>> Live from Washington, DC. It's theCUBE. Covering AWS Public Sector Summit 2018. Brought to you by Amazon Web Services, and its ecosystem partners. >> Welcome back to The District everybody. We're here covering the AWS Public Sector Summit, #AWSPSSummit. You're watching theCUBE, the leader in live tech coverage. My name is Dave Vellante and I'm here with my co-host Stuart Miniman. Gus Hunt is here, he's the Managing Director of Accenture. Great to see you. >> Great, thanks. Dave, Stu, appreciate being here. >> Thanks for coming on. Last night we were at the Accenture Event, it was hosted by Teresa Carlson and Accenture, a jam packed high-level audience. It was really, really fabulous. You couldn't make it, cause you got stuck in-- >> Weather-wise, got trapped in Atlanta. >> Unfortunately, Gus, you missed a lot, it was very good. But bring us up to speed on just sort of the state of where we're at with Accenture. You guys are heavily involved with the CIA implementation. We can talk about that a little bit. But start with Accenture, what you guys got going on in the Government. >> So Accenture Federal Services, which is the part I'm within, supports all of our federal agencies across the board. And we do enormous amount of work in the Cloud Services. In fact, Accenture itself is the largest partner of AWS in the world, right, providing cloud services directly engaged with Amazon. We have our Accenture Amazon Business Group, for example, that we leverage across the board. So we are really heavily steep, both in what it takes to help companies and our federal clients move to the cloud, but also how to take real advantage of it, how to gain the efficiencies that they need, and how to do this very securely. Because so much of I think the concerns that get expressed by people are a misunderstanding about whether or not the cloud is secure, versus how to do it securely in the cloud, if you understand the nuance difference there. >> Right, right. So, well, explain that. Let's double-click on that nuance there. A lot of people so early on it was concerns about the cloud, and then it kind of flipped and said, well, obviously the cloud's going to be more secure than what I could do as an organization. We heard what the CIA said today. They said, "On the worst day in the public cloud, "security's far better than in it is "in my client service systems." So help us unpack that a little. >> So, I'll take you back a few years. I spent 20 years in Federal Government working for CIA. I retired from there as their Chief Technology Officer. And I led basically the C2S deal that we put together in order to bring cloud services into the agency. And we did that fundamentally for four reasons. One was velocity. We had to get our speed of abilities, delivery capabilities up to match that what was happening in the private sector, in the cloud. The second was efficiencies. We had to find a way to really tap into the extraordinary efficiencies being driven by the cloud world and the cloud environment, with this continuous drop in price and storage, and computing, and things like that. How do we leverage that to our advantage and enable us now instead of to keep pace in the world when we knew that data was doing like this, and that the ability to exploit data is what the business is all about, right? >> And that was going like that at the time. >> With the cost, what we didn't want was the cost to do this, right? This is where the cloud was going to play a critical role to enable us to really keep pace with the explosion of data big data, and yet through storage and compute in the cloud, be able to do this at a fairly level cost curve, that was the objective. The third was to drive innovation, right? So we had to be able to innovate as fast as the private sector was able to innovate, to deliver new capabilities continuously all the time, and do those things. And the final reason really was about security, right? To your point, we're getting back to, the question that was originally asked was that the cloud, when we investigated the cloud, it turned out that the cloud was much more secure as a basic platform than almost anything that anybody could deliver inside their own data center across the board. And if you leverage the cloud in a particular way, security, it becomes a much more secure environment for people to operate in and do work in, then you could possibly achieve inside of your own data centers, your own data center environments. >> Gus, I'm hearing things like speed, innovation and security. I'm thinking, can you tell us a little bit about developers inside the agency? Do they have a DevOps initiative, as part of achieving those goals? >> Absolutely. So we actually got started doing Agile Development back in 2005. And what happened was, curiously enough with Agile development using scrum techniques is what we applied. We were able to build software capabilities much faster than we could actually get them hosted. So we had an impedance mismatch, a velocity mismatch, between the ability to build capabilities with Agile Development and to go. Now, when we got started in the cloud world here, DevOps was a relatively new term, but now of course DevOps just permeates everything that gets done. Accenture Federal Services, we teach DevOps for the intelligence community across the board, we teach Agile Development, we're heavily engaged. But our big move now is into DevSecOps, right? So the new impedance mismatch is the fact that I can deliver and build software very quickly. I can host it very quickly in the cloud, but my problem is that my security people who have to credit and approve the ability to run these things, are not working in sync very well with what happens in the space there. It's not that they're not great people, it's just that the methodologies that have been applied, now are causing a delay. So this is where DevSecOps comes into play and this is our big push in Accenture Federal Services. all of our clients in the cloud is to adopt DevSecOps so that we can have security tied directly into the entire development cycle all the way through, so that there are no surprises, right? We know exactly what the status is all along, and if you know anything about cyber security, in particular, both things, security on at the end is the worst possible thing you can do. And fixing cyber security holes at the end is 30 times more expensive than having just done it up front in the beginning across the board. So we are heavily invested in driving both Agile Development and DevSecOps now, in support of our cloud customers. >> Can you talk, Gus, about just as an observer, you're obviously deep into federal, but just the delta between commercial and federal? Certainly within federal you see pockets of highly advanced, whether it's security or analytics, et cetera, but across the board the Federal Government systems are obviously a lot of money is spent on maintenance, a lot of time and effort. Is Federal still learning, the public sector still learning from the commercial sector? Is it flipping? What's your take on that? >> So it's interesting. So when I retired and went out to work, from the public sector into the private sector, there's this really interesting point of view that's out there. When I was in the Federal Government, we really thought that the private sector was way ahead of us. And so we spent lot of time working with the financial service people who were brilliant, and working with Amazon and all of the people and all of the things that they were doing, because they were brilliant. So it was a really interesting engagement. But when I got to the other side, it's looked at the other way, right? They want to know what's going on because, particularly from a cyber-security optic, from a security optic, the Federal Government is viewed in many ways and particularly the intelligence community itself, is viewed as being far ahead of what goes on in the rest of the world. And in terms of analytics and things, the federal government has terrific capabilities, and has built terrific systems to do these things. So it's an interesting optic. Each one looking at the other from the outside in, is observing things and the reality is, is that like anything in life, you have this distribution. There are those that are terrific on one end of the spectrum and those that are nascent on the other end of the spectrum. This is true in the public sector, it's true in the private sector across the board. And it's just getting people together. I think the most important thing is to find a way to get us together so we share information really effectively, so that we understand what's going on, we can educate and we can all elevate ourselves up the chain, to deliver better capabilities, both for our clients and our customers, and to the citizens of our country. >> Yeah, and that public private partnership really isn't formalized. Frankly, it's companies like Accenture that are the glue there, don't you think? >> Yes, exactly. I think that that's a key point. It's companies like Accenture, companies like Amazon, who have engagements across the spectrum and on a global basis, that are able to see and experience things that most companies can't do 'cause they don't have that global perspective. One of the biggest issues we see is that most companies view the world through their narrow optic of their local sets of problems and issues, and this is what catches up with them, particularly in the cyber realm, for example. Which is they're looking at the world through the their own little narrow soda straw. And the global view of an AWS and the global view of an Accenture can be brought to bear to help us with our federal clients, for example, to see the issues more broadly and engage more effectively in a public private sector discourse. >> So there are threats everywhere, obviously. Increasingly people are talking about the weaponization of social media. Obviously, there's critical infrastructure, which we've talked about for years. Where do you see the priorities going? Where is the focus, the spending? Is it on response? Is it on keeping the bad guys out? What do you sense? >> I would say that most of the spending today is focused on trying to keep bad guys out. And that model, while critically important, has got to change, right? Because as you notice while important to do and absolutely essential, it has been wholly insufficient in actually dealing with the problem. We have to move ourselves into a completely different posture in the world today. We have to adopt very much proactive capabilities, hunt for things, do critical reviews and pen testing, discover your vulnerabilities before the adversary does. Adopt cloud services because they can change the security game. If we write cloud native code and distribute it in multiple availability zones and fully leverage elasticity and software to find networking, we can turn it into a shell game where the adversary has to find me, not the other way around. We can become what I call the polymorphic attack surface, as opposed to us having to do with polymorphic viruses, and things like that, that we have to find that are constantly trying to hide themselves from us. And so, it's adopting those things that then drive us to a state of resilience, which have to get to. Resilience is the ability to have an event and keep on operating. As opposed to what happens today, where you have an event and everything gets shut down, and all hands on deck and panic ensues. >> So, Gus, we've talked a little bit about some of the constraints and why some people might be concerned. Wondering if we could talk about some of the opportunities. What kind of innovation are you seeing from partners and customers that you're working with, that they're driving when they do adopt cloud? >> Innovation just across the board, or? >> Yeah, any cool things they're doing, there's edge technologies, you got IOT. >> I would say that the big drivers of innovation, of course, are the ones that everybody else talks about. Which is really what's happening in the machine learning and AI space. And that is really critical because those are the things that will enable us to both deal and act with issues, particularly in my realm, the cyber realm at machine speed across the board, and stop things before they can actually become problematic. But it's also going to be the mechanism by which we can enable the human population across the board to better themselves. So you take that and you combine it with the Internet of Things, which is growing explosively across the board, to begin to automate and drive efficiencies and enable remote health care and all those things like that. We're really at the cusp, I believe, of a true renaissance, if you will, of enabling society in ways that we can't possibly begin to imagine, just looking at it from where we are today. >> A lot of talk, you know, about machine intelligence. I didn't say AI, so I don't have to do a shot. Where do you see that fitting in, generally, and then maybe specifically in cyber? And the second part of that question is you're seeing this DevOps and SecOps worlds coming together? >> Yeah, right. So we talked previously about DevSecOps. Just to go back to that real quickly. That's an absolute essential. We have to get the business, the beauty of Agile Development and DevOps was it got the business and the infrastructure people who had to run things successfully all the time, and the developers who needed to do things very quickly, all at the table to engage and ensuring that they could do that. The gap in there was the security people. So with DevSecOps, you've got the security people brought in right up front across the board there. That move into DevSecOps is more than just essential, it's a must-do, I believe, for all organizations here as they move themselves into the future, and to find a way to adopt it. How did you phrase it? You didn't use the word AI, you said? >> Machine intelligence. >> Machine intelligence directive. I think that those capabilities are maturing very, very rapidly, and I think that what you're going to see is a rapid shift in two ways. One is that while machine intelligence is great, the machine is only as smart as the data and the information that are fed to it, right? If you feed a machine a bunch of information that's highly biased, you're going to get highly biased information out. So there's two things you have to have. One, the intelligence is going to grow inside the machines, but two, there's going to be and must be a parallel thread where you have to have some form of social consciousness and social awareness that ensures that the machines themselves don't develop unconscious biases that are then leveraged, and used to the disadvantage of citizens in society, or other people and things like that. And so machine intelligence is going to grow, but that same ability is emerging, and in fact it's something we talk about at Accenture and have written papers on, about the fact that we have to have this social conscience or social awareness around Artificial Intelligence, the machine learning, to ensure that it is most effectively used to the benefit of the citizens of the country. >> Right, well, in this notion of polymorphic attack surface, presumably it just can't be humans moving stuff around. >> No, that's where machinery and automation come into play, they have to act at machine speed. It's the only thing that can act at machine speed. Humans will always be involved. Okay, you're never going to get away from the human factor. What these things do is they do the heavy lifting, and then enable humans to focus on what their brains are really, really good at, which is making hard decisions about what's actually going on, and what they actually need to do in many cases. We can automate some things, but a lot of it is still going to require really smart people to engage. >> So when you look back at your original four objectives with respect to the cloud velocity, efficiencies, trying to keep the costs where they are or lower them, driving innovation and security, how would you grade, maybe the agency, the industry, whatever you feel comfortable attaching? >> Great question. I'm going to avoid giving you a specific answer like this. >> Fair enough. >> Again there's a spectrum of engagement, across the board. Some agencies are doing really well and have been leaders in the space, and I would argue that my old agency is one of those, really. There are others that are also leaders in the space and are engaging and adopting cloud services, they're pushing very heavily down these pathways we talked about. They're embracing these technologies because they realize what they can do. And then there are others that are lagging behind, but they are lagging behind for any number of several reasons that are out there. So first and foremost is the fact that there's a massive legacy set of workloads and capabilities out there, and it's very hard to figure out what are those that I want to engage in to move to the cloud and do things. So IT modernization dollars were put into play by the federal government in order to help federal agencies do this, modernize their IT with the goal of moving themselves to the cloud, so that they could drive the efficiencies and adopt the things that are going to be there. There's also the concerns we mentioned about security. There's too much fear, uncertainty and doubt, and I think misunderstanding about the cloud, and that was great. I missed the talk today from my old agency, but I'm glad to hear them talk about the fact that I've said this for the longest time, the basic cloud is much more secure than almost everything new. And if I apply and build and develop cloud native capabilities, I can actually leverage the cloud to my advantage to dramatically change the game and deliver cyber resilience into my customers set. So this is the messaging that we want to be able to do. The only way that people are going to do this in the end, because of this big backlog of capabilities, is they have to remember that they got into where their current state is one application, one system at a time. And the only way they're going to get out of it is one application, one system at a time. They just have to begin to think about what are the ones that matter and how they want to go about that. >> No quick fixes there, but a lot of hard work and thoughtfulness. Gus, thanks so much for coming to theCUBE. Really great to have you, appreciate you sharing your insight and your knowledge. >> Delighted, Dave. >> Pleasure. >> Stu, thanks so much. >> Okay, keep it right there everybody. Stu and I will be back, John Furrier is here as well with our next guest. We're live at the AWS Public Sector Summit. You're watching theCUBE. >> Thanks, guys.