(upbeat music) >> Welcome everyone to theCUBE's presentation of the AWS Startup Showcase AI/ML Top Startups Building Foundation Model Infrastructure. This is season three, episode one of our ongoing series covering exciting startups from the AWS ecosystem to talk about data and analytics. I'm your host, Lisa Martin and today we're excited to be joined by two guests from Astronomer. Steven Hillion joins us, it's Chief Data Officer and Jeff Fletcher, it's director of ML. They're here to talk about machine learning and data orchestration. Guys, thank you so much for joining us today. >> Thank you. >> It's great to be here. >> Before we get into machine learning let's give the audience an overview of Astronomer. Talk about what that is, Steven. Talk about what you mean by data orchestration. >> Yeah, let's start with Astronomer. We're the Airflow company basically. The commercial developer behind the open-source project, Apache Airflow. I don't know if you've heard of Airflow. It's sort of de-facto standard these days for orchestrating data pipelines, data engineering pipelines, and as we'll talk about later, machine learning pipelines. It's really is the de-facto standard. I think we're up to about 12 million downloads a month. That's actually as a open-source project. I think at this point it's more popular by some measures than Slack. Airflow was created by Airbnb some years ago to manage all of their data pipelines and manage all of their workflows and now it powers the data ecosystem for organizations as diverse as Electronic Arts, Conde Nast is one of our big customers, a big user of Airflow. And also not to mention the biggest banks on Wall Street use Airflow and Astronomer to power the flow of data throughout their organizations. >> Talk about that a little bit more, Steven, in terms of the business impact. You mentioned some great customer names there. What is the business impact or outcomes that a data orchestration strategy enables businesses to achieve? >> Yeah, I mean, at the heart of it is quite simply, scheduling and managing data pipelines. And so if you have some enormous retailer who's managing the flow of information throughout their organization they may literally have thousands or even tens of thousands of data pipelines that need to execute every day to do things as simple as delivering metrics for the executives to consume at the end of the day, to producing on a weekly basis new machine learning models that can be used to drive product recommendations. One of our customers, for example, is a British food delivery service. And you get those recommendations in your application that says, "Well, maybe you want to have samosas with your curry." That sort of thing is powered by machine learning models that they train on a regular basis to reflect changing conditions in the market. And those are produced through Airflow and through the Astronomer platform, which is essentially a managed platform for running airflow. So at its simplest it really is just scheduling and managing those workflows. But that's easier said than done of course. I mean if you have 10 thousands of those things then you need to make sure that they all run that they all have sufficient compute resources. If things fail, how do you track those down across those 10,000 workflows? How easy is it for an average data scientist or data engineer to contribute their code, their Python notebooks or their SQL code into a production environment? And then you've got reproducibility, governance, auditing, like managing data flows across an organization which we think of as orchestrating them is much more than just scheduling. It becomes really complicated pretty quickly. >> I imagine there's a fair amount of complexity there. Jeff, let's bring you into the conversation. Talk a little bit about Astronomer through your lens, data orchestration and how it applies to MLOps. >> So I come from a machine learning background and for me the interesting part is that machine learning requires the expansion into orchestration. A lot of the same things that you're using to go and develop and build pipelines in a standard data orchestration space applies equally well in a machine learning orchestration space. What you're doing is you're moving data between different locations, between different tools, and then tasking different types of tools to act on that data. So extending it made logical sense from a implementation perspective. And a lot of my focus at Astronomer is really to explain how Airflow can be used well in a machine learning context. It is being used well, it is being used a lot by the customers that we have and also by users of the open source version. But it's really being able to explain to people why it's a natural extension for it and how well it fits into that. And a lot of it is also extending some of the infrastructure capabilities that Astronomer provides to those customers for them to be able to run some of the more platform specific requirements that come with doing machine learning pipelines. >> Let's get into some of the things that make Astronomer unique. Jeff, sticking with you, when you're in customer conversations, what are some of the key differentiators that you articulate to customers? >> So a lot of it is that we are not specific to one cloud provider. So we have the ability to operate across all of the big cloud providers. I know, I'm certain we have the best developers that understand how best practices implementations for data orchestration works. So we spend a lot of time talking to not just the business outcomes and the business users of the product, but also also for the technical people, how to help them better implement things that they may have come across on a Stack Overflow article or not necessarily just grown with how the product has migrated. So it's the ability to run it wherever you need to run it and also our ability to help you, the customer, better implement and understand those workflows that I think are two of the primary differentiators that we have. >> Lisa: Got it. >> I'll add another one if you don't mind. >> You can go ahead, Steven. >> Is lineage and dependencies between workflows. One thing we've done is to augment core Airflow with Lineage services. So using the Open Lineage framework, another open source framework for tracking datasets as they move from one workflow to another one, team to another, one data source to another is a really key component of what we do and we bundle that within the service so that as a developer or as a production engineer, you really don't have to worry about lineage, it just happens. Jeff, may show us some of this later that you can actually see as data flows from source through to a data warehouse out through a Python notebook to produce a predictive model or a dashboard. Can you see how those data products relate to each other? And when something goes wrong, figure out what upstream maybe caused the problem, or if you're about to change something, figure out what the impact is going to be on the rest of the organization. So Lineage is a big deal for us. >> Got it. >> And just to add on to that, the other thing to think about is that traditional Airflow is actually a complicated implementation. It required quite a lot of time spent understanding or was almost a bespoke language that you needed to be able to develop in two write these DAGs, which is like fundamental pipelines. So part of what we are focusing on is tooling that makes it more accessible to say a data analyst or a data scientist who doesn't have or really needs to gain the necessary background in how the semantics of Airflow DAGs works to still be able to get the benefit of what Airflow can do. So there is new features and capabilities built into the astronomer cloud platform that effectively obfuscates and removes the need to understand some of the deep work that goes on. But you can still do it, you still have that capability, but we are expanding it to be able to have orchestrated and repeatable processes accessible to more teams within the business. >> In terms of accessibility to more teams in the business. You talked about data scientists, data analysts, developers. Steven, I want to talk to you, as the chief data officer, are you having more and more conversations with that role and how is it emerging and evolving within your customer base? >> Hmm. That's a good question, and it is evolving because I think if you look historically at the way that Airflow has been used it's often from the ground up. You have individual data engineers or maybe single data engineering teams who adopt Airflow 'cause it's very popular. Lots of people know how to use it and they bring it into an organization and say, "Hey, let's use this to run our data pipelines." But then increasingly as you turn from pure workflow management and job scheduling to the larger topic of orchestration you realize it gets pretty complicated, you want to have coordination across teams, and you want to have standardization for the way that you manage your data pipelines. And so having a managed service for Airflow that exists in the cloud is easy to spin up as you expand usage across the organization. And thinking long term about that in the context of orchestration that's where I think the chief data officer or the head of analytics tends to get involved because they really want to think of this as a strategic investment that they're making. Not just per team individual Airflow deployments, but a network of data orchestrators. >> That network is key. Every company these days has to be a data company. We talk about companies being data driven. It's a common word, but it's true. It's whether it is a grocer or a bank or a hospital, they've got to be data companies. So talk to me a little bit about Astronomer's business model. How is this available? How do customers get their hands on it? >> Jeff, go ahead. >> Yeah, yeah. So we have a managed cloud service and we have two modes of operation. One, you can bring your own cloud infrastructure. So you can say here is an account in say, AWS or Azure and we can go and deploy the necessary infrastructure into that, or alternatively we can host everything for you. So it becomes a full SaaS offering. But we then provide a platform that connects at the backend to your internal IDP process. So however you are authenticating users to make sure that the correct people are accessing the services that they need with role-based access control. From there we are deploying through Kubernetes, the different services and capabilities into either your cloud account or into an account that we host. And from there Airflow does what Airflow does, which is its ability to then reach to different data systems and data platforms and to then run the orchestration. We make sure we do it securely, we have all the necessary compliance certifications required for GDPR in Europe and HIPAA based out of the US, and a whole bunch host of others. So it is a secure platform that can run in a place that you need it to run, but it is a managed Airflow that includes a lot of the extra capabilities like the cloud developer environment and the open lineage services to enhance the overall airflow experience. >> Enhance the overall experience. So Steven, going back to you, if I'm a Conde Nast or another organization, what are some of the key business outcomes that I can expect? As one of the things I think we've learned during the pandemic is access to realtime data is no longer a nice to have for organizations. It's really an imperative. It's that demanding consumer that wants to have that personalized, customized, instant access to a product or a service. So if I'm a Conde Nast or I'm one of your customers, what can I expect my business to be able to achieve as a result of data orchestration? >> Yeah, I think in a nutshell it's about providing a reliable, scalable, and easy to use service for developing and running data workflows. And talking of demanding customers, I mean, I'm actually a customer myself, as you mentioned, I'm the head of data for Astronomer. You won't be surprised to hear that we actually use Astronomer and Airflow to run all of our data pipelines. And so I can actually talk about my experience. When I started I was of course familiar with Airflow, but it always seemed a little bit unapproachable to me if I was introducing that to a new team of data scientists. They don't necessarily want to have to think about learning something new. But I think because of the layers that Astronomer has provided with our Astro service around Airflow it was pretty easy for me to get up and running. Of course I've got an incentive for doing that. I work for the Airflow company, but we went from about, at the beginning of last year, about 500 data tasks that we were running on a daily basis to about 15,000 every day. We run something like a million data operations every month within my team. And so as one outcome, just the ability to spin up new production workflows essentially in a single day you go from an idea in the morning to a new dashboard or a new model in the afternoon, that's really the business outcome is just removing that friction to operationalizing your machine learning and data workflows. >> And I imagine too, oh, go ahead, Jeff. >> Yeah, I think to add to that, one of the things that becomes part of the business cycle is a repeatable capabilities for things like reporting, for things like new machine learning models. And the impediment that has existed is that it's difficult to take that from a team that's an analyst team who then provide that or a data science team that then provide that to the data engineering team who have to work the workflow all the way through. What we're trying to unlock is the ability for those teams to directly get access to scheduling and orchestrating capabilities so that a business analyst can have a new report for C-suite execs that needs to be done once a week, but the time to repeatability for that report is much shorter. So it is then immediately in the hands of the person that needs to see it. It doesn't have to go into a long list of to-dos for a data engineering team that's already overworked that they eventually get it to it in a month's time. So that is also a part of it is that the realizing, orchestration I think is fairly well and a lot of people get the benefit of being able to orchestrate things within a business, but it's having more people be able to do it and shorten the time that that repeatability is there is one of the main benefits from good managed orchestration. >> So a lot of workforce productivity improvements in what you're doing to simplify things, giving more people access to data to be able to make those faster decisions, which ultimately helps the end user on the other end to get that product or the service that they're expecting like that. Jeff, I understand you have a demo that you can share so we can kind of dig into this. >> Yeah, let me take you through a quick look of how the whole thing works. So our starting point is our cloud infrastructure. This is the login. You go to the portal. You can see there's a a bunch of workspaces that are available. Workspaces are like individual places for people to operate in. I'm not going to delve into all the deep technical details here, but starting point for a lot of our data science customers is we have what we call our Cloud IDE, which is a web-based development environment for writing and building out DAGs without actually having to know how the underpinnings of Airflow work. This is an internal one, something that we use. You have a notebook-like interface that lets you write python code and SQL code and a bunch of specific bespoke type of blocks if you want. They all get pulled together and create a workflow. So this is a workflow, which gets compiled to something that looks like a complicated set of Python code, which is the DAG. I then have a CICD process pipeline where I commit this through to my GitHub repo. So this comes to a repo here, which is where these DAGs that I created in the previous step exist. I can then go and say, all right, I want to see how those particular DAGs have been running. We then get to the actual Airflow part. So this is the managed Airflow component. So we add the ability for teams to fairly easily bring up an Airflow instance and write code inside our notebook-like environment to get it into that instance. So you can see it's been running. That same process that we built here that graph ends up here inside this, but you don't need to know how the fundamentals of Airflow work in order to get this going. Then we can run one of these, it runs in the background and we can manage how it goes. And from there, every time this runs, it's emitting to a process underneath, which is the open lineage service, which is the lineage integration that allows me to come in here and have a look and see this was that actual, that same graph that we built, but now it's the historic version. So I know where things started, where things are going, and how it ran. And then I can also do a comparison. So if I want to see how this particular run worked compared to one historically, I can grab one from a previous date and it will show me the comparison between the two. So that combination of managed Airflow, getting Airflow up and running very quickly, but the Cloud IDE that lets you write code and know how to get something into a repeatable format get that into Airflow and have that attached to the lineage process adds what is a complete end-to-end orchestration process for any business looking to get the benefit from orchestration. >> Outstanding. Thank you so much Jeff for digging into that. So one of my last questions, Steven is for you. This is exciting. There's a lot that you guys are enabling organizations to achieve here to really become data-driven companies. So where can folks go to get their hands on this? >> Yeah, just go to astronomer.io and we have plenty of resources. If you're new to Airflow, you can read our documentation, our guides to getting started. We have a CLI that you can download that is really I think the easiest way to get started with Airflow. But you can actually sign up for a trial. You can sign up for a guided trial where our teams, we have a team of experts, really the world experts on getting Airflow up and running. And they'll take you through that trial and allow you to actually kick the tires and see how this works with your data. And I think you'll see pretty quickly that it's very easy to get started with Airflow, whether you're doing that from the command line or doing that in our cloud service. And all of that is available on our website >> astronomer.io. Jeff, last question for you. What are you excited about? There's so much going on here. What are some of the things, maybe you can give us a sneak peek coming down the road here that prospects and existing customers should be excited about? >> I think a lot of the development around the data awareness components, so one of the things that's traditionally been complicated with orchestration is you leave your data in the place that you're operating on and we're starting to have more data processing capability being built into Airflow. And from a Astronomer perspective, we are adding more capabilities around working with larger datasets, doing bigger data manipulation with inside the Airflow process itself. And that lends itself to better machine learning implementation. So as we start to grow and as we start to get better in the machine learning context, well, in the data awareness context, it unlocks a lot more capability to do and implement proper machine learning pipelines. >> Awesome guys. Exciting stuff. Thank you so much for talking to me about Astronomer, machine learning, data orchestration, and really the value in it for your customers. Steve and Jeff, we appreciate your time. >> Thank you. >> My pleasure, thanks. >> And we thank you for watching. This is season three, episode one of our ongoing series covering exciting startups from the AWS ecosystem. I'm your host, Lisa Martin. You're watching theCUBE, the leader in live tech coverage. (upbeat music)

(upbeat music) >> Hey, everyone. Welcome to theCUBE's Special Program Series: Women of the Cloud, brought to you by AWS. I'm your host, Lisa Martin. Very pleased to welcome Ashley Gaare to the program, Global Extended Executive Board Member and President, North America at SoftwareONE. Ashley, welcome, it's great to have you here. >> Hi Lisa, thank you for having me. I'm excited to be here. >> Talk to us a little bit about you, about SoftwareONE, about your role, give us that context. >> So SoftwareONE is a global services provider for end-to-end software cloud management. We operate in over 90 countries. Our headquarters globally are in Zurich, Switzerland. Our North American headquarters are in Milwaukee, Wisconsin. And I run the North American region with scales from the US, Canada, we have parts in Costa Rica, in Mexico. And our primary purpose and to serve our clients is to help them really understand the restraints in cloud management, everything from licensing used rights to financial operations to workload migrations, to help them drive better outcomes for their business. >> It's all about outcomes for the business. Every conversation we have always goes back to outcomes, but I want to learn a little bit more actually about you. Talk a little bit about your career path and then give us some recommendations that you would have for others who are looking to really kind of step the ladder in their tech careers. >> Yeah, so I've been very fortunate and blessed to be able to be at SoftwareONE for 15 years. So I came up through inside sales. I had no idea how the tech world operated, didn't even know what a server was. And I learned on the job, and this was before even cloud was really relevant. And I think for me, I get asked a lot, "How did you work your way up," so to speak, and it's really about understanding where your strengths sit and investing in those strengths, building a brand of yourself and what your identity is like within the workplace. What do you want people to know of you? Do they want to, "Oh, I got to get Ashley on this project because she accelerates and executes cleanly," right? Or, "I need Ashley to do this because she can collaborate with peers and bring people along." So really understanding where you want to sit, what your skills are, and your strengths, and then asking for mentorship, getting career advice, raising your hand, take on more, and don't ever be afraid to ask questions and admit stuff when you don't know, that humble is part of our core value within SoftwareONE, and it's really, really helped me grow in my own career. >> Ashley, I love that you talked about creating your own personal brand. Another thing that I hear often from women in this situation is creating your own personal board of directors, of mentors, and sponsors who can help guide you along that path. You also talk about investing in you, and I think that is such pertinent advice for those to be able to create success stories within their career. I would love to then know about some of the successes that you've had, where you've helped solve problems relating to cloud computing for organizations, internal, external. >> Yeah, it's a great question. That's why we're here, right? Women of the Cloud. Yeah, SoftwareONE in particular, took the approach early on that we were going to go cloud first in our services portfolio offering, right? We saw the writing on the wall. There was no reason to invest backwards and build (indistinct) and data center consulting practices. So for us, everything we built from the ground up has been cloud native. And so some of the amazing client stories that we've had are really I think, I know it's a silver lining coming out of the pandemic when you had industries hit so hard but hit so differently. And technology was at the core on how they address those problems. So you had the healthcare space that had to get protection and be able to meet with their patients face to face but virtual at the same time. So they had to be able to take the data and still governance with HIPAA laws, keep it secure but then move it to the cloud and shift it fast, right? And then you had manufacturing who had employees who had to stay on site, right? To keep the supply chain running, but at the same time you had office workers that had to move home and completely be 100% remote. And so what we've been able to do really with AWS and our certifications in that practice is AWS differentiates itself with its agility, its framework, it allows for true development in the the PaaS space. It provides a really, really secure robust end to end solution for our clients. And when you have to be able to be nimble that quickly it's created this new expectation in the industry that it could happen again. So are you set up for the next recession? Are you set up for the next pandemic? God willing, there isn't one, but you never know. And so investing in the right infrastructure there in the cloud is critical. And then having the framework, to manage it and go it is second in line and importance. >> Being able to be just aware of the situations that can happen. In hindsight, it's, that's a silver lining coming at a COVID cheer point, being able to prepare for disasters of different types or the need to establish business continuity. I mean, we saw so many organ, well every, almost that survived every surviving organization pivot to cloud during the last couple of years that had no choice to one, survive and two, to be able to be competitive in our organization. And so we've seen so many great stories of successes. And it sounds like SoftwareONE has really been at the forefront of enabling a lot of businesses, I would imagine. Can the industry be successful in that migration and that quick pivot to being competitive advantage competitively, competitive? >> Yeah. Yeah. And I think our differentiator which comes from our core strength of this licensing and asset financial management piece. So with COVID, right? When you had this great acceleration to the cloud whether it was remote workplace or it was IaaS you then had no choice but to pay what you had to pay. It was all about keeping the lights on and running the business and thriving as much as you could. And so cost wasn't a concern. And then you had the impact in certain industries where it became a concern pretty quick. And so now we're seeing this over pendulum kind of this pendulum swing back where it's like, okay we're in the cloud, now we got to go back in time and kind of fix the processes and the financial piece and the components and the compliance that we didn't really address or have time to sit and think because we were in survival mode. And that's where SoftwareONE really comes in with this end to end view on everything from what should you move to the cloud? How does it impact your budget, your bottom line should you capitalize it? Can you capitalize it? And so the CFO and the CEO and that CIO suite have to be working end to end on how to do this effectively, right? So that they can continue to thrive in the business and not just run in survival mode anymore. >> Absolutely, we're past that point of running in survival mode. We've got to be able to thrive to be able to be agile and nimble and flexible to develop new products, new services to get them to market faster than our competition. So much has changed in the last couple of years. I'm wondering what your perspective is on diversity. We've talked about it a lot in technology. We talk about DEI often. >> Yeah. >> A lot's gone on in the last couple of years thought there's so much value in thought diversity alone. But talk to me about some of the things that you're seeing through the diversity lens and what are some of the challenges that are still there that organizations need help to eradicate? >> Yeah, topic I'm very passionate about. So there's a couple of big bullets, right? That are big rocks that we have to move. There's a gender gap, we know this. There's a wage gap, we know this. Statistics state, essentially that women make 82 cents for every $1 a man makes. Men hold 75% of the US tech jobs and working mothers, for example. 34% of them do not return to the workforce. It's mind blowing, fun facts and SoftwareONE is we actually have a hundred percent return working mothers come back and stay for at least a year, yeah. And it requires really intentional investment in making sure that they have an environment that they can be successful as they transition back making diligent choices on the benefits that you provide those women so that they don't feel that they have to make some of the tough choices that they feel pressured to do. And then you have this talent shortage, right? So on top of gender, on top of pay, then you have this all up shortage of underrepresented groups, right? And you also have, in the tech space there's just a lack of talent all up. And I think looking back, hindsight's always 2020 but as a community and as a vertical in the tech space, the organizations didn't do enough good job of reaching into high schools, understanding early on in elementary and middle school to provide equal opportunity to make the computer coding classes a requirement and not an elective to give everybody exposure to how tech works in the real world, right? As opposed to offering it as an elective. It should be a requirement. I mean, it's like financial management. It's how the world runs today is on tech. So something that SoftwareONE has done to really address that is we built this academy it's only two years in its infancy, so it's young but we go intentionally to schools and we hand select and we create a program, right? To get them exposed to the industries that they're interested in. Personally though, I think we need to start way earlier on and I think that's something that we all can work better at and is exposing the next generation to setting an expectation that tech is going to be in your life. And so let's learn about it and not be afraid of it and turn it into a career, right? >> Absolutely, every company these days has to be a data company. They have to be a tug company whether it's your grocery store, a retailer, a manufacturer, a car dealer. So that kind of choice isn't really there anymore that's just the direction that these companies have to go in. You mentioned something that I love because I've been hearing it a lot from women in this series. And that is, with respect to diversity organizations need to be intentional. It has to be intentional, really from the get go. And it sounds like SoftwareONE has done a great job with intention about creating the program and looking at how can we go after and solve some of the challenges that we have today but really go after some of these younger groups who might not understand the impact and the influence that tech is having in their lives. >> Yeah, and the only way to be intentional with the right outcome is to ensure that you have diversity of thought in the leadership teams that make those decisions, right? So you can put your best foot forward in being intentional with trying to keep women in the workforce but if you don't have women on your leadership team where are you getting that feedback from? And so it starts by this getting the talent into the company at the very bottom level from an inclusion standpoint, keeping them, but also intentionally selecting the right diversity of thought at the leadership levels where they make decisions. Because that's where the magic happens Where, I have the privilege to be able to choose and work with my HR partner on what benefits we provide. And you have to have a team that's all inclusive in understanding the needs of all the groups, right? Otherwise you end up intentionally in with the best intent of heart creating benefits that don't really help women. I think it takes a lot of work and and time, but it's something that's very important. >> Very, very important. The fact that you mentioned thought diversity, the amount of value that can come from thought diversity alone is huge. I've seen so many different data points that talk about when there are females or people of color in the executive positions at organizations they are x percent say 20% more profitable. So the data is there to demonstrate the power and the business value that can come from thought diversity alone. >> Yep. Exactly. Yep. >> So moving on, we've got a couple minutes left. I want to understand what you are seeing in your crystal ball or maybe it's a magic ball about what's next in cloud. How do you see your role evolving in the industry? >> So, well, what I think what's next in cloud both from an industry and a SoftwareONE standpoint is expanding outside of this infrastructure as a service mindset where cloud was there to run your business. And the beauty of it now is that cloud is there to also drive your business and create new products and capabilities. And so one of the biggest trends we're seeing is all organizations at some form or at some point in time will become a service provider or have an application that they host that they provide to their clients, right? And so they're a tech company. And so it's not just using tech to run it's using tech to build and innovate and be able to create a profit center to be able to drive back those to meet your clients' needs. And in order for you to make the appropriate decisions on financial strategy and budget management you have to know the cost to go into, to building the product, right? And if you don't know the cost to go into the building the product then you don't know the profit margins to set and you don't have a strategy to go sell it, at market value. And so it really becomes this linchpin in all of the areas of the business where you're not only running but you're also developing and building. So you have to have a very good, strong investment in the financial operations component of cloud. And I think that's where FinOps is coming in. You'll hear that phrase a lot, right? And so the end to end ability to financially manage cloud while secure, but also with visibility is that is this next generation, and it's going to include SaaS, right? 'Cause they're going to be plugging in it's going to include governance because it's not just the CIO making decisions anymore. It's business line leaders. And so how do you have this cloud center of excellence to be able to provide the data to the decision makers so that they can drive the business? >> And that's what it's all about, is data being able to be be used, extracting insights from it in a fast real time manner to create those business decisions that help organizations to be successful to pivot when needed and to be able to meet consumer demand. Last question for you, Ashley is, if you think about in the last say five years what are some of the biggest changes in terms of the tech workforce and innovation that you've seen? And what excites you about the direction that we're going in? >> Oh, I think that, well I think the biggest change over the last five years is the criticality of the space. It used to be like, well we're not so mature in cloud. We'll eventually get there, we'll dabble in it, we'll dip our toes in it, eventually, we'll move everything. And it's like, well, we're there.(laughs) So if you're not in it, you're behind. And I think what is really important for people who want to get into this space is it doesn't mean you have to be super techy, right? The number of times people are like can you help me with my computer? And I'm like, "No, I don't even know how." Like, "No, I not can help you with your computer." I consult and I help drive, business decisions with clients. And so there's all these peripheral roles that people can get involved in, whether it's marketing or it's sales or it's product design. It's not just engineering anymore. And I think that's what's really exciting about what's to come in this space. >> The horizon is infinite. Ashley, thank you so much for joining me on the program, talking about your role, what you're doing at SoftwareONE, some of the great successes that you've had in the cloud and some of your recommendations for organizations and people to grow their careers and really increase diversity in tech. We so appreciate your time. >> Thank you, Lisa. Thanks for having me. >> My pleasure. For Ashley Gaare, I'm Lisa Martin. You're watching theCUBE special program series; Women of the Cloud, brought to you by AWS. Thanks so much for watching. (soft upbeat music)

>> Narrator: TheCUBE presents Ignite 22, brought to you by Palo Alto Networks. >> Good afternoon guys and gals. We're so glad you're here with us. Welcome back to the MGM Grand, Las Vegas. This is day two of theCUBE's coverage of Palo Alto Networks Ignite22. Lisa Martin here with Dave Valante. Dave, as I mentioned, our second day of coverage. We've learned a lot about cybersecurity, the complexity, the challenges, but also the opportunities. We've had some great conversations, really dissecting some recent survey data. We know that every industry, no industry is immune from this but healthcare is one of the ones that's quite vulnerable. We're going to be talking about that next, in part. >> Yeah. Cause we always talk about the super cloud and connecting hybrid across clouds and you know, on-prem, but also now out to the edge. >> Yes. >> You know, and nobody wants a separate stove pipe, but we saw this during the pandemic. We saw the pivot, work from home, to end point and cloud security rearchitecting the network, identity and you know, more stove pipes. Right? So, but that's not what the industry wants or needs, so. >> Right. >> Yeah. >> Well I never would think about, you know you go to the doctor's office, you go to a hospital, X-ray machines, CT scanners, all these proliferation of medical IoT devices. Great for the patient, great for the providers, but a lot of opportunities for the attackers, as well. We're going to be talking about that, in part, in our next conversation with an alumni that's coming back to the program. Anand Oswal is here. The SVP and GM of network security at Palo Alto Networks. Great to have you back. >> Great to have me. Thank you. >> It's been a few years. >> Oswal: Yeah. It's been a time. >> So, I was looking at some of the unit 42 research: medical devices are the weakest link on the hospital network. >> Oswal: Yeah. >> But, so great for patient care, for doctors, providers, et cetera. But, a challenge and an opportunity for the adversaries. >> Oswal: Yeah. >> What are some of the things that you guys are seeing? I know you have some news on the medical IoT front. >> Yeah. Thanks for having me by the way. So, if you look at every industry has benefited from connected devices. Changes the outcome and the experiences, both for the end users, as well as the businesses. And healthcare is no different. If you look at the experience that we had as patients over the last decade has changed dramatically. And in the pandemic, even more changes happened, right? This is really ushering in a new era of patient care. It's connected devices. You know, I have a family member of mine who has diabetes. And, as you know, you got to check the blood glucose level periodically. It's usually pricking, it's cumbersome, it can hurt you. But now, with this new IoT based glucose margin systems, you can monitor these levels in real time, constantly. If it drops, can inject the right amount of insulins. So, changing the experience and the outcome for patients. Taking data from this devices to ensure that you have different outcomes. So, really, changing how you experience as patient. But, like you said, along with all of this is adding increased cybersecurity. Right? And we've seen over the last, I don't know, year or so, a 200% increase in cyber attacks on healthcare organizations. And, in the next couple of years, you're going to see 1.3 billion, yes, the "B," billion, new connected devices come to healthcare. So, that's including the attack surface. So, we've got to stay vigilant. There's a lot of great things you get from connected devices. It has cyber risk, just plan it properly. >> But, it's hard just to secure a medical IoT devices. Why is it so challenging? And how do you help? >> Yeah. Look, you can only secure what you see, first of all, right? So, it's very important to understand what devices you have on your network. And these can't be done statically, right? Because you're, they're made by different manufacturers and you're adding so many every day. So, you need to use machine learning to identify what these devices are. But just not what are devices, who's the manufacturer? What's the make, what's the model? What's the unpatched vulnerabilities? That's one part. I tell people that having visibility is good, but just that's not enough. It's like me telling you, you have a leak in your house. I don't give you any information on where the leak is. How do I call the plumber? What's the home warranty? Home insurance coverage? So you got visibility. Then you need to do segmentation. Segmentation all about who can talk to whom. Should your CT scan machine or MRI machine be talking to a server in the corporate environment? Should be talking to your point of sale terminal in the hospital? Maybe not. Right? So you need to define those policies. Again, those can be manual. They have to be automated because you're adding new devices every day. After you do that, it's around the data that is transporting on those devices. Do they have threats? Are they command controlled connections? Because threats can move laterally and need to inspect this in real time every day, constantly. Not just one time. Right? That's the whole notion of zero trust, which is no notion of implied trust. You want to have least privilege access. And the most important is that, look, we talked about this before. Majority of healthcare organizations have legacy security architectures. You can't have it solved better, the point product a new sensor, a partial solution. You need to get fully integrated because you need to reduce their operational cost. You need to ensure that they have better security. Right? I tell people what do organization want? Make more money, save money, and steer out trouble. Right? In simple ways. >> Valante: Yeah. >> I need to ensure that they're able to get this done securely. That's very important. >> So, a lot of the devices, so you think about oT, a lot of the devices been naturally air gaped. That was sort of the safety. What's it like in healthcare? Is the MRI machine, was it historically net-, you know, fenced off from the network and how is that changing? >> Yeah. I'll give an example. I talked to a customer, this is a few months ago. And this happened before the pandemic, luckily. They were doing, a doctor was doing a surgery on a patient at roughly two in the morning, on a, and using a ventilator. And guess what happened? The ventilator rebooted and said: firmware upgrading. >> Yeah. >> Right? >> Wow. >> And luckily when I doctor, their customer, they said they had another ventilator that they could quickly do. This ventilator was connected to an ethernet cable, in this case. And somebody decided that two AM is the right time to upgrade things. Like, you know, you have windows of when you upgrade things. But, you need to be able to manage a lifecycle of these devices more intelligently. When is it being used? When it's upgraded? There's a life of a device, and then there's a cyber life. Now we have too many devices with end of life operating systems. We all remember the 2017 WannaCry attack. That was an end of life operating system. So, you have a shelf life and you have a cyber life. Need to be able to manage the life cycle of these devices and easily onboard new devices, but also have, be able to sunset devices as needed. >> Okay. So the business generally stays ahead, you know, of cyber, but are those worlds coming together? I mean, I feel like with digital transformation we're beginning to see that everybody talks about, you know, cyber can't just be a bolt on. >> Oswal: Yes. >> But it oftentimes is. So what's the state of play in healthcare? >> I think it's changing. If you think about the healthcare organizations or generally even oT environments, the decision maker is not just the CIO and CISO, it's also your plant manager, the hospital owner, or manager of the operations of the hospital. They have to be taken into account. The other, the other stakeholders: the clinical and biomed engineer who operates these devices, right? I was talking to a healthcare customer that said that asset utilization or devices important. Many times you find nurses or doctors will keep an infusion pump with them in their room because they want easy to use. And then they say, I want five more or 10 more, right? We all living in an environment where budget will be more and more important. So how do you get a full inventory of what's using what, how often are they used? For example, MRI machines are many times preset for scanning certain parts of the body. Now you can change it, but it takes time. It's effort. So if you know the actual utilization of what you're doing, you can be more efficient and have a much more efficient organization. >> And so how do they do that? Is that some kind of predictive analytics that they're using? Is it... >> Yes. It's the whole lifecycle of a zero trust architecture. It is the whole lifecycle of managing these devices effectively and then simplifying your operations. The three things that we have to do. >> How can zero trust be really tailored to healthcare specifically? >> Yeah. Let me tell you, first of all, when I talk of zero trust, I have a simple way of talking about it. Which is no notion of implied trust, right? Just because I'm in an environment doesn't mean have access to a device and application, et cetera. And when we think of medical device, it's like, who's the user who's accessing it? How do you authenticate that user? And that can be the things the organization has: password, an MFA, et cetera. That's, that's good. That's not enough. If you're accessing some, if I authentic authenticated you from this device, but what if this device itself is infected with malware? So, I need to know that it's the state of your device. Then what are you trying to access? Medical records, healthcare records, you'd like permission sets to access it. Are they read only, write only? Do you have confidential information about it? And when you're exchanging this information, is there malware in that data? You need to do this on a continuous basis. So, user, endpoint, access, and transaction. These four constructs have to be done continuously. That's the whole notion of zero trust. >> So, okay. Cause you had, we were talking off camera, you said, you know, get, say ask somebody what zero trust is, you get 10 different answers. 10 people, 10 different answers. So, I always would used to think unless a device or a person has been explicitly authorized and authenticated, they don't get access. But, you just added something more. It also has to be clean essentially. >> Yes. >> Right? And you've got the technology to do that? >> Absolutely. And we can, if you think about it, we can do this across all facets, all use cases. If you think of traditional network security, right? It doesn't secure the network. Like I said, it secures everything on the network. The users, the IoT devices, and the applications they access. Now I can be in the office, I can be on the road, or I can be home. I may use different notions of stacks. I may use a hardware-centric firewall for accessing data center based applications in my private data center. I may use a software firewall application for accessing things in the public cloud. I may use a cloud deliver SASE architecture from home or for remote branches. I wanted consistent security. The way I do threat, the way I do phishing protection, ransomware protection, IoT security. It should be consistent no matter where the user is, no matter where the data is, no matter where the applications is. And that's really what we can do with a consistent platform approach. >> So on-prem. In... >> The cloud, yes. >> In all the clouds, at the edge. >> Yes. >> Not only healthcare, but operational technologies? The factory? >> You want to make sure that it's not only the best in class security, it's also consistent security and consistent manageability. Right? Which means that the experience I have as an admin, from day minus one to day n. And it can be for any use case I have, it could be for securing my applications in my private data center, my application is the public cloud, or remote access from home or remote branch. I want that consistent security. I want that consistent policy. So, what is the treatment for you, the user, when you are in the office, on the go, or somewhere else? You don't want different experience. >> Valante: Yeah. >> You want same experience. >> Right? That goes... >> It should be optimal. It can be slow, it can be like, it takes you a long time to access your application either. Cause all of us are, we spoiled, we want it right away. >> Yeah. It can't be a blocker to productivity. >> Exactly. >> I was looking at some of the unit 42 data about, just the, all the vulnerabilities in different machines. We talk about cyber resilience a lot. How and, as I mentioned, and I think even the survey that Palo Alto Networks released yesterday, "What's Next in Cyber", was even demonstrating healthcare being one of the most vulnerable. >> Yes. >> And we talk about, you know, it being one of the weakest links. How can Palo Alto Networks work with healthcare organizations, large and small, across the globe to help them really dial up cyber resilience. >> Oswal: Yeah. >> And start reducing the vulnerabilities that are there as device proliferation is just going to happen. >> Yeah, absolutely. I think you hit a very good point. We have data which says that 83% of imaging systems run end of life operating system stacks, right? And you remember in 2017, the WannaCry attack started with an end of life operating system device. Right? It affected 150 countries in the UK alone. 70,000 devices, 30,000 patient cancellations. We know that, if you think about infusion pumps, three out of four have unpatched vulnerabilities. Which means that you can patch it. But it's very hard for the biomed or clinical engineer to understand what to do and what not to do. Healthcare organization have lot of compliance requirements. Right? They have HIPAA compliance, they have other regulations. So, you need to make them audit ready: inventory of the devices, status of each device, make it audit ready, compliance ready. So, they're able to do what they do best in serving patients versus worrying about other things that they, that we can automate for themselves. Lastly, I'll say is that, you also want to simplify the operations of the health environment, right? Having more point products, more point solutions, that's solving only a certain aspect of what you do. Like only visibility, telling you have a leak, but not putting the end solution. Adds more and more complexity to organizations. >> So it's a different dynamic in this world, healthcare world, because you got to all these devices and they're not, you know, I think about Patch Tuesday, Right? I mean Microsoft's always putting out patches. And so, that tells the hackers, Hey, you know, go in on Wednesday. >> Yeah. >> And hack away. It's probably different in healthcare. They're probably not as frequent patches published or maybe there are, I don't know. I'll be curious as to whether they are. But I mean the, the device manufacturers, they're not, you know, the biggest software company in the world. >> Yeah. >> You know, so they're probably not as on top of it. >> Yeah. >> So I'm not saying it's better or worse, it's just a different environment. >> The patches to the end devices may not be as frequent, but patches that you can apply on from a security perspective on a security stack are like happening continuously in real time. The second things that you also want to ensure that the capabilities of your security product itself are able to stop attacks inline, in real time. For example, 95% of all malware in the world is MORF malware, which means it's variations of existing malware. You can stop this inline real time, right? Attackers are using more and more sophisticated techniques today, to evade traditional sand boxing techniques. So, you have to out-innovate them. And that's what we've done by all our cloud services. We move them very early on to the cloud to get the agility and scale that we get. But we invested a lot in machine learning and deep learning to stop these day-zero threats in line, real time. Attackers are using that window of opportunity, like you mentioned, between the time when a breach is announced or detected, and patched. And that breach could, that time window could be a minute. They're going to exploit that time. You want to reduce that to almost zero, which means that you need to stop it in line, in real time, continuously. >> So, take the sandbox example. >> Yeah. >> So, what do you say? So, if I'm doing a sandbox on-prem, one of the vulnerabilities is if my capacity is out of 10,000 files, they're just going to overwhelm me with a hundred thousand and then I'm going to be trying to figure out what's going on. And while I'm doing that, they're going to be sneaking in. And is that an example of... >> No. >> Valante: That you address because you're in the cloud, or...? >> Yeah, that's one. But, think about examples where attackers are devising malware, are creating malware that will basically evade traditional sand boxing techniques. So, if I do a memory lookup on the register, that malware will diffuse. It only detonates on an end user on a device or a database. So, now you need to do intelligent techniques. So, we built this, lot of infrastructure for intelligent realtime memory analysis to ensure that we are able to stay ahead of the competition. And we did that for phishing, we did that for command control connections, we did for software exploits, we did data for malware, for DNS. We're able to stop about 11 to 12 million additional phishing sites than anybody else. We're able to have our sand boxing more effective than anybody else. We're able to stop 26% more malicious sessions than others in the industry. >> Valante: Why? Architecture? >> Architecture. Couple of things. First, architecture. Second is that, through a lot of innovation that we've done in both machine learning and deep learning, to be able to look at unstructured data and be able to stop the attacks inline, real time. Think about it, the traditional way of doing URL filtering has always been to build a database of URLs in the world. And you categorize as URLs into groups of categories: news, adult. And then you say, what's my risk profile for each of these? And you put a score and you say, I want to have this tolerance. That doesn't work anymore. The reason is because attackers are sophisticated. Websites come in, up and down, in seconds. Before I build a database, it's gone. I can't do this old way of doing things, signature and databases. I've got to use the power of machine learning. I've got to use the power of deep learning and data. >> And it's, are healthcare leaders, do they have an appetite for that? >> I think healthcare data looking for outcomes. They're looking, when I talk to healthcare professionals, they want to basically do what they do best. Serve patients, right? Give them optimal care. They want someone to take care of all these things holistically, end to end. Simplify all the things that they have to do from a compliance perspective, architectural perspective, reduce their cost, give them a better outcome. That's what they want. >> It's all about outcomes. >> Oswal: It's all about outcomes. >> And we know you cover much more than healthcare, but we obviously used most of our time on that. It's such an interesting, fascinating industry. Obviously, a lot of opportunities there for organizations to work with companies like Palo Alto to really dial up their cyber resilience. >> Absolutely. >> And ultimately, to your point, deliver the outcomes that they are there to do. >> Absolutely, yes. >> We'll have to have you back cause we just, I feel like we just scratched the surface. Right? >> Oswal: Happy to come back. >> Valante: Thank you. >> Oswal: Thank you. >> Awesome. >> Oswal: Thank you so much. >> Our pleasure to have you on the program. For Anand Oswald and Dave Valante, I'm Lisa Martin. You're watching theCUBE, the leader in live and emerging tech coverage. [Pedantic Music Fades]

(slow upbeat music) >> Good afternoon and welcome back to Sin City. We're here at AWS reInvent with wall-to-wall coverage on theCUBE. My name is Savannah Peterson, joined with Dave Vellante, and very excited to have two exciting guests from Qlik and AARP with us. Molly and Samir, thank you so much for being here. Welcome to the show. >> Thank you for having us. >> Thank you for having us. >> How's it been so far for you, Molly? >> It's been a great show so far. We've got a big booth presence out here. We've had a lot of people coming by, doing demo stations and just really, really coming to the voice of the customer, so we've really enjoyed the event. >> Ah, love a good VOC conversation myself. How about for you, Samir? >> Oh, it's been great meeting a lot of product folks, meeting a lot of other people, trying to do similar things that we're doing, getting confirmation we're doing the right thing, and learning new things. And obviously, you know, here with Molly, it's been a highlight of my experience. >> What's the best thing you learned from your peers, this week? >> You know, some of the things, that we're all talking about, is how do we get data in the right place at the right time? And, you know, that's something that people are now starting to think about. >> Very hot topic. >> You know, doing it, and then not only getting it to the right place, but taking insights and taking action on it as it's getting there. So those are the conversations that are getting around, in the circle I've been hanging around with. >> You hearing the same thing at the booth or? >> Yeah, absolutely. >> And how are you guys responding? >> Well, I think, as a company, and the shifts in the market, people are really trying to determine what workloads belong in which Cloud, what belongs on-prem? And so talking about those realtime transformations, the integration points, the core systems they're coming from, and really how to unlock that data, is just really powerful and meaningful. So that's been a pretty consistent theme throughout the conference, and a lot of conversations that we have on a regular basis. >> I believe that, Molly, let's stick with you for a second. Just in case the audience isn't familiar, tell us a little more about Qlik. >> Yeah, so Qlik is a robust, end-to-end data pipeline. Starting with really looking at all of your source systems whether it's mainframe, SAP, relational database, kind of name your flavor as it's related to sources. Getting those sources over into the target landing spot whether it be Amazon, or other cloud players, or even if you're, if you're managing hybrid workloads. So that's kind of one piece of the end-to-end platform. And then the second piece is really having all that data, analytics ready, coming right through that real-time data pipeline, and really being able to use the data, to monetize the data, to make sense of the data. And then Qlik really does all that data preparation work underneath the visualization layer, which is where all the work happens. And then you get to see the output of that through the visualization of Qlik, which is, you know, the dashboards, the things that our people, people are used to seeing. >> I love that! So at AARP, what are you using Qlik for? What sort of dashboards are you pulling together? >> So when we started our journey to AWS, we knew that, you know, we're going to have our applications, they're distributed in the Cloud, but again, how do we get the data there, in the right place at the right time? So, as members are, taking action, they're calling into the call center, using our website, using our mobile apps. We want to want it to be able to take that information stream it, so we use Qlik, to take those changes when they happen as they happen, be able to stream it to Kafka and then push that data out to the applications that need it in the time that they needed it. So, instead of waiting for a batch job to happen overnight, we're able to now push this data in real time. And by doing that, we're able to personalize the engagement for our members. So if you come in, we know what you're doing, we can personalize the value that we put in front of you, and just make that engagement a lot more engaging for you. >> Yeah. >> And in the channel that you choose to want to come in with, right? Rather than a channel that we are trying to push to you. >> Everyone wants that personalized experience as we discussed, I love AARP, I've done a lot of work with AARP, I look forward to being a member, but in case the audience isn't familiar, you have the largest membership database of any company on Earth that I'm aware of. How many members does AARP have? >> We have nearly 38 million members, and 66,000 volunteers, and 2300 employees across every state in the United States. >> It's a perfect use case for Qlik, right? 'Cause you've been around for a while. You've got data in the million different places. You're trying to get, you've got a mainframe, right? You know, I hear Amazon's trying to put all the mainframes in the Cloud, but I'm guessing the business case isn't there for you. But you want the data that's coming out of that mainframe to be part of that data pipeline, right? So can you paint a picture, of how, what Molly was describing about the data pipeline, how that fits with AARP? >> Yeah, it's actually, it was a perfect use case. And you know, when we engaged with Qlik, what we wanted to be able to do is take that data in the mainframe, and get it distributed into the Cloud, accurately, securely, and make sure that we can track the lineage, and be able to say, hey, application A only needs name and address, application B needs, name, address, and payment. So we were able to do all of that within a couple of weeks, right? And getting that data out there, knowing that it's going to the right place, knowing it's secure, and knowing it's accurate, regardless of the application it goes to, we don't have to worry about seeking data across different applications. Now we know that there's a source of truth, and everything is done through the pipeline, and it's controlled in a way that, we can measure everything that's going through, how it's going through, and how it's being used by the applications, that are consuming it? >> So you've got the providence and the lineage of that data and that's what Qlik ensures, is that right? Is that your role or is that a partner role, combined? >> No, yes, that's absolutely Qlik's role. So for our new offering, Qlik Cloud data integration, it's a comprehensive solution, delivered as a service, delivers real time, automates, transformations, catalog and lineage, all extremely important. And in the case of Samir and AARP, they're trying to unlock the most valuable assets of their data in SAP and mainframe. And surprisingly, sometimes most valuable data in an organization is the hardest to actually get access to. >> Sure. >> So be, you know, just statistically, 70% of Fortune 500 companies still rely on mainframe. So when you think about that, and even when Samir and I are talking about it. >> That's a lot. >> Yeah. >> And that's a lot of scale, that's a lot of data. >> It's a lot of data. >> Yeah. >> So, you know, mainframe isn't a thing of the past. Companies are still relying on it. People have been saying that for years but when we're talking about getting the complex data out of there to really make something meaningful for AARP, we're really proud of the results, and the opportunity that we've been able to provide to really improve the member experience. And how people are able to consume AARP, and all the different offerings that they have? Kind of like you mentioned Savannah, and the way that you go about it. >> Well, it's also the high risk data. High value data, high risk data. You don't want to mess with it. You want to make sure that you've got that catalog to be able to say, okay, this is what we did with that data, this is where it came from. And then you essentially publish to other tools, analytic tools in the Cloud. Can you paint a picture of how that extends to the Cloud? >> Sure, so there's a couple of different things that we do with it. So once we get the data, into our streaming apps, we can publish it over to like our website. We can publish it to the call center, to mobile apps, to our data warehouse, where we can run analytics and AI on it. And then obviously a lot of our journeys, we use a journey orchestration tool, and we've built a CDP, a customer data platform, to get those insights in there, to drive, you know, personalization and experience. >> I'm smiling as you're talking, Samir, because I'm thinking of all the personalized experiences that my mother has with AARP, and it is so fun to learn about the technology that's serving that to her. >> Exactly. >> This segment actually becoming a bit more personal for me than I expected for a couple of reasons. So this is great. Molly, Qlik has been a part of the AWS ecosystem since the get go. How have things changed over the years? >> Yeah, so Qlik still remains the enterprise integration tool of choice for AWS especially- >> Let's call that a casual and just brag. >> Yeah. >> Because that's awesome. That's great, congratulations on that. >> Thank you for SAP and mainframe. So the relationship continues to evolve but we've been part of the ecosystem from since inception. So we look at, how we continue to evolve the partnership? And honestly, a lot of our customers landing spot is AWS. So the partnership evolves really on two fronts. One with Amazon itself, in a partnership lane, and two, with our customers, and what we're doing with them, and how we're able to really optimize what that looks like? And then secondly, earlier this year we announced an offering Amazon and Qlik, called Qlik Ramp, where we can come in and do, a half day architecture deep dive, look at SAP mainframe, and how they get to the Amazon landing spots, whether it's S3, Redshift, or EMR? So we got a lot of different things kind of going on in the Amazon ecosystem, whether it's customer forward and first, and how can we maximize the relationship spend et cetera, with Amazon. And then also how can we deliver, you know, kind of a shorter time to value throughout that process with something like a Qlik ramp, because we want to qualify, and solve customers needs, as equally as we want to you know, say when we're not the right fit. >> So data is a complicated- >> Love that honesty and transparency. >> Data is a complicated situation for most companies, right? And there's a lack of resource, lack of talent. There's hyper specialization. And you were just talking about the evolution of the Cloud and the relationship. How does automation fit into the equation? Are you able to automate a lot of that data integration through the pipeline? >> Yeah. >> Is it was a, what's your journey look like there? Were you resistant to that at first? 'Cause you got to trust the data. Take us through that. >> Yeah, so the first thing, we wanted to make sure is security right? We've got a lot of data, we're going to make sure privacy- >> Very personal data too. >> Exactly. And privacy and security is number one. So we want to make sure anything that we're doing with the data is secure, and it's not given out anywhere. In terms of automation, so what we've been able to do is being able to take these changes, and you know, in technology, the one thing you can guarantee is it's going to break. Network's going to go down, or a server goes down, a database goes down, and that's the only guarantee we have. And by using the product that we have today, we're able to take those outages, and minimize them because there's retry processes, there's ways of going back and saying, hey, I've missed this much data. How do we bring it back in? You don't want data to get out of sync because that causes downstream problems. >> Yeah. >> So all of that is done through the product, right? We don't have to worry about it. You know, we get notifications, but it's not like, oh, I've got to pay someone at two o'clock in the morning because the network's gone down and how's the data sync going to come back up, when it comes back up? All of that's done for us. >> Yeah, and just to add to that, automation, is a key component. I mean, the data engineering teams definitely see the value of automation and how we're able to deliver that. So, improving the experience but also the overall landscape of the environment is critical. >> Yeah, we've seen the stats, data scientists, data pro spend, you know, 80% of their time wrangling data, 20% of their time. >> Data preparation. >> You know extracting value from it. So. >> Yeah, it's so sad. It's such a waste of human capital, and you're obviously relieving that, and letting folks do their job more efficiently. >> The thing is too, you know, as I'm somebody who's love data you dive into the data, you get really excited then after a while you're like, Ugh! >> I'm still here. >> I'm slogging through this data. Taking a bath in it. >> But I think. >> I want to get to the insights. >> I think that world's changing a little bit. >> Yes, definitely. >> So as we're starting to get data that's coming through it's got high fidelity, and richness, right? So in the old days we'd put in a database, normalize it, and then, you know we'd go and do our magic, and hopefully, you know something comes out, and the least of frustration, you just spoke about. Well now, because it's moving in real time, and we can send the data to areas in the way we want it, and add automation, and machine learning on top of that, so that, now it becomes a commodity to massage that data into the in the format that you want it. Then you can concentrate on the value work, right? Which is really where people should be spending the time, rather than, oh, I've got to manipulate the data, make sure it's done in a consistent way, and then make sure it's compliant and done, the same way every single time. >> It may be too early to, you know quantify the business impact, but have you seen, for example, you know, what I was describing creates data silos. 'Cause nobody's going to use the data if it's not trusted. So what happens is it goes to a silo, they put a brick wall around it, and then, you know, they do their thing with it. They trust it for that one use case and then they don't share it. Has that begun to change as you've seen more integration that's automated and augmented? >> Absolutely. I mean, you know, if you're bringing in data and you're showing that it's consistent, and this is where governance and compliance comes in, right? So as long as you have a data catalog, you can make sure that this data's coming through with the lineage that you said is going to, here's the source, here's the target, here's who gets what they only need rather than giving them everything. And by being able to document that, in a way, that's automated rather than somebody going in, and running a report, it's key. Because that's where the trust comes in, rather than, oh, Samir has to go in and manipulate this stream so that, you know, Molly can get the reports she wants. Instead, hey, it's all going in there, the reports are coming out, they're audited, and that's where the trust factor comes. >> And that enables scale. >> Yeah. >> Cloud confidence and scale. Big topics of the show this week. >> Yep. >> It's been the whole thing. Molly, what's next for Qlik? >> Yeah, Qliks on a big journey. So we've released a lot of things most recently, Qlik Cloud data integration as a service, but we're just continuing to grow from a customer base, from a capabilities perspective. We also recently just became HIPAA compliant and went through some other services. >> Congratulations, that is not an easy process. >> Thank you, thank you. >> Yeah. >> And so for us it's really just about expanding and having, that same level of fidelity of the data, and really just getting all of that pushed out to the market so everybody really sees the full value of Qlik, and that we can make your data Qlik. And just for a minute, back to your earlier point. >> Beautiful pun drop there, Molly. Just going to see that. >> Thank you Savannah. >> Yeah. >> But back to your earlier point, just about the time that people are spending, when you're able to automate, and you're getting data delivered in real time, and operational systems are able to see that. 'Cause you're trying to create the least amount of disruption you can, right? 'Cause that's a critical part of the business. When you start to automate and relieve that burden then people have time to spend time on the real things. >> Right. >> Future forward, prescriptive analytics, machine learning, not data preparation, solving problems, fixing soft gaps. >> Staring a spreadsheet, yeah. >> Right? It's actually the full end-to-end pipeline. And so that's really where I feel like the power is unleashed. And as more sources and targets come to light, right? They're all over the showroom floor, so we don't have to mention any of 'em by name, but it's just continuing, to move into that world to have more SaaS integrations. And to be able to serve the customer, and meet them exactly where they're at, at the place that they want to be. And for Samir, and what we did in the transformation there, unlocking that data for mainframe and SAP, getting it into Qlik Cloud, has been a huge business driver for them. And so, because of partners like AWS and Samir and AARP, we're constantly evolving. And really trying to listen to the voice of the customer, to become better for all of you. >> Excellent. >> Love that community first attitude. Very clear that you both have it, both AARP and Qlik with that attitude. We have a new challenge this year to reInvent on theCUBE, little prompt here. >> Okay. >> We're going to put 30 seconds on the clock, although I'm not super crazy about watching the clock. So, feel comfortable with whatever however much time you need. >> Whatever works. >> Yeah, yeah, yeah, yeah, whatever works. But we're looking for equivocally, your Instagram reel, your hot take, your thought leadership, sizzle, with the key theme from this year's show. Molly, your smile is platinum and perfect. So I'm going to start with you. I feel like you've got this. >> Okay, great. >> Yeah. >> Just the closing statement is what you're looking for. >> Sure, yeah, sexy little sound bite. What do you, what's going to be your big takeaway from your experience here in Vegas this week? >> Yeah, so the experience at Vegas this week has been great but I think it's more than just the experience at Vegas, it's really the experience of the year, where we're at with the technology shift. And we're continuing to see, the need for Cloud, the move to Cloud, mixed workloads, hybrid workloads, unlocking core data, making sure that we're getting insights analytics, and value out of that. And really just working through that, kind of consistent evolution, which is exactly what it is. It's never, you never get to a point where, that's it, there's a bow on it, and it's perfect. It's continuously involving, evolving. >> Yeah. >> And I think that's the most important part that you have to take away. Samir's got his environment in a great place today but in six months, there may be some new things or transformations that he wants to look at, and we want to be there at the ready to work with him, roll up our sleeves, and kind of get into that. So the shift of the Cloud is here to stay. Qlik is a hundred percent here to stay. Here ready to serve our customers in any capacity that we can. And I think that's really my big takeaway from this week. And I've loved it, like this has been a great, this has been great with both of you. You both are super high energy. >> Aw, thank you. >> And Samir and I have had a great time over the event as well. >> Well, nailed it. You absolutely nailed it. All right, Samir, shoot your shot. >> So. >> Savannah. >> What I would say, I'm pretty, so. (laughing) >> I like to keep the smiles organic on stage, my perverse sense of humor, everyone just tolerates. >> Yeah, the one thing I think, I'm hearing a lot is, we have to look at data in motion. Streaming data is the way it's going to go. Whether it's customer data, operational data, it doesn't matter, right? We can't have these silos that you spoke about. Those days are gone, right? And if we really want to make a difference, and utilize all of the technology that's being built out there, all of the new features that were, you know, just in the keynotes. We can't have these separate silos, and the data has to go across, trusted data, it has to go across. The second thing I think we're all talking about is, we have to look at things differently. Unlearning the old is harder than learning the new. So we were just talking about event driven architecture. >> Understatement of the century. Sidebar, that was, yeah. >> So, you know, a lot of us techies are used to calling APIs. Well, now we have to push the data out, instead of pulling it. That just means retraining our brains, retraining our architects, retraining our developers, to think in a different way. And then the last thing I think I've learned is, us technology folks have put the customer first right? >> Yes, absolutely. >> What does a customer want? How do they want to feel when they engage with you? Because if we don't do that, none of this technology matters. And you know, we have to get away from the day where the IT guys go in the back black room, (laughing) coat up and then, you know, push something out, and don't think about what am I doing, and how am I impacting your mother? >> Yes, the end customer. It's no longer the person at the end of a terminal. Look at the green screen. >> And just one last thing. I think also it's fit for purpose transformations. And that's how we have to start thinking about how we're doing business. 'Cause there's a paradigm shift, right? From ETL to ELT, right? Extract, Load, Transform your data. And so as we're seeing that, I think it's really just about that fit for purpose, and looking at the transformations, the right transformations. And what's going to move the needle for the business. >> What a great closing note! Molly, Samir, thank you both for being here. >> Both: Thank you! >> This was a really fantastic chat, love where we took it. And thank all of you for tuning in to our live coverage from AWS reInvent here in fabulous Las Vegas, Nevada. I just want to give my mom a quick shout out, since she got a holler throughout this segment, as well as Stacy and all of my friends at AARP, I missed you all. My name's Savannah Peterson, joined with Dave Vellante. You're watching theCUBE. We are the technology leader in coverage for events like this. (slow upbeat music)

(upbeat music) >> Hi everybody. Welcome back to theCUBE as to continue our coverage here at AWS re:Invent '22. We're in the Venetian. Out in Las Vegas, it is Wednesday. And the PaaS is still happening. I can guarantee you that. We continue our series of discussions as part of the "AWS Startup Showcase". This is the "Global Startup Program", a part of that showcase. And I'm joined by two gentlemen today who are going to talk about what CoreStack is up to. One of them is Ez Natarajan, who is the Founder and CEO. Good to have you- (simultaneous chatter) with us today. We appreciate it. Thanks, EZ. >> Nice to meet you, John. >> And Brad Winney who is the area Sales Leader for startups at AWS. Brad, good to see you. >> Good to see you, John. >> Thanks for joining us here on The Showcase. So Ez, first off, let's just talk about CoreStack a little bit for people at home who might not be familiar with what you do. It's all about obviously data, governance, giving people peace of mind, but much deeper than that. I'll let you take it from there. >> So CoreStack is a governance platform that helps customers maximize their cloud usage and get governance at scale. When we talk about governance, we instill confidence through three layers: solving the problems of the CIO, solving the problems of the CTO, solving the problems of the CFO, together with a single pin of class,- >> John: Mm-hmm. >> which helps them achieve continuous holistic automated outcomes at any given time. >> John: Mm-hmm. So, Brad, follow up on that a little bit- >> Yeah. because Ez touched on it there that he's got a lot of stakeholders- >> Right. >> with a lot of different needs and a lot of different demands- >> Mm-hmm. >> but the same overriding emotion, right? >> Yeah. >> They all want confidence. >> They all want confidence. And one of the trickiest parts of confidence is the governance issue, which is policy. It's how do we determine who has access to what, how we do that scale. And across not only start been a process. This is a huge concern, especially as we talked a lot about cutting costs as the overriding driver for 2023. >> John: Mm-hmm. >> The economic compression being what it is, you still have to do this in a secure way and as a riskless way as possible. And so companies like CoreStack really offer core, no pun intended, (Ez laughs) function there where you abstract out a lot of the complexity of governance and you make governance a much more simple process. And that's why we're big fans of what they do. >> So we think governance from a three dimensional standpoint, right? (speaks faintly) How do we help customers be more compliant, secure, achieve the best performance and operations with increased availability? >> Jaohn: Mm-hmm. >> At the same time do the right spend from a cost standpoint. >> Interviewer: Mm-hmm. So when all three dimensions are connected, the business velocity increases and the customer's ability to cater to their customers increase. So our governance tenants come from these three pillars of finance operations, security operations and air operations at cloud operations. >> Yeah. And... Yeah. Please, go ahead. >> Can I (indistinct)? >> Oh, I'm sorry. Just- >> No, that's fine. >> So part of what's going on here, which is critical for AWS, is if you notice a lot of (indistinct) language is at the business value with key stakeholders of the CTO, the CSO and so on. And we're doing a much better job of speaking business value on top of AWS services. But the AWS partners, again, like CoreStack have such great expertise- >> John: Mm-hmm. >> in that level of dialogue. That's why it's such a key part for us, why we're really interested partnering with them. >> How do you wrestle with this, wrestle may not be the right word, but because you do have, as we just went through these litany, these business parts of your business or a business that need access- >> Ez: Mm-hmm. >> and that you need to have policies in place, but they change, right? I mean, and somebody maybe from the financial side should have a window into data and other slices of their business. There's a lot of internal auditing. >> Man: Mm-hmm. >> Obviously, it's got to be done, right? And so just talk about that process a little bit. How you identify the appropriate avenues or the appropriate gateways for people to- >> Sure. >> access data so that you can have that confidence as a CTO or CSO, that it's all right. And we're not going to let too much- >> out to the wrong people. >> Sure. >> Yeah. So there are two dimensions that drive the businesses to look for that kind of confidence building exercise, right? One, there are regulatory external requirements that say that I know if I'm in the financial industry, I maybe need to following NIST, PCI, and sort of compliances. Or if I'm in the healthcare industry, maybe HIPAA and related compliance, I need to follow. >> John: Mm-hmm. >> That's an external pressure. Internally, the organizations based on their geographical presence and the kind of partners and customers they cater to, they may have their own standards. And when they start adopting cloud; A, for each service, how do I make sure the service is secure and it operates at the best level so that we don't violate any of the internal or external requirements. At the same time, we get the outcome that is needed. And that is driven into policies, that is driven into standards which are consumable easily, like AWS offers well-architected framework that helps customers make sure that I know I'm architecting my application workloads in a way that meets the business demands. >> John: Mm-hmm. >> And what CoreStack has done is taken that and automated it in such a way it helps the customers simplify that process to get that outcome measured easily so they get that confidence to consume more of the higher order services. >> John: Okay. And I'm wondering about your relationship as far with AWS goes, because, to me, it's like going deep sea fishing and all of a sudden you get this big 4, 500 pound fish. Like, now what? >> Mm-hmm. >> Now what do we do because we got what we wanted? So, talk about the "Now what?" with AWS in terms of that relationship, what they're helping you with, and the kind of services that you're seeking from them as well. >> Oh, thanks to Brad and the entire Global Startup Ecosystem team at AWS. And we have been part of AWS Ecosystem at various levels, starting from Marketplace to ISV Accelerate to APN Partners, Cloud Management Tools Competency Partner, Co-Sell programs. The team provides different leverages to connect to the entire ecosystem of how AWS gets consumed by the customers. Customers may come through channels and partners. And these channels and partners maybe from WAs to MSPs to SIs to how they really want to use each. >> John: Mm-hmm. >> And the ecosystem that AWS provides helps us feed into all these players and provide this higher order capability which instills confidence to the customers end of the day. >> Man: Absolutely. Right. >> And this can be taken through an MSP. This can be taken through a GSI. This can be taken to the customer through a WA. And that's how our play of expansion into larger AWS customer base. >> Brad: Yeah. >> Brad, from your side of the fence. >> Brad: No, its... This is where the commons of scale come to benefit our partners. And AWS has easily the largest ecosystem. >> John: Mm-hmm. >> Whether or not it's partners, customers, and the like. And so... And then, all the respective teams and programs bring all those resources to bear for startups. Your analogy of of catching a big fish off coast, I actually have a house in Florida. I spend a lot of time there. >> Interviewer: Okay. >> I've yet to catch a big 500 pound fish. But... (interviewer laughs) >> But they're out there. >> But they're definitely out there. >> Yeah. >> And so, in addition to the formalized programs like the Global Partner Network Program, the APN and Marketplace, we really break our activities down with the CoreStacks of the world into two major kind of processes: "Sell to" and "Sell with". And when we say "Sell to", what we're really doing is helping them architect for the future. And so, that plays dividends for their customers. So what do we mean by that? We mean helping them take advantage of all the latest serverless technologies: the latest chip sets like Graviton, thing like that. So that has the added benefit of just lowering the overall cost of deployment and expend. And that's... And we focus on that really extensively. So don't ever want to lose that part of the picture of what we do. >> Mm-hmm. >> And the "Sell with" is what he just mentioned, which is, our teams out in the field compliment these programs like APN and Marketplace with person-to-person in relationship development for core key opportunities in things like FinTech and Retail and so on. >> Interviewer: Mm-hmm. >> We have significant industry groups and business units- >> Interviewer: Mm-hmm. >> in the enterprise level that our teams work with day in and day out to help foster those relationships. And to help CoreStack continue to develop and grow that business. >> Yeah. We've talked a lot about cost, right? >> Yeah. >> But there's a difference between reducing costs or optimizing your spend, right? I mean there- >> Brad: Right. >> Right. There's a... They're very different prism. So in terms of optimizing and what you're doing in the data governance world, what kind of conversations discussions are you having with your clients? And how is that relationship with AWS allowing you to go with confidence into those discussions and be able to sell optimization of how they're going to spend maybe more money than they had planned on originally? >> So today, because of the extra external micro-market conditions, every single customer that we talk to wanting to take a foster status of, "Hey, where are we today? How are we using the cloud? Are we in an optimized state?" >> Interviewer: Mm-hmm. >> And when it comes to optimization, again, the larger customers that we talk to are really bothered about the business outcome and how their services and ability to cater to their customers, right? >> Interviewer: Mm-hmm. >> They don't want to compromise on that just because they want to optimize on the spend. That conversation trickled down to taking a poster assessment first, and then are you using the right set of services within AWS? Are the right set of services being optimized for various requirements? >> Interviewer: Mm-hmm. >> And AWS help in terms of catering to the segment of customers who need that kind of a play through the patent ecosystem. >> John: Mm-hmm. Yeah. We've talked a lot about confidence too, cloud with confidence. >> Brad: Yeah. Yeah. >> What does that mean to different people, you think? I mean, (Brad laughing) because don't you have to feel them out and say "Okay. What's kind of your tolerance level for certain, not risks, but certain measures that you might need to change"? >> I actually think it's flipped the other way around now. I think the risk factor- >> Okay. >> is more on your on-prem environment. And all that goes with that. 'Cause you... Because the development of the cloud in the last 15 years has been profound. It's gone from... That's been the risky proposition now. With all of the infrastructure, all the security and compliance guardrails we have built into the cloud, it's really more about transition and risk of transition. And that's what we see a lot of. And that's why, again, where governance comes into play here, which is how do I move my business from on-prem in a fairly insecure environment relatively speaking to the secure cloud? >> Interviewer: Sure. >> How do I do that without disrupting business? How do I do that without putting my business at risk? And that's a key piece. I want to come back, if I may, something on cost-cutting. >> Interviewer: Sure. >> We were talking about this on the way up here. Cost-cutting, it's the bonfire of the vanities in that in that everybody is talking about cost-cutting. And so we're in doing that perpetuating the very problem that we kind of want to avoid, which is our big cost-cutting. (laughs) So... And I say that because in the venture capital community, what's happening is two things: One is, everybody's being asked to extend their runways as much as possible, but they are not letting them off the hook on growth. And so what we're seeing a lot of is a more nuanced conversation of where you trim your costs, it's not essential, spend, but reinvest. Especially if you've got good strong product market fit, reinvest that for growth. And so that's... So if I think about our playbook for 2023, it's to help good strong startups. Either tune their market fit or now that they good have have good market fit, really run and develop their business. So growth is not off the hook for 2023. >> And then let me just hit on something- >> Yeah. >> before we say goodbye here that you just touched on too, Brad, about. How we see startups, right? AWS, I mean, obviously there's a company focus on nurturing this environment of innovation and of growth. And for people looking at maybe through different prisms and coming. >> Brad: Yeah. >> So if you would maybe from your side of the fence, Ez from CoreStack, about working as a startup with AWS, I mean, how would you characterize that relationship about the kind of partnership that you have? And I want to hear from Brad too about how he sees AWS in general in the startup world. But go ahead. >> It's kind of a mutually enriching relationship, right? The support that comes from AWS because our combined goal is help the customers maximize the potential of cloud. >> Interviewer: Mm-hmm. >> And we talked about confidence. And we talked about all the enablement that we provide. But the partnership helps us get to the reach, right? >> Interviewer: Mm-hmm. >> Reach at scale. >> Interviewer: Mm-hmm. We are talking about customers from different industry verticals having different set of problems. And how do we solve it together so that like the reimbursement that happens, in fact healthcare customers that we repeatedly talk to, even in the current market conditions, they don't want to save. They want to optimize and re-spend their savings using more cloud. >> Interviewer: Mm-hmm. >> So that's the partnership that is mutually enriching. >> Absolutely. >> Yeah. To me, this is easy. I think the reason why a lot of us are here at AWS, especially the startup world, is that our business interests are completely aligned. So I run a pretty significant business unit in a startup neighbor. But a good part of my job and my team's job is to go help cut costs. >> Interviewer: Mm-hmm. >> So tell me... Show me a revenue responsibility position where part of your job is to go cut cost. >> Interviewer: Right. >> It's so unique and we're not a non-profit. We just have a very good long-term view, right? Which is, if we help companies reduce costs and conserve capital and really make sure that that capital is being used the right way, then their long-term viability comes into play. And that's where we have a chance to win more of that business over time. >> Interviewer: Mm-hmm. >> And so because those business interests are very congruent and we come in, we earn so much trust in the process. But I think that... That's why I think we being AWS, are uniquely successful startups. Our business interests are completely aligned and there's a lot of trust for that. >> It's a great success story. It really is. And thank you for sharing your little slice of that and growing slice of that too- >> Yeah. Absolutely. >> from all appearances. Thank you both. >> Thank you, John. >> Thank you very much, John. >> Appreciate your time. >> This is part of the AWS Startup Showcase. And I'm John Walls. You're watching theCUBE here at AWS re:Invent '22. And theCUBE, of course, the leader in high tech coverage.

(upbeat music) >> Hey guys, welcome back to the show floor of KubeCon + CloudNativeCon '22 North America from Detroit, Michigan. Lisa Martin here with John Furrier. This is day one, John at theCUBE's coverage. >> CUBE's coverage. >> theCUBE's coverage of KubeCon. Try saying that five times fast. Day one, we have three wall-to-wall days. We've been talking about Kubernetes, containers, adoption, cloud adoption, app modernization all morning. We can't talk about those things without addressing security. >> Yeah, this segment we're going to hear container and Kubernetes security for modern application 'cause the enterprise are moving there. And this segment with Red Hat's going to be important because they are the leader in the enterprise when it comes to open source in Linux. So this is going to be a very fun segment. >> Very fun segment. Two guests from Red Hat join us. Please welcome Doron Caspin, Senior Principal Product Manager at Red Hat. Michael Foster joins us as well, Principal Product Marketing Manager and StackRox Community Lead at Red Hat. Guys, great to have you on the program. >> Thanks for having us. >> Thank you for having us. >> It's awesome. So Michael StackRox acquisition's been about a year. You got some news? >> Yeah, 18 months. >> Unpack that for us. >> It's been 18 months, yeah. So StackRox in 2017, originally we shifted to be the Kubernetes-native security platform. That was our goal, that was our vision. Red Hat obviously saw a lot of powerful, let's say, mission statement in that, and they bought us in 2021. Pre-acquisition we were looking to create a cloud service. Originally we ran on Kubernetes platforms, we had an operator and things like that. Now we are looking to basically bring customers in into our service preview for ACS as a cloud service. That's very exciting. Security conversation is top notch right now. It's an all time high. You can't go with anywhere without talking about security. And specifically in the code, we were talking before we came on camera, the software supply chain is real. It's not just about verification. Where do you guys see the challenges right now? Containers having, even scanning them is not good enough. First of all, you got to scan them and that may not be good enough. Where's the security challenges and where's the opportunity? >> I think a little bit of it is a new way of thinking. The speed of security is actually does make you secure. We want to keep our images up and fresh and updated and we also want to make sure that we're keeping the open source and the different images that we're bringing in secure. Doron, I know you have some things to say about that too. He's been working tirelessly on the cloud service. >> Yeah, I think that one thing, you need to trust your sources. Even if in the open source world, you don't want to copy paste libraries from the web. And most of our customers using third party vendors and getting images from different location, we need to trust our sources and we have a really good, even if you have really good scanning solution, you not always can trust it. You need to have a good solution for that. >> And you guys are having news, you're announcing the Red Hat Advanced Cluster Security Cloud Service. >> Yes. >> What is that? >> So we took StackRox and we took the opportunity to make it as a cloud services so customer can consume the product as a cloud services as a start offering and customer can buy it through for Amazon Marketplace and in the future Azure Marketplace. So customer can use it for the AKS and EKS and AKS and also of course OpenShift. So we are not specifically for OpenShift. We're not just OpenShift. We also provide support for EKS and AKS. So we provided the capability to secure the whole cloud posture. We know customer are not only OpenShift or not only EKS. We have both. We have free cloud or full cloud. So we have open. >> So it's not just OpenShift, it's Kubernetes, environments, all together. >> Doron: All together, yeah. >> Lisa: Meeting customers where they are. >> Yeah, exactly. And we focus on, we are not trying to boil the ocean or solve the whole cloud security posture. We try to solve the Kubernetes security cluster. It's very unique and very need unique solution for that. It's not just added value in our cloud security solution. We think it's something special for Kubernetes and this is what Red that is aiming to. To solve this issue. >> And the ACS platform really doesn't change at all. It's just how they're consuming it. It's a lot quicker in the cloud. Time to value is right there. As soon as you start up a Kubernetes cluster, you can get started with ACS cloud service and get going really quickly. >> I'm going to ask you guys a very simple question, but I heard it in the bar in the lobby last night. Practitioners talking and they were excited about the Red Hat opportunity. They actually asked a question, where do I go and get some free Red Hat to test some Kubernetes out and run helm or whatever. They want to play around. And do you guys have a program for someone to get start for free? >> Yeah, so the cloud service specifically, we're going to service preview. So if people sign up, they'll be able to test it out and give us feedback. That's what we're looking for. >> John: Is that a Sandbox or is that going to be in the cloud? >> They can run it in their own environment. So they can sign up. >> John: Free. >> Doron: Yeah, free. >> For the service preview. All we're asking for is for customer feedback. And I know it's actually getting busy there. It's starting December. So the quicker people are, the better. >> So my friend at the lobby I was talking to, I told you it was free. I gave you the sandbox, but check out your cloud too. >> And we also have the open source version so you can download it and use it. >> Yeah, people want to know how to get involved. I'm getting a lot more folks coming to Red Hat from the open source side that want to get their feet wet. That's been a lot of people rarely interested. That's a real testament to the product leadership. Congratulations. >> Yeah, thank you. >> So what are the key challenges that you have on your roadmap right now? You got the products out there, what's the current stake? Can you scope the adoption? Can you share where we're at? What people are doing specifically and the real challenges? >> I think one of the biggest challenges is talking with customers with a slightly, I don't want to say outdated, but an older approach to security. You hear things like malware pop up and it's like, well, really what we should be doing is keeping things into low and medium vulnerabilities, looking at the configuration, managing risk accordingly. Having disparate security tools or different teams doing various things, it's really hard to get a security picture of what's going on in the cluster. That's some of the biggest challenges that we talk with customers about. >> And in terms of resolving those challenges, you mentioned malware, we talk about ransomware. It's a household word these days. It's no longer, are we going to get hit? It's when? It's what's the severity? It's how often? How are you guys helping customers to dial down some of the risk that's inherent and only growing these days? >> Yeah, risk, it's a tough word to generalize, but our whole goal is to give you as much security information in a way that's consumable so that you can evaluate your risk, set policies, and then enforce them early on in the cluster or early on in the development pipeline so that your developers get the security information they need, hopefully asynchronously. That's the best way to do it. It's nice and quick, but yeah. I don't know if Doron you want to add to that? >> Yeah, so I think, yeah, we know that ransomware, again, it's a big world for everyone and we understand the area of the boundaries where we want to, what we want to protect. And we think it's about policies and where we enforce it. So, and if you can enforce it on, we know that as we discussed before that you can scan the image, but we never know what is in it until you really run it. So one of the thing that we we provide is runtime scanning. So you can scan and you can have policy in runtime. So enforce things in runtime. But even if one image got in a way and get to your cluster and run on somewhere, we can stop it in runtime. >> Yeah. And even with the runtime enforcement, the biggest thing we have to educate customers on is that's the last-ditch effort. We want to get these security controls as early as possible. That's where the value's going to be. So we don't want to be blocking things from getting to staging six weeks after developers have been working on a project. >> I want to get you guys thoughts on developer productivity. Had Docker CEO on earlier and since then I had a couple people messaging me. Love the vision of Docker, but Docker Hub has some legacy and it might not, has does something kind of adoption that some people think it does. Are people moving 'cause there times they want to have these their own places? No one place or maybe there is, or how do you guys see the movement of say Docker Hub to just using containers? I don't need to be Docker Hub. What's the vis-a-vis competition? >> I mean working with open source with Red Hat, you have to meet the developers where they are. If your tool isn't cutting it for developers, they're going to find a new tool and really they're the engine, the growth engine of a lot of these technologies. So again, if Docker, I don't want to speak about Docker or what they're doing specifically, but I know that they pretty much kicked off the container revolution and got this whole thing started. >> A lot of people are using your environment too. We're hearing a lot of uptake on the Red Hat side too. So, this is open source help, it all sorts stuff out in the end, like you said, but you guys are getting a lot of traction there. Can you share what's happening there? >> I think one of the biggest things from a developer experience that I've seen is the universal base image that people are using. I can speak from a security standpoint, it's awesome that you have a base image where you can make one change or one issue and it can impact a lot of different applications. That's one of the big benefits that I see in adoption. >> What are some of the business, I'm curious what some of the business outcomes are. You talked about faster time to value obviously being able to get security shifted left and from a control perspective. but what are some of the, if I'm a business, if I'm a telco or a healthcare organization or a financial organization, what are some of the top line benefits that this can bubble up to impact? >> I mean for me, with those two providers, compliance is a massive one. And just having an overall look at what's going on in your clusters, in your environments so that when audit time comes, you're prepared. You can get through that extremely quickly. And then as well, when something inevitably does happen, you can get a good image of all of like, let's say a Log4Shell happens, you know exactly what clusters are affected. The triage time is a lot quicker. Developers can get back to developing and then yeah, you can get through it. >> One thing that we see that customers compliance is huge. >> Yes. And we don't want to, the old way was that, okay, I will provision a cluster and I will do scans and find things, but I need to do for PCI DSS for example. Today the customer want to provision in advance a PCI DSS cluster. So you need to do the compliance before you provision the cluster and make all the configuration already baked for PCI DSS or HIPAA compliance or FedRAMP. And this is where we try to use our compliance, we have tools for compliance today on OpenShift and other clusters and other distribution, but you can do this in advance before you even provision the cluster. And we also have tools to enforce it after that, after your provision, but you have to do it again before and after to make it more feasible. >> Advanced cluster management and the compliance operator really help with that. That's why OpenShift Platform Plus as a bundle is so popular. Just being able to know that when a cluster gets provision, it's going to be in compliance with whatever the healthcare provider is using. And then you can automatically have ACS as well pop up so you know exactly what applications are running, you know it's in compliance. I mean that's the speed. >> You mentioned the word operator, I get triggering word now for me because operator role is changing significantly on this next wave coming because of the automation. They're operating, but they're also devs too. They're developing and composing. It's almost like a dashboard, Lego blocks. The operator's not just manually racking and stacking like the old days, I'm oversimplifying it, but the new operators running stuff, they got observability, they got coding, their servicing policy. There's a lot going on. There's a lot of knobs. Is it going to get simpler? How do you guys see the org structures changing to fill the gap on what should be a very simple, turn some knobs, operate at scale? >> Well, when StackRox originally got acquired, one of the first things we did was put ACS into an operator and it actually made the application life cycle so much easier. It was very easy in the console to go and say, Hey yeah, I want ACS my cluster, click it. It would get provisioned. New clusters would get provisioned automatically. So underneath it might get more complicated. But in terms of the application lifecycle, operators make things so much easier. >> And of course I saw, I was lucky enough with Lisa to see Project Wisdom in AnsibleFest. You going to say, Hey, Red Hat, spin up the clusters and just magically will be voice activated. Starting to see AI come in. So again, operations operator is got to dev vibe and an SRE vibe, but it's not that direct. Something's happening there. We're trying to put our finger on. What do you guys think is happening? What's the real? What's the action? What's transforming? >> That's a good question. I think in general, things just move to the developers all the time. I mean, we talk about shift left security, everything's always going that way. Developers how they're handing everything. I'm not sure exactly. Doron, do you have any thoughts on that. >> Doron, what's your reaction? You can just, it's okay, say what you want. >> So I spoke with one of our customers yesterday and they say that in the last years, we developed tons of code just to operate their infrastructure. That if developers, so five or six years ago when a developer wanted VM, it will take him a week to get a VM because they need all their approval and someone need to actually provision this VM on VMware. And today they automate all the way end-to-end and it take two minutes to get a VM for developer. So operators are becoming developers as you said, and they develop code and they make the infrastructure as code and infrastructure as operator to make it more easy for the business to run. >> And then also if you add in DataOps, AIOps, DataOps, Security Ops, that's the new IT. It seems to be the new IT is the stuff that's scaling, a lot of data's coming in, you got security. So all that's got to be brought in. How do you guys view that into the equation? >> Oh, I mean you become big generalists. I think there's a reason why those cloud security or cloud professional certificates are becoming so popular. You have to know a lot about all the different applications, be able to code it, automate it, like you said, hopefully everything as code. And then it also makes it easy for security tools to come in and look and examine where the vulnerabilities are when those things are as code. So because you're going and developing all this automation, you do become, let's say a generalist. >> We've been hearing on theCUBE here and we've been hearing the industry, burnout, associated with security professionals and some DataOps because the tsunami of data, tsunami of breaches, a lot of engineers getting called in the middle of the night. So that's not automated. So this got to get solved quickly, scaled up quickly. >> Yes. There's two part question there. I think in terms of the burnout aspect, you better send some love to your security team because they only get called when things get broken and when they're doing a great job you never hear about them. So I think that's one of the things, it's a thankless profession. From the second part, if you have the right tools in place so that when something does hit the fan and does break, then you can make an automated or a specific decision upstream to change that, then things become easy. It's when the tools aren't in place and you have desperate environments so that when a Log4Shell or something like that comes in, you're scrambling trying to figure out what clusters are where and where you're impacted. >> Point of attack, remediate fast. That seems to be the new move. >> Yeah. And you do need to know exactly what's going on in your clusters and how to remediate it quickly, how to get the most impact with one change. >> And that makes sense. The service area is expanding. More things are being pushed. So things will, whether it's a zero day vulnerability or just attack. >> Just mix, yeah. Customer automate their all of things, but it's good and bad. Some customer told us they, I think Spotify lost the whole a full zone because of one mistake of a customer because they automate everything and you make one mistake. >> It scale the failure really. >> Exactly. Scaled the failure really fast. >> That was actually few contact I think four years ago. They talked about it. It was a great learning experience. >> It worked double edge sword there. >> Yeah. So definitely we need to, again, scale automation, test automation way too, you need to hold the drills around data. >> Yeah, you have to know the impact. There's a lot of talk in the security space about what you can and can't automate. And by default when you install ACS, everything is non-enforced. You have to have an admission control. >> How are you guys seeing your customers? Obviously Red Hat's got a great customer base. How are they adopting to the managed service wave that's coming? People are liking the managed services now because they maybe have skills gap issues. So managed service is becoming a big part of the portfolio. What's your guys' take on the managed services piece? >> It's just time to value. You're developing a new application, you need to get it out there quick. If somebody, your competitor gets out there a month before you do, that's a huge market advantage. >> So you care how you got there. >> Exactly. And so we've had so much Kubernetes expertise over the last 10 or so, 10 plus year or well, Kubernetes for seven plus years at Red Hat, that why wouldn't you leverage that knowledge internally so you can get your application. >> Why change your toolchain and your workflows go faster and take advantage of the managed service because it's just about getting from point A to point B. >> Exactly. >> Well, in time to value is, you mentioned that it's not a trivial term, it's not a marketing term. There's a lot of impact that can be made. Organizations that can move faster, that can iterate faster, develop what their customers are looking for so that they have that competitive advantage. It's definitely not something that's trivial. >> Yeah. And working in marketing, whenever you get that new feature out and I can go and chat about it online, it's always awesome. You always get customers interests. >> Pushing new code, being secure. What's next for you guys? What's on the agenda? What's around the corner? We'll see a lot of Red Hat at re:Invent. Obviously your relationship with AWS as strong as a company. Multi-cloud is here. Supercloud as we've been saying. Supercloud is a thing. What's next for you guys? >> So we launch the cloud services and the idea that we will get feedback from customers. We are not going GA. We're not going to sell it for now. We want to get customers, we want to get feedback to make the product as best what we can sell and best we can give for our customers and get feedback. And when we go GA and we start selling this product, we will get the best product in the market. So this is our goal. We want to get the customer in the loop and get as much as feedback as we can. And also we working very closely with our customers, our existing customers to announce the product to add more and more features what the customer needs. It's all about supply chain. I don't like it, but we have to say, it's all about making things more automated and make things more easy for our customer to use to have security in the Kubernetes environment. >> So where can your customers go? Clearly, you've made a big impact on our viewers with your conversation today. Where are they going to be able to go to get their hands on the release? >> So you can find it on online. We have a website to sign up for this program. It's on my blog. We have a blog out there for ACS cloud services. You can just go there, sign up, and we will contact the customer. >> Yeah. And there's another way, if you ever want to get your hands on it and you can do it for free, Open Source StackRox. The product is open source completely. And I would love feedback in Slack channel. It's one of the, we also get a ton of feedback from people who aren't actually paying customers and they contribute upstream. So that's an awesome way to get started. But like you said, you go to, if you search ACS cloud service and service preview. Don't have to be a Red Hat customer. Just if you're running a CNCF compliant Kubernetes version. we'd love to hear from you. >> All open source, all out in the open. >> Yep. >> Getting it available to the customers, the non-customers, they hopefully pending customers. Guys, thank you so much for joining John and me talking about the new release, the evolution of StackRox in the last season of 18 months. Lot of good stuff here. I think you've done a great job of getting the audience excited about what you're releasing. Thank you for your time. >> Thank you. >> Thank you. >> For our guest and for John Furrier, Lisa Martin here in Detroit, KubeCon + CloudNativeCon North America. Coming to you live, we'll be back with our next guest in just a minute. (gentle music)

>>Good afternoon, friends. My name is Savannah Peterson here in the Cube Studios live from Detroit, Michigan, where we're at Cuban and Cloud Native Foundation, Cloud Native Con all week. Our last interview of the day served me a real treat and one that I wasn't expecting. It turns out that I am in the presence of two caddies. It's a literal episode of Caddy Shack up here on Cube. John Furrier. I don't think the audience knows that you were a caddy. Tell us about your caddy days. >>I used to caddy when I was a kid at the local country club every weekend. This is amazing. Double loops every weekend. Make some bang, two bags on each shoulder. Caddying for the members where you're going. Now I'm >>On show. Just, just really impressive >>Now. Now I'm caddying for the cube where I caddy all this great content out to the audience. >>He's carrying the story of emerging brands and established companies on their cloud journey. I love it. John, well played. I don't wanna waste any more of this really wonderful individual's time, but since we now have a new trend of talking about everyone's Twitter handle here on the cube, this may be my favorite one of the day, if not Q4 so far. Drew, not reply. AKA Drew ne Drew Nielsen, excuse me, there is here with us from Teleport. Drew, thanks so much for being here. >>Oh, thanks for having me. It's great to be here. >>And so you were a caddy on a whole different level. Can you tell us >>About that? Yeah, so I was in university and I got tired after two years and didn't have a car in LA and met a pro golfer at a golf course and took two years off and traveled around caddying for him and tried to get 'em through Q School. >>This is, this is fantastic. So if you're in school and your parents are telling you to continue going to school, know that you can drop out and be a caddy and still be a very successful television personality. Like both of the gentlemen at some point. >>Well, I never said my parents like >>That decision, but we'll keep our day jobs. Yeah, exactly. And one of them is Cloud Native Security. The hottest topic here at the show. Yep. I want to get into it. You guys are doing some really cool things. Are we? We hear Zero Trust, you know, ransomware and we even, I even talked with the CEO of Dockets morning about container security issues. Sure. There's a lot going on. So you guys are in the middle of teleport. You guys have a unique solution. Tell us what you guys got going on. What do you guys do? What's the solution and what's the problem you solve? >>So Teleport is the first and only identity native infrastructure access solution in the market. So breaking that down, what that really means is identity native being the combination of secret list, getting rid of passwords, Pam Vaults, Key Vaults, Yeah. Passwords written down. Basically the number one source of breach. And 50 to 80% of breaches, depending on whose numbers you want to believe are how organizations get hacked. >>But it's not password 1 23 isn't protecting >>Cisco >>Right >>Now. Well, if you think about when you're securing infrastructure and the second component being zero trust, which assumes the network is completely insecure, right? But everything is validated. Resource to resource security is validated, You know, it assumes work from anywhere. It assumes the security comes back to that resource. And we take the combination of those two into identity, native access where we cryptographically ev, validate identity, but more importantly, we make an absolutely frictionless experience. So engineers can access infrastructure from anywhere at any time. >>I'm just flashing on my roommates, checking their little code, changing Bob login, you know, dongle essentially, and how frustrating that always was. I mean, talk about interrupting workflow was something that's obviously necessary, but >>Well, I mean, talk about frustration if I'm an engineer. Yeah, absolutely. You know, back in the day when you had these three tier monolithic applications, it was kind of simple. But now as you've got modern application development environments Yeah, multi-cloud, hybrid cloud, whatever marketing term around how you talk about this, expanding sort of disparate infrastructure. Engineers are sitting there going from system to system to machine to database to application. I mean, not even a conversation on Kubernetes yet. Yeah. And it's just, you know, every time you pull an engineer or a developer to go to a vault to pull something out, you're pulling them out for 10 minutes. Now, applications today have hundreds of systems, hundreds of microservices. I mean 30 of these a day and nine minutes, 270 minutes times 60. And they also >>Do the math. Well, there's not only that, there's also the breach from manual error. I forgot to change the password. What is that password? I left it open, I left it on >>Cognitive load. >>I mean, it's the manual piece. But even think about it, TR security has to be transparent and engineers are really smart people. And I've talked to a number of organizations who are like, yeah, we've tried to implement security solutions and they fail. Why? They're too disruptive. They're not transparent. And engineers will work their way around them. They'll write it down, they'll do a workaround, they'll backdoor it something. >>All right. So talk about how it works. But I, I mean, I'm getting the big picture here. I love this. Breaking down the silos, making engineers lives easier, more productive. Clearly the theme, everyone they want, they be gonna need. Whoever does that will win it all. How's it work? I mean, you deploying something, is it code, is it in line? It's, >>It's two binaries that you download and really it starts with the core being the identity native access proxy. Okay. So that proxy, I mean, if you look at like the zero trust principles, it all starts with a proxy. Everything connects into that proxy where all the access is gated, it's validated. And you know, from there we have an authorization engine. So we will be the single source of truth for all access across your entire infrastructure. So we bring machines, engineers, databases, applications, Kubernetes, Linux, Windows, we don't care. And we basically take that into a single architecture and single access platform that essentially secures your entire infrastructure. But more importantly, you can do audit. So for all of the organizations that are dealing with FedRAMP, pci, hipaa, we have a complete audit trail down to a YouTube style playback. >>Oh, interesting. We're we're California and ccpa. >>Oh, gdpr. >>Yeah, exactly. It, it, it's, it's a whole shebang. So I, I love, and John, maybe you've heard this term a lot more than I have, but identity native is relatively new to me as as a term. And I suspect you have a very distinct way of defining identity. How do you guys define identity internally? >>So identity is something that is cryptographically validated. It is something you have. So it's not enough. If you look at, you know, credentials today, everyone's like, Oh, I log into my computer, but that's my identity. No, it's not. Right. Those are attributes. Those are something that is secret for a period of time until you write it down. But I can't change my fingerprint. Right. And now I >>Was just >>Thinking of, well no, perfect case in point with touch ID on your meth there. Yeah. It's like when we deliver that cryptographically validated identity, we use these secure modules in like modern laptops or servers. Yeah. To store that identity so that even if you're sitting in front of your computer, you can't get to it. But more importantly, if somebody were to take that and try to be you and try to log in with your fingerprint, it's >>Not, I'm not gonna lie, I love the apple finger thing, you know, it's like, you know, space recognition, like it's really awesome. >>It save me a lot of time. I mean, even when you go through customs and they do the face scan now it actually knows who you are, which is pretty wild in the last time you wanna provide ones. But it just shifted over like maybe three months ago. Well, >>As long as no one chops your finger off like they do in the James Bond movies. >>I mean, we try and keep it a light and fluffy here on the queue, but you know, do a finger teams, we can talk about that >>Too. >>Gabby, I was thinking more minority report, >>But you >>Knows that's exactly what I, what I think of >>Hit that one outta bounds. So I gotta ask, because you said you're targeting engineers, not IT departments. What's, is that, because I in your mind it is now the engineers or what's the, is always the solution more >>Targeted? Well, if you really look at who's dealing with infrastructure on a day-to-day basis, those are DevOps individuals. Those are infrastructure teams, Those are site reliability engineering. And when it, they're the ones who are not only managing the infrastructure, but they're also dealing with the code on it and everything else. And for us, that is who is our primary customer and that's who's doing >>It. What's the biggest problem that you're solving in this use case? Because you guys are nailing it. What's the problem that your identity native solution solves? >>You know, right out of the backs we remove the number one source of breach. And that is taking passwords, secrets and, and keys off the board. That deals with most of the problem right there. But there are really two problems that organizations face. One is scaling. So as you scale, you get more secrets, you get more keys, you get all these things that is all increasing your attack vector in real time. Oh >>Yeah. Across teams locations. I can't even >>Take your pick. Yeah, it's across clouds, right? Any of it >>On-prem doesn't. >>Yeah. Any of it. We, and we allow you to scale, but do it securely and the security is transparent and your engineers will absolutely love it. What's the most important thing about this product Engineers. Absolutely. >>What are they saying? What are some of those examples? Anecdotally, pull boats out from engineering. >>You're too, we should have invent, we should have invented this ourselves. Or you know, we have run into a lot of customers who have tried to home brew this and they're like, you know, we spend an in nor not of hours on it >>And IT or they got legacy from like Microsoft or other solutions. >>Sure, yeah. Any, but a lot of 'em is just like, I wish I had done it myself. Or you know, this is what security should be. >>It makes so much sense and it gives that the team such a peace of mind. I mean, you never know when a breach is gonna come, especially >>It's peace of mind. But I think for engineers, a lot of times it deals with the security problem. Yeah. Takes it off the table so they can do their jobs. Yeah. With zero friction. Yeah. And you know, it's all about speed. It's all about velocity. You know, go fast, go fast, go fast. And that's what we enable >>Some of the benefits to them is they get to save time, focus more on, on task that they need to work on. >>Exactly. >>And get the >>Job done. And on top of it, they answer the audit and compliance mail every time it comes. >>Yeah. Why are people huge? Honestly, why are people doing this? Because, I mean, identity is just such an hard nut to crack. Everyone's got their silos, Vendors having clouds have 'em. Identity is the most fragmented thing on >>The planet. And it has been fragmented ever since my first RSA conference. >>I know. So will we ever get this do over? Is there a driver? Is there a market force? Is this the time? >>I think the move to modern applications and to multi-cloud is driving this because as those application stacks get more verticalized, you just, you cannot deal with the productivity >>Here. And of course the next big thing is super cloud and that's coming fast. Savannah, you know, You know that's Rocket. >>John is gonna be the thought leader and keyword leader of the word super cloud. >>Super Cloud is enabling super services as the cloud cast. Brian Gracely pointed out on his Sunday podcast of which if that happens, Super Cloud will enable super apps in a new architectural >>List. Please don't, and it'll be super, just don't. >>Okay. Right. So what are you guys up to next? What's the big hot spot for the company? What are you guys doing? What are you guys, What's the idea guys hiring? You put the plug in. >>You know, right now we are focused on delivering the best identity, native access platform that we can. And we will continue to support our customers that want to use Kubernetes, that want to use any different type of infrastructure. Whether that's Linux, Windows applications or databases. Wherever they are. >>Are, are your customers all of a similar DNA or are you >>No, they're all over the map. They range everything from tech companies to financial services to, you know, fractional property. >>You seem like someone everyone would need. >>Absolutely. >>And I'm not just saying that to be a really clean endorsement from the Cube, but >>If you were doing DevOps Yeah. And any type of forward-leaning shift, left engineering, you need us because we are basically making security as code a reality across your entire infrastructure. >>Love this. What about the team dna? Are you in a scale growth stage right now? What's going on? Absolutely. Sounds I was gonna say, but I feel like you would have >>To be. Yeah, we're doing, we're, we have a very positive outlook and you know, even though the economic time is what it is, we're doing very well meeting. >>How's the location? Where's the location of the headquarters now? With remote work is pretty much virtual. >>Probably. We're based in downtown Oakland, California. >>Woohoo. Bay area representing on this stage right now. >>Nice. Yeah, we have a beautiful office right in downtown Oakland and yeah, it's been great. Awesome. >>Love that. And are you hiring right now? I bet people might be. I feel like some of our cube watchers are here waiting to figure out their next big play. So love to hear that. Absolutely love to hear that. Besides Drew, not reply, if people want to join your team or say hello to you and tell you how brilliant you looked up here, or ask about your caddy days and maybe venture a guest to who that golfer may have been that you were CAD Inc. For, what are the best ways for them to get in touch with you? >>You can find me on LinkedIn. >>Great. Fantastic. John, anything else >>From you? Yeah, I mean, I just think security is paramount. This is just another example of where the innovation has to kind of break through without good identity, everything could cripple. Then you start getting into the silos and you can start getting into, you know, tracking it. You got error user errors, you got, you know, one of the biggest security risks. People just leave systems open, they don't even know it's there. So like, I mean this is just, just identity is the critical linchpin to, to solve for in security to me. And that's totally >>Agree. We even have a lot of customers who use us just to access basic cloud consoles. Yeah. >>So I was actually just gonna drive there a little bit because I think that, I'm curious, it feels like a solution for obviously complex systems and stacks, but given the utility and what sounds like an extreme ease of use, I would imagine people use this for day-to-day stuff within their, >>We have customers who use it to access their AWS consoles. We have customers who use it to access Grafana dashboards. You know, for, since we're sitting here at coupon accessing a Lens Rancher, all of the amazing DevOps tools that are out there. >>Well, I mean true. I mean, you think about all the reasons why people don't adopt this new federated approach or is because the IT guys did it and the world we're moving into, the developers are in charge. And so we're seeing the trend where developers are taking the DevOps and the data and the security teams are now starting to reset the guardrails. What's your >>Reaction to that? Well, you know, I would say that >>Over the top, >>Well I would say that you know, your DevOps teams and your infrastructure teams and your engineers, they are the new king makers. Yeah. Straight up. Full stop. >>You heard it first folks. >>And that's >>A headline right >>There. That is a headline. I mean, they are the new king makers and, but they are being forced to do it as securely as possible. And our job is really to make that as easy and as frictionless as possible. >>Awesome. >>And it sounds like you're absolutely nailing it. Drew, thank you so much for being on the show. Thanks for having today. This has been an absolute pleasure, John, as usual a joy. And thank all of you for tuning in to the Cube Live here at CU Con from Detroit, Michigan. We look forward to catching you for day two tomorrow.

>>Hey everyone. Welcome to the cubes presentation of the AWS startup showcase. This is season two, episode four, where we continue to talk with the AWS ecosystem partners, this topic, cybersecurity protect and detect against threats. I'm your host, Lisa Martin. I've got a new guest with me. Ryan Ferris joins me the VP of products and engineering at Anisha. Ryan. Welcome to the program. Great to have you. >>Thank you so much for having me. >>So let's dig right in. Why are software vendors turning to Anisha to help them address and access the nearly for over 200 billion market public sector, federal market for cloud services? What is that key event? >>Yeah, it's it. If you know anything about FedRAMP and if you've looked into it, it takes a long time to achieve Fedra. So when customers kind of go into this cold and they're from Mars and they're like, what is bed? They usually find that it's an 18 month journey, maybe a 24 month journey. And so Anisha helps shorten that journey with lower costs and faster time to market. So if you're waiting for our revenue stream from say a government entity, we can get you there faster and get you to a, a state of Fedra certified in a shorter time period. And that's the value problem. >>Faster time to value is critical for organizations. So let's look at this journey as you talked about it, what does the path to compliance look like for specifically for AWS customers with a nation and without help us understand the value add? >>Yeah. So if you're doing it without Angen or if you're just kind of doing it yourself, which some customers choose to do, then they have to go on that journey and kind of learn about three primary things. One thing is how do I just write the entire package? Like there there's a thing called an SSP or a, a system security plan. And that thing is maybe seven or 800 pages long. And you have to offer that all by yourself so you can get help with that or not. That's sort of the academic and, and, and tech writing piece of it. There's another piece of it around what does my environment look like? So as I am ruling out this Fedra solution, what are each piece in my environment that needs to be compliant with Fedra? And it's a voluminous amount of things can be either a dozen or maybe up to a hundred things that you have to tweak and change. So there's a technical deployment store here as well. And then the third thing is keeping you compliant in your AWS environment after you've achieved kind of that readiness state. So the journey does not stop once you achieve Fedra, ATO, it goes on and on and on, and Anisha helps customers kind of maintain and keep them there in that fully compliance state after achieving ATO, >>What's the timeframe for AWS customers in terms of going, alright, we realize we're going on this journey. It's challenging. We need An's help. What's the timeframe to get them actually certified. >>Yeah. We look at the timeframe between the moment you deploy and the moment you start writing about that tech, that Fedra package and when you're audit ready, and in the best case scenario, that could be a few months, right? But you're always, your mileage may vary based on kind of your application readiness and how ready you are to pursue that journey. So the fastest happy path is a few months to audit, audit an audit ready state, but then you have, you kinda have to go through a process whereby you're in the queue for Fedra. And that can kind of take maybe an extra few months, but it really is that that three month accelerated timeframe in the best case scenario, >>Got it. Three months accelerated timeframe. Are there other compliance standards that besides Fedra that you help organizations get compliance with? >>Right. So it's a great question. So FedRAMP in and of itself is just really hard to get to. It's just so many things that you have to do, but if you get to that state, it's based off of a standard called missed 853 specifically rev four, that's kind of a mouthful, but once you achieve that state, there's basically 325 controls that come along with fed moderate. And that buys you a lot of leverage in leeway in mapping and sort of crosswalking to other compliance levels. So if you achieve that state, you buy a lot of, kind of goodness with things that map to either PCI or even HIPAA or SOC two. And, and so you, you kind of get a big benefit and sort of a big bang for your buck by having achieved that, that state for Fedra. >>So from an AWS customer, talk to me about, obviously we talked about the time to value the speed with which you enable organizations to achieve compliance and, and readiness. What what's in it for me in terms of working with a nation as an AWS customer. >>Yeah. For, so for AWS specifically our stack, well, we have kind of two versions of our stack. One is meant for Azure and it's kind of cookie cutter and meant for folks that have an entrenched Azure footprint. The other is it's the majority of our market it's folks that want to in accelerator footprint in AWS. So what's in it for you is that Anan kind of presents something that looks pretty similar to a landing zone, but it's a little bit more peppered with complexity and with tuned configurations. So if you're an AWS customer and let's see you've had an environment for the last 5, 6, 7 years, we help you kind of take that environment and enhance it and become FedRAMP ready in a much faster state. And we are leveraging and utilizing a lot of native AWS core services like ECR, for example, is one we're just starting to lean into AWS inspector for bone scans, those types of things. And then kind of when you get up to that audit, ready state and through ATO, we aggregate a lot of that vulnerability information and vulnerability scanning information into a parable readable, actionable format. And most of those things, those gatherings of data are AWS specific functions that we kind of piggyback on. So we're heavily into cloud trail and, and quite heavy into kind of using the things that are already at our fingertips just by deploying into AWS. >>Yeah. Leveraging what they already are familiar with kind of meeting the customers where they are. I think these days is such an important factor to help organizations make the changes as quickly and dynamically as they need to. >>That's right. Yeah. That's perfect. Yeah. A lot of customers, you know, when, when they start on the journey, they kind of, they, they sort of uncover the, uncover the details around, well, I have an application and this application has existed for six or seven years. How do I get this thing FedRAMP ready? And what does onboarding mean to your stack? We try to make that specific step as easy as possible. So when I'm on the phone with prospects and I'm talking to 'em about embarking on a journey, I kind of get them to a mental model where they treat their application VPC or their application environment as sort of a, and we deploy a separate VPC into their, into their cloud account. And then we peer that information. It's kind of getting into the mechanics a little bit, but we try to make it as easy as possible to start doing the things that we're obliged to do for FedRAMP, for their application, like bone scans and, and operationalization of logging and things like that. And then we pull that information into our AIAN managed BPC. And I think once customers really start to understand and sort of synthesize that mental model, then they kind of have this Baha moment. They're like, oh, okay. Now I, now I really understand how your platform can accelerate this journey into a period that is no more than say two or three months of onboarding >>No more than two or three months. That's, that's a nice kind of guarantee for organizations who are you typically engaging with? Is it the CISO level or are there other folks involved in this conversation? >>Yeah, I, the CISO is probably the best persona to engage with, but it so varies from customer to customer and you never really know who's really gonna, oftentimes it's the CEO or, or sometimes it's a champion that might be the CFO or someone that's incentivized to really start getting market share for federal customers that they don't have access to. That might even be a VP of engineering that we're, that we're conversing with. But most often I think the CISO is central because the CISO of course wants to give in details of what does the staff consist of and exactly how are you helping me with this big burden of continuous monitoring that fed Fedra makes me do. And, and where, where do you fit in that story? So it's usually the CSO, >>Usually the CSO, but some of the other personas that you mentioned sounds like it's definitely a C level or at least a, an executive level conversation. >>It is. Yeah. I'll try to divide that a little bit from my persona. Like I, I run engineering and product. I'm usually dealing with a rather talking to and engaging with the CSO, but the folks that cut the check are either either the CEO or the CFO that really want to widen that kind of revenue stream that they don't have access to. And they're the real decision making personas in this deal. Now, after the decision decision is made, then, you know, they're vetting through VPs of engineering or engineering leaders or the CSO. So like the, the folks that pull the purse strings are usually, you know, the ones that are cutting the check to make this investment that is usually the CSO or rather CEO and the CFO. >>Got it. Okay. So if I'm an AWS customer and I'm on this journey for fed re certification, I've, I've been on it for a while. How do I know it's time to raise my hand or pick up the phone and call Anisha? >>Yeah. You know, some customers that we speak with have already tried to do it and maybe they've failed. Maybe they've been like 12 or 14 months into the journey. And they've said things like, we just don't know how to put the package together, or maybe they've engaged with the third party auditor. And the third party auditor has said, sorry, you guys need to go back to the drawing board or maybe they've missed a good percentage of the technical requirements and they need some consultation and advice or a cookie cutter approach. So it kind of, every journey is different when we are engaging. Sometimes folks are just coming in completely cold or maybe they failed. But the more interesting ones, and I think when we can look a little bit more like heroes are the ones that have tried it, and then a year later they come back, they come back to an, and they want that accelerated goodness. >>Do you have a favorite customer story that you think really articulates the value either from a customer who came in cold or a customer who came in after trying it on their own or with another partner for a year that you think really demonstrates the value that AIAN delivers? >>Yeah. There is a customer story that's sort of top of mind and it's, I think the guy primarily stuck in what tooling I'll anonymize the customer, but this customer kind of chose the wrong level of tooling as they embarked on their journey. And by tooling, I mean, let me get a little bit more specific here. You can't just choose any vulnerability scanner, for instance, if it's a SAS product, or if it's sending data or requests outside of your Fedra boundary, then you're gonna run into trouble. And this reference customer, or this prospect at the time kind of had a lot of friction there. So as they were bumping up against that three Pao deadline, they realized they had a lot of work to do. And we simplified that, that part of the journey substantially for them by essentially selecting and spoon feeding them and, and sort of accelerating that part of the deployment and technical journey for them. And they were very delighted by that part of it. >>When you're talking with customers who are in, in a state of, of change and fluxes, who isn't these days, we've seen the acceleration of digital transformation considerably over the last couple of years. How do you talk with them about a nation as an enabler of their digital transformation overall? >>Yeah. Digital transformation. It's a, it's a broad word. Isn't it like for, for customers that are moving from an on-prem world into the cloud world, you have this great opportunity to kind of start from scratch. And so for Anisha, we are deploying and maybe not start from scratch, but when you're moving from an on-prem environment into the cloud, your footprint, you have this really nice opportunity to embrace more of AWS core services and to kind of rebuild things, kind of make your architecture drastically improved, or like look different to be more supportable and like less operational overhead. And so when an nation presents itself as sort of this platform in a walled garden environment, some customers have this aha moment that like, if you're gonna move either a portion of your environment or a specific application to the cloud, AIAN really helps you establish that security within that boundary and that footprint in a, in a much more accelerated fashion, then if you were selecting each part of your security infrastructure and then trying to implement it by hand, and that's kind of where we shine. >>Got it. We talked about the personas that you're typically engaging with depending on the organization, but how do you help enterprise companies who say Anisha, we wanna improve DevOps efficiency. We wanna get our applications secure that are running on AWS and those that we may wanna move to AWS in the future. >>Yeah. This gets into futures a little bit, but part of our roadmap, a little bit of a, a kind of a look around the corner for our roadmap is that since we know so much about the FedRAMP environment and FedRAMP moderate and the standard called this 853, it's a really powerful security view. And it's also a really powerful compliance view. So, you know, as I was saying before that, if you achieve a lot of depth and excellence in nest 853, it buys you a lot of kind of crosswalk and applicability for SOC two and HIPAA and PCI. So for DevOps organizations and for just engineering organizations that want more pre-pro insight, there's no reason why you can't just deploy our platform and our stack in a pre fraud environment to get that security signaling such that you can catch things early and prevent maybe spillage or leakage or security issues to go into production. So one of the things that we're doing on a roadmap is a, a feature that we call compliance insights, whereby we present a frame of missed 853 RAV4 that you can deploy into any environment. And that particularly helps the DevOps role by saying, well, if I just, for example, exposed an S3 bucket to world, then I can catch that configuration, that compliance product and catch it, trap it and fix before it leaks out to. >>So you talked a little bit about kind of some of the things that are coming up on a, on the product side, what's next for Anisha, as we look at we're rounding out calendar year 22 coming into 2023, there's still so much change in the market. We've got to embrace that. What's next for the company. What can we expect from the VP of products and engineering? >>Yeah, I think in two, two big areas here, we're gonna double down on our Fedra offering offering, and just continuously improve it and improve it. We're pretty tempted to lean in more heavily to CMMC. We hear a lot about CMMC kind of on the periphery, but we just haven't quite felt the market pressure to really go after that. But there's definitely something there. And I would anticipate some offering that maps to that specific compliance that, that compliance framework. And then in the enterprise, we just month after month, we discuss more about how we can create more flexibility in our platform, such that commercial customers can get more of that goodness, and sort of more of that consolidation and time to market, particularly for small and mid-sized customers. So we'll be releasing more of those pieces of functionality in 2023 as well. >>So the commercial folks be on the lookout for that. >>Yes, absolutely. That's a huge untapped market for us. We're super excited about it and we'll be a little cagey on in our plans until we kind of get through this early availability period and then probably make a bigger splash in the first half of 2023. >>That sounds appropriate. Where can the audience go to learn more about what you guys are doing and maybe get ahead on some of those teaser that you just mentioned? >>Yeah. I think our marketing folks will push out more data sheets and marketing material on what's to come. And if you ever wanted to be part of this early availability program that I just discussed, or that I mentioned, you can always go to anan.com and ping us, and we'd be happy to have a conversation with you and we'll lift up the hood and allow you to look under there for, and just carry on the conversation around what's to come. >>All right, getting a peek of what's under the hood. That's always exciting, Ryan, thank you for joining me on this program. AWS startup showcase. We appreciate your time, your insights and a peek into what's going on at Anisha. >>Awesome. It was a pleasure. Thank you so much. >>Likewise. We wanna thank you for watching the AWS startup showcase for Ryan Ferris. I'm Lisa Martin stick right here on the, for great content coming your way. Take care.

Okay. We're back at AWS reinforced 2022. My name is Dave Vellante, and this is the cube we're here in Boston, home of lobster and CDA. And we're here, the convention center where the cube got started in 2010, Shariq Qureshi is here the senior manager at Deloitte and two LL P and merit bear is back on the cube. Good to see >>You guys can't keep me away, >>Right? No. Well, we love having you on the cube shark set up your role at, at Deloitte and toosh what do you actually, what's your swim lane, if you will. >>Yeah, sure. You know, I spend, I wear a lot of hats. I spend a lot of time in the assurance, the controls advisory audit type of role. So I spend our time, a lot of time working with our clients to understand, you know, regulatory requirements, compliance requirements, and then controls that they need to have in place in order to address risks, technology risks, and ultimately business risks. >>So I like to put forth premise, you know, when I walk around a show like this and come up with some observations and then I like to share 'em and then people like me. Well, you know, maybe so help me course correct. My epiphany at this event is the cloud is becoming the first line of defense. The CISO at your customers is now the second line of defense. I think audit is maybe the th third line of defense. Do, do you buy that the sort of organizational layered approach? >>No, because in fact, what we're here to talk about today is audit manager, which is integrated, right? Like if you're doing so the whole notion of cloud is that we are taking those bottom layers of the stack, right? So the concrete floors up through layer for the hypervisor, the, the racks and stacks and HVAC and guards and gates up through the hypervisor, right? Our, our proprietary hardware nitro ecosystem, which has security inheritance is okay upon that. We are then virtualized. Right? And so what we're really talking about is the ways that audit looks different today, that you can reason about what you're doing. So you're doing infrastructure as code. You can do securities code, you can do compliances code, and that's the beauty of it. So like for better, or in your case for worse in your analogy, you know, these are integrated, these are woven together and they are an API call >>Seamless. >>It, it is like easy to describe, right? I mean, like you can command line knowledge about your resources. You can also reason about it. So like, this is something that's embedded, for example, an inspector you can do network reachability know whether you have an internet facing endpoint, which is a PCI, you know, requirement, but that'll be dashboarded in your security hub. So there's the cloud is all the stuff we take away that you don't have to deal with. And also all the stuff that we manage on top of it that then you can reason about and augment and, and take action on. >>Okay. So at the same time you can't automate the audit entirely. Right? So, but, but talk about the challenges of, of, of, of automating and auditing cloud environment. >>Yeah. I mean, when I look at cloud, you know, organizations move to take advantage of cloud characteristics and cloud capabilities, right? So elasticity, scalability is one of them. And, you know, for market conditions, business, business outcomes, you know, resources expand and contract. And one of the questions that we often get as an auditor is how do you maintain a control environment for resources that weren't there yesterday, but are there today, or that are, that are no longer there and that are there today. So how do you maintain controls and how do you maintain security consistently uniformly throughout an audit environment? It's not there. So that's a challenge auditors, you know, historically when you look at the on-prem environment, you have servers that are there, it's a physical, it's a physical box. You can touch it and see it. And if it goes down, then, you know, it's still there. You can hug >>It if you're some people >>It's still there. So, but you know, with, you know, with cloud things get torn down that you don't see. So how do you maintain controls? That's, you know, it, one challenges, it >>Sounds like you're describing a CMDB for audit. >>I mean, that's a, that's an outcome of having, you know, getting good controls of having a CMDB to keep track and have an inventory of your assets. >>But the problem with CMDB is they're out of date, like so, so quickly, is it different in the cloud world? >>Yeah, exactly. I mean, yes. And yes, they are outta date. Cuz like anything static will be manual and imprecise, like it's gonna be, did John go calculate, like go count how many servers we have. That's why I was joking about server huggers versus like virtualizing it. So you put out a call and you know, not just whether it exists, but whether it's been patched, whether it's, you know, like there are ways that we can reason about what we've done, permissioning pruning, you know, like, and these, by the way, correspond to audit and compliance requirements. And so yes, we are not like there, it's not a click of a, whatever, a snap of the fingers, right. It takes work to translate between auditors and us. And it also takes work to have customers understand how they can augment the way that they think about compliance. But a lot of this is just the good stuff that they already need to be doing, right? Knowing internet facing endpoints or whatever, you know, like pruning permissioning. And there's a lot of ways that, you know, access analyzer, for example, these are automated reasoning tools that come from our formal reasoning group, automated reason group that's in identity. Like they, computers can reason about things in ways that are more complex, as long as it can be resolved. It's like EEU utility in mathematics. You don't go out and try to count every prime number. We accept the infinitude of primes to be true. If you believe in math, then we can reason about it. >>Okay. So hearing that there's a changing landscape yeah. In compliance shift from a lot of manual work to one that's much more highly automated, maybe not completely integrated and seamless. Right. But, but working in that direction, right. Yeah. Is that right? And maybe you could describe that in a little bit more detail, how that, you know, journey has progressed. >>I mean, just the fact alone that you have, you know, a lot of services, a lot of companies that are out there that are trying to remove the manual component and to automate things, to make things more efficient. So then, you know, developers can develop and we can be more agile and to do the things that, you know, really what the core competencies are of the business to remove those manual, you know, components to take out the human element and there's a growing need for it. You know, like we always look at security as, you know, like a second class citizen, we don't take advantage of, you know, the, you know, the opportunities that we need to, to do to maintain controls. So, you know, there's an opportunity here for us to look at and, and automate compliance, to automate controls and, and to make things, you know, seamless >>As a fun side benefit, you will actually hopefully have improved your actual security and also retain your workforce because people don't wanna be doing manual processes. You know, they wanna be doing stuff that humans are designed for, which is creative thinking, innovation, you know, creating ways to make new pathways instead of just like re walking these roads that a computer can analyze, >>You mentioned audit manager, what is that? I mean, let's give a plug for the product or the service. What's that all about what problems does it solve? Let's get >>Into that. Yeah. I mean, audit manager is a first of its kind service. You're not gonna find this offered through any other hyperscaler it's specifically geared and tailored towards the second line, which is security and compliance and a third line function, which is internal audit. So what is it looking to do and what is it looking to address some of those challenges working in a cloud space working, and if you have a cloud footprint. So for example, you know, most organizations operate in a multi account strategy, right? You don't just have one account, but how do you maintain consistency of controls across all your accounts? Auto manager is a service that can give, you know, kind of that single pane of view that to see across your entire landscape, just like a cartographer has a map to see, you know, the entire view of what he's designing auto managers does the same thing only from a cloud perspective. So there's also other, you know, features and capabilities that auto managers trying to integrate, you know, that presents challenges for those in compliance those in the audit space. So, you know, most companies, organizations they have, you know, not just one framework like SOC two or GDPR, high trust, HIPAA PCI, you know, you can select an industry accepted framework and evaluate your cloud consumption against, you know, an industry accepted framework to see where you stand in terms of your control posture, your security hygiene, >>And that's exclusive to AWS. Is that what you're saying? You won't find that on any other hyper scale >>And you'll find similarities in other products, but you won't find something that's specifically geared towards the second line and third line. There's also other features and capabilities to collect evidence, which is, I don't see that in the marketplace. >>Well, the only reason I ask that is because, you know, you, everybody has multiple clouds and I would love, I would love a, you know, an audit manager that's, that's span that transcends, you know, one cloud, is that possible? Or is that something that is just not feasible because of the, the, the deltas between clouds? >>I mean, anything's possible with the APIs right now, the way that, you know, you have to ingrain in, right. There's, you know, a, a feature that was introduced recently for audit manager was the ability to pull in APIs from third party sources. So now you're not just looking, looking exclusively at one cloud provider, you're looking at your entire digital ecosystem of services, your tools, your SA solutions that you're consuming to get a full, comprehensive picture of your environment. >>So compliance, risk, audit security, they're like cousins that are all sort of hanging out on the same holiday, but, but they're different. Like what help us understand and squint through those different disciplines. >>Yeah. I mean, each of them have, you know, a different role and a hat to wear. So internal audit is more of your independent arm of management working or reporting directly towards, you know, to the audit committee or to the board to give an independent view on company control and posture security and compliance works with management to help design the, that there that are intended to prevent, detect, or even correct, you know, controls, breakdowns, you know, those action, those action verb items that you wanna prevent unauthorized access, or you wanna restrict changes from making its way into production unless it's approved and, and documented and tracked and so on and so forth. So each, you know, these roles they're very similar, but they're also different in terms of what their function is. >>How are customers dealing with regional differences? You mentioned GDPR, different regulations, data sovereignty, what are the global nuances and complexities that, that, that cloud brings. And how are you addressing those? >>Yeah. Merit, I don't know if you had any thoughts on that one. >>I mean, I think that a lot of what, and this will build off of your response to the sort of Venn diagrams of security and risk and compliance and audit. I think, you know, what we're seeing is that folks care about the same stuff. They care about privacy. They care about security. They care about incentivizing best practices. The form that that takes when it's a compliance framework is by definition a little bit static over time. Whereas security tends to be more quickly evolving with standards that are like industry standards. And so I think one of the things that, you know, all these compliance frameworks have in, in mind is to go after those best practices, the forms that they take may take different forms. You know what I mean? And so I, I see them as hopeful in the motivation sense that we are helping entities get the wherewithal, they need to grow up or mature or get even more security minded. I think there are times that they feel a little clunky, but you know, that's just Frank. Yeah. >>It, it, it can audit manager sort of help me solve that problem. Is that the intent? And I see what you're saying, merit, that there security is at a different pace than, than, you know, GDPR, a privacy, you know, person, >>Right. I mean, like security says, we want this outcome. We want to have, you know, data be protected. The compliance may say, it must be this particular encryption standard. You know what I mean? Like the form I see things taking over time will evolve and, and feels dynamic. Whereas I think that sometimes when we think about compliance and it's exactly why we need stuff like audit manager is to like help manage exactly what articulation of that are we getting in this place at this time for this regulated industry? And like almost every customer I have is regulated. If you're doing business, you're probably in PCI, right. >>And there's never just one silver bullet. So security is, is a number of things that you're gonna do, the number of tools that you're gonna have. And it's often the culture in, in what you develop in your people, your process and technology. So auto manager is one of the components of robust strategy on how to address security. >>But it's also one of those things where like, there are very few entities, maybe Deloitte is one that are like built to do compliance. They're built to do manufacturing, automotive hospitality. Yeah. You know, like they're doing some other industry as their industry. Right. And we wanna let them have less lag time as they make sure that they can do that core business. And the point is to enable them to move our, I mean like sure. I think that folks should move to the pod because of security, but you don't have to, you should move because it enables your business. And this is one of the ways in which it just like minimizes, you know, like whatever our tailwinds lagging or push it anyway, it pushes you. Right. I mean, like it minimizes the lag >>Definitely tailwind. So are you suggesting merit that you can inject that industry knowledge and specificity into things like audit manager and, and actually begin to automate that as, and of course Deloitte has, you know, industry expertise char, but, but, but how should we think about that? >>I mean, you're gonna, you're gonna look at your controls comprehensively a across the board. So if you operate in an industry, you're gonna look to see like, what's, what's important for you. What do you have to, you know, be mindful of? So if you have data residency concerns, you wanna make sure that you've tailored your controls based on the risks that you're addressing. So if there's a framework >>And remember that you can go in the console and choose what region you're, you know, like we never remove your data from your region that you have chosen, you know, like this is, there's an intentionality and an ability to do this with a click of a mouse or with an API call that's, you know, or with a cloud formation template. That's like, there is a deliberateness there. There's not just like best wishes. >>You know, >>ESG is in scope. I presume, you know, helping the CISO become more green, more diverse. Increasingly you're seeing ESG reports come out from major organizations. I presume that's part of the compliance, but maybe not, maybe it hasn't seeped in yet. Are you seeing >>For that? I think it's still a new service auto manager. It's still, you know, being developed, but, you know, continuous feedback to make sure that, you know, we're covering a, a broad range of services and, and, and those considerations are definitely in the scope. Yeah. >>I mean, are you hearing more of that from >>Clients? So, I mean, we have an internal commitment to sustainability, right. That has been very publicly announced and that I'm passionate about. We also have some other native tools that probably, you know, are worth mentioning here, like security hub that does, you know, CIS benchmarking and other things like that are traffic lighted in their dashboard. You know, like there are ways a lot of this is going to be the ways that we can take what might have been like an ugly ETL process and instead take the managed ness on top of it and, and consume that and allow your CISO to make high velocity decision, high velocity, high quality decisions. >>What's the relationship between your two firms? How do you work >>To I'm like we just met. >>Yeah. I sense that, so is it, is it, how do you integrate, I guess is >>A question. Yeah. I mean, I mean, from the audit perspective, our perspective, working with clients and understanding, you know, their requirements and then bringing the service audit manager from the technical aspect and how we can work together. So we have a few use cases, one we've working with the tech company who wanted to evaluate, you know, production workload that had content, you know, critical client information, client data. So they needed to create custom controls. We were working with them to create custom controls, which auto manager would evaluate their environment, which would, you know, there's a reporting aspect of it, which was used to, you know, to present to senior leadership. So we were working together with AWS and on helping craft what those custom controls were in implement at the customer. >>Yeah. I mean, among other things, delight can help augment workforce. It can help folks interpret their results when they get outputs and act upon them and understand industry standards for responsiveness there. I mean, mean like it's a way to augment your approach by, you know, bringing in someone who's done this before. >>Yeah. Cool, cool. Collaboration on a topic that's generally considered, sorry. Don't, don't hate me for saying this boring, but really important. And the fact that you're automating again makes it a lot more interesting guys. Excellent. Thanks for your sharp first time on the cube. Thank you. Absolutely on, appreciate it. Rapidly. Becoming a VIP. Thanks. Coming on. Hey, I'll take it. All right. Keep it right there. Thank you. This is Dave ante for the cube. You're watching our coverage of AWS reinforce 2022 from Boston. We'll be right back.

(upbeat music) >> Hey, guys and girls, welcome back to New York City. Lisa Martin and John Furrier are live with theCUBE at AWS Summit 22, here in The Big Apple. We're excited to be talking about security next. James Arlen joins us, the CISO at Aiven. James, thanks so much for joining us on theCUBE today. >> Absolutely, it's good to be here. >> Tell the audience a little bit about Aiven, what you guys do, what you deliver, and what some of those differentiators are. >> Oh, Aiven. Aiven is a fantastic organization. I'm actually really lucky to work there. It's a database as a service, managed databases, all open source. And we're capital S, serious about open source. So 10 different open source database products delivered as a platform, all managed services, and the game is really about being the most performant, secure, and compliant database as a service on the market, friction free for your developers. You don't need people worrying about how to run databases. You just want to be able to say, here, take care of my data for me. And that's what we do. And that's actually the differentiator. We just take care of it for you. >> Take care of it for you, I like that. >> So they download the open source. They could do it on their own. So all the different projects are out there. >> Yeah, absolutely. >> What do you guys bringing to the table? You said the managed service, can you explain that. >> Yeah, the managed service aspect of it is, really, you could install the software yourself. You can use Postgres or Apache Kafka or any one of the products that we support. Absolutely you can do it yourself. But is that really what you do for a living, or do you develop software, or do you sell a product? So we take and do the hard work of running the systems, running the equipment. We take care of backups, high availability, all the security and compliance things around access and certifications, all of those things that are logging, all of that stuff that's actually difficult to do, well and consistently, that's all we do. >> Talk about the momentum, I see you guys were founded in what? 2016? >> Yes. >> Just in May of '22, raised $210 million in series D funding. >> Yes. >> Talk about the momentum and also from your perspective, all of the massive changes in security. >> It's very interesting to work for a company where you're building more than 100% growth year over year. It's a powers of two thing. Going from one to two, not so scary, two to four, not so scary. 512 to 1024, it's getting scary. (Lisa chuckles) 1024 to 2048, oh crap! I've been with Aiven for just almost two years now, and we are less than 70 when I started, and we're near 500 now. So, explosive growth is very interesting, but it's also that, you're growing within a reasonable burn rate boundary as well. And what that does from a security perspective, is it leaves you in the position that I had. I walked in and I was the first actual CISO. I had a team of four, I now have a team of 40. Because it turns out that like a lot of things in life, as you start unpacking problems, they're kind of fractal. You unpack the problem, you're like oh, well I did deal with that problem, but now I got another problem that I got to deal with. And so there's, it's not turtles all the way down. >> There's a lot of things going on and other authors, survive change. >> And there's fundamental problems that are still not fixed. And yet we treat them like they're fixed. And so we're doing a lot of hard work to make it so that we don't have to do hard work ongoing. >> And that's the value of the managed service. >> Yes. >> Okay, so talk about competition. Obviously, we had ETR on which is Enterprise Research Firm that we trust, we like. And we were looking at the data with the headwinds in the market, looking at the different players like got Amazon has Redshift, Snowflake, and you got Azure Sequence. I think it's called one of those products. The money that's being shifted from on premise data where the old school data warehouse like terra data and whatnot, is going first to Snowflake, then to Azure, then to AWS. Yes, so that points to snowflake being kind of like the bell of the ball if you will, in terms of from a data cloud. >> Absolutely. >> How do you compete with them? What's the pitch 'Cause that seemed to be a knee-jerk reaction from the industry. 'Cause snowflake is hot. They have a good value product. They have a smart team, Databrick is out there too. >> Yeah I mean... >> how do you guys compete against all that. >> So this is that point where you're balancing the value of a specific technology, or a specific technology vendor. And am I going to be stuck with them? So I'm tying my future to their future. With open source, I'm tying my future to the common good right. The internet runs on open source. It doesn't run on anything closed. And so I'm not hitching my wagon to something that I don't control. I'm hitching it to something where, any one of our customers could decide. I'm not getting the value I need from Aiven anymore. I need to go. And we provide you with the tools necessary, to move from our open source managed service to your own. Whether you go on-prem or you run it yourself, on a cloud service provider, move your data to you because it's your data. It's not ours. How can I hold your data? It's like weird extortion ransoming thing. >> Actually speaking, I mean enterprise, it's a big land grab 'cause with cloud you're horizontally scalable. It's a beautiful thing, open source is booming. It's going in Aiven, every day it's just escalating higher and higher. >> Absolutely. >> It is the software business. So open is open. Integration and scale seems to be the competitive advantage. >> Yeah. >> Right. So, how do you guys compete with that? Because now you got open source. How do you offer the same benefits without the lock in, or what's the switching costs? How do you guys maintain that position of not saying the same thing in Snowflake? >> Because all of the biggest data users and consumers tend to give away their data products. LinkedIn gave away their data product. Uber gave away their data product, Facebook gave away their data product. And we now use those as community solutions. So, if the product works for something the scale of LinkedIn, or something the scale of Uber. It will probably work for you too. And scale is just... >> Well Facebook and LinkedIn, they gave away the product to own the data to use against you. >> But it's the product that counts because you need to be able to manipulate data the way they manipulate data, but with yours. >> So low latency needs to work. So horizontally, scalable, fees, machine learning. That's what we're seeing. How do you make that available? Customers want on architecture? What do you recommend? Control plane, data plane, how do you think about that? >> It's interesting. There's architectural reasons to think about it in terms like that. And there's other good architectural reasons to not think about it. There's sort of this dividing line in the cloud, where your cloud service provider, takes over and provides you with the opportunity to say, I don't know. And I don't care >> As long as it's secure >> As long as it's secure absolutely. But there's sort of that water line idea, where if it's below the water line, let somebody else deal. >> What is in the table stakes? 'Cause I like that approach. I think that's a good value proposition. Store it, what boxes have to be checked? Compliance, secure, what are some of the boxes? >> You need to make sure that you've taken care of all of the same basics if you are still running it. Remember you can't absolve yourself of your duty to your customer. You're still on the hook. So, you have to have backups. You have to have access control. You have to understand who's administering it, and how and what they're doing. Good logging, good comprehension there. You have to have anomaly detection, secure operations. You have to have all those compliance check boxes. Especially if you're dealing with regulated data type like PCI data or HIPAA health data or you know what there's other countries besides the United States, there's other kinds of of compliance obligations there. So you have to make sure that you've got all that taken into account. And remember that, like I said, you can't absolve yourself with those things. You can share responsibilities. But you can't walk away from that responsibility. So you still have to make sure that you validate that your vendor knows what they're talking about. >> I wanted to ask you about the cybersecurity skills gap. So I'm kind of giving a little segue here, because you mentioned you've been with Aiven for about two years. >> Almost. >> Almost two years. You've started with a team of four. You've grown at 10X in less than two years. How have you accomplished that, considering we're seeing one of the biggest skills shortages in cyber in history. >> It's amazing, you see this show up in a lot of job Ads, where they ask for 10 years of experience in something that's existed for three years. (John Furrier laughs) And it's like okay, well if I just be logical about this I can hire somebody at less than the skill level that I need today, and bring them up to that skill level. Or I can spend the same amount of time, hoping that I'll find the magical person that has that set of skills that I need. So I can solve the problem of the skills gap by up-skilling the people that I hire. Which is strangely contrary to how this thing works. >> The other thing too, is the market's evolving so fast that, that carry up and pulling someone along, or building and growing your own so to speak is workable. >> It also really helps us with a bunch of sustainability goals. It really helps with anything that has to do with diversity and inclusion, because I can bring forward people who are never given a chance. And say, you know what? You don't have that magical ticket in life, but damn you know what you're talking about? >> It's a classic pedigree. I went to this school, I studied this degree. There's no degree if have to stop a hacker using state of the art malware. (John Furrier laughs) >> Exactly. What I do today as a job, didn't exist when I was in post-secondary at all. >> So when you hire, what do you look for? I mean obviously problem solving. What's your kind of algorithm for hiring? >> Oh, that's a really interesting question. The quickest sort of summary of it is, I'm looking for not a jerk. >> Not a jerk. >> Yeah. >> Okay. >> Because it turns out that the quality that I can't fix in a candidate, is I can't fix whether or not they're a jerk, but I can up-skill them, I can educate them. I can teach them of a part of the world that they've not had any interaction with. But if they're not going to work with the team, if they're going to be, look at me, look at me. If they're going to not have that moment of, I have this great job, and I get to work today. And that's awesome. (Lisa Martin laughs) That's what I'm trying to hire for. >> The essence of this teamwork is fundamental. >> Collaboration. >> Cooperation. >> Curiosity. >> That's the thing yeah, absolutely. >> And everybody? >> Those things, oh absolutely. Those things are really, really hard to interview for. And they're impossible to fix after the fact. So that's where you really want to put the effort. 'Cause I can teach you how to use a computer. I mean it's hard, but it's not that hard. >> Yeah, yeah, yeah. >> Well I love the current state of data management. Good overview, you guys are in the good position. We love open source. Been covering it for, since theCUBE started. It continues to redefine more and more the industry. It is the software industry. Now there's no debate about that. If people want to have that debate, that's kind of waste of time, but there are other ways that are happening. So I have to ask you. As things are going forward with innovation. Okay, if opensource is going to be the software industry. Where's the value? >> That's a fun question wow? >> Is it going to be in the community? Is it the integration? Is it the scale? If you're open and you have low switching costs... >> Yeah so, when you look at Aiven's commitment to open source, a huge part of that is our open source project office, where we contribute back to those core products, whether it's parts of the Apache Foundation, or Postgres, or whatever. We contribute to those, because we have staff who work on those products. They don't work on our stuff. They work on those. And it's like the opposite of a zero sum game. It's more like Nash equilibrium. If you ever watch that movie, "A beautiful mind." That great idea of, you don't have to have winners and losers. You can have everybody loses a little bit but everybody wins a little bit. >> Yeah and that's the open the ethos. >> And that's where it gets tied up. >> Another follow up on that. The other thing I want to get your reaction on is that, now in this modern era of open source, almost all corporations are part of projects. I mean if you're an entrepreneur and you want to get funding it's pretty simple. You start open source project. How many stars you get on GitHub guarantees it's a series C round, pretty much. So open source now has got this new thing going on, where it's not just open source folks who believe in it It's an operating model. What's the dynamic of corporations being part of the system. It used to be, oh what's the balance between corporate and influence, now it's standard. What's your reaction? >> They can do good and they can do harm. And it really comes down to why are you in it? So if you look at the example of open search, which is one of the data products that we operate in the Aiven system. That's a collaboration between Aiven. Hey we're an awesome company, but we're nowhere near the size of AWS. And AWS where we're working together on it. And I just had this conversation with one of the attendees here, where he said, "Well AWS is going to eat your story there. "You're contributing all of this "to the open search platform. "And then AWS is going to go and sell it "and they're going to make more money." And I'm like yep, they are. And I've got staff who work for the organization, who are more fulfilled because they got to deliver something that's used by millions of people. And you think about your jobs. That moment of, (sighs) I did a cool thing today. That's got a lot of value in it. >> And part of something. >> Exactly. >> As a group. >> 100%. >> Exactly. >> And we end up with a product that's used by millions. Some of it we'll capture, because we do a better job running than the AWS does, but everybody ends up winning out of the backend. Again, everybody lost a little, but everybody also won. And that's better than that whole, you have to lose so that I can win. At zero something, that doesn't work. >> I think the silo conversations are coming, what's the balance between siloing something and why that happens. And then what's going to be freely accessible for data. Because the real time information is based upon what you can access. "Hey Siri, what's the weather. "We had a guest on earlier." It says, oh that's a data query. Well, if the weather is, the data weathers stored in a database that's out here and it can't get to the response on the app. Yeah, that's not good, but the data is available. It just didn't get delivered. >> Yeah >> Exactly. >> This is an example of what people are realizing now the consequences of this data, collateral damage or economy value. >> Yeah, and it's understanding how data fits in your environment. And I don't want to get on the accountants too hard, but the accounting organizations, AICPA and ISAE and others, they haven't really done a good job of helping you understand data as an asset, or data as a liability. I hold a lot of customer data. That's a liability to me. It's going to blow up in my face. We don't talk about the income that we get from data, Google. We don't talk about the expense of regenerating that data. We talk about, well what happens if you lose it? I don't know. And we're circling the drain around fiduciary responsibility, and we know how to do this. If you own a manufacturing plant, or if you own a fleet of vehicles you understand the fiduciary duty of managing your asset. But because we can't touch it, we don't do a good job of it. >> How far do you think are people getting into the point where they actually see that asset? Because I think it's out of sight out of mind. Now there's consequences, there's now it's public companies might have to do filings. It's not like sustainability and data. Like, wait a minute, I got to deal with these things. >> It's interesting, we got this great benefit of the move to cloud computing, and the move to utility style computing. But we took away that. I got to walk around and pet my computers. Like oh! This is my good database. I'm very proud of you. Like we're missing that piece now. And when you think about the size of data centers, we become detached from that, you don't really think about, Aiven operates tens of thousands of machines. It would take entire buildings to hold them all. You don't think about it. So how do you recreate that visceral connection to your data? Well, you need to start actually thinking about it. And you need to do some of that tokenization. When was the last time you printed something out, like you get a report and happens to me all the time with security reports. Look at a security report and it's like 150 page PDF. Scroll, scroll, scroll, scroll. Print it out, stump it on the table in front of you. Oh, there's gravitas here. There's something here. Start thinking about those records, count them up, and then try to compare that to something in the real world. My wife is a school teacher, kindergarten to grade three, and tokenizing math is how they teach math to little kids. You want to count something? Here's 10 things, count them. Well, you've got 60,000 customer records, or you have 2 billion data points in your IOT database, tokenize that, what does 2 billion look like? What does $1 million look like in the form of $100 dollars bills on a pallet? >> Wow. >> Right. Tokenize that data, create that visceral connection with it, and then talk about it. >> So when you say tokenized, you mean like token as in decentralization token? >> No, I mean create like a totem or an icon of it. >> Okay, got it. >> A thing you can hold holy. If you're a token company. >> Not token as in Token economics and Crypto. >> If you're a mortgage company, take that customer record for one of your customers, print it out and hold the file. Like in a Manila folder, like it's 1963. Hold that file, and then say yes. And you're explaining to somebody and say yes, and we have 3 million of these. If we printed them all out, it would take up a room this size. >> It shows the scale. >> Right. >> Right. >> Exactly, create that connection back to the human level of interaction with data. How do you interact with a terabyte of data, but you do. >> Right. >> But once she hits upgrade from Google drive. (team laughs) >> What's a terabyte right? We don't hold that anymore. >> Right, right. >> Great conversation. >> Recreate that connection. Talk about data that way. >> The visceral connection with data. >> Follow up after this event. We'd love to dig more and love the approach. Love open source, love what you're doing there. That's a very unique approach. And it's also an alternative to some of the other vast growing plus your valuations are very high too. So you're not like a... You're not too far away from these big valuations. So congratulations. >> Absolutely. >> Yeah excellent, I'm sure there's lots of work to do, lots of strategic work to do with that round of funding. But also lots of opportunity, that it's going to open up, and we know you don't hire jerks. >> I don't >> You have a whole team of non jerks. That's pretty awesome. Especially 40 of 'em. That's impressive James.| >> It is. >> Congratulations to you on what you've accomplished in the course of the team. And thank you for sharing your insights with John and me today, we appreciate it. >> Awesome. >> Thanks very much, it's been great. >> Awesome, for John furrier, I'm Lisa Martin and you're watching theCube, live in New York city at AWS Summit NYC 22, John and I will be right back with our next segment, stick around. (upbeat music)

(upbeat music) >> Man: We're good. >> Hey everyone. Welcome back to theCube's live coverage of AWS Summit NYC. We're in New York City, been here all day. Lisa Martin, John Furrier, talking with AWS partners ecosystem folks, customers, AWS folks, you name it. Next up, one of our alumni, rejoins us. Please welcome Anshu Sharma the co-founder and CEO of Skyflow. Anshu great to have you back on theCube. >> Likewise, I'm excited to be back. >> So I love how you guys founded this company. Your inspiration was the zero trust data privacy vault pioneered by two of our favorites, Apple and Netflix. You started with a simple question. What if privacy had an API? So you built a data privacy vault delivered as an API. Talk to us, and it's only in the last three and a half years. Talk to us about a data privacy vault and what's so unique about it. >> Sure. I think if you think about all the key challenges we are seeing in our personal lives when we are dealing with technology companies a lot of anxiety is around what happens to my data, right? If you want to go to a pharmacy they want to know not just your health ID number but they want to know your social security number your credit card number, your phone number and all of that information is actually useful because they need to be able to engage with you. And it's true for hospitals, health systems. It's true for your bank. It's true for pretty much anybody you do business with even an event like this. But then question that keeps coming up is where does this data go? And how is it protected? And the state of the art here has always been to keep kind of, keep it protected when it's in storage but almost all the breaches, all the hacks happen not because you've steal somebody's disc, but because someone enters through an API or a portal. So the question we asked was we've been building different shapes of containers for different types of data. You don't store your logs in a data warehouse. You don't store your analytical data in a regular RDBMS. Similarly, you don't store your passwords and usernames you store them in identity systems. So if PI is so special why isn't it a container that's used for storing PII? So that's how the idea of Pii.World came up. >> So you guys just got a recent funding, a series B financing which means for the folks out there that don't know the inside baseball, must people do, means you're doing well. It's hard to get that round of funding means you're up and growing to the right. What's the differentiator? Why are you guys so successful? Why the investment growth, what's the momentum driver? >> So I think in some ways we took one of the most complex problems, data privacy, like half the people can't even describe like, does data privacy mean like I have to be GDPR compliant or does it actually mean I'm protecting the data? So you have multiple stakeholders in any company. If you're a pharma company, you may have a chief privacy officer, a data officer, this officer, that officer, and all of these people were talking and the answer was buy more tools. So if you look around behind our back, there's probably dozens of companies out there. One protecting data in an API call another protecting data in a database, another one data warehouse. But as a CEO, CTO, I want to know what happens to my social security number from a customer end to end. So we said, if you can radically simplify the whole thing and the key insight was you can simplify it by actually isolating and protecting this data. And this architecture evolved on its own at companies like Apple and other places, but it takes dozens of engineers for those companies to build it out. So we like, well, the pattern will makes sense. It logically kind is just common sense. So instead of selling dozens of tools, we can just give you a very simple product, which is like one API call, you know, protect this data... >> So like Stripe is for a plugin for a financial transaction you plug it into the app, similar dynamic here, right? >> Exactly. So it's Stripe for payments, Twilio for Telephony. We have API for everything, but if you have social security numbers or pan numbers you still are like relying on DIY. So I think what differentiated us and attracted the investors was, if this works, >> It's huge. every company needs it. >> Well, that's the integration has become the key thing. I got to ask you because you mentioned GDPR and all the complexities around the laws and the different regulations. That could be a real blocker in a wet blanket for innovation. >> Anshu: Yes. >> And with the market we're seeing here at, at your Summit New York, small event. 10,000 people, more people here than were at Snowflake Summit as an example. And they're the hottest company in data. So this small little New York event is proven that that world is growing. So why should this wet blanket, these rules slow it down? How do you balance it? 'Cause that's a concern. If you checking all the boxes you're never actually building anything. >> So, you know, we just ran into a couple of customers who still are struggling with moving from the data center to AWS Cloud. Now the fact that here means they want to but something is holding them back. I also met the AI team of Amazon. They're doing some amazing work and they're like, the biggest hindrance for them is making customers feel safe when they do the machine learning. Because now you're opening up the data sets to more people. And in all of those cases your innovation basically stops because CSO is like, look you can't put PII in the cloud unprotected. And with the vault architecture we call it privacy by architecture. So there's a term called privacy by design. I'm like what the, is privacy by design, right? >> John: It's an architecture. (John laughing) >> But if you are an architecture and a developer like me I was like, I know what architecture is. I don't know what privacy by design is. >> So you guys are basically have that architecture by design which means foundational based services. So you're providing that as a service. So other people don't have to build the complex. >> Anshu: Exactly. >> You know that you will be Apple's backend team to build that privacy with you you get all that benefit. >> Exactly. And traditionally, people have had to make compromises. If you encrypt the data and secure it, then you can't use it. Using a proprietary polymorphic encryption technology you can actually have your cake and eat it to. So what that means for customers is, if you want to protect data in Snowflake or REDshare, use Skyflow with it. We have integrations to databases, to data lakes, all the common workflow tools. >> Can you give us a customer example that you think really articulates the value of what Skyflow is delivering? >> Well, I'll give you two examples. One in the FinTech space, one in the health space. So in the FinTech space this is a company called Nomi Health. They're a large payments processor for the health insurance market. And funnily enough, their CTO actually came from Goldman Sachs. He actually built apple card. (John laughing) Right? That if we all have in our phones. And he saw our product and he's like, for my new company, I'm going to just use you guys because I don't want to go hire 20 engineers. So for them, we had a HIPAA compliant environment a PCI compliant environment, SOC 2 compliant environment. And he can sleep better at night because he doesn't have to worry what is my engineer in Poland or Ukraine doing right now? I have a vault. I have rules set up. I can audit it. Everything is logged. Similarly for Science 37, they run clinical trials globally. They wanted to solve data residency. So for them the problem was, how do I run one common global instance? When the rules say you have to break everything up and that's very expensive. >> And so I love this. I'm a customer. For them a customer. I love it. You had me at hello, API integration. I love it. How much does it cost? What's it going to cost me? How do I need to think about my operationalizing? 'Cause I know with an API, I can do that. Am I paying by the usage, by the drink? How do I figure out? >> So we have programs for startups where it's really really inexpensive. We get them credits. And then for enterprises, we basically have a platform fee. And then based on the amount of data PII, we charge them. We don't nickel and dime the customers. We don't like the usage based model because, you don't know how many times you're going to hit an API. So we usually just based on the number of customer records that you have and you can hit them as many time as you want. There's no API limits. >> So unlimited record based. >> Exactly. that's your variable. >> Exactly. We think about you buying odd zero, for example, for authentication you pay them by the number of active users you have. So something similar. >> So you run on AWS, but you just announced a couple of new GTM partners, MuleSoft and plan. Can you talk to us about, start with MuleSoft? What are you doing and why? And the same with VLA? >> Sure. I mean, MuleSoft was very interesting customers who were adopting our products at, you know, we are buying this product for our new applications but what about our legacy code? We can't go in there and add APIs there. So the simplest way to do integration in the legacy world is to use an integration broker. So that's where MuleSoft integration came out and we announced that. It's a logical place for you to swap out real social security numbers with, you know, fake ones. And then we also announced a partnership with SnowFlake, same thing. I think every workload as it's moving to the cloud needs some kind of data protection with it. So I think going forward we are going to be announcing even more partnerships. So you can imagine all the places you're storing PII today whether it's in a call center solution or analytics solution, there's a PII story there. >> Talk about the integration aspect because I love the momentum. I get everything makes secure the customers all these environments, integrations are super important to plug into. And then how do I essentially operate you on my side? Do I import the records? How do you connect to my environment in my databases? >> So it's really, really easy when you encrypt the data and use Skyflow wall, we create what is called a format preserving token, which is essentially replacing a social security number with something that looks like an SSN but it's not. So that there's no schema changes involved. You just have to do that one time swap over and then in terms of integrations, most of these integrations are prebuilt. So Snowflake integration is prebuilt. MuleSoft integration is prebuilt. We're going to announce some new ones. So the goal is for off the table in platforms like Snowflake and MuleSoft, we prebuilt all the integrations. You can build your own. It takes about like a day. And then in terms of data import basically it's the same standard process that you would use with any other data store. >> Got to ask you about data breaches. Obviously the numbers in 2021 were huge. We're seeing so much change in the cyber security landscape ransomware becoming a household word, a matter of when but not if... How does Skyflow help organizations protect themselves or reduce the number of breaches so that they are not the next headline? >> You know, the funny thing about breaches is again and again, we see people doing the same mistakes, right? So Equifax had a breach four years ago where a customer portal, you know, no customer support rep should have access to a 100 million people's data. Like is that customer agent really accessing 100 million? But because we've been using legacy security tools they either give you access or don't give you access. And that's not how it's going to work. Because if I'm going to engage with the pharmacy and airline they need to be able to use my data in multiple different places. So you need to have fine grain controls around it. So I think the reason we keep getting breaches is cybersecurity industry is selling, 10s of billions of dollars worth of tools in the name of security but they cannot be applied at a fine grain level enough. I can't say things like for my call center agent that's living in Phoenix, Arizona they can only verify last four digits, but the same call center worker in Philippines can't even see that. So how do you get all that granular control in place? Is really why we keep seeing data breaches. So the Equifax breach, the Shopify breach the Twitter breaches, they're all the same. Like again and again, it's either an inside person or an external person who's gotten in. And once you're in and this is the whole idea of zero trust as you know. Once you're in, you can access all the data. Zero trust means that you don't assume that you actually isolate PII separately. >> A lot of the cybersecurity issues as you were talking about, are people based. Somebody clicking on something or gaining access. And I always talk to security experts about how do you control for the people aspect besides training, awareness, education. Is Skyflow a facilitator of that in a way that we haven't seen before? >> Yeah. So I think what ends up happening is, people even after they have breaches, they will lock down the system that had the breach, but then they have the same data sitting in a partner database, maybe a customer database maybe a billing system. So by centralizing and isolating PII in one system you can then post roles based access control rules. You can put limitations around it. But if you try to do that across hundreds of DS bases, you're just not going to be able to do it because it's basically just literally impossible, so... >> My final question for you is on, for me is you're here at AWS Summits, 10,000 people like I said. More people here than some big events and we're just in New York city. Okay. You actually work with AWS. What's next for you guys as you got the fresh funding, you guys looking for more talent, what's your next mountain you're going to climb? Tell us what's next for the company. Share your vision, put a plug in for the company. >> Well, it's actually very simple. Today we actually announced that we have a new chief revenue officer who's joining us. Tammy, she's joined us from LaunchDarkly which is it grew from like, you know, single digits to like over nine digits in revenue. And the reason she's joining Skyflow is because she sees the same inflection point hitting us. And for us that means more marketing, more sales, more growth in more geographies and more partnerships. And we think there's never been a better time to solve privacy. Literally everything that we deal with even things like rove evade issues eventually ties back into a issue around privacy. >> Lisa: Yes. >> AWS gets the model API, you know, come on, right? That's their model. >> Exactly. So I think if you look at the largest best companies that have been built in the last 20 years they took something that should have been simple but was not. There used to be Avayas of the world, selling Telephony intel, Twilio came and said, look an API. And we are trying to do the same to the entire security compliance and privacy industry is to narrow the problem down and solve it once. >> (indistinct) have it. We're going to get theCube API. (Lisa laughing) That's what we're going to do. All right. >> Thank you so much. >> Awesome. Anshu, thank you for joining us, talking to us about what's new at Skyflow. It sounds like you got that big funding investment. Probably lots of strategic innovation about to happen. So you'll have to come back in a few months and maybe at next reinvent in six months and tell us what's new, what's going on. >> Last theCube interview was very well received. People really like the kind of questions you guys asked. So I love this show and I think... >> It's great when you're a star like you, you got good market, great team, smart. I mean, look at this. I mean, what slow down are we talking about here? >> Yeah. I don't see... >> There is no slow down on the enterprise. >> Privacy's hot and it's incredibly important and we're only going to be seeing more and more of it. >> You can talk to any CIO, CSO, CTO or the board and they will tell you there is no limit to the budget they have for solving the core privacy issues. We love that. >> John: So you want to move on to building? >> Lisa: Obviously that must make you smile. >> John: You solved a big problem. >> Thank you. >> Awesome. Anshu, thank you again. Congrats on the momentum and we'll see you next time and hear more on the evolution of Skyflow. Thank you for your time. >> Thank you. >> For John furrier, I'm Lisa Martin. You're watching theCube live from New York City at AWS Summit NYC 22. We'll be right back with our next guest. So stick around. (upbeat music)

>>Drew and I are pleased to welcome Kevin Warda. Who's the director of information technology services at the Hotchkis school, a very prestigious and well respected boarding school in the beautiful Northwest corner of Connecticut. Hello, Kevin? >>Hello. It's nice to be here. Thanks for having me. >>Yeah, you, you bet. Hey, tell us a little bit more about the Hotchkis school and your role. >>Sure. The hacha school is an independent boarding school, grades nine through 12, as you said, very prestigious and in an absolutely beautiful location on the deepest freshwater lake in Connecticut, we have 500 K 500 acre main campus and a 200 acre farm down the street. My role is as the director of information technology services, essentially to oversee all of the technology that supports the school operations, academics, sports, everything we do on campus. >>Yeah. And you've had a very strong history in the educational field, you know, from that lens what's, what's the unique, you know, or not unique, but the pressing security challenge that's top of mind for you. >>I think that it's clear that educational institutions are a target these days, especially for ransomware. We have a lot of data that can be used by threat actors and schools are often underfunded in the area of it, security it in general sometimes. So I think threat actors often see us as easy targets or at least worthwhile to try to get into, >>Because specifically you are potentially spread thin underfunded. You gotta, you, you got students, you got teachers. So there really are some, are there any specific data privacy concerns as well around student privacy or regulations that you can speak to? >>Certainly because of the fact that we're an independent boarding school, we operate things like even a health center. So data privacy regulations across the board in terms of just student data rights Ferra, some of our students are under 18. So data privacy laws such as Copa apply HIPAA can apply. We have PCI regulations with many of our financial transactions, whether it be fundraising through alumni development, or even just accepting the revenue for tuition. So it's, it's a unique place to be. Again, we operate very much like a college would, right? We have all the trappings of a, of a private college in terms of all the operations we do. And that's what I love most about working education is that it's, it's all the industries combined in many ways. >>Very cool. So let's talk about some of the defense strategies from a practitioner point of view, then I want to bring in, in drew to the conversation. So what are the, the best practice and the right strategies from your standpoint of defending your, your data? >>Well, we take a defense and depth approach. So we layer multiple technologies on top of each other to make sure that no single failure is a key to getting beyond those defenses. We also keep it simple. You know, I think there's some core things that all organizations need to do these days in including, you know, vulnerability scanning, patching using multifactor authentication and having really excellent backups in case something does happen. >>Drew, are you seeing any similar patterns across other industries or customers? I mean, I know we're talking about some uniqueness in the education market, but what, what, what can we learn from other adjacent industries? >>Yeah, I, you know, Kevin is spot on and I love hearing what, what he's doing going back to our prior conversation about zero trust, right? That defense in depth approach is beautifully aligned, right? With a zero trust approach, especially things like multifactor authentication, always shocked at how few folks are applying that very, very simple technology and, and across the board, right? I mean, Kevin is referring to, you know, financial industry, healthcare industry, even, you know, the security and police, right. They need to make sure that the data that they're keeping evidence right. Is secure and imutable right, because that's evidence, >>Well, Kevin paint a picture for us, if you would. So you were primarily on, Preem looking at potentially, you know, using more cloud, you were a VMware shop, but tell us, paint a picture of your environment, kind of the applications that you support and, and the kind of, I wanna get to the before and the, after wasabi, but start with kind of where you came from. >>Sure. Well, I came to the hatchet school about seven years ago and I had come most recently from public K12 and municipal. So again, not a lot of funding for it in general security or infrastructure in general. So Nutanix was actually a solu, a hyperconverged solution that I implemented at my previous position. So when I came to Hodges and found mostly on-prem workloads, everything from the student information system to the card access system, that students would use financial systems, they were almost all on premise, but there were some new SAS solutions coming in play. We had also taken some time to do some business continuity planning, you know, in the event of some kind of issue. I don't think we were thinking about the pandemic at the time, but certainly it helped prepare us for that. So as different workloads were moved off to hosted or cloud based, we didn't really need as much of the on premise compute and storage as, as we had. And it was time to retire that cluster. And so I brought the experience I had with Nutanix with me, and we consolidated all that into a, a hyper-converged platform, running Nutanix AV, which allowed us to get rid of all the cost of the VMware licensing as well. And it is an easier platform to manage, especially for small it shops like ours. >>Yeah. AHV is the Acropolis hypervisor. And so you migrated off of VMware avoidance V the VTax avoidance. That's a common theme among Nu Nutanix customers. And now did you consider moving into AWS? You know, what was the catalyst to consider wasabi as part of your defense strategy? >>We were looking at cloud storage options and they were just all so expensive, especially in egress fees to get data back out, WASA became across our, our desks. And it was such a low, low barrier to entry to sign up for a trial and get, you know, terabyte for a month. And then it was, you know, $6 a month for terabyte. After that, I said, we can try this out in a very low stakes way to see how this works for us. And there was a couple things we were trying to solve at the time. It wasn't just a place to put backup, but we also needed a place to have some files that might serve to some degree as a content delivery network. Some of our software applications that are deployed through our mobile device management needed a place that was accessible on, on the internet that they could be stored as well. >>So we were testing it for a couple different scenarios and it worked great, you know, performance wise, fast security wise. It has all the features of, of S3 compliance that works with, with Nutanix and anyone who's familiar with S3 permissions can apply them very easily. And then there was no egress fees. We can pull data down, put data up at will, and it's not costing us any extra, which is excellent because especially in education, we need fixed costs. We need to know what we're gonna spend over a year before we spend it and not be hit with, you know, bills for, for egres or, or because our workload or our data storage footprint grew tremendously. We need, we need that. We, we can't have the variability that the cloud providers would give us. >>So Kevin, you, you explained you're hypersensitive about security and privacy for obvious reasons that we discussed. Were you concerned about doing business with a company with a funny name? Was it the trial that got you through that knothole? How did you address those, those concerns as an it practitioner? >>Yeah, anytime we adopt anything, we go through a risk review. So we did our homework and we checked the funny name really means nothing. There's lots of companies with funny names. >>I think we don't go based on the name necessarily, but we did go based on the history understanding, you know, who started the company, where it came from and really looking into the technology, understanding that the value proposition, the ability to, to provide that lower cost is based specifically on the technology, in which it lays down data. So, so having a legitimate, reasonable, you know, excuse as to why it's cheap, we weren't thinking, well, you know, you get what you pay for it. It may be less expensive than alternatives, but it's, it's not cheap. It's not, you know, it's, it's reliable. And that was really our concern. So we, we did our homework for sure before even starting the trial, but then the trial certainly confirmed everything that we had learned. >>Yeah. Thank you for that. Drew explain the whole egres charge. We hear a lot about that. What do people need to know? >>First of all, it's not a funny name, it's a memorable name, date, just like the cube. Let's be very clear about that. Second of all egres charges. So, you know, other storage providers charge you for every API call, right? Every get every, put every list, everything okay. It's, it's part of their, their, you know, their, their process. It's part of how they make money. It's part of how they cover the cost of all their other services. We don't do that. And I think, you know, as, as Kevin has pointed out, right, that's a huge differentiator because you're talking about a significant amount of money above and beyond. What is the list price? In fact, I would tell you that most of the other storage providers, hyperscalers, you know, their list price, first of all, is, is, you know, far exceeding anything else in the industry, especially what we offer and then right. Their, their additional cost, the egres cost, the API requests can be two, three, 400% more on top of what you're paying per terabyte. >>So you used the little coffee analogy earlier in our conversation. So I'm, here's what I'm imagining. Like I have a lot of stuff. Right. And, and I, I, I had to clear up my bar and I put some stuff in storage, you know, right down the street and I pay them monthly. I can't imagine having to pay them to go get my stuff. That's kinda the same thing here. >>Oh, that's a great metaphor, right. That, that storage locker, right? Yeah. You know, can you imagine every time you wanna open the door to that locker and look inside having to pay a fee? >>No, no, that would be annoying. >>Or, or every time you pull into the yard and you want to put something in that storage locker, you have to pay an access fee to get to the yard. You have to pay a door opening fee. Right. And then if you wanna look and get an inventory of everything in there, you have to pay and it's ridiculous. Yeah. It's your data, it's your storage, it's your locker. You've already paid the annual fee probably cuz that they gave you a discount on that. So why shouldn't you have unfettered access to your data? That's what wasabi does. And I think as Kevin pointed out, right, that's what sets us completely apart from everybody >>Else. Okay, good. That's helpful. It helps us understand how Wasabi's different. Kevin. I'm always interested when I talk to practitioners like yourself in, in, in learning what you do, you know, outside of the technology, what are you doing in terms of educating your community and making them more cyber aware? Do you have training for students and faculty to learn about security and, and ransomware protection? For example? >>Yes. Cyber security awareness training is definitely one of the required things everyone should be doing in their organizations. And we do have a program that we use and we try to make it fun and engaging too. Right? This is, this is often the checking, the box kind of activity. Insurance companies require it, but we wanna make it something that people want to do and wanna engage with. So even last year, I think we did one around the holidays and kind of pointed out the kinds of scams they may expect in their personal life about, you know, shipping of orders and time for the holidays and things like that. So it wasn't just about protecting our school data. It's about the fact that, you know, protecting their information is something you do in all aspects of your life. Especially now that the folks are working hybrid off of working from home with equipment from the school, this stakes are much higher and people have a lot of our data at home. And so knowing how to protect that is important. And so we definitely run, run those programs in a way that, that we want to be engaging and fun and memorable so that when they do encounter those things, especially email threats, they know how to handle them. >>So when you say fun, it's like you come up with an example that we can laugh at until of course we click on that bad link, but I'm sure you can, you can come up with a lot of interesting and engaging examples. Is that what you're talking about? About having fun? >>Yeah. I mean, sometimes they are kind of choose your own adventure type stories. You know, they, they, they, they stop as they run. So they're, they're, they're telling a story and they stop and you have to answer questions along the way to keep going. So you're not just watching a video, you're engaged with the story of the topic. Yeah. That's why I think is, is memorable about it, but it's also, that's what makes it fun. It's not, you're not just watching some talking head saying, you know, to avoid shortened URLs or to check, to make sure, you know, the sender of, of the email. Now you you're engaged in a real life scenario story that you're kind of following and making choices along the way and finding out was that the right choice to make or maybe not. So that's where I think the learning comes in. >>Excellent. Okay, gentlemen, thanks so much. Appreciate your time. Kevin drew awesome. Having you in the cube. >>My pleasure. Thank you. >>Yeah. Great to be here. Thanks. Okay. In a moment, I'll give you some closing thoughts on the changing world of data protection and the evolution of cloud object storage. You're watching the cube, the leader in high tech enterprise coverage.

>> The rapid rise of ransomware attacks has added yet another challenge that business technology executives have to worry about these days, cloud storage, immutability, and air gaps have become a must have arrows in the quiver of organization's data protection strategies. But the important reality that practitioners have embraced is data protection, it can't be an afterthought or a bolt on it, has to be designed into the operational workflow of technology systems. The problem is, oftentimes, data protection is complicated with a variety of different products, services, software components, and storage formats, this is why object storage is moving to the forefront of data protection use cases because it's simpler and less expensive. The put data get data syntax has always been alluring, but object storage, historically, was seen as this low-cost niche solution that couldn't offer the performance required for demanding workloads, forcing customers to make hard tradeoffs between cost and performance. That has changed, the ascendancy of cloud storage generally in the S3 format specifically has catapulted object storage to become a first class citizen in a mainstream technology. Moreover, innovative companies have invested to bring object storage performance to parity with other storage formats, but cloud costs are often a barrier for many companies as the monthly cloud bill and egress fees in particular steadily climb. Welcome to Secure Storage Hot Takes, my name is Dave Vellante, and I'll be your host of the program today, where we introduce our community to Wasabi, a company that is purpose-built to solve this specific problem with what it claims to be the most cost effective and secure solution on the market. We have three segments today to dig into these issues, first up is David Friend, the well known entrepreneur who co-founded Carbonite and now Wasabi will then dig into the product with Drew Schlussel of Wasabi, and then we'll bring in the customer perspective with Kevin Warenda of the Hotchkiss School, let's get right into it. We're here with David Friend, the President and CEO and Co-founder of Wasabi, the hot storage company, David, welcome to theCUBE. >> Thanks Dave, nice to be here. >> Great to have you, so look, you hit a home run with Carbonite back when building a unicorn was a lot more rare than it has been in the last few years, why did you start Wasabi? >> Well, when I was still CEO of Wasabi, my genius co-founder Jeff Flowers and our chief architect came to me and said, you know, when we started this company, a state of the art disk drive was probably 500 gigabytes and now we're looking at eight terabyte, 16 terabyte, 20 terabyte, even 100 terabyte drives coming down the road and, you know, sooner or later the old architectures that were designed around these much smaller disk drives is going to run out of steam because, even though the capacities are getting bigger and bigger, the speed with which you can get data on and off of a hard drive isn't really changing all that much. And Jeff foresaw a day when the architectures sort of legacy storage like Amazon S3 and so forth was going to become very inefficient and slow. And so he came up with a new, highly parallelized architecture, and he said, I want to go off and see if I can make this work. So I said, you know, good luck go to it and they went off and spent about a year and a half in the lab, designing and testing this new storage architecture and when they got it working, I looked at the economics of this and I said, holy cow, we can sell cloud storage for a fraction of the price of Amazon, still make very good gross margins and it will be faster. So this is a whole new generation of object storage that you guys have invented. So I recruited a new CEO for Carbonite and left to found Wasabi because the market for cloud storage is almost infinite. You know, when you look at all the world's data, you know, IDC has these crazy numbers, 120 zetabytes or something like that and if you look at that as you know, the potential market size during that data, we're talking trillions of dollars, not billions and so I said, look, this is a great opportunity, if you look back 10 years, all the world's data was on-prem, if you look forward 10 years, most people agree that most of the world's data is going to live in the cloud, we're at the beginning of this migration, we've got an opportunity here to build an enormous company. >> That's very exciting. I mean, you've always been a trend spotter, and I want to get your perspectives on data protection and how it's changed. It's obviously on people's minds with all the ransomware attacks and security breaches, but thinking about your experiences and past observations, what's changed in data protection and what's driving the current very high interest in the topic? >> Well, I think, you know, from a data protection standpoint, immutability, the equivalent of the old worm tapes, but applied to cloud storage is, you know, become core to the backup strategies and disaster recovery strategies for most companies. And if you look at our partners who make backup software like Veeam, Convo, Veritas, Arcserve, and so forth, most of them are really taking advantage of mutable cloud storage as a way to protect customer data, customers backups from ransomware. So the ransomware guys are pretty clever and they, you know, they discovered early on that if someone could do a full restore from their backups, they're never going to pay a ransom. So, once they penetrate your system, they get pretty good at sort of watching how you do your backups and before they encrypt your primary data, they figure out some way to destroy or encrypt your backups as well, so that you can't do a full restore from your backups. And that's where immutability comes in. You know, in the old days you, you wrote what was called a worm tape, you know, write once read many, and those could not be overwritten or modified once they were written. And so we said, let's come up with an equivalent of that for the cloud, and it's very tricky software, you know, it involves all kinds of encryption algorithms and blockchain and this kind of stuff but, you know, the net result is if you store your backups in immutable buckets, in a product like Wasabi, you can't alter it or delete it for some period of time, so you could put a timer on it, say a year or six months or something like that, once that data is written, you know, there's no way you can go in and change it, modify it, or anything like that, including even Wasabi's engineers. >> So, David, I want to ask you about data sovereignty. It's obviously a big deal, I mean, especially for companies with the presence overseas, but what's really is any digital business these days, how should companies think about approaching data sovereignty? Is it just large firms that should be worried about this? Or should everybody be concerned? What's your point of view? >> Well, all around the world countries are imposing data sovereignty laws and if you're in the storage business, like we are, if you don't have physical data storage in-country, you're probably not going to get most of the business. You know, since Christmas we've built data centers in Toronto, London, Frankfurt, Paris, Sydney, Singapore, and I've probably forgotten one or two, but the reason we do that is twofold; one is, you know, if you're closer to the customer, you're going to get better response time, lower latency, and that's just a speed of light issue. But the bigger issue is, if you've got financial data, if you have healthcare data, if you have data relating to security, like surveillance videos, and things of that sort, most countries are saying that data has to be stored in-country, so, you can't send it across borders to some other place. And if your business operates in multiple countries, you know, dealing with data sovereignty is going to become an increasingly important problem. >> So in May of 2018, that's when the fines associated with violating GDPR went into effect and GDPR was like this main spring of privacy and data protection laws and we've seen it spawn other public policy things like the CCPA and think it continues to evolve, we see judgments in Europe against big tech and this tech lash that's in the news in the U.S. and the elimination of third party cookies, what does this all mean for data protection in the 2020s? >> Well, you know, every region and every country, you know, has their own idea about privacy, about security, about the use of even the use of metadata surrounding, you know, customer data and things of this sort. So, you know, it's getting to be increasingly complicated because GDPR, for example, imposes different standards from the kind of privacy standards that we have here in the U.S., Canada has a somewhat different set of data sovereignty issues and privacy issues so it's getting to be an increasingly complex, you know, mosaic of rules and regulations around the world and this makes it even more difficult for enterprises to run their own, you know, infrastructure because companies like Wasabi, where we have physical data centers in all kinds of different markets around the world and we've already dealt with the business of how to meet the requirements of GDPR and how to meet the requirements of some of the countries in Asia and so forth, you know, rather than an enterprise doing that just for themselves, if you running your applications or keeping your data in the cloud, you know, now a company like Wasabi with, you know, 34,000 customers, we can go to all the trouble of meeting these local requirements on behalf of our entire customer base and that's a lot more efficient and a lot more cost effective than if each individual country has to go deal with the local regulatory authorities. >> Yeah, it's compliance by design, not by chance. Okay, let's zoom out for the final question, David, thinking about the discussion that we've had around ransomware and data protection and regulations, what does it mean for a business's operational strategy and how do you think organizations will need to adapt in the coming years? >> Well, you know, I think there are a lot of forces driving companies to the cloud and, you know, and I do believe that if you come back five or 10 years from now, you're going to see majority of the world's data is going to be living in the cloud and I think storage, data storage is going to be a commodity much like electricity or bandwidth, and it's going to be done right, it will comply with the local regulations, it'll be fast, it'll be local, and there will be no strategic advantage that I can think of for somebody to stand up and run their own storage, especially considering the cost differential, you know, the most analysts think that the full, all in costs of running your own storage is in the 20 to 40 terabytes per month range, whereas, you know, if you migrate your data to the cloud, like Wasabi, you're talking probably $6 a month and so I think people are learning how to deal with the idea of an architecture that involves storing your data in the cloud, as opposed to, you know, storing your data locally. >> Wow, that's like a six X more expensive in the clouds, more than six X, all right, thank you, David,-- >> In addition to which, you know, just finding the people to babysit this kind of equipment has become nearly impossible today. >> Well, and with a focus on digital business, you don't want to be wasting your time with that kind of heavy lifting. David, thanks so much for coming in theCUBE, a great Boston entrepreneur, we've followed your career for a long time and looking forward to the future. >> Thank you. >> Okay, in a moment, Drew Schlussel will join me and we're going to dig more into product, you're watching theCUBE, the leader in enterprise and emerging tech coverage, keep it right there. ♪ Whoa ♪ ♪ Brenda in sales got an email ♪ ♪ Click here for a trip to Bombay ♪ ♪ It's not even called Bombay anymore ♪ ♪ But you clicked it anyway ♪ ♪ And now our data's been held hostage ♪ ♪ And now we're on sinking ship ♪ ♪ And a hacker's in our system ♪ ♪ Just 'cause Brenda wanted a trip ♪ ♪ She clicked on something stupid ♪ ♪ And our data's out of our control ♪ ♪ Into the hands of a hacker's ♪ ♪ And he's a giant asshole. ♪ ♪ He encrypted it in his basement ♪ ♪ He wants a million bucks for the key ♪ ♪ And I'm pretty sure he's 15 ♪ ♪ And still going through puberty ♪ ♪ I know you didn't mean to do us wrong ♪ ♪ But now I'm dealing with this all week long ♪ ♪ To make you all aware ♪ ♪ Of all this ransomware ♪ ♪ That is why I'm singing you this song ♪ ♪ C'mon ♪ ♪ Take it from me ♪ ♪ The director of IT ♪ ♪ Don't click on that email from a prince Nairobi ♪ ♪ 'Cuz he's not really a prince ♪ ♪ Now our data's locked up on our screen ♪ ♪ Controlled by a kid who's just fifteen ♪ ♪ And he's using our money to buy a Ferrari ♪ (gentle music) >> Joining me now is Drew Schlussel, who is the Senior Director of Product Marketing at Wasabi, hey Drew, good to see you again, thanks for coming back in theCUBE. >> Dave, great to be here, great to see you. >> All right, let's get into it. You know, Drew, prior to the pandemic, Zero Trust, just like kind of like digital transformation was sort of a buzzword and now it's become a real thing, almost a mandate, what's Wasabi's take on Zero Trust. >> So, absolutely right, it's been around a while and now people are paying attention, Wasabi's take is Zero Trust is a good thing. You know, there are too many places, right, where the bad guys are getting in. And, you know, I think of Zero Trust as kind of smashing laziness, right? It takes a little work, it takes some planning, but you know, done properly and using the right technologies, using the right vendors, the rewards are, of course tremendous, right? You can put to rest the fears of ransomware and having your systems compromised. >> Well, and we're going to talk about this, but there's a lot of process and thinking involved and, you know, design and your Zero Trust and you don't want to be wasting time messing with infrastructure, so we're going to talk about that, there's a lot of discussion in the industry, Drew, about immutability and air gaps, I'd like you to share Wasabi's point of view on these topics, how do you approach it and what makes Wasabi different? >> So, in terms of air gap and immutability, right, the beautiful thing about object storage, which is what we do all the time is that it makes it that much easier, right, to have a secure immutable copy of your data someplace that's easy to access and doesn't cost you an arm and a leg to get your data back. You know, we're working with some of the best, you know, partners in the industry, you know, we're working with folks like, you know, Veeam, Commvault, Arc, Marquee, MSP360, all folks who understand that you need to have multiple copies of your data, you need to have a copy stored offsite, and that copy needs to be immutable and we can talk a little bit about what immutability is and what it really means. >> You know, I wonder if you could talk a little bit more about Wasabi's solution because, sometimes people don't understand, you actually are a cloud, you're not building on other people's public clouds and this storage is the one use case where it actually makes sense to do that, tell us a little bit more about Wasabi's approach and your solution. >> Yeah, I appreciate that, so there's definitely some misconception, we are our own cloud storage service, we don't run on top of anybody else, right, it's our systems, it's our software deployed globally and we interoperate because we adhere to the S3 standard, we interoperate with practically hundreds of applications, primarily in this case, right, we're talking about backup and recovery applications and it's such a simple process, right? I mean, just about everybody who's anybody in this business protecting data has the ability now to access cloud storage and so we've made it really simple, in many cases, you'll see Wasabi as you know, listed in the primary set of available vendors and, you know, put in your private keys, make sure that your account is locked down properly using, let's say multifactor authentication, and you've got a great place to store copies of your data securely. >> I mean, we just heard from David Friend, if I did my math right, he was talking about, you know, 1/6 the cost per terabyte per month, maybe even a little better than that, how are you able to achieve such attractive economics? >> Yeah, so, you know, I can't remember how to translate my fractions into percentages, but I think we talk a lot about being 80%, right, less expensive than the hyperscalers. And you know, we talked about this at Vermont, right? There's some secret sauce there and you know, we take a different approach to how we utilize the raw capacity to the effective capacity and the fact is we're also not having to run, you know, a few hundred other services, right? We do storage, plain and simple, all day, all the time, so we don't have to worry about overhead to support, you know, up and coming other services that are perhaps, you know, going to be a loss leader, right? Customers love it, right, they see the fact that their data is growing 40, 80% year over year, they know they need to have some place to keep it secure, and, you know, folks are flocking to us in droves, in fact, we're seeing a tremendous amount of migration actually right now, multiple petabytes being brought to Wasabi because folks have figured out that they can't afford to keep going with their current hyperscaler vendor. >> And immutability is a feature of your product, right? What the feature called? Can you double-click on that a little bit? >> Yeah, absolutely. So, the term in S3 is Object Lock and what that means is your application will write an object to cloud storage, and it will define a retention period, let's say a week. And for that period, that object is immutable, untouchable, cannot be altered in any way, shape, or form, the application can't change it, the system administration can't change it, Wasabi can't change it, okay, it is truly carved in stone. And this is something that it's been around for a while, but you're seeing a huge uptick, right, in adoption and support for that feature by all the major vendors and I named off a few earlier and the best part is that with immutability comes some sense of, well, it comes with not just a sense of security, it is security. Right, when you have data that cannot be altered by anybody, even if the bad guys compromise your account, they steal your credentials, right, they can't take away the data and that's a beautiful thing, a beautiful, beautiful thing. >> And you look like an S3 bucket, is that right? >> Yeah, I mean, we're fully compatible with the S3 API, so if you're using S3 API based applications today, it's a very simple matter of just kind of redirecting where you want to store your data, beautiful thing about backup and recovery, right, that's probably the simplest application, simple being a relative term, as far as lift and shift, right? Because that just means for your next full, right, point that at Wasabi, retain your other fulls, you know, for whatever 30, 60, 90 days, and then once you've kind of made that transition from vine to vine, you know, you're often running with Wasabi. >> I talked to my open about the allure of object storage historically, you know, the simplicity of the get put syntax, but what about performance? Are you able to deliver performance that's comparable to other storage formats? >> Oh yeah, absolutely, and we've got the performance numbers on the site to back that up, but I forgot to answer something earlier, right, you said that immutability is a feature and I want to make it very clear that it is a feature but it's an API request. Okay, so when you're talking about gets and puts and so forth, you know, the comment you made earlier about being 80% more cost effective or 80% less expensive, you know, that API call, right, is typically something that the other folks charge for, right, and I think we used the metaphor earlier about the refrigerator, but I'll use a different metaphor today, right? You can think of cloud storage as a magical coffee cup, right? It gets as big as you want to store as much coffee as you want and the coffee's always warm, right? And when you want to take a sip, there's no charge, you want to, you know, pop the lid and see how much coffee is in there, no charge, and that's an important thing, because when you're talking about millions or billions of objects, and you want to get a list of those objects, or you want to get the status of the immutable settings for those objects, anywhere else it's going to cost you money to look at your data, with Wasabi, no additional charge and that's part of the thing that sets us apart. >> Excellent, so thank you for that. So, you mentioned some partners before, how do partners fit into the Wasabi story? Where do you stop? Where do they pick up? You know, what do they bring? Can you give us maybe, a paint a picture for us example, or two? >> Sure, so, again, we just do storage, right, that is our sole purpose in life is to, you know, to safely and securely store our customer's data. And so they're working with their application vendors, whether it's, you know, active archive, backup and recovery, IOT, surveillance, media and entertainment workflows, right, those systems already know how to manage the data, manage the metadata, they just need some place to keep the data that is being worked on, being stored and so forth. Right, so just like, you know, plugging in a flash drive on your laptop, right, you literally can plug in Wasabi as long as your applications support the API, getting started is incredibly easy, right, we offer a 30-day trial, one terabyte, and most folks find that within, you know, probably a few hours of their POC, right, it's giving them everything they need in terms of performance, in terms of accessibility, in terms of sovereignty, I'm guessing you talked to, you know, Dave Friend earlier about data sovereignty, right? We're global company, right, so there's got to be probably, you know, wherever you are in the world some place that will satisfy your sovereignty requirements, as well as your compliance requirements. >> Yeah, we did talk about sovereignty, Drew, this is really, what's interesting to me, I'm a bit of a industry historian, when I look back to the early days of cloud, I remember the large storage companies, you know, their CEOs would say, we're going to have an answer for the cloud and they would go out, and for instance, I know one bought competitor of Carbonite, and then couldn't figure out what to do with it, they couldn't figure out how to compete with the cloud in part, because they were afraid it was going to cannibalize their existing business, I think another part is because they just didn't have that imagination to develop an architecture that in a business model that could scale to see that you guys have done that is I love it because it brings competition, it brings innovation and it helps lower clients cost and solve really nagging problems. Like, you know, ransomware, of mutability and recovery, I'll give you the last word, Drew. >> Yeah, you're absolutely right. You know, the on-prem vendors, they're not going to go away anytime soon, right, there's always going to be a need for, you know, incredibly low latency, high bandwidth, you know, but, you know, not all data's hot all the time and by hot, I mean, you know, extremely hot, you know, let's take, you know, real time analytics for, maybe facial recognition, right, that requires sub-millisecond type of processing. But once you've done that work, right, you want to store that data for a long, long time, and you're going to want to also tap back into it later, so, you know, other folks are telling you that, you know, you can go to these like, you know, cold glacial type of tiered storage, yeah, don't believe the hype, you're still going to pay way more for that than you would with just a Wasabi-like hot cloud storage system. And, you know, we don't compete with our partners, right? We compliment, you know, what they're bringing to market in terms of the software vendors, in terms of the hardware vendors, right, we're a beautiful component for that hybrid cloud architecture. And I think folks are gravitating towards that, I think the cloud is kind of hitting a new gear if you will, in terms of adoption and recognition for the security that they can achieve with it. >> All right, Drew, thank you for that, definitely we see the momentum, in a moment, Drew and I will be back to get the customer perspective with Kevin Warenda, who's the Director of Information technology services at The Hotchkiss School, keep it right there. >> Hey, I'm Nate, and we wrote this song about ransomware to educate people, people like Brenda. >> Oh, God, I'm so sorry. We know you are, but Brenda, you're not alone, this hasn't just happened to you. >> No! ♪ Colonial Oil Pipeline had a guy ♪ ♪ who didn't change his password ♪ ♪ That sucks ♪ ♪ His password leaked, the data was breached ♪ ♪ And it cost his company 4 million bucks ♪ ♪ A fake update was sent to people ♪ ♪ Working for the meat company JBS ♪ ♪ That's pretty clever ♪ ♪ Instead of getting new features, they got hacked ♪ ♪ And had to pay the largest crypto ransom ever ♪ ♪ And 20 billion dollars, billion with a b ♪ ♪ Have been paid by companies in healthcare ♪ ♪ If you wonder buy your premium keeps going ♪ ♪ Up, up, up, up, up ♪ ♪ Now you're aware ♪ ♪ And now the hackers they are gettin' cocky ♪ ♪ When they lock your data ♪ ♪ You know, it has gotten so bad ♪ ♪ That they demand all of your money and it gets worse ♪ ♪ They go and the trouble with the Facebook ad ♪ ♪ Next time, something seems too good to be true ♪ ♪ Like a free trip to Asia! ♪ ♪ Just check first and I'll help before you ♪ ♪ Think before you click ♪ ♪ Don't get fooled by this ♪ ♪ Who isn't old enough to drive to school ♪ ♪ Take it from me, the director of IT ♪ ♪ Don't click on that email from a prince in Nairobi ♪ ♪ Because he's not really a prince ♪ ♪ Now our data's locked up on our screen ♪ ♪ Controlled by a kid who's just fifteen ♪ ♪ And he's using our money to buy a Ferrari ♪ >> It's a pretty sweet car. ♪ A kid without facial hair, who lives with his mom ♪ ♪ To learn more about this go to wasabi.com ♪ >> Hey, don't do that. ♪ Cause if we had Wasabi's immutability ♪ >> You going to ruin this for me! ♪ This fifteen-year-old wouldn't have on me ♪ (gentle music) >> Drew and I are pleased to welcome Kevin Warenda, who's the Director of Information Technology Services at The Hotchkiss School, a very prestigious and well respected boarding school in the beautiful Northwest corner of Connecticut, hello, Kevin. >> Hello, it's nice to be here, thanks for having me. >> Yeah, you bet. Hey, tell us a little bit more about The Hotchkiss School and your role. >> Sure, The Hotchkiss School is an independent boarding school, grades nine through 12, as you said, very prestigious and in an absolutely beautiful location on the deepest freshwater lake in Connecticut, we have 500 acre main campus and a 200 acre farm down the street. My role as the Director of Information Technology Services, essentially to oversee all of the technology that supports the school operations, academics, sports, everything we do on campus. >> Yeah, and you've had a very strong history in the educational field, you know, from that lens, what's the unique, you know, or if not unique, but the pressing security challenge that's top of mind for you? >> I think that it's clear that educational institutions are a target these days, especially for ransomware. We have a lot of data that can be used by threat actors and schools are often underfunded in the area of IT security, IT in general sometimes, so, I think threat actors often see us as easy targets or at least worthwhile to try to get into. >> Because specifically you are potentially spread thin, underfunded, you got students, you got teachers, so there really are some, are there any specific data privacy concerns as well around student privacy or regulations that you can speak to? >> Certainly, because of the fact that we're an independent boarding school, we operate things like even a health center, so, data privacy regulations across the board in terms of just student data rights and FERPA, some of our students are under 18, so, data privacy laws such as COPPA apply, HIPAA can apply, we have PCI regulations with many of our financial transactions, whether it be fundraising through alumni development, or even just accepting the revenue for tuition so, it's a unique place to be, again, we operate very much like a college would, right, we have all the trappings of a private college in terms of all the operations we do and that's what I love most about working in education is that it's all the industries combined in many ways. >> Very cool. So let's talk about some of the defense strategies from a practitioner point of view, then I want to bring in Drew to the conversation so what are the best practice and the right strategies from your standpoint of defending your data? >> Well, we take a defense in-depth approach, so we layer multiple technologies on top of each other to make sure that no single failure is a key to getting beyond those defenses, we also keep it simple, you know, I think there's some core things that all organizations need to do these days in including, you know, vulnerability scanning, patching , using multifactor authentication, and having really excellent backups in case something does happen. >> Drew, are you seeing any similar patterns across other industries or customers? I mean, I know we're talking about some uniqueness in the education market, but what can we learn from other adjacent industries? >> Yeah, you know, Kevin is spot on and I love hearing what he's doing, going back to our prior conversation about Zero Trust, right, that defense in-depth approach is beautifully aligned, right, with the Zero Trust approach, especially things like multifactor authentication, always shocked at how few folks are applying that very, very simple technology and across the board, right? I mean, Kevin is referring to, you know, financial industry, healthcare industry, even, you know, the security and police, right, they need to make sure that the data that they're keeping, evidence, right, is secure and immutable, right, because that's evidence. >> Well, Kevin, paint a picture for us, if you would. So, you were primarily on-prem looking at potentially, you know, using more cloud, you were a VMware shop, but tell us, paint a picture of your environment, kind of the applications that you support and the kind of, I want to get to the before and the after Wasabi, but start with kind of where you came from. >> Sure, well, I came to The Hotchkiss School about seven years ago and I had come most recently from public K12 and municipal, so again, not a lot of funding for IT in general, security, or infrastructure in general, so Nutanix was actually a hyperconverged solution that I implemented at my previous position. So when I came to Hotchkiss and found mostly on-prem workloads, everything from the student information system to the card access system that students would use, financial systems, they were almost all on premise, but there were some new SaaS solutions coming in play, we had also taken some time to do some business continuity, planning, you know, in the event of some kind of issue, I don't think we were thinking about the pandemic at the time, but certainly it helped prepare us for that, so, as different workloads were moved off to hosted or cloud-based, we didn't really need as much of the on-premise compute and storage as we had, and it was time to retire that cluster. And so I brought the experience I had with Nutanix with me, and we consolidated all that into a hyper-converged platform, running Nutanix AHV, which allowed us to get rid of all the cost of the VMware licensing as well and it is an easier platform to manage, especially for small IT shops like ours. >> Yeah, AHV is the Acropolis hypervisor and so you migrated off of VMware avoiding the VTax avoidance, that's a common theme among Nutanix customers and now, did you consider moving into AWS? You know, what was the catalyst to consider Wasabi as part of your defense strategy? >> We were looking at cloud storage options and they were just all so expensive, especially in egress fees to get data back out, Wasabi became across our desks and it was such a low barrier to entry to sign up for a trial and get, you know, terabyte for a month and then it was, you know, $6 a month for terabyte. After that, I said, we can try this out in a very low stakes way to see how this works for us. And there was a couple things we were trying to solve at the time, it wasn't just a place to put backup, but we also needed a place to have some files that might serve to some degree as a content delivery network, you know, some of our software applications that are deployed through our mobile device management needed a place that was accessible on the internet that they could be stored as well. So we were testing it for a couple different scenarios and it worked great, you know, performance wise, fast, security wise, it has all the features of S3 compliance that works with Nutanix and anyone who's familiar with S3 permissions can apply them very easily and then there was no egress fees, we can pull data down, put data up at will, and it's not costing as any extra, which is excellent because especially in education, we need fixed costs, we need to know what we're going to spend over a year before we spend it and not be hit with, you know, bills for egress or because our workload or our data storage footprint grew tremendously, we need that, we can't have the variability that the cloud providers would give us. >> So Kevin, you explained you're hypersensitive about security and privacy for obvious reasons that we discussed, were you concerned about doing business with a company with a funny name? Was it the trial that got you through that knothole? How did you address those concerns as an IT practitioner? >> Yeah, anytime we adopt anything, we go through a risk review. So we did our homework and we checked the funny name really means nothing, there's lots of companies with funny names, I think we don't go based on the name necessarily, but we did go based on the history, understanding, you know, who started the company, where it came from, and really looking into the technology and understanding that the value proposition, the ability to provide that lower cost is based specifically on the technology in which it lays down data. So, having a legitimate, reasonable, you know, excuse as to why it's cheap, we weren't thinking, well, you know, you get what you pay for, it may be less expensive than alternatives, but it's not cheap, you know, it's reliable, and that was really our concern. So we did our homework for sure before even starting the trial, but then the trial certainly confirmed everything that we had learned. >> Yeah, thank you for that. Drew, explain the whole egress charge, we hear a lot about that, what do people need to know? >> First of all, it's not a funny name, it's a memorable name, Dave, just like theCUBE, let's be very clear about that, second of all, egress charges, so, you know, other storage providers charge you for every API call, right? Every get, every put, every list, everything, okay, it's part of their process, it's part of how they make money, it's part of how they cover the cost of all their other services, we don't do that. And I think, you know, as Kevin has pointed out, right, that's a huge differentiator because you're talking about a significant amount of money above and beyond what is the list price. In fact, I would tell you that most of the other storage providers, hyperscalers, you know, their list price, first of all, is, you know, far exceeding anything else in the industry, especially what we offer and then, right, their additional cost, the egress costs, the API requests can be two, three, 400% more on top of what you're paying per terabyte. >> So, you used a little coffee analogy earlier in our conversation, so here's what I'm imagining, like I have a lot of stuff, right? And I had to clear up my bar and I put some stuff in storage, you know, right down the street and I pay them monthly, I can't imagine having to pay them to go get my stuff, that's kind of the same thing here. >> Oh, that's a great metaphor, right? That storage locker, right? You know, can you imagine every time you want to open the door to that storage locker and look inside having to pay a fee? >> No, that would be annoying. >> Or, every time you pull into the yard and you want to put something in that storage locker, you have to pay an access fee to get to the yard, you have to pay a door opening fee, right, and then if you want to look and get an inventory of everything in there, you have to pay, and it's ridiculous, it's your data, it's your storage, it's your locker, you've already paid the annual fee, probably, 'cause they gave you a discount on that, so why shouldn't you have unfettered access to your data? That's what Wasabi does and I think as Kevin pointed out, right, that's what sets us completely apart from everybody else. >> Okay, good, that's helpful, it helps us understand how Wasabi's different. Kevin, I'm always interested when I talk to practitioners like yourself in learning what you do, you know, outside of the technology, what are you doing in terms of educating your community and making them more cyber aware? Do you have training for students and faculty to learn about security and ransomware protection, for example? >> Yes, cyber security awareness training is definitely one of the required things everyone should be doing in their organizations. And we do have a program that we use and we try to make it fun and engaging too, right, this is often the checking the box kind of activity, insurance companies require it, but we want to make it something that people want to do and want to engage with so, even last year, I think we did one around the holidays and kind of pointed out the kinds of scams they may expect in their personal life about, you know, shipping of orders and time for the holidays and things like that, so it wasn't just about protecting our school data, it's about the fact that, you know, protecting their information is something do in all aspects of your life, especially now that the folks are working hybrid often working from home with equipment from the school, the stakes are much higher and people have a lot of our data at home and so knowing how to protect that is important, so we definitely run those programs in a way that we want to be engaging and fun and memorable so that when they do encounter those things, especially email threats, they know how to handle them. >> So when you say fun, it's like you come up with an example that we can laugh at until, of course, we click on that bad link, but I'm sure you can come up with a lot of interesting and engaging examples, is that what you're talking about, about having fun? >> Yeah, I mean, sometimes they are kind of choose your own adventure type stories, you know, they stop as they run, so they're telling a story and they stop and you have to answer questions along the way to keep going, so, you're not just watching a video, you're engaged with the story of the topic, yeah, and that's what I think is memorable about it, but it's also, that's what makes it fun, you're not just watching some talking head saying, you know, to avoid shortened URLs or to check, to make sure you know the sender of the email, no, you're engaged in a real life scenario story that you're kind of following and making choices along the way and finding out was that the right choice to make or maybe not? So, that's where I think the learning comes in. >> Excellent. Okay, gentlemen, thanks so much, appreciate your time, Kevin, Drew, awesome having you in theCUBE. >> My pleasure, thank you. >> Yeah, great to be here, thanks. >> Okay, in a moment, I'll give you some closing thoughts on the changing world of data protection and the evolution of cloud object storage, you're watching theCUBE, the leader in high tech enterprise coverage. >> Announcer: Some things just don't make sense, like showing up a little too early for the big game. >> How early are we? >> Couple months. Popcorn? >> Announcer: On and off season, the Red Sox cover their bases with affordable, best in class cloud storage. >> These are pretty good seats. >> Hey, have you guys seen the line from the bathroom? >> Announcer: Wasabi Hot Cloud Storage, it just makes sense. >> You don't think they make these in left hand, do you? >> We learned today how a serial entrepreneur, along with his co-founder saw the opportunity to tap into the virtually limitless scale of the cloud and dramatically reduce the cost of storing data while at the same time, protecting against ransomware attacks and other data exposures with simple, fast storage, immutability, air gaps, and solid operational processes, let's not forget about that, okay? People and processes are critical and if you can point your people at more strategic initiatives and tasks rather than wrestling with infrastructure, you can accelerate your process redesign and support of digital transformations. Now, if you want to learn more about immutability and Object Block, click on the Wasabi resource button on this page, or go to wasabi.com/objectblock. Thanks for watching Secure Storage Hot Takes made possible by Wasabi. This is Dave Vellante for theCUBE, the leader in enterprise and emerging tech coverage, well, see you next time. (gentle upbeat music)

>>the Cube presents H P E discovered 2022. Brought to you by H P E. >>Hi, buddy Dave Balon and Jon Ferrier Wrapping up the cubes. Coverage of day two, hp Discover 2022. We're live from Las Vegas. Vishal Lall is here. He's the senior vice president and general manager for HP ES Green Lake Cloud Services Solutions. Michelle, good to see you again. >>Likewise. David, good to see you. It was about a year ago that we met here. Or maybe nine months >>ago. That's right. Uh, September of last year. A new role >>for you. Is that right? I was starting that new role when I last met you. Yeah, but it's been nine months. Three quarters? What have you learned so far? I mean, it's been quite a right, right? I mean, when I was starting off, I had, you know, about three priorities we've executed on on all of them. So, I mean, if you remember back then they we talked about, you know, improving a cloud experience. We talked about data and analytics being a focus area and then building on the marketplace. I think you heard a lot of that over the last couple of days here. Right? So we've enhanced our cloud experience. We added a private cloud, which was the big announcement yesterday or day before yesterday that Antonio made so that's been I mean, we've been testing that with customers. Great feedback so far. Right? And we're super excited about that. And, uh, you know, uh, down there, the test drive section people are testing that. So we're getting really, really good feedback. Really good acceptance from customers on the data and Analytics side. We you know, we launched the S three connector. We also had the analytics platform. And then we launched data fabric as a service a couple of days ago, right, which is kind of like back into that hybrid world. And then on the marketplace side, we've added a tonne of partners going deep with them about 80 plus partners now different SVS. So again, I think, uh, great. I think we've accomplished a lot over the last three quarters or so lot more to be done. Though >>the marketplace is really interesting to us because it's a hallmark of cloud. You've got to have a market price. Talk about how that's evolving and what your vision is for market. Yes, >>you're exactly right. I mean, having a broad marketplace provides a full for the platform, right? It's a chicken and egg. You need both. You need a good platform on which a good marketplace can set, but the vice versa as well. And what we're doing two things there, Right? One Is we expanding coverage of the marketplace. So we're adding more SVS into the marketplace. But at the same time, we're adding more capabilities into the marketplace. So, for example, we just demoed earlier today quickly deploy capabilities, right? So we have an I S p in the marketplace, they're tested. They are, uh, the work with the solution. But now you can you can collect to deploy directly on our infrastructure over time, the lad, commerce capabilities, licencing capabilities, etcetera. But again, we are super excited about that capability because I think it's important from a customer perspective. >>I want to ask you about that, because that's again the marketplace will be the ultimate arbiter of value creation, ecosystem and marketplace. Go hand in hand. What's your vision for what a successful ecosystem looks like? What's your expectation now that Green Lake is up and running. I stay up and running, but like we've been following the announcement, it just gets better. It's up to the right. So we're anticipating an ecosystem surge. Yeah. What are you expecting? And what's your vision for? How the ecosystem is going to develop out? Yeah. I >>mean, I've been meeting with a lot of our partners over the last couple of days, and you're right, right? I mean, I think of them in three or four buckets right there. I s V s and the I S P is coming to two forms right there. Bigger solutions, right? I think of being Nutanix, right, Home wall, big, bigger solutions. And then they are smaller software packages. I think Mom would think about open source, right? So again, one of them is targeted to developers, the other to the I t. Tops. But that's kind of one bucket, right? I s P s, uh, the second is around the channel partners who take this to market and they're asking us, Hey, this is fantastic. Help us understand how we can help you take this to market. And I think the other bucket system indicators right. I met with a few today and they're all excited about. They're like, Hey, we have some tooling. We have the manage services capabilities. How can we take your cloud? Because they build great practise around extent around. Sorry. Aws around? Uh, sure. So they're like, how can we build a similar practise around Green Lake? So again, those are the big buckets. I would say. Yeah, >>that's a great answer. Great commentary. I want to just follow up on that real quick. You don't mind? So a couple things we're seeing observing I want to get your reaction to is with a i machine learning. And the promise of that vertical specialisation is creating unique opportunities on with these platforms. And the other one is the rise of the managed service provider because expertise are hard to come by. You want kubernetes? Good luck finding talent. So managed services seem to be exploding. How does that fit into the buckets? Or is it all three buckets or you guys enable that? How do you see that coming? And then the vertical piece? >>A really good question. What we're doing is through our software, we're trying to abstract a lot of the complexity of take communities, right? So we are actually off. We have actually automated a whole bunch of communities functionality in our software, and then we provide managed services around it with very little. I would say human labour associated with it is is software manage? But at the same time we are. What we are trying to do is make sure that we enable that same functionality to our partners. So a lot of it is software automation, but then they can wrap their services around it, and that way we can scale the business right. So again, our first principle is automated as much as we can to software right abstract complexity and then as needed, uh, at the Manus Services. >>So you get some functionality for HP to have it and then encourage the ecosystem to fill it in or replicated >>or replicated, right? I mean, I don't think it's either or it should be both right. We can provide many services or we should have our our partners provide manage services. That's how we scale the business. We are the end of the day. We are product and product company, right, and it can manifest itself and services. That discussion was consumed, but it's still I p based. So >>let's quantify, you know, some of that momentum. I think the last time you call your over $800 million now in a are are you gotta You're growing at triple digits. Uh, you got a big backlog. Forget the exact number. Uh, give us a I >>mean, the momentum is fantastic Day. Right. So we have about $7 billion in total contract value, Right? Significant. We have 1600 customers now. Unique customers are running Green Lake. We have, um, your triple dip growth year over year. So the last quarter, we had 100% growth year over year. So again, fantastic momentum. I mean, the other couple, like one other metric I would like to talk about is the, um the stickiness factor associated tension in our retention, right? As renewal's is running in, like, high nineties, right? So if you think about it, that's a reflection of the value proposition of, like, >>that's that's kind of on a unit basis, if you will. That's the number >>on the revenue basis on >>revenue basis. Okay? >>And the 1600 customers. He's talking about the size and actually big numbers. Must be large companies that are. They're >>both right. So I'll give you some examples, right? So I mean, there are large companies. They come from different industries. Different geography is we're seeing, like, the momentum across every single geo, every single industry. I mean, just to take some examples. BMW, for example. Uh, I mean, they're running the entire electrical electric car fleet data collection on data fabric on Green Lake, right? Texas Children's Health on the on the healthcare side. Right On the public sector side, I was with with Carl Hunt yesterday. He's the CEO of County of Essex, New Jersey. So they are running the entire operations on Green Lake. So just if you look at it, Barclays the financial sector, right? I mean, they're running 100,000 workloads of three legs. So if you just look at the scale large companies, small companies, public sector in India, we have Steel Authority of India, which is the largest steel producer there. So, you know, we're seeing it across multiple industries. Multiple geography is great. Great uptake. >>Yeah. We were talking yesterday on our wrap up kind of dissecting through the news. I want to ask you the question that we were riffing on and see if we can get some clarity on it. If I'm a customer, CI or C so or buyer HP have been working with you or your team for for years. What's the value proposition? Finish this sentence. I work with HPV because blank because green like, brings new value proposition. What is that? Fill in that blank for >>me. So I mean, as we, uh, talked with us speaking with customers, customers are looking at alternatives at all times, right? Sometimes there's other providers on premises, sometimes as public cloud. And, uh, as we look at it, uh, I mean, we have value propositions across both. Right. So from a public cloud perspective, some of the challenges that our customers cr around latency around, uh, post predictability, right? That variability cost is really kind of like a challenge. It's around compliance, right? Uh, things of that nature is not open systems, right? I mean, sometimes, you know, they feel locked into a cloud provider, especially when they're using proprietary services. So those are some of the things that we have solved for them as compared to kind of like, you know, the other on premises vendors. I would say the marketplace that we spoke about earlier is huge differentiator. We have this huge marketplace. Now that's developing. Uh, we have high levels of automation that we have built, right, which is, uh, you know, which tells you about the TCO that we can drive for the customers. What? The other thing that is really cool that be introduced in the public in the private cloud is fungible itty across infrastructure. Right? So basically on the same infrastructure you can run. Um, virtual machines, containers, bare metals, any application he wants, you can decommission and commission the infrastructure on the fly. So what it does, is it no matter where it is? Uh, on premises, right? Yeah, earlier. I mean, if you think about it, the infrastructure was dedicated for a certain application. Now we're basically we have basically made it compose herbal, right? And that way, what? Really? Uh, that doesnt increases utilisation so you can get increased utilisation. High automation. What drives lower tco. So you've got a >>horizontal basically platform now that handle a variety of work and >>and these were close. Can sit anywhere to your point, right? I mean, we could have a four node workload out in a manufacturing setting multiple racks in a data centre, and it's all run by the same cloud prints, same software train. So it's really extensive. >>And you can call on the resources that you need for that particular workload. >>Exactly what you need them exactly. Right. >>Excellent. Give you the last word kind of takeaways from Discover. And where when we talk, when we sit down and talk next year, it's about where do you want to be? >>I mean, you know, I think, as you probably saw from discovered, this is, like, very different. Antonio did a live demo of our product, right? Uh, visual school, right? I mean, we haven't done that in a while, so I mean, you started. It >>didn't die like Bill Gates and demos. No, >>no, no, no. I think, uh, so I think you'll see more of that from us. I mean, I'm focused on three things, right? I'm focused on the cloud experience we spoke about. So what we are doing now is making sure that we increase the time for that, uh, make it very, you know, um, attractive to different industries to certifications like HIPAA, etcetera. So that's kind of one focus. So I just drive harder at that adoption of that of the private out, right across different industries and different customer segments. The second is more on the data and analytics I spoke about. You will have more and more analytic capabilities that you'll see, um, building upon data fabric as a service. And this is a marketplace. So that's like it's very specific is the three focus areas were driving hard. All right, we'll be watching >>number two. Instrumentation is really keen >>in the marketplace to I mean, you mentioned Mongo. Some other data platforms that we're going to see here. That's going to be, I think. Critical for Monetisation on the on on Green Lake. Absolutely. Uh, Michelle, thanks so much for coming back in the Cube. >>Thank you. Thanks for coming. All >>right, keep it right. There will be John, and I'll be back up to wrap up the day with a couple of heavies from I d. C. You're watching the cube. Mhm. Mm mm. Mhm.

(introductory riff) >> Hey everyone. Welcome to theCUBE's presentation of the "AWS Startup Showcase." This is Season 2, Episode 3 of our ongoing series that features great partners in the massive AWS partner ecosystem. This series is focused on, "MarTech, Emerging Cloud-Scale Customer Experiences." I'm Lisa Martin, and I've got two guests here with me to talk about this. Please welcome Daisy Urfer, Cloud Alliance Sales Director at Algolia, and Jason Lang, the Head of Product for Apply Digital. These folks are here to talk with us today about how Algolia's Search and Discovery enables customers to create dynamic realtime user experiences for those oh so demanding customers. Daisy and Jason, it's great to have you on the program. >> Great to be here. >> Thanks for having us. >> Daisy, we're going to go ahead and start with you. Give the audience an overview of Algolia, what you guys do, when you were founded, what some of the gaps were in the market that your founders saw and fixed? >> Sure. It's actually a really fun story. We were founded in 2012. We are an API first SaaS solution for Search and Discovery, but our founders actually started off with a search tool for mobile platforms, so just for your phone and it quickly expanded, we recognize the need across the market. It's been a really fun place to grow the business. And we have 11,000 customers today and growing every day, with 30 billion searches a week. So we do a lot of business, it's fun. >> Lisa: 30 billion searches a week and I saw some great customer brands, Locost, NBC Universal, you mentioned over 11,000. Talk to me a little bit about some of the technologies, I see that you have a search product, you have a recommendation product. What are some of those key capabilities that the products deliver? 'Cause as we know, as users, when we're searching for something, we expect it to be incredibly fast. >> Sure. Yeah. What's fun about Algolia is we are actually the second largest search engine on the internet today to Google. So we are right below the guy who's made search of their verb. So we really provide an overall search strategy. We provide a dashboard for our end users so they can provide the best results to their customers and what their customers see. Customers want to see everything from Recommend, which is our recommended engine. So when you search for that dress, it shows you the frequently bought together shoes that match, things like that, to things like promoted items and what's missing in the search results. So we do that with a different algorithm today. Most in the industry rank and they'll stack what you would want to see. We do kind of a pair for pair ranking system. So we really compare what you're looking for and it gives a much better result. >> And that's incredibly critical for users these days who want results in milliseconds. Jason, you, Apply Digital as a partner of Algolia, talk to us about Apply Digital, what it is that you guys do, and then give us a little bit of insight on that partnership. >> Sure. So Apply Digital was originally founded in 2016 in Vancouver, Canada. And we have offices in Vancouver, Toronto, New York, LA, San Francisco, Mexico city, Sao Paulo and Amsterdam. And we are a digital experiences agency. So brands and companies, and startups, and all the way from startups to major global conglomerates who have this desire to truly create these amazing digital experiences, it could be a website, it could be an app, it could be a full blown marketing platform, just whatever it is. And they lack either the experience or the internal resources, or what have you, then they come to us. And and we are end-to-end, we strategy, design, product, development, all the way through the execution side. And to help us out, we partner with organizations like Algolia to offer certain solutions, like an Algolia's case, like search recommendation, things like that, to our various clients and customers who are like, "Hey, I want to create this experience and it's going to require search, or it's going to require some sort of recommendation." And we're like, "Well, we highly recommend that you use Algolia. They're a partner of ours, they've been absolutely amazing over the time that we've had the partnership. And that's what we do." And honestly, for digital experiences, search is the essence of the internet, it just is. So, I cannot think of a single digital experience that doesn't require some sort of search or recommendation engine attached to it. So, and Algolia has just knocked it out of the park with their experience, not only from a customer experience, but also from a development experience. So that's why they're just an amazing, amazing partner to have. >> Sounds like a great partnership. Daisy, let's point it back over to you. Talk about some of those main challenges, Jason alluded to them, that businesses are facing, whether it's e-commerce, SaaS, a startup or whatnot, where search and recommendations are concerned. 'Cause we all, I think I've had that experience, where we're searching for something, and Daisy, you were describing how the recommendation engine works. And when we are searching for something, if I've already bought a tent, don't show me more tent, show me things that would go with it. What are some of those main challenges that Algolia solution just eliminates? >> Sure. So I think, one of the main challenges we have to focus on is, most of our customers are fighting against the big guides out there that have hundreds of engineers on staff, custom building a search solution. And our consumers expect that response. You expect the same search response that you get when you're streaming video content looking for a movie, from your big retailer shopping experiences. So what we want to provide is the ability to deliver that result with much less work and hassle and have it all show up. And we do that by really focusing on the results that the customers need and what that view needs to look like. We see a lot of our customers just experiencing a huge loss in revenue by only providing basic search. And because as Jason put it, search is so fundamental to the internet, we all think it's easy, we all think it's just basic. And when you provide basic, you don't get the shoes with the dress, you get just the text response results back. And so we want to make sure that we're providing that back to our customers. What we see average is even, and everybody's going mobile. A lot of times I know I do all my shopping on my phone a lot of the time, and 40%-50% better relevancy results for our customers for mobile users. That's a huge impact to their use case. >> That is huge. And when we talked about patients wearing quite thin the last couple of years. But we have this expectation in our consumer lives and in our business lives if we're looking for SaaS or software, or whatnot, that we're going to be able to find what we want that's relevant to what we're looking for. And you mentioned revenue impact, customer churn, brand reputation, those are all things that if search isn't done well, to your point, Daisy, if it's done in a basic fashion, those are some of the things that customers are going to experience. Jason, talk to us about why Algolia, what was it specifically about that technology that really led Apply Digital to say, "This is the right partner to help eliminate some of those challenges that our customers could face?" >> Sure. So I'm in the product world. So I have the wonderful advantage of not worrying about how something's built, that is left, unfortunately, to the poor, poor engineers that have to work with us, mad scientist, product people, who are like, "I want, make it do this. I don't know how, but make it do this." And one of the big things is, with Algolia is the lift to implement is really, really light. Working closely with our engineering team, and even with our customers/users and everything like that, you kind of alluded to it a little earlier, it's like, at the end of the day, if it's bad search, it's bad search. It just is. It's terrible. And people's attention span can now be measured in nanoseconds, but they don't care how it works, they just want it to work. I push a button, I want something to happen, period. There's an entire universe that is behind that button, and that's what Algolia has really focused on, that universe behind that button. So there's two ways that we use them, on a web experience, there's the embedded Search widget, which is really, really easy to implement, documentation, and I cannot speak high enough about documentation, is amazing. And then from the web aspect, I'm sorry, from the mobile aspect, it's very API fort. And any type of API implementation where you can customize the UI, which obviously you can imagine our clients are like, "No we want to have our own front end. We want to have our own custom experience." We use Algolia as that engine. Again, the documentation and the light lift of implementation is huge. That is a massive, massive bonus for why we partnered with them. Before product, I was an engineer a very long time ago. I've seen bad documentation. And it's like, (Lisa laughing) "I don't know how to imple-- I don't know what this is. I don't know how to implement this, I don't even know what I'm looking at." But with Algolia and everything, it's so simple. And I know I can just hear the Apply Digital technology team, just grinding sometimes, "Why is a product guy saying that (mumbles)? He should do it." But it is, it just the lift, it's the documentation, it's the support. And it's a full blown partnership. And that's why we went with it, and that's what we tell our clients. It's like, listen, this is why we chose Algolia, because eventually this experience we're creating for them is theirs, ultimately it's theirs. And then they are going to have to pick it up after a certain amount of time once it's theirs. And having that transition of, "Look this is how easy it is to implement, here is all the documentation, here's all the support that you get." It just makes that transition from us to them beautifully seamless. >> And that's huge. We often talk about hard metrics, but ease of use, ease of implementation, the documentation, the support, those are all absolutely business critical for the organization who's implementing the software, the fastest time to value they can get, can be table stakes, and it can be on also a massive competitive differentiator. Daisy, I want to go back to you in terms of hard numbers. Algolia has a recent force or Total Economic Impact, or TEI study that really has some compelling stats. Can you share some of those insights with us? >> Yeah. Absolutely. I think that this is the one of the most fun numbers to share. We have a recent report that came out, it shared that there's a 382% Return on Investment across three years by implementing Algolia. So that's increase to revenue, increased conversion rate, increased time on your site, 382% Return on Investment for the purchase. So we know our pricing's right, we know we're providing for our customers. We know that we're giving them the results that we need. I've been in the search industry for long enough to know that those are some amazing stats, and I'm really proud to work for them and be behind them. >> That can be transformative for a business. I think we've all had that experience of trying to search on a website and not finding anything of relevance. And sometimes I scratch my head, "Why is this experience still like this? If I could churn, I would." So having that ability to easily implement, have the documentation that makes sense, and get such high ROI in a short time period is hugely differentiated for businesses. And I think we all know, as Jason said, we measure response time in nanoseconds, that's how much patience and tolerance we all have on the business side, on the consumer side. So having that, not just this fast search, but the contextual search is table stakes for organizations these days. I'd love for you guys, and on either one of you can take this, to share a customer example or two, that really shows the value of the Algolia product, and then also maybe the partnership. >> So I'll go. We have a couple of partners in two vastly different industries, but both use Algolia as a solution for search. One of them is a, best way to put this, multinational biotech health company that has this-- We built for them this internal portal for all of their healthcare practitioners, their HCPs, so that they could access information, data, reports, wikis, the whole thing. And it's basically, almost their version of Wikipedia, but it's all internal, and you can imagine the level of of data security that it has to be, because this is biotech and healthcare. So we implemented Algolia as an internal search engine for them. And the three main reasons why we recommended Algolia, and we implemented Algolia was one, HIPAA compliance. That's the first one, it's like, if that's a no, we're not playing. So HIPAA compliance, again, the ease of search, the whole contextual search, and then the recommendations and things like that. It was a true, it didn't-- It wasn't just like a a halfhearted implementation of an internal search engine to look for files thing, it is a full blown search engine, specifically for the data that they want. And I think we're averaging, if I remember the numbers correctly, it's north of 200,000 searches a month, just on this internal portal specifically for their employees in their company. And it's amazing, it's absolutely amazing. And then conversely, we work with a pretty high level adventure clothing brand, standard, traditional e-commerce, stable mobile application, Lisa, what you were saying earlier. It's like, "I buy everything on my phone," thing. And so that's what we did. We built and we support their mobile application. And they wanted to use for search, they wanted to do a couple of things which was really interesting. They wanted do traditional search, search catalog, search skews, recommendations, so forth and so on, but they also wanted to do a store finder, which was kind of interesting. So, we'd said, all right, we're going to be implementing Algolia because the lift is going to be so much easier than trying to do everything like that. And we did, and they're using it, and massively successful. They are so happy with it, where it's like, they've got this really contextual experience where it's like, I'm looking for a store near me. "Hey, I've been looking for these items. You know, I've been looking for this puffy vest, and I'm looking for a store near me." It's like, "Well, there's a store near me but it doesn't have it, but there's a store closer to me and it does have it." And all of that wraps around what it is. And all of it was, again, using Algolia, because like I said earlier, it's like, if I'm searching for something, I want it to be correct. And I don't just want it to be correct, I want it to be relevant. >> Lisa: Yes. >> And I want it to feel personalized. >> Yes. >> I'm asking to find something, give me something that I am looking for. So yeah. >> Yeah. That personalization and that relevance is critical. I keep saying that word "critical," I'm overusing it, but it is, we have that expectation that whether it's an internal portal, as you talked about Jason, or it's an adventure clothing brand, or a grocery store, or an e-commerce site, that what they're going to be showing me is exactly what I'm looking for, that magic behind there that's almost border lines on creepy, but we want it. We want it to be able to make our lives easier whether we are on the consumer side, whether we on the business side. And I do wonder what the Go To Market is. Daisy, can you talk a little bit about, where do customers go that are saying, "Oh, I need to Algolia, and I want to be able to do that." Now, what's the GTM between both of these companies? >> So where to find us, you can find us on AWS Marketplace which another favorite place. You can quickly click through and find, but you can connect us through Apply Digital as well. I think, we try to be pretty available and meet our customers where they are. So we're open to any options, and we love exploring with them. I think, what is fun and I'd love to talk about as well, in the customer cases, is not just the e-commerce space, but also the content space. We have a lot of content customers, things about news, organizations, things like that. And since that's a struggle to deliver results on, it's really a challenge. And also you want it to be relevant, so up-to-date content. So it's not just about e-commerce, it's about all of your solution overall, but we hope that you'll find us on AWS Marketplace or anywhere else. >> Got it. And that's a great point, that it's not just e-commerce, it's content. And that's really critical for some industry, businesses across industries. Jason and Daisy, thank you so much for joining me talking about Algolia, Apply Digital, what you guys are doing together, and the huge impact that you're making to the customer user experience that we all appreciate and know, and come to expect these days is going to be awesome. We appreciate your insights. >> Thank you. >> Thank you >> For Daisy and Jason, I'm Lisa Martin. You're watching "theCUBE," our "AWS Startup Showcase, MarTech Emerging Cloud-Scale Customer Experiences." Keep it right here on "theCUBE" for more great content. We're the leader in live tech coverage. (ending riff)