>> Live from Las Vegas, it's theCUBE, covering AWS re:Invent 2018, brought to you by Amazon Web Services, Intel, and their ecosystem partners. >> And welcome back here to Las Vegas. We're in the Sands expo, we're in Hall D. If you happen to be at the show or dropping in just to watch, come on by and say hi to us. Love to see you here on theCUBE, as we continue our coverage, day two. And along with Justin Warren, I'm John Walls. And now we're joined by a couple of gents from HUB International, Seth Morrell, who's the vice president of enterprise, architecture and design. Seth, good morning to you. >> Good morning. >> And Jeremy Embalabala, who is the director of security architecture and engineering, also at HUB International. Good morning, Jeremy. >> Good morning. >> Seth, by the way, playing hurt, broken finger with a snowblower in Chicago on Monday. >> On Monday. >> Yeah, good luck though with the winter. >> Yeah, yeah, yeah, it started off well. >> Sorry to see that, but thanks for coming regardless. >> No problem. >> All right, tell us about HUB International a little bit, about primary mission and then the two of you, what you're doing for them primarily. >> Right, right, so HUB International is an insurance brokerage. Personal, commercial, we do employee benefits, retirement as well. We're based in the US in Chicago, operate in US and Canada. 500 plus locations, 12,000 employees. >> Okay, and then primary responsibilities between the two of you? >> Well, I'm the director of security architecture. I'm responsible for all things technical with regards to security, both on the architecture side, engineering and operations. >> All right, so yesterday we were talking about this early, you did a session, you're big Splunk guys, right? So let's talk about what you're doing with that, how that's working for you in general, if you would. >> Yeah, yeah, go ahead. >> Yeah, the reason Splunk Enterprise Security, the on-premise version we actually, people always ask me, are you using Splunk Cloud or Splunk On Prem? And I always joke, well we're using Splunk On Prem in the cloud in AWS. But for us, we're really focused on Splunk as a SIEM, to enable our security operations center to provide insights into our environment and help us detect and understand threats that are going on in the environment. So we have a manage partner that runs our security operations center for us. They also manage our Splunk environment. It helps us keep an eye on both our AWS environment that we have, our Azure environment, and our on-premise data center as well. >> A few people have sort of gotten wary of the idea of a SIEM. People have tried to use SIEMs and they haven't been very successful and they go, "Oh SIEM's a bit of a dirty word." But it sounds like SIEM's actually working for you really well. >> Yeah, I really view a SIEM as a cornerstone of security program. Specifically if you have a mature security operation center, it's really hard to operate that without a SIEM. SIEMs are tricky, they're tricky to implement, they're generally very costly and they require a lot of tuning, a lot of love, care, and feeding in order to be effective. Quite frankly, if you don't get that right, it can actually be detrimental to your security program. But if you put the proper care and feeding into a SIEM, it will be very beneficial to your organization. >> Okay, so what's some of the things that you've been able to do now that you've got Splunk in there and it's helping you manage the security? Because I saw some statistics earlier this morning, where security is basically the second biggest, most popular term here at AWS and at re:Invent. It's clearly front of mind for a lot of enterprises. So what is it that Splunk in helping you to achieve that you wouldn't have been able to go otherwise? >> The biggest thing for us is the aggregation of all of our logs, our data sources in AWS, data sources on prem, our Windows file servers, our network traffic flow data, all of that's aggregated into Splunk. And that allows us to do some correlation with third-party threat intelligence feeds. Take indicators of compromise that are streamed, that are observed out there in the real world, and apply those to data that we're seeing on our actual data sources in our environment. It allows us to detect threats that we wouldn't have been able to detect otherwise. >> Right, how does that translate through to what you're actually doing as a business? I mean, this is a very sort of technology-centric thing, but you're an insurance agent. So how does this investment in security translate into the business value? >> One, it just gives us visibility into the environment, and we can proactively identify potential threats and remediate them before they actually cause an impact to the business. Without these tools and without these capabilities, it'd be a much riskier endeavor. And so it's helped us throughout, and we've been good partners with Splunk, they're been good partners with us. And coupled with all the other things that we're doing in the security space and in the cloud space, we're able to build a nice secure environment for our customers and ourselves. >> We're also a very highly regulated industry, so we have regulations that we have to comply with for security. And our customers also care about security very, very deeply. So it allows us to be able to protect our customers' data and really assure our customers that their data is safe with us, whether that data is hosted on-prem or it's in the cloud. >> What about that battle? There's often a battle between private enterprise and regulation, just in general, right? It's making sure the policy makers understand capabilities and real threats as opposed to maybe perceptions or whatever. What do you see in terms of the federal regulatory environment and what you deal with in a Balkanized system where you're dealing with 50 states and Canada. So you've got your hands full, I assume. >> So at HUB, we view security and compliance a little differently. Instead of trying to build security programs and achieve compliance by abiding by all the regulations, we do the right thing from a security perspective. We make the right investments. We put the right controls into our environment. When those new regulations come out for provincial law in Canada or different states or GDPR in Europe, that we'll be 95% of the way there, by just building the right controls into our environment at a foundational level. Then we have to just spend our efforts just kind of aligning ourselves with the other 5% that vary from regulation to regulation. >> Was that a shift in management philosophy at all? Because quite often or maybe in the past, it's like, I'm only going to do something. I'm not saying HUB, but in general, when I have to. As opposed to you appear to be preemptive. Right, you're doing things because you should. So there's a different mindset there, right? >> It sounds like a much more strategic view of security rather than a tactical reactive kind of security. How long has that been the philosophy at HUB? >> So we really built out our a security program starting the beginning of last year. There's all new leadership that came in, Seth came in, myself came in, all new leadership across the organization. And that's really where that mindset came from. And the need and recognition to make an investment in security. We view security as a driver of business, not just a cost center. It's a way we can add to the bottom line and be able to generate revenue for the business by being able to show our customers that we really care about their data, and we're going to do our best to take of them. So with that mindset, we can actually help market, and use that as a marketing tool to be able to help drive business. >> So what are some of the things that you've seen here at the show that you're thinking about, well actually that will support my strategy? Some of the more longer term things. Is there anything that's sort of stuck out to you as sort of going, ooh, that's something that we should actually take back? >> Yeah, well, there's some tactical announcements that are very important to us. The announcement of Windows File Server support. File Server support is big deal for us. We're a heavy File Server organization. And having that native within AWS is very interesting. There's been some other announcements with SFTP. Other items that we're going to be trying to take advantage of in a fairly quick fashion. And we're excited about that. We've been on our journey to cloud since essentially the summer of 2017 through now. And we're kind of ready for the next steps, the next set of capabilities. And so, a conference like this and all these announcements, we're excited to take a look at the menu and start picking out what we want to eat. >> It's a great buffet. >> Yeah, yeah. >> In a city that's famous for it. >> That's true, that's true. >> All you can eat. >> Yeah. >> All right, so let's talk about the journey then. You said 2017, so it's been a year, year plus into that. And you're excited about what's coming, but what do you need? So I know you got this great buffet that you're looking at, but maybe you don't want the pork. Maybe you want the turkey. What do you need, what do you want the most, you think, to service your clients? >> Right, so, we spent most of our migration just essentially moving what we had over to the cloud. And so, what our next steps are, let's really understand our workloads, let's be smarter about how we're running them, let's take advantage of the appropriate technology, the menu items that are out there, per work load, just to be smarter. We're going to be spending much more time this year looking at more automation, orchestration, and basically maturing our cloud capabilities so that we're ready for the next big thing. And as we acquire another company or there's a new business need, we're working to be more proactive and being able to anticipate those needs with building a platform that we can really extend and build upon. >> I'm sorry, go ahead. >> I have a question on the choosing of workloads then. So are you going to be moving everything to the cloud? Or do you think that there'll be some things that will actually remain on-prem or is it going to be a hybrid cloud? >> Our goal is to go from a data center to a network closet. >> Right. >> So we have moved almost all of our application workloads out of our data center right now. We have a large VDI environment we're looking to move as well. Once that's done, we'll be down to our phone system and a couple other legacy applications that we're trying to determine what we actually want to do with strategically. >> Right, okay. That's a pretty common sort of story. There's a lot of people who are moving as much as they possibly can, and then there's a few little bits that just sort of sit there that you need to decide, do we rewrite this, do we actually need this at all, maybe we just turn it off. >> Right. >> Yeah. >> Are there any capabilities specific to your industry that you need or that you'd like to have refined? Something that would allow you to do your job, specifically in the insurance space, that would be unique to you? Anything floating out there that you say, if we had that, that'll fine-tune this to a better degree or a greater degree? >> So for us, it's all about flexibility. We grow very, very rapidly through our mergers and acquisitions. We bought 52 companies last year and we're on pace to do almost 70 companies this year. So for us, the cloud really enables us to be able to absorb those organizations that we acquire, bring them in much, much faster. Part of the story of our cloud migration, we were able to move the integration time for mergers and acquisitions from six months down to under 90 days. Because we're now able to move those workloads in much, much quicker with the clouds. For us that's really a key capability. >> Well you guys are used to writing checks, dinner's on them tonight, right? >> Definitely. >> Seth, Jeremy, thanks for being with us. >> Thank you. >> Glad to be here. >> We appreciate the time. Good luck with the winter, I think you might need it. >> Yeah, yeah, exactly. >> All right, we'll be back with more from AWS re:Invent. You're watching theCUBE from Las Vegas. (snappy techno music)