(upbeat music) >> Welcome back to theCUBE everyone Lisa Martin here. On the ground in Las Vegas at COUPA INSPIRE 2022. This is our second day of coverage here. There's been about 2,400 to 2,500 folks at the event. This year people are ready to come back. I've been happy to talk with lots Coupa folks, their partners, their customers and I've got both a customer and a partner here with me. Heidi Banks joins us, the Senior director of Global Procurement at Jabil. Heidi it's great to have you on the program. >> Thank you for having me give. >> Give the audience an overview of Jabil and what you guys do. >> So Jabil is a $30 billion manufacturing solutions partner that provides contract manufacturing services for 450 of the world's largest and most premier brands around the globe. Most people don't know our name but we're the wonderful face behind the name. >> Well you guys had, I was looking at some stats, over 260,000 employees across 100 locations. Very customer centric you guys are, as is Coupa, this good obviously synergy there but you had some objectives from a global procurement perspective. What were those? What were some of the challenges that you wanted to solve? >> So about seven years ago, Jabil went on a journey to identify what challenges we had out in the indirect procurement space. Being such a large global company, we had no idea what we were spending on indirect at the of time. After a little bit of digging, we found out that we had over 2 billion in spend that was untapped from a category management perspective. And so we knew that we needed to grow as a company and PaaS technology as a foundation, as our goal and our mission in the company is to be the most technologically advanced manufacturer solutions partner for our customers. >> Was there any sort of one thing or a compelling event seven years ago that caused you guys to go, "We need to be really getting our hands around this indirect spend?" >> So we started off by bringing in category managers and they were doing amazing job delivering savings in our contracts, but we had no way to deliver that out to the company. And the company being so big in so many different jurisdictions in countries around the world, you could negotiate the best contract in the world, but if you couldn't communicate it out to your users then it was a challenge to really capture that savings and make sure we were delivering bottom line savings to the company. >> And you guys are, we're talking about three different SAP ERP systems so a lot of technology in the environment. What were some of the core technology requirements that Jabil had when it came looking for a business plan management solution? >> Yeah, so we were looking for something that was very user friendly. Of course, Coupa takes that box very well. Also something that could drive governance and policy controls again challenging being such a global organization and making sure that things were going according to our policy into our global category managers to be sourced and negotiated for the company. We looked for one that was end to end from a business spend management platform perspective. We wanted something that was integrated and could cover three ERP systems from one pane of glass across the company. So we could get great analytics without having to search in so many different places. >> That is so key. I was talking with Rob, I was talking with Raja and they were all talking about how those silos still exist and how they're helping organizations like Jabil break those down and give them that single pane of glass, as you mentioned, to be able to see, to get that visibility into indirect spend, for example. Talk to me about the solutions that you implemented from Coupa. >> So we started off with Coupa's procure to pay system. Really our focus was to get off of our old system as quickly as we could and get everyone managing on the same policy controls approval flows. We then also had analytics, so we had Coupa AIC and brought in analytics and in the last year and a half I've also deployed strategic and tactical sourcing through Coupa as well, and spend guard from a audit control and compliance perspective. >> So then that the phrase "sweet synergy" that actually probably means a lot to you Coupa was talking about that during the keynote this morning. Your Jabil is living that sweet synergy kind of experience through Coupa >> That's right. As we source in Coupa and we can see, are there different behaviors that we need to look into maybe suppliers that are bidding at the last minute and winning or less than that desirable number of suppliers coming in or duplicate invoices and being able to really look through that and see spend patterns that we would never otherwise uncover is highly important to us from a compliance standpoint, we've gotten a great value out of that solution. >> And in terms of value, one of the things I know that was important to you when you were looking for the right technology partner, was you wanted to involve other folks within the organization across IT, other lines of business. Talk to me about how important that was to bring in that cross-functional team to help make the right decision. >> Yeah, that was one of the most critical things that we did. We needed to make sure, especially being an SAP shop right, we needed to make sure that we were standing back and really being impartial in our decision and driving a non-biased decision in that RFP process. And so we got our executives together, talked to them about the value drivers and the ROI that we could do if we had all of the right support from the right departments, so that we could avoid resistance as we tried to deploy in such a rapid way. So we brought IT, legal, users together, procurement and in advance did a balanced scorecard approach to say these were the important factors that we had whether it was IT infrastructure, whether it was capabilities to make sure that when we came out of that decision and we picked a solution, we could all look at each other and have a handshake and say it was the right decision for us as a company, and so no departments had push back at that point because of that approach that we took. >> An objective approach that you took. >> That's right. >> Let's talk about some of the outcomes look at, actually let's not, let's talk about your deployment first, 'cause you guys started with probably your most challenging sites whereas other folks might go. Let's start with the low hanging fruit and kind of work our way up. Jabil said, "Nope, we're going to flip the script on that." >> That's right. So we, we went with what we call an east to west strategy. We are heavily concentrated in our Asia markets and so we were also wanted to deliver our ROI as quickly as possible and get our spend into the system as quickly as possible. So we we went live with 12 sites, 11 mega sites in China and our corporate headquarters in St. Petersburg in order to get that spend in as quickly as possible and get our ROI delivered. So we started in China and the US then in our second phase deployed the rest of Asia and then the US and North America and then over to Europe. So we went regional from a time zone perspective but also just I say, go bold. I hear a lot of people that start small and then grow but if you want to deliver that ROI and get your money out of that system as soon as possible go big or go home. >> I like that go big, go home. It's like Mick Ebeling was talking about this morning from not impossible labs commit and then figure it out. >> That's right. >> That's right. >> You know what? That's actually brilliant advice because it's probably the opposite that a lot of us want to be we want to be able to figure this out and then go, okay we can do that. And he said no >> Yeah >> To the opposite. >> To the opposite >> Did you have to get buy-in from those cross-functional folks to say we want to start with our most challenging sites first, was that a team decision? >> That was a decision that we did just basically to get that ROI delivered. And we also had a really strong team that still partners with our Coupa admins today that were really invested in getting onto a solution where they can automate and drive control and compliance. And so not only do we involve the team in the solution selection, but also in the global design. So we brought different cross-functional departments together into one location together, we made all of our decisions on how we were going to configure Coupa So that way again all of our divisions and departments had buy-in to how we were going to move forward and then we went from there. >> Well then, and in that case everybody feels like they have a stake >> That's right >> In the issue they have a vested interest >> That's right. >> Which is critical for these types of large projects to be successful. >> That's right. So they were involved in the RFP process so they knew why we were doing it and they were then involved and the design and how we were going to set it up so that they knew that they had a vested interest in how it was going to perform in the end. And then of course there were things that we had to tweak. So we needed to have a design committee that we could come back to and make changes as we needed to, make changes throughout the projects. You don't always get every single decision right. The first time, but you need to be nimble and make changes first and get consensus across the company. >> Right. Talk to me about some of the outcomes I know I've seen a lot of stats in your case study and I always love those numbers always jump out at me. Talk to me about some of those metrics based business outcomes that Jabil is achieving so far. >> Yeah. So in the last four years we've had a heavy focus on catalog. So actually in the last few months, we've gone from 20 to 30% by using Coupa analytics and drilling really into the details and putting really great category strategies in order to drive more catalog penetration. We've got great stats around electronic invoicing especially in certain countries where people think it's not possible. >> Right. >> There's a great change management story we have for what we've achieved in our Asian markets around electronic invoicing and from an ROI perspective, we were able to deliver 3X our ROI by the end of year two which we projected would take three years to do and 7X by year four. So we had a very conservative and achievable ROI that got the buy-in and then we were able to accelerate it by being aggressive, but also with a great solution it was easy to then get that done. >> Can you talk a little bit about the change management that you were able to achieve in the Asian market change management is the difficult thing to do. People are resistant to change, one of the things we've learned in the last two years is sometimes the change comes in there's nothing you can do about it but how did you affect that change management within that culture in the Asian market? >> Yeah. So with the executive buy-in that we had because they knew that there was high potential for us to deliver an ROI. We had executive sponsorship that helped us get through some of those barriers. So if we decided not to bring certain users into the system, for example and there was pushback that they needed to have access we had executive messaging as to why from a policy governance and control standpoint we couldn't break that. So we used our executives' voice and their support to do that. But also we brought in a great system that was user are friendly and so we didn't get a lot of resistance in, in that sense. So they actually embraced the change compared to the solution we had in place before. So by making the right selection from a user centric company we also didn't get as much resistance there as well. >> That's nice the path of least resistance is good especially if you're not exactly sure if you're going to find it, but verifying that and getting that ROI is is probably a big, a big win. Talk to me a little bit about you guys liked Coupa so much you had such, you mentioned 3X ROI within, you said the first year? >> With after year two >> After year two >> Yeah. >> 3X ROI, you liked it so much you decided to become a Coupa partner. Talk to me about that. What does that mean? What are you guys doing as partner? >> Yeah, so this is a super exiting thing for us to adventure into. So we pride ourselves on our theme as built for practitioners by practitioners. We've run the system every single day. We've been running it for years. So my team members are deep in the knowledge and capabilities of Coupa it's functionality, how to manage it every day, how to get the most you out of it and we want to share that knowledge with other Coupa customers to get the most value out of their system as well. So whether that's optimization and helping them get more out of their system or whether it's roadmap or assessments in our perspective, or even doing net new implementations we're excited to venture into that area of services with Coupa as a partner. >> Or have you guys started doing that yet? >> Today is our first Coupa inspire as a partner, which is exciting. And we literally just got started in the last few months. So we are working on getting our first customer here hopefully very shortly and have had a lot of of really great conversations with customers at the show so far. >> That's one of the great things that Coupa took the risk to bring us all together because there's they have a phenomenal community of which you guys have been a part now you said I believe about seven years, but there's nothing that replaces the connections that you make in the community that is grown from doing events like this. I imagine that you've gotten to talk with a lot of prospect >> Yes. >> Prospective customers who, what, how did you do this? This seems like an impossible feat that you've gotten to share with them. This is doable, here's how we did it. >> That's right. So fortunately I've been at previous inspires as well. So I've gotten to talk to people that I haven't seen in a couple of years, which is always exciting. I've been able to talk to customers that I've done, referrals for with Coupa before that are now Coupa customers and we get to talk about that and also those perspective customers and helping them know that it is doable, it is achievable you can get consensus in a decentralized company where all the sites if you have lots, lots of sites and countries have their own autonomy, you can do it. You can do it fast. You can do it effective if you take the right approach. And so it's exciting to get here and share that opportunity and our adventure and our journey with Coupa and the journey is only just beginning. >> Right, what are some of the things that you are excited about in terms of the innovations that they've announced at the event? I know Coupa is very much symbiotic with its customers that the community very much generates a lot of the direction in which the technology goes. But what are some of the things that you've heard announced that you thought, yes, they're going they continue to go in the right direction. >> Yeah. So there's some actual foundational capabilities around things like payment agreements and group carts and things that actually we've contributed through either customer cabs or VP sessions with design, just doing collaboration together but I'm also excited to see some of their price benchmarking that they're doing so that we can know how well are we doing and from our pricing standpoint and also where they're going supply chain I'm excited to see where they're going with that. Being a big supply chain company ourselves, we're hoping that all turns out to be something that we can innovate with Coupa on and hopefully have in the future as well. >> Well, as they said, Rob said it to me just an hour ago, they're tip of the iceberg but what its seems that you've become Heidi yourself and Jabil is really kind of an influencer within the Coupa community. We appreciate you coming by theCUBE, sharing with us what you've accomplished and how you're expanding your Coupa partnership into helping other companies. >> Great. Thank you again for having me today. >> My pleasure. >> All right. >> For Heidi Banks, I'm Lisa Martin and you're watching theCUBE's coverage of COUPA INSPIRE 2022 from Las Vegas. Stick around my next guest joins me momentarily. (upbeat music)

>> Narrator: Live from the Computer History Museum in Mountain View, California. It's theCUBE, covering DevNet Create 2018, brought to you by Cisco. >> Welcome back everyone, live here in Silicon Valley in Mountain View, California, it's theCUBE coverage of DevNet Create. This is Cisco's cloud developer, DevOps, cloud native developer environment. This is different from DevNet, that's their Cisco developer conference, so we're here covering it. This is where all the action in Kubernetes, DevOps, and a lot more. I'm John Furrier with my co-host Lauren Cooney. Our next guest is Heidi Waterhouse, Developer Advocate for Launch Darkly. Welcome to theCUBE. >> Hi, thank you! I'm glad to be here. >> Thanks for coming on. So first of all, take a minute to talk about what you guys do as a company, then we'll talk about some specific DevOps questions that we have for you. >> Excellent. So, what we do as a company is, I summarize it as feature flags as a service. We are giving people a control surface to be able to deploy their code safely in the daytime, so nobody has to stay up on a deploy bridge, and then control who sees it very precisely, and roll out individually or do work to do intricate testing with user groups or we sometimes use it, imagine if sales could turn on a feature, a test feature for one client without needing to go to development and get approval for all of that. So it gives us the ability to let people be richer in their expression of software. >> So is it software as a service? Is it cloud-based? >> Yes >> It is 100 percent cloud-based. >> So, subscriptions, free? >> We charge by developer seat, and all we are saying is, go ahead and use it, we have the capacity to handle it. We're handling about 25 billion flags a day right now. >> So it's a great tool, so it's not like a big over the top feature cost. >> Oh, no. >> It's like nice lightweight usability, the more you use it, the better utility. >> Yeah, it's very light. It's a couple SDKs and then a code snippet about this long, depending on your language. The Java one's a little longer. And what it gives people is the ability to do feature flags, which lots of people are already doing, in a manageable way, with a structured API, so that people can keep track of what's happening. And make sure that they are only allowing the right people to turn flags on, because you don't want everybody to be able to hit the kill switch. You want a kill switch on the feature if it starts spitting out garbage, but you don't want it to be universally accessible. >> I think you also want it to be consistent, right? In that environment and those environments, where the developers are trying to understand what that looks like. >> Right, and auditable. We give you the ability to see every change that's happened to a flag and who made it. >> So DevOps is going on almost a 10-year run now. If you look back on the original kind of DevOps ethos, really was kind of coming in late in the 2007 time frame, the real hardcore DevOps were building their own stuff. So we're 10 years into what I would call the true DevOps, maybe earlier. You could argue a little bit earlier when Amazon hit the table, but can you tell about the kinds of things that you guys are doing is really large DevOps environments, where you want agility, you want real-time, push code all the time, but be reliable. This is more of a mature-looking dev team. How has that evolved there? What are some of the key things? This is kind of probably an indicator, of where everything else is going. What are some of the developer concerns? Is it A/B testing? That's kind of a trivial example, but I often imagine all kinds of new software methodologies are coming out of this. What are you seeing? >> So what we're seeing is, for 20 years, we've been teaching and preaching branch-based development. But it turns out the very largest software organizations, like Google, are doing trunk-based development, because branches are just a way to cry. Once you try and merge something back in, you find out that you have conflicts, and then you have to have more discussions about who gets cherry-picked, and it's catastrophic. I have said for a long time that maybe my second career is just going to be a trauma therapist, specializing in GitHub, and I think I can make money at that. So we have this inherent belief that branches are just how we code, and what we've been seeing is, people are pulling back more and more into trunk-based development, so that everybody is aware of what's going on all the time, and you can just have one through-line in your code and not have people spoiling off into branches that are unproductive. >> And how you do you manage that? So your tool manages that, or is it more of a philosophy discipline? >> No, it is a side effect of our tool, because the reason we have branches is because we don't want to show people our work in process. But if you can hide it behind a feature flag, and only deploy it, only activate it when you're ready, it gives you a good chance to test it in production. There's nothing that says you can't build your feature, test it in production at full scale, with all your microservices distributed, all of the data flow, everything, but you're the only one who sees it. And being able to target that is really important. It's going to give you a lot of capacity to test things. >> Yeah, and we've seen that, too, all the time, where people are saying, "Hey, you know what, I want to test it before I invest in it." That's a big thing. >> Yeah, it is. And internally being able to test things is going to give you a lot of capacity. So, we find that it is not our, we're not enforcing anything on anyone. That's not our role or our goal. What we're trying to do is offer people a tool that helps facilitate the best of what they're doing. >> Yeah, and when you look at developer tools, I think that's absolutely critical in bringing that to the table for different environments and things along those lines. >> And one of those things I was going to ask you is, when you look at the developer environment, is the developer environments, in your mind, in a spot where people can do this? In other words, will they be able to pull it off in open source, because if someone's got all this open source information going on, let's just say hypothetically, they got the trunk thing going on, but a lot of open source is driving this, so there's some discipline involved, there's some psychology, counseling, as you mentioned, so how do you pull it off? What's the best use case? >> You have to make it advantageous. You have to make it work for them, because people aren't going to do things that don't work for them. I teach a workshop, I was doing a workshop here about documentation, and people were like, "How do you get developers to document?" I'm like, "Well, have you ever fired a developer "for not documenting something?" "Have you ever given them a raise for documenting something? "If you haven't, you don't actually care about them "doing documentation." In the same way, moving culture means that we have to incentivize doing the right thing. We have to make the barrier to entry low, and we have to make it possible for people to just do the right thing more easily than the wrong thing. >> The other thing that I was thinking about, too, is, this is just kind of my personal opinion, 'cause the things you mentioned are really important, and that is that, doing testing at scale is a big deal, because if you think about all the wasted time that goes into, just the politics, whether it's politics or lobbying to get something in, a feature built, I mean, you're talking about months, weeks, I mean, it's a nightmare. So imagine a capability to say, and this is the promise of DevOps, this is ultimately why this is so awesome. >> So, this is like, move fast and don't break things very much. And I like to think of, every plane you get on is a little bit broken, it has an error budget, and if it exceeds the error budget in any direction, even if it's like an overhead latch bin, they ground the plane. But our organizations also need to be that resilient. We need to have that flexibility, and I think the way we can do that is by being able to instrument our features and turn them off if they're causing problems, or turn them down if we're getting flooded, or whatever it is we need to do, we need to do it at a finer grain than we've currently been doing. I don't ever want to have blackouts, like maybe a brownout. >> And Heidi, the other thing I think is interesting with what you guys are doing is that, this whole event here at DevNet Create, and all the other events that are, I call cutting edge developer events, the vendors who sell stuff, like Cisco, whether they're big, and new vendors, the old model of preaching and jamming solutions down your throat is not the way it works anymore. All the enablements has to be there, but the co-creations happening, really from the people who are building their own stuff, so that's kind of going to have to be a dynamic, creative environment, so you need to have a really pure DevOps environment. Well, not pure DevOps, I mean an environment that's going to be facilitating creativity, risk-taking, >> Yes. >> experimentation, building concepts, not, "Oh, I'm constrained, because this psychologically doesn't support," >> Yeah, it's hard to do advanced thinking when you are not psychologically safe. But I do think that you don't have to be operating in the purest of DevOps in order to be taking in some of these tools and techniques and using them effectively. I think there are a lot of people who have, for instance, taken up blameless post-mortems. Even if they're not doing anything else in the DevOps sphere, they're like, "Oh, wait, we could talk about "root causes that weren't, like people screwed up," and I want us to say whatever you can do that's going to improve your environment. I don't want people to feel like they have to absolutely transform everything, because that's too big an ask. >> Yeah, it's disruptive, too, to operations. You want to be just enough disruptive. Alright, I want to get your thoughts on something that I've been thinking about for a while, been talking about on theCUBE, and that is, I come from the old, when I was growing into the business, it was all waterfall-based software development, Agile comes along and it de-risks everything, because the old days was you created a product, you crafted it, you shipped it and you don't know if it was going to work or not, right? And you did QA, all that, you prayed. Now, with Agile, that got de-risked, so you, you're shipping code, you're iterating, but I'm arguing that the craftmanship has kind of gone out of it, because you're constantly programming, and so, that's kind of my opinion. Some people will debate that, but, now we're seeing a move towards, with the Agile Methodology, which I love, and a role of craftmanship, where cloud is kind of going to the next level, you're starting to see people think about crafting the product. So, as Agile goes to the next level, what's your opinion, view, of crafting process, now the user experience has gone beyond just look and feel and being good, mission-based applications, you're seeing new kinds of psychology of how people use things. So diversity becomes important, but the role of crafting and the methodology, is there a spot for that? How does that fit in? I mean, if you're constantly shipping code, push, push, push, are you crafting it? Is there, what do think, is there an art? Where's the artistry of it? >> Where is the artistry? Well, artistry isn't replicable. So this is sort of a problem, because what we really want is consistency. So I think eventually we'll become sort of like novelty ice cube molds. There's somebody who carves the original novelty ice cube mold, and then we all use it to make novelty ice cubes that fill our heart with delight. There is an artistry, but we're going to have to pay people to do it, and currently, we're only paying them to cool our drinks. And until we really make some time to say, "It is saving me time, it is saving me money "to have a well-crafted product," we're not going to change. And I think that's an interesting thing about serverless and function as a service, is it really pays to have a super well-constructed system. Those microseconds do count there, in a way that they haven't in the age of eternal storage and basically all the bandwidth we can consume. And I'd like to see that applied backward toward people who have very low bandwidth. I would love it if one day a month, everybody dialed down their corporate internet to the speed that rural America is getting, and see how they feel about their apps then, because there's a lot of people out there who do not have our big fat pipes. >> And also outside of the United States, too. Again, I'm not saying that there's not good software. I'm just kind of seeing a trend where, certainly I have seen this in DC and outside of the US, where mission-driven enterprises have completely different criteria for the product. And so I'm just trying to, I'm seeing some early signals around that the software methodology might, not shift, but it just feels like it's some action there, and I always kind of keep an eye on that. >> So the thing that I think is going to happen, and this is my weird futurist hat, is, I think we are going to have more and more modular, snap-together assemblies, and the product manager is going to rise from the ash heap and be the person who says, "Look, these are all the things that we need to assemble. "Please go find the parts, "so that we can build this that we want," in a way that we haven't prioritized in a realm where we're like, "Well, developers tell me how to do this." >> So componentized feature. >> Yeah, a componentized feature, I see us really moving strongly toward that. I think that's a lot of what we're doing with serverless, and software as a service is like, "Why build it yourself if somebody has already done it?" Like, "Please don't roll your own." Don't roll your own authentication, don't roll your own LDAP. It's a solved problem. Buy it and snap it together in a way that serves your customer. >> Jim Zemlin said this at the Open Source Summit in LA last year, he called it the open source sandwich, only 10% of the solutions are a unique IP, 90% of it is the bread that's from open source. So, to your point, this has already kind of going there, the exponential growth in open source is becoming significant. So with that in mind, that's going to play a part in that futuristic view, it's happening now. Your thoughts on open source, you mentioned that you could be a crisis counselor (laughing), a therapist, or whatever, I mean, there's a lot going on that's now tier one, it's multi-generational now, it's not the old days, renegade second-tier citizen, open source is powering the world. Your thoughts on the current state of open source? >> I think open source is a fascinating example of doing what we need and how it helps other people. And so, almost all open source projects, even now, start with personal pain. And then we expand them to other people. And I would like us to remember that the reason it's open is because we care about other people's pain, and it's really easy as we corporatize open source to forget that that's where we came from. >> And it's community-driven, and it's done in the open. >> Yeah, exactly, and revealing everything that we're doing is an excellent value, even if we're not necessarily licensing it. You can go and look at all of Launch Darkly's APIs. We have them out there, but we're not an open source company, we're just-- >> Transparent. >> Those are values that we have, that we want to be able, we want people to trust us, so we're going to show them. >> Well, congratulations, it's great to have you on. Great conversation. >> Thank you! >> Love the futuristic view, riffing on some concepts we've been thinking about, also. Got a great service, making possible to operate at scale, get new features tested and fire those capabilities. Appreciate it. >> Alright! >> Thanks for coming on theCUBE. >> Thank you! >> Thanks! >> We're here at DevNet Create, Cisco's cloud DevOps developer get-together. I'm John Furrier. We'll be back with more coverage after this short break.

>> Live from San Francisco. It's the Cube covering artists. A conference twenty nineteen brought to you by for scout. >> Hey, welcome back already, Geoffrey here with the Cube were in downtown San Francisco at the brand new Open. I think it's finally complete. Mosconi Center for our conference. Twenty nineteen were really excited this year. For the first time ever in the four Scout booth, we've been coming to our say for a long time. We had Mike on last last year by Caesar. President Seo >> for scout. I appreciate you having me >> because we had the last year and you're so nice. You You invited us to the way we must both done something right? Absolutely it Also, before we get too far into it, Congratulations. Doing some homework. The stock is going well. You're making acquisitions, You said it's the anniversary of going out in public. So things are things are looking good for Four. Scout >> things have been good. We've been public company now for four quarters. We've beaten, raised on every metric we had out there. So we're feeling good about >> life. So I don't think the security threats are going down. I don't think you're Tamas is shrinking by any stretch of the imagination. Definitely >> does not feel like the threat landscape is getting less challenging these days, right? I mean, when you look at all the geopolitical stuff going on between the US and China and Russia, that that usually spills into the cybersecurity world and kind of makes things a little bit more tense, >> right? So the crazy talk and all confidence now is machine learning an a I and obviously one of the big themes that came up, we had a great interview. A googol is you just can't hire enough professionals regardless of the field, especially in this one to take care of everything So automation, really key. Hey, I really key. But the same time the bad guys have access to many of the same tools so that you're in the middle of this arm raise. How are you? You kind of taken a strategic view of machine learning an A I in this world. >> So what's amazing about cyber security in two thousand nineteen is the fact that the pace of innovation is exploding at an unprecedented rate, Right? I mean, we're bringing Maur devices online every quarter now, then the first ten years of the Internet combined. So the pace of adoption of new technologies is really what is driving the need for machine learning and a I a human being. Historically, in the cybersecurity world, most corporations approach was, I'm gonna have a whole bunch of different cyber products. They all have their own dashboards. I'm going to build this thing called a cyber Operations Center of Sock. That is going to be the input of all those. But a human being is going to be involved in a lot of the research and prioritization of attacks. And I think just the volume and sophistication of the breaches these days and attacks is making those same companies turn towards automation. You have to be willing to let your cyber security products take action on their own and machine learning in a I play a very large roll back. >> Yeah, it's really interesting because there's very few instances where the eye in the M L actually generate an action. Oftentimes will generate a flag, though they'll bring in a human to try to make one of the final analysis. But it's not, not often that way, actually give them the power to do something. Is that changing? Do you see that changing are people more accepting of that when you can't give it up that >> control when you when you look at for scouts kind of core value Proposition the category that were in his device. Visibility in control device visibility. What's on the network control? When I find something that shouldn't be, there are customers. Want to block that so way? Have a front row seat on watching customers that for decades have been unwilling to allow cybersecurity products to actually take action, turning our product on everyday and allowing us to do exactly that. So when we look at the way that they approached the breaches in every one of these scenarios, they're trying to figure out how they can augment the personal staff they have with products that can provide that level of intelligence >> on nothing to >> see over and over is that people are so falih. Fallible interview to Gala Grasshopper A couple of years he was one hundred percent a social engineering her way into any company that she tried. She had a kind of cool trick. She looked at Instagram photos. He would see the kind of browser that you had, and you know the company picnic. Paige won't let me in. Can you please try this? You're one hundred percent success. So you guys really act in a very different way. You're kind of after the breaches happened. You're sensing and taking action, not necessarily trying to maintain that that print Big Mo >> we're actually on the front end were before the breach takes place. So the way our product works is way plug into the network and then we turned that network ten years ago. A CEO would would would control everything on their networks. They would buy servers and load them with products and put them in their data centers. And they bite, you know, end points and they give those to their to their employees. Those same CEOs now need to allow everything to connect and try to make sense of this growing number of devices. So both the role that we play is preventative. We are on the front end. When a device first joins that network, you need to make sure that device is allowed to be there. So before we worry about what credentials that device is trying to log in with, let's make sure that's a device that the company wants to be on the network to begin with. So to your point, exactly your right. I mean, I think my CFO and I probably every week have some very sophisticated email that makes it sound like one of us asked the other to approve a check request. But it's but they're getting good and you're right. They go on the They know that I went to Villanova, where I'm a Phish fan, and they'll leverage some form of thing. All Post online has tried to make that seem a little bit more personalized, but our philosophy is a company is very basic, which is you need situational awareness of what devices are allowed to be on that network to begin with. If you get that in place, there's a lot less examples that what you described a couple of minutes >> ago and that you said to really instinct philosophy, having kind of an agent list methodology to identify and profile everything that's connected to the network, as opposed to having having you know an OS or having a little bug on there, Which would put you in good shape for this operations technology thing, which is such a critical piece of the i O. T and the I O T transfer >> there. Now there's there's no doubt, You know, that's one of the most fourth sight ful things that, for Scout has ever done is we made the decision to go Agent Lis ten years ago, Way saw that the world was moving from you, Nick and and Lenox and Windows and all of these basic operating systems that were open and only a few of them to the world that we're in today, where every TV has a different operating system, every OT manufacturer has their own operating system, right? It's example I uses that is the Google, you know, the nest thermostat where you you, you buy that, you put it on the wall of your house, you pair with your network, and it's sitting right on line next to your work laptop, right? And and there's been Brit breaches shown that attacks can come in through a device like that and get on to a more more trusted asset, right? So just having that situational awareness is a big part to begin with. But, oh, teams, let's talk about OT for a couple of seconds is almost in front of us post Wanna cry? I am seeing almost every sea, so in the world not having had but the cyber responsibilities for OT being pulled into the O. T part of the business. And it makes sense. You know that the when you watch it a cry, a breach like Wanna cry? Most companies didn't think they bought something from Windows. They thought they bought a controller from Siemens or Gear, one of the larger manufacturers. What they realized on wanna cry was that those controllers have embedded versions of an old operating system from Microsoft called X that had vulnerabilities. And that's how it was exploited so that the approach of devices being online, which changing in front of us, is not just the volume of devices. But they're not open anymore. So the Agent Lis approach of allowing devices to connect to the network and then using the network to do our thing and figure out what's on it makes us a really relevant and big player in that world of coyote and don't. So >> do you have to hold their hand when they when they break the air gap and connect the TV into the Heidi to say it'll be okay. We'll be able to keep an eye on these things before you go. You know, you talk about air gaps all the time is such a kind of fundamental security paradigm in the old way. But now the benefits of connectivity are outweighing, you know, the potential cost of very >> difficult, right? I mean, one of the examples I always uses. PG and E are local power company here. We're up until a few years ago, they'd have a human being. A band would come to your house and knock on your door, and all they wanted to do is get in your garage to read your meter, right? So they could bill you correctly. And then they put smart meters on the side of our houses. And I'm sure the roo I for them was incredible because they got rid of their entire fleet as a result, but recognized that my house is Theo T grid, now connected back to the side, which is Billy. So there's just so many examples in this connected world that we're in. Companies want to do business online, but online means interconnectivity. Interconnectivity means OT and connected so Yes, you're absolutely right. There's many companies believe they have systems air gapped off from each other. Most of those same cos once they get for Scout Live recognized they actually were not air gapped off from each other to begin with. That's part of the role that we play. >> This cure is to get your >> take. You talk to a lot of sizes about how kind of the the types of threats you know have evolved more recently. You know, we saw the stuff with presidential campaign. The targets and what they're trying to do has changed dramatically over the last several years in terms of what the bad guys actually want to do once they get in where they see the value. So how has that changed? No, it's not directly because you guys don't worry about what they're trying to do bad. You want to protect everything. But how is that kind of change from the size of perspective? >> Our customers are government's financial service companies, health care companies, manufacturing companies. Because every one of those companies, I mean, it sounds basic. But if you knew the bad thing was plugged into your network, doing something bad you would've blocked it. You didn't know it was there to begin with. So we actually have a role in all types of threats. But when you look at the threat landscape, it's shifted your right. I mean, ten years ago, it was mostly I p theft. You were hearing examples of somebody's blueprints being stolen before they got their product into the market. WeII. Then soft financial threat shifted. That's still where the bulk of it is today, right? No, they ransomware attacks. I mean, they're all money motivated. The swift breaches. They're all about trying to get a slice of money and more money moves online that becomes a good hunting ground for cybersecurity attackers. Right? But what? What is now being introduced? A CZ? Well, as all the geopolitical stuff. And I think you know with, with our commander in chief being willing to be online, tweeting that with other organism governments worldwide having a more social footprint, now that's on the table. And can you embarrass somebody? And what does that mean? And can you divide parties? But, yeah, there's there's a lot of different reasons for people to be online. What's amazing is the attacks behind them are actually fairly consistent. The mechanisms used right toe actually achieve those that you know that you know the objectives are actually quite similar. >> I'm curious from the site's perspective >> and trying to measure r A Y and, you know, kind of where they should invest in, not a vest, How the changing kind of value proposition of the things that they that are at risk really got to change the dynamic because they're not just feeling a little bit of money. You know, these air, these are much more complex and squishy kind of value propositions. If you're trying to influence our election or you're trying to embarrass somebody or you know, >> that's kind of different from anything. If it's state funded sheriff, it's believed to be state funded. It typically has a different roo. I model behind it, right, and there's different different organizations. But, you know, like on the OT side that you described a second ago, right? Why is OT so hot right now? Because it's one thing to have a bunch of employees have their laptops compromised with something you don't want to be on their right. It's embarrassing. Your emails get stolen it's embarrassing. It's a very different thing when you bring down a shipping line. When a company can't shift, you know can't ship their products. So the stakes are so high on the OT side for organizations that you know, they are obviously put a lot of energy and doing these days. >> You need talk about autonomous vehicles, you know, misreading signs and giving up control. And you know what kinds of things in this feature? Right, Mike? So if we let you go, you're busy. Guy, get thanks >> for having us in the booth. What do your superiors for twenty nineteen, you know for us at Four Scout, the priorities are continuing to execute. You know, we grow our business thirty three percent. Last year. We achieved free cash flow profitability, which is the first time in the company's history. So way of obligation to our investment community. And we intend to run a good, solid business from a product perspective. Our priorities are right in the category of device visibility and control its one of things. When you look around this conferences, you know cos cos had to be careful. They don't increase their product size too quickly. Before they have the financial means to do so. And we just see such a large market in helping answer that question. What is on my network? That's our focus, and we want to do it across the extent that enterprise at scale. >> Yeah, I've sought interesting quote from you on one of their earnings calls that I thought was was needed. A lot of people complain What, you go public. You're on the ninety day shot clock in that that becomes a focus. But your your take on it was now that everything's exposed country spending an already how much spinning a marketing I'm in shipping, it sails that it forces you to really take a deeper look and to make tougher decisions and to make sure you guys are prioritizing your resource is in the right way, knowing that a lot of other people now are making those judgments. >> You know, Listen, the process of raising money and then going public is that you have to be willing to understand that you have an investment community, but you have an obligation to share a lot of detail about the business. But from the other side of that, I get a chance to sit in front of some of the smartest people on the planet that look att my peer companies and me and then provide us input on areas that they're either excited about are concerned about. That's amazing input for me and helps me drive the business. And again, we're trying to build this into a big, organically large cybersecurity business, which is a rare thing these days. And we're quite were very how aboutthe trajectory that we're on. >> Right? Well, Mike, thank you. Like just out with smart people like, you know, I appreciate it and learned a lot. So you congrats on this very much. >> Sorry. He's Mike. I'm Jeff. You're watching The Cube were in the Fourth Scout booth at RC North America. Mosconi Center. Or in the north North Hall. Just find the Seibu. Thanks for watching. >> We'LL see you next time.

(upbeat music) >> Narrator: Live from Boston, Massachusetts it's The CUBE covering OpenStack Summit 2017, brought to you by the OpenStack Foundation, Red Hat, an additional ecosystem of support. >> Welcome back, I'm Stu Miniman with my co-host John Troyer. Happy to welcome back to the program. It's been a couple of years but Mark Baker, who is the Ubuntu Product Manager for OpenStack at Canonical. Thanks so much for joining us. >> Oh, you're welcome, it's a pleasure to be back on. >> All right so you said you've been coming to these shows for over six years now. You sit on the OpenStack Foundation. We've been talking this week. There's all that fuzz and misinformation and God what does (faint) say this morning? It's like fear is one of the most powerful weapons out there. Sometimes there's just misinformation out there but for you, OpenStack today where you see it in general and in your role with Canonical? >> Sure so OpenStack is one of the cornerstones of our business. It's certainly a big revenue generator for us. We continue to grow customers in that space, and that mirrors what we see in the OpenStack community. So all of the numbers you'll have seen in the OpenStack survey showed that adoption continues to grow. Sure, there is, I don't know if I want to call it fake news out there but there's definitely a meme is going that okay, OpenStack is perhaps declining in popularity. That's not what we see in adoption. We see adoption continuing to grow, more customers coming onto the platform, more revenue is coming from those customers. >> Yeah Mark any data you can share? We did have we had Heidi Joy on from the foundation to talk about the survey. I mean big you know adoption over 74% of deployments are outside of the US. We talked to Mark and Jonathan this morning. They said well that's where more than 74% of the population of the world lives outside of the US on any trends or data points specifically about a bunch of customers. >> Sure so we we definitely have big customers outside the US. You look at perhaps one of our best well-known is Deutsche Telekom, obviously a global telco that's situated in Europe that's deploying OpenStack. Really at the core of their network and I was going into multiple countries, and we see not only more customers but also those existing customers growing their estate and we've got other engagements as well in the Nordics with Tele2, another telco that has a larger stake too. And increasingly out in Asia too. So we definitely see this as being a global trend towards adoption. >> All right and Mark, there was you know for years, it was okay. How many distributions are there out there? How many do we need on out there? Why do customers turn to Ubuntu when they want OpenStack? >> So the challenge of operating infrastructure is scale. It's not can I deploy it? It's not so much even you know how performant is it? It's really kind of boils down to economics, and a large part of that economics is how are you able to operate that cloud efficiently? We've proven time and time again that a lot of the work that we've put in since the very beginning around tooling, around operations is what allows people to stand up these clouds, operate them at scale, upgrade them, apply patches, do all of those things but operate them efficiently at scale without having to scale the number of staff they require to operate that cloud, yeah. >> I think back to the staff that's been around for at least 15 years is company spent 70 or 80% or even more of their budget on keeping the lights on, running around the data center doing that. Anything you could tell us about OpenStack and how that shifts those economics for the data center? >> Sure, so OpenStack has gone through a typical sort of evolution that many technologies go through and we liken it to Linux obviously, we're a Linux company. In the beginning with Linux many people would build their own distributions, they'd compile their own kernels, they'd make modifications. A lot of the big lighthouse users of OpenStack went through that process. We are seeing the adoption changing now. So people are coming to companies like us with an OpenStack distribution that's off-the-shelf, ready and packaged with reference architectures, proven methodologies for implementing this successfully, and consuming it much more like that. Without that package, this free software can actually be very expensive to operate. So you have to get getting those economics right comes from having those packages for people to be able to deploy, manage it and scale it efficiently on-site. >> So you've been involved with OpenStack throughout the whole evolution. Is there anything you see now and 2017 at this summit? This is my first summit. I'm very impressed as an outsider. Again, we started off talking about what you hear from the outside, talking to people here at the show, people standing up their very first clouds this year, very bullish very kind of conscious of okay this is a, this is not a winner-take-all world. There's a place for OpenStack. >> Mark: Yeap. That's actually very kind of clear and very well fit. Do you see a difference in the customers that are you're working with now in 2017, their maturity level, their expectations than perhaps you did a few years ago? >> So yes certainly, customers have complex and diverse requirements, and so they want to deliver different styles of applications in different ways, and OpenStack is a great way of delivering machines, whether it's virtual machines or container machines to applications and provides a very robust and agile environment for doing that. But other styles of application may require to run natively on Bare Metal. OpenStack can do some of that, and do a lot of that but we're seeing, certainly seeing customers understanding okay, OpenStack has a role, public cloud has a role, container technologies have a role. A lot of these intersect together. Then it's really our objective is to help them whether they're choosing container platforms and OpenStack, whether they're using public cloud to ensure that they're able to manage this in an efficient way to deliver value to their business. >> You talked about operability and we talked with Mark Shuttleworth. He was also, we were marking that Ubuntu, the operating system is by far the majority choice in OpenStack and in a lot of cloud projects. Can you talk a little bit more about operability? Again the traditional dig from outside the project a few years ago science project, hard to use, need to have computer scientists to even get it running, which as a former Linux person myself, I think I find that a little bit insulting. It's rocket science but it's not that, it's not that complicated. >> (faint) Were involved in the beginning. >> That is true. But can you just talk a little bit about operability in terms of getting what you're seeing, in terms of either private cloud or at people standing up, the operations team needed, the maintainability day to day operation, that sort of thing in a modern OpenStack environment? >> Yeah, so OpenStack is becoming, certainly a lot of the enterprise customers that we're working with now is becoming another platform that will sit alongside the VMware. There may be some intersection of that. Our goal is to have common operations. So if I want to deploy applications into containers, I could do that in to Kubernetes or just running on VMware, I could do that on OpenStack, I could do it in public cloud to have common tooling and common operations across as much of the estate as we can because that's where I'll get efficiencies. It's where I'll get smart economics and smart operations. So well definitely, people are looking for those solutions. They know they're going to have diverse environments. They're looking for commonality that runs across those diverse environments and Ubuntu provides a great deal of commonality across. >> Mark, can you speak to Canonical's involvement in some of the projects? I know you have a lot of contributors but where particularly did your company spend the most focus? >> So, OpenStack, the initial challenge with OpenStack was to deliver capability and functionality. Canonical was one of those contributors in the early days. It was helping drive new features, helping drive new capabilities in OpenStack. More or less, we've switched to addressing that operations problem. There are many clouds out there that's stuck on older versions. For OpenStack to succeed as it moves forward, we need to be able to show you can upgrade gracefully without service interruption. We're demonstrating that with customers. So a lot of the work that we've been doing is how we streamline these operations, how we crowdsource, if you like, best practice for operating these clouds of scale to deliver efficient value to the business. >> Oh, another interesting conversation here at the show has been about containers. >> Yeah. >> Both Kubernetes and I know Canonical been involved with with Alex D. So can you talk a little bit about the interrelation of containers with OpenStack and how you're seeing that play out? >> Yes, absolutely so containers is all over OpenStack. We do smile somewhat when people talk about containers being a new thing with OpenStack as we've been deploying OpenStack inside LXD containers for several years now. So many of our customers are running containerized OpenStack today in production but this there's certainly this great intersection of that running Kubernetes on top of OpenStack. For example, we're seeing a lot of interest in that. We deploy, as they say, our OpenStack services in containers to give flexibility around architectural choices. We're very happy to run Canonical's distribution of kubernetes inside of OpenStack, which we do, and say have customers doing that. So there are also people looking at how you can containerize control plane in other ways. We're certainly keeping tabs on that, and you know exploring that with some customers but containers are all across the OpenStack ecosystem. They're not competitive. They're very much sort of building a higher level of value for customers so they have choice in how they deploy their applications. >> All right, Mark anything new this week surprised you or any interesting conversations that you'd want to share? >> So I came into this knowing that there was going to be a lot of discussion around containerized applications in OpenStack and containers perhaps, and the control plane. The thing that has surprised me actually has been the speed with which people are looking at OpenStack for edge cloud. Cloud on the edge, it's kind of a telco thing but cloud on the edge is how I can deliver capabilities and services, infrastructure services in an environment, in a mobile environment, it could be attached to a cell phone mask for example. It's not a traditional big data center but you need to deliver content and data out to mobile devices. So there's a lot of discussion especially today, within the telco community here at OpenStack Summit about how OpenStack can deliver those kinds of capabilities on the edge. That's been interesting and a surprise for me to see how quickly it's come up. >> All right Mark, want to give you the final word as to what you want people taking way of Ubuntu's participation in OpenStack. >> Well, some of this talk about OpenStack you know is it had its day in the sun, there are other things now taking over. You need to I think people out there will need to understand that OpenStack is deeply embedded inside big companies like AT&T, and like Deutsche Telekom. It's going to be there for a decade or more, right. So OpenStack is definitely here to stay. We continue to see our business growing. The number of customers Canonical is working with deploying OpenStack continues to grow. Ubuntu as a platform for OpenStack continues to grow. So it's definitely going to be part of the infrastructure as we roll forward. Yes, you'll see it working more in conjunction with those container technologies and application platforms. Parsers for example but it's here. It's just no longer quite the bright new shiny thing it used to be. It's kind of getting to be part of regular infrastructure. >> All right, well Mark not everything could be as bright and shiny as the Ubuntu orange shirt. So thank you so much for joining us again. We'll be back with more coverage here. From Boston, Massachusetts, you're watching The CUBE. (upbeat music)