind of position can be incredibly difficult for us this was a differentiator a a new a new partner a new partnership that allowed us to uh not only perform services for our customers but be able to provide a product by which that they can do it themselves so we work with our customers in a variety of ways some of them want more routine testing and perform this themselves but we're also a certified service provider of horizon 3 being able to perform uh penetration tests uh help review the the data provide color provide analysis for our customers in a broader sense right not necessarily the the black and white elements of you know what was uh what's critical what's high what's medium what's low what you need to fix but are there systemic issues this has allowed us to onboard new customers this has allowed us to migrate some penetration testing services to us from from competitors in the marketplace But ultimately this is occurring because the the product and the outcome are special they're unique and they're effective our customers like what they're seeing they like the routineness of it many of them you know again like doing this themselves you know being able to kind of pen test themselves parts of their networks um and the the new use cases right I'm a large organization I have eight to ten Acquisitions per year wouldn't it be great to have a tool to be able to perform a penetration test both internal and external of that acquisition before we integrate the two companies and maybe bringing on some risk it's a very effective partnership uh one that really is uh kind of taken our our Engineers our account Executives by storm um you know this this is a a partnership that's been very valuable to us [Music] a key part of the value and business model at Horizon 3 is enabling Partners to leverage node zero to make more revenue for themselves our goal is that for sixty percent of our Revenue this year will be originated by partners and that 95 of our Revenue next year will be originated by partners and so a key to that strategy is making us an integral part of your business models as a partner a key quote from one of our partners is that we enable every one of their business units to generate Revenue so let's talk about that in a little bit more detail first is that if you have a pen test Consulting business take Deloitte as an example what was six weeks of human labor at Deloitte per pen test has been cut down to four days of Labor using node zero to conduct reconnaissance find all the juicy interesting areas of the of the Enterprise that are exploitable and being able to go assess the entire organization and then all of those details get served up to the human to be able to look at understand and determine where to probe deeper so what you see in that pen test Consulting business is that node zero becomes a force multiplier where those Consulting teams were able to cover way more accounts and way more IPS within those accounts with the same or fewer consultants and so that directly leads to profit margin expansion for the Penn testing business itself because node 0 is a force multiplier the second business model here is if you're an mssp as an mssp you're already making money providing defensive cyber security operations for a large volume of customers and so what they do is they'll license node zero and use us as an upsell to their mssb business to start to deliver either continuous red teaming continuous verification or purple teaming as a service and so in that particular business model they've got an additional line of Revenue where they can increase the spend of their existing customers by bolting on node 0 as a purple team as a service offering the third business model or customer type is if you're an I.T services provider so as an I.T services provider you make money installing and configuring security products like Splunk or crowdstrike or hemio you also make money reselling those products and you also make money generating follow-on services to continue to harden your customer environments and so for them what what those it service providers will do is use us to verify that they've installed Splunk correctly improved to their customer that Splunk was installed correctly or crowdstrike was installed correctly using our results and then use our results to drive follow-on services and revenue and then finally we've got the value-added reseller which is just a straight up reseller because of how fast our sales Cycles are these vars are able to typically go from cold email to deal close in six to eight weeks at Horizon 3 at least a single sales engineer is able to run 30 to 50 pocs concurrently because our pocs are very lightweight and don't require any on-prem customization or heavy pre-sales post sales activity so as a result we're able to have a few amount of sellers driving a lot of Revenue and volume for us well the same thing applies to bars there isn't a lot of effort to sell the product or prove its value so vars are able to sell a lot more Horizon 3 node zero product without having to build up a huge specialist sales organization so what I'm going to do is talk through uh scenario three here as an I.T service provider and just how powerful node zero can be in driving additional Revenue so in here think of for every one dollar of node zero license purchased by the IT service provider to do their business it'll generate ten dollars of additional revenue for that partner so in this example kidney group uses node 0 to verify that they have installed and deployed Splunk correctly so Kitty group is a Splunk partner they they sell it services to install configure deploy and maintain Splunk and as they deploy Splunk they're going to use node 0 to attack the environment and make sure that the right logs and alerts and monitoring are being handled within the Splunk deployment so it's a way of doing QA or verifying that Splunk has been configured correctly and that's going to be internally used by kidney group to prove the quality of their services that they've just delivered then what they're going to do is they're going to show and leave behind that node zero Report with their client and that creates a resell opportunity for for kidney group to resell node 0 to their client because their client is seeing the reports and the results and saying wow this is pretty amazing and those reports can be co-branded where it's a pen testing report branded with kidney group but it says powered by Horizon three under it from there kidney group is able to take the fixed actions report that's automatically generated with every pen test through node zero and they're able to use that as the starting point for a statement of work to sell follow-on services to fix all of the problems that node zero identified fixing l11r misconfigurations fixing or patching VMware or updating credentials policies and so on so what happens is node 0 has found a bunch of problems the client often lacks the capacity to fix and so kidney group can use that lack of capacity by the client as a follow-on sales opportunity for follow-on services and finally based on the findings from node zero kidney group can look at that report and say to the customer you know customer if you bought crowdstrike you'd be able to uh prevent node Zero from attacking and succeeding in the way that it did for if you bought humano or if you bought Palo Alto networks or if you bought uh some privileged access management solution because of what node 0 was able to do with credential harvesting and attacks and so as a result kidney group is able to resell other security products within their portfolio crowdstrike Falcon humano Polito networks demisto Phantom and so on based on the gaps that were identified by node zero and that pen test and what that creates is another feedback loop where kidney group will then go use node 0 to verify that crowdstrike product has actually been installed and configured correctly and then this becomes the cycle of using node 0 to verify a deployment using that verification to drive a bunch of follow-on services and resell opportunities which then further drives more usage of the product now the way that we licensed is that it's a usage-based license licensing model so that the partner will grow their node zero Consulting plus license as they grow their business so for example if you're a kidney group then week one you've got you're going to use node zero to verify your Splunk install in week two if you have a pen testing business you're going to go off and use node zero to be a force multiplier for your pen testing uh client opportunity and then if you have an mssp business then in week three you're going to use node zero to go execute a purple team mssp offering for your clients so not necessarily a kidney group but if you're a Deloitte or ATT these larger companies and you've got multiple lines of business if you're Optive for instance you all you have to do is buy one Consulting plus license and you're going to be able to run as many pen tests as you want sequentially so now you can buy a single license and use that one license to meet your week one client commitments and then meet your week two and then meet your week three and as you grow your business you start to run multiple pen tests concurrently so in week one you've got to do a Splunk verify uh verify Splunk install and you've got to run a pen test and you've got to do a purple team opportunity you just simply expand the number of Consulting plus licenses from one license to three licenses and so now as you systematically grow your business you're able to grow your node zero capacity with you giving you predictable cogs predictable margins and once again 10x additional Revenue opportunity for that investment in the node zero Consulting plus license my name is Saint I'm the co-founder and CEO here at Horizon 3. I'm going to talk to you today about why it's important to look at your Enterprise Through The Eyes of an attacker the challenge I had when I was a CIO in banking the CTO at Splunk and serving within the Department of Defense is that I had no idea I was Secure until the bad guys had showed up am I logging the right data am I fixing the right vulnerabilities are my security tools that I've paid millions of dollars for actually working together to defend me and the answer is I don't know does my team actually know how to respond to a breach in the middle of an incident I don't know I've got to wait for the bad guys to show up and so the challenge I had was how do we proactively verify our security posture I tried a variety of techniques the first was the use of vulnerability scanners and the challenge with vulnerability scanners is being vulnerable doesn't mean you're exploitable I might have a hundred thousand findings from my scanner of which maybe five or ten can actually be exploited in my environment the other big problem with scanners is that they can't chain weaknesses together from machine to machine so if you've got a thousand machines in your environment or more what a vulnerability scanner will do is tell you you have a problem on machine one and separately a problem on machine two but what they can tell you is that an attacker could use a load from machine one plus a low from machine two to equal to critical in your environment and what attackers do in their tactics is they chain together misconfigurations dangerous product defaults harvested credentials and exploitable vulnerabilities into attack paths across different machines so to address the attack pads across different machines I tried layering in consulting-based pen testing and the issue is when you've got thousands of hosts or hundreds of thousands of hosts in your environment human-based pen testing simply doesn't scale to test an infrastructure of that size moreover when they actually do execute a pen test and you get the report oftentimes you lack the expertise within your team to quickly retest to verify that you've actually fixed the problem and so what happens is you end up with these pen test reports that are incomplete snapshots and quickly going stale and then to mitigate that problem I tried using breach and attack simulation tools and the struggle with these tools is one I had to install credentialed agents everywhere two I had to write my own custom attack scripts that I didn't have much talent for but also I had to maintain as my environment changed and then three these types of tools were not safe to run against production systems which was the the majority of my attack surface so that's why we went off to start Horizon 3. so Tony and I met when we were in Special Operations together and the challenge we wanted to solve was how do we do infrastructure security testing at scale by giving the the power of a 20-year pen testing veteran into the hands of an I.T admin a network engineer in just three clicks and the whole idea is we enable these fixers The Blue Team to be able to run node Zero Hour pen testing product to quickly find problems in their environment that blue team will then then go off and fix the issues that were found and then they can quickly rerun the attack to verify that they fixed the problem and the whole idea is delivering this without requiring custom scripts be developed without requiring credential agents be installed and without requiring the use of external third-party consulting services or Professional Services self-service pen testing to quickly Drive find fix verify there are three primary use cases that our customers use us for the first is the sock manager that uses us to verify that their security tools are actually effective to verify that they're logging the right data in Splunk or in their Sim to verify that their managed security services provider is able to quickly detect and respond to an attack and hold them accountable for their slas or that the sock understands how to quickly detect and respond and measuring and verifying that or that the variety of tools that you have in your stack most organizations have 130 plus cyber security tools none of which are designed to work together are actually working together the second primary use case is proactively hardening and verifying your systems this is when the I that it admin that network engineer they're able to run self-service pen tests to verify that their Cisco environment is installed in hardened and configured correctly or that their credential policies are set up right or that their vcenter or web sphere or kubernetes environments are actually designed to be secure and what this allows the it admins and network Engineers to do is shift from running one or two pen tests a year to 30 40 or more pen tests a month and you can actually wire those pen tests into your devops process or into your detection engineering and the change management processes to automatically trigger pen tests every time there's a change in your environment the third primary use case is for those organizations lucky enough to have their own internal red team they'll use node zero to do reconnaissance and exploitation at scale and then use the output as a starting point for the humans to step in and focus on the really hard juicy stuff that gets them on stage at Defcon and so these are the three primary use cases and what we'll do is zoom into the find fix verify Loop because what I've found in my experience is find fix verify is the future operating model for cyber security organizations and what I mean here is in the find using continuous pen testing what you want to enable is on-demand self-service pen tests you want those pen tests to find attack pads at scale spanning your on-prem infrastructure your Cloud infrastructure and your perimeter because attackers don't only state in one place they will find ways to chain together a perimeter breach a credential from your on-prem to gain access to your cloud or some other permutation and then the third part in continuous pen testing is attackers don't focus on critical vulnerabilities anymore they know we've built vulnerability Management Programs to reduce those vulnerabilities so attackers have adapted and what they do is chain together misconfigurations in your infrastructure and software and applications with dangerous product defaults with exploitable vulnerabilities and through the collection of credentials through a mix of techniques at scale once you've found those problems the next question is what do you do about it well you want to be able to prioritize fixing problems that are actually exploitable in your environment that truly matter meaning they're going to lead to domain compromise or domain user compromise or access your sensitive data the second thing you want to fix is making sure you understand what risk your crown jewels data is exposed to where is your crown jewels data is in the cloud is it on-prem has it been copied to a share drive that you weren't aware of if a domain user was compromised could they access that crown jewels data you want to be able to use the attacker's perspective to secure the critical data you have in your infrastructure and then finally as you fix these problems you want to quickly remediate and retest that you've actually fixed the issue and this fine fix verify cycle becomes that accelerator that drives purple team culture the third part here is verify and what you want to be able to do in the verify step is verify that your security tools and processes in people can effectively detect and respond to a breach you want to be able to integrate that into your detection engineering processes so that you know you're catching the right security rules or that you've deployed the right configurations you also want to make sure that your environment is adhering to the best practices around systems hardening in cyber resilience and finally you want to be able to prove your security posture over a time to your board to your leadership into your regulators so what I'll do now is zoom into each of these three steps so when we zoom in to find here's the first example using node 0 and autonomous pen testing and what an attacker will do is find a way to break through the perimeter in this example it's very easy to misconfigure kubernetes to allow an attacker to gain remote code execution into your on-prem kubernetes environment and break through the perimeter and from there what the attacker is going to do is conduct Network reconnaissance and then find ways to gain code execution on other machines in the environment and as they get code execution they start to dump credentials collect a bunch of ntlm hashes crack those hashes using open source and dark web available data as part of those attacks and then reuse those credentials to log in and laterally maneuver throughout the environment and then as they loudly maneuver they can reuse those credentials and use credential spraying techniques and so on to compromise your business email to log in as admin into your cloud and this is a very common attack and rarely is a CV actually needed to execute this attack often it's just a misconfiguration in kubernetes with a bad credential policy or password policy combined with bad practices of credential reuse across the organization here's another example of an internal pen test and this is from an actual customer they had 5 000 hosts within their environment they had EDR and uba tools installed and they initiated in an internal pen test on a single machine from that single initial access point node zero enumerated the network conducted reconnaissance and found five thousand hosts were accessible what node 0 will do under the covers is organize all of that reconnaissance data into a knowledge graph that we call the Cyber terrain map and that cyber Terrain map becomes the key data structure that we use to efficiently maneuver and attack and compromise your environment so what node zero will do is they'll try to find ways to get code execution reuse credentials and so on in this customer example they had Fortinet installed as their EDR but node 0 was still able to get code execution on a Windows machine from there it was able to successfully dump credentials including sensitive credentials from the lsas process on the Windows box and then reuse those credentials to log in as domain admin in the network and once an attacker becomes domain admin they have the keys to the kingdom they can do anything they want so what happened here well it turns out Fortinet was misconfigured on three out of 5000 machines bad automation the customer had no idea this had happened they would have had to wait for an attacker to show up to realize that it was misconfigured the second thing is well why didn't Fortinet stop the credential pivot in the lateral movement and it turned out the customer didn't buy the right modules or turn on the right services within that particular product and we see this not only with Ford in it but we see this with Trend Micro and all the other defensive tools where it's very easy to miss a checkbox in the configuration that will do things like prevent credential dumping the next story I'll tell you is attackers don't have to hack in they log in so another infrastructure pen test a typical technique attackers will take is man in the middle uh attacks that will collect hashes so in this case what an attacker will do is leverage a tool or technique called responder to collect ntlm hashes that are being passed around the network and there's a variety of reasons why these hashes are passed around and it's a pretty common misconfiguration but as an attacker collects those hashes then they start to apply techniques to crack those hashes so they'll pass the hash and from there they will use open source intelligence common password structures and patterns and other types of techniques to try to crack those hashes into clear text passwords so here node 0 automatically collected hashes it automatically passed the hashes to crack those credentials and then from there it starts to take the domain user user ID passwords that it's collected and tries to access different services and systems in your Enterprise in this case node 0 is able to successfully gain access to the Office 365 email environment because three employees didn't have MFA configured so now what happens is node 0 has a placement and access in the business email system which sets up the conditions for fraud lateral phishing and other techniques but what's especially insightful here is that 80 of the hashes that were collected in this pen test were cracked in 15 minutes or less 80 percent 26 of the user accounts had a password that followed a pretty obvious pattern first initial last initial and four random digits the other thing that was interesting is 10 percent of service accounts had their user ID the same as their password so VMware admin VMware admin web sphere admin web Square admin so on and so forth and so attackers don't have to hack in they just log in with credentials that they've collected the next story here is becoming WS AWS admin so in this example once again internal pen test node zero gets initial access it discovers 2 000 hosts are network reachable from that environment if fingerprints and organizes all of that data into a cyber Terrain map from there it it fingerprints that hpilo the integrated lights out service was running on a subset of hosts hpilo is a service that is often not instrumented or observed by security teams nor is it easy to patch as a result attackers know this and immediately go after those types of services so in this case that ILO service was exploitable and were able to get code execution on it ILO stores all the user IDs and passwords in clear text in a particular set of processes so once we gain code execution we were able to dump all of the credentials and then from there laterally maneuver to log in to the windows box next door as admin and then on that admin box we're able to gain access to the share drives and we found a credentials file saved on a share Drive from there it turned out that credentials file was the AWS admin credentials file giving us full admin authority to their AWS accounts not a single security alert was triggered in this attack because the customer wasn't observing the ILO service and every step thereafter was a valid login in the environment and so what do you do step one patch the server step two delete the credentials file from the share drive and then step three is get better instrumentation on privileged access users and login the final story I'll tell is a typical pattern that we see across the board with that combines the various techniques I've described together where an attacker is going to go off and use open source intelligence to find all of the employees that work at your company from there they're going to look up those employees on dark web breach databases and other forms of information and then use that as a starting point to password spray to compromise a domain user all it takes is one employee to reuse a breached password for their Corporate email or all it takes is a single employee to have a weak password that's easily guessable all it takes is one and once the attacker is able to gain domain user access in most shops domain user is also the local admin on their laptop and once your local admin you can dump Sam and get local admin until M hashes you can use that to reuse credentials again local admin on neighboring machines and attackers will start to rinse and repeat then eventually they're able to get to a point where they can dump lsas or by unhooking the anti-virus defeating the EDR or finding a misconfigured EDR as we've talked about earlier to compromise the domain and what's consistent is that the fundamentals are broken at these shops they have poor password policies they don't have least access privilege implemented active directory groups are too permissive where domain admin or domain user is also the local admin uh AV or EDR Solutions are misconfigured or easily unhooked and so on and what we found in 10 000 pen tests is that user Behavior analytics tools never caught us in that lateral movement in part because those tools require pristine logging data in order to work and also it becomes very difficult to find that Baseline of normal usage versus abnormal usage of credential login another interesting Insight is there were several Marquee brand name mssps that were defending our customers environment and for them it took seven hours to detect and respond to the pen test seven hours the pen test was over in less than two hours and so what you had was an egregious violation of the service level agreements that that mssp had in place and the customer was able to use us to get service credit and drive accountability of their sock and of their provider the third interesting thing is in one case it took us seven minutes to become domain admin in a bank that bank had every Gucci security tool you could buy yet in 7 minutes and 19 seconds node zero started as an unauthenticated member of the network and was able to escalate privileges through chaining and misconfigurations in lateral movement and so on to become domain admin if it's seven minutes today we should assume it'll be less than a minute a year or two from now making it very difficult for humans to be able to detect and respond to that type of Blitzkrieg attack so that's in the find it's not just about finding problems though the bulk of the effort should be what to do about it the fix and the verify so as you find those problems back to kubernetes as an example we will show you the path here is the kill chain we took to compromise that environment we'll show you the impact here is the impact or here's the the proof of exploitation that we were able to use to be able to compromise it and there's the actual command that we executed so you could copy and paste that command and compromise that cubelet yourself if you want and then the impact is we got code execution and we'll actually show you here is the impact this is a critical here's why it enabled perimeter breach affected applications will tell you the specific IPS where you've got the problem how it maps to the miter attack framework and then we'll tell you exactly how to fix it we'll also show you what this problem enabled so you can accurately prioritize why this is important or why it's not important the next part is accurate prioritization the hardest part of my job as a CIO was deciding what not to fix so if you take SMB signing not required as an example by default that CVSs score is a one out of 10. but this misconfiguration is not a cve it's a misconfig enable an attacker to gain access to 19 credentials including one domain admin two local admins and access to a ton of data because of that context this is really a 10 out of 10. you better fix this as soon as possible however of the seven occurrences that we found it's only a critical in three out of the seven and these are the three specific machines and we'll tell you the exact way to fix it and you better fix these as soon as possible for these four machines over here these didn't allow us to do anything of consequence so that because the hardest part is deciding what not to fix you can justifiably choose not to fix these four issues right now and just add them to your backlog and surge your team to fix these three as quickly as possible and then once you fix these three you don't have to re-run the entire pen test you can select these three and then one click verify and run a very narrowly scoped pen test that is only testing this specific issue and what that creates is a much faster cycle of finding and fixing problems the other part of fixing is verifying that you don't have sensitive data at risk so once we become a domain user we're able to use those domain user credentials and try to gain access to databases file shares S3 buckets git repos and so on and help you understand what sensitive data you have at risk so in this example a green checkbox means we logged in as a valid domain user we're able to get read write access on the database this is how many records we could have accessed and we don't actually look at the values in the database but we'll show you the schema so you can quickly characterize that pii data was at risk here and we'll do that for your file shares and other sources of data so now you can accurately articulate the data you have at risk and prioritize cleaning that data up especially data that will lead to a fine or a big news issue so that's the find that's the fix now we're going to talk about the verify the key part in verify is embracing and integrating with detection engineering practices so when you think about your layers of security tools you've got lots of tools in place on average 130 tools at any given customer but these tools were not designed to work together so when you run a pen test what you want to do is say did you detect us did you log us did you alert on us did you stop us and from there what you want to see is okay what are the techniques that are commonly used to defeat an environment to actually compromise if you look at the top 10 techniques we use and there's far more than just these 10 but these are the most often executed nine out of ten have nothing to do with cves it has to do with misconfigurations dangerous product defaults bad credential policies and it's how we chain those together to become a domain admin or compromise a host so what what customers will do is every single attacker command we executed is provided to you as an attackivity log so you can actually see every single attacker command we ran the time stamp it was executed the hosts it executed on and how it Maps the minor attack tactics so our customers will have are these attacker logs on one screen and then they'll go look into Splunk or exabeam or Sentinel one or crowdstrike and say did you detect us did you log us did you alert on us or not and to make that even easier if you take this example hey Splunk what logs did you see at this time on the VMware host because that's when node 0 is able to dump credentials and that allows you to identify and fix your logging blind spots to make that easier we've got app integration so this is an actual Splunk app in the Splunk App Store and what you can come is inside the Splunk console itself you can fire up the Horizon 3 node 0 app all of the pen test results are here so that you can see all of the results in one place and you don't have to jump out of the tool and what you'll show you as I skip forward is hey there's a pen test here are the critical issues that we've identified for that weaker default issue here are the exact commands we executed and then we will automatically query into Splunk all all terms on between these times on that endpoint that relate to this attack so you can now quickly within the Splunk environment itself figure out that you're missing logs or that you're appropriately catching this issue and that becomes incredibly important in that detection engineering cycle that I mentioned earlier so how do our customers end up using us they shift from running one pen test a year to 30 40 pen tests a month oftentimes wiring us into their deployment automation to automatically run pen tests the other part that they'll do is as they run more pen tests they find more issues but eventually they hit this inflection point where they're able to rapidly clean up their environment and that inflection point is because the red and the blue teams start working together in a purple team culture and now they're working together to proactively harden their environment the other thing our customers will do is run us from different perspectives they'll first start running an RFC 1918 scope to see once the attacker gained initial access in a part of the network that had wide access what could they do and then from there they'll run us within a specific Network segment okay from within that segment could the attacker break out and gain access to another segment then they'll run us from their work from home environment could they Traverse the VPN and do something damaging and once they're in could they Traverse the VPN and get into my cloud then they'll break in from the outside all of these perspectives are available to you in Horizon 3 and node zero as a single SKU and you can run as many pen tests as you want if you run a phishing campaign and find that an intern in the finance department had the worst phishing behavior you can then inject their credentials and actually show the end-to-end story of how an attacker fished gained credentials of an intern and use that to gain access to sensitive financial data so what our customers end up doing is running multiple attacks from multiple perspectives and looking at those results over time I'll leave you two things one is what is the AI in Horizon 3 AI those knowledge graphs are the heart and soul of everything that we do and we use machine learning reinforcement techniques reinforcement learning techniques Markov decision models and so on to be able to efficiently maneuver and analyze the paths in those really large graphs we also use context-based scoring to prioritize weaknesses and we're also able to drive collective intelligence across all of the operations so the more pen tests we run the smarter we get and all of that is based on our knowledge graph analytics infrastructure that we have finally I'll leave you with this was my decision criteria when I was a buyer for my security testing strategy what I cared about was coverage I wanted to be able to assess my on-prem cloud perimeter and work from home and be safe to run in production I want to be able to do that as often as I wanted I want to be able to run pen tests in hours or days not weeks or months so I could accelerate that fine fix verify loop I wanted my it admins and network Engineers with limited offensive experience to be able to run a pen test in a few clicks through a self-service experience and not have to install agent and not have to write custom scripts and finally I didn't want to get nickeled and dimed on having to buy different types of attack modules or different types of attacks I wanted a single annual subscription that allowed me to run any type of attack as often as I wanted so I could look at my Trends in directions over time so I hope you found this talk valuable uh we're easy to find and I look forward to seeing seeing you use a product and letting our results do the talking when you look at uh you know kind of the way no our pen testing algorithms work is we dynamically select uh how to compromise an environment based on what we've discovered and the goal is to become a domain admin compromise a host compromise domain users find ways to encrypt data steal sensitive data and so on but when you look at the the top 10 techniques that we ended up uh using to compromise environments the first nine have nothing to do with cves and that's the reality cves are yes a vector but less than two percent of cves are actually used in a compromise oftentimes it's some sort of credential collection credential cracking uh credential pivoting and using that to become an admin and then uh compromising environments from that point on so I'll leave this up for you to kind of read through and you'll have the slides available for you but I found it very insightful that organizations and ourselves when I was a GE included invested heavily in just standard vulnerability Management Programs when I was at DOD that's all disa cared about asking us about was our our kind of our cve posture but the attackers have adapted to not rely on cves to get in because they know that organizations are actively looking at and patching those cves and instead they're chaining together credentials from one place with misconfigurations and dangerous product defaults in another to take over an environment a concrete example is by default vcenter backups are not encrypted and so as if an attacker finds vcenter what they'll do is find the backup location and there are specific V sender MTD files where the admin credentials are parsippled in the binaries so you can actually as an attacker find the right MTD file parse out the binary and now you've got the admin credentials for the vcenter environment and now start to log in as admin there's a bad habit by signal officers and Signal practitioners in the in the Army and elsewhere where the the VM notes section of a virtual image has the password for the VM well those VM notes are not stored encrypted and attackers know this and they're able to go off and find the VMS that are unencrypted find the note section and pull out the passwords for those images and then reuse those credentials across the board so I'll pause here and uh you know Patrick love you get some some commentary on on these techniques and other things that you've seen and what we'll do in the last say 10 to 15 minutes is uh is rolled through a little bit more on what do you do about it yeah yeah no I love it I think um I think this is pretty exhaustive what I like about what you've done here is uh you know we've seen we've seen double-digit increases in the number of organizations that are reporting actual breaches year over year for the last um for the last three years and it's often we kind of in the Zeitgeist we pegged that on ransomware which of course is like incredibly important and very top of mind um but what I like about what you have here is you know we're reminding the audience that the the attack surface area the vectors the matter um you know has to be more comprehensive than just thinking about ransomware scenarios yeah right on um so let's build on this when you think about your defense in depth you've got multiple security controls that you've purchased and integrated and you've got that redundancy if a control fails but the reality is that these security tools aren't designed to work together so when you run a pen test what you want to ask yourself is did you detect node zero did you log node zero did you alert on node zero and did you stop node zero and when you think about how to do that every single attacker command executed by node zero is available in an attacker log so you can now see you know at the bottom here vcenter um exploit at that time on that IP how it aligns to minor attack what you want to be able to do is go figure out did your security tools catch this or not and that becomes very important in using the attacker's perspective to improve your defensive security controls and so the way we've tried to make this easier back to like my my my the you know I bleed Green in many ways still from my smoke background is you want to be able to and what our customers do is hey we'll look at the attacker logs on one screen and they'll look at what did Splunk see or Miss in another screen and then they'll use that to figure out what their logging blind spots are and what that where that becomes really interesting is we've actually built out an integration into Splunk where there's a Splunk app you can download off of Splunk base and you'll get all of the pen test results right there in the Splunk console and from that Splunk console you're gonna be able to see these are all the pen tests that were run these are the issues that were found um so you can look at that particular pen test here are all of the weaknesses that were identified for that particular pen test and how they categorize out for each of those weaknesses you can click on any one of them that are critical in this case and then we'll tell you for that weakness and this is where where the the punch line comes in so I'll pause the video here for that weakness these are the commands that were executed on these endpoints at this time and then we'll actually query Splunk for that um for that IP address or containing that IP and these are the source types that surface any sort of activity so what we try to do is help you as quickly and efficiently as possible identify the logging blind spots in your Splunk environment based on the attacker's perspective so as this video kind of plays through you can see it Patrick I'd love to get your thoughts um just seeing so many Splunk deployments and the effectiveness of those deployments and and how this is going to help really Elevate the effectiveness of all of your Splunk customers yeah I'm super excited about this I mean I think this these kinds of purpose-built integration snail really move the needle for our customers I mean at the end of the day when I think about the power of Splunk I think about a product I was first introduced to 12 years ago that was an on-prem piece of software you know and at the time it sold on sort of Perpetual and term licenses but one made it special was that it could it could it could eat data at a speed that nothing else that I'd have ever seen you can ingest massively scalable amounts of data uh did cool things like schema on read which facilitated that there was this language called SPL that you could nerd out about uh and you went to a conference once a year and you talked about all the cool things you were splunking right but now as we think about the next phase of our growth um we live in a heterogeneous environment where our customers have so many different tools and data sources that are ever expanding and as you look at the as you look at the role of the ciso it's mind-blowing to me the amount of sources Services apps that are coming into the ciso span of let's just call it a span of influence in the last three years uh you know we're seeing things like infrastructure service level visibility application performance monitoring stuff that just never made sense for the security team to have visibility into you um at least not at the size and scale which we're demanding today um and and that's different and this isn't this is why it's so important that we have these joint purpose-built Integrations that um really provide more prescription to our customers about how do they walk on that Journey towards maturity what does zero to one look like what does one to two look like whereas you know 10 years ago customers were happy with platforms today they want integration they want Solutions and they want to drive outcomes and I think this is a great example of how together we are stepping to the evolving nature of the market and also the ever-evolving nature of the threat landscape and what I would say is the maturing needs of the customer in that environment yeah for sure I think especially if if we all anticipate budget pressure over the next 18 months due to the economy and elsewhere while the security budgets are not going to ever I don't think they're going to get cut they're not going to grow as fast and there's a lot more pressure on organizations to extract more value from their existing Investments as well as extracting more value and more impact from their existing teams and so security Effectiveness Fierce prioritization and automation I think become the three key themes of security uh over the next 18 months so I'll do very quickly is run through a few other use cases um every host that we identified in the pen test were able to score and say this host allowed us to do something significant therefore it's it's really critical you should be increasing your logging here hey these hosts down here we couldn't really do anything as an attacker so if you do have to make trade-offs you can make some trade-offs of your logging resolution at the lower end in order to increase logging resolution on the upper end so you've got that level of of um justification for where to increase or or adjust your logging resolution another example is every host we've discovered as an attacker we Expose and you can export and we want to make sure is every host we found as an attacker is being ingested from a Splunk standpoint a big issue I had as a CIO and user of Splunk and other tools is I had no idea if there were Rogue Raspberry Pi's on the network or if a new box was installed and whether Splunk was installed on it or not so now you can quickly start to correlate what hosts did we see and how does that reconcile with what you're logging from uh finally or second to last use case here on the Splunk integration side is for every single problem we've found we give multiple options for how to fix it this becomes a great way to prioritize what fixed actions to automate in your soar platform and what we want to get to eventually is being able to automatically trigger soar actions to fix well-known problems like automatically invalidating passwords for for poor poor passwords in our credentials amongst a whole bunch of other things we could go off and do and then finally if there is a well-known kill chain or attack path one of the things I really wish I could have done when I was a Splunk customer was take this type of kill chain that actually shows a path to domain admin that I'm sincerely worried about and use it as a glass table over which I could start to layer possible indicators of compromise and now you've got a great starting point for glass tables and iocs for actual kill chains that we know are exploitable in your environment and that becomes some super cool Integrations that we've got on the roadmap between us and the Splunk security side of the house so what I'll leave with actually Patrick before I do that you know um love to get your comments and then I'll I'll kind of leave with one last slide on this wartime security mindset uh pending you know assuming there's no other questions no I love it I mean I think this kind of um it's kind of glass table's approach to how do you how do you sort of visualize these workflows and then use things like sore and orchestration and automation to operationalize them is exactly where we see all of our customers going and getting away from I think an over engineered approach to soar with where it has to be super technical heavy with you know python programmers and getting more to this visual view of workflow creation um that really demystifies the power of Automation and also democratizes it so you don't have to have these programming languages in your resume in order to start really moving the needle on workflow creation policy enforcement and ultimately driving automation coverage across more and more of the workflows that your team is seeing yeah I think that between us being able to visualize the actual kill chain or attack path with you know think of a of uh the soar Market I think going towards this no code low code um you know configurable sore versus coded sore that's going to really be a game changer in improve or giving security teams a force multiplier so what I'll leave you with is this peacetime mindset of security no longer is sustainable we really have to get out of checking the box and then waiting for the bad guys to show up to verify that security tools are are working or not and the reason why we've got to really do that quickly is there are over a thousand companies that withdrew from the Russian economy over the past uh nine months due to the Ukrainian War there you should expect every one of them to be punished by the Russians for leaving and punished from a cyber standpoint and this is no longer about financial extortion that is ransomware this is about punishing and destroying companies and you can punish any one of these companies by going after them directly or by going after their suppliers and their Distributors so suddenly your attack surface is no more no longer just your own Enterprise it's how you bring your goods to Market and it's how you get your goods created because while I may not be able to disrupt your ability to harvest fruit if I can get those trucks stuck at the border I can increase spoilage and have the same effect and what we should expect to see is this idea of cyber-enabled economic Warfare where if we issue a sanction like Banning the Russians from traveling there is a cyber-enabled counter punch which is corrupt and destroy the American Airlines database that is below the threshold of War that's not going to trigger the 82nd Airborne to be mobilized but it's going to achieve the right effect ban the sale of luxury goods disrupt the supply chain and create shortages banned Russian oil and gas attack refineries to call a 10x spike in gas prices three days before the election this is the future and therefore I think what we have to do is shift towards a wartime mindset which is don't trust your security posture verify it see yourself Through The Eyes of the attacker build that incident response muscle memory and drive better collaboration between the red and the blue teams your suppliers and Distributors and your information uh sharing organization they have in place and what's really valuable for me as a Splunk customer was when a router crashes at that moment you don't know if it's due to an I.T Administration problem or an attacker and what you want to have are different people asking different questions of the same data and you want to have that integrated triage process of an I.T lens to that problem a security lens to that problem and then from there figuring out is is this an IT workflow to execute or a security incident to execute and you want to have all of that as an integrated team integrated process integrated technology stack and this is something that I very care I cared very deeply about as both a Splunk customer and a Splunk CTO that I see time and time again across the board so Patrick I'll leave you with the last word the final three minutes here and I don't see any open questions so please take us home oh man see how you think we spent hours and hours prepping for this together that that last uh uh 40 seconds of your talk track is probably one of the things I'm most passionate about in this industry right now uh and I think nist has done some really interesting work here around building cyber resilient organizations that have that has really I think helped help the industry see that um incidents can come from adverse conditions you know stress is uh uh performance taxations in the infrastructure service or app layer and they can come from malicious compromises uh Insider threats external threat actors and the more that we look at this from the perspective of of a broader cyber resilience Mission uh in a wartime mindset uh I I think we're going to be much better off and and will you talk about with operationally minded ice hacks information sharing intelligence sharing becomes so important in these wartime uh um situations and you know we know not all ice acts are created equal but we're also seeing a lot of um more ad hoc information sharing groups popping up so look I think I think you framed it really really well I love the concept of wartime mindset and um I I like the idea of applying a cyber resilience lens like if you have one more layer on top of that bottom right cake you know I think the it lens and the security lens they roll up to this concept of cyber resilience and I think this has done some great work there for us yeah you're you're spot on and that that is app and that's gonna I think be the the next um terrain that that uh that you're gonna see vendors try to get after but that I think Splunk is best position to win okay that's a wrap for this special Cube presentation you heard all about the global expansion of horizon 3.ai's partner program for their Partners have a unique opportunity to take advantage of their node zero product uh International go to Market expansion North America channel Partnerships and just overall relationships with companies like Splunk to make things more comprehensive in this disruptive cyber security world we live in and hope you enjoyed this program all the videos are available on thecube.net as well as check out Horizon 3 dot AI for their pen test Automation and ultimately their defense system that they use for testing always the environment that you're in great Innovative product and I hope you enjoyed the program again I'm John Furrier host of the cube thanks for watching

(light music) >> Hello, and welcome to theCUBE's special presentation with Horizon3.ai with Rainer Richter, Vice President of EMEA, Europe, Middle East and Africa, and Asia Pacific, APAC Horizon3.ai. Welcome to this special CUBE presentation. Thanks for joining us. >> Thank you for the invitation. >> So Horizon3.ai, driving global expansion, big international news with a partner-first approach. You guys are expanding internationally. Let's get into it. You guys are driving this new expanse partner program to new heights. Tell us about it. What are you seeing in the momentum? Why the expansion? What's all the news about? >> Well, I would say in international, we have, I would say a similar situation like in the US. There is a global shortage of well-educated penetration testers on the one hand side. On the other side, we have a raising demand of network and infrastructure security. And with our approach of an autonomous penetration testing, I believe we are totally on top of the game, especially as we have also now starting with an international instance. That means for example, if a customer in Europe is using our service, NodeZero, he will be connected to a NodeZero instance, which is located inside the European Union. And therefore, he doesn't have to worry about the conflict between the European GDPR regulations versus the US CLOUD Act. And I would say there, we have a total good package for our partners that they can provide differentiators to their customers. >> You know, we've had great conversations here on theCUBE with the CEO and the founder of the company around the leverage of the cloud and how successful that's been for the company. And obviously, I can just connect the dots here, but I'd like you to weigh in more on how that translates into the go-to-market here because you got great cloud scale with the security product you guys are having success with. Great leverage there, I'm seeing a lot of success there. What's the momentum on the channel partner program internationally? Why is it so important to you? Is it just the regional segmentation? Is it the economics? Why the momentum? >> Well, there are multiple issues. First of all, there is a raising demand in penetration testing. And don't forget that in international, we have a much higher level number or percentage in SMB and mid-market customers. So these customers, typically, most of them even didn't have a pen test done once a year. So for them, pen testing was just too expensive. Now with our offering together with our partners, we can provide different ways how customers could get an autonomous pen testing done more than once a year with even lower costs than they had with a traditional manual pen test, and that is because we have our Consulting PLUS package, which is for typically pen testers. They can go out and can do a much faster, much quicker pen test at many customers after each other. So they can do more pen test on a lower, more attractive price. On the other side, there are others or even the same one who are providing NodeZero as an MSSP service. So they can go after SMP customers saying, "Okay, you only have a couple of hundred IP addresses. No worries, we have the perfect package for you." And then you have, let's say the mid-market. Let's say the thousand and more employees, then they might even have an annual subscription. Very traditional, but for all of them, it's all the same. The customer or the service provider doesn't need a piece of hardware. They only need to install a small piece of a Docker container and that's it. And that makes it so smooth to go in and say, "Okay, Mr. Customer, we just put in this virtual attacker into your network, and that's it and all the rest is done." And within three clicks, they can act like a pen tester with 20 years of experience. >> And that's going to be very channel-friendly and partner-friendly, I can almost imagine. So I have to ask you, and thank you for calling out that breakdown and segmentation. That was good, that was very helpful for me to understand, but I want to follow up, if you don't mind. What type of partners are you seeing the most traction with and why? >> Well, I would say at the beginning, typically, you have the innovators, the early adapters, typically boutique-size of partners. They start because they are always looking for innovation. Those are the ones, they start in the beginning. So we have a wide range of partners having mostly even managed by the owner of the company. So they immediately understand, okay, there is the value, and they can change their offering. They're changing their offering in terms of penetration testing because they can do more pen tests and they can then add others ones. Or we have those ones who offered pen test services, but they did not have their own pen testers. So they had to go out on the open market and source pen testing experts to get the pen test at a particular customer done. And now with NodeZero, they're totally independent. They can go out and say, "Okay, Mr. Customer, here's the service. That's it, we turn it on. And within an hour, you are up and running totally." >> Yeah, and those pen tests are usually expensive and hard to do. Now it's right in line with the sales delivery. Pretty interesting for a partner. >> Absolutely, but on the other hand side, we are not killing the pen tester's business. We are providing with NodeZero, I would call something like the foundational work. The foundational work of having an ongoing penetration testing of the infrastructure, the operating system. And the pen testers by themselves, they can concentrate in the future on things like application pen testing, for example. So those services, which we are not touching. So we are not killing the pen tester market. We are just taking away the ongoing, let's say foundation work, call it that way. >> Yeah, yeah. That was one of my questions. I was going to ask is there's a lot of interest in this autonomous pen testing. One because it's expensive to do because those skills are required are in need and they're expensive. (chuckles) So you kind of cover the entry-level and the blockers that are in there. I've seen people say to me, "This pen test becomes a blocker for getting things done." So there's been a lot of interest in the autonomous pen testing and for organizations to have that posture. And it's an overseas issue too because now you have that ongoing thing. So can you explain that particular benefit for an organization to have that continuously verifying an organization's posture? >> Certainly. So I would say typically, you have to do your patches. You have to bring in new versions of operating systems, of different services, of operating systems of some components, and they are always bringing new vulnerabilities. The difference here is that with NodeZero, we are telling the customer or the partner the package. We're telling them which are the executable vulnerabilities because previously, they might have had a vulnerability scanner. So this vulnerability scanner brought up hundreds or even thousands of CVEs, but didn't say anything about which of them are vulnerable, really executable. And then you need an expert digging in one CVE after the other, finding out is it really executable, yes or no? And that is where you need highly-paid experts, which where we have a shortage. So with NodeZero now, we can say, "Okay, we tell you exactly which ones are the ones you should work on because those are the ones which are executable. We rank them accordingly to risk level, how easily they can be used." And then the good thing is converted or in difference to the traditional penetration test, they don't have to wait for a year for the next pen test to find out if the fixing was effective. They run just the next scan and say, "Yes, closed. Vulnerability is gone." >> The time is really valuable. And if you're doing any DevOps, cloud-native, you're always pushing new things. So pen test, ongoing pen testing is actually a benefit just in general as a kind of hygiene. So really, really interesting solution. Really bringing that global scale is going to be a new coverage area for us, for sure. I have to ask you, if you don't mind answering, what particular region are you focused on or plan to target for this next phase of growth? >> Well, at this moment, we are concentrating on the countries inside the European Union plus United Kingdom. And of course, logically, I'm based in the Frankfurt area. That means we cover more or less the countries just around. So it's like the so-called DACH region, Germany, Switzerland, Austria, plus the Netherlands. But we also already have partners in the Nordic, like in Finland and Sweden. So we have partners already in the UK and it's rapidly growing. So for example, we are now starting with some activities in Singapore and also in the Middle East area. Very important, depending on let's say, the way how to do business. Currently, we try to concentrate on those countries where we can have, let's say at least English as an accepted business language. >> Great, is there any particular region you're having the most success with right now? Sounds like European Union's kind of first wave. What's the most- >> Yes, that's the first. Definitely, that's the first wave. And now with also getting the European INSTANCE up and running, it's clearly our commitment also to the market saying, "Okay, we know there are certain dedicated requirements and we take care of this." And we are just launching, we are building up this one, the instance in the AWS service center here in Frankfurt. Also, with some dedicated hardware, internet, and a data center in Frankfurt, where we have with the DE-CIX, by the way, the highest internet interconnection bandwidth on the planet. So we have very short latency to wherever you are on the globe. >> That's a great call out benefit too. I was going to ask that. What are some of the benefits your partners are seeing in EMEA and Asia Pacific? >> Well, I would say, the benefits for them, it's clearly they can talk with customers and can offer customers penetration testing, which they before even didn't think about because penetration testing in a traditional way was simply too expensive for them, too complex, the preparation time was too long, they didn't have even have the capacity to support an external pen tester. Now with this service, you can go in and even say, "Mr. Customer, we can do a test with you in a couple of minutes. We have installed a Docker container. Within 10 minutes, we have the pen test started. That's it and then we just wait." And I would say we are seeing so many aha moments then. On the partner side, when they see NodeZero the first time working, it's like they say, "Wow, that is great." And then they walk out to customers and show it to their typically at the beginning, mostly the friendly customers like, "Wow, that's great, I need that." And I would say the feedback from the partners is that is a service where I do not have to evangelize the customer. Everybody understands penetration testing, I don't have to describe what it is. The customer understanding immediately, "Yes. Penetration testing, heard about that. I know I should do it, but too complex, too expensive." Now for example, as an MSSP service provided from one of our partners, it's getting easy. >> Yeah, and it's great benefit there. I mean, I got to say I'm a huge fan of what you guys are doing. I like this continuous automation. That's a major benefit to anyone doing DevOps or any kind of modern application development. This is just a godsend for them, this is really good. And like you said, the pen testers that are doing it, they were kind of coming down from their expertise to kind of do things that should have been automated. They get to focus on the bigger ticket items. That's a really big point. >> Exactly. So we free them, we free the pen testers for the higher level elements of the penetration testing segment, and that is typically the application testing, which is currently far away from being automated. >> Yeah, and that's where the most critical workloads are, and I think this is the nice balance. Congratulations on the international expansion of the program, and thanks for coming on this special presentation. I really appreciate it. Thank you very much. >> You're welcome. >> Okay, this is theCUBE special presentation, you know, checking on pen test automation, international expansion, Horizon3.ai. A really innovative solution. In our next segment, Chris Hill, Sector Head for Strategic Accounts, will discuss the power of Horizon3.ai and Splunk in action. You're watching theCUBE, the leader in high tech enterprise coverage. (steady music)

>>Hello everyone. I'm John furry with the cube. We're here, live on the ground in Seattle, Washington at the Bellevue Hilton for thes marketplace seller conference. It's kind of like the one and a half inaugural event. They have their first event in 2019, and now with the pandemic, they're re rebooting it, but it's really all about AWS's marketplace and partner network coming together, creating an experience for how people will be buying software and how people will be selling through with their ecosystem. I'm Jennifer, the cube we're here with Megan. Fontain, who's the VP of cloud seek. Who's a seller and partner of AWS making great to see you. Thanks for coming on the cube. >>Thank you so much. It's, it's nice to be back in person and it's great to be with you. >>So watching the progression of how Amazon web services is evolving the marketplace and the partner network, you're starting to see some patterns. One is, I'll say they have their own stuff, and they're addressing that in the room, but they're really letting the thousand flowers bloom in the ecosystem. You hear that every year reinvent, even when Andy Jesse who's now the CEO of Amazon would say, no, we want the best of breed. Best product wins. Adam. Celeste's the same view, new leadership here, the combination of APN partner network with the marketplace now partner organization, APO is the big news. They're open. They're building an API service layer between their old marketplace to create this new model here. What's your, what's your, what's your take? What's your seller view? >>Yeah, so our marketplace and APN journey started with AWS about three years ago. And I think something that was the most profound to me out of the keynote this morning was that Chris Gus, who runs the API organization for ISVs talked about marketplace as the automation layer for how AWS will partner going forward. So an independent software vendor likes, we see that as opening up the door for two things. One, we get to leverage the great global scale and platform of AWS, but then secondly, it really brings together this idea that we will sell together to the end customer through the marketplace. And we will also sell as partners through co-sell and APM. >>You know, I love these kind of new, new development models around channel partners, ISVs at the end of the day, buyers are buying software. Yes. And they're cloud they're on a cloud journey. You're the VP of cloud at the company, your company seek take a minute to explain what your company's known for, what you guys do, your relationship with the market. You're an ISV. Yeah. Where are you guys? Cuz you guys ha have a good thing going on here. What do you guys do? What are you known for >>Sure. So seek is market leading software for advanced analytics for the manufacturing industry. So we're squarely in that industry. ISV, we sell SAS solutions to business buyers who want two things. One is they want technology that they can deploy quickly in their organizations drive that great business value ROI that drives the next level of investment in technology seeks unique offering in marketplace is that we've solved a lot of the challenges around that operational data in manufacturing. So manufacturing the industry, it's going through massive transformation, supply chain, disruption, or coming out of that, the globalization of manufacturing. And yet they have data that they've stored for 20, 30 years, that they're still in the first generation of trying to gain insights from. So that's why seek exists. It's really to bring the insights outta that data and then help the manufacturing customers we work with. Get to the cloud. >>What's interesting. I like your perspective and I want to follow up on that because data analytics used to be this thing. Well, I got a database. Yeah. You hosted on some storage and you got structured data, unstructured data. Okay. You got scale. But now you've got data platforms. You've got data mesh. I think Gardner actually has a different term, but gets a whole nother conversation. Data platforms are diverse. Yeah. They're pervasive. They're part of core infrastructure in cloud. It's not like a point solution anymore. It's gotta be integrated and customers are trying to work on, this is one of the hardest problems today. Yeah. In cloud transformation is the data layer, the relationship to other services. Yeah. >>So the Dataverse common data models. How APIs will interact with data. The trend there though is something that it is the ecosystem that will bring value to customers because no database is gonna serve every need. Right. And you think about the data layer. It really has to solve the problems whereby any application, any user, any insight can be generated almost seamlessly. And we're really on the first wave of that journey. But I think a, an element for seek that we certainly understand with our customers is that data alone is not an end objective, right? If it doesn't lead to a decision and an action and a workflow that humans can take to go drive and improvement in their business process, then you haven't tapped into the, you know, value of that technology >>When a buyer comes to the marketplace. Yeah. And they see your listing and solutions. Yes. What are they getting? What are they, what, what are they buying? >>So for seek, we've radically simplified that we, we really embrace this idea of simplification. We just sell, seek. So we have one seat listing in the AWS marketplace, all applications of seek they're all available there. We really leaned into the enterprise procurement models. So private offers are how we do the most of our business on marketplace. And it really went from a stage of experimentation where couple of customers, you know, what is this marketplace? Maybe we'll buy a few of our business applications there all the way through to now we're starting to see the demand side come through for customers where it's not just their security software or their DevOps or infrastructure software. They wanna buy solutions like seek including line of business buyers through a common catalog in the marketplace. >>Great. So I wanna ask you, cuz I want to give you the opportunity to give the pitch, the customer watching right now. Yeah. What's the pitch. Why seek, why this listing? Why should they hit the purchase button? I wish it was that easy. Why should they, why should they what's the pitch? Sure. >>So the first thing is seek through marketplace is a five clicks on three screens procurement experience. So compare that to months and months of back and forth with contracts and purchase orders and vendor set up, this is five less than five minutes, few screens, couple of clicks. And you can buy a multi-year subscription of seek to cover your entire enterprise. The second pitch is that it's a SaaS application that now can be deployed within hours. And then your users, your insights, your value is starting within the first couple hours. This is not a heavy lift it project. That's gonna take months. And then lastly seek specifically. So seek, because we're validated in the marketplace has been well architected for AWS cloud. We have that, you know, stamp of credibility. And we are leading in this space for manufacturing organizations who want cloud native secure software for analytics on their operational data. >>That's awesome. And customers have the challenge when they think about data, the use case security, yes governance, there's a variety of different use cases. What are you seeing as the top three use cases for C? >>So on the there's two lines of that question. The first is really the line of business use cases. And those are all about what outcome are we gonna drive? Are we gonna approve efficiency in your factory? Are we gonna reduce greenhouse gas emissions? Those are the kinds of use cases on the business side that that seek works with our customers on, on the it side. They wanna know that we can access data securely, that we can be part of an ecosystem where they can bring in aerations and algorithms and machine learning and new applications. And they also wanna know that we are sustainable. So meaning that we're driving constant innovation that is easy for them to consume and to gain access, to, to drive the next level of >>Improvement. My final AWS marketplace seller question is, yeah. How does the procurement process through marketplace help you and your customers what's in it for them? What value do the, does the customer get going through AWS procuring? >>So there's really really three. The first is you get a validated set of a catalog of solutions, right? That AWS says, you know, we undergo a rigorous process technically and commercially to be in the marketplace. The second thing for procurement effect of for procurement professionals is that they can leverage their cloud committed spend with AWS. So as they commit more expense and spend with AWS, now these marketplace purchases can be credited to that committed expense. We found that brings it and the business together with procurement to really work more collectively on that. And then the third piece is, imagine buying software where you don't need legal, you know, back and forth, back and forth because we're using a standard doula that thousands of other software companies are using in the marketplace today. >>I thought the keynote had a great line. We are not just a website of a catalog. We are a API service layer. Yes. With automation, more like a C I C D pipe lining. Yes. Of software. Yeah. And we are hearing more and more about software supply chain, more about scaling. This is kind of the future of procurement. Why wouldn't you buy direct, pick a few buttons and assemble your solutions at scale. >>There's some amount of tenant consequences that we've really learned as well. It brings it and the business closer together. So the it person wants to know, well, what is this seek, you know, piece of my AWS invoice. And so they get more engaged earlier in the process with procurement, with the business. And we've actually found that it brings internally for our customers, more people to the seat at the table around what are the applications and how will they govern them across the enterprise. >>Megan, I really appreciate you taking the time to speak with me here at the, at the conference, the seller S marketplace. I have to ask you, we were talking before we came on camera, you made a comment. I'd like you to share this comment with some commentary. You said I'm the VP of cloud transformation. And in the future that might title might not exist. Explain what you mean there, cuz I think this is kind of a telling moment about where we are at this point in the industry. >>Sure. So maybe it's, maybe it's funny to sort of envision a future where your role doesn't exist. But I think, you know, it's a to innovators do that, right? And for us we're a software company. That's going through the transition on-prem to SAS, you know, cloud native sets of applications, but in the pretty near term fore, really the next two years, all of our business will be SaaS and cloud. And so we won't need a separate VP or a separate team or separate function. It will just be how the business operates. >>Megan, thanks for running cue, Meghan bine, who is SI, she's a cloud VP of cloud transformation, VP of cloud, and she's successful. The title will go away and she'll move on to some other great valuable things like running the business. Thanks for coming on. Thank you so much. Okay. This is a cube here in Seattle. We're covering the eights marketplace seller conference. Part of APN merging with Amazon marketplace now called the APO Amazon partner organization. I'm John ER, with the cube. Thanks for watching.

(gentle music) >> Hello everyone, and welcome back to day two of AWS re:Invent 2021, theCUBE's continuous coverage. My name is Dave Vellante, I'm here with my co-host, David Nicholson. We've got two sets. We had two remote sets prior to the show. We're running all kinds of activities and we've got AWS executives, partners, ecosystem technologists, Scott Weber is here as the director and an AWS partner, ambassador from PwC. Scott, good to see you. >> Nice to meet you guys. Thanks for letting me be here. >> Well, so your expertise is around application modernization. It's a hot theme these days. If you're a company with a lot of legacy debt, you've got a big complex application portfolio. I would think, especially with the forced match to digital over the last year and a half, two years. Now is really a time when you're probably too late to really start thinking about rationalizing your portfolio. What are you seeing in this space? >> Definitely, we're seeing the customers that have reached that point. I view modernization as sort of the second wave of cloud that's coming. So you had your first wave, the early adopters that lifted and shifted into the cloud. We still have people looking at getting into the cloud, but for those that went early, now, they're saying, "How do I get more out of the cloud? How do I get closer to cloud native?" And that's what we're starting to see around this modernization move is, I want to start to utilize those higher level services from AWS and the cloud providers. I want to get a better return, I want to stop worrying about running infrastructure and hardware. >> So when you think about, I go back all the way back to Y2K, that was like a boondoggle for IT to spend a bunch of doh and do some cool stuff. And then of course the .com crashed, but today it's different. It's really about the business impact the business outcome that you can drive in transforming your digital business. So how do you as a technology agnostic consultant help a company understand what they should leave alone or sunset? What they should aggressively migrate? What's the process that you use to do that? >> In some ways we go back, we can reuse sort of those 6Rs that maybe got a customer to the cloud, or as they're on that cloud journey, right? And you really want to focus on where can you optimize ROI. And you're going to come across those things that are going to be like, look, maybe it's a vendor COTS solution. There's not a lot we can do there. You're just going to have to continue down that path. Unless we can look to move that to a SaaS service. Maybe the vendor has gone to a SaaS offering. Or we get into looking at they've done development in house, but that development is still monolithic running on virtual machines, either in the data center or in AWS, but it's a critical system to that business. It's maybe it's become fragile. How can we now modernize that? Because that's where there's going to be a great return on investment for that customer, and it's also going to allow business agility for those customers. As we can get them to microservices and Lambda and function as a service, the blast radius for changes become smaller, allows the customer to move faster than what they're doing. So it's the rationalization becomes what's driving the business forward? What's critical to the business? But what's holding them back as well? So that the customers can start to move faster. >> So it's a formula of okay, what's the business value of those applications essentially? You can kind of rank that, but then it's a formula there's a cost equation. That's pretty straightforward to figure out the s is and the 2b but then there's a speed. Like an ongoing time to value from a developer standpoint and then I guess there's risk. Have you got your core jewels? Maybe you don't want to touch those yet. Is that kind of your algorithm? >> It is and on that sort of cost and value piece, that's where we can really see some interesting things happen, where as we get customers away from licensed OSS proprietary databases, that return on investment can be huge. So we've helped customers migrate from running .net applications on top of a typical Microsoft Windows stack and SQL server stack. All the way to taking those workloads, all the way, either to Linux containers or all the way to serverless if we're going to take all the steps to rewrite, you can drive 60, 70, 80% of the cost of operating at that platform out of it, then you start this flywheel effect of reinvesting that money back into the next project to help the customer move forward. >> And it's quick follow up, but I know you want to jump in. >> Yeah, yeah. >> Why wouldn't a customer, that's a Microsoft customer just run that on Azure? Why AWS? >> I mean, that's a good question and that sort of gets into a lot of philosophical, like discussion we talk about for a long time. The fact of the matter is the majority of your Windows workloads still run on top of AWS today. I would argue AWS has some pretty superior things in their underlying architecture, they're nitro architectures and things like that. But I think it's also choice. And, the whole move of .net to Linux, Microsoft started that they put the ability to, you can run SQL server on top of Linux. Well, if I run SQL server on top of Linux, I take out 20% of my costs right there. They put the support in for .net core to be able to run on Linux or on containers, but that's to help the developers move faster, that's to help us get to microservices. So that cloud provider choice, I think is becomes a bigger discussion, but a lot of people are choosing AWS because they're not just doing Microsoft workloads . Again, we could get very deep into like, trade-offs on why one over the other, but customers are choosing AWS for a lot of these words. >> Diversity and better cloud, better infrastructure. >> Yeah, and philosophical is an interesting way to look at it when it becomes a hostage negotiation. I'm not sure there was a lot of philosophy involved when server and SQL 2008 were being end of support life. And people were told, move it to Azure and we'll take care of you. Don't move it to Azure, you're on your own. But something on the subject of ROI. ROI is typically measured over time. How do you rectify and address the sort of CIO dilemma, which is that if ROI is being delivered fantastically in four years, but the average tenure of a CIO is 2.7 years, how do you address that? What is the sweet spot for timeframes that you're seeing for people to actually implement when you consider as was mentioned today, the keynote that somewhere around 15% of IT spend is in cloud today, which leaves 85% of it on premises. So what do we do about that? >> Yeah, that's a great question. So, I think, I like to get small wins. So find a very big pain point for that customer. How can we start to get them some small wins and start that flywheel effect going of like you saved money here, now, can we reinvest and start to show some wins, but we've engaged in projects where we've completely rewritten a whole application stack that was the core service for a business in a year and a half, and we took them from a run rate of somewhere between 40 and $60,000 a month. Had they been running that in AWS, they were running it in a data center today. So that was our estimate to less than $5,000 a month to run that application on a serverless platform inside of AWS. >> So when you talk about modernizing an application environment, that's typically not thought of as low hanging fruit. So does that mean that all the low hanging fruit has been consumed? Are all the net new things that are developed in a cloud native format, have they already been done? Is this the only frontier for opportunity now? >> No, it's not the only frontier. I mean, there's a lot of customers that are still just trying to get into the cloud. >> Lots of applications out there? >> Yeah, and you look at things like mainframe as well. That's I think a coming area where customers are finally starting to say, "Enough with the mainframe, we saw it in the keynote today of a new sort of service offering around helping customers rationalize how to do, to start to do things with the mainframe." So, but sometimes you can get those easy wins. Like we find a scalability issue. And we can inject scalability and pull back costs very rapidly. 'Cause you run in that scenario, there provision for max capacity that may happen 10% of the year. Now they're vastly overpaying. So we can still get some easy wins with slight tweaks to the platform while we help them rationalize those longer built times. I think the other thing we're starting to see is a shift in CIOs that are coming more from a software background too. That aren't from the pure infrastructure background and as we see those software dBase CIO start to come in. They're starting to understand the game that can be had of making the investment in the software and those upgrades to the software. >> And their tenure is elongating 'cause, CIO career is over was the joke. Now you're losing CIO, is cause they're going onto a bigger and better. They getting more options. I mean, they're becoming rockstars again. I want to ask you just as a side about that mainframe compatible runtime that they announced 'cause it sounds like you've got some experience in converting mainframe. >> Yeah. >> 'Cause I've always been a skeptic. We've seen this movie before where people have to freeze code, they've got to freeze code for 18 months. It takes 24 months, but now it's cloud, Adam Selipsky said, we can cut migration time, which is critical here by two-thirds 'cause that's the key. If you can reduce the time of which you have to freeze the code or maybe not even freeze the code. Again, I'm a skeptic, but what are you seeing with practical experience? >> So at PwC, we're seeing a lot of customers, start down this path and the ROI is pretty amazing when once you get in and you really start to dig in of what it can be if to go down this path. And there's a lot of tools out there, there's a gentleman on our team that's a real genius with this and he's helped multiple customers go down this path. There's tools that can start to do code conversion for you. I mean, we all get a little skeptical on those things cause we never know what the machine is going to try to make the code look like, but it's the starting point. But there is more. >> Like a prewash? >> Yeah, (Dave laughs) there's more and more design patterns coming out to help us down those pathways. But it goes back to agility for the business cause a lot of these customers running mainframes today are looking at a six month release cycle if they want to make any changes to their environment. If we can get them into an agile mindset to a microservice, they can get to two weeks or less for release cycles. So it's a big win for the company overall. Yes, there's a risk, but I think you can take, you can try to de-risk it as much as you can, you don't take the core, the absolute core critical piece of that mainframe. You start to pick away around the edges and you get comfortable with what you're doing. >> And going back to the concept of ROI, specifically in the mainframe space, there have been some not so subtle nudges from the marketplace that changed the dynamics associated with staying on your mainframe. Because if I tell you that the tax to stay on your mainframe is going to triple or quadruple over the next several years, that changes the balance. So you have the old guard in the software business who will remain nameless, jacking up the prices because they feel like, you know what, "What are you going to do? What are you going to do other than write me a cheque?" And the answer is, "Well move," right?. >> Yep, it's reached a point like the companies are moving. And what I think companies start to see too is, when we talk about purpose-driven databases, Adam was talking about that in the keynote today too. And we've seen that with customers when we've done builds, what's the right database for this data? And now you can start to get things moving even faster. And you unleash new ways of thinking. And I mean, some of the vendors are doing things like that and the companies aren't happy about it. >> Well, yes, but look, you're talking about Oracle in particular. (group chattering) That's one of them, but Oracle invests in its database and it's two different theories. Adam, today's the right tool for the right job, API and primitives and Oracle takes the kind of Swiss army knife approach. But they do invest if you have hard core mission critical, recovery is everything. There's a risk factor involved there, but if you want to go fast and you're a developer, you're not going to necessarily knock on Oracle's door, you're going to go to get an AWS. But it gets to my question, having done a lot of TCO analysis, it used to be labor, was always two-thirds of the cost. Now with automation, especially in Oracle environments, software license costs are the dominant component and it's maybe less true for SQL server, certainly true for Db2. I remember the early days of the flash, we used to tell customers, install flash. You're going to be able to consolidate, reduce your Oracle licenses when they come up. So that was a preferred strategy, but what are you seeing in terms of the ability? First of all is that a correct premise that software licenses is still a big component or an increasingly large component, and how do you unshackle from that? >> Yeah, so definitely software licensing costs for the OSS and for the databases are huge. I mean, there's numbers out there that like for SQL server enterprise, if you can get somebody off the SQL server enterprise and get them to an open solution like Aurora Postgres or something like that, it's a 90% ROI, and the numbers are similar for Oracle. And I talked to a lot of customers are like, "But we don't know Postgres," but it's not really that different. It's still data modeling. And when you get to these managed services platforms like RDS and Aurora, you free up those DBS to do the higher value things. The ROI of a DBA is not managing memory and desk and babysitting the servers, it's helping the developers build better data models. And those sorts of things that are higher value. So it is a big thing and we're seeing customers saying like, "Help us reduce this licensing cost," and help us be more efficient because the open platforms now, especially in the relational database area, are on par in a lot of ways with the Oracles and the SQL servers. So then you start to say, "Well, what am I gaining by paying and being sort of held hostage to these numbers?" So we definitely see customers making this transition. >> I mean, the point about Postgres is a good one because you're going to get enterprise class recoverability but even EDB would say okay, don't start with your mission critical core, pick around the edges just what he's saying over and over time, you're going to become more cloud native and get to the point, can you get to that point where everything's cloud native, everything is a service, maybe not a 100%, but a large part of your application portfolio can get there, right? >> Yeah, you're going to find those, that goes back to doing that application tiering and evaluation and ROI. So, we have a case study that we did with Constellation Brands, where they really needed a B2B type ordering portal solution. And they looked at sort of the typical vendors in a packaged solution if you will, a cottage type solution. And we proposed doing a full custom solution, soup to nuts and building it natively in AWS. And it was built completely on top of platform services. There was no servers in that environment and we were done. We were using AWS Fargate to run their containers on top of, we were using RDS Postgres, we were using Lambda and in some places we were using DynamoDB for holding inflate orders. And so the whole environment is deployable from one cloud formation template. So it completely changed how we even went through the testing of the thing. 'Cause you ran the same cloud formation template to deploy to a different environment. And you knew you were getting the same exact thing. And so they went from, they no longer had to worry about securing underlying compute, secure the containers, run on top of Fargate, use a platform service for your databases, and it was a beautiful solution for them. >> Yeah, you got to taste of that and your eyes open up and say, "Wow, what's possible?" >> Yeah, its a game changer. >> We heard that from NASDAQ this morning. An amazing story. She said, our first Amazon bill was 20 bucks. I bet it's higher now, but first hits free kind of thing. But the point is when people talk about the AWS bill, et cetera, no question, you should try to optimize that. But at the end of the day, it's about the business value Scott, isn't it? >> Scott: Yeah, it is. >> Hey, thanks so much for coming to theCUBE. It was great perspectives, >> No, thank you guys. I appreciate having you guys on. >> Thank you very much. >> Keep it right there, Dave Nicholson and I will be right back. You're watching theCUBE's coverage of AWS re:Invent 2021. (gentle music)

>>Oh, well, the back to the cubes coverage of ADA bus reinvent, 2021 executive seminar, I'm John ferry hosts of the cube. We've got a great segment here on the modernization. We were ringing in the success with Amazon web services, Vodafone digital in the UK, an example of modern engineering examples using Amazon, the cloud, looking at where we're cloud native is actually changing the game two great guests, Ben Collie, head, head of digital engineering, Vodafone UK, and Maynard Williams, managing director of center. Gentlemen, thank you for coming on the cube and sharing the story. >>Thanks, John. Appreciate it. So >>I gotta, I gotta ask you guys one of the main themes that we've been covering all year and even even pre pandemic, we, we saw the cloud native wave coming pretty hard containers. Great for modernization sets the table. You seeing things like Kubernetes and now serverless changing the game on all aspects of how modernization is happening. And everyone's talking about application modernization shift left all great for business, but you have to, you have to kind of take care of things under the, under the covers a little bit, the infrastructure, making sure the engineering teams are all set. So this has been a top topic. This is kind of what you guys are doing. Can you guys explain to me the needs that Vodafone has, um, that brought about this transformation? >>Yeah, sure. Um, so we we've been on this transformation for around four years, but you're absolutely right. The, uh, the pandemic has been a real catalyst for, for all kinds of organizations like ours around the world. Uh, so we were really driving a digital first agenda for quite a long time. Uh, and that, that came as, as you just said, John, it, it really did start with the, uh, the cloud hosted, uh, and then, uh, and then moving and realizing the difference between that and become native to the, to the cloud and really leveraging the services, uh, like AWS, um, in order to really drive pace, uh, and, and the outcomes that we needed for the business. Uh, we've seen a huge change over the last, uh, purely over the last 18 months, really. Um, our daily traffic, uh, these days is as it was on our highest ever, uh, uh, like an iPhone launch day, for example, um, before the pandemic, is I a daily traffic these days. And so that scalability and flexibility and that leveraging those services has been absolutely fundamental to supporting the, the changing needs and expectations of our customers. >>You know, back in the old days, uh, Maynard, you know, it's oh yeah, black Friday surge, you need the cloud to scale up and be flexible. Agile elastic, you know, scale is definitely now table stakes. And if you're not dealing with scale and some sort of either SRE fashion or whatever, you, you really ain't going to be behind the curve, but the next level that's being discussed is how do you leverage the scale for not just customer experience and business value, but we're talking about system architecture, kind of thinking there's kind of, this is our system design is now a big part of it. Can you talk about how this kind of threads together? Because we always talk about consumer experience, customer experience CX, but now there's a new system was mindset out there. Can you kind of share your vision on that >>Thing that stands out for me is if I look at digital, we've designed it to a point where the scale is just as you say, it's the table stakes, and only for launch with something that two years ago needed to be planned and thought about. And it's now absolutely routine. We think about the business side of it, but a big increase in scale really is seamless. But if I look at the full stack, we're still connected into some of the older backend systems, um, where any production, uh, they were on prime actually tasks. This is on AWS now, which is a big step forward, but when you've got to manage scaling in a way that translates from backend systems that are on premises on prime, and therefore we can't lastingly scale through to the front tab where we have to be able to scale up very seamlessly and balancing that across with, uh, an architecture that supports that level of scale and makes it so seamless on something like, as you say, iPhone launches or back Friday, any product coming out is actually key to the way we've architected that. >>So you're saying that essentially AWS combined with Vodafone worked on this solution that was more of a cloud native solutions that the innovation here, can you just summarize and unpack a little bit of what is the innovation, what problems did you solve together with essentially those and Vodafone? What was the core challenge? Yes. >>I think that the core is actually, how do you get to the point where, um, at the scaling is seamless, where you can move from being on the cloud to cloud native has been, just touched on what the same time you're actually connected into an enterprise state where the production systems are all on prem and don't have that ability to scale in the same fraction. So you can't, for example, push you to load into, uh, an on-prem backend system and, and simply expected to scale in the same fashion. So between our three organizations architecting something that is robust scales, we usable and takes away a load of pieces that actually were quite complex two years ago. And turns them into just routine has been a big step forward. >>And I want to get your reaction to this because, you know, you're, you're the you're on the, on the front line saying, Hey, be more agile at Basel saying, be agile, do different left, take that hill. Um, it's, it's easier said than done. Talk about what goes on when you have to implement and the stakes involved. Again, there's always the old way, new way. Can you just kind of give some color on what's going on? What's your perspective showing? >>And as I just said, that the real benefits and the story behind this was the ability to launch an iPhone. For example, as a event for Vodafone previously was weeks and months of preparation and design and testing and confidence building. And now it really is, it just happens. Uh, and we watched things scale and, and, and then down again, gracefully, um, and really do celebrate the, the another level up, if you like the leveling up of us as an organization, allowing our commercial colleagues to, to launch propositions or to launch campaigns without needing us to be involved anymore, because they're confident, we're all that things will, will flex like that. But you're absolutely right, that, that the changes and the demands of us as a, as a team, but also the, the expectations of our stakeholders, uh, have been changing for quite a long time now. Uh, and we're really excited now to be able to meet them by leveraging the services that we're discussing. >>Yeah. So the guys say said launched the iPhone, no big deal routine, hit the pub. Everyone's happy having a good day. >>Uh, >>Let's get into the solution, how it works. Talk about what's going on with the covers. How does this all work? Can you take us through, what's the state of the art of the, of the solution? Sure. >>Well, uh, as you mentioned earlier, we were very much inclined to serverless these days. So we rolled out fire gate, um, a few, uh, uh, started about 18 months ago. Um, and that really has, um, freed us up in, into all kinds of, um, uh, scalability, uh, measures, but also really about, about reusing and applying this across much more than just the, the engineering or the digital part of Vodafone, where we, where we began. So that's been a really big part of our agenda, uh, and that's, that's informed all kinds of things, the ability to scale and flex like that, and the architecture beneath us, um, and the containerization and orchestration that that goes along with that has really enabled us to, um, to flex that, uh, ability to, to reuse it across other areas. And because of that, now it's driven our hiring policy or tooling and, uh, technical, uh, our procedural approaches, uh, it all now leverages that ability to move a patient, to be able to scale, uh, not just in, um, uh, infrastructure or ability to serve customers, but in ability to deliver for the business commercially as well. Uh, and this is all now informed on our direction. I think, as an organization, >>It's interesting, you mentioned far you far gate than a trigger of events happens. People get excited, opens up new doors of opportunities as a chain reaction from that. Um, talk about the impact to the staff and the operations, because you almost, it's motivating at some level you get new things happening, but you're actually making things go better and faster, cheaper. >>Yeah. Uh, well, the, the impact is one, uh, because we're on a journey at Vodafone of this transformation, really becoming a technology business first and foremost, rather than a telco classically like our competitors, uh, we're able to really drive cultural change as well. So the impact on our people is a really, it's been particularly engaging. One with, we've also been part of, uh, a real recruitment drive. We've just announced 7,000 new, uh, roles, uh, joining our team across Europe and that these are engineering roles, um, driving more of the same, uh, behaviors and principles of a modern software engineering business like ours. Uh, and that really is fueled by our, our ability to experiment and try, but become cloud native and, and, uh, employ these services in the way that they're designed to be >>Maynard. I'd like to get your take on this and, and, and shift to a topic around how, what this all means. Um, if you zoom out and you say, okay, with the pandemic, it's become a mobile virtual hybrid. Now world around work play, all those lines are kind of blurring. It's not as clean as it used to be. Oh, the network segmented over here. This is over here. These legacy systems were built around the notion of things when nicely segmented. Um, now you have this whole kind of mashup, if you will, of how you just want to work, right. There's mobilization is a huge thing. So access identity, these are things that we're all kind of set up nicely before the pandemic, or at least, you know, not as, uh, stable, maybe not scalable, but what's your take on this? What's the big picture what's all happening. >>I think, I mean, the pandemic has accelerated a set of changes that were already happening anyway. And I'd say the other particles is under the covers. A lot of the work's been done has been to create the microservices that stitch together to produce those journeys, but, you know, running the containers. And so that, that opens up an omni-channel future that starts to move away from saying actually businesses are organized around the environment in which they're serving. Is it a retail store? Is it, is it online that additional and so on, and actually into much more of a space where you're building the best journeys and those journeys come and are served through digital or through a call center or through a store and so on. And that makes a huge difference because the focus on improving the customer's experience has been enormous. And I think that's one of the other parts that come out of the whole cloud native setup. >>And the ability to experiment has been iteratively and endlessly improving the experience for the customer. And that's, that's a, that's a massive step forward. So we can talk about the fact that we deploy a huge number of times more frequently than we did even a year ago, uh, or the, you know, our quality has improved by a massive percentage and so on. And I think the thing that's really interesting is the improvement in the experience and the endless improvement and iteration of that, because we can make lots and lots of small changes and do every day. That's a big one, >>You know, what's interesting Ben, and let's get your reaction on this. And if you don't mind to just add a little color to this, this is just another example of reports that we've been talking with folks on where it's not about just replatforming to the cloud. It's refactoring the business, uh, with, with the engineering, the modernization. And so there's two things that go on one, you see the efficiencies and new doors open up new things are happening. People are getting excited, good, some good Mo morale boosting things are becoming clear, but then there's actually new business, new business value being created or new propositions engineering propositions. Can you share from a digital standpoint, because this seems to be the new role of the digital person, whether it's engineering or on the business side, make things run faster, cheaper, and better, and then create new opportunities, new propositions, what's your >>Absolutely. Yeah. Yeah. It's fundamentally around pace of delivery. Uh, being able to, as, as may not says, uh, moving from a world, uh, two or three years ago where we were deploying once every two or three months, uh, this is a website once every two or three months where we were, uh, to now it's happening all the time every day. Uh, it's, it's, it's a skill that we've given us as an organization that we couldn't have leveraged before. And what we're able to do with that now is experiment our way and iterate our way to new value streams, as you say, but also trial and error. What we already know, uh, or expects to be true with our customers much, much more easily and much, much more frequently, very little a barrier to production or friction between us and the customer these days, and the almost instant response and feedback we get from customers. Um, we, we learn constantly about because of that. And it's, uh, it's become much less of a stab in the dark with large business cases where they work well, they worked and are much more experimental initiative. Uh, we, most of the propositions we know about, but also to the experiments, um, and unknowns in our future. Um, that also now unlocked, >>That's a great point. You mentioned about the whole timing of, you know, the old way, months, weeks, just for website stuff, uh, Maynard. And if you guys can share this new world order is actually pretty exciting, but also daunting if you're not like in the water, so to speak, right? So, you know, some people are actually, you know, putting their toe in the water, they're experimenting, but it's a game changer. I mean, a significant step up of value. What's your advice about solutions and they're not easy. I mean, you just got to get your hands around the sensor. You guys have been doing a lot more of these projects is seeing more and more of these, these kinds of partnerships, uh, and the value is there. Can you guys share your, your, uh, opinion and advice to folks out there watching saying, how do I do this and is it going to be worth it? Is that bridge to the future there? >>I mean, I think there's a mechanical piece. How do I enable this? And we can talk about dev ops and moving to cloud native, and actually some of the, some of the process side of as an organization, how do I get really comfortable with deploying very frequently and it being low risk and routine. And so the other part for me, which we sort of haven't touched on is as much as we talk about experimentation, it's about the data and the analytics and the knowledge that we create of that. So the, the, the small changes we're making are highly scientific. And when we think about actually understanding how we're optimizing experiences, that's all about the whole set of data points that I'm pinning up. And so I'll take two parts is know the, the journey we've been on here is, is about enablement. It's about moving the architecture. It's about moving the ways of working so that a lot of things that were hard or required thinking about two years ago on that quality team. But the other part of it is understanding the data and having the analytics capability and being able to make a very scientific experiment where you can see the result in the day-to-day >>Ben, what's your reaction advice to folks watching as they modernize exciting, challenging. It's a lot of hard work, but what's it look, it's the end game, >>All of those things, yes. I'd say it's, um, more than anything, it's a necessity these days we have to embark on this journey. It is, it is daunting. And, and of course, a lot of large organizations like ours, we were successful for doing things in a particular way, uh, have built up a lot of, uh, protection mechanisms for doing, for making sure we protect that. And so to come at it from a new angle is, is obviously daunting. And it's very challenging as well. There is an immune system in all of our organizations that is real, but I'll deal with it. Um, but the, the real, um, success behind, uh, the real, I think the reasons behind a lot of our success has been beat by being able to quickly prove value to quickly prove that outcomes are deliverable and achievable. Um, and then to build on those and iterate on it. And as, as I said, it's, it's about being able to move at pace for us in Vodafone. It's about leveraging our scale. We're a huge organization. Um, and we're, we're now coming together as one to really make sure that we do just lean on that scale more than we have them. Yeah, that's really about iterating, as I said, and, and, um, finding things that work, keep doing it, finding things that hold you back and get rid of them as quickly as you can, uh, is what I would say for us. >>It's interesting. You mentioned the scale. The thing about the cloud is when I hear the common pattern is it takes advantage of the strengths of your environment. You know, so every environment is a bit different, but you guys have the scale. I have to ask you while you're here. What are some of the anecdotal comments that kind of, you hear from folks that make you happy? When about the results? I think saying, Hey man, I'm not even seeing this anymore, or, wow. This is faster. What's some of the sound bites that you guys take as proof points of the success of this project. >>Yeah. It's, uh, I'd say it's mainly an R there's two things I would say, uh, the ability to rely less on it delivery if you like. So empowering our commercial business to make changes for themselves in a safe and secure manner. So providing these self-service capabilities, we've started to see a real pace about our commercial business, as well as our technology business. Uh, but also the, the time it takes to get things out is probably one of the biggest, uh, really tangible results and outcomes for us at the moment. Um, just the sheer amount of things we can release to production, uh, in, in sorts of short space, space of time really does bring to life, our ability to now trial and error, to AB test a Canary deploy. Things like that is really, um, it's been a real superpower for our, um, transformation, I think yes. >>Kind of kidding about can't make time to go to the pub, but in reality, it's free time freeing up people from doing those tasks that were slower shifting that value. >>Yeah. Whereas as you mentioned, Johnny, it really is much more than a technical journey. This is a cultural one as well for a lot of organizations and, um, by being more connected, by being more connected to the outcomes or the value that you add into production, uh, it really does drive a new culture and engagement across our teams. You know, if it's six months between writing a line of code and seeing it in production by up no sense of ownership or pride in what I've done there, but if I can deploy code immediately see an impact good or bad, um, then, uh, I really do feel connected to the outcomes and the value that I'm driving to, to the business and to our customers. So there really is a great cultural, >>Yeah. I remember Andy Jassy last year when he was a sea of AWS on stage and talked about that dynamic of the teamwork, people rowing in the right direction. Um, feeling part of it may know this is a cultural shift on how companies do business. I know center I've covered probably a dozen or so killer projects that have just been awesomely new and kind of different, but successful built on the cloud. So a lot of replatforming refactoring you're in the front lines, working with, uh, companies that essentially what's the pattern that you see that's that's happening right now. What's the, what's your view of the current market? >>Um, I mean, I think there's a huge shift to this, that this journey too has been part of the move from being on the cloud to being proud nature. I'm really getting that value because there's a, um, a kind of, almost a example. I see there's a light bulb moment where ownership of what you put in production means that you move away from a model of we change code because either the business tell us too, because they have a functional requirement or because something's broken. When we get into the model of that, I want to improve the thing that I feel ownership of. That's not leave. And you suddenly see how much difference that makes to the experience of it, the quality of it, the stability, all of those things improving. And so if, if I look more generally that cultural shift is it is an evolution that organizations go through and it starts with actually delivering it in a more agile way. At some large scale, you see agility moving up into kind of business agility and starting to affect things like budgeting cycles and the kind of corporate functions. If you like that tend to sit around, uh, you know, supporting Pete pieces of delivery. And there's a lot more of that happening at the moment, a load with more organizations pushing into being properly cloud native and transforming rather than the kind of first wave, which was the shift onto the cloud. Now it's actually, that's really leveraged what we've got with the, >>Yeah. And you guys essentially have been riding on the wave of AWS and the cloud for many, many years. We've been covering it. Ben great success story. Thanks for coming on the cube, a head of digital engineering, Vodafone UK, great example of modern engineering at work using AWS in Europe. Uh, thanks for coming on the Cuban, sharing your story. Maynor thank you for also coming on and the work you're doing at Accenture and AWS. Thank you. Thanks John. The cube coverage of AWS reinvent 2021 executive summit. I'm John furry, your host. Thanks for watching.

(upbeat music) >> Hello, welcome back to theCUBE's coverage of AWS Reinvent 2021 Executive Summit. I'm John Furrier, host of theCUBE. We've got a great segment here on the modernization, where we're ringing in the success with Amazon Web Services and Vodafone Digital in the UK. An example of modern engineering, examples using Amazon, the cloud. Looking at where cloud-native is actually changing the game. We got two great guests, Ben Connolly, Head of Digital Engineering at Vodafone UK, and Maynard Williams, Managing Director of Accenture. Gentlemen, thank you for coming on theCUBE and sharing the story. >> Thanks John, appreciate the invite. >> So I got to ask you guys, one of the main themes that we've been covering all year, and even pre-pandemic, we saw the cloud-native wave coming pretty hard. Containers, great for modernization, sets the table. You seeing things like Kubernetes, and now Serverless changing the game on all aspects of how modernization is happening. And everyone's talking about application modernization, shift left, all great for business, but you have to kind of take care of things under the covers a little bit. The infrastructure, making sure the engineering teams are all set. So this has been a top topic. This is kind of what you guys are doing. Can you guys explain to me the needs that Vodafone has that brought about this transformation? >> Yeah, sure. So we we've been on this transformation program for years, but you're absolutely right. The pandemic has been a real catalyst for all kinds of organizations like ours around the world. So we were really driving digital first agenda for quite a long time. And that that came as you just said John, it really did start with the cloud hosted and then moving and realizing the difference between that and become native to the cloud and really leveraging the services like AWS in order to really drive pace and the outcomes that we needed for the business. We've seen a huge change purely over the last 18 months really. Our daily traffic these days is as it was on our highest ever like an iPhone launch day, for example, before the pandemic is daily traffic these days. And so that scalability and flexibility and that leveraging those services has been absolutely fundamental to supporting the changing needs and expectations of our customers. >> You know, back in the old days, Maynard oh yeah, Black Friday surge, you need the cloud to scale up and be flexible, agile, elastic. The scale is definitely now table stakes. And if you're not dealing with scale and some sort of either SRE fashion or whatever, you're really going to be behind the curve. But the next level that's being discussed is how do you leverage the scale for not just customer experience and business value but we're talking about system architecture, kind of thinking there's going to, this is our system design is now a big part of it. Can you talk about how this kind of threads together? Because we always talk about consumer experience, customer experience CX, but now there's a new systems mindset out there. Can you kind of share your vision on that. >> Yeah, I think the thing that stands out for me is if I look at digital, we've designed it to a point where the scale is just as you say, it's the table stakes. And iPhone launch was something that two years ago needed to be planned and thought about. And it's now absolutely routine. We think about the business side of it but a big increase in scale really is seamless. But if I look at the full stack, we're still connected into some of the older backend systems where we're in production they're on prime actually tests is on AWS now, which is a big step forward, but when you've got to manage scaling in a way that translates from backend systems that are on-premises or on-prem, and therefore we can't elastically scale through to the front tab where we have to be able to scale up very seamlessly and balancing that across with an architecture that supports that level of scale and makes it so seamless on something like, as you say, iPhone launches or Black Friday or any product coming out is actually key to the way we've architected that. >> So you saying that essentially AWS combined with Vodafone worked on this solution that was more of a cloud native solutions. Is that the innovation? Can you just summarize and unpack a little bit, what is the innovation? What problems did you solve together with Accenture and Vodafone? What was the core challenge? >> Yes well, I think that the core is actually, how do you get to the point where the scaling is seamless, where you can move from being on the cloud to cloud native, as Ben just touched on, when at the same time you're actually connected into an enterprise state where the production systems are all on-prem and don't have that ability to scale in the same fashion. So you can't, for example, push you to load into an on-prem backend system and simply expected to scale in the same fashion. So between our three organizations, architecting something that is robust scales, reusable and takes away a load of pieces that actually were quite complex two years ago and turns them into just routine has been a big step forward. >> And I want to get your reaction to this because you're on the front line saying, hey, be more agile, the boss that says, be agile, do different left, take that hill. It's easier said than done. Talk about what goes on when you have to implement and the stakes involved. Again, there's always the old way, new way. Could you just kind of give some color on what's going on? What's your perspective? >> Sure, and Maynard just said that the real benefits and the story behind this was the ability to launch an iPhone For example, as a non event for Vodafone previously was weeks and months of preparation and design and testing and confidence building. And now it really is, it just happens. And we watched things scale and then down again gracefully and really do celebrate the level up if you like, the leveling up of us as an organization, allowing our commercial colleagues to launch propositions or to launch campaigns without needing us to be involved anymore, because they're confident, we're all confident that things will flex like that. But you're absolutely right that the changes and the demands of us as a team, but also the expectations of our stakeholders have been changing for quite a long time now. And we're really excited now to be able to meet them by leveraging the services that we're discussing it. >> Yeah, so the guy said launched the iPhone, no big deal routine, hit the pub, everyone's happy. Having a good day. Let's get into the solution, how it works. Talk about what's going on under the covers. How does this all work? Can you take us through what's the state of the art of the of the solution? >> Sure. Well as you mentioned earlier, we were very much inclined to Serverless these days. So we rolled out fire gate a few, it started about 18 months ago and that really has freed us up into all kinds of scalability measures but also really about reusing and applying this across much more than just the engineering or the digital part of Vodafone where we began. So that's been a really big part of our agenda and that's informed all kinds of things. The ability to scale and flex like that and the architecture beneath us and the containerization and orchestration that goes along with that has really enabled us to flex that ability to reuse it across other areas. And because of that now it's driven our hiring policy, our tooling and technical, our procedural approaches, and it all now leverages that ability to move a pace and to be able to scale, not just in infrastructure or ability to serve customers, but in ability to deliver for the business commercially as well. And this is all now informed on our direction I think, as an organization. >> It's interesting, you mentioned you far gate then a trigger of events happens. People get excited, opens up new doors of opportunities, there's a chain reaction from that. Talk about the impact to the staff in the operations because you almost it's motivating. At some level, you got new things happening but you're actually making things go better and faster, cheaper. >> Yeah, well, the impact is one because we're on a journey at Vodafone of this transformation really becoming a technology business first and foremost, rather than a telco classically like our competitors. We're able to really drive cultural change as well. So the impact on our people is a really, it's been a particularly engaging one, we've also been part of a real recruitment drive. We've just announced 7,000 new roles joining our team across Europe. And these are engineering roles driving more of the same behaviors and principles of a modern software engineering business like ours. And that really is fueled by our ability to experiment and try but become cloud native and employ these services in the way that they're designed to be. >> Maynard, I'd like to get your take on this and shift to a topic around what this all means. You zoom out and you say, okay, with the pandemic, it's become a mobile virtual hybrid now world around work play, all those lines are kind of blurring. It's not as clean as it used to be. Oh, the network segmented over here, this is over here, these legacy systems were built around the notion of things were nicely segmented. Now you have this whole kind of mashup if you will, of how you just want to work, right? There's mobilization is a huge thing. So access, identity, these are things that we're all kind of set up nicely before the pandemic, or at least not as a stable maybe not scalable. But what's your take on this? What's the big picture? What's all happening? >> I think, I mean, the pandemic has accelerated a set of changes that were already happening anyway. And I'd say the other part of this is under the covers. A lot of the work has been to create the microservices that stitch together to produce those journeys that run in the containers and so that opens up an Omni-channel feature that starts to move away from saying actually, businesses are organized around the environment in which they're serving. Is it a retail store? Is it online, additional and so on? And actually into much more of a space where you're building the best journeys and those journeys can and are served through digital or through a call center or through a store and so on. And that makes a huge difference because the focus on improving the customer's experience has been enormous. And I think that's one of the other parts that come out of the whole cloud native setup and the ability to experiment has been intuitively and endlessly improving the experience for the customer. And that's a massive step forward. So we can talk about the fact that we deploy a huge number of times more frequently than we did even a year ago or that our quality is improved by a massive percentage and so on. And I think the thing that's really interesting is the improvement in the experience and the endless improvement and iteration of that because we can make lots and lots of small changes and do every day. That's a big step forward. >> You know, what's interesting, Ben and let's get your reaction on this and if you don't mind to just add a little color to this. This is just another example of reports that we've been talking with folks on where it's not about just re-platforming to the cloud. It's refactoring the business with the engineering, the modernization. And so there's two things that go on. One, you see the efficiencies, new doors open up, new things are happening, people are getting excited, get some good morale boost, things are becoming clear, but then this actually new business value being created or new propositions, engineering propositions. Can you share from a digital standpoint because this seems to be the new role of the digital person, whether it's engineering or on the business side, make things run faster, cheaper and better and then create new opportunities, new propositions. What's your reaction? >> Yeah, it's fundamentally around pace of delivery. Being able to, as Maynard says, moving from a world two or three years ago where we were deploying once every two or three months. This is a website once every two or three months, it's where we were. And so now it's happening all the time every day. It's a skill that we've given us as an organization that we couldn't have leveraged before. And what we're able to do with that now is experiment our way and iterate our way to new value streams, as you say, but also to trial and error what we already know or expect to be true with our customers much, much more easily and much, much more frequently. Very little a barrier to production or friction between us and the customer these days and the almost instant response and feedback we get from customers, we learn constantly because of that and it's become much less of a stab in the dark with large business cases where they work well, they work to now much more experimental initiative. That way both to the propositions we know about but also to the experiments and unknowns in our future that also now unlocked for us. >> That's a great point you mentioned about the whole timing of, the old way, months, weeks, just for website stuff. Maynard, if you guys can share this new world order is actually pretty exciting but also daunting if you're not like in the water, so to speak. So some people are actually putting their toe in the water, they're experimenting but it's a game changer. I mean, a significant step up of value. What's your advice about solutions? And they're not easy. I mean, you just got to get your hands around Accenture. You guys have been doing a lot more of these projects and seeing more and more of these kinds of partnerships and the value is there. Can you guys share your opinion and advice to folks out there watching saying, how do I do this and is it going to be worth it? Is that bridge to the future there? >> I mean, I think there's a mechanical piece. How do I enable this? We could talk about DevOps and moving to cloud native and actually some of the process side of as an organization, how do I get really comfortable with deploying very frequently and it being low risk and routine and so on. The other part for me, which we sort of haven't touched on is as much as we talk about experimentation, it's about the data and the analytics and the knowledge that we create out of that. So the small changes we're making are highly scientific. And when we think about actually understanding how we're optimizing experiences, that's all about a whole set of data points that underpin it. And so I'd say two parts. It's the journey we've been on here is about enablement. It's about moving the architecture. It's about moving the ways of working so that a lot of things that were hard or required thinking about two years ago on that are routine but the other part of it is understanding the data and having the analytics capability and being able to make a very scientific experiment where you can see the result in the day to day. >> Ben, what's your reaction advice to folks watching as they modernize exciting, challenging. It's a lot of hard work, but what is its the end game? >> All of those things, yes. I'd say it's more than anything, it's a necessity these days we have to embark on this journey and it is daunting. And of course, a lot of large organizations like ours, we were successful for doing things in a particular way and built up a lot of protection mechanisms for making sure we protect that. And so to come at it from a new angle is obviously daunting. And it's very challenging as well. There is an immune system in all of our organizations it is real and we will all deal with it. But the success behind, I think the real reasons behind a lot of our success has been by being able to quickly prove value, to quickly prove that outcomes are deliverable and achievable. And then to build on those and iterate on it. And as I said, it's about being able to move at pace. For us in Vodafone it's about leveraging our scale. We're a huge organization, and we're now coming together as one to really make sure that we do lean on that scale more than we have them. We're really about iterating, as I said and finding things that work, keep doing it, finding things that hold you back and get rid of them as quickly as you can is what I would say for us. >> It's interesting you mentioned the scale. The thing about the cloud is when I hear the common pattern is it takes advantage of the strengths of your environment. So every environment's a bit different but you guys have the scale. I have to ask you while you're here. What are some of the anecdotal comments that kind of you hear from folks that make you happy, what about the results? I think saying, hey man, I'm not even seeing this anymore or wow this is faster. What's some of the sound bites that you guys take as proof points of the success of this project. >> Yeah, I'd say it's mainly there's two things I would say, the ability to rely less on IT delivery if you like. So empowering our commercial business to make changes for themselves in a safe and secure manner. So providing these self-service capabilities, we've started to see a real pace about our commercial business, as well as our technology business. But also the time it takes to get things out is probably one of the biggest, really tangible results and outcomes for us at the moment. Just the sheer amount of things we can release to production in sorts of short space of time really does bring to life our ability to now trial and error, to AB test Canary deploy, things like that is really, it's been a real superpower for our transformation. >> Yeah, kind of kidding about having time to go to the pub but in reality, it's free time freeing up people from doing those tasks that were slower and shifting that value. >> Yeah, as you mentioned John, it really is much more than a technical journey. This is a cultural one as well for a lot of organizations. And by being more connected to the outcomes or the value that you add into production, it really does drive a new culture and engagement across our teams. If it's six months between rising line of code and seeing it in production, I have no sense of ownership or pride in what I've done there, but if I can deploy code immediately see an impact good or bad, then I really do feel connected to the outcomes and the value that I'm driving to the business and to our customers. So there really is a great cultural journey as well. >> Yeah, I remember Andy Jassy last year when he was the CEO of AWS on the stage and talked about that dynamic of the team where people run in the right direction, feeling part of it. Maynard, this is a cultural shift on how companies do business. I know Accenture have covered probably a dozen or so killer projects that have just been awesomely new and kind of different but a successful built on the cloud. So a lot of re-platforming refactoring. You're in the front lines working with companies at Accenture. What's the pattern that you see that's happening right now? What's your view of the current market? >> I mean, I think there's a huge shift in this journey too has bankrupted the move from being on the cloud to being cloud native. I'm really getting that value because there's a kind of almost example I see, there's a light bulb moment where ownership of what you put in production means that you move away from a model of we change code because either the business tell us to cause they have a functional requirement or because something's broken when we get into the model of but I want to improve the thing that I feel ownership of that's not alive. And you suddenly see how much difference that makes to the experience of it, the quality of it, the stability, all of those things improving. And so if I look more generally that cultural shift is an evolution that organizations go through and it starts with actually delivering it in a more agile way. At some large scale, you see agility moving up into that kind of business agility and starting to affect things like budgeting cycles and the kind of corporate functions if you like, that tend to sit around supporting peak pieces of delivery. And there's a lot more of that happening at the moment, aligned with more organizations pushing into being properly cloud native and transforming rather than the kind of first wave which was the shift onto the cloud. Now it's actually, that's really leveraged what we've got with the cloud. >> Yeah and you guys essentially have been riding on the wave of AWS and the Cloud for many, many years we've been covering it. Ben great success story. Thanks for coming on theCUBE, a head of Digital Engineering, Vodafone UK. Great example of modern engineering at work using AWS in Europe. Thanks for coming on theCUBE sharing your story. Maynard, thank you for also coming on and the work you're doing at Accenture and AWS, thank you. >> Thanks John, great to be here. >> It's theCUBE coverage of AWS Reinvent 2021 Executive Summit, I'm John Furrier your host, thanks for watching. (upbeat music)

>>Hello and welcome today's cube presentation of eight of us startup showcase. I'm john for your host highlighting the hottest companies and devops data analytics and cloud management lisa martin and David want are here to kick it off. We've got a great program for you again. This is our, our new community event model where we're doing every quarter, we have every new episode, this is quarter three this year or episode three, season one of the hottest cloud startups and we're gonna be featured. Then we're gonna do a keynote package and then 15 countries will present their story, Go check them out and then have a closing keynote with a practitioner and we've got some great lineups, lisa Dave, great to see you. Thanks for joining me. >>Hey guys, >>great to be here. So David got to ask you, you know, back in events last night we're at the 14 it's event where they had the golf PGA championship with the cube Now we got the hybrid model, This is the new normal. We're in, we got these great companies were showcasing them. What's your take? >>Well, you're right. I mean, I think there's a combination of things. We're seeing some live shows. We saw what we did with at mobile world Congress. We did the show with AWS storage day where it was, we were at the spheres, there was no, there was a live audience, but they weren't there physically. It was just virtual and yeah, so, and I just got pained about reinvent. Hey Dave, you gotta make your flights. So I'm making my flights >>were gonna be at the amazon web services, public sector summit next week. At least a lot, a lot of cloud convergence going on here. We got many companies being featured here that we spoke with the Ceo and their top people cloud management, devops data, nelson security. Really cutting edge companies, >>yes, cutting edge companies who are all focused on acceleration. We've talked about the acceleration of digital transformation the last 18 months and we've seen a tremendous amount of acceleration in innovation with what these startups are doing. We've talked to like you said, there's, there's C suite, we've also talked to their customers about how they are innovating so quickly with this hybrid environment, this remote work and we've talked a lot about security in the last week or so. You mentioned that we were at Fortinet cybersecurity skills gap. What some of these companies are doing with automation for example, to help shorten that gap, which is a big opportunity >>for the job market. Great stuff. Dave so the format of this event, you're going to have a fireside chat with the practitioner, we'd like to end these programs with a great experienced practitioner cutting edge in data february. The beginning lisa are gonna be kicking off with of course Jeff bar to give us the update on what's going on AWS and then a special presentation from Emily Freeman who is the author of devops for dummies, she's introducing new content. The revolution in devops devops two point oh and of course jerry Chen from Greylock cube alumni is going to come on and talk about his new thesis castles in the cloud creating moats at cloud scale. We've got a great lineup of people and so the front ends can be great. Dave give us a little preview of what people can expect at the end of the fireside chat. >>Well at the highest level john I've always said we're entering that sort of third great wave of cloud. First wave was experimentation. The second big wave was migration. The third wave of integration, Deep business integration and what you're >>going to hear from >>Hello Fresh today is how they like many companies that started early last decade. They started with an on prem Hadoop system and then of course we all know what happened is S three essentially took the knees out from, from the on prem Hadoop market lowered costs, brought things into the cloud and what Hello Fresh is doing is they're transforming from that legacy Hadoop system into its running on AWS but into a data mess, you know, it's a passionate topic of mine. Hello Fresh was scaling they realized that they couldn't keep up so they had to rethink their entire data architecture and they built it around data mesh Clements key and christoph Soewandi gonna explain how they actually did that are on a journey or decentralized data >>measure it and your posts have been awesome on data measure. We get a lot of traction. Certainly you're breaking analysis for the folks watching check out David Landes, Breaking analysis every week, highlighting the cutting edge trends in tech Dave. We're gonna see you later, lisa and I are gonna be here in the morning talking about with Emily. We got Jeff Barr teed up. Dave. Thanks for coming on. Looking forward to fireside chat lisa. We'll see you when Emily comes back on. But we're gonna go to Jeff bar right now for Dave and I are gonna interview Jeff. Mm >>Hey Jeff, >>here he is. Hey, how are you? How's it going really well. So I gotta ask you, the reinvent is on, everyone wants to know that's happening right. We're good with Reinvent. >>Reinvent is happening. I've got my hotel and actually listening today, if I just remembered, I still need to actually book my flights. I've got my to do list on my desk and I do need to get my >>flights. Uh, >>really looking forward >>to it. I can't wait to see the all the announcements and blog posts. We're gonna, we're gonna hear from jerry Chen later. I love the after on our next event. Get your reaction to this castle and castles in the cloud where competitive advantages can be built in the cloud. We're seeing examples of that. But first I gotta ask you give us an update of what's going on. The ap and ecosystem has been an incredible uh, celebration these past couple weeks, >>so, so a lot of different things happening and the interesting thing to me is that as part of my job, I often think that I'm effectively living in the future because I get to see all this really cool stuff that we're building just a little bit before our customers get to, and so I'm always thinking okay, here I am now, and what's the world going to be like in a couple of weeks to a month or two when these launches? I'm working on actually get out the door and that, that's always really, really fun, just kind of getting that, that little edge into where we're going, but this year was a little interesting because we had to really significant birthdays, we had the 15 year anniversary of both EC two and S three and we're so focused on innovating and moving forward, that it's actually pretty rare for us at Aws to look back and say, wow, we've actually done all these amazing things in in the last 15 years, >>you know, it's kind of cool Jeff, if I may is is, you know, of course in the early days everybody said, well, a place for startup is a W. S and now the great thing about the startup showcases, we're seeing the startups that >>are >>very near, or some of them have even reached escape velocity, so they're not, they're not tiny little companies anymore, they're in their transforming their respective industries, >>they really are and I think that as they start ups grow, they really start to lean into the power of the cloud. They as they start to think, okay, we've we've got our basic infrastructure in place, we've got, we were serving data, we're serving up a few customers, everything is actually working pretty well for us. We've got our fundamental model proven out now, we can invest in publicity and marketing and scaling and but they don't have to think about what's happening behind the scenes. They just if they've got their auto scaling or if they're survivalists, the infrastructure simply grows to meet their demand and it's it's just a lot less things that they have to worry about. They can focus on the fun part of their business which is actually listening to customers and building up an awesome business >>Jeff as you guys are putting together all the big pre reinvented, knows a lot of stuff that goes on prior as well and they say all the big good stuff to reinvent. But you start to see some themes emerged this year. One of them is modernization of applications, the speed of application development in the cloud with the cloud scale devops personas, whatever persona you want to talk about but basically speed the speed of of the app developers where other departments have been slowing things down, I won't say name names, but security group and I t I mean I shouldn't have said that but only kidding but no but seriously people want in minutes and seconds now not days or weeks. You know whether it's policy. What are some of the trends that you're seeing around this this year as we get into some of the new stuff coming out >>So Dave customers really do want speed and for we've actually encapsulate this for a long time in amazon in what we call the bias for action leadership principle >>where >>we just need to jump in and move forward and and make things happen. A lot of customers look at that and they say yes this is great. We need to have the same bias fraction. Some do. Some are still trying to figure out exactly how to put it into play. And they absolutely for sure need to pay attention to security. They need to respect the past and make sure that whatever they're doing is in line with I. T. But they do want to move forward. And the interesting thing that I see time and time again is it's not simply about let's adopt a new technology. It's how do we >>how do we keep our workforce >>engaged? How do we make sure that they've got the right training? How do we bring our our I. T. Team along for this. Hopefully new and fun and exciting journey where they get to learn some interesting new technologies they've got all this very much accumulated business knowledge they still want to put to use, maybe they're a little bit apprehensive about something brand new and they hear about the cloud, but there by and large, they really want to move forward. They just need a little bit of >>help to make it happen >>real good guys. One of the things you're gonna hear today, we're talking about speed traditionally going fast. Oftentimes you meant you have to sacrifice some things on quality and what you're going to hear from some of the startups today is how they're addressing that to automation and modern devoPS technologies and sort of rethinking that whole application development approach. That's something I'm really excited to see organization is beginning to adopt so they don't have to make that tradeoff anymore. >>Yeah, I would >>never want to see someone >>sacrifice quality, >>but I do think that iterating very quickly and using the best of devoPS principles to be able to iterate incredibly quickly and get that first launch out there and then listen with both ears just >>as much >>as you can, Everything. You hear iterate really quickly to meet those needs in, in hours and days, not months, quarters or years. >>Great stuff. Chef and a lot of the companies were featuring here in the startup showcase represent that new kind of thinking, um, systems thinking as well as you know, the cloud scale and again and it's finally here, the revolution of deVOps is going to the next generation and uh, we're excited to have Emily Freeman who's going to come on and give a little preview for her new talk on this revolution. So Jeff, thank you for coming on, appreciate you sharing the update here on the cube. Happy >>to be. I'm actually really looking forward to hearing from Emily. >>Yeah, it's great. Great. Looking forward to the talk. Brand new Premier, Okay, uh, lisa martin, Emily Freeman is here. She's ready to come in and we're going to preview her lightning talk Emily. Um, thanks for coming on, we really appreciate you coming on really, this is about to talk around deVOPS next gen and I think lisa this is one of those things we've been, we've been discussing with all the companies. It's a new kind of thinking it's a revolution, it's a systems mindset, you're starting to see the connections there she is. Emily, Thanks for coming. I appreciate it. >>Thank you for having me. So your teaser video >>was amazing. Um, you know, that little secret radical idea, something completely different. Um, you gotta talk coming up, what's the premise behind this revolution, you know, these tying together architecture, development, automation deployment, operating altogether. >>Yes, well, we have traditionally always used the sclc, which is the software delivery life cycle. Um, and it is a straight linear process that has actually been around since the sixties, which is wild to me um, and really originated in manufacturing. Um, and as much as I love the Toyota production system and how much it has shown up in devops as a sort of inspiration on how to run things better. We are not making cars, we are making software and I think we have to use different approaches and create a sort of model that better reflects our modern software development process. >>It's a bold idea and looking forward to the talk and as motivation. I went into my basement and dusted off all my books from college in the 80s and the sea estimates it was waterfall. It was software development life cycle. They trained us to think this way and it came from the mainframe people. It was like, it's old school, like really, really old and it really hasn't been updated. Where's the motivation? I actually cloud is kind of converging everything together. We see that, but you kind of hit on this persona thing. Where did that come from this persona? Because you know, people want to put people in buckets release engineer. I mean, where's that motivation coming from? >>Yes, you're absolutely right that it came from the mainframes. I think, you know, waterfall is necessary when you're using a punch card or mag tape to load things onto a mainframe, but we don't exist in that world anymore. Thank goodness. And um, yes, so we, we use personas all the time in tech, you know, even to register, well not actually to register for this event, but a lot events. A lot of events, you have to click that drop down. Right. Are you a developer? Are you a manager, whatever? And the thing is personas are immutable in my opinion. I was a developer. I will always identify as a developer despite playing a lot of different roles and doing a lot of different jobs. Uh, and this can vary throughout the day. Right. You might have someone who has a title of software architect who ends up helping someone pair program or develop or test or deploy. Um, and so we wear a lot of hats day to day and I think our discussions around roles would be a better, um, certainly a better approach than personas >>lease. And I've been discussing with many of these companies around the roles and we're hearing from them directly and they're finding out that people have, they're mixing and matching on teams. So you're, you're an S R E on one team and you're doing something on another team where the workflows and the workloads defined the team formation. So this is a cultural discussion. >>It absolutely is. Yes. I think it is a cultural discussion and it really comes to the heart of devops, right? It's people process. And then tools deVOps has always been about culture and making sure that developers have all the tools they need to be productive and honestly happy. What good is all of this? If developing software isn't a joyful experience. Well, >>I got to ask you, I got you here obviously with server list and functions just starting to see this kind of this next gen. And we're gonna hear from jerry Chen, who's a Greylock VC who's going to talk about castles in the clouds, where he's discussing the moats that could be created with a competitive advantage in cloud scale. And I think he points to the snowflakes of the world. You're starting to see this new thing happening. This is devops 2.0, this is the revolution. Is this kind of where you see the same vision of your talk? >>Yes, so DeVOps created 2000 and 8, 2000 and nine, totally different ecosystem in the world we were living in, you know, we didn't have things like surveillance and containers, we didn't have this sort of default distributed nature, certainly not the cloud. Uh and so I'm very excited for jerry's talk. I'm curious to hear more about these moz. I think it's fascinating. Um but yeah, you're seeing different companies use different tools and processes to accelerate their delivery and that is the competitive advantage. How can we figure out how to utilize these tools in the most efficient way possible. >>Thank you for coming and giving us a preview. Let's now go to your lightning keynote talk. Fresh content. Premier of this revolution in Devops and the Freemans Talk, we'll go there now. >>Hi, I'm Emily Freeman, I'm the author of devops for dummies and the curator of 97 things every cloud engineer should know. I am thrilled to be here with you all today. I am really excited to share with you a kind of a wild idea, a complete re imagining of the S DLC and I want to be clear, I need your feedback. I want to know what you think of this. You can always find me on twitter at editing. Emily, most of my work centers around deVOps and I really can't overstate what an impact the concept of deVOPS has had on this industry in many ways it built on the foundation of Agile to become a default a standard we all reach for in our everyday work. When devops surfaced as an idea in 2008, the tech industry was in a vastly different space. AWS was an infancy offering only a handful of services. Azure and G C P didn't exist yet. The majority's majority of companies maintained their own infrastructure. Developers wrote code and relied on sys admins to deploy new code at scheduled intervals. Sometimes months apart, container technology hadn't been invented applications adhered to a monolithic architecture, databases were almost exclusively relational and serverless wasn't even a concept. Everything from the application to the engineers was centralized. Our current ecosystem couldn't be more different. Software is still hard, don't get me wrong, but we continue to find novel solutions to consistently difficult, persistent problems. Now, some of these end up being a sort of rebranding of old ideas, but others are a unique and clever take to abstracting complexity or automating toil or perhaps most important, rethinking challenging the very premises we have accepted as Cannon for years, if not decades. In the years since deVOps attempted to answer the critical conflict between developers and operations, engineers, deVOps has become a catch all term and there have been a number of derivative works. Devops has come to mean 5000 different things to 5000 different people. For some, it can be distilled to continuous integration and continuous delivery or C I C D. For others, it's simply deploying code more frequently, perhaps adding a smattering of tests for others. Still, its organizational, they've added a platform team, perhaps even a questionably named DEVOPS team or have created an engineering structure that focuses on a separation of concerns. Leaving feature teams to manage the development, deployment, security and maintenance of their siloed services, say, whatever the interpretation, what's important is that there isn't a universally accepted standard. Well, what deVOPS is or what it looks like an execution, it's a philosophy more than anything else. A framework people can utilize to configure and customize their specific circumstances to modern development practices. The characteristic of deVOPS that I think we can all agree on though, is that an attempted to capture the challenges of the entire software development process. It's that broad umbrella, that holistic view that I think we need to breathe life into again, The challenge we face is that DeVOps isn't increasingly outmoded solution to a previous problem developers now face. Cultural and technical challenge is far greater than how to more quickly deploy a monolithic application. Cloud native is the future the next collection of default development decisions and one the deVOPS story can't absorb in its current form. I believe the era of deVOPS is waning and in this moment as the sun sets on deVOPS, we have a unique opportunity to rethink rebuild free platform. Even now, I don't have a crystal ball. That would be very handy. I'm not completely certain with the next decade of tech looks like and I can't write this story alone. I need you but I have some ideas that can get the conversation started, I believe to build on what was we have to throw away assumptions that we've taken for granted all this time in order to move forward. We must first step back. Mhm. The software or systems development life cycle, what we call the S. D. L. C. has been in use since the 1960s and it's remained more or less the same since before color television and the touch tone phone. Over the last 60 or so odd years we've made tweaks, slight adjustments, massaged it. The stages or steps are always a little different with agile and deVOps we sort of looped it into a circle and then an infinity loop we've added pretty colors. But the sclc is more or less the same and it has become an assumption. We don't even think about it anymore, universally adopted constructs like the sclc have an unspoken permanence. They feel as if they have always been and always will be. I think the impact of that is even more potent. If you were born after a construct was popularized. Nearly everything around us is a construct, a model, an artifact of a human idea. The chair you're sitting in the desk, you work at the mug from which you drink coffee or sometimes wine, buildings, toilets, plumbing, roads, cars, art, computers, everything. The sclc is a remnant an artifact of a previous era and I think we should throw it away or perhaps more accurately replace it, replace it with something that better reflects the actual nature of our work. A linear, single threaded model designed for the manufacturer of material goods cannot possibly capture the distributed complexity of modern socio technical systems. It just can't. Mhm. And these two ideas aren't mutually exclusive that the sclc was industry changing, valuable and extraordinarily impactful and that it's time for something new. I believe we are strong enough to hold these two ideas at the same time, showing respect for the past while envisioning the future. Now, I don't know about you, I've never had a software project goes smoothly in one go. No matter how small. Even if I'm the only person working on it and committing directly to master software development is chaos. It's a study and entropy and it is not getting any more simple. The model with which we think and talk about software development must capture the multithreaded, non sequential nature of our work. It should embody the roles engineers take on and the considerations they make along the way. It should build on the foundations of agile and devops and represent the iterative nature of continuous innovation. Now, when I was thinking about this, I was inspired by ideas like extreme programming and the spiral model. I I wanted something that would have layers, threads, even a way of visually representing multiple processes happening in parallel. And what I settled on is the revolution model. I believe the visualization of revolution is capable of capturing the pivotal moments of any software scenario. And I'm going to dive into all the discrete elements. But I want to give you a moment to have a first impression, to absorb my idea. I call it revolution because well for one it revolves, it's circular shape reflects the continuous and iterative nature of our work, but also because it is revolutionary. I am challenging a 60 year old model that is embedded into our daily language. I don't expect Gartner to build a magic quadrant around this tomorrow, but that would be super cool. And you should call me my mission with. This is to challenge the status quo to create a model that I think more accurately reflects the complexity of modern cloud native software development. The revolution model is constructed of five concentric circles describing the critical roles of software development architect. Ng development, automating, deploying and operating intersecting each loop are six spokes that describe the production considerations every engineer has to consider throughout any engineering work and that's test, ability, secure ability, reliability, observe ability, flexibility and scalability. The considerations listed are not all encompassing. There are of course things not explicitly included. I figured if I put 20 spokes, some of us, including myself, might feel a little overwhelmed. So let's dive into each element in this model. We have long used personas as the default way to do divide audiences and tailor messages to group people. Every company in the world right now is repeating the mantra of developers, developers, developers but personas have always bugged me a bit because this approach typically either oversimplifies someone's career are needlessly complicated. Few people fit cleanly and completely into persona based buckets like developers and operations anymore. The lines have gotten fuzzy on the other hand, I don't think we need to specifically tailor messages as to call out the difference between a devops engineer and a release engineer or a security administrator versus a security engineer but perhaps most critically, I believe personas are immutable. A persona is wholly dependent on how someone identifies themselves. It's intrinsic not extrinsic. Their titles may change their jobs may differ, but they're probably still selecting the same persona on that ubiquitous drop down. We all have to choose from when registering for an event. Probably this one too. I I was a developer and I will always identify as a developer despite doing a ton of work in areas like devops and Ai Ops and Deverell in my heart. I'm a developer I think about problems from that perspective. First it influences my thinking and my approach roles are very different. Roles are temporary, inconsistent, constantly fluctuating. If I were an actress, the parts I would play would be lengthy and varied, but the persona I would identify as would remain an actress and artist lesbian. Your work isn't confined to a single set of skills. It may have been a decade ago, but it is not today in any given week or sprint, you may play the role of an architect. Thinking about how to design a feature or service, developer building out code or fixing a bug and on automation engineer, looking at how to improve manual processes. We often refer to as soil release engineer, deploying code to different environments or releasing it to customers or in operations. Engineer ensuring an application functions inconsistent expected ways and no matter what role we play. We have to consider a number of issues. The first is test ability. All software systems require testing to assure architects that designs work developers, the code works operators, that infrastructure is running as expected and engineers of all disciplines that code changes won't bring down the whole system testing in its many forms is what enables systems to be durable and have longevity. It's what reassures engineers that changes won't impact current functionality. A system without tests is a disaster waiting to happen, which is why test ability is first among equals at this particular roundtable. Security is everyone's responsibility. But if you understand how to design and execute secure systems, I struggle with this security incidents for the most part are high impact, low probability events. The really big disasters, the one that the ones that end up on the news and get us all free credit reporting for a year. They don't happen super frequently and then goodness because you know that there are endless small vulnerabilities lurking in our systems. Security is something we all know we should dedicate time to but often don't make time for. And let's be honest, it's hard and complicated and a little scary def sec apps. The first derivative of deVOPS asked engineers to move security left this approach. Mint security was a consideration early in the process, not something that would block release at the last moment. This is also the consideration under which I'm putting compliance and governance well not perfectly aligned. I figure all the things you have to call lawyers for should just live together. I'm kidding. But in all seriousness, these three concepts are really about risk management, identity, data, authorization. It doesn't really matter what specific issue you're speaking about, the question is who has access to what win and how and that is everyone's responsibility at every stage site reliability engineering or sorry, is a discipline job and approach for good reason. It is absolutely critical that applications and services work as expected. Most of the time. That said, availability is often mistakenly treated as a synonym for reliability. Instead, it's a single aspect of the concept if a system is available but customer data is inaccurate or out of sync. The system is not reliable, reliability has five key components, availability, latency, throughput. Fidelity and durability, reliability is the end result. But resiliency for me is the journey the action engineers can take to improve reliability, observe ability is the ability to have insight into an application or system. It's the combination of telemetry and monitoring and alerting available to engineers and leadership. There's an aspect of observe ability that overlaps with reliability, but the purpose of observe ability isn't just to maintain a reliable system though, that is of course important. It is the capacity for engineers working on a system to have visibility into the inner workings of that system. The concept of observe ability actually originates and linear dynamic systems. It's defined as how well internal states of a system can be understood based on information about its external outputs. If it is critical when companies move systems to the cloud or utilize managed services that they don't lose visibility and confidence in their systems. The shared responsibility model of cloud storage compute and managed services require that engineering teams be able to quickly be alerted to identify and remediate issues as they arise. Flexible systems are capable of adapting to meet the ever changing needs of the customer and the market segment, flexible code bases absorb new code smoothly. Embody a clean separation of concerns. Are partitioned into small components or classes and architected to enable the now as well as the next inflexible systems. Change dependencies are reduced or eliminated. Database schemas accommodate change well components, communicate via a standardized and well documented A. P. I. The only thing constant in our industry is change and every role we play, creating flexibility and solutions that can be flexible that will grow as the applications grow is absolutely critical. Finally, scalability scalability refers to more than a system's ability to scale for additional load. It implies growth scalability and the revolution model carries the continuous innovation of a team and the byproducts of that growth within a system. For me, scalability is the most human of the considerations. It requires each of us in our various roles to consider everyone around us, our customers who use the system or rely on its services, our colleagues current and future with whom we collaborate and even our future selves. Mhm. Software development isn't a straight line, nor is it a perfect loop. It is an ever changing complex dance. There are twirls and pivots and difficult spins forward and backward. Engineers move in parallel, creating truly magnificent pieces of art. We need a modern model for this modern era and I believe this is just the revolution to get us started. Thank you so much for having me. >>Hey, we're back here. Live in the keynote studio. I'm john for your host here with lisa martin. David lot is getting ready for the fireside chat ending keynote with the practitioner. Hello! Fresh without data mesh lisa Emily is amazing. The funky artwork there. She's amazing with the talk. I was mesmerized. It was impressive. >>The revolution of devops and the creative element was a really nice surprise there. But I love what she's doing. She's challenging the status quo. If we've learned nothing in the last year and a half, We need to challenge the status quo. A model from the 1960s that is no longer linear. What she's doing is revolutionary. >>And we hear this all the time. All the cube interviews we do is that you're seeing the leaders, the SVP's of engineering or these departments where there's new new people coming in that are engineering or developers, they're playing multiple roles. It's almost a multidisciplinary aspect where you know, it's like going into in and out burger in the fryer later and then you're doing the grill, you're doing the cashier, people are changing roles or an architect, their test release all in one no longer departmental, slow siloed groups. >>She brought up a great point about persona is that we no longer fit into these buckets. That the changing roles. It's really the driver of how we should be looking at this. >>I think I'm really impressed, really bold idea, no brainer as far as I'm concerned, I think one of the things and then the comments were off the charts in a lot of young people come from discord servers. We had a good traction over there but they're all like learning. Then you have the experience, people saying this is definitely has happened and happening. The dominoes are falling and they're falling in the direction of modernization. That's the key trend speed. >>Absolutely with speed. But the way that Emily is presenting it is not in a brash bold, but it's in a way that makes great sense. The way that she creatively visually lined out what she was talking about Is amenable to the folks that have been doing this for since the 60s and the new folks now to really look at this from a different >>lens and I think she's a great setup on that lightning top of the 15 companies we got because you think about sis dig harness. I white sourced flamingo hacker one send out, I oh, okay. Thought spot rock set Sarah Ops ramp and Ops Monte cloud apps, sani all are doing modern stuff and we talked to them and they're all on this new wave, this monster wave coming. What's your observation when you talk to these companies? >>They are, it was great. I got to talk with eight of the 15 and the amount of acceleration of innovation that they've done in the last 18 months is phenomenal obviously with the power and the fuel and the brand reputation of aws but really what they're all facilitating cultural shift when we think of devoPS and the security folks. Um, there's a lot of work going on with ai to an automation to really kind of enabled to develop the develops folks to be in control of the process and not have to be security experts but ensuring that the security is baked in shifting >>left. We saw that the chat room was really active on the security side and one of the things I noticed was not just shift left but the other groups, the security groups and the theme of cultural, I won't say war but collision cultural shift that's happening between the groups is interesting because you have this new devops persona has been around Emily put it out for a while. But now it's going to the next level. There's new revolutions about a mindset, a systems mindset. It's a thinking and you start to see the new young companies coming out being funded by the gray locks of the world who are now like not going to be given the we lost the top three clouds one, everything. there's new business models and new technical architecture in the cloud and that's gonna be jerry Chen talk coming up next is going to be castles in the clouds because jerry chant always talked about moats, competitive advantage and how moats are key to success to guard the castle. And then we always joke, there's no more moz because the cloud has killed all the boats. But now the motor in the cloud, the castles are in the cloud, not on the ground. So very interesting thought provoking. But he's got data and if you look at the successful companies like the snowflakes of the world, you're starting to see these new formations of this new layer of innovation where companies are growing rapidly, 98 unicorns now in the cloud. Unbelievable, >>wow, that's a lot. One of the things you mentioned, there's competitive advantage and these startups are all fueled by that they know that there are other companies in the rear view mirror right behind them. If they're not able to work as quickly and as flexibly as a competitor, they have to have that speed that time to market that time to value. It was absolutely critical. And that's one of the things I think thematically that I saw along the eighth sort of that I talked to is that time to value is absolutely table stakes. >>Well, I'm looking forward to talking to jerry chan because we've talked on the queue before about this whole idea of What happens when winner takes most would mean the top 3, 4 cloud players. What happens? And we were talking about that and saying, if you have a model where an ecosystem can develop, what does that look like and back in 2013, 2014, 2015, no one really had an answer. Jerry was the only BC. He really nailed it with this castles in the cloud. He nailed the idea that this is going to happen. And so I think, you know, we'll look back at the tape or the videos from the cube, we'll find those cuts. But we were talking about this then we were pontificating and riffing on the fact that there's going to be new winners and they're gonna look different as Andy Jassy always says in the cube you have to be misunderstood if you're really going to make something happen. Most of the most successful companies are misunderstood. Not anymore. The cloud scales there. And that's what's exciting about all this. >>It is exciting that the scale is there, the appetite is there the appetite to challenge the status quo, which is right now in this economic and dynamic market that we're living in is there's nothing better. >>One of the things that's come up and and that's just real quick before we bring jerry in is automation has been insecurity, absolutely security's been in every conversation, but automation is now so hot in the sense of it's real and it's becoming part of all the design decisions. How can we automate can we automate faster where the keys to automation? Is that having the right data, What data is available? So I think the idea of automation and Ai are driving all the change and that's to me is what these new companies represent this modern error where AI is built into the outcome and the apps and all that infrastructure. So it's super exciting. Um, let's check in, we got jerry Chen line at least a great. We're gonna come back after jerry and then kick off the day. Let's bring in jerry Chen from Greylock is he here? Let's bring him in there. He is. >>Hey john good to see you. >>Hey, congratulations on an amazing talk and thesis on the castles on the cloud. Thanks for coming on. >>All right, Well thanks for reading it. Um, always were being put a piece of workout out either. Not sure what the responses, but it seemed to resonate with a bunch of developers, founders, investors and folks like yourself. So smart people seem to gravitate to us. So thank you very much. >>Well, one of the benefits of doing the Cube for 11 years, Jerry's we have videotape of many, many people talking about what the future will hold. You kind of are on this early, it wasn't called castles in the cloud, but you were all I was, we had many conversations were kind of connecting the dots in real time. But you've been on this for a while. It's great to see the work. I really think you nailed this. I think you're absolutely on point here. So let's get into it. What is castles in the cloud? New research to come out from Greylock that you spearheaded? It's collaborative effort, but you've got data behind it. Give a quick overview of what is castle the cloud, the new modes of competitive advantage for companies. >>Yeah, it's as a group project that our team put together but basically john the question is, how do you win in the cloud? Remember the conversation we had eight years ago when amazon re event was holy cow, Like can you compete with them? Like is it a winner? Take all? Winner take most And if it is winner take most, where are the white spaces for Some starts to to emerge and clearly the past eight years in the cloud this journey, we've seen big companies, data breaks, snowflakes, elastic Mongo data robot. And so um they spotted the question is, you know, why are the castles in the cloud? The big three cloud providers, Amazon google and Azure winning. You know, what advantage do they have? And then given their modes of scale network effects, how can you as a startup win? And so look, there are 500 plus services between all three cloud vendors, but there are like 500 plus um startups competing gets a cloud vendors and there's like almost 100 unicorn of private companies competing successfully against the cloud vendors, including public companies. So like Alaska, Mongo Snowflake. No data breaks. Not public yet. Hashtag or not public yet. These are some examples of the names that I think are winning and watch this space because you see more of these guys storm the castle if you will. >>Yeah. And you know one of the things that's a funny metaphor because it has many different implications. One, as we talk about security, the perimeter of the gates, the moats being on land. But now you're in the cloud, you have also different security paradigm. You have a different um, new kinds of services that are coming on board faster than ever before. Not just from the cloud players but From companies contributing into the ecosystem. So the combination of the big three making the market the main markets you, I think you call 31 markets that we know of that probably maybe more. And then you have this notion of a sub market, which means that there's like we used to call it white space back in the day, remember how many whites? Where's the white space? I mean if you're in the cloud, there's like a zillion white spaces. So talk about this sub market dynamic between markets and that are being enabled by the cloud players and how these sub markets play into it. >>Sure. So first, the first problem was what we did. We downloaded all the services for the big three clowns. Right? And you know what as recalls a database or database service like a document DB and amazon is like Cosmo dB and Azure. So first thing first is we had to like look at all three cloud providers and you? Re categorize all the services almost 500 Apples, Apples, Apples # one number two is you look at all these markets or sub markets and said, okay, how can we cluster these services into things that you know you and I can rock right. That's what amazon Azure and google think about. It is very different and the beauty of the cloud is this kind of fat long tail of services for developers. So instead of like oracle is a single database for all your needs. They're like 20 or 30 different databases from time series um analytics, databases. We're talking rocks at later today. Right. Um uh, document databases like Mongo search database like elastic. And so what happens is there's not one giant market like databases, there's a database market And 30, 40 sub markets that serve the needs developers. So the Great News is cloud has reduced the cost and create something that new for developers. Um also the good news is for a start up you can find plenty of white speeds solving a pain point, very specific to a different type of problem >>and you can sequence up to power law to this. I love the power of a metaphor, you know, used to be a very thin neck note no torso and then a long tail. But now as you're pointing out this expansion of the fat tail of services, but also there's big tam's and markets available at the top of the power law where you see coming like snowflake essentially take on the data warehousing market by basically sitting on amazon re factoring with new services and then getting a flywheel completely changing the economic unit economics completely changing the consumption model completely changing the value proposition >>literally you >>get Snowflake has created like a storm, create a hole, that mode or that castle wall against red shift. Then companies like rock set do your real time analytics is Russian right behind snowflakes saying, hey snowflake is great for data warehouse but it's not fast enough for real time analytics. Let me give you something new to your, to your parallel argument. Even the big optic snowflake have created kind of a wake behind them that created even more white space for Gaza rock set. So that's exciting for guys like me and >>you. And then also as we were talking about our last episode two or quarter two of our showcase. Um, from a VC came on, it's like the old shelf where you didn't know if a company's successful until they had to return the inventory now with cloud you if you're not successful, you know it right away. It's like there's no debate. Like, I mean you're either winning or not. This is like that's so instrumented so a company can have a good better mousetrap and win and fill the white space and then move up. >>It goes both ways. The cloud vendor, the big three amazon google and Azure for sure. They instrument their own class. They know john which ecosystem partners doing well in which ecosystems doing poorly and they hear from the customers exactly what they want. So it goes both ways they can weaponize that. And just as well as you started to weaponize that info >>and that's the big argument of do that snowflake still pays the amazon bills. They're still there. So again, repatriation comes back, That's a big conversation that's come up. What's your quick take on that? Because if you're gonna have a castle in the cloud, then you're gonna bring it back to land. I mean, what's that dynamic? Where do you see that compete? Because on one hand is innovation. The other ones maybe cost efficiency. Is that a growth indicator slow down? What's your view on the movement from and to the cloud? >>I think there's probably three forces you're finding here. One is the cost advantage in the scale advantage of cloud so that I think has been going for the past eight years, there's a repatriation movement for a certain subset of customers, I think for cost purposes makes sense. I think that's a tiny handful that believe they can actually run things better than a cloud. The third thing we're seeing around repatriation is not necessary against cloud, but you're gonna see more decentralized clouds and things pushed to the edge. Right? So you look at companies like Cloudflare Fastly or a company that we're investing in Cato networks. All ideas focus on secure access at the edge. And so I think that's not the repatriation of my own data center, which is kind of a disaggregated of cloud from one giant monolithic cloud, like AWS east or like a google region in europe to multiple smaller clouds for governance purposes, security purposes or legacy purposes. >>So I'm looking at my notes here, looking down on the screen here for this to read this because it's uh to cut and paste from your thesis on the cloud. The excellent cloud. The of the $38 billion invested this quarter. Um Ai and ml number one, um analytics. Number two, security number three. Actually, security number one. But you can see the bubbles here. So all those are data problems I need to ask you. I see data is hot data as intellectual property. How do you look at that? Because we've been reporting on this and we just started the cube conversation around workflows as intellectual property. If you have scale and your motives in the cloud. You could argue that data and the workflows around those data streams is intellectual property. It's a protocol >>I believe both are. And they just kind of go hand in hand like peanut butter and jelly. Right? So data for sure. I. P. So if you know people talk about days in the oil, the new resource. That's largely true because of powers a bunch. But the workflow to your point john is sticky because every company is a unique snowflake right? Like the process used to run the cube and your business different how we run our business. So if you can build a workflow that leverages the data, that's super sticky. So in terms of switching costs, if my work is very bespoke to your business, then I think that's competitive advantage. >>Well certainly your workflow is a lot different than the cube. You guys just a lot of billions of dollars in capital. We're talking to all the people out here jerry. Great to have you on final thought on your thesis. Where does it go from here? What's been the reaction? Uh No, you put it out there. Great love the restart. Think you're on point on this one. Where did we go from here? >>We have to follow pieces um in the near term one around, you know, deep diver on open source. So look out for that pretty soon and how that's been a powerful strategy a second. Is this kind of just aggregation of the cloud be a Blockchain and you know, decentralized apps, be edge applications. So that's in the near term two more pieces of, of deep dive we're doing. And then the goal here is to update this on a quarterly and annual basis. So we're getting submissions from founders that wanted to say, hey, you missed us or he screwed up here. We got the big cloud vendors saying, Hey jerry, we just lost his new things. So our goal here is to update this every single year and then probably do look back saying, okay, uh, where were we wrong? We're right. And then let's say the castle clouds 2022. We'll see the difference were the more unicorns were there more services were the IPO's happening. So look for some short term work from us on analytics, like around open source and clouds. And then next year we hope that all of this forward saying, Hey, you have two year, what's happening? What's changing? >>Great stuff and, and congratulations on the southern news. You guys put another half a billion dollars into early, early stage, which is your roots. Are you still doing a lot of great investments in a lot of unicorns. Congratulations that. Great luck on the team. Thanks for coming on and congratulations you nailed this one. I think I'm gonna look back and say that this is a pretty seminal piece of work here. Thanks for sharing. >>Thanks john thanks for having us. >>Okay. Okay. This is the cube here and 81 startup showcase. We're about to get going in on all the hot companies closing out the kino lisa uh, see jerry Chen cube alumni. He was right from day one. We've been riffing on this, but he nails it here. I think Greylock is lucky to have him as a general partner. He's done great deals, but I think he's hitting the next wave big. This is, this is huge. >>I was listening to you guys talking thinking if if you had a crystal ball back in 2013, some of the things Jerry saying now his narrative now, what did he have a crystal >>ball? He did. I mean he could be a cuBA host and I could be a venture capital. We were both right. I think so. We could have been, you know, doing that together now and all serious now. He was right. I mean, we talked off camera about who's the next amazon who's going to challenge amazon and Andy Jassy was quoted many times in the queue by saying, you know, he was surprised that it took so long for people to figure out what they were doing. Okay, jerry was that VM where he had visibility into the cloud. He saw amazon right away like we did like this is a winning formula and so he was really out front on this one. >>Well in the investments that they're making in these unicorns is exciting. They have this, this lens that they're able to see the opportunities there almost before anybody else can. And finding more white space where we didn't even know there was any. >>Yeah. And what's interesting about the report I'm gonna dig into and I want to get to him while he's on camera because it's a great report, but He says it's like 500 services I think Amazon has 5000. So how you define services as an interesting thing and a lot of amazon services that they have as your doesn't have and vice versa, they do call that out. So I find the report interesting. It's gonna be a feature game in the future between clouds the big three. They're gonna say we do this, you're starting to see the formation, Google's much more developer oriented. Amazon is much more stronger in the governance area with data obviously as he pointed out, they have such experience Microsoft, not so much their developer cloud and more office, not so much on the government's side. So that that's an indicator of my, my opinion of kind of where they rank. So including the number one is still amazon web services as your long second place, way behind google, right behind Azure. So we'll see how the horses come in, >>right. And it's also kind of speaks to the hybrid world in which we're living the hybrid multi cloud world in which many companies are living as companies to not just survive in the last year and a half, but to thrive and really have to become data companies and leverage that data as a competitive advantage to be able to unlock the value of it. And a lot of these startups that we talked to in the showcase are talking about how they're helping organizations unlock that data value. As jerry said, it is the new oil, it's the new gold. Not unless you can unlock that value faster than your competition. >>Yeah, well, I'm just super excited. We got a great day ahead of us with with all the cots startups. And then at the end day, Volonte is gonna interview, hello, fresh practitioners, We're gonna close it out every episode now, we're going to do with the closing practitioner. We try to get jpmorgan chase data measures. The hottest area right now in the enterprise data is new competitive advantage. We know that data workflows are now intellectual property. You're starting to see data really factoring into these applications now as a key aspect of the competitive advantage and the value creation. So companies that are smart are investing heavily in that and the ones that are kind of slow on the uptake are lagging the market and just trying to figure it out. So you start to see that transition and you're starting to see people fall away now from the fact that they're not gonna make it right, You're starting to, you know, you can look at look at any happens saying how much ai is really in there. Real ai what's their data strategy and you almost squint through that and go, okay, that's gonna be losing application. >>Well the winners are making it a board level conversation >>And security isn't built in. Great to have you on this morning kicking it off. Thanks John Okay, we're going to go into the next set of the program at 10:00 we're going to move into the breakouts. Check out the companies is three tracks in there. We have an awesome track on devops pure devops. We've got the data and analytics and we got the cloud management and just to run down real quick check out the sis dig harness. Io system is doing great, securing devops harness. IO modern software delivery platform, White Source. They're preventing and remediating the rest of the internet for them for the company's that's a really interesting and lumbago, effortless acres land and monitoring functions, server list super hot. And of course hacker one is always great doing a lot of great missions and and bounties you see those success continue to send i O there in Palo alto changing the game on data engineering and data pipe lining. Okay. Data driven another new platform, horizontally scalable and of course thought spot ai driven kind of a search paradigm and of course rock set jerry Chen's companies here and press are all doing great in the analytics and then the cloud management cost side 80 operations day to operate. Ops ramps and ops multi cloud are all there and sunny, all all going to present. So check them out. This is the Cubes Adria's startup showcase episode three.

>>Hello and welcome today's cube presentation of eight of us startup showcase. I'm john for your host highlighting the hottest companies and devops data analytics and cloud management lisa martin and David want are here to kick it off. We've got a great program for you again. This is our, our new community event model where we're doing every quarter, we have every new episode, this is quarter three this year or episode three, season one of the hottest cloud startups and we're gonna be featured. Then we're gonna do a keynote package and then 15 countries will present their story, Go check them out and then have a closing keynote with a practitioner and we've got some great lineups, lisa Dave, great to see you. Thanks for joining me. Hey >>guys, great to be here. >>So David got to ask you, you know, back in events last night we're at the 14 it's event where they had the golf PGA championship with the cube Now we got the hybrid model, This is the new normal. We're in, we got these great companies were showcasing them. What's your take? >>Well, you're right. I mean, I think there's a combination of things. We're seeing some live shows. We saw what we did with at mobile world Congress. We did the show with AWS storage day where it was, we were at the spheres, there was no, there was a live audience, but they weren't there physically. It was just virtual and yeah, so, and I just got pained about reinvent. Hey Dave, you gotta make your flights. So I'm making my flights >>were gonna be at the amazon web services, public sector summit next week. At least a lot, a lot of cloud convergence going on here. We got many companies being featured here that we spoke with the Ceo and their top people cloud management, devops data, nelson security. Really cutting edge companies, >>yes, cutting edge companies who are all focused on acceleration. We've talked about the acceleration of digital transformation the last 18 months and we've seen a tremendous amount of acceleration in innovation with what these startups are doing. We've talked to like you said, there's, there's C suite, we've also talked to their customers about how they are innovating so quickly with this hybrid environment, this remote work and we've talked a lot about security in the last week or so. You mentioned that we were at Fortinet cybersecurity skills gap. What some of these companies are doing with automation for example, to help shorten that gap, which is a big opportunity for the >>job market. Great stuff. Dave so the format of this event, you're going to have a fireside chat with the practitioner, we'd like to end these programs with a great experienced practitioner cutting edge in data february. The beginning lisa are gonna be kicking off with of course Jeff bar to give us the update on what's going on AWS and then a special presentation from Emily Freeman who is the author of devops for dummies, she's introducing new content. The revolution in devops devops two point oh and of course jerry Chen from Greylock cube alumni is going to come on and talk about his new thesis castles in the cloud creating moats at cloud scale. We've got a great lineup of people and so the front ends can be great. Dave give us a little preview of what people can expect at the end of the fireside chat. >>Well at the highest level john I've always said we're entering that sort of third great wave of cloud. First wave was experimentation. The second big wave was migration. The third wave of integration, Deep business integration and what you're going to hear from Hello Fresh today is how they like many companies that started early last decade. They started with an on prem Hadoop system and then of course we all know what happened is S three essentially took the knees out from, from the on prem Hadoop market lowered costs, brought things into the cloud and what Hello Fresh is doing is they're transforming from that legacy Hadoop system into its running on AWS but into a data mess, you know, it's a passionate topic of mine. Hello Fresh was scaling they realized that they couldn't keep up so they had to rethink their entire data architecture and they built it around data mesh Clements key and christoph Soewandi gonna explain how they actually did that are on a journey or decentralized data measure >>it and your posts have been awesome on data measure. We get a lot of traction. Certainly you're breaking analysis for the folks watching check out David Landes, Breaking analysis every week, highlighting the cutting edge trends in tech Dave. We're gonna see you later, lisa and I are gonna be here in the morning talking about with Emily. We got Jeff Barr teed up. Dave. Thanks for coming on. Looking forward to fireside chat lisa. We'll see you when Emily comes back on. But we're gonna go to Jeff bar right now for Dave and I are gonna interview Jeff. Mm >>Hey Jeff, >>here he is. Hey, how are you? How's it >>going really well. >>So I gotta ask you, the reinvent is on, everyone wants to know that's happening right. We're good with Reinvent. >>Reinvent is happening. I've got my hotel and actually listening today, if I just remembered, I still need to actually book my flights. I've got my to do list on my desk and I do need to get my flights. Uh, really looking forward to it. >>I can't wait to see the all the announcements and blog posts. We're gonna, we're gonna hear from jerry Chen later. I love the after on our next event. Get your reaction to this castle and castles in the cloud where competitive advantages can be built in the cloud. We're seeing examples of that. But first I gotta ask you give us an update of what's going on. The ap and ecosystem has been an incredible uh, celebration these past couple weeks, >>so, so a lot of different things happening and the interesting thing to me is that as part of my job, I often think that I'm effectively living in the future because I get to see all this really cool stuff that we're building just a little bit before our customers get to, and so I'm always thinking okay, here I am now, and what's the world going to be like in a couple of weeks to a month or two when these launches? I'm working on actually get out the door and that, that's always really, really fun, just kind of getting that, that little edge into where we're going, but this year was a little interesting because we had to really significant birthdays, we had the 15 year anniversary of both EC two and S three and we're so focused on innovating and moving forward, that it's actually pretty rare for us at Aws to look back and say, wow, we've actually done all these amazing things in in the last 15 years, >>you know, it's kind of cool Jeff, if I may is is, you know, of course in the early days everybody said, well, a place for startup is a W. S and now the great thing about the startup showcases, we're seeing the startups that are very near, or some of them have even reached escape velocity, so they're not, they're not tiny little companies anymore, they're in their transforming their respective industries, >>they really are and I think that as they start ups grow, they really start to lean into the power of the cloud. They as they start to think, okay, we've we've got our basic infrastructure in place, we've got, we were serving data, we're serving up a few customers, everything is actually working pretty well for us. We've got our fundamental model proven out now, we can invest in publicity and marketing and scaling and but they don't have to think about what's happening behind the scenes. They just if they've got their auto scaling or if they're survivalists, the infrastructure simply grows to meet their demand and it's it's just a lot less things that they have to worry about. They can focus on the fun part of their business which is actually listening to customers and building up an awesome business >>Jeff as you guys are putting together all the big pre reinvented, knows a lot of stuff that goes on prior as well and they say all the big good stuff to reinvent. But you start to see some themes emerged this year. One of them is modernization of applications, the speed of application development in the cloud with the cloud scale devops personas, whatever persona you want to talk about but basically speed the speed of of the app developers where other departments have been slowing things down, I won't say name names, but security group and I t I mean I shouldn't have said that but only kidding but no but seriously people want in minutes and seconds now not days or weeks. You know whether it's policy. What are some of the trends that you're seeing around this this year as we get into some of the new stuff coming out >>So Dave customers really do want speed and for we've actually encapsulate this for a long time in amazon in what we call the bias for action leadership principle where we just need to jump in and move forward and and make things happen. A lot of customers look at that and they say yes this is great. We need to have the same bias fraction. Some do. Some are still trying to figure out exactly how to put it into play. And they absolutely for sure need to pay attention to security. They need to respect the past and make sure that whatever they're doing is in line with I. T. But they do want to move forward. And the interesting thing that I see time and time again is it's not simply about let's adopt a new technology. It's how do we how do we keep our workforce engaged? How do we make sure that they've got the right training? How do we bring our our I. T. Team along for this. Hopefully new and fun and exciting journey where they get to learn some interesting new technologies they've got all this very much accumulated business knowledge they still want to put to use, maybe they're a little bit apprehensive about something brand new and they hear about the cloud, but there by and large, they really want to move forward. They just need a little bit of help to make it happen real >>good guys. One of the things you're gonna hear today, we're talking about speed traditionally going fast. Oftentimes you meant you have to sacrifice some things on quality and what you're going to hear from some of the startups today is how they're addressing that to automation and modern devoPS technologies and sort of rethinking that whole application development approach. That's something I'm really excited to see organization is beginning to adopt so they don't have to make that tradeoff anymore. >>Yeah, I would never want to see someone sacrifice quality, but I do think that iterating very quickly and using the best of devoPS principles to be able to iterate incredibly quickly and get that first launch out there and then listen with both ears just as much as you can, Everything. You hear iterate really quickly to meet those needs in, in hours and days, not months, quarters or years. >>Great stuff. Chef and a lot of the companies were featuring here in the startup showcase represent that new kind of thinking, um, systems thinking as well as you know, the cloud scale and again and it's finally here, the revolution of deVOps is going to the next generation and uh, we're excited to have Emily Freeman who's going to come on and give a little preview for her new talk on this revolution. So Jeff, thank you for coming on, appreciate you sharing the update here on the cube. Happy >>to be. I'm actually really looking forward to hearing from Emily. >>Yeah, it's great. Great. Looking forward to the talk.

>>from around the globe. It's the cube with coverage of Kublai >>Khan and Cloud Native Con, Europe 2021 >>virtual brought to you by red hat. The cloud Native >>computing foundation >>and ecosystem partners. >>Welcome back to the cubes coverage everyone of Coop Con 2021 Cloud Native Con 21 virtual europe. I'm john for your host of the cube. We've got two great guests here, James Labaki, senior Director of Product management, Red Hat and Richer Puree. IBM fellow and chief scientist at IBM Gentlemen, thanks for coming on the cube, appreciate it. >>Thank you for having us. >>So, um, got an IBM fellow and Chief scientist, Senior Director Product management. You guys have the keys to the kingdom on cloud Native. All right, it's gonna be fun. So let's just jump into it. So I want to ask you before we get into some of the questions around the projects, what you guys take of cube con this year, in terms of the vibe, I know it's virtual in europe north America, we looked like we might be in person but this year with the pandemic cloud native just seems to have a spring to its step, it's got more traction. I've seen the cloud native piece even more than kubernetes in a way. So scott cooper diseases continues to have traction, but it's always about kubernetes now. It's more cloud native. I what do you guys think about that? >>Yeah, I'm sure you have thoughts and I could add on >>Yes, I I think well I would really think of it as almost sequential in some ways. Community is too cold now there's a layer which comes above it which is where all our, you know, clients and enterprises realize the value, which is when the applications really move. It's about the applications and what they can deliver to their end customers. And the game now is really about moving those applications and making them cloud native. That's when the value of that software infrastructure will get realized and that's why you are seeing that vibe in the, in the clients and enterprises and at two corners. Well, >>yeah, I mean, I think it's exciting. I've been covering this community since the beginning as you guys know the cube. This is the enablement moment where the fruit is coming off the tree is starting to see that first wave of you mentioned that enablement, it's happening and you can see it in the project. So I want to get into the news here, the conveyor community. What is this about? Can you take a minute to explain what is the conveyor community? >>Yeah, yeah. I think uh, you know, uh, what, what we discovered is we were starting to work with a lot of end users and practitioners. Is that what we're finding is that they kind of get tired of hearing about digital transformation and from multiple vendors and and from sales folks and these sorts of things. And when you speak to the practitioners, they just want to know what are the practical implications of moving towards a more collaborative architecture. And so, um, you know, when you start talking to them at levels beyond, uh, just generic kind of, you know, I would say marketing speak and even the business cases, the developers and sys admins need to know what it is they need to do to their application architecture is the ways they're working for to successfully modernize their applications. And so the idea behind the conveyor community was really kind of two fold. One was to help with knowledge sharing. So we started running meetups where people can come and share their knowledge of what they've done around specific topics like strangling monoliths or carving offside containers or things that sidecar containers are things that they've done successfully uh to help uh kind of move things forward. So it's really about knowledge sharing. And then the second piece we discovered was that there's really no place where you can find open source tools to help you re host re platform and re factor your applications to kubernetes. And so that's really where we're trying to fill that void is provide open source options in that space and kind of inviting everybody else to collaborate with us on that. >>Can you give an example of something uh some use cases of people doing this, why the need the drivers? It makes sense. Right. As a growing, you've got, you have to move applications. People want to have um applications moved to communities. I get that. But what are some of the use cases that were forcing this? >>Yeah, absolutely, for sure. I don't know if you have any you want to touch on um specifically I could add on as well. >>Yeah, I think some of the key use cases, I would really say it will be. So let let me just, I think James just talked about re host, re hosting, re platform ng and re factoring, I'm gonna put some numbers on it and then they talk about the use case a little bit as well. I would really say 30 virtual machines movement. That's it. That's the first one to happen. Easy, easier one, relatively speaking. But that's the first one to happen. The re platform in one where you are now really sort of changing the stack as well but not changing the application in any major way yet. And the hardest one happened around re factoring, which is, you are, you know, this is when we start talking about cloud native, you take a monolithic application which you know legacy applications which have been running for a long time and try to re factor them so that you can build microservices out of them. The very first, I would say set of clients that we are seeing at the leading edge around this will be around banking and insurance. Legacy applications, banking is obviously finances a large industry and that's the first movement you start seeing which is where the complexity of the application in terms of some of the legacy code that you are seeing more onto the, into the cloud. That for a cloud native implementation as well as their as well as a diversity of scenarios from a re hosting and re platform ng point of view. And we'll talk about some of the tools that we are putting in the community uh to help the users and uh and the developer community in many of these enterprises uh move into a cloud native implementation lot of their applications. And also from the point of view of helping them in terms of practice, is what I describe as best practices. It is not just about tools, it's about the community coming together. How do I do this? How do I do that? Actually, there are best practices that we as a community have gathered. It's about that sharing as well, James. >>Yeah, I think you hit the nail on the head. Right. So you re hosting like for example, you might have uh an application that was delivered, you buy an SV that is not available containerized yet. You need to bring that over as a VM. So you can bring that into Q Bert, you know, and actually bring that and just re hosted. You can, you might have some things that you've already containerized but they're sitting on a container orchestration layer that is no longer growing, right? So the innovation has kind of left that platform and kind of kubernetes has become kind of that standard one, the container orchestration layer, if you want become the de facto standard. And so you want to re platform that that takes massaging and transforming metadata to do that to create the right objects and so on and so forth. So there's a bunch of different use cases around that that kind of fall into that re host tree platform all the way up to re factoring >>So just explain for the audience and I know I love I love the three things re hosting re platform in and re factoring what's the difference between re platform NG and re factoring specifically, what's the nuance there? >>Yeah, yeah, so so a lot of times I think people have a lot of people, you know, I think obviously amazon kind of popularized the six hours framework years ago, you know, with, with, with, with that. And so if you look at what they kind of what they popularize it was replied corn is really kind of like a lift tinker and shift. So maybe it's, I, I'm not just taking my VM and putting it on new infrastructure, I'm gonna take my VM, maybe put on new infrastructure, but I'm gonna switch my observer until like a lighter weight observer or something like that at the same time. So that would fall into like a re platform or in the case, you know, one of the things we're seeing pretty heavily right now is the move from cloud foundry to kubernetes for example, where people are looking to take their application and actually transform it and run it on kubernetes, which requires you to really kind of re platform as well. And re factoring >>is what specific I get the >>report re factoring is, I think just following on to what James said re factoring is really about um the complexity of the application, which was mainly a monolithic large application, many of these legacy applications which have so many times, actually hundreds of millions of dollars of assets for these uh these enterprises, it's about taking the code and re factoring it in terms of dividing it into uh huh different pieces of court which can themselves be spun as microservices. So then it becomes true, it takes starting advantage of agility or development in a cloud native environment as well. It's not just about either lift and shift of the VM or or lift tinker and shift from a, from a staff point of view. It's really about not taking applications and dividing them so that we can spin microservices and it has the identity of the development of a cloud. >>I totally got a great clarification, really want to get that out there because re platform ng is really a good thing to go to the cloud. Hey, I got reticent open source, I'll use that, I can do this over here and then if we use that vendor over there, use open source over there. Really good way to look at it. I like the factory, it's like a complete re architecture or re factoring if you will. So thank you for the clarification. Great, great topic. Uh, this is what practitioners think about. So I gotta ask the next question, what projects are involved in in the community that you guys are working? It seems like a really valuable service uh and group. Um can you give an overview and what's going on in the community specifically? >>Yeah, so there's really right now, there's kind of five projects that are in the community and they're all in different, I would say different stages of maturity as well. So, um there's uh when you look at re hosting, there's two kind of primary projects focused on that. One is called forklift, which is about migrating your virtual machines into cuba. So covert is a way that you can run virtual machines orchestrated by kubernetes. We're seeing kind of a growth in demand there where people want to have a common orchestration for both their VMS and containers running on bare metal. And so forklift helps you actually mass migrate VMS into that environment. Um The second one on the re hosting side is called Crane. So Crane is really a tool that helps you migrate applications between kubernetes clusters. So you imagine you have all your you know, you might have persistent data and one kubernetes cluster and you want to migrate a name space from one cluster to another. Um That's where Crane comes in and actually helps you migrate between those um on the re platforms that we have moved to cube, which actually came from the IBM research team. So they actually open source that uh you sure you want to speak about uh moved to >>cube. Yeah, so so moved to cuba is really as we discuss the re platform scenario already, it is about, you know, if you are in a docker environment or hungry environment uh and you know, kubernetes has become a de facto standard now you are containerized already, but you really are actually moving into the communities based environment as the name implies, It's about moved to cuba back to me and this is one of the things we were looking at and as we were looking, talking to a lot of, a lot of users, it became evident to us that they are adapting now the de facto standard. Uh and it's a tool that helps you enable your applications in that new environment and and move to the new stuff. >>Yeah. And then the the the only other to our tackle which is uh probably like the one of the newest projects which is focused on kind of assessment and analysis of applications for container reservation. So actually looking at and understanding what the suitability is of an application for being containerized and start to be like being re factored into containers. Um and that's that's uh, you know, we have kind of engineers across both uh Red hat IBM research as well as uh some folks externally that are starting to become interested in that project as well. Um and the last, the last project is called Polaris, which is a tool to help you measure your software delivery performance. So this might seem a little odd to have in the community. But when you think about re hosting re platform and re factoring, the idea is that you want to measure your software delivery performance on top of kubernetes and that's what this does. It kind of measures the door metrics. If you're familiar with devops realization metrics. Um so things like, you know, uh you know, your change failure rate and other things on top of their to see are you actually improving as you're making these changes? >>Great. Let me ask the question for the folks watching or anyone interested, how do they get involved? Who can contribute, explain how people get involved? Is our site, is there up location slack channel? What's out there? >>Yeah, yeah, all of the above. So we have a, we have, we have a slack channel, we're on slack dot kubernetes dot io on town conveyor, but if you go to www dot conveyor dot io conveyor with a K. Uh, not like the cube with a C. Uh, but like cube with a K. Uh, they can go to a conveyor to Ohio and um, there they can find everything they need. So, um, we have a, you know, a governance model that's getting put in place, contributor ladder, all the things you'd expect. We're kind of talking into the C N C F around the gap delivery groups to kind of understand if we can um, how we can align ourselves so that in the future of these projects take off, they can become kind of sandbox projects. Um and uh yeah, we would welcome any and all kind of contribution and collaboration >>for sure. I don't know if you have >>anything to add on that, I >>think you covered it at the point has already um, just to put a plug in for uh we have already been having meetups, so on the best practices you will find the community, um, not just on convert or die. Oh, but as you start joining the community and those of meet ups and the help you can get whether on the slack channel, very helpful on the day to day problems that you are encountering as you are taking your applications to a cloud native environment. >>So, and I can see this being a big interest enterprises as they have a mix and match environment and with container as you can bring and integrate old legacy. And that's the beautiful thing about hybrid cloud that I find fascinating right now is that with all the goodness of stade Coubertin and cloud native, if you've got a legacy environments, great fit now. So you don't have to kill the old to bring in the news. So this is gonna be everything a real popular project for, you know, the class, what I call the classic enterprise, So what you guys both have your companies participated in. So with that is that the goal is that the gulf of this community is to reach out to the classic enterprise or open source because certainly and users are coming in like, like, like you read about, I mean they're coming in fast into the community. >>What's the goal for the community really is to provide assistant and help and guidance to the users from a community point of view. It's not just from us whether it is red hat or are ideal research, but it's really enterprises start participating and we're already seeing that interest from the enterprises because there was a big gap in this area, a lot of vendor. Exactly when you start on this journey, there will be 100 people who will be telling you all you have to do is this Yeah, that's easy. All you have to do. I know there is a red flag goes up, >>it's easy just go cloud native all the way everything is a service. It's just so easy. Just you know, just now I was going to brian gracefully, you get right on that. I want to just quickly town tangent here, brian grazer whose product strategist at red hat, you're gonna like this because he's like, look at the cloud native pieces expanding because um, the enterprises now are, are in there and they're doing good work before you saw projects like envoy come from the hyper scales like lift and you know, the big companies who are building their own stuff, so you start to see that transition, it's no longer the debate on open source and kubernetes and cloud native. It's the discussion is integration legacy. So this is the big discussion this week. Do you guys agree with that? And what would, what would be your reaction? >>Yeah, no, I, I agree with you. Right. I mean, I think, you know, I think that the stat you always here is that the 1st 20 of kind of cloud happened and now there's all the rest of it. Right? And, and modernization is going to be the big piece right? You have to be able to modernize those applications and those workloads and you know, they're, I think they're gonna fall in three key buckets, right? Re host free platform re factor and dependent on your business justification and you know, your needs, you're going to choose one of those paths and we just want to be able to provide open tools and a community based approach to those folks too to help that certainly will have and just, you know, just like it always does, you know, upstream first and then we'll have enterprise versions of these migration tool kits based on these projects, but you know, we really do want to kind of build them, you know, and make sure we have the best solution to the problem, which we believe community is the way to do that. >>And I think just to add to what James said, typically we are talking about enterprises, these enterprises will have thousands of applications, so we're not talking about 10 40 number. We're talking thousands or 20% is not a small number is still 233 400. But man, the work is remaining and that's why they are getting excited about cloud negative now, okay, now we have seen the benefit but this little bit here, but now, let's get, you know serious about about that transformation and this is about helping them in a cloud native uh in an open source way, which is what red hat. XL Sad. Let's bring the community together. >>I'm actually doing a story on that. You brought that up with thousands of applications because I think it's, it's under underestimate, I think it's going to be 1000s and thousands more because businesses now, software driven everywhere and observe ability has pointed this out. And I was talking to the founder of uh Ravana project and it's like, how many thousands of dashboards you're gonna need? Roads are So so this is again, this is the problems and the opportunities are coming together, the abstraction will get you to move up the stack in terms of automation. So it's kind of fascinating when you start thinking about the impact as this goes the next level. And so I have to ask your roaches since you're an IBM fellow and chief scientist, which by the way, is a huge distinction. Congratulations. Being an IBM fellow is is a big deal. Uh IBM takes that very seriously. Only a few of them. You've seen many waves and cycles of innovation. How would you categorize this one now? Because maybe I'm getting old and and loving this right now. But this seems like everything kind of coming together in one flash 10.1 major inflection point. All the other waves combined seemed to be like in this one movement very fast. What's your what's your take on this wave that we're in? >>Yes, I would really say there is a lot of technology has been developed but that technology needs to have its value unleashed and that's exactly where the intersection of those applications and that technology occurs. Um I'm gonna put in yet another. You talked about everything becoming software. This was Anderson I think uh Jack Lee said the software is eating the world another you know, another wave that has started as a i eating software as well. And I do believe these two will go inside uh to uh like let me just give you a brief example re factoring how you take your application and smart ways of using ai to be able to recommend the right microservices for you is another one that we've been working towards and some of those capabilities will actually come in this community as well. So when we talk about innovations in this area, We are we are bringing together the best of IBM research as well. As we are hoping the community actually uh joints as well and enterprises are already starting to join to bring together the latest of the innovations bringing their applications and the best practices together to unleash that value of the technology in moving the rest of that 80%. And to be able to seamlessly bridge from my legacy environment to the cloud native environment. >>Yeah. And hybrid cloud is gonna be multi cloud really is the backbone and operating system of business and life society. So as these apps start to come on a P i is an integration, all of these things are coming together. So um yeah, this conveyor project and conveyor community looks like a really strong approach. Congratulations. Good >>job bob. >>Yeah, great stuff. Kubernetes, enabling companies is enabling all kinds of value here in the cube. We're bringing it to you with two experts. Uh, James Richard, thanks for coming on the Cuban sharing. Thank you. >>Thank you. >>Okay, cube con and cloud native coverage. I'm john furry with the cube. Thanks for watching. Yeah.

(upbeat music) >> From ''theCUBE studios,'' in Palo Alto, in Boston, connecting with thought leaders all around the world. This is ''theCUBE Conversation.'' >> Hi, I'm John Walls. And as we're all aware, technology continues to evolve these days at an incredible pace and it's changing the way industries are doing their business all over the world and that's certainly true in telecommunications, CSPs all around the globe are developing plans on how to leverage the power of 5G technology and their network operations are certainly central to that mission. That is the genesis of ''IBM's Cloud for Telecommunications Service.'' That's a unified open hybrid architecture, that was recently launched and was developed to provide telecoms with the solutions they need to meet their very unique network demands and needs. I want us to talk more about that. I'm joined by Steve Canepa, who is the Global GM and Managing Director of the communication sector at IBM. Steve, good to see you today. >> Yeah, you too, John. >> And Jeffrey Hammond. So, he's the Principal Analyst and Vice President at Forrester. Jeffrey, thank you for your time as well today. Good to see you. >> Thanks a lot. It's great to be here. >> Yeah, Steve, let's just jump right in. First off, I mean, to me, the overarching question is, why telecom, I know that IBM has been very focused on providing these kinds of industries specific services, you've done very well in finance, now you're shifting over to telecom. What was the driver there? >> First, great to be with you today, John, and, you know, if we look at the marketplace, especially in 2020, I think the one thing that's, everyone can agree with, is that the rate and pace of change is just really accelerating and is a very, very dynamic marketplace. And so, if we look at the way both our personal lives are now guided by connectivity, and the use of multiple devices throughout the day, the same with our professional lives. So, connectivity really sits at the heart of how value and solutions are delivered and for businesses, this is becoming a critical issue. So, as we work with the telecommunication providers around the world, we're helping them transform their business to make it much more agile, to make it open and make them deliver new services much more quickly and to engage digitally with their clients to bring that kind of experience that we all expect now, so, that the rate pace of change, and the need for the telecommunications industry to bring new value, is really driving a tremendous opportunity for us to work with them. >> Jeffrey what's happening in the telecom space? That, I mean, these aren't just small trends, right? These are tectonic shifts that are going on in terms of their new capabilities and their needs. I'm sure this digital transformation has been driven in some part by COVID, but there are other forces going on here, I would assume too. What do you see from your analyst seat? >> Yeah, I look at it, you know, from a glass half full and a glass half empty approach. From a half empty approach, the shifts to remote work and remote learning, and from traditional retail channels, brick and mortar channels to digital ones, have really put a strain on the existing networking infrastructure, especially, at the Edge, but they've also demonstrated just how critical it is to get that right. You know, as an example, I'm actually talking to you today over my hotspot on my iPhone. So, I think a lot more about the performance of my local cell tower now than I ever did a year ago. and I want it to be as good as it can possibly be and give me as many capabilities as it can. From a glass half full perspective, the opportunities that a modernized network infrastructure gives us are, I think, more readily apparent than ever, you know, most of my wife's doctor's appointments have shifted to remote appointments and every time she calls up to connect, I kind of cringe in the other room and it's like, are they going to get video working? Are they going to get audio working? Are they actually going to have to shift to an old-style phone call to make this happen? Well, things like 5G really are poised to solve those kinds of challenges. They promise, 5G promises, exponential improvements in connectivity speed, capacity, and reductions in latency that are going to allow us to look at some really interesting workloads, IOT workloads, automation workloads, and a lot of Edge use cases. I think 5G sets the stage or Edge compute. Expanding Edge compute scenarios, make it possible to distribute data and services where businesses can best optimize their outcomes, whether it's IOT enabled assets, whether it's connected environments, whether it's personalization, whether it's rich content, AI, or even extended reality workloads. So, you might seem like, that's what a little over the horizon, but it's actually not that far away. And as companies gain the ability to manage and analyze and localize their data, and unlocks real-time insights in a way that they just haven't had before, it can drive expanded engagement and automation in close proximity to the end point devices and customers. And none of that happens without the telco providers and the infrastructure that they own being on board and providing the capabilities for developers like me to take advantage of the infrastructure that they've put in place. So, my perspective on it is, that transformation, that digital transformation, is not going to happen on its own. Someone's got to provision the infrastructure, someone's got to write the code, someone's got to get the services as close to my cell tower or to the Edge as possible and so, that's one of the reasons that when we ask decision makers in the telco space about their priorities from a business perspective, what they tell us is, one of their top three priorities is, we need to improve our ability to innovate and the other two are, we need to grow our revenue and we need to improve our product and services. What's going on from a software perspective in the telco space, is set to make all three of those possible, from my perspective. >> You know, Steve, Jeffrey just unpacked an awful lot there, did a really nice job of that. So, let's talk about first off, that telco relationship IBM's had, or has. You work with data, the 10 largest communication service providers in the world, and I'm sure you're on this journey with them, right? They've been telling you about their challenges and you recognize their needs. This is, you have had maybe some specific examples of that dialogue, that has progressed as your relationship has matured and you provide a different service to them. What are they telling you? What did they tell you say, '' This is where we have got to get better. We've got to get a little sharper, a little leaner.'' And then how did IBM respond to that? >> Yeah, I mean, critical to what Jeffrey just shared is under the covers. You know, 5G is going to take five times the cost that 4G took to deploy. So, if you're a telco, you have to get much more efficient. You have to drive a much more effective TCO into cost of deploying and managing and running that network architecture. When the network becomes a software defined platform, it opens up the opportunity to use open source, open technology, and to drive a tremendous ecosystem of innovation that you can then capture that value onto that open software network. And as the Edge emerged as compute and storage and connectivity, both to the Edge as Jeffrey described, then the opportunity to deliver B2B use cases to take advantage of the latency improvements with 5G, take advantage of the bandwidth capabilities that you have moving video and AI out to the Edge, so, you can create insights as a service. These are the underlying transformations that the telcos are making right now to capture this value. And in fact, we have an institute for business value on our website. You can see some of the surveys and analysis we've done but 84% of the telco clients say, you know, '' Improving the automation and the intelligence of this network platform becomes critical.'' So, from our standpoint, we see a tremendous opportunity to create an open architecture to allow the telcos to regain control of their architecture so that they can pick the solutions and services that work best for them to create value for their customers and then allows them to deploy them incredibly quickly. In fact, just this last week, we announced a milestone with Bharti, a project that we're doing in India, already has over 300 million subscribers. We've taken their ability to deploy their run environment, one of the core domains of the network, where you actually do the access over the cell towers. We've improved that from weeks down to a few days. In fact, our objective is to get to a few minutes. Applying that kind of automation dramatically improves the kind of service they can deliver. When we talk about relationships we have with Vodafone, AT$T, Verizon, about working with them on their mobile Edge compute platforms, it will allow them to extend their network. In fact, with our cloud announcement that you highlighted at the top, we announced a capability called the IBM Cloud Satellite and what IBM Cloud Satellite does is, it's built with Red Hat, so, it's open architecture, it takes advantage of the millions and millions of upstream developers, that are developing every single day to build a foundational shift architecture that allows us to deploy these services so quickly and we can move that capability right now to the Edge. What that means for a telco, is they can deploy those services wherever they want to deploy them, on their private infrastructure or on a public cloud, on a customer's premise, that gives them the flexibility. The automation allows them to do it smartly and very quickly and then in partnering with clients, they can create new end Edge services, things like, you know, manufacturing 4.0 you may have heard of or as you mentioned, advanced healthcare services. Every single industry is going to take advantage of these changes and we're really excited about the opportunity to work in combination with the telcos and speed the pace of innovation in the market. >> Jeffrey, I'd like to go back to the Bharti there. I was going to get into it a little bit later but Steve brought it up. This major Indian CSP, as you mentioned, 300 million subs, 400 million around the world. What does that say to you in terms of its commitment and its, the needs that are being addressed and how it's going to fundamentally change the way it is doing business as far as setting the pace in the telecom industry? >> Well, I think, one of the things that highlights it is, you know, this isn't just a U.S phenomenon or a European phenomenon. Indeed, in some cases we're seeing countries outside the U.S in advance, moving faster, Switzerland, as an example. We expect 90% of the population in Germany to be covered by 5G By 2025, we expect 90% of the population in South Korea to be covered by 2026, 160 million connections in in China as well. So, in some ways, what's happening in the telco world is mirroring what has happened in the public cloud world, which is the world's gone flat. And that's great from a developer perspective because that means that I don't have to learn specialized technologies or specialized services, in order to look at these network infrastructure platforms as part of the addressable surface that I have. That's one of the things that I think has always held the larger developer population back and has kept them from taking advantage of the telco networks. Is, they've always been bit of a black box to the vast majority of developers, you know, IP goes in, IP comes out but that's about all the control I have, unless I want to go and dig deep into those, you know, industry specific specifications. I was cleaning out my office last week because I'm in the process of moving and I came across my '' IMS Explained Handbook from 2006,'' and I remember going deep into that because, you know, we were told that that's going to make it so that IT infrastructure and telco infrastructure is going to converge and it did to a little bit, but not in a way that all the developers out there could really take advantage of telco infrastructure. And then I remember the next thing was like, well, '' Java Amiens on the front end with mobile clients, that's going to make everything different and we're going to be able to build apps everywhere.'' What ended up being was we would write once and test everywhere, across all the different devices that we had to support. And you know, what really drove you equity? Was the iPhone and apps that we could use HTML like technology or that we could use Java to build and it exploded. And we got millions of applications on the front end of the network. What I see potentially happening now, is the same thing on the backend infrastructure side, because the reality is for any developer that is trying to build modern applications, that's trying to take advantage of cloud native technologies, things start with containers and specifically, OCI compliant containers. That is the basis for how we think about building services and handing them off to operators to run them for us. And with what's going on here, by building on top of OpenShift, you take that, you know, essentially de facto standard of containers as the way that we communicate on the infrastructure side globally, from a software development perspective and you make that the entry point for developers into the modern telco outcome system. And so, basically, it means that if I want to push all the way out to the Edge and I want to get as close as I possibly can, as long as I can give you a container to execute that capability, I'm well on the way to making that a reality, that's a game changer in my opinion. >> Yeah, I was on. >> Just to pick it, just if I could, just to pick up on that because I think Jeffrey made a really important point. So, it's kind of like, in a way, an auntie to the ball here is this open architecture because it empowers the entire ecosystem and it allows the telcos to take advantage of enormous innovation that's happening in the marketplace. And that's why, you know, the 35 ecosystem partners that we announced when we announced the IBM Cloud for telco, that's why they're so important because it allows you to have choice. But the other piece, which he hinted at, I wanted to just underscore, is today, in it kind of the first wave of cloud, only about 20% of the applications move to cloud. They were mostly funny digital applications. In fact, we moved our funny digital applications as well into Watson, we have over 1.5 billion customers of telcos today around the world that can access Watson, through our various chatbot and call center or an agent assist solutions we've deployed. But the 80% of applications that haven't moved yet, haven't moved because it's tough to move them, because they're mission critical, they need, you know, regulatory controls, they have to have world-class security, they need to be able to provide data sovereignty as you're operating in different countries around the world and you have to make sure that you have the data in places that you need, these are the attributes, that kind of open up the opportunity for all these other workloads to move. And those are the exact kind of capabilities that we've built into the IBM Cloud for telco, so that we can enable telcos to move their applications into this environment safely, securely, and do it, as Jeffrey described, on an open architecture that gives them that agility and flexibility. And we're seeing it happen real time, you know, I'll just give you another quick example, Vodafone India, their CTO has said publicly and moving to this cloud architecture, he sees it as a universal cloud architecture, so, they're going to run not just their internal it workloads, not just their network services, their voice data and multimedia network services workloads, but also their B2B enterprise workloads, as Jeffrey was starting to describe. Those workloads that are going to move out to the Edge. And by being able to run on a common platform, he's said publicly that they're seeing an 80% improvement in their CapEx, a 50% improvement in their OPEX, and then 90% improvement in the cost to get productions and services deployed. So, the ability to embrace this open architecture and to have the underlying capabilities and attributes in a cloud platform that responds to the specific needs of telco and enterprise workloads, we think is a really powerful combination. >> Steve, the ecosystem, Jeffrey, you brought it up as well. So, I'd like, just to give you a moment to talk about that a little bit, not a small point, by any means you have nearly 40 partners lined up in this respect, from a hardware vendor, software vendors, SAS providers. I mean, it's a pretty impressive lineup and what kind of a statement is that in your, from your perspective, that you're making to the marketplace when you bring that kind of breadth and depth, that kind of bench, basically the game? >> From our view, it's exciting, and we're only getting started. I mean, we literally have not made the announcement, just a matter of a couple of months ago, and every day that passes, we have additional partners that see the power in joining this open architecture approach that we've put in place. The reason that it delivers such values for all the players, you know, one of the hallmarks of a platform approach is that for every player that joins the platform, it brings value to all the players on the cloud. So as we build this ecosystem and we take the leverage of the open source community, and we build on the power of OpenShift and containers, as Jeffrey was saying, we're creating momentum in the marketplace and back to my very first point I made, when the market's moving really quickly, you've got to be agile. And to be agile in today's market, you have to infuse automation at scale, you have to infuse security at scale and you have to infuse intelligence at scale. And that's exactly what we can help the telcos do, and do it in partnership with these enterprise clients. Instinctively >> One of the values of that is that, you know, we're seeing the larger trend in the cloud native space of folks that used to build packaged software services, is essentially taking advantage of these architectural capabilities and containerizing their applications as part of their future strategy. I mean, just two weeks ago, Salesforce basically said, we're reinvisioning Salesforce as a set of containerized workloads that we deliver, SAP is going in very much the same direction. So as you think about these business workloads, where you get data coming from the infrastructure and you want to go all the way back to the back office and you want to make sure that data gets updated in your supply chain management system, being able to do that with a consistent architecture makes these integration challenges just an order of magnitude easier. I actually want to drill in on that data point for a minute because I think that that's also key to understanding what's going on here, because, you know, during the early days of the public cloud and even WebDuo before that, one of the things that drove WebDuo was the idea that data is the new Intel inside and in some ways that was around centralized data because we had 40 or 50 years to get all the data into the data centers and into the, and then put it in the public cloud. But that's not what is happening today. So much of the new data is actually originating at the Edge and increasingly it needs to stay at the Edge if for no other reason than to make sure that the folks that are trying to use it well aren't running up huge ingestion costs, trying to move it all back to the public cloud providers, analyze it and then push it back out and do that within the realm of the laws of physics. So, you know, one of the big things that's driving the Edge is, in the move toward the Edge, and the interest in 5G is that allows us to do more with data where the data originates. So, as an example, a manufacturer that I've been working with that basically came across exactly that problem, as they stood up more and more connected devices, they were seeing their data ingestion volume spiking and kind of running ahead of their budgets for data ingestion but they were like, well, we can't just leave this data and discard it at the Edge, because what happens if it turns out to be valuable for the maintenance, preventative maintenance use cases that we want to run, or for the machine wear characteristics that we want to run. So, we need to find a way to get our models out close to the data so we don't have to bring it all back to the core. In retailing, personalization is something that a lot of folks are looking at right now and even clientelling and that's, again, another situation where you want to get the data close to where the customer actually lives from a geographic basis and into the hands of the person that's in the store but you don't want to necessarily have to go and install a lot of complex hardware in the retail outlet because then somebody has to manage, you know, those servers and manage all those capabilities. So, you know, in the case of the retailer that I was working with, what they wanted was to get that capability as close as possible to the store, but no closer. And the idea of essentially a virtual back office that they could stand up whenever they opened up a new retail outlet, or even had a franchisee open up an outlet, was an extremely powerful concept and that's the kind of thing that you can do when you're saying,'' Well it's just a set of containers and if I have a, you know, essentially a control plane that I deploy it to, then I can do that on top of that telco provider that they sign up to be a strategic services provider.'' There are lots of other interesting scenarios, tourism, if you think about, you know, the tourist economies that we have around the world and the data that, you know, mobile devices throw off that let us get anonymized information about who's coming, where they're going, what they're spending, how long they're staying, there's a huge set of data there that you can use to grow revenue. You know, other types of use cases, transportation? We see, you know, municipal governments kind of looking at how they can use anonymized data around commute patterns to impact their planning. That's all data that's coming from the the telco infrastructure. >> You know, when we're talking about these massive advantages, right, as this hybrid cloud approach about skill ones, build one's, easy management, efficient management, all of these things, Steve, I think we almost, we'd be derelict to duty if we didn't talk about security a little bit. Just ultimately at the end of the day, you've got to provide this as you pointed out, world-class secure environment. And so, in terms of the hybrid approach, what kind of considerations do you have to make that are special to that and that are being deployed and have been considered >> You know, that's a great point. One of the benefits to Comms from moving to an open architecture, is that you componentize the framework of that architecture, and you have suppliers supplying applications for the various different services that we just talked through. And the ability then to integrate security is essentially a foundational element to the entire Premack architecture. We've stayed very compliant with the Nanci framework architecture and the way that we've worked with the telcos and bringing forth a solution, because we specifically want them to have the choice but how is that choice being married with the kind of security you just talked about. And to Jeffrey's point, you know, when you move those applications out to the Edge and that data, you know, many of the analysts are saying now by 2025, as much as 75% of the data created in the world will happen at the Edge. So, this is a massive shift. And when that shift occurs, you have to have the security to make sure that you're going to take care of that data in the way that it should be and that meets all regulatory, you know, governance already rules and regulations. So, that becomes really critical. The other piece though, is just the amount of value that gets created. The reason that data is at the Edge is because now you can act on it at the Edge, you can extract insights and in fact, most of the analysts will say,'' In the next three years, we'll see $675 billion of new value created at the Edge with these kinds of applications.'' And going back on the manufacturing example, I mean, we're already working today with manufacturers and they already had, you know, hundreds of IOT sensors deployed in the factory and we have an Edge application manager that extends right out to the far Edge, if you will, right out onto that factory floor to help get intelligence from those devices. But now think about adding to that the AI capabilities, the video capabilities, watching that manufacturing line to make sure every product that comes off that line is absolutely perfect, Watching the employees to make sure they're staying in safety zones, you know, watching the actual equipment itself to make sure it is performing the way it's supposed to, maybe using an analytics and AI capabilities to predict, you know, issues that might arise before they even happen, so you can take preventative action. This kind of intelligence, you know, makes the business run smarter, faster, more effective. So, that's where we see tremendous service. So, it's not just the fact that data will be created and it will be higher fidelity data to include the analytics, AI, you don't include unstructured data like video data and image data, audio data, but the ability to then extract insights and value out of it. And this is why we believe the ecosystem we talked about earlier, our partnership with the telco's and the ability to bring ecosystem partners and they can add value is just a tremendous momentum that we're going to build. >> Well, the market opportunity is certainly great. As you pointed out, a lot of additional value yet to be created, significant value and obviously, a lot of money to be spent as well by telcos, by some estimates, a hundred billion plus, just by the year 2022 and getting this new software defined platforms up and running. So, congratulations to IBM for this launch and we wish you continued success, Steve, in that endeavor and thank you for your time and Jeffrey, thank you as well for your insights from Forester. >> Always a pleasure. (upbeat music)

>>Yeah, yeah. >>Welcome back. I'm so excited to introduce our next session empowerment through inclusion, reimagining society and technology. This is a topic that's personally very near and dear to my heart. Did you know that there's only 2% of Latinas in technology as a Latina? I know that there's so much more we could do collectively to improve these gaps and diversity. I thought spot diversity is considered a critical element across all levels of the organization. The data shows countless times. A diverse and inclusive workforce ultimately drives innovation better performance and keeps your employees happier. That's why we're passionate about contributing to this conversation and also partnering with organizations that share our mission of improving diversity across our communities. Last beyond, we hosted the session during a breakfast and we packed the whole room. This year, we're bringing the conversation to the forefront to emphasize the importance of diversity and data and share the positive ramifications that it has for your organization. Joining us for this session are thought spots Chief Data Strategy Officer Cindy Housing and Ruhollah Benjamin, associate professor of African American Studies at Princeton University. Thank you, Paola. So many >>of you have journeyed with me for years now on our efforts to improve diversity and inclusion in the data and analytic space. And >>I would say >>over time we cautiously started commiserating, eventually sharing best practices to make ourselves and our companies better. And I do consider it a milestone. Last year, as Paola mentioned that half the room was filled with our male allies. But I remember one of our Panelists, Natalie Longhurst from Vodafone, suggesting that we move it from a side hallway conversation, early morning breakfast to the main stage. And I >>think it was >>Bill Zang from a I G in Japan. Who said Yes, please. Everyone else agreed, but more than a main stage topic, I want to ask you to think about inclusion beyond your role beyond your company toe. How Data and analytics can be used to impact inclusion and equity for the society as a whole. Are we using data to reveal patterns or to perpetuate problems leading Tobias at scale? You are the experts, the change agents, the leaders that can prevent this. I am thrilled to introduce you to the leading authority on this topic, Rou Ha Benjamin, associate professor of African studies at Princeton University and author of Multiple Books. The Latest Race After Technology. Rou ha Welcome. >>Thank you. Thank you so much for having me. I'm thrilled to be in conversation with you today, and I thought I would just kick things off with some opening reflections on this really important session theme. And then we could jump into discussion. So I'd like us to as a starting point, um, wrestle with these buzzwords, empowerment and inclusion so that we can have them be more than kind of big platitudes and really have them reflected in our workplace cultures and the things that we design in the technologies that we put out into the world. And so to do that, I think we have to move beyond techno determinism, and I'll explain what that means in just a minute. Techno determinism comes in two forms. The first, on your left is the idea that technology automation, um, all of these emerging trends are going to harm us, are going to necessarily harm humanity. They're going to take all the jobs they're going to remove human agency. This is what we might call the techno dystopian version of the story and this is what Hollywood loves to sell us in the form of movies like The Matrix or Terminator. The other version on your right is the techno utopian story that technologies automation. The robots as a shorthand, are going to save humanity. They're gonna make everything more efficient, more equitable. And in this case, on the surface, he seemed like opposing narratives right there, telling us different stories. At least they have different endpoints. But when you pull back the screen and look a little bit more closely, you see that they share an underlying logic that technology is in the driver's seat and that human beings that social society can just respond to what's happening. But we don't really have a say in what technologies air designed and so to move beyond techno determinism the notion that technology is in the driver's seat. We have to put the human agents and agencies back into the story, the protagonists, and think carefully about what the human desires worldviews, values, assumptions are that animate the production of technology. And so we have to put the humans behind the screen back into view. And so that's a very first step and when we do that, we see, as was already mentioned, that it's a very homogeneous group right now in terms of who gets the power and the resource is to produce the digital and physical infrastructure that everyone else has to live with. And so, as a first step, we need to think about how to create more participation of those who are working behind the scenes to design technology now to dig a little more a deeper into this, I want to offer a kind of low tech example before we get to the more hi tech ones. So what you see in front of you here is a simple park bench public bench. It's located in Berkeley, California, which is where I went to graduate school and on this particular visit I was living in Boston, and so I was back in California. It was February. It was freezing where I was coming from, and so I wanted to take a few minutes in between meetings to just lay out in the sun and soak in some vitamin D, and I quickly realized, actually, I couldn't lay down on this bench because of the way it had been designed with these arm rests at intermittent intervals. And so here I thought. Okay, the the armrest have, ah functional reason why they're there. I mean, you could literally rest your elbows there or, um, you know, it can create a little bit of privacy of someone sitting there that you don't know. When I was nine months pregnant, it could help me get up and down or for the elderly, the same thing. So it has a lot of functional reasons, but I also thought about the fact that it prevents people who are homeless from sleeping on the bench. And this is the Bay area that we were talking about where, in fact, the tech boom has gone hand in hand with a housing crisis. Those things have grown in tandem. So innovation has grown within equity because we haven't thought carefully about how to address the social context in which technology grows and blossoms. And so I thought, Okay, this crisis is growing in this area, and so perhaps this is a deliberate attempt to make sure that people don't sleep on the benches by the way that they're designed and where the where they're implemented and So this is what we might call structural inequity. By the way something is designed. It has certain effects that exclude or harm different people. And so it may not necessarily be the intense, but that's the effect. And I did a little digging, and I found, in fact, it's a global phenomenon, this thing that architects called hostile architecture. Er, I found single occupancy benches in Helsinki, so only one booty at a time no laying down there. I found caged benches in France. And in this particular town. What's interesting here is that the mayor put these benches out in this little shopping plaza, and within 24 hours the people in the town rallied together and had them removed. So we see here that just because we have, uh, discriminatory design in our public space doesn't mean we have to live with it. We can actually work together to ensure that our public space reflects our better values. But I think my favorite example of all is the meter bench. In this case, this bench is designed with spikes in them, and to get the spikes to retreat into the bench, you have to feed the meter you have to put some coins in, and I think it buys you about 15 or 20 minutes. Then the spikes come back up. And so you'll be happy to know that in this case, this was designed by a German artists to get people to think critically about issues of design, not just the design of physical space but the design of all kinds of things, public policies. And so we can think about how our public life in general is metered, that it serves those that can pay the price and others are excluded or harm, whether we're talking about education or health care. And the meter bench also presents something interesting. For those of us who care about technology, it creates a technical fix for a social problem. In fact, it started out his art. But some municipalities in different parts of the world have actually adopted this in their public spaces in their parks in order to deter so called lawyers from using that space. And so, by a technical fix, we mean something that creates a short term effect, right. It gets people who may want to sleep on it out of sight. They're unable to use it, but it doesn't address the underlying problems that create that need to sleep outside in the first place. And so, in addition to techno determinism, we have to think critically about technical fixes that don't address the underlying issues that technology is meant to solve. And so this is part of a broader issue of discriminatory design, and we can apply the bench metaphor to all kinds of things that we work with or that we create. And the question we really have to continuously ask ourselves is, What values are we building in to the physical and digital infrastructures around us? What are the spikes that we may unwittingly put into place? Or perhaps we didn't create the spikes. Perhaps we started a new job or a new position, and someone hands us something. This is the way things have always been done. So we inherit the spike bench. What is our responsibility when we noticed that it's creating these kinds of harms or exclusions or technical fixes that are bypassing the underlying problem? What is our responsibility? All of this came to a head in the context of financial technologies. I don't know how many of you remember these high profile cases of tech insiders and CEOs who applied for Apple, the Apple card and, in one case, a husband and wife applied and the husband, the husband received a much higher limit almost 20 times the limit as his wife, even though they shared bank accounts, they lived in Common Law State. And so the question. There was not only the fact that the husband was receiving a much better interest rate and the limit, but also that there was no mechanism for the individuals involved to dispute what was happening. They didn't even know what the factors were that they were being judged that was creating this form of discrimination. So in terms of financial technologies, it's not simply the outcome that's the issue. Or that could be discriminatory, but the process that black boxes, all of the decision making that makes it so that consumers and the general public have no way to question it. No way to understand how they're being judged adversely, and so it's the process not only the product that we have to care a lot about. And so the case of the apple cart is part of a much broader phenomenon of, um, racist and sexist robots. This is how the headlines framed it a few years ago, and I was so interested in this framing because there was a first wave of stories that seemed to be shocked at the prospect that technology is not neutral. Then there was a second wave of stories that seemed less surprised. Well, of course, technology inherits its creator's biases. And now I think we've entered a phase of attempts to override and address the default settings of so called racist and sexist robots, for better or worse. And here robots is just a kind of shorthand, that the way people are talking about automation and emerging technologies more broadly. And so as I was encountering these headlines, I was thinking about how these air, not problems simply brought on by machine learning or AI. They're not all brand new, and so I wanted to contribute to the conversation, a kind of larger context and a longer history for us to think carefully about the social dimensions of technology. And so I developed a concept called the New Jim Code, which plays on the phrase Jim Crow, which is the way that the regime of white supremacy and inequality in this country was defined in a previous era, and I wanted us to think about how that legacy continues to haunt the present, how we might be coding bias into emerging technologies and the danger being that we imagine those technologies to be objective. And so this gives us a language to be able to name this phenomenon so that we can address it and change it under this larger umbrella of the new Jim Code are four distinct ways that this phenomenon takes shape from the more obvious engineered inequity. Those were the kinds of inequalities tech mediated inequalities that we can generally see coming. They're kind of obvious. But then we go down the line and we see it becomes harder to detect. It's happening in our own backyards. It's happening around us, and we don't really have a view into the black box, and so it becomes more insidious. And so in the remaining couple minutes, I'm just just going to give you a taste of the last three of these, and then a move towards conclusion that we can start chatting. So when it comes to default discrimination. This is the way that social inequalities become embedded in emerging technologies because designers of these technologies aren't thinking carefully about history and sociology. Ah, great example of this came Thio headlines last fall when it was found that widely used healthcare algorithm affecting millions of patients, um, was discriminating against black patients. And so what's especially important to note here is that this algorithm healthcare algorithm does not explicitly take note of race. That is to say, it is race neutral by using cost to predict healthcare needs. This digital triaging system unwittingly reproduces health disparities because, on average, black people have incurred fewer costs for a variety of reasons, including structural inequality. So in my review of this study by Obermeyer and colleagues, I want to draw attention to how indifference to social reality can be even more harmful than malicious intent. It doesn't have to be the intent of the designers to create this effect, and so we have to look carefully at how indifference is operating and how race neutrality can be a deadly force. When we move on to the next iteration of the new Jim code coded exposure, there's attention because on the one hand, you see this image where the darker skin individual is not being detected by the facial recognition system, right on the camera or on the computer. And so coated exposure names this tension between wanting to be seen and included and recognized, whether it's in facial recognition or in recommendation systems or in tailored advertising. But the opposite of that, the tension is with when you're over included. When you're surveiled when you're to centered. And so we should note that it's not simply in being left out, that's the problem. But it's in being included in harmful ways. And so I want us to think carefully about the rhetoric of inclusion and understand that inclusion is not simply an end point. It's a process, and it is possible to include people in harmful processes. And so we want to ensure that the process is not harmful for it to really be effective. The last iteration of the new Jim Code. That means the the most insidious, let's say, is technologies that are touted as helping US address bias, so they're not simply including people, but they're actively working to address bias. And so in this case, There are a lot of different companies that are using AI to hire, create hiring software and hiring algorithms, including this one higher view. And the idea is that there there's a lot that AI can keep track of that human beings might miss. And so so the software can make data driven talent decisions. After all, the problem of employment discrimination is widespread and well documented. So the logic goes, Wouldn't this be even more reason to outsource decisions to AI? Well, let's think about this carefully. And this is the look of the idea of techno benevolence trying to do good without fully reckoning with what? How technology can reproduce inequalities. So some colleagues of mine at Princeton, um, tested a natural learning processing algorithm and was looking to see whether it exhibited the same, um, tendencies that psychologists have documented among humans. E. And what they found was that in fact, the algorithm associating black names with negative words and white names with pleasant sounding words. And so this particular audit builds on a classic study done around 2003, before all of the emerging technologies were on the scene where two University of Chicago economists sent out thousands of resumes to employers in Boston and Chicago, and all they did was change the names on those resumes. All of the other work history education were the same, and then they waited to see who would get called back. And the applicants, the fictional applicants with white sounding names received 50% more callbacks than the black applicants. So if you're presented with that study, you might be tempted to say, Well, let's let technology handle it since humans are so biased. But my colleagues here in computer science found that this natural language processing algorithm actually reproduced those same associations with black and white names. So, too, with gender coded words and names Amazon learned a couple years ago when its own hiring algorithm was found discriminating against women. Nevertheless, it should be clear by now why technical fixes that claim to bypass human biases are so desirable. If Onley there was a way to slay centuries of racist and sexist demons with a social justice box beyond desirable, more like magical, magical for employers, perhaps looking to streamline the grueling work of recruitment but a curse from any jobseekers, as this headline puts it, your next interview could be with a racist spot, bringing us back to that problem space we started with just a few minutes ago. So it's worth noting that job seekers are already developing ways to subvert the system by trading answers to employers test and creating fake applications as informal audits of their own. In terms of a more collective response, there's a federation of European Trade unions call you and I Global that's developed a charter of digital rights for work, others that touches on automated and a I based decisions to be included in bargaining agreements. And so this is one of many efforts to change their ecosystem to change the context in which technology is being deployed to ensure more protections and more rights for everyday people in the US There's the algorithmic accountability bill that's been presented, and it's one effort to create some more protections around this ubiquity of automated decisions, and I think we should all be calling from more public accountability when it comes to the widespread use of automated decisions. Another development that keeps me somewhat hopeful is that tech workers themselves are increasingly speaking out against the most egregious forms of corporate collusion with state sanctioned racism. And to get a taste of that, I encourage you to check out the hashtag Tech won't build it. Among other statements that they have made and walking out and petitioning their companies. Who one group said, as the people who build the technologies that Microsoft profits from, we refuse to be complicit in terms of education, which is my own ground zero. Um, it's a place where we can we can grow a more historically and socially literate approach to tech design. And this is just one, um, resource that you all can download, Um, by developed by some wonderful colleagues at the Data and Society Research Institute in New York and the goal of this interventionist threefold to develop an intellectual understanding of how structural racism operates and algorithms, social media platforms and technologies, not yet developed and emotional intelligence concerning how to resolve racially stressful situations within organizations, and a commitment to take action to reduce harms to communities of color. And so as a final way to think about why these things are so important, I want to offer a couple last provocations. The first is for us to think a new about what actually is deep learning when it comes to computation. I want to suggest that computational depth when it comes to a I systems without historical or social depth, is actually superficial learning. And so we need to have a much more interdisciplinary, integrated approach to knowledge production and to observing and understanding patterns that don't simply rely on one discipline in order to map reality. The last provocation is this. If, as I suggested at the start, inequity is woven into the very fabric of our society, it's built into the design of our. Our policies are physical infrastructures and now even our digital infrastructures. That means that each twist, coil and code is a chance for us toe. We've new patterns, practices and politics. The vastness of the problems that we're up against will be their undoing. Once we accept that we're pattern makers. So what does that look like? It looks like refusing color blindness as an anecdote to tech media discrimination rather than refusing to see difference. Let's take stock of how the training data and the models that we're creating have these built in decisions from the past that have often been discriminatory. It means actually thinking about the underside of inclusion, which can be targeting. And how do we create a more participatory rather than predatory form of inclusion? And ultimately, it also means owning our own power in these systems so that we can change the patterns of the past. If we're if we inherit a spiked bench, that doesn't mean that we need to continue using it. We can work together to design more just and equitable technologies. So with that, I look forward to our conversation. >>Thank you, Ruth. Ha. That was I expected it to be amazing, as I have been devouring your book in the last few weeks. So I knew that would be impactful. I know we will never think about park benches again. How it's art. And you laid down the gauntlet. Oh, my goodness. That tech won't build it. Well, I would say if the thoughts about team has any saying that we absolutely will build it and will continue toe educate ourselves. So you made a few points that it doesn't matter if it was intentional or not. So unintentional has as big an impact. Um, how do we address that does it just start with awareness building or how do we address that? >>Yeah, so it's important. I mean, it's important. I have good intentions. And so, by saying that intentions are not the end, all be all. It doesn't mean that we're throwing intentions out. But it is saying that there's so many things that happened in the world, happened unwittingly without someone sitting down to to make it good or bad. And so this goes on both ends. The analogy that I often use is if I'm parked outside and I see someone, you know breaking into my car, I don't run out there and say Now, do you feel Do you feel in your heart that you're a thief? Do you intend to be a thief? I don't go and grill their identity or their intention. Thio harm me, but I look at the effect of their actions, and so in terms of art, the teams that we work on, I think one of the things that we can do again is to have a range of perspectives around the table that can think ahead like chess, about how things might play out, but also once we've sort of created something and it's, you know, it's entered into, you know, the world. We need to have, ah, regular audits and check ins to see when it's going off track just because we intended to do good and set it out when it goes sideways, we need mechanisms, formal mechanisms that actually are built into the process that can get it back on track or even remove it entirely if we find And we see that with different products, right that get re called. And so we need that to be formalized rather than putting the burden on the people that are using these things toe have to raise the awareness or have to come to us like with the apple card, Right? To say this thing is not fair. Why don't we have that built into the process to begin with? >>Yeah, so a couple things. So my dad used to say the road to hell is paved with good intentions, so that's >>yes on. In fact, in the book, I say the road to hell is paved with technical fixes. So they're me and your dad are on the same page, >>and I I love your point about bringing different perspectives. And I often say this is why diversity is not just about business benefits. It's your best recipe for for identifying the early biases in the data sets in the way we build things. And yet it's such a thorny problem to address bringing new people in from tech. So in the absence of that, what do we do? Is it the outside review boards? Or do you think regulation is the best bet as you mentioned a >>few? Yeah, yeah, we need really need a combination of things. I mean, we need So on the one hand, we need something like a do no harm, um, ethos. So with that we see in medicine so that it becomes part of the fabric and the culture of organizations that that those values, the social values, have equal or more weight than the other kinds of economic imperatives. Right. So we have toe have a reckoning in house, but we can't leave it to people who are designing and have a vested interest in getting things to market to regulate themselves. We also need independent accountability. So we need a combination of this and going back just to your point about just thinking about like, the diversity on teams. One really cautionary example comes to mind from last fall, when Google's New Pixel four phone was about to come out and it had a kind of facial recognition component to it that you could open the phone and they had been following this research that shows that facial recognition systems don't work as well on darker skin individuals, right? And so they wanted Thio get a head start. They wanted to prevent that, right? So they had good intentions. They didn't want their phone toe block out darker skin, you know, users from from using it. And so what they did was they were trying to diversify their training data so that the system would work better and they hired contract workers, and they told these contract workers to engage black people, tell them to use the phone play with, you know, some kind of app, take a selfie so that their faces would populate that the training set, But they didn't. They did not tell the people what their faces were gonna be used for, so they withheld some information. They didn't tell them. It was being used for the spatial recognition system, and the contract workers went to the media and said Something's not right. Why are we being told? Withhold information? And in fact, they told them, going back to the park bench example. To give people who are homeless $5 gift cards to play with the phone and get their images in this. And so this all came to light and Google withdrew this research and this process because it was so in line with a long history of using marginalized, most vulnerable people and populations to make technologies better when those technologies are likely going toe, harm them in terms of surveillance and other things. And so I think I bring this up here to go back to our question of how the composition of teams might help address this. I think often about who is in that room making that decision about sending, creating this process of the contract workers and who the selfies and so on. Perhaps it was a racially homogeneous group where people didn't want really sensitive to how this could be experienced or seen, but maybe it was a diverse, racially diverse group and perhaps the history of harm when it comes to science and technology. Maybe they didn't have that disciplinary knowledge. And so it could also be a function of what people knew in the room, how they could do that chest in their head and think how this is gonna play out. It's not gonna play out very well. And the last thing is that maybe there was disciplinary diversity. Maybe there was racial ethnic diversity, but maybe the workplace culture made it to those people. Didn't feel like they could speak up right so you could have all the diversity in the world. But if you don't create a context in which people who have those insights feel like they can speak up and be respected and heard, then you're basically sitting on a reservoir of resource is and you're not tapping into it to ensure T to do right by your company. And so it's one of those cautionary tales I think that we can all learn from to try to create an environment where we can elicit those insights from our team and our and our coworkers, >>your point about the culture. This is really inclusion very different from just diversity and thought. Eso I like to end on a hopeful note. A prescriptive note. You have some of the most influential data and analytics leaders and experts attending virtually here. So if you imagine the way we use data and housing is a great example, mortgage lending has not been equitable for African Americans in particular. But if you imagine the right way to use data, what is the future hold when we've gotten better at this? More aware >>of this? Thank you for that question on DSO. You know, there's a few things that come to mind for me one. And I think mortgage environment is really the perfect sort of context in which to think through the the both. The problem where the solutions may lie. One of the most powerful ways I see data being used by different organizations and groups is to shine a light on the past and ongoing inequities. And so oftentimes, when people see the bias, let's say when it came to like the the hiring algorithm or the language out, they see the names associated with negative or positive words that tends toe have, ah, bigger impact because they think well, Wow, The technology is reflecting these biases. It really must be true. Never mind that people might have been raising the issues in other ways before. But I think one of the most powerful ways we can use data and technology is as a mirror onto existing forms of inequality That then can motivate us to try to address those things. The caution is that we cannot just address those once we come to grips with the problem, the solution is not simply going to be a technical solution. And so we have to understand both the promise of data and the limits of data. So when it comes to, let's say, a software program, let's say Ah, hiring algorithm that now is trained toe look for diversity as opposed to homogeneity and say I get hired through one of those algorithms in a new workplace. I can get through the door and be hired. But if nothing else about that workplace has changed and on a day to day basis I'm still experiencing microaggressions. I'm still experiencing all kinds of issues. Then that technology just gave me access to ah harmful environment, you see, and so this is the idea that we can't simply expect the technology to solve all of our problems. We have to do the hard work. And so I would encourage everyone listening to both except the promise of these tools, but really crucially, um, Thio, understand that the rial kinds of changes that we need to make are gonna be messy. They're not gonna be quick fixes. If you think about how long it took our society to create the kinds of inequities that that we now it lived with, we should expect to do our part, do the work and pass the baton. We're not going to magically like Fairy does create a wonderful algorithm that's gonna help us bypass these issues. It can expose them. But then it's up to us to actually do the hard work of changing our social relations are changing the culture of not just our workplaces but our schools. Our healthcare systems are neighborhoods so that they reflect our better values. >>Yeah. Ha. So beautifully said I think all of us are willing to do the hard work. And I like your point about using it is a mirror and thought spot. We like to say a fact driven world is a better world. It can give us that transparency. So on behalf of everyone, thank you so much for your passion for your hard work and for talking to us. >>Thank you, Cindy. Thank you so much for inviting me. Hey, I live back to you. >>Thank you, Cindy and rou ha. For this fascinating exploration of our society and technology, we're just about ready to move on to our final session of the day. So make sure to tune in for this customer case study session with executives from Sienna and Accenture on driving digital transformation with certain AI.

>>from around the globe. It's the Cube covering space and cybersecurity. Symposium 2020 hosted by Cal Poly >>Oven. Welcome back to the Space and Cyber Security Symposium. 2020 I'm John for your host with the Cuban silicon angle, along with Cal Poly, representing a great session here on industry success in developing space and cybersecurity. Resource is Got a great lineup. Brigadier General Steve Hotel, whose are also known as Bucky, is Call Sign director of Space Portfolio Defense Innovation Unit. Preston Miller, chief information security officer at JPL, NASA and Major General retired Clint Crozier, director of aerospace and satellite solutions at Amazon Web services, also known as a W s. Gentlemen, thank you for for joining me today. So the purpose of this session is to spend the next hour talking about the future of workforce talent. Um, skills needed and we're gonna dig into it. And Spaces is an exciting intersection of so many awesome disciplines. It's not just get a degree, go into a track ladder up and get promoted. Do those things. It's much different now. Love to get your perspectives, each of you will have an opening statement and we will start with the Brigadier General Steve Hotel. Right? >>Thank you very much. The Defense Innovation Unit was created in 2015 by then Secretary of Defense Ash Carter. To accomplish three things. One is to accelerate the adoption of commercial technology into the Department of Defense so that we can transform and keep our most relevant capabilities relevant. And also to build what we call now called the national Security Innovation Base, which is inclusive all the traditional defense companies, plus the commercial companies that may not necessarily work with focus exclusively on defense but could contribute to our national security and interesting ways. Um, this is such an exciting time Azul here from our other speakers about space on and I can't, uh I'm really excited to be here today to be able to share a little bit of our insight on the subject. >>Thank you very much. Precedent. Miller, Chief information security officer, Jet Propulsion Lab, NASA, Your opening statement. >>Hey, thank you for having me. I would like to start off by providing just a little bit of context of what brings us. Brings us together to talk about this exciting topic for space workforce. Had we've seen In recent years there's been there's been a trend towards expanding our space exploration and the space systems that offer the great things that we see in today's world like GPS. Um, but a lot of that has come with some Asian infrastructure and technology, and what we're seeing as we go towards our next generation expects of inspiration is that we now want to ensure that were secured on all levels. And there's an acknowledgement that our space systems are just a susceptible to cyber attacks as our terrestrial assistance. We've seen a recent space, uh, policy Directive five come out from our administration, that that details exactly how we should be looking at the cyber principle for our space systems, and we want to prevent. We want to prevent a few things as a result of that of these principles. Spoofing and jamming of our space systems are not authorized commands being sent to those space systems, lots of positive control of our space vehicles on lots of mission data. We also acknowledge that there's a couple of frameworks we wanna adopt across the board of our space systems levers and things like our nice miss cybersecurity frameworks. eso what has been a challenge in the past adopted somebody Cyber principles in space systems, where there simply has been a skill gap in a knowledge gap. We hire our space engineers to do a few things. Very well designed space systems, the ploy space systems and engineer space systems, often cybersecurity is seen as a after thought and certainly hasn't been a line item and in any budget for our spaces in racing. Uh, in the past in recent years, the dynamic started to change. We're now now integrating cyber principles at the onset of development of these life cycle of space. Systems were also taking a hard look of how we train the next generation of engineers to be both adequate. Space engineers, space system engineers and a cyber engineers, as a result to Mrs success on DWI, also are taking a hard look at What do we mean when we talk about holistic risk management for our space assistance, Traditionally risk management and missing insurance for space systems? I've really revolved around quality control, but now, in recent years we've started to adopt principles that takes cyber risk into account, So this is a really exciting topic for me. It's something that I'm fortunate to work with and live with every day. I'm really excited to get into this discussion with my other panel members. Thank you. >>You Preston. Great insight there. Looking forward. Thio chatting further. Um, Clint Closure with a W. S now heading up. A director of aerospace and satellite Solutions, formerly Major General, Your opening statement. >>Thanks, John. I really appreciate that introduction and really appreciate the opportunity to be here in the Space and Cybersecurity Symposium. And thanks to Cal Poly for putting it together, you know, I can't help, but as I think to Cal Poly there on the central California coast, San Luis Obispo, California I can't help but to think back in this park quickly. I spent two years of my life as a launch squadron commander at Vandenberg Air Force Base, about an hour south of Cal Poly launching rockets, putting satellites in orbit for the national intelligence community and so some really fond memories of the Central California coast. I couldn't agree more with the theme of our symposium this week. The space and cyber security we've all come to know over the last decade. How critical spaces to the world, whether it's for national security intelligence, whether it's whether communications, maritime, agriculture, development or a whole host of other things, economic and financial transactions. But I would make the case that I think most of your listeners would agree we won't have space without cybersecurity. In other words, if we can't guaranteed cybersecurity, all those benefits that we get from space may not be there. Preston in a moment ago that all the threats that have come across in the terrestrial world, whether it be hacking or malware or ransomware or are simple network attacks, we're seeing all those migrate to space to. And so it's a really important issue that we have to pay attention to. I also want to applaud Cow Pauling. They've got some really important initiatives. The conference here, in our particular panel, is about developing the next generation of space and cyber workers, and and Cal Poly has two important programs. One is the digital transformation hub, and the other is space data solutions, both of which, I'm happy to say, are in partnership with a W. S. But these were important programs where Cal Poly looks to try to develop the next generation of space and cyber leaders. And I would encourage you if you're interested in that toe. Look up the program because that could be very valuable is well, I'm relatively new to the AWS team and I'm really happy Thio team, as John you said recently retired from the U. S. Air Force and standing up the U. S. Space force. But the reason that I mentioned that as the director of the aerospace and satellite team is again it's in perfect harmony with the theme today. You know, we've recognized that space is critically important and that cyber security is critically important and that's been a W s vision as well. In fact, a W s understands how important the space domain is and coupled with the fact that AWS is well known that at a W s security is job zero and stolen a couple of those to fax A. W. S was looking to put together a team the aerospace and satellite team that focus solely and exclusively every single day on technical innovation in space and more security for the space domain through the cloud and our offerings there. So we're really excited to reimagine agree, envision what space networks and architectures could look like when they're born on the cloud. So that's important. You know, talk about workforce here in just a moment, but but I'll give you just a quick sneak. We at AWS have also recognized the gap in the projected workforce, as Preston mentioned, Um, depending on the projection that you look at, you know, most projections tell us that the demand for highly trained cyber cyber security cloud practitioners in the future outweighs what we think is going to be the supply. And so a ws has leaned into that in a number of ways that we're gonna talk about the next segment. I know. But with our workforce transformation, where we've tried to train free of charge not just a W s workers but more importantly, our customers workers. It s a W s we obsessed over the customer. And so we've provided free training toe over 7000 people this year alone toe bring their cloud security and cyber security skills up to where they will be able to fully leverage into the new workforce. So we're really happy about that too? I'm glad Preston raised SPD five space policy Directive five. I think it's gonna have a fundamental impact on the space and cyber industry. Uh, now full disclosure with that said, You know, I'm kind of a big fan of space policy directives, ESPN, Or was the space policy directive that directed to stand up of the U. S. Space Force and I spent the last 18 months of my life as the lead planner and architect for standing up the U. S. Space force. But with that said, I think when we look back a decade from now, we're going to see that s p d five will have as much of an impact in a positive way as I think SPD for on the stand up of the space Force have already done so. So I'll leave it there, but really look forward to the dialogue and discussion. >>Thank you, gentlemen. Clint, I just wanna say thank you for all your hard work and the team and the people who were involved in standing up Space force. Um, it is totally new. It's a game changer. It's modern, is needed. And there's benefits on potential challenges and opportunities that are gonna be there, so thank you very much for doing that. I personally am excited. I know a lot of people are excited for what the space force is today and what it could become. Thank you very much. >>Yeah, Thanks. >>Okay, So >>with >>that, let me give just jump in because, you know, as you're talking about space force and cybersecurity and you spend your time at Vanderburgh launching stuff into space, that's very technical. Is operation okay? I mean, it's complex in and of itself, but if you think about like, what's going on beyond in space is a lot of commercial aspect. So I'm thinking, you know, launching stuff into space on one side of my brain and the other side of brain, I'm thinking like air travel. You know, all the logistics and the rules of the road and air traffic control and all the communications and all the technology and policy and, you >>know, landing. >>So, Major General Clint, what's your take on this? Because this is not easy. It's not just one thing that speaks to the diversity of workforce needs. What's your reaction to that? >>Yeah. I mean, your observation is right on. We're seeing a real boom in the space and aerospace industry. For all the good reasons we talked about, we're recognizing all the value space from again economic prosperity to exploration to being ableto, you know, improve agriculture and in weather and all those sorts of things that we understand from space. So what I'm really excited about is we're seeing this this blossom of space companies that we sort of referred to his new space. You know, it used to be that really only large governments like the United States and a handful of others could operate in the space domain today and largely infused because of the technological innovation that have come with Cyber and Cyrus Space and even the cloud we're seeing more and more companies, capabilities, countries, all that have the ability, you know. Even a well funded university today can put a cube sat in orbit, and Cal Poly is working on some of those too, by the way, and so it's really expanded the number of people that benefits the activity in space and again, that's why it's so critically important because we become more and more reliant and we will become more and more reliant on those capabilities that we have to protect him. It's fundamental that we do. So, >>Bucky, I want you to weigh in on this because actually, you you've flown. Uh, I got a call sign which I love interviewing people. Anyone who's a call sign is cool in my book. So, Bucky, I want you to react to that because that's outside of the technology, you know, flying in space. There's >>no >>rule. I mean, is there like a rules? I mean, what's the rules of the road? I mean, state of the right. I mean, what I mean, what what's going? What's gonna have toe happen? Okay, just logistically. >>Well, this is very important because, uh and I've I've had access thio information space derived information for most of my flying career. But the amount of information that we need operate effectively in the 21st century is much greater than Thanet has been in the past. Let me describe the environment s so you can appreciate a little bit more what our challenges are. Where, from a space perspective, we're going to see a new exponential increase in the number of systems that could be satellites. Uh, users and applications, right? And so eso we're going we're growing rapidly into an environment where it's no longer practical to just simply evolved or operate on a perimeter security model. We and with this and as I was brought up previously, we're gonna try to bring in MAWR commercial capabilities. There is a tremendous benefit with increasing the diversity of sources of information. We use it right now. The military relies very heavily on commercial SAT com. We have our military capabilities, but the commercial capabilities give us capacity that we need and we can. We can vary that over time. The same will be true for remote sensing for other broadband communications capabilities on doing other interesting effects. Also, in the modern era, we doom or operations with our friends and allies, our regional partners all around the world, in order to really improve our interoperability and have rapid exchange of information, commercial information, sources and capabilities provides the best means of doing that. So that so that the imperative is very important and what all this describes if you want to put one word on it. ISS, we're involving into ah hybrid space architectures where it's gonna be imperative that we protect the integrity of information and the cyber security of the network for the things most important to us from a national security standpoint. But we have to have the rules that that allows us to freely exchange information rapidly and in a way that that we can guarantee that the right users are getting the right information at the right. >>We're gonna come back to that on the skill set and opportunities for people driving. That's just looking. There's so much opportunity. Preston, I want you to react to this. I interviewed General Keith Alexander last year. He formerly ran Cyber Command. Um, now he's building Cyber Security Technologies, and his whole thesis is you have to share. So the question is, how do you share and lock stuff down at the same time when you have ah, multi sided marketplace in space? You know, suppliers, users, systems. This is a huge security challenge. What's your reaction to this? Because we're intersecting all these things space and cybersecurity. It's just not easy. What's your reaction? >>Absolutely, Absolutely. And what I would say in response to that first would be that security really needs to be baked into the onset of how we develop and implement and deploy our space systems. Um, there's there's always going to be the need to collect and share data across multiple entities, particularly when we're changing scientific data with our mission partners. Eso with that necessitates that we have a security view from the onset, right? We have a system spaces, and they're designed to share information across the world. How do we make sure that those, uh, those other those communication channels so secure, free from interception free from disruption? So they're really done? That necessitates of our space leaders in our cyber leaders to be joining the hip about how to secure our space systems, and the communications there in Clinton brought up a really good point of. And then I'm gonna elaborate on a little bit, just toe invite a little bit more context and talk about some the complexities and challenges we face with this advent of new space and and all of our great commercial partners coming into therefore way, that's going to present a very significant supply chain risk management problems that we have to get our hands around as well. But we have these manufacturers developing these highly specialized components for the space instruments, Um, that as it stands right now, it's very little oversight And how those things air produced, manufactured, put into the space systems communication channels that they use ports protocols that they use to communicate. And that's gonna be a significant challenge for us to get get our hands around. So again, cybersecurity being brought in. And the very onset of these development thes thes decisions in these life cycles was certainly put us in a best better position to secure that data in our in our space missions. >>Yeah, E just pick up on that. You don't mind? Preston made such a really good point there. But you have to bake security in up front, and you know there's a challenge and there's an opportunity, you know, with a lot of our systems today. It was built in a pre cyber security environment, especially our government systems that were built, you know, in many cases 10 years ago, 15 years ago are still on orbit today, and we're thankful that they are. But as we look at this new environment and we understand the threats, if we bake cybersecurity in upfront weaken balance that open application versus the risk a long as we do it up front. And you know, that's one of the reasons that our company developed what we call govcloud, which is a secure cloud, that we use thio to manage data that our customers who want to do work with the federal government or other governments or the national security apparatus. They can operate in that space with the built in and baked in cybersecurity protocols. We have a secret region that both can handle secret and top secret information for the same reasons. But when you bake security into the upfront applications, that really allows you to balance that risk between making it available and accessible in sort of an open architecture way. But being sure that it's protected through things like ITAR certifications and fed ramp, uh, another ice T certifications that we have in place. So that's just a really important point. >>Let's stay high level for a man. You mentioned a little bit of those those govcloud, which made me think about you know, the tactical edge in the military analogy, but also with space similar theater. It's just another theater and you want to stand stuff up. Whether it's communications and have facilities, you gotta do it rapidly, and you gotta do it in a very agile, secure, I high availability secure way. So it's not the old waterfall planning. You gotta be fast is different. Cloud does things different? How do you talk to the young people out there, whether it's apparent with with kids in elementary and middle school to high school, college grad level or someone in the workforce? Because there are no previous jobs, that kind of map to the needs out there because you're talking about new skills, you could be an archaeologist and be the best cyber security guru on the planet. You don't have to have that. There's no degree for what, what we're talking about here. This >>is >>the big confusion around education. I mean, you gotta you like math and you could code you can Anything who wants to comment on that? Because I think this >>is the core issue. I'll say there are more and more programs growing around that educational need, and I could talk about a few things we're doing to, but I just wanna make an observation about what you just said about the need. And how do you get kids involved and interested? Interestingly, I think it's already happening, right. The good news. We're already developing that affinity. My four year old granddaughter can walk over, pick up my iPad, turn it on. Somehow she knows my account information, gets into my account, pulls up in application, starts playing a game. All before I really even realized she had my iPad. I mean, when when kids grow up on the cloud and in technology, it creates that natural proficiency. I think what we have to do is take that natural interest and give them the skill set the tools and capabilities that go with it so that we're managing, you know, the the interest with the technical skills. >>And also, like a fast I mean, just the the hackers are getting educated. Justus fast. Steve. I mean e mean Bucky. What do you do here? You CIt's the classic. Just keep chasing skills. I mean, there are new skills. What are some of those skills? >>Why would I amplify eloquent? Just said, First of all, the, uh, you know, cyber is one of those technology areas where commercial side not not the government is really kind of leading away and does a significant amount of research and development. Ah, billions of dollars are spent every year Thio to evolve new capabilities. And a lot of those companies are, you know, operated and and in some cases, led by folks in their early twenties. So the S O. This is definitely an era and a generation that is really poised in position. Well, uh, Thio take on this challenge. There's some unique aspects to space. Once we deploy a system, uh, it will be able to give me hard to service it, and we're developing capabilities now so that we could go up and and do system upgrades. But that's not a normal thing in space that just because the the technical means isn't there yet. So having software to find capabilities, I's gonna be really paramount being able to dio unique things. The cloud is huge. The cloud is centric to this or architectural, and it's kind of funny because d o d we joke because we just discovered the cloud, you know, a couple years ago. But the club has been around for a while and, uh, and it's going to give us scalability on and the growth potential for doing amazing things with a big Data Analytics. But as Preston said, it's all for not if if we can't trust the data that we receive. And so one of the concepts for future architectures is to evolve into a zero trust model where we trust nothing. We verify and authenticate everyone. And, uh, and that's that's probably a good, uh, point of departure as we look forward into our cybersecurity for space systems into the future. >>Block everyone. Preston. Your reaction to all this gaps, skills, What's needed. I mean it Z everyone's trying to squint through this >>absolutely. And I wanna want to shift gears a little bit and talk about the space agencies and organizations that are responsible for deploying these spaces into submission. So what is gonna take in this new era on, and what do we need from the workforce to be responsive to the challenges that we're seeing? First thing that comes to mind is creating a culture of security throughout aerospace right and ensuring that Azzawi mentioned before security isn't an afterthought. It's sort of baked into our models that we deploy and our rhetoric as well, right? And because again we hire our spaces in years to do it very highly. Specialized thing for a highly specialized, uh, it's topic. Our effort, if we start to incorporate rhetorically the importance of cybersecurity two missing success and missing assurance that's going to lend itself toe having more, more prepared on more capable system engineers that will be able to respond to the threats accordingly. Traditionally, what we see in organizational models it's that there's a cyber security team that's responsible for the for the whole kit kaboodle across the entire infrastructure, from enterprise systems to specialize, specialize, space systems and then a small pocket of spaces, years that that that are really there to perform their tasks on space systems. We really need to bridge that gap. We need to think about cybersecurity holistically, the skills that are necessary for your enterprise. I t security teams need to be the same skills that we need to look for for our system engineers on the flight side. So organizationally we need we need to address that issue and approach it, um todo responsive to the challenges we see our our space systems, >>new space, new culture, new skills. One of the things I want to bring up is looking for success formulas. You know, one of the things we've been seeing in the past 10 years of doing the Cube, which is, you know, we've been called the ESPN of Tech is that there's been kind of like a game ification. I want to. I don't wanna say sports because sports is different, but you're seeing robotics clubs pop up in some schools. It's like a varsity sport you're seeing, you know, twitch and you've got gamers out there, so you're seeing fun built into it. I think Cal Poly's got some challenges going on there, and then scholarships air behind it. So it's almost as if, you know, rather than going to a private sports training to get that scholarship, that never happens. There's so many more scholarship opportunities for are not scholarship, but just job opportunities and even scholarships we've covered as part of this conference. Uh, it's a whole new world of culture. It's much different than when I grew up, which was you know, you got math, science and English. You did >>it >>and you went into your track. Anyone want to comment on this new culture? Because I do believe that there is some new patterns emerging and some best practices anyone share any? >>Yeah, I do, because as you talked about robotics clubs and that sort of things, but those were great and I'm glad those air happening. And that's generating the interest, right? The whole gaming culture generating interest Robotic generates a lot of interest. Space right has captured the American in the world attention as well, with some recent NASA activities and all for the right reasons. But it's again, it's about taking that interested in providing the right skills along the way. So I'll tell you a couple of things. We're doing it a w s that we found success with. The first one is a program called A W s Academy. And this is where we have developed a cloud, uh, program a cloud certification. This is ah, cloud curriculum, if you will, and it's free and it's ready to teach. Our experts have developed this and we're ready to report it to a two year and four year colleges that they can use is part of the curriculum free of charge. And so we're seeing some real value there. And in fact, the governor's in Utah and Arizona recently adopted this program for their two year schools statewide again, where it's already to teach curriculum built by some of the best experts in the industry s so that we can try to get that skills to the people that are interested. We have another program called A W s educate, and this is for students to. But the idea behind this is we have 12 cracks and you can get up to 50 hours of free training that lead to A W s certification, that sort of thing. And then what's really interesting about that is all of our partners around the world that have tied into this program we manage what we call it ws educate Job board. And so if you have completed this educate program now, you can go to that job board and be linked directly with companies that want people with those skills we just helped you get. And it's a perfect match in a perfect marriage there. That one other piece real quickly that we're proud of is the aws Uh restart program. And that's where people who are unemployed, underemployed or transitioning can can go online. Self paced. We have over 500 courses they can take to try to develop those initial skills and get into the industry. And that's been very popular, too, So that those air a couple of things we're really trying to lean into >>anyone else want to react. Thio that question patterns success, best practices, new culture. >>I'd like Thio. The the wonderful thing about what you just touched on is problem solving, right, And there's some very, very good methodologies that are being taught in the universities and through programs like Hacking for Defense, which is sponsored by the National Security Innovation Network, a component of the I you where I work but the But whether you're using a lien methodologies or design school principals or any other method, the thing that's wonderful right now and not just, uh, where I work at the U. The Space force is doing this is well, but we're putting the problem out there for innovators to tackle, And so, rather than be prescriptive of the solutions that we want to procure, we want we want the best minds at all levels to be able to work on the problem. Uh, look at how they can leverage other commercial solutions infrastructure partnerships, uh, Thio to come up with a solution that we can that we can rapidly employ and scale. And if it's a dual use solution or whether it's, uh, civil military or or commercial, uh, in any of the other government solutions. Uh, that's really the best win for for the nation, because that commercial capability again allows us to scale globally and share those best practices with all of our friends and allies. People who share our values >>win win to this commercial. There's a business model potential financial benefits as well. Societal impact Preston. I want to come to you, JPL, NASA. I mean, you work in one of the most awesome places and you know, to me, you know, if you said to me, Hey, John, come working JP like I'm not smart enough to go there like I mean, like, it's a pretty It's intimidating, it might seem >>share folks out there, >>they can get there. I mean, it's you can get there if you have the right skills. I mean I'm just making that up. But, I mean, it is known to be super smart And is it attainable? So share your thoughts on this new culture because you could get the skills to get there. What's your take on all this >>s a bucket. Just missing something that really resonated with me, right? It's do it your love office. So if you put on the front engineer, the first thing you're gonna try to do is pick it apart. Be innovative, be creative and ways to solve that issue. And it has been really encouraging to me to see the ground welcome support an engagement that we've seen across our system. Engineers in space. I love space partners. A tackling the problem of cyber. Now that they know the West at risk on some of these cyber security threats that that they're facing with our space systems, they definitely want to be involved. They want to take the lead. They want to figure things out. They wanna be innovative and creative in that problem solving eso jpl We're doing a few things. Thio Raise the awareness Onda create a culture of security. Andi also create cyber advocates, cybersecurity advocates across our space engineers. We host events like hacked the lad, for example, and forgive me. Take a pause to think about the worst case scenarios that could that could result from that. But it certainly invites a culture of creative problem solving. Um, this is something that that kids really enjoy that are system engineers really enjoyed being a part off. Um, it's something that's new refreshing to them. Eso we were doing things like hosting a monthly cybersecurity advocacy group. When we talk about some of the cyber landscape of our space systems and invite our engineers into the conversation, we do outweighs programs specifically designed to to capture, um, our young folks, uh, young engineers to deceive. They would be interested and show them what this type of security has to offer by ways of data Analytic, since the engineering and those have been really, really successful identifying and bringing in new talent to address the skill gaps. >>Steve, I want to ask you about the d. O. D. You mentioned some of the commercial things. How are you guys engaging the commercial to solve the space issue? Because, um, the normalization in the economy with GPS just seeing spaces impacts everybody's lives. We we know that, um, it's been talked about. And and there's many, many examples. How are you guys the D o. D. From a security standpoint and or just from an advancement innovation standpoint, engaging with commercials, commercial entities and commercial folks? >>Well, I'll throw. I'll throw a, uh, I'll throw ah, compliment to Clint because he did such an outstanding job. The space forces already oriented, uh, towards ah, commercial where it's appropriate and extending the arms. Leveraging the half works on the Space Enterprise Consortium and other tools that allow for the entrepreneurs in the space force Thio work with their counterparts in a commercial community. And you see this with the, uh, you know, leveraging space X away to, uh, small companies who are doing extraordinary things to help build space situational awareness and, uh, s So it's it's the people who make this all happen. And what we do at at the D. O. D level, uh, work at the Office of Secretary defense level is we wanna make sure that they have the right tools to be able to do that in a way that allows these commercial companies to work with in this case of a space force or with cyber command and ways that doesn't redefine that. The nature of the company we want we want We want commercial companies to have, ah, great experience working with d o d. And we want d o d toe have the similar experience working, working with a commercial community, and and we actually work interagency projects to So you're going to see, uh, General Raymond, uh, hey, just recently signed an agreement with the NASA Esa, you're gonna see interagency collaborations on space that will include commercial capabilities as well. So when we speak as one government were not. You know, we're one voice, and that's gonna be tremendous, because if you're a commercial company on you can you can develop a capability that solves problems across the entire space enterprise on the government side. How great is that, Right. That's a scaling. Your solution, gentlemen. Let >>me pick you back on that, if you don't mind. I'm really excited about that. I mentioned new space, and Bucky talked about that too. You know, I've been flying satellites for 30 years, and there was a time where you know the U. S. Government national security. We wouldn't let anybody else look at him. Touch him. Plug into, um, anything else, right. And that probably worked at the time. >>But >>the world has changed. And more >>importantly, >>um, there is commercial technology and capability available today, and there's no way the U. S government or national security that national Intel community can afford economically >>to >>fund all that investment solely anymore. We don't have the manpower to do it anymore. So we have this perfect marriage of a burgeoning industry that has capabilities and it has re sources. And it has trained manpower. And we are seeing whether it's US Space Force, whether it's the intelligence community, whether it's NASA, we're seeing that opened up to commercial providers more than I've ever seen in my career. And I can tell you the customers I work with every day in a W s. We're building an entire ecosystem now that they understand how they can plug in and participate in that, and we're just seeing growth. But more importantly, we're seeing advanced capability at cheaper cost because of that hybrid model. So that really is exciting. >>Preston. You know you mentioned earlier supply chain. I don't think I think you didn't use the word supply chain. Maybe you did. But you know about the components. Um, you start opening things up and and your what you said baking it in to the beginning, which is well known. Uh, premise. It's complicated. So take me through again, Like how this all gonna work securely because And what's needed for skill sets because, you know, you're gonna open. You got open source software, which again, that's open. We live in a free society in the United States of America, so we can't lock everything down. You got components that are gonna be built anywhere all around the world from vendors that aren't just a certified >>or maybe >>certified. Um, it's pretty crazy. So just weigh in on this key point because I think Clint has it right. And but that's gonna be solved. What's your view on this? >>Absolutely. And I think it really, really start a top, right? And if you look back, you know, across, um in this country, particularly, you take the financial industry, for example, when when that was a burgeoning industry, what had to happen to ensure that across the board. Um, you know, your your finances were protected these way. Implemented regulations from the top, right? Yeah. And same thing with our health care industry. We implemented regulations, and I believe that's the same approach we're gonna need to take with our space systems in our space >>industry >>without being too directive or prescriptive. Instance she ating a core set of principles across the board for our manufacturers of space instruments for deployment and development of space systems on for how space data and scientific data is passed back and forth. Eso really? We're gonna need to take this. Ah, holistic approach. Thio, how we address this issue with cyber security is not gonna be easy. It's gonna be very challenging, but we need to set the guard rails for exactly what goes into our space systems, how they operate and how they communicate. >>Alright, so let's tie this back to the theme, um, Steve and Clint, because this is all about workforce gaps, opportunities. Um, Steve, you mentioned software defined. You can't do break fix in space. You can't just send a technician up in the space to fix a component. You gotta be software defined. We're talking about holistic approach, about commercial talk about business model technology with software and policy. We need people to think through, like you know. What the hell are you gonna do here, right? Do you just noticed road at the side of the road to drive on? There's no rules of engagement. So what I'm seeing is certainly software Check. If you wanna have a job for the next millennial software policy who solves two problems, what does freedom looked like in space Congestion Contention and then, obviously, business model. Can you guys comment on these three areas? Do you agree? And what specific person might be studying in grad school or undergraduate or in high school saying, Hey, I'm not a techie, but they can contribute your thoughts. I'll >>start off with, uh, speak on on behalf of the government today. I would just say that as policy goes, we need to definitely make sure that we're looking towards the future. Ah, lot of our policy was established in the past under different conditions, and, uh, and if there's anything that you cannot say today is that space is the same as it was even 10 years ago. So the so It's really important that our policy evolves and recognizes that that technology is going to enable not just a new ways of doing things, but also force us to maybe change or or get rid of obsolete policies that will inhibit our ability to innovate and grow and maintain peace with with a rapid, evolving threat. The for the for the audience today, Uh, you know, you want some job assurance, cybersecurity and space it's gonna be It's gonna be an unbelievable, uh, next, uh, few decades and I couldn't think of a more exciting for people to get into because, you know, spaces Ah, harsh environment. We're gonna have a hard time just dud being able differentiate, you know, anomalies that occur just because of the environment versus something that's being hacked. And so JPL has been doing this for years on they have Cem Cem great approaches, but but this is this is gonna be important if you put humans on the moon and you're going to sustain them there. Those life support systems are gonna be using, you know, state of the art computer technology, and which means, is also vulnerable. And so eso the consequences of us not being prepared? Uh, not just from our national security standpoint, but from our space exploration and our commercial, uh, economic growth in space over the long term all gonna be hinged on this cyber security environment. >>Clint, your thoughts on this too ill to get. >>Yeah. So I certainly agree with Bucky. But you said something a moment ago that Bucky was talking about as well. But that's the idea that you know in space, you can't just reach out and touch the satellite and do maintenance on the satellite the way you can't a car or a tank or a plane or a ship or something like that. And that is true. However, right, comma, I want to point out. You know, the satellite servicing industry is starting to develop where they're looking at robotic techniques in Cape abilities to go up in services satellite on orbit. And that's very promising off course. You got to think through the security policy that goes with that, of course. But the other thing that's really exciting is with artificial intelligence and machine learning and edge computing and database analytics and all those things that right on the cloud. You may not even need to send a robotic vehicle to a satellite, right? If you can upload and download software defined, fill in the blank right, maybe even fundamentally changing the mission package or the persona, if you will, of the satellite or the spacecraft. And that's really exciting to, ah, lot >>of >>security policy that you've gotta work through. But again, the cloud just opens up so many opportunities to continue to push the boundaries. You know, on the AWS team, the aerospace and satellite team, which is, you know, the new team that I'm leading. Now our motto is to the stars through the cloud. And there are just so many exciting opportunities right for for all those capabilities that I just mentioned to the stars through the cloud >>President, your thoughts on this? >>Yes, eso won >>a >>little bit of time talking about some of the business model implications and some of the challenges that exists there. Um, in my experience, we're still working through a bit of a language barrier of how we define risk management for our space systems. Traditionally traditionally risk management models is it is very clear what poses a risk to a flight mission. Our space mission, our space system. Um, and we're still finding ways to communicate cyber risk in the same terms that are system engineers are space engineers have traditionally understood. Um, this is a bit of a qualitative versus quantitative, a language barrier. But however adopting a risk management model that includes cybersecurity, a za way to express wish risk to miss the success, I think I think it would be a very good thing is something that that we have been focused on the J. P o as we Aziz, we look at the 34 years beyond. How do >>we >>risk that gap and not only skills but communication of cyber risk and the way that our space engineers and our project engineers and a space system managers understand >>Clinton, like Thio talk about space Force because this is the most popular new thing. It's only a couple of nine months in roughly not even a year, uh, already changing involving based on some of the reporting we've done even here at this symposium and on the Internet. Um, you know, when I was growing up, you know, I wasn't there when JFK said, you know, we're gonna get to the moon. I was born in the sixties, so, you know, when I was graduating my degree, you know, Draper Labs, Lincoln Lab, JPL, their pipeline and people wasn't like a surge of job openings. Um, so this kind of this new space new space race, you know, Kennedy also said that Torch has been passed to a new generation of Americans. So in a way that's happening right now with space force. A new generation is here is a digital generation. It's multi disciplinary generation. Could you take a minute and share, uh, for for our audience? And here at this symposium, um, the mission of Space Force and where you see it going because this truly is different. And I think anyone who's young e I mean, you know, if this was happening when I was in college would be like dropping everything. I'm in there, I think, cause there's so many areas thio jump into, um, it's >>intellectually challenging. >>It's intoxicating in some level. So can you share your thoughts? >>Yeah. Happy to do that. Of course. I I need to remind everybody that as a week ago I'm formally retired. So I'm not an official spokesman for US forces. But with that, you know, it said I did spend the last 18 months planning for it, designing and standing it up. And I'll tell you what's really exciting is you know, the commander of, uh, US Base Force General J. Raymond, who's the right leader at the right time. No question in my >>mind. But >>he said, I want to stand up the Space Force as the first fully digital service in the United States. Right? So he is trying >>to bake >>cloud baked cybersecurity, baked digital transformational processes and everything we did. And that was a guidance he gave us every day, every day. When we rolled in. He said, Remember, guys, I don't wanna be the same. I don't wanna be stale. I want new thinking, new capabilities and I want it all to be digital on. That's one of the reasons When we brought the first wave of people into the space force, we brought in space operations, right. People like me that flew satellites and launch rockets, we brought in cyber space experts, and we brought in intelligence experts. Those were the first three waves of people because of that, you know, perfect synergy between space and cyber and intel all wrapped in >>it. >>And so that was really, really smart. The other thing I'll say just about, you know, Kennedy's work. We're going to get to the moon. So here we are. Now we're going back to the Moon Project Artemus that NASA is working next man first woman on the moon by 2024 is the plan and >>then >>with designs to put a permanent presence on the moon and then lean off to march. So there was a lot to get excited about. I will tell you, as we were taking applications and looking at rounding out filling out the village in the U. S. Space Force, we were overwhelmed with the number of people that wanted, and that was a really, really good things. So they're off to a good start, and they're just gonna accomplishment major things. I know for sure. >>Preston, your thoughts on this new generation people out there were like I could get into this. This is a path. What's your what's your opinion on this? And what's your >>E could, uh, you so bold as to say >>that >>I feel like I'm a part of that new generation eso I grew up very much into space. Uh, looking at, um, listen to my, uh, folks I looked up to like Carl Sagan. Like like Neil Tyson. DeGrasse on did really feeling affinity for what What this country has done is for is a space program are focused on space exploration on bond. Through that, I got into our security, as it means from the military. And I just because I feel so fortunate that I could merge both of those worlds because of because of the generational, um, tailoring that we do thio promote space exploration and also the advent of cybersecurity expertise that is needed in this country. I feel like that. We are We are seeing a conversions of this too. I see a lot of young people really getting into space exploration. I see a lot of young people as well. Um uh, gravitating toward cybersecurity as a as a course of study. And to see those two worlds colliding and converse is something that's very near and dear to me. And again, I I feel like I'm a byproduct of that conversion, which is which, Really, Bothwell for space security in the future, >>we'll your great leader and inspiration. Certainly. Senior person as well. Congratulations, Steve. You know, young people motivational. I mean, get going. Get off the sidelines. Jump in Water is fine, Right? Come on in. What's your view on motivating the young workforce out there and anyone thinking about applying their skills on bringing something to the table? >>Well, look at the options today. You have civil space President represents you have military space. Uh, you have commercial space on and even, you know, in academia, the research, the potential as a as an aspiring cyber professional. All of you should be thinking about when we when we When? When we first invented the orbit, which eventually became the Internet, Uh, on Lee, we were, uh if all we had the insight to think Well, geez, you know whether the security implications 2030 years from now of this thing scaling on growing and I think was really good about today's era. Especially as Clint said, because we were building this space infrastructure with a cyber professionals at ground zero on dso the So the opportunity there is to look out into the future and say we're not just trying to secure independent her systems today and assure the free for all of of information for commerce. You know, the GPS signal, Uh, is Justus much in need of protection as anything else tied to our economy, But the would have fantastic mission. And you could do that. Uh, here on the ground. You could do it, uh, at a great companies like Amazon Web services. But you can also one of these states. Perhaps we go and be part of that contingency that goes and does the, uh, the se's oh job that that president has on the moon or on Mars and, uh, space will space will get boring within a generation or two because they'll just be seen as one continuum of everything we have here on Earth. And, uh, and that would be after our time. But in the meantime, is a very exciting place to be. And I know if I was in in my twenties, I wanna be, uh, jumping in with both feet into it. >>Yeah, great stuff. I mean, I think space is gonna be around for a long long time. It's super exciting and cybersecurity making it secure. And there's so many areas defeating on. Gentlemen, thank you very much for your awesome insight. Great panel. Um, great inspiration. Every one of you guys. Thank you very much for for sharing for the space and cybersecurity symposium. Appreciate it. Thank you very much. >>Thanks, John. Thank you. Thank you. Okay, >>I'm >>John for your host for the Space and Cybersecurity Symposium. Thanks for watching.

>>Hi, everyone. My name is my uncle. My uncle Poor I worked with Geo reminds you in India. We call ourselves Geo Platforms. Now on. We've been recently in the news. You've raised a lot off funding from one of the largest, most of the largest tech companies in the world. And I'm here to talk about Geos Cloud Journey, Onda Mantis Partnership. I've titled it the story often, Underdog becoming the largest telecom company in India within four years, which is really special. And we're, of course, held by the cloud. So quick disclaimer. Right. The content shared here is only for informational purposes. Um, it's only for this event. And if you want to share it outside, especially on social media platforms, we need permission from Geo Platforms limited. Okay, quick intro about myself. I am a VP of engineering a geo. I lead the Cloud Services and Platforms team with NGO Andi. I mean the geo since the beginning, since it started, and I've seen our cloud footprint grow from a handful of their models to now eight large application data centers across three regions in India. And we'll talk about how we went here. All right, Let's give you an introduction on Geo, right? Giorgio is on how we became the largest telecom campaign, India within four years from 0 to 400 million subscribers. And I think there are There are a lot of events that defined Geo and that will give you an understanding off. How do you things and what you did to overcome massive problems in India. So the slide that I want to talkto is this one and, uh, I The headline I've given is, It's the Geo is the fastest growing tech company in the world, which is not a new understatement. It's eggs, actually, quite literally true, because very few companies in the world have grown from zero to 400 million subscribers within four years paying subscribers. And I consider Geo Geos growth in three phases, which I have shown on top. The first phase we'll talk about is how geo grew in the smartphone market in India, right? And what we did to, um to really disrupt the telecom space in India in that market. Then we'll talk about the feature phone phase in India and how Geo grew there in the future for market in India. and then we'll talk about what we're doing now, which we call the Geo Platforms phase. Right. So Geo is a default four g lt. Network. Right. So there's no to geo three g networks that Joe has, Um it's a state of the art four g lt voiceover lt Network and because it was designed fresh right without any two D and three G um, legacy technologies, there were also a lot of challenges Lawn geo when we were starting up. One of the main challenges waas that all the smart phones being sold in India NGOs launching right in 2000 and 16. They did not have the voice or lt chip set embedded in the smartphone because the chips it's far costlier to embed in smartphones and India is a very price and central market. So none of the manufacturers were embedding the four g will teach upset in the smartphones. But geos are on Lee a volte in network, right for the all the network. So we faced a massive problem where we said, Look there no smartphones that can support geo. So how will we grow Geo? So in order to solve that problem, we launched our own brand of smartphones called the Life um, smartphones. And those phones were really high value devices. So there were $50 and for $50 you get you You At that time, you got a four g B storage space. A nice big display for inch display. Dual cameras, Andi. Most importantly, they had volte chip sets embedded in them. Right? And that got us our initial customers the initial for the launch customers when we launched. But more importantly, what that enabled other oh, EMS. What that forced the audience to do is that they also had to launch similar smartphones competing smartphones with voltage upset embedded in the same price range. Right. So within a few months, 3 to 4 months, um, all the other way EMS, all the other smartphone manufacturers, the Samsung's the Micromax is Micromax in India, they all had volte smartphones out in the market, right? And I think that was one key step We took off, launching our own brand of smartphone life that helped us to overcome this problem that no smartphone had. We'll teach upsets in India and then in order. So when when we were launching there were about 13 telecom companies in India. It was a very crowded space on demand. In order to gain a foothold in that market, we really made a few decisions. Ah, phew. Key product announcement that really disrupted this entire industry. Right? So, um, Geo is a default for GLT network itself. All I p network Internet protocol in everything. All data. It's an all data network and everything from voice to data to Internet traffic. Everything goes over this. I'll goes over Internet protocol, and the cost to carry voice on our smartphone network is very low, right? The bandwidth voice consumes is very low in the entire Lt band. Right? So what we did Waas In order to gain a foothold in the market, we made voice completely free, right? He said you will not pay anything for boys and across India, we will not charge any roaming charges across India. Right? So we made voice free completely and we offer the lowest data rates in the world. We could do that because we had the largest capacity or to carry data in India off all the other telecom operators. And these data rates were unheard off in the world, right? So when we launched, we offered a $2 per month or $3 per month plan with unlimited data, you could consume 10 gigabytes of data all day if you wanted to, and some of our subscriber day. Right? So that's the first phase off the overgrowth and smartphones and that really disorders. We hit 100 million subscribers in 170 days, which was very, very fast. And then after the smartphone faith, we found that India still has 500 million feature phones. And in order to grow in that market, we launched our own phone, the geo phone, and we made it free. Right? So if you take if you took a geo subscription and you carried you stayed with us for three years, we would make this phone tree for your refund. The initial deposit that you paid for this phone and this phone had also had quite a few innovations tailored for the Indian market. It had all of our digital services for free, which I will talk about soon. And for example, you could plug in. You could use a cable right on RCR HDMI cable plug into the geo phone and you could watch TV on your big screen TV from the geophones. You didn't need a separate cable subscription toe watch TV, right? So that really helped us grow. And Geo Phone is now the largest selling feature phone in India on it. 100 million feature phones in India now. So now now we're in what I call the geo platforms phase. We're growing of a geo fiber fiber to the home fiber toe the office, um, space. And we've also launched our new commerce initiatives over e commerce initiatives and were steadily building platforms that other companies can leverage other companies can use in the Jeon o'clock. Right? So this is how a small startup not a small start, but a start of nonetheless least 400 million subscribers within four years the fastest growing tech company in the world. Next, Geo also helped a systemic change in India, and this is massive. A lot of startups are building on this India stack, as people call it, and I consider this India stack has made up off three things, and the acronym I use is jam. Trinity, right. So, um, in India, systemic change happened recently because the Indian government made bank accounts free for all one billion Indians. There were no service charges to store money in bank accounts. This is called the Jonathan. The J. GenDyn Bank accounts. The J out off the jam, then India is one of the few countries in the world toe have a digital biometric identity, which can be used to verify anyone online, which is huge. So you can simply go online and say, I am my ankle poor on duh. I verify that this is indeed me who's doing this transaction. This is the A in the jam and the last M stands for Mobil's, which which were held by Geo Mobile Internet in a plus. It is also it is. It also stands for something called the U. P I. The United Unified Payments Interface. This was launched by the Indian government, where you can carry digital transactions for free. You can transfer money from one person to the to another, essentially for free for no fee, right so I can transfer one group, even Indian rupee to my friend without paying any charges. That is huge, right? So you have a country now, which, with a with a billion people who are bank accounts, money in the bank, who you can verify online, right and who can pay online without any problems through their mobile connections held by G right. So suddenly our market, our Internet market, exploded from a few million users to now 506 106 100 million mobile Internet users. So that that I think, was a massive such a systemic change that happened in India. There are some really large hail, um, numbers for this India stack, right? In one month. There were 1.6 billion nuclear transactions in the last month, which is phenomenal. So next What is the impact of geo in India before you started, we were 155th in the world in terms off mobile in terms of broadband data consumption. Right. But after geo, India went from one 55th to the first in the world in terms of broadband data, largely consumed on mobile devices were a mobile first country, right? We have a habit off skipping technology generation, so we skip fixed line broadband and basically consuming Internet on our mobile phones. On average, Geo subscribers consumed 12 gigabytes of data per month, which is one of the highest rates in the world. So Geo has a huge role to play in making India the number one country in terms off broad banded consumption and geo responsible for quite a few industry first in the telecom space and in fact, in the India space, I would say so before Geo. To get a SIM card, you had to fill a form off the physical paper form. It used to go toe Ah, local distributor. And that local distributor is to check the farm that you feel incorrectly for your SIM card and then that used to go to the head office and everything took about 48 hours or so, um, to get your SIM card. And sometimes there were problems there also with a hard biometric authentication. We enable something, uh, India enable something called E K Y C Elektronik. Know your customer? We took a fingerprint scan at our point of Sale Reliance Digital stores, and within 15 minutes we could verify within a few minutes. Within a few seconds we could verify that person is indeed my hunk, right, buying the same car, Elektronik Lee on we activated the SIM card in 15 minutes. That was a massive deal for our growth. Initially right toe onboard 100 million customers. Within our and 70 days. We couldn't have done it without be K. I see that was a massive deal for us and that is huge for any company starting a business or start up in India. We also made voice free, no roaming charges and the lowest data rates in the world. Plus, we gave a full suite of cloud services for free toe all geo customers. For example, we give goTV essentially for free. We give GOTV it'll law for free, which people, when we have a launching, told us that no one would see no one would use because the Indians like watching TV in the living rooms, um, with the family on a big screen television. But when we actually launched, they found that GOTV is one off our most used app. It's like 70,000,080 million monthly active users, and now we've basically been changing culture in India where culture is on demand. You can watch TV on the goal and you can pause it and you can resume whenever you have some free time. So really changed culture in India, India on we help people liver, digital life online. Right, So that was massive. So >>I'm now I'd like to talk about our cloud >>journey on board Animal Minorities Partnership. We've been partners that since 2014 since the beginning. So Geo has been using open stack since 2014 when we started with 14 note luster. I'll be one production environment One right? And that was I call it the first wave off our cloud where we're just understanding open stack, understanding the capabilities, understanding what it could do. Now we're in our second wave. Where were about 4000 bare metal servers in our open stack cloud multiple regions, Um, on that around 100,000 CPU cores, right. So it's a which is one of the bigger clouds in the world, I would say on almost all teams, with Ngor leveraging the cloud and soon I think we're going to hit about 10,000 Bama tools in our cloud, which is massive and just to give you a scale off our network, our in French, our data center footprint. Our network introduction is about 30 network data centers that carry just network traffic across there are there across India and we're about eight application data centers across three regions. Data Center is like a five story building filled with servers. So we're talking really significant scale in India. And we had to do this because when we were launching, there are the government regulation and try it. They've gotten regulatory authority of India, mandates that any telecom company they have to store customer data inside India and none of the other cloud providers were big enough to host our clothes. Right. So we we made all this intellectual for ourselves, and we're still growing next. I love to show you how we grown with together with Moran says we started in 2014 with the fuel deployment pipelines, right? And then we went on to the NK deployment. Pipelines are cloud started growing. We started understanding the clouds and we picked up M C p, which has really been a game changer for us in automation, right on DNA. Now we are in the latest release, ofem CPM CPI $2019 to on open stack queens, which on we've just upgraded all of our clouds or the last few months. Couple of months, 2 to 3 months. So we've done about nine production clouds and there are about 50 internal, um, teams consuming cloud. We call as our tenants, right. We have open stack clouds and we have communities clusters running on top of open stack. There are several production grade will close that run on this cloud. The Geo phone, for example, runs on our cloud private cloud Geo Cloud, which is a backup service like Google Drive and collaboration service. It runs out of a cloud. Geo adds G o g S t, which is a tax filing system for small and medium enterprises, our retail post service. There are all these production services running on our private clouds. We're also empaneled with the government off India to provide cloud services to the government to any State Department that needs cloud services. So we were empaneled by Maiti right in their ego initiative. And our clouds are also Easter. 20,000 certified 20,000 Colin one certified for software processes on 27,001 and said 27,017 slash 18 certified for security processes. Our clouds are also P our data centers Alsop a 942 be certified. So significant effort and investment have gone toe These data centers next. So this is where I think we've really valued the partnership with Morantes. Morantes has has trained us on using the concepts of get offs and in fries cold, right, an automated deployments and the tool change that come with the M C P Morantes product. Right? So, um, one of the key things that has happened from a couple of years ago to today is that the deployment time to deploy a new 100 north production cloud has decreased for us from about 55 days to do it in 2015 to now, we're down to about five days to deploy a cloud after the bear metals a racked and stacked. And the network is also the physical network is also configured, right? So after that, our automated pipelines can deploy 100 0 clock in five days flight, which is a massive deal for someone for a company that there's adding bear metals to their infrastructure so fast, right? It helps us utilize our investment, our assets really well. By the time it takes to deploy a cloud control plane for us is about 19 hours. It takes us two hours to deploy a compu track and it takes us three hours to deploy a storage rack. Right? And we really leverage the re class model off M C. P. We've configured re class model to suit almost every type of cloud that we have, right, and we've kept it fairly generous. It can be, um, Taylor to deploy any type of cloud, any type of story, nor any type of compute north. Andi. It just helps us automate our deployments by putting every configuration everything that we have in to get into using infra introduction at school, right plus M. C. P also comes with pipelines that help us run automated tests, automated validation pipelines on our cloud. We also have tempest pipelines running every few hours every three hours. If I recall correctly which run integration test on our clouds to make sure the clouds are running properly right, that that is also automated. The re class model and the pipelines helpers automate day to operations and changes as well. There are very few seventh now, compared toa a few years ago. It very rare. It's actually the exception and that may be because off mainly some user letter as opposed to a cloud problem. We also have contributed auto healing, Prometheus and Manager, and we integrate parameters and manager with our even driven automation framework. Currently, we're using Stack Storm, but you could use anyone or any event driven automation framework out there so that it indicates really well. So it helps us step away from constantly monitoring our cloud control control planes and clothes. So this has been very fruitful for us and it has actually apps killed our engineers also to use these best in class practices like get off like in France cord. So just to give you a flavor on what stacks our internal teams are running on these clouds, Um, we have a multi data center open stack cloud, and on >>top of that, >>teams use automation tools like terra form to create the environments. They also create their own Cuba these clusters and you'll see you'll see in the next slide also that we have our own community that the service platform that we built on top of open stack to give developers development teams NGO um, easy to create an easy to destroy Cuban. It is environment and sometimes leverage the Murano application catalog to deploy using heats templates to deploy their own stacks. Geo is largely a micro services driven, Um um company. So all of our applications are micro services, multiple micro services talking to each other, and the leverage develops. Two sets, like danceable Prometheus, Stack stone from for Otto Healing and driven, not commission. Big Data's tax are already there Kafka, Patches, Park Cassandra and other other tools as well. We're also now using service meshes. Almost everything now uses service mesh, sometimes use link. Erred sometimes are experimenting. This is Theo. So So this is where we are and we have multiple clients with NGO, so our products and services are available on Android IOS, our own Geo phone, Windows Macs, Web, Mobile Web based off them. So any client you can use our services and there's no lock in. It's always often with geo, so our sources have to be really good to compete in the open Internet. And last but not least, I think I love toe talk to you about our container journey. So a couple of years ago, almost every team started experimenting with containers and communities and they were demand for as a platform team. They were demanding community that the service from us a manage service. Right? So we built for us, it was much more comfortable, much more easier toe build on top of open stack with cloud FBI s as opposed to doing this on bare metal. So we built a fully managed community that a service which was, ah, self service portal, where you could click a button and get a community cluster deployed in your own tenant on Do the >>things that we did are quite interesting. We also handle some geo specific use cases. So we have because it was a >>manage service. We deployed the city notes in our own management tenant, right? We didn't give access to the customer to the city. Notes. We deployed the master control plane notes in the tenant's tenant and our customers tenant, but we didn't give them access to the Masters. We didn't give them the ssh key the workers that the our customers had full access to. And because people in Genova learning and experimenting, we gave them full admin rights to communities customers as well. So that way that really helped on board communities with NGO. And now we have, like 15 different teams running multiple communities clusters on top, off our open stack clouds. We even handle the fact that there are non profiting. I people separate non profiting I peoples and separate production 49 p pools NGO. So you could create these clusters in whatever environment that non prod environment with more open access or a prod environment with more limited access. So we had to handle these geo specific cases as well in this communities as a service. So on the whole, I think open stack because of the isolation it provides. I think it made a lot of sense for us to do communities our service on top off open stack. We even did it on bare metal, but that not many people use the Cuban, indeed a service environmental, because it is just so much easier to work with. Cloud FBI STO provision much of machines and covering these clusters. That's it from me. I think I've said a mouthful, and now I love for you toe. I'd love to have your questions. If you want to reach out to me. My email is mine dot capulet r l dot com. I'm also you can also message me on Twitter at my uncouple. So thank you. And it was a pleasure talking to you, Andre. Let let me hear your questions.