(upbeat electronic music) >> Welcome back to everyone, to "theCUBE's" coverage here in Seattle, Washington for Amazon Web Services Partner Marketplace Seller Conference, combining their partner network with Marketplace forming a new organization called AWS Partner Organization. This is "theCUBE" coverage. I'm John Furrier, your host. We've got great "Cube" alumni here from Zscaler, a very successful cloud company doing great work. Stelio D'Alo, senior director of cloud business development and Raveesh Chugh, VP of Public Cloud Partnerships at Zscaler. Welcome back to "theCUBE." Good to see you guys. Thanks for coming on. >> Thank you. >> Thanks having us, John. >> So we've been doing a lot of coverage of Zscaler, what a great success story. I mean, the numbers are great. The business performance, it's in the top two, three, one, two, three in all metrics on public companies, SaaS. So you guys, check. Good job. >> Yes, thank you. >> So you guys have done a good job. Now you're here, selling through the Marketplace. You guys are a world class performing company in cloud SaaS, so you're in the front lines doing well. Now, Marketplace is a procurement front end opportunity for people to buy. Hey, self-service, buy and put things together. Sounds novel, what a great concept. Great cloud life. >> Yes. >> You guys are participating and now sellers are coming together. The merger of the public, the partner network with Marketplace. It feels like this is a second act for AWS to go to the next level. They got their training wheels done with partners. Now they're going to the next level. What do you guys think about this? >> Well, I think you're right, John. I think it is very much something that is in keeping with the way AWS does business. Very Amazonian, they're working back from the customer. What we're seeing is, our customers and in general, the market is gravitating towards purchase mechanisms and route to market that just are lower friction. So in the same way that companies are going through their digital transformations now, really modernizing the way they host applications and they reach the internet. They're also modernizing on the purchasing side, which is super exciting, because we're all motivated to help customers with that agility. >> You know, it's fun to watch and again I'm being really candid and props to you guys as a company. Now, everyone else is kind of following that. Okay, lift and shift, check, doing some things. Now they go, whoa, I can really build on this. People are building their own apps for their companies. Going to build their own stuff. They're going to use piece parts. They're going to put it together in a really scalable way. That's the new normal. Okay, so now they go okay, I'm going to just buy through the market, I get purchasing power. So you guys have been a real leader with AWS. Can you share what you guys are doing in the Marketplace? I think you guys are a nice example of how to execute the Marketplace. Take us through. What are you guys offering there? What's the contract look like? Is it multi-pronged? What's the approach? What do customers get if they go to the marketplace for Zscaler? >> Yeah, so it's been a very exciting story and been a very pleasing one for us with AWS marketplace. We see a huge growth potentially. There are more than 350,000 customers that are actively buying through Marketplace today. We expect that number to grow to around a million customers by the next, I would say, five to ten years and we want to be part of this wave. We see AWS Marketplace to be a channel where not only our resalers or our channel partners can come and transact, but also our GSIs like Accenture want to transact through this channel. We are doing a lot, in terms of bringing new customers through Marketplace, who want to not only close their deals, but close it in the next few hours. That's the beauty of Marketplace, the agility, the flexibility in terms of pricing that it provides to ISVs like us. If a customer wants to delay their payments by a couple of quarters, Marketplace supports that. If a customer wants to do monthly payments, Marketplace supports that. We are seeing lot of customers, big customers, that have signed EDPs, enterprise discount plans with AWS. These are multi-year cloud commits coming to us and saying we can retire our EDPs with AWS if we transact your solution through AWS Marketplace. So what we have done, as of today, we have all of our production services enabled through AWS Marketplace. What that means for customers, they can now retire their EDPs by buying Zscaler products through AWS Marketplace and in return get the full benefit of maximizing their EDP commits with AWS. >> So you guys are fully committed, no toe on the water, as we heard. You guys are all in. >> Absolutely, that's exactly the way to put it. We're all in, all of our solutions are available in the marketplace. As you mentioned, we're a SaaS provider. So we're one of the vendors in the Marketplace that have SaaS solutions. So unlike a lot of customers and even the market in general, associate the Marketplace for historical reasons, the way it started with a lot of monthly subscriptions and just dipping your toe in it from a consumer perspective. Whereas we're doing multimillion dollar, multi-year SaaS contracts. So the most complicated kinds of transactions you'd normally associate with enterprise software, we're doing in very low friction ways. >> On the Zscaler side going in low friction. >> Yep, yeah, that's right. >> How about the customer experience? >> So it is primarily the the customer that experiences. >> Driving it? >> Yeah, they're driving it and it's because rather than traditional methods of going through paperwork, purchase orders- >> What are some of the things that customers are saying about this, bcause I see two benefits, I'll say that. The friction, it's a channel, okay, for Zscaler. Let's be clear, but now you have a customer who's got a lot of Amazon. They're a trusted partner too. So why wouldn't they want to have one point of contact to use their purchasing power and you guys are okay with that. >> We're absolutely okay with it. The reason being, we're still doing the transaction and we can do the transaction with our... We're a channel first company, so that's another important distinction of how people tend to think of the Marketplace. We go through channel. A lot of our transactions are with traditional channel partners and you'd be surprised the kinds of, even the Telcos, carrier providers, are starting to embrace Marketplace. So from a customer perspective, it's less paperwork, less legal work. >> Yeah, I'd love to get your reaction to something, because I think this highlights to me what we've been reporting on with "theCUBE" with super cloud and other trends that are different in a good way. Taking it to the next level and that is that if you look at Zscaler, SaaS, SaaS is self-service, the scale, there's efficiencies. Marketplace first started out as a self-service catalog, a website, you know, click and choose, but now it's a different. He calls it a supply chain, like the CICD pipeline of buying software. He mentions that, there's also services. He put the Channel partners can come in. The GSIs, global system integrators can come in. So it's more than just a catalog now. It's kind of self-service procurement more than it is just a catalog of buy stuff. >> Yes, so yeah, I feel CEOs, CSOs of today should understand what Marketplace brings to the bear in terms of different kinds of services or Zscaler solutions that they can acquire through Marketplace and other ISV solutions, for that matter. I feel like we are at a point, after the pandemic, where there'll be a lot of digital exploration and companies can do more in terms of not just Marketplace, but also including the channel partners as part of deals. So you talked about channel conflict. AWS addressed this by bringing a program called CPPO in the picture, Channel Partner Private Offers. What that does is, we are not only bringing all our channel partners into deals. For renewals as well, they're the partner of record and they get paid alongside with the customer. So AWS does all the heavy lifting, in terms of disbursements of payments to us, to the channel partner, so it's a win-win situation for all. >> I mean, private offers and co-sale has been very popular. >> It has been, and that is our bread and butter in the Marketplace. Again, we do primarily three year contracts and so private offers work super well. A nice thing for us as a vendor is it provides a great amount of flexibility. Private Offer gives you a lot of optionality, in terms of how the constructs of the deal and whether or not you're working with a partner, how the partner is utilizing as well to resell to the end user. So, we've always talked about AWS giving IT agility. This gives purchasing and finance business agility. >> Yeah, and I think this comes up a lot. I just noticed this happening a lot more, where you see dedicated sessions, not just on DevOps and all the goodies of the cloud, financial strategy. >> Yeah. >> Seeing a lot more conversation around how to operationalize the business transactions in the cloud. >> Absolutely. >> This is the new, I mean it's not new, it's been thrown around, but not at a tech conference. You don't see that. So I got to ask you guys, what's the message to the CISOs and executives watching the business people about Zscaler in the Marketplace? What should they be looking at? What is the pitch for Zscaler for the Marketplace buyer? >> So I would say that we are a cloud-delivered network security service. We have been in this game for more than a decade. We have years of early head start with lots of features and functionality versus our competitors. If customers were to move into AWS Cloud, they can get rid of their next-gen firewalls and just have all the traffic routed through our Zscaler internet access and use Zscaler private access for accessing their private applications. We feel we have done everything in our capacity, in terms of enabling customers through Marketplace and will continue to participate in more features and functionality that Marketplace has to offer. We would like these customers to take advantage of their EDPs as well as their retirement and spend for the multi-commit through AWS Marketplace. Learn about what we have to offer and how we can really expedite the motion for them, if they want to procure our solutions through Marketplace >> You know, we're seeing an ability for them to get more creative, more progressive in terms of the purchasing. We're also doing, we're really excited about the ability to serve multiple markets. So we've had an immense amount of success in commercial. We also are seeing increasing amount of public sector, US federal government agencies that want to procure this way as well for the same reasons. So there's a lot of innovation going on. >> So you have the FedRAMP going on, you got all those certifications. >> Exactly right. So we are the first cloud-native solution to provide IL5 ATO, as well as FedRAMP pie and we make that all available, GSA schedule pricing through the AWS Marketplace, again through FSIs and other resellers. >> Public private partnerships have been a big factor, having that span of capability. I got to ask you about, this is a cool conversation, because now you're like, okay, I'm selling through the Marketplace. Companies themselves are changing how they operate. They don't just buy software that we used to use. So general purpose, bundled stuff. Oh yeah, I'm buying this product, because this has got a great solution and I have to get forced to use this firewall, because I bought this over here. That's not how companies are architecting and developing their businesses. It's no longer buying IT. They're building their company digitally. They have to be the application. So they're not sitting around, saying hey, can I get a solution? They're building and architecting their solution. This is kind of like the new enterprise that no one's talking about. They kind of, got to do their own work. >> Yes. >> There's no general purpose solution that maps every company. So they got to pick the best piece parts and integrate them. >> Yes and I feel- >> Do you guys agree with that? >> Yeah, I agree with that and customers don't want to go for point solutions anymore. They want to go with a platform approach. They want go with a vendor that can not only cut down their vendors from multi-dozens to maybe a dozen or less and that's where, you know, we kind of have pivoted to the platform-centric approach, where we not only help customers with Cloud Network Security, but we also help customers with Cloud Native Application Protection Platform that we just recently launched. It's going by the name of the different elements, including Cloud Security Posture Management, Cloud Identity Event Management and so we are continuously doing more and more on the configuration and vulnerability side space. So if a customer has an AWS S3 bucket that is opened it can be detected and can be remediated. So all of those proactive steps we are taking, in terms of enhancing our portfolio, but we have come a long way as a company, as a platform that we have evolved in the Marketplace. >> What's the hottest product? >> The hottest product? >> In Marketplace right now. >> Well, the fastest growing products include our digital experience products and we have new Cloud Protection. So we've got Posture and Workload Protection as well and those are the fastest growing. For AWS customers a strong affinity also for ZPA, which provides you zero trust access to your workloads on AWS. So those are all the most popular in Marketplace. >> Yeah. >> So I would like to add that we recently launched and this has been a few years, a couple of years. We launched a product called Zscaler Digital X, the ZDX. >> Mm-hmm. >> What that product does is, let's say you're making a Zoom call and your WiFi network is laggy or it's a Zoom server that's laggy. It kind of detects where is the problem and it further tells the IT department you need to fix either the server on which Zoom is running, or fix your home network. So that is the beauty of the product. So I think we are seeing massive growth with some of our new editions in the portfolio, which is a long time coming. >> Yeah and certainly a lot of growth opportunities for you guys, as you come in. Where do you see Zscaler's big growth coming from product-wise? What's the big push? Actually, this is great upside for you here. >> Yeah. >> On the go to market side. Where's the big growth for Zscaler right now? So I think we are focused as a company on zero trust architecture. We want to securely connect users to apps, apps to apps, workloads to workloads and machines to machines. We want to give customers an experience where they have direct access to the apps that's hidden from the outside world and they can securely connect to the apps in a very succinct fashion. The user experience is second to none. A lot of customers use us on the Microsoft Office 365 side, where they see a lag in connecting to Microsoft Office 365 directly. They use the IE service to securely connect. >> Yeah, latency kills. >> Microsoft Office 365. >> Latency kills, as we always say, you know and security, you got to look at the pattern, you want to see that data. >> Yeah, and emerging use cases, there is an immense amount of white space and upside for us as well in emerging use cases, like OT, 5G, IOT. >> Yeah. >> Federal government, DOD. >> Oh god, tactical edge government. >> Security at the edge, absolutely, yeah. >> Where's the big edge? What's the edge challenge right now, if you have to put your finger on the edge, because right now that's the hot area, we're watching that. It's going to be highly contested. It's not yet clear, I mean certainly hybrid is the operating model, cloud, distributing, computing, but edge has got unique things that you can't really point to on premises that's the same. It's highly dynamic, you need high bandwidth, low latency, compute at the edge. The data has to be processed right there. What's the big thing at the edge right now? >> Well, so that's probably an emerging answer. I mean, we're working with our customers, they're inventing and they're kind of finding the use cases for those edge, but one of the good things about Zscaler is that we are able to, we've got low latency at the edge. We're able to work as a computer at the edge. We work on Outpost, Snowball, Snowcone, the Snow devices. So we can be wherever our customers need us. Mobile devices, there are a lot of applications where we've got to be either on embedded devices, on tractors, providing security for those IOT devices. So we're pretty comfortable with where we are being the- >> So that's why you guys are financially doing so well, performance wise. I got to ask you though, because I think that brings up the great point. If this is why I like the Marketplace, if I'm a customer, the edge is highly dynamic. It's changing all the time. I don't want to wait to buy something. If I got my solution architects on a product, I need to know I'm going to have zero trust built in and I need to push the button on Zscaler. I don't want to wait. So how does the procurement side impact? What have you guys seen? Share your thoughts on how Marketplace is working from the procurement standpoint, because it seems to me to be fast. Is that right, or is it still slow on their side? On the buyer side, because this to me would be a benefit to developers, if we say, hey, the procurement can just go really fast. I don't want to go through a bunch of PO approvals or slow meetings. >> It can be, that manifests itself in several ways, John. It can be, for instance, somebody wants to do a POC and traditionally you could take any amount of time to get budget approval, take it through. What if you had a pre-approved cloud budget and that was spent primarily through AWS Marketplace, because it's consolidated data on your AWS invoice. The ability to purchase a POC on the Marketplace could be done literally within minutes of the decision being made to go forward with it. So that's kind of a front end, you know, early stage use case. We've got examples we didn't talk about on our recent earnings call of how we have helped customers bring in their procurement with large million dollar, multimillion dollar deals. Even when a resaler's been involved, one of our resaler partners. Being able to accelerate deals, because there's so much less legal work and traditional bureaucratic effort. >> Agility. >> That agility purchasing process has allowed our customers to pull into the quarter, or the end of month, or end of quarter for them, deals that would've otherwise not been able to be done. >> So this is a great example of where you can set policy and kind of create some guard rails around innovation and integration deals, knowing if it's something that the edge is happening, say okay, here's some budget. We approved it, or Amazon gives credits and partnership going on. Then I'd say, hey, well green light this, not to exceed a million dollars, or whatever number in their range and then let people have the freedom to execute. >> You're absolutely right, so from the purchasing side, it does give them that agility. It eliminates a lot of the processes that would push out a purchase in actual execution past when the business decision is made and quite frankly, to be honest, AWS has been very accommodative. They're a great partner. They've invested a lot in Marketplace, Marketplace programs, to help customers do the right thing and do it more quickly as well as vendors like us to help our customers make the decisions they need to. >> Rising tide, a rising tide floats all boats and you guys are a great example of an independent company. Highly successful on your own. >> Yep. >> Certainly the numbers are clear. Wall Street loves Zscaler and economics are great. >> Our customer CSAT numbers are off the scale as well. >> Customers are great and now you've got the Marketplace. This is again, a new normal. A new kind of ecosystem is developing where it's not like the old monolithic ecosystems. The value creation and extraction is happening differently now. It's kind of interesting. >> Yes and I feel we have a long way to go, but what I can tell you is that Zscaler is in this for the long run. We are seeing some of the competitors erupt in the space as well, but they have a long way to go. What we have built requires years worth of R&D and features and thousands of customer's use cases which kind of lead to something what Zscaler has come up with today. What we have is very unique and is going to continuously be an innovation in the market in the years to come. In terms of being more cloud-savvy or more cloud-focused or more cloud-native than what the market has seen so far in the form of next-gen firewalls. >> I know you guys have got a lot of AI work. We've had many conversations with Howie over there. Great stuff and really appreciate you guys participating in our super cloud event we had and we'll see more of that where we're talking about the next generation clouds, really enabling that new disruptive, open-spanning capabilities across multiple environments to run cloud-native modern applications at scale and secure. Appreciate your time to come on "theCUBE". >> Thank you. >> Thank you very much. >> Thanks for having us. >> Thanks, I totally appreciate it. Zscaler, leading company here on "theCUBE" talking about their relationship with Marketplace as they continue to grow and succeed as technology goes to the next level in the cloud. Of course "theCUBE's" covering it here in Seattle. I'm John Furrier, your host. Thanks for watching. (peaceful electronic music)

(upbeat electronic music) >> Welcome back to everyone, to "theCUBE's" coverage here in Seattle, Washington for Amazon Web Services Partner Marketplace Seller Conference, combining their partner network with Marketplace forming a new organization called AWS Partner Organization. This is "theCUBE" coverage. I'm John Furrier, your host. We've got great "Cube" alumni here from Zscaler, a very successful cloud company doing great work. Stelio D'Alo, senior director of cloud business development and Raveesh Chugh, VP of Public Cloud Partnerships at Zscaler. Welcome back to "theCUBE." Good to see you guys. Thanks for coming on. >> Thank you. >> Thanks having us, John. >> So we've been doing a lot of coverage of Zscaler, what a great success story. I mean, the numbers are great. The business performance, it's in the top two, three, one, two, three in all metrics on public companies, SaaS. So you guys, check. Good job. >> Yes, thank you. >> So you guys have done a good job. Now you're here, selling through the Marketplace. You guys are a world class performing company in cloud SaaS, so you're in the front lines doing well. Now, Marketplace is a procurement front end opportunity for people to buy. Hey, self-service, buy and put things together. Sounds novel, what a great concept. Great cloud life. >> Yes. >> You guys are participating and now sellers are coming together. The merger of the public, the partner network with Marketplace. It feels like this is a second act for AWS to go to the next level. They got their training wheels done with partners. Now they're going to the next level. What do you guys think about this? >> Well, I think you're right, John. I think it is very much something that is in keeping with the way AWS does business. Very Amazonian, they're working back from the customer. What we're seeing is, our customers and in general, the market is gravitating towards purchase mechanisms and route to market that just are lower friction. So in the same way that companies are going through their digital transformations now, really modernizing the way they host applications and they reach the internet. They're also modernizing on the purchasing side, which is super exciting, because we're all motivated to help customers with that agility. >> You know, it's fun to watch and again I'm being really candid and props to you guys as a company. Now, everyone else is kind of following that. Okay, lift and shift, check, doing some things. Now they go, whoa, I can really build on this. People are building their own apps for their companies. Going to build their own stuff. They're going to use piece parts. They're going to put it together in a really scalable way. That's the new normal. Okay, so now they go okay, I'm going to just buy through the market, I get purchasing power. So you guys have been a real leader with AWS. Can you share what you guys are doing in the Marketplace? I think you guys are a nice example of how to execute the Marketplace. Take us through. What are you guys offering there? What's the contract look like? Is it multi-pronged? What's the approach? What do customers get if they go to the marketplace for Zscaler? >> Yeah, so it's been a very exciting story and been a very pleasing one for us with AWS marketplace. We see a huge growth potentially. There are more than 350,000 customers that are actively buying through Marketplace today. We expect that number to grow to around a million customers by the next, I would say, five to ten years and we want to be part of this wave. We see AWS Marketplace to be a channel where not only our resalers or our channel partners can come and transact, but also our GSIs like Accenture want to transact through this channel. We are doing a lot, in terms of bringing new customers through Marketplace, who want to not only close their deals, but close it in the next few hours. That's the beauty of Marketplace, the agility, the flexibility in terms of pricing that it provides to ISVs like us. If a customer wants to delay their payments by a couple of quarters, Marketplace supports that. If a customer wants to do monthly payments, Marketplace supports that. We are seeing lot of customers, big customers, that have signed EDPs, enterprise discount plans with AWS. These are multi-year cloud commits coming to us and saying we can retire our EDPs with AWS if we transact your solution through AWS Marketplace. So what we have done, as of today, we have all of our production services enabled through AWS Marketplace. What that means for customers, they can now retire their EDPs by buying Zscaler products through AWS Marketplace and in return get the full benefit of maximizing their EDP commits with AWS. >> So you guys are fully committed, no toe on the water, as we heard. You guys are all in. >> Absolutely, that's exactly the way to put it. We're all in, all of our solutions are available in the marketplace. As you mentioned, we're a SaaS provider. So we're one of the vendors in the Marketplace that have SaaS solutions. So unlike a lot of customers and even the market in general, associate the Marketplace for historical reasons, the way it started with a lot of monthly subscriptions and just dipping your toe in it from a consumer perspective. Whereas we're doing multimillion dollar, multi-year SaaS contracts. So the most complicated kinds of transactions you'd normally associate with enterprise software, we're doing in very low friction ways. >> On the Zscaler side going in low friction. >> Yep, yeah, that's right. >> How about the customer experience? >> So it is primarily the the customer that experiences. >> Driving it? >> Yeah, they're driving it and it's because rather than traditional methods of going through paperwork, purchase orders- >> What are some of the things that customers are saying about this, bcause I see two benefits, I'll say that. The friction, it's a channel, okay, for Zscaler. Let's be clear, but now you have a customer who's got a lot of Amazon. They're a trusted partner too. So why wouldn't they want to have one point of contact to use their purchasing power and you guys are okay with that. >> We're absolutely okay with it. The reason being, we're still doing the transaction and we can do the transaction with our... We're a channel first company, so that's another important distinction of how people tend to think of the Marketplace. We go through channel. A lot of our transactions are with traditional channel partners and you'd be surprised the kinds of, even the Telcos, carrier providers, are starting to embrace Marketplace. So from a customer perspective, it's less paperwork, less legal work. >> Yeah, I'd love to get your reaction to something, because I think this highlights to me what we've been reporting on with "theCUBE" with super cloud and other trends that are different in a good way. Taking it to the next level and that is that if you look at Zscaler, SaaS, SaaS is self-service, the scale, there's efficiencies. Marketplace first started out as a self-service catalog, a website, you know, click and choose, but now it's a different. He calls it a supply chain, like the CICD pipeline of buying software. He mentions that, there's also services. He put the Channel partners can come in. The GSIs, global system integrators can come in. So it's more than just a catalog now. It's kind of self-service procurement more than it is just a catalog of buy stuff. >> Yes, so yeah, I feel CEOs, CSOs of today should understand what Marketplace brings to the bear in terms of different kinds of services or Zscaler solutions that they can acquire through Marketplace and other ISV solutions, for that matter. I feel like we are at a point, after the pandemic, where there'll be a lot of digital exploration and companies can do more in terms of not just Marketplace, but also including the channel partners as part of deals. So you talked about channel conflict. AWS addressed this by bringing a program called CPPO in the picture, Channel Partner Private Offers. What that does is, we are not only bringing all our channel partners into deals. For renewals as well, they're the partner of record and they get paid alongside with the customer. So AWS does all the heavy lifting, in terms of disbursements of payments to us, to the channel partner, so it's a win-win situation for all. >> I mean, private offers and co-sale has been very popular. >> It has been, and that is our bread and butter in the Marketplace. Again, we do primarily three year contracts and so private offers work super well. A nice thing for us as a vendor is it provides a great amount of flexibility. Private Offer gives you a lot of optionality, in terms of how the constructs of the deal and whether or not you're working with a partner, how the partner is utilizing as well to resell to the end user. So, we've always talked about AWS giving IT agility. This gives purchasing and finance business agility. >> Yeah, and I think this comes up a lot. I just noticed this happening a lot more, where you see dedicated sessions, not just on DevOps and all the goodies of the cloud, financial strategy. >> Yeah. >> Seeing a lot more conversation around how to operationalize the business transactions in the cloud. >> Absolutely. >> This is the new, I mean it's not new, it's been thrown around, but not at a tech conference. You don't see that. So I got to ask you guys, what's the message to the CISOs and executives watching the business people about Zscaler in the Marketplace? What should they be looking at? What is the pitch for Zscaler for the Marketplace buyer? >> So I would say that we are a cloud-delivered network security service. We have been in this game for more than a decade. We have years of early head start with lots of features and functionality versus our competitors. If customers were to move into AWS Cloud, they can get rid of their next-gen firewalls and just have all the traffic routed through our Zscaler internet access and use Zscaler private access for accessing their private applications. We feel we have done everything in our capacity, in terms of enabling customers through Marketplace and will continue to participate in more features and functionality that Marketplace has to offer. We would like these customers to take advantage of their EDPs as well as their retirement and spend for the multi-commit through AWS Marketplace. Learn about what we have to offer and how we can really expedite the motion for them, if they want to procure our solutions through Marketplace >> You know, we're seeing an ability for them to get more creative, more progressive in terms of the purchasing. We're also doing, we're really excited about the ability to serve multiple markets. So we've had an immense amount of success in commercial. We also are seeing increasing amount of public sector, US federal government agencies that want to procure this way as well for the same reasons. So there's a lot of innovation going on. >> So you have the FedRAMP going on, you got all those certifications. >> Exactly right. So we are the first cloud-native solution to provide IL5 ATO, as well as FedRAMP pie and we make that all available, GSA schedule pricing through the AWS Marketplace, again through FSIs and other resellers. >> Public private partnerships have been a big factor, having that span of capability. I got to ask you about, this is a cool conversation, because now you're like, okay, I'm selling through the Marketplace. Companies themselves are changing how they operate. They don't just buy software that we used to use. So general purpose, bundled stuff. Oh yeah, I'm buying this product, because this has got a great solution and I have to get forced to use this firewall, because I bought this over here. That's not how companies are architecting and developing their businesses. It's no longer buying IT. They're building their company digitally. They have to be the application. So they're not sitting around, saying hey, can I get a solution? They're building and architecting their solution. This is kind of like the new enterprise that no one's talking about. They kind of, got to do their own work. >> Yes. >> There's no general purpose solution that maps every company. So they got to pick the best piece parts and integrate them. >> Yes and I feel- >> Do you guys agree with that? >> Yeah, I agree with that and customers don't want to go for point solutions anymore. They want to go with a platform approach. They want go with a vendor that can not only cut down their vendors from multi-dozens to maybe a dozen or less and that's where, you know, we kind of have pivoted to the platform-centric approach, where we not only help customers with Cloud Network Security, but we also help customers with Cloud Native Application Protection Platform that we just recently launched. It's going by the name of the different elements, including Cloud Security Posture Management, Cloud Identity Event Management and so we are continuously doing more and more on the configuration and vulnerability side space. So if a customer has an AWS S3 bucket that is opened it can be detected and can be remediated. So all of those proactive steps we are taking, in terms of enhancing our portfolio, but we have come a long way as a company, as a platform that we have evolved in the Marketplace. >> What's the hottest product? >> The hottest product? >> In Marketplace right now. >> Well, the fastest growing products include our digital experience products and we have new Cloud Protection. So we've got Posture and Workload Protection as well and those are the fastest growing. For AWS customers a strong affinity also for ZPA, which provides you zero trust access to your workloads on AWS. So those are all the most popular in Marketplace. >> Yeah. >> So I would like to add that we recently launched and this has been a few years, a couple of years. We launched a product called Zscaler Digital X, the ZDX. >> Mm-hmm. >> What that product does is, let's say you're making a Zoom call and your WiFi network is laggy or it's a Zoom server that's laggy. It kind of detects where is the problem and it further tells the IT department you need to fix either the server on which Zoom is running, or fix your home network. So that is the beauty of the product. So I think we are seeing massive growth with some of our new editions in the portfolio, which is a long time coming. >> Yeah and certainly a lot of growth opportunities for you guys, as you come in. Where do you see Zscaler's big growth coming from product-wise? What's the big push? Actually, this is great upside for you here. >> Yeah. >> On the go to market side. Where's the big growth for Zscaler right now? So I think we are focused as a company on zero trust architecture. We want to securely connect users to apps, apps to apps, workloads to workloads and machines to machines. We want to give customers an experience where they have direct access to the apps that's hidden from the outside world and they can securely connect to the apps in a very succinct fashion. The user experience is second to none. A lot of customers use us on the Microsoft Office 365 side, where they see a lag in connecting to Microsoft Office 365 directly. They use the IE service to securely connect. >> Yeah, latency kills. >> Microsoft Office 365. >> Latency kills, as we always say, you know and security, you got to look at the pattern, you want to see that data. >> Yeah, and emerging use cases, there is an immense amount of white space and upside for us as well in emerging use cases, like OT, 5G, IOT. >> Yeah. >> Federal government, DOD. >> Oh god, tactical edge government. >> Security at the edge, absolutely, yeah. >> Where's the big edge? What's the edge challenge right now, if you have to put your finger on the edge, because right now that's the hot area, we're watching that. It's going to be highly contested. It's not yet clear, I mean certainly hybrid is the operating model, cloud, distributing, computing, but edge has got unique things that you can't really point to on premises that's the same. It's highly dynamic, you need high bandwidth, low latency, compute at the edge. The data has to be processed right there. What's the big thing at the edge right now? >> Well, so that's probably an emerging answer. I mean, we're working with our customers, they're inventing and they're kind of finding the use cases for those edge, but one of the good things about Zscaler is that we are able to, we've got low latency at the edge. We're able to work as a computer at the edge. We work on Outpost, Snowball, Snowcone, the Snow devices. So we can be wherever our customers need us. Mobile devices, there are a lot of applications where we've got to be either on embedded devices, on tractors, providing security for those IOT devices. So we're pretty comfortable with where we are being the- >> So that's why you guys are financially doing so well, performance wise. I got to ask you though, because I think that brings up the great point. If this is why I like the Marketplace, if I'm a customer, the edge is highly dynamic. It's changing all the time. I don't want to wait to buy something. If I got my solution architects on a product, I need to know I'm going to have zero trust built in and I need to push the button on Zscaler. I don't want to wait. So how does the procurement side impact? What have you guys seen? Share your thoughts on how Marketplace is working from the procurement standpoint, because it seems to me to be fast. Is that right, or is it still slow on their side? On the buyer side, because this to me would be a benefit to developers, if we say, hey, the procurement can just go really fast. I don't want to go through a bunch of PO approvals or slow meetings. >> It can be, that manifests itself in several ways, John. It can be, for instance, somebody wants to do a POC and traditionally you could take any amount of time to get budget approval, take it through. What if you had a pre-approved cloud budget and that was spent primarily through AWS Marketplace, because it's consolidated data on your AWS invoice. The ability to purchase a POC on the Marketplace could be done literally within minutes of the decision being made to go forward with it. So that's kind of a front end, you know, early stage use case. We've got examples we didn't talk about on our recent earnings call of how we have helped customers bring in their procurement with large million dollar, multimillion dollar deals. Even when a resaler's been involved, one of our resaler partners. Being able to accelerate deals, because there's so much less legal work and traditional bureaucratic effort. >> Agility. >> That agility purchasing process has allowed our customers to pull into the quarter, or the end of month, or end of quarter for them, deals that would've otherwise not been able to be done. >> So this is a great example of where you can set policy and kind of create some guard rails around innovation and integration deals, knowing if it's something that the edge is happening, say okay, here's some budget. We approved it, or Amazon gives credits and partnership going on. Then I'd say, hey, well green light this, not to exceed a million dollars, or whatever number in their range and then let people have the freedom to execute. >> You're absolutely right, so from the purchasing side, it does give them that agility. It eliminates a lot of the processes that would push out a purchase in actual execution past when the business decision is made and quite frankly, to be honest, AWS has been very accommodative. They're a great partner. They've invested a lot in Marketplace, Marketplace programs, to help customers do the right thing and do it more quickly as well as vendors like us to help our customers make the decisions they need to. >> Rising tide, a rising tide floats all boats and you guys are a great example of an independent company. Highly successful on your own. >> Yep. >> Certainly the numbers are clear. Wall Street loves Zscaler and economics are great. >> Our customer CSAT numbers are off the scale as well. >> Customers are great and now you've got the Marketplace. This is again, a new normal. A new kind of ecosystem is developing where it's not like the old monolithic ecosystems. The value creation and extraction is happening differently now. It's kind of interesting. >> Yes and I feel we have a long way to go, but what I can tell you is that Zscaler is in this for the long run. We are seeing some of the competitors erupt in the space as well, but they have a long way to go. What we have built requires years worth of R&D and features and thousands of customer's use cases which kind of lead to something what Zscaler has come up with today. What we have is very unique and is going to continuously be an innovation in the market in the years to come. In terms of being more cloud-savvy or more cloud-focused or more cloud-native than what the market has seen so far in the form of next-gen firewalls. >> I know you guys have got a lot of AI work. We've had many conversations with Howie over there. Great stuff and really appreciate you guys participating in our super cloud event we had and we'll see more of that where we're talking about the next generation clouds, really enabling that new disruptive, open-spanning capabilities across multiple environments to run cloud-native modern applications at scale and secure. Appreciate your time to come on "theCUBE". >> Thank you. >> Thank you very much. >> Thanks for having us. >> Thanks, I totally appreciate it. Zscaler, leading company here on "theCUBE" talking about their relationship with Marketplace as they continue to grow and succeed as technology goes to the next level in the cloud. Of course "theCUBE's" covering it here in Seattle. I'm John Furrier, your host. Thanks for watching. (peaceful electronic music)

>>We're back with Jess Borgman of Starburst and Richard Jarvis of EVAs health. Okay. We're gonna get into lie. Number two, and that is this an open source based platform cannot give you the performance and control that you can get with a proprietary system. Is that a lie? Justin, the enterprise data warehouse has been pretty dominant and has evolved and matured. Its stack has mature over the years. Why is it not the default platform for data? >>Yeah, well, I think that's become a lie over time. So I, I think, you know, if we go back 10 or 12 years ago with the advent of the first data lake really around Hudu, that probably was true that you couldn't get the performance that you needed to run fast, interactive, SQL queries in a data lake. Now a lot's changed in 10 or 12 years. I remember in the very early days, people would say, you'll, you'll never get performance because you need to be column. You need to store data in a column format. And then, you know, column formats were introduced to, to data lake. You have Parque ORC file in aro that were created to ultimately deliver performance out of that. So, okay. We got, you know, largely over the performance hurdle, you know, more recently people will say, well, you don't have the ability to do updates and deletes like a traditional data warehouse. >>And now we've got the creation of new data formats, again, like iceberg and Delta and hoote that do allow for updates and delete. So I think the data lake has continued to mature. And I remember a quote from, you know, Kurt Monash many years ago where he said, you know, it takes six or seven years to build a functional database. I think that's that's right. And now we've had almost a decade go by. So, you know, these technologies have matured to really deliver very, very close to the same level performance and functionality of, of cloud data warehouses. So I think the, the reality is that's become a lie and now we have large giant hyperscale internet companies that, you know, don't have the traditional data warehouse at all. They do all of their analytics in a data lake. So I think we've, we've proven that it's very much possible today. >>Thank you for that. And so Richard, talk about your perspective as a practitioner in terms of what open brings you versus, I mean, the clothes is it's open as a moving target. I remember Unix used to be open systems and so it's, it is an evolving, you know, spectrum, but, but from your perspective, what does open give you that you can't get from a proprietary system where you are fearful of in a proprietary system? >>I, I suppose for me open buys us the ability to be unsure about the future, because one thing that's always true about technology is it evolves in a, a direction, slightly different to what people expect and what you don't want to end up done is backed itself into a corner that then prevents it from innovating. So if you have chosen the technology and you've stored trillions of records in that technology and suddenly a new way of processing or machine learning comes out, you wanna be able to take advantage your competitive edge might depend upon it. And so I suppose for us, we acknowledge that we don't have perfect vision of what the future might be. And so by backing open storage technologies, we can apply a number of different technologies to the processing of that data. And that gives us the ability to remain relevant, innovate on our data storage. And we have bought our way out of the, any performance concerns because we can use cloud scale infrastructure to scale up and scale down as we need. And so we don't have the concerns that we don't have enough hardware today to process what we want to do, want to achieve. We can just scale up when we need it and scale back down. So open source has really allowed us to maintain the being at the cutting edge. >>So Jess, let me play devil's advocate here a little bit, and I've talked to JAK about this and you know, obviously her vision is there's an open source that, that data mesh is open source, an open source tooling, and it's not a proprietary, you know, you're not gonna buy a data mesh. You're gonna build it with, with open source toolings and, and vendors like you are gonna support it, but come back to sort of today, you can get to market with a proprietary solution faster. I'm gonna make that statement. You tell me if it's a lie and then you can say, okay, we support Apache iceberg. We're gonna support open source tooling, take a company like VMware, not really in the data business, but how, the way they embraced Kubernetes and, and you know, every new open source thing that comes along, they say, we do that too. Why can't proprietary systems do that and be as effective? >>Yeah, well I think at least with the, within the data landscape saying that you can access open data formats like iceberg or, or others is, is a bit dis disingenuous because really what you're selling to your customer is a certain degree of performance, a certain SLA, and you know, those cloud data warehouses that can reach beyond their own proprietary storage drop all the performance that they were able to provide. So it is, it reminds me kind of, of, again, going back 10 or 12 years ago when everybody had a connector to hit and that they thought that was the solution, right? But the reality was, you know, a connector was not the same as running workloads in hit back then. And I think similarly, you know, being able to connect to an external table that lives in an open data format, you know, you're, you're not going to give it the performance that your customers are accustomed to. And at the end of the day, they're always going to be predisposed. They're always going to be incentivized to get that data ingested into the data warehouse, cuz that's where they have control. And you know, the bottom line is the database industry has really been built around vendor lockin. I mean, from the start, how, how many people love Oracle today, but our customers, nonetheless, I think, you know, lockin is, is, is part of this industry. And I think that's really what we're trying to change with open data formats. >>Well, it's interesting remind of when I, you know, I see the, the gas price, the TSR gas price I, I drive up and then I say, oh, that's the cash price credit card. I gotta pay 20 cents more, but okay. But so the, the argument then, so let me, let me come back to you, Justin. So what's wrong with saying, Hey, we support open data formats, but yeah, you're gonna get better performance if you, if you, you keep it into our closed system, are you saying that long term that's gonna come back and bite you cuz you're gonna end up, you mentioned Oracle, you mentioned Teradata. Yeah. That's by, by implication, you're saying that's where snowflake customers are headed. >>Yeah, absolutely. I think this is a movie that, you know, we've all seen before. At least those of us who've been in the industry long enough to, to see this movie play over a couple times. So I do think that's the future. And I think, you know, I loved what Richard said. I actually wrote it down. Cause I thought it was an amazing quote. He said, it buys us the ability to be unsure of the future. That that pretty much says it all the, the future is unknowable and the reality is using open data formats. You remain interoperable with any technology you want to utilize. If you want to use spark to train a machine learning model and you wanna use Starbust to query via sequel, that's totally cool. They can both work off the same exact, you know, data, data sets by contrast, if you're, you know, focused on a proprietary model, then you're kind of locked in again to that model. I think the same applies to data, sharing to data products, to a wide variety of, of aspects of the data landscape that a proprietary approach kind of closes you and, and locks you in. >>So I, I would say this Richard, I'd love to get your thoughts on it. Cause I talked to a lot of Oracle customers, not as many te data customers there, but, but a lot of Oracle customers and they, you know, they'll admit yeah, you know, the Jammin us on price and the license cost, but we do get value out of it. And so my question to you, Richard, is, is do the, let's call it data warehouse systems or the proprietary systems. Are they gonna deliver a greater ROI sooner? And is that in allure of, of that customers, you know, are attracted to, or can open platforms deliver as fast an ROI? >>I think the answer to that is it can depend a bit. It depends on your business's skillset. So we are lucky that we have a number of proprietary teams that work in databases that provide our operational data capability. And we have teams of analytics and big data experts who can work with open data sets and open data formats. And so for those different teams, they can get to an ROI more quickly with different technologies for the business though, we can't do better for our operational data stores than proprietary databases. Today we can back off very tight SLAs to them. We can demonstrate reliability from millions of hours of those databases being run at enterprise scale, but for an analytics workload where increasing our business is growing in that direction, we can't do better than open data formats with cloud-based data mesh type technologies. And so it's not a simple answer. That one will always be the right answer for our business. We definitely have times when proprietary databases provide a capability that we couldn't easily represent or replicate with open technologies. >>Yeah. Richard, stay with you. You mentioned, you know, you know, some things before that, that strike me, you know, the data brick snowflake, you know, thing is always a lot of fun for analysts like me. You've got data bricks coming at it. Richard, you mentioned you have a lot of rockstar, data engineers, data bricks coming at it from a data engineering heritage. You get snowflake coming at it from an analytics heritage. Those two worlds are, are colliding people like PJI Mohan said, you know what? I think it's actually harder to play in the data engineering. So IE, it's easier to for data engineering world to go into the analytics world versus the reverse, but thinking about up and coming engineers and developers preparing for this future of data engineering and data analytics, how, how should they be thinking about the future? What, what's your advice to those young people? >>So I think I'd probably fall back on general programming skill sets. So the advice that I saw years ago was if you have open source technologies, the pythons and Javas on your CV, you command a 20% pay, hike over people who can only do proprietary programming languages. And I think that's true of data technologies as well. And from a business point of view, that makes sense. I'd rather spend the money that I save on proprietary licenses on better engineers, because they can provide more value to the business that can innovate us beyond our competitors. So I think I would my advice to people who are starting here or trying to build teams to capitalize on data assets is begin with open license, free capabilities because they're very cheap to experiment with. And they generate a lot of interest from people who want to join you as a business. And you can make them very successful early, early doors with, with your analytics journey. >>It's interesting. Again, analysts like myself, we do a lot of TCO work and have over the last 20 plus years and in the world of Oracle, you know, normally it's the staff, that's the biggest nut in total cost of ownership, not an Oracle. It's the it's the license cost is by far the biggest component in the, in the blame pie. All right, Justin, help us close out this segment. We've been talking about this sort of data mesh open, closed snowflake data bricks. Where does Starburst sort of as this engine for the data lake data lake house, the data warehouse, it, it fit in this, in this world. >>Yeah. So our view on how the future ultimately unfolds is we think that data lakes will be a natural center of gravity for a lot of the reasons that we described open data formats, lowest total cost of ownership, because you get to choose the cheapest storage available to you. Maybe that's S3 or Azure data lake storage or Google cloud storage, or maybe it's on-prem object storage that you bought at a, at a really good price. So ultimately storing a lot of data in a data lake makes a lot of sense, but I think what makes our perspective unique is we still don't think you're gonna get everything there either. We think that basically centralization of all your data assets is just an impossible endeavor. And so you wanna be able to access data that lives outside of the lake as well. So we kind of think of the lake as maybe the biggest place by volume in terms of how much data you have, but to, to have comprehensive analytics and to truly understand your business and understanding holistically, you need to be able to go access other data sources as well. And so that's the role that we wanna play is to be a single point of access for our customers, provide the right level of fine grained access controls so that the right people have access to the right data and ultimately make it easy to discover and consume via, you know, the creation of data products as well. >>Great. Okay. Thanks guys. Right after this quick break, we're gonna be back to debate whether the cloud data model that we see emerging and the so-called modern data stack is really modern or is it the same wine new bottle when it comes to data architectures, you're watching the cube, the leader in enterprise and emerging tech coverage.

>> From theCUBE studios in Palo Alto in Boston bringing you data driven insights from theCUBE and ETR. This is breaking analysis with Dave Vellante. >> The term Supercloud is somewhat new, but the concepts behind it have been bubbling for years, early last decade when NIST put forth a definition of cloud computing it said services had to be accessible over a public network essentially cutting the on-prem crowd out of the cloud conversation. Now a guy named Chuck Hollis, who was a field CTO at EMC at the time and a prolific blogger objected to that criterion and laid out his vision for what he termed a private cloud. Now, in that post, he showed a workload running both on premises and in a public cloud sharing the underlying resources in an automated and seamless manner. What later became known more broadly as hybrid cloud that vision as we now know, really never materialized, and we were left with multi-cloud sets of largely incompatible and disconnected cloud services running in separate silos. The point is what Hollis laid out, IE the ability to abstract underlying infrastructure complexity and run workloads across multiple heterogeneous estates with an identical experience is what super cloud is all about. Hello and welcome to this week's Wikibon cube insights powered by ETR and this breaking analysis. We share what we hope to learn from super cloud 22 next week, next Tuesday at 9:00 AM Pacific. The community is gathering for Supercloud 22 an inclusive pilot symposium hosted by theCUBE and made possible by VMware and other founding partners. It's a one day single track event with more than 25 speakers digging into the architectural, the technical, structural and business aspects of Supercloud. This is a hybrid event with a live program in the morning running out of our Palo Alto studio and pre-recorded content in the afternoon featuring industry leaders, technologists, analysts and investors up and down the technology stack. Now, as I said up front the seeds of super cloud were sewn early last decade. After the very first reinvent we published our Amazon gorilla post, that scene in the upper right corner here. And we talked about how to differentiate from Amazon and form ecosystems around industries and data and how the cloud would change IT permanently. And then up in the upper left we put up a post on the old Wikibon Wiki. Yeah, it used to be a Wiki. Check out my hair by the way way no gray, that's how long ago this was. And we talked about in that post how to compete in the Amazon economy. And we showed a graph of how IT economics were changing. And cloud services had marginal economics that looked more like software than hardware at scale. And this would reset, we said opportunities for both technology sellers and buyers for the next 20 years. And this came into sharper focus in the ensuing years culminating in a milestone post by Greylock's Jerry Chen called Castles in the Cloud. It was an inspiration and catalyst for us using the term Supercloud in John Furrier's post prior to reinvent 2021. So we started to flesh out this idea of Supercloud where companies of all types build services on top of hyperscale infrastructure and across multiple clouds, going beyond multicloud 1.0, if you will, which was really a symptom, as we said, many times of multi-vendor at least that's what we argued. And despite its fuzzy definition, it resonated with people because they knew something was brewing, Keith Townsend the CTO advisor, even though he frankly, wasn't a big fan of the buzzy nature of the term Supercloud posted this awesome Blackboard on Twitter take a listen to how he framed it. Please play the clip. >> Is VMware the right company to make the super cloud work, term that Wikibon came up with to describe the taking of discreet services. So it says RDS from AWS, cloud compute engines from GCP and authentication from Azure to build SaaS applications or enterprise applications that connect back to your data center, is VMware's cross cloud vision 'cause it is just a vision today, the right approach. Or should you be looking towards companies like HashiCorp to provide this overall capability that we all agree, or maybe you don't that we need in an enterprise comment below your thoughts. >> So I really like that Keith has deep practitioner knowledge and lays out a couple of options. I especially like the examples he uses of cloud services. He recognizes the need for cross cloud services and he notes this capability is aspirational today. Remember this was eight or nine months ago and he brings HashiCorp into the conversation as they're one of the speakers at Supercloud 22 and he asks the community, what they think, the thing is we're trying to really test out this concept and people like Keith are instrumental as collaborators. Now I'm sure you're not surprised to hear that mot everyone is on board with the Supercloud meme, in particular Charles Fitzgerald has been a wonderful collaborator just by his hilarious criticisms of the concept. After a couple of super cloud posts, Charles put up his second rendition of "Supercloudifragilisticexpialidoucious". I mean, it's just beautiful, but to boot, he put up this picture of Baghdad Bob asking us to just stop, Bob's real name is Mohamed Said al-Sahaf. He was the minister of propaganda for Sadam Husein during the 2003 invasion of Iraq. And he made these outrageous claims of, you know US troops running in fear and putting down their arms and so forth. So anyway, Charles laid out several frankly very helpful critiques of Supercloud which has led us to really advance the definition and catalyze the community's thinking on the topic. Now, one of his issues and there are many is we said a prerequisite of super cloud was a super PaaS layer. Gartner's Lydia Leong chimed in saying there were many examples of successful PaaS vendors built on top of a hyperscaler some having the option to run in more than one cloud provider. But the key point we're trying to explore is the degree to which that PaaS layer is purpose built for a specific super cloud function. And not only runs in more than one cloud provider, Lydia but runs across multiple clouds simultaneously creating an identical developer experience irrespective of a state. Now, maybe that's what Lydia meant. It's hard to say from just a tweet and she's a sharp lady, so, and knows more about that market, that PaaS market, than I do. But to the former point at Supercloud 22, we have several examples. We're going to test. One is Oracle and Microsoft's recent announcement to run database services on OCI and Azure, making them appear as one rather than use an off the shelf platform. Oracle claims to have developed a capability for developers specifically built to ensure high performance low latency, and a common experience for developers across clouds. Another example we're going to test is Snowflake. I'll be interviewing Benoit Dageville co-founder of Snowflake to understand the degree to which Snowflake's recent announcement of an application development platform is perfect built, purpose built for the Snowflake data cloud. Is it just a plain old pass, big whoop as Lydia claims or is it something new and innovative, by the way we invited Charles Fitz to participate in Supercloud 22 and he decline saying in addition to a few other somewhat insulting things there's definitely interesting new stuff brewing that isn't traditional cloud or SaaS but branding at all super cloud doesn't help either. Well, indeed, we agree with part of that and we'll see if it helps advanced thinking and helps customers really plan for the future. And that's why Supercloud 22 has going to feature some of the best analysts in the business in The Great Supercloud Debate. In addition to Keith Townsend and Maribel Lopez of Lopez research and Sanjeev Mohan from former Gartner analyst and principal at SanjMo participated in this session. Now we don't want to mislead you. We don't want to imply that these analysts are hopping on the super cloud bandwagon but they're more than willing to go through the thought experiment and mental exercise. And, we had a great conversation that you don't want to miss. Maribel Lopez had what I thought was a really excellent way to think about this. She used TCP/IP as an historical example, listen to what she said. >> And Sanjeev Mohan has some excellent thoughts on the feasibility of an open versus de facto standard getting us to the vision of Supercloud, what's possible and what's likely now, again, I don't want to imply that these analysts are out banging the Supercloud drum. They're not necessarily doing that, but they do I think it's fair to say believe that something new is bubbling and whether it's called Supercloud or multicloud 2.0 or cross cloud services or whatever name you choose it's not multicloud of the 2010s and we chose Supercloud. So our goal here is to advance the discussion on what's next in cloud and Supercloud is meant to be a term to describe that future of cloud and specifically the cloud opportunities that can be built on top of hyperscale, compute, storage, networking machine learning, and other services at scale. And that is why we posted this piece on Answering the top 10 questions about Supercloud. Many of which were floated by Charles Fitzgerald and others in the community. Why does the industry need another term what's really new and different? And what is hype? What specific problems does Supercloud solve? What are the salient characteristics of Supercloud? What's different beyond multicloud? What is a super pass? Is it necessary to have a Supercloud? How will applications evolve on superclouds? What workloads will run? All these questions will be addressed in detail as a way to advance the discussion and help practitioners and business people understand what's real today. And what's possible with cloud in the near future. And one other question we'll address is who will build super clouds? And what new entrance we can expect. This is an ETR graphic that we showed in a previous episode of breaking analysis, and it lays out some of the companies we think are building super clouds or in a position to do so, by the way the Y axis shows net score or spending velocity and the X axis depicts presence in the ETR survey of more than 1200 respondents. But the key callouts to this slide in addition to some of the smaller firms that aren't yet showing up in the ETR data like Chaossearch and Starburst and Aviatrix and Clumio but the really interesting additions are industry players Walmart with Azure, Capital one and Goldman Sachs with AWS, Oracle, with Cerner. These we think are early examples, bubbling up of industry clouds that will eventually become super clouds. So we'll explore these and other trends to get the community's input on how this will all play out. These are the things we hope you'll take away from Supercloud 22. And we have an amazing lineup of experts to answer your question. Technologists like Kit Colbert, Adrian Cockcroft, Mariana Tessel, Chris Hoff, Will DeForest, Ali Ghodsi, Benoit Dageville, Muddu Sudhakar and many other tech athletes, investors like Jerry Chen and In Sik Rhee the analyst we featured earlier, Paula Hansen talking about go to market in a multi-cloud world Gee Rittenhouse talking about cloud security, David McJannet, Bhaskar Gorti of Platform9 and many, many more. And of course you, so please go to theCUBE.net and register for Supercloud 22, really lightweight reg. We're not doing this for lead gen. We're doing it for collaboration. If you sign in you can get the chat and ask questions in real time. So don't miss this inaugural event Supercloud 22 on August 9th at 9:00 AM Pacific. We'll see you there. Okay. That's it for today. Thanks for watching. Thank you to Alex Myerson who's on production and manages the podcast. Kristen Martin and Cheryl Knight. They help get the word out on social media and in our newsletters. And Rob Hof is our editor in chief over at SiliconANGLE. Does some really wonderful editing. Thank you to all. Remember these episodes are all available as podcasts wherever you listen, just search breaking analysis podcast. I publish each week on wikibon.com and Siliconangle.com. And you can email me at David.Vellantesiliconangle.com or DM me at Dvellante, comment on my LinkedIn post. Please do check out ETR.AI for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE insights powered by ETR. Thanks for watching. And we'll see you next week in Palo Alto at Supercloud 22 or next time on breaking analysis. (calm music)

>>From the cube studios in Palo Alto, in Boston, bringing you data driven insights from the cube and ETR. This is breaking analysis with Dave ante. >>When Frank sluman took service, now public many people undervalued the company, positioning it as just a better help desk tool. You know, it turns out that the firm actually had a massive Tam expansion opportunity in it. SM customer service, HR, logistics, security marketing, and service management. Generally now stock price followed over the years, the stellar execution under Slootman and CFO, Mike scar Kelly's leadership. Now, when they took the reins at snowflake expectations were already set that they'd repeat the feet, but this time, if anything, the company was overvalued out of the gate, the thing is people didn't really better understand the market opportunity this time around, other than that, it was a bet on Salman's track record of execution and on data, pretty good bets, but folks really didn't appreciate that snowflake. Wasn't just a better data warehouse that it was building what they call a data cloud, and we've turned a data super cloud. >>Hello and welcome to this. Week's Wikibon cube insights powered by ETR in this breaking analysis, we'll do four things. First. We're gonna review the recent narrative and concerns about snowflake and its value. Second, we're gonna share survey data from ETR that will confirm precisely what the company's CFO has been telling anyone who will listen. And third, we're gonna share our view of what snowflake is building IE, trying to become the defacto standard data platform, and four convey our expectations for the upcoming snowflake summit. Next week at Caesar's palace in Las Vegas, Snowflake's most recent quarterly results they've been well covered and well documented. It basically hit its targets, which for snowflake investors was bad news wall street piled on expressing concerns about Snowflake's consumption, pricing model, slowing growth rates, lack of profitability and valuation. Given the, given the current macro market conditions, the stock dropped below its IPO offering price, which you couldn't touch on day one, by the way, as the stock opened well above that and, and certainly closed well above that price of one 20 and folks express concerns about some pretty massive insider selling throughout 2021 and early 2022, all this caused the stock price to drop quite substantially. >>And today it's down around 63% or more year to date, but the only real substantive change in the company's business is that some of its largest consumer facing companies, while still growing dialed back, their consumption this past quarter, the tone of the call was I wouldn't say contentious the earnings call, but Scarelli, I think was getting somewhat annoyed with the implication from some analyst questions that something is fundamentally wrong with Snowflake's business. So let's unpack this a bit first. I wanna talk about the consumption pricing on the earnings call. One of the analysts asked if snowflake would consider more of a subscription based model so that they could better weather such fluctuations and demand before the analyst could even finish the question, CFO Scarelli emphatically interrupted and said, no, <laugh> the analyst might as well have asked, Hey Mike, have you ever considered changing your pricing model and screwing your customers the same way most legacy SaaS companies lock their customers in? >>So you could squeeze more revenue out of them and make my forecasting life a little bit easier. <laugh> consumption pricing is one of the things that makes a company like snowflake so attractive because customers is especially large customers facing fluctuating demand can dial and their end demand can dial down usage for certain workloads that are maybe not yet revenue producing or critical. Now let's jump to insider trading. There were a lot of insider selling going on last year and into 2022 now, I mean a lot sloop and Scarelli Christine Kleinman. Mike SP several board members. They sold stock worth, you know, many, many hundreds of millions of dollars or, or more at prices in the two hundreds and three hundreds and even four hundreds. You remember the company at one point was valued at a hundred billion dollars, surpassing the value of service now, which is this stupid at this point in the company's tenure and the insider's cost basis was very often in the single digit. >>So on the one hand, I can't blame them. You know what a gift the market gave them last year. Now also famed investor, Peter Linsey famously said, insiders sell for many reasons, but they only buy for one. But I have to say there wasn't a lot of insider buying of the stock when it was in the three hundreds and above. And so yeah, this pattern is something to watch our insiders buying. Now, I'm not sure we'll keep watching snowflake. It's pretty generous with stock based compensation and insiders still own plenty of stock. So, you know, maybe not, but we'll see in future disclosures, but the bottom line is Snowflake's business. Hasn't dramatically changed with the exception of these large consumer facing companies. Now, another analyst pointed out that companies like snap, he pointed to company snap, Peloton, Netflix, and face Facebook have been cutting back. >>And Scarelli said, and what was a bit of a surprise to me? Well, I'm not gonna name the customers, but it's not the ones you mentioned. So I, I thought I would've, you know, if I were the analyst I would've follow up with, how about Walmart target visa, Amex, Expedia price line, or Uber? Any of those Mike? I, I doubt he would've answered me anything. Anyway, the one thing that Scarelli did do is update Snowflake's fiscal year 2029 outlook to emphasize the long term opportunity that the company sees. This chart shows a financial snapshot of Snowflake's current business using a combination of quarterly and full year numbers in a model of what the business will look like. According to Scarelli in Dave ante with a little bit of judgment in 2029. So this is essentially based on the company's framework. Snowflake this year will surpass 2 billion in revenues and targeting 10 billion by 2029. >>Its current growth rate is 84% and its target is 30% in the out years, which is pretty impressive. Gross margins are gonna tick up a bit, but remember Snowflake's cost a good sold they're dominated by its cloud cost. So it's got a governor. There has to pay AWS Azure and Google for its infrastructure. But high seventies is a, is a good target. It's not like the historical Microsoft, you know, 80, 90% gross margin. Not that Microsoft is there anymore, but, but snowflake, you know, was gonna be limited by how far it can, how much it can push gross margin because of that factor. It's got a tiny operating margin today and it's targeting 20% in 2029. So that would be 2 billion. And you would certainly expect it's operating leverage in the out years to enable much, much, much lower SGNA than the current 54%. I'm guessing R and D's gonna stay healthy, you know, coming in at 15% or so. >>But the real interesting number to watch is free cash flow, 16% this year for the full fiscal year growing to 25% by 2029. So 2.5 billion in free cash flow in the out years, which I believe is up from previous Scarelli forecast in that 10, you know, out year view 2029 view and expect the net revenue retention, the NRR, it's gonna moderate. It's gonna come down, but it's still gonna be well over a hundred percent. We pegged it at 130% based on some of Mike's guidance. Now today, snowflake and every other stock is well off this morning. The company had a 40 billion value would drop well below that midday, but let's stick with the 40 billion on this, this sad Friday on the stock market, we'll go to 40 billion and who knows what the stock is gonna be valued in 2029? No idea, but let's say between 40 and 200 billion and look, it could get even ugly in the market as interest rates rise. >>And if inflation stays high, you know, until we get a Paul Voker like action, which is gonna be painful from the fed share, you know, let's hope we don't have a repeat of the long drawn out 1970s stagflation, but that is a concern among investors. We're gonna try to keep it positive here and we'll do a little sensitivity analysis of snowflake based on Scarelli and Ante's 2029 projections. What we've done here is we've calculated in this chart. Today's current valuation at about 40 billion and run a CAGR through 2029 with our estimates of valuation at that time. So if it stays at 40 billion valuation, can you imagine snowflake grow into a 10 billion company with no increase in valuation by the end, by by 2029 fiscal 2029, that would be a major bummer and investors would get a, a 0% return at 50 billion, 4% Kager 60 billion, 7%. >>Kegar now 7% market return is historically not bad relative to say the S and P 500, but with that kind of revenue and profitability growth projected by snowflake combined with inflation, that would again be a, a kind of a buzzkill for investors. The picture at 75 billion valuation, isn't much brighter, but it picks up at, at a hundred billion, even with inflation that should outperform the market. And as you get to 200 billion, which would track by the way, revenue growth, you get a 30% plus return, which would be pretty good. Could snowflake beat these projections. Absolutely. Could the market perform at the optimistic end of the spectrum? Sure. It could. It could outperform these levels. Could it not perform at these levels? You bet, but hopefully this gives a little context and framework to what Scarelli was talking about and his framework, not with notwithstanding the market's unpredictability you're you're on your own. >>There. I can't help snowflake looks like it's going to continue either way in amazing run compared to other software companies historically, and whether that's reflected in the stock price. Again, I, I, I can't predict, okay. Let's look at some ETR survey data, which aligns really well with what snowflake is telling the street. This chart shows the breakdown of Snowflake's net score and net score. Remember is ETS proprietary methodology that measures the percent of customers in their survey that are adding the platform new. That's the lime green at 19% existing snowflake customers that are ex spending 6% or more on the platform relative to last year. That's the forest green that's 55%. That's a big number flat spend. That's the gray at 21% decreasing spending. That's the pinkish at 5% and churning that's the red only 1% or, or moving off the platform, tiny, tiny churn, subtract the red from the greens and you get a net score that, that, that nets out to 68%. >>That's an, a very impressive net score by ETR standards. But it's down from the highs of the seventies and mid eighties, where high seventies and mid eighties, where snowflake has been since January of 2019 note that this survey of 1500 or so organizations includes 155 snowflake customers. What was really interesting is when we cut the data by industry sector, two of Snowflake's most important verticals, our finance and healthcare, both of those sectors are holding a net score in the ETR survey at its historic range. 83%. Hasn't really moved off that, you know, 80% plus number really encouraging, but retail consumer showed a dramatic decline. This past survey from 73% in the previous quarter down to 54%, 54% in just three months time. So this data aligns almost perfectly with what CFO Scarelli has been telling the street. So I give a lot of credibility to that narrative. >>Now here's a time series chart for the net score and the provision in the data set, meaning how penetrated snowflake is in the survey. Again, net score measures, spending velocity and a specific platform and provision measures the presence in the data set. You can see the steep downward trend in net score this past quarter. Now for context note, the red dotted line on the vertical axis at 40%, that's a bit of a magic number. Anything above that is best in class in our view, snowflake still a well, well above that line, but the April survey as we reported on May 7th in quite a bit of detail shows a meaningful break in the snowflake trend as shown by ETRS call out on the bottom line. You can see a steady rise in the survey, which is a proxy for Snowflake's overall market penetration. So steadily moving up and up. >>Here's a bit of a different view on that data bringing in some of Snowflake's peers and other data platforms. This XY graph shows net score on the vertical axis and provision on the horizontal with the red dotted line. At 40%, you can see from the ETR callouts again, that snowflake while declining in net score still holds the highest net score in the survey. So of course the highest data platforms while the spending velocity on AWS and Microsoft, uh, data platforms, outperforms that have, uh, sorry, while they're spending velocity on snowflake outperforms, that of AWS and, and Microsoft data platforms, those two are still well above the 40% line with a stronger market presence in the category. That's impressive because of their size. And you can see Google cloud and Mongo DB right around the 40% line. Now we reported on Mongo last week and discussed the commentary on consumption models. >>And we referenced Ray Lenchos what we thought was, was quite thoughtful research, uh, that rewarded Mongo DB for its forecasting transparency and, and accuracy and, and less likelihood of facing consumption headwinds. And, and I'll reiterate what I said last week, that snowflake, while seeing demand fluctuations this past quarter from those large customers is, is not like a data lake where you're just gonna shove data in and figure it out later, no schema on, right. Just throw it into the pond. That's gonna be more discretionary and you can turn that stuff off. More likely. Now you, you bring data into the snowflake data cloud with the intent of driving insights, which leads to actions, which leads to value creation. And as snowflake adds capabilities and expands its platform features and innovations and its ecosystem more and more data products are gonna be developed in the snowflake data cloud and by data products. >>We mean products and services that are conceived by business users. And that can be directly monetized, not just via analytics, but through governed data sharing and direct monetization. Here's a picture of that opportunity as we see it, this is our spin on our snowflake total available market chart that we've published many, many times. The key point here goes back to our opening statements. The snowflake data cloud is evolving well beyond just being a simpler and easier to use and more elastic cloud database snowflake is building what we often refer to as a super cloud. That is an abstraction layer that companies that, that comprises rich features and leverages the underlying primitives and APIs of the cloud providers, but hides all that complexity and adds new value beyond that infrastructure that value is seen in the left example in terms of compressed cycle time, snowflake often uses the example of pharmaceutical companies compressing time to discover a drug by years. >>Great example, there are many others this, and, and then through organic development and ecosystem expansion, snowflake will accelerate feature delivery. Snowflake's data cloud vision is not about vertically integrating all the functionality into its platform. Rather it's about creating a platform and delivering secure governed and facile and powerful analytics and data sharing capabilities to its customers, partners in a broad ecosystem so they can create additional value. On top of that ecosystem is how snowflake fills the gaps in its platform by building the best cloud data platform in the world, in terms of collaboration, security, governance, developer, friendliness, machine intelligence, etcetera, snowflake believes and plans to create a defacto standard. In our view in data platforms, get your data into the data cloud and all these native capabilities will be available to you. Now, is that a walled garden? Some might say it is. It's an interesting question and <laugh>, it's a moving target. >>It's definitely proprietary in the sense that snowflake is building something that is highly differentiatable and is building a moat around it. But the more open snowflake can make its platform. The more open source it uses, the more developer friendly and the great greater likelihood people will gravitate toward snowflake. Now, my new friend Tani, she's the creator of the data mesh concept. She might bristle at this narrative in favor, a more open source version of what snowflake is trying to build, but practically speaking, I think she'd recognize that we're a long ways off from that. And I also think that the benefits of a platform that despite requiring data to be inside of the data cloud can distribute data globally, enable facile governed, and computational data sharing, and to a large degree be a self-service platform for data, product builders. So this is how we see snow, the snowflake data cloud vision evolving question is edge part of that vision on the right hand side. >>Well, again, we think that is going to be a future challenge where the ecosystem is gonna have to come to play to fill those gaps. If snowflake can tap the edge, it'll bring even more clarity as to how it can expand into what we believe is a massive 200 billion Tam. Okay, let's close on next. Week's snowflake summit in Las Vegas. The cube is very excited to be there. I'll be hosting with Lisa Martin and we'll have Frank son as well as Christian Kleinman and several other snowflake experts. Analysts are gonna be there, uh, customers. And we're gonna have a number of ecosystem partners on as well. Here's what we'll be looking for. At least some of the things, evidence that our view of Snowflake's data cloud is actually taking shape and evolving in the way that we showed on the previous chart, where we also wanna figure out where snowflake is with it. >>Streamlet acquisition. Remember streamlet is a data science play and an expansion into data, bricks, territory, data, bricks, and snowflake have been going at it for a while. Streamlet brings an open source Python library and machine learning and kind of developer friendly data science environment. We also expect to hear some discussion, hopefully a lot of discussion about developers. Snowflake has a dedicated developer conference in November. So we expect to hear more about that and how it's gonna be leveraging further leveraging snow park, which it has previously announced, including a public preview of programming for unstructured data and data monetization along the lines of what we suggested earlier that is building data products that have the bells and whistles of native snowflake and can be directly monetized by Snowflake's customers. Snowflake's already announced a new workload this past week in security, and we'll be watching for others. >>And finally, what's happening in the all important ecosystem. One of the things we noted when we covered service now, cause we use service now as, as an example because Frank Lupin and Mike Scarelli and others, you know, DNA were there and they're improving on that service. Now in his post IPO, early adult years had a very slow pace. In our view was often one of our criticism of ecosystem development, you know, ServiceNow. They had some niche SI uh, like cloud Sherpa, and eventually the big guys came in and, and, and began to really lean in. And you had some other innovators kind of circling the mothership, some smaller companies, but generally we see sluman emphasizing the ecosystem growth much, much more than with this previous company. And that is a fundamental requirement in our view of any cloud or modern cloud company now to paraphrase the crazy man, Steve bomber developers, developers, developers, cause he screamed it and ranted and ran around the stage and was sweating <laugh> ecosystem ecosystem ecosystem equals optionality for developers and that's what they want. >>And that's how we see the current and future state of snowflake. Thanks today. If you're in Vegas next week, please stop by and say hello with the cube. Thanks to my colleagues, Stephanie Chan, who sometimes helps research breaking analysis topics. Alex, my is, and OS Myerson is on production. And today Andrew Frick, Sarah hiney, Steven Conti Anderson hill Chuck all and the entire team in Palo Alto, including Christian. Sorry, didn't mean to forget you Christian writer, of course, Kristin Martin and Cheryl Knight, they helped get the word out. And Rob ho is our E IIC over at Silicon angle. Remember, all these episodes are available as podcast, wherever you listen to search breaking analysis podcast, I publish each week on wikibon.com and Silicon angle.com. You can email me directly anytime David dot Valante Silicon angle.com. If you got something interesting, I'll respond. If not, I won't or DM me@deteorcommentonmylinkedinpostsandpleasedocheckoutetr.ai for the best survey data in the enterprise tech business. This is Dave Valante for the insights powered by ETR. Thanks for watching. And we'll see you next week. I hope if not, we'll see you next time on breaking analysis.

>> From theCUBE studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE in ETR. This is Breaking Analysis with Dave Vellante. >> Despite the more than $100 billion spent each year fighting Cyber-crime. When we do an end-of-the year look back and ask "How did we do?" The answer is invariably the same, "Worse than last year." Pre pandemic, the picture was disheartening, but since March of 2020 the situation has only worsened as cyber-criminals have become increasingly sophisticated, better funded and more brazen. SecOps pros continue to fight, but unlike conventional wars, this one has no end. Now the flip side of course, is that markets continue to value cybersecurity firms at significant premiums. Because this huge market will continue to grow by double digits for the foreseeable future. Hello and welcome to this week's Wikibon theCUBE Insights powered by ETR. In this Breaking Analysis, we look at the state of cybersecurity in 2021 and beyond. We'll update you with the latest survey data from enterprise technology research and share the fundamentals that have investors piling into the security space like never before. Let's start with the customer view. Cybersecurity remains the number one priority for CIOs and CSOs. This latest ETR survey, once again asked IT buyers to rank their top priorities for the next 12 months. Now the last three polling period dating back to last March. Cybersecurity has outranked every top spending category, including cloud, data analytics, productivity software, networking, AI, and automation or RPA. Now this shouldn't surprise anybody, but it underscores the challenges that organizations face. Not only are they in the midst of a non-optional digital transformation, but they have to also fund a cyber war that has no ceasefires, no truces, and no exit path. Now there's much more going on in cybersecurity than ransomware, but certainly that has the attention of executives. And it's becoming more and more lucrative for attackers. Here's a snapshot of some of the more well-documented attacks this decade many which have occurred in very recent months. CNA Financial, they got hit earlier this year and paid a $40 million ransom. The Ireland Health Service also got hit this year and refused to pay the ransom, but it's estimated that the cost to recover and the damage to the organization exceeded half a billion dollars. The request was for a $20 million ransom. The JBS meat company hack, they paid $11 million. CWT travel paid $5 million. The disruption from the Colonial Pipeline company, was widely reported they paid more than $4 million, as the Brenntag, the chemical company. The NBA got hit. Computer makers, Quanta and Acer also. More than 2,000 random attacks were reported to the FBI in the first seven months of 2021. Up more than 60% from 2020. Now, as I've said many times, you don't have to be a genius to be a ransomware as today. Anyone can go on the dark web, tap into ransomware as a service. Attackers, they have insidious names like darkside, evil, the cobalt, crime gang, wizard spider, the Lazarus gang, and numerous others. Criminals they have negotiation services is most typically the attackers, they'll demand a specific amount of money but they're willing to compromise in an exchange of cryptocurrency for decryption keys. And as mentioned, it's not just ransomware supply chain attacks like the solar winds hack hit organizations within the U.S government and companies like Mimecast this year. Now, while these attacks often do end up in a ransom situation. The attackers sometimes find it more lucrative to live off the land and stealth fashion and ex filtrates sensitive data that can be sold or in the case of many financial institution attacks they'll steal information from say a chief investment officer that signals an upcoming trading strategy and then the attackers will front run that trade in the stock market. Now, of course phishing, remains one of the most prominent threats. Only escalated by the work from home trend as users bring their own devices and of course home networks are less secure. So it's bad, worse than ever before. But you know, if there's a problem, entrepreneurs and investors, they're going to be there to solve it. So here's a LinkedIn post from one of the top investors in the business, Mike Speiser. He was a founding investor in Snowflake. He helped get pure storage to escape velocity and many, many other successes. This hit my LinkedIn feed the other day, his company Sutter Hill Ventures is co-leading a 1.3 Series D on an $8.3 billion valuation. They're putting in over $200 million. Now Lacework is a threat detection software company that looks at security as a data problem and they monitor exposures across clouds. So very timely. So watch that company. They're going to soar. Now the right hand chart shows venture investments in cybersecurity over the past several years. You can see it exploded in 2019 to $7.6 billion. And people thought the market was peaking at that time, if you recall. But then investments rose a little bit to $7.8 billion in 2020 right in the middle of lockdown. And then the hybrid work, the cloud, the new normal thesis kicked in big time. It's in full gear this year. You can see nearly $12 billion invested in cybersecurity in the first half of 2021 alone. So the money keeps coming in as the problem gets worse and the market gets more crowded. Now we'd like to show this slide from Optiv, it's their security taxonomy. It'll make your eyes cross. It's so packed with companies in different sectors. We'll put a link in our posts, so you can stare at this. We've used this truck before. It's pretty good. It's comprehensive and it's worth spending some time to see what that landscape looks like. But now let's reduce this down a bit and bring in some of the ETR data. This is survey data from October that shows net score or spending momentum on the vertical axis and market share or pervasiveness in the dataset on the horizontal axis. That's a measure of mentioned share if you will. Now this is just isolated on the information security sector within the ETR taxonomies. No filters in terms of the number of responses. So it's every company that ETR picks up in cybersecurity from its buyer surveys. Now companies above that red line, we consider them to have a highly elevated spending momentum for their products and services. And you can see, there are a lot of companies that are in this map first of all, and several above that magic mark. So you can see the momentum of Microsoft and Palo Alto. That's most impressive because of their size, their pervasiveness in the study, Cisco and Splunk are also quite prominent. They don't have as much spending momentum, but they're pretty respectable. And you can see the companies that have been real movers in this market that we've been reporting on for a while. Okta, CrowdStrike, Zscaler, CyberArk, SailPoint, Authzero, all companies that we've extensively covered in previous breaking analysis episodes as the up and comers. And isn't it interesting that Datadog is now showing up in the vertical axis. You see that in the left-hand side up high, they're becoming more and more competitive to Splunk in this space as an alternative and lines are blurring between observability, log analytics, security, and as we previously reported even backup and recovery. But now let's simplify this picture a bit more and filter down a little bit further. This chart shows the same X, Y view. Same data construct and framework, but we required more than a hundred responses to hit the chart. So the companies, they have to have a notable market presence in the ETR survey. It's perhaps a bit less crowded, but still very packed. Isn't it? You can see firms that are less prominent in the space like Datadog fell off. The big companies we mentioned, obviously still prominent Microsoft, Palo Alto, Cisco and Splunk and then those with real momentum, they stand out a little bit. There's somewhat smaller, but they're gaining traction in the market. As we felt they would Okta and Auth zero, which Okta acquired as we reported on earlier this year, both showing strength as our CrowdStrike, Zscaler, CyberArk, which does identity and competition with Okta and SentinelOne, which went public mid this year. The company SentinelOne uses AI to do threat detection and has been doing quite well. SalePoint and Proofpoint are right on that red elevated line and then there's a big pack in the middle. Look, this is not an easy market to track. It's virtually every company plays in security. Look, AWS says some of the most advanced security in the business but they're not in the chart specifically, but you see Microsoft is. Because much of AWS security is built into services. Amazon customers heavily rely on the Amazon ecosystem which is in the Amazon marketplace for security products. And often they associate their security spend with those partners and not necessarily Amazon. And you'll see networking companies you see right there, like Juniper and the bottom there and in the ETR data set and the players like VMware in the middle of the pack. They've been really acquisitive for example, with carbon black. And the, of course, you've got a lot of legacy players like McAfee and RSA and IBM. Look, virtually every company has a security story and that will only become more common in the coming years. Now here's another look at the ETR data it's in the raw form, but it'll give you a sense of two things; One is how the data from the previous chart is plotted. And two, it gives you a time series of the data. So the data lists the top companies in the ETR data sets sorted by the October net score in the right most column. Again, that measures spending momentum. So to make the cut here, you had to have more than a hundred mentions which is shown on the left-hand side of the chart that shared N, IE that's shared accounts in the dataset. And you can track the data from last October, July of this year and the most recent October, 2021 survey. So we, drew that red line just about at the 40% net score market coincidentally, there are 10 companies that are over that figure over that bar. We sometimes call out the four star companies. We give four stars to those companies that both are in the top 10 and spending momentum and the top in prominence are shared N in the dataset. So some of these 10 would fit into that profile by that methodology, specifically, Microsoft, Okta, CrowdStrike, and Palo Alto networks. They would be the four star companies. Now a couple of other things to point out here, DDoS attacks, they're still relevant, and they're real threat. So a company like CloudFlare which is just above that red line they play in that space. Now we've also shaded the companies in the fat middle. A lot of these companies like Cisco and Splunk for example, they're major players in the security space with very strong offerings and customer affinity. We sometimes give them two stars. So this is what makes this market so interesting. It's not like the high end discourage market where literally every vendor in the Gartner magic quadrant is up in the right, okay. And there's only five or four or five, six vendors there. This market is diverse with many, many segments and sub segments, and it's such a vital space. And there's so many holes to fill with an ever changing threat landscape as we've seen in the last two years. So this is in part which makes it such a good market for investors. There's a lot of room for growth and not just from stealing market share. That's certainly an opportunity there, but things like cloud, multi-cloud, shifting end points, the edge ,and so forth make this space really ripe for investments. And to underscore this, we put together this little chart of some of the pure play security firms to see how their stock performance has done recently. So you can see that here, you know, it's a little hard to read, but it's not hard to see that Okta, CrowdStrike, Zscaler on the left have been big movers. These charts where possible all show a cross here, starting at the lockdown last year. The only exception is SentinelOne which IPO mid this year. So that's the point March, 2020 when the whole world changed and security priorities really started to shift to accommodate the work from home. But it's quite obvious that since the pandemic, these six companies have been on a tear for the fundamental reason that hybrid work has created a shift in spending priorities for CSOs. No longer are organizations just spending on hardening a perimeter, that perimeter has been blown away. The network is flattening. Work is what you do, it's no longer a place. As such threats are on the rise and cloud, endpoint security, identity access tools there become increasingly vital and the vendors who provide them are on the rise. So it's no surprise that the players that we've listed here which play quite prominently in those markets are all on fire. So now in summary, I want to stress that while the picture is sometimes discouraging. The entire world is becoming more and more tuned in to the cyber threat. And that's a good thing. Money is pouring in. Look, technology got us into this problem and technology is a defensive weapon that will help us continue this fight. But it's going to take more than technology. And I want to share something. We get dozens and dozens of in bounds this time of the year because we do an annual predictions posts. So folks and they want to help us out. So now most of the in bounds and the predictions that we get, they're just kind of observations or frankly, non predictions that can't really be measured as like where you right, or where you're wrong. So for the most part I like predictions that are binary. For example, last December we predicted their IT spending in 2021 would rebound and grow at 4% relative to 2020. Well, it did rebound but that prediction really wasn't as accurate as I'd like. It was frankly wrong. We think it's actually the market's going to actually grow. Spending's going to grow more like 7% this year. Not to worry plenty of our predictions came true, but we'll leave that for another day. Anyway, I got an email from Dean Fisk of Fisk partners. It's a PR firm representing an individual named Lyndon Brown chief of strategy officer of Pondurance. Pondurance is a security consultancy. And the email had the standard, Hey, in case you're working on a predictions post this year end, blah, blah, blah. But instead of sharing with me, a bunch of non predictions, the notes said here's some trends in cybersecurity that might be worth thinking about. And there were a few predictions sprinkled in there, but I wanted to call it a couple of the comments from Linden Brown, whom I don't know, I never met the guy, but I really thought his trends were spot on. The first was a stat I'll share that the United Nations report cyber crime is up 600% due to the pandemic. If as if I couldn't feel worse already. His first point though was that the hybrid workplace will be the new frontier for cyber. Yes, we totally agree. There are permanent shifts taking place. And we actually predicted that last year, but he further cited that many companies went from zero to full digital transformation overnight and many are still on that journey. And his point is that hybrid work is going to require a complete overhaul of how we think about security. We think this is very true. Now the other point that stood out is that governments are going to crack down on this behavior. And we've seen this where criminals have had their critical infrastructure dismantled by governments. No doubt the U.S government has the capabilities to do so. And it is very much focused on this issue. But it's tricky as Robert Gates, who was the former defense secretary, told me a few years back in theCUBE. He said, well, we have the best offense. We also have the most to lose. So we have to be very careful, but Linden's key point was you are going to see a much more forward and aggressive public policy and new laws that give crime fighters more latitude . Again, it's tricky kind of like the Patriot act was tricky but it's coming. Now, another call-out from Linden shares his assertion that natural disasters will bring increased cyber risk. And I thought this was a really astute point because natural disasters they're on the rise. And when there's chaos, there's cash opportunities for criminals. And I'll add to this that the supply chain risk is far from over. This is going to be continuing theme this coming year and beyond. And one of the things that Linden Brown said in his note to me is essentially you can't take humans out of the equation. Automation alone can't solve the problem, but some companies operate as though they can. Just as bad human behavior, can tramp good security, Good human education and behavior is going to be a key weapon in this endless war. Now the last point is we're going to see continued escalation government crackdowns are going to bring retaliation and to Gates' point. The U.S has a lot at stake. So expect insurance premiums are going to go through the roof. That's assuming you can even get cyber insurance. And so we got to hope for the best, but for sure, we have to plan for the worst because it's coming. Deploy technology aggressively but people in process will ultimately be the other ingredients that allow us to live to battle for another day. Okay. That's a wrap for today. Remember these episodes they're all available as podcasts, wherever you listen just search "breaking analysis" podcast. Check out ETR his website at ETR.plus. We also publish a full report every week on Wikibond.com and siliconangle.com. You can get in touch. Email me @david.volante@tsiliconangle.com or you can DM me @dvellante. Comment on our LinkedIn posts. This is Dave Vellante for theCUBE insights powered by ETR. Have a great week. everybody stay safe, be well. And we'll see you next time. (techno music)

>>As we've been reporting, the pandemic has called CSOs to really shift their spending priorities towards securing remote workers. Almost overnight. Zero trust has gone from buzzword to mandate. What's more as we wrote in our recent cybersecurity breaking analysis, not only Maseca pro secured increasingly distributed workforce, but now they have to be wary of software updates in the digital supply chain, including the very patches designed to protect them against cyber attacks. Hello everyone. And welcome to this Q conversation. My name is Dave Vellante and I'm pleased to welcome Derek manky. Who's chief security insights, and global threat alliances for four guard labs with fresh data from its global threat landscape report. Derek. Welcome. Great to see you. >>Thanks so much for, for the invitation to speak. It's always a pleasure. Multicover yeah, >>You're welcome. So first I wonder if you could explain for the audience, what is for guard labs and what's its relationship to fortunate? >>Right. So 40 grand labs is, is our global sockets, our global threat intelligence operation center. It never sleeps, and this is the beat. Um, you know, it's, it's been here since inception at port in it. So it's it's 20, 21 years in the making, since Fortinet was founded, uh, we have built this in-house, uh, so we don't go yum technology. We built everything from the ground up, including creating our own training programs for our, our analysts. We're following malware, following exploits. We even have a unique program that I created back in 2006 to ethical hacking program. And it's a zero-day research. So we try to meet the hackers, the bad guys to their game. And we of course do that responsibly to work with vendors, to close schools and create virtual patches. Um, and, but, you know, so it's, it's everything from, uh, customer protection first and foremost, to following, uh, the threat landscape and cyber. It's very important to understand who they are, what they're doing, who they're, uh, what they're targeting, what tools are they using? >>Yeah, that's great. Some serious DNA and skills in that group. And it's, it's critical because like you said, you can, you can minimize the spread of those malware very, very quickly. So what, what now you have, uh, the global threat landscape report. We're going to talk about that, but what exactly is that? >>Right? So this a global threat landscape report, it's a summary of, uh, all, all the data that we collect over a period of time. So we released this, that biannually two times a year. Um, cyber crime is changing very fast, as you can imagine. So, uh, while we do release security blogs, and, uh, what we call threat signals for breaking security events, we have a lot of other vehicles to release threat intelligence, but this threat landscape report is truly global. It looks at all of our global data. So we have over 5 million censorship worldwide in 40 guard labs, we're processing. I know it seems like a very large amount, but North of a hundred billion, uh, threat events in just one day. And we have to take the task of taking all of that data and put that onto scale for half a year and compile that into something, um, that is, uh, the, you know, that that's digestible. That's a, a very tough task, as you can imagine, so that, you know, we have to work with a huge technologies back to machine learning and artificial intelligence automation. And of course our analyst view to do that. >>Yeah. So this year, of course, there's like the every year is a battle, but this year was an extra battle. Can you explain what you saw in terms of the hacker dynamics over the past? Let's say 12 months. I know you do this twice a year, but what trends did you see evolving throughout the year and what have you seen with the way that attackers have exploited this expanded attack surface outside of corporate network? >>Yeah, it was quite interesting last year. It certainly was not normal. Like we all say, um, and that was no exception for cybersecurity. You know, if we look at cyber criminals and how they pivoted and adapted to the scrap threat landscape, cyber cyber criminals are always trying to take advantage of the weakest link of the chain. They're trying to always prey off here and ride waves of global trends and themes. We've seen this before in, uh, natural disasters as an example, you know, um, trying to do charity kind of scams and campaigns. And they're usually limited to a region where that incident happened and they usually live about two to three weeks, maybe a month at the most. And then they'll move on to the next to the next trip. That's braking, of course, because COVID is so global and dominant. Um, we saw attacks coming in from, uh, well over 40 different languages as an example, um, in regions all across the world that wasn't lasting two to three weeks and it lasted for the better part of a year. >>And of course, what they're, they're using this as a vehicle, right? Not preying on the fear. They're doing everything from initial lockdown, uh, fishing. We were as COVID-19 movers to, um, uh, lay off notices then to phase one, reopenings all the way up to fast forward to where we are today with vaccine rollover development. So there's always that new flavor and theme that they were rolling out, but because it was so successful for them, they were able to, they didn't have to innovate too much, right. They didn't have to expand and shifted to new to new trends. And themes are really developed on new rats families as an example, or a new sophisticated malware. That was the first half of the year and the second half of the year. Um, of course people started to experience COVID fatigue, right? Um, people started to become, we did a lot of education around this. >>People started to become more aware of this threat. And so, um, cyber criminals have started to, um, as we expected, started to become more sophisticated with their attacks. We saw an expansion in different ransomware families. We saw more of a shift of focus on, on, um, uh, you know, targeting the digital supply chain as an example. And so that, that was, that was really towards Q4. Uh, so it, it was a long lived lead year with success on the Google themes, um, targeting healthcare as an example, a lot of, um, a lot of the organizations that were, you know, really in a vulnerable position, I would say >>So, okay. I want to clarify something because my assumption was that they actually did really increase the sophistication, but it sounds like that was kind of a first half trends. Not only did they have to adapt and not have to, but they adapt it to these new vulnerabilities. Uh, my sense was that when you talk about the digital supply chain, that that was a fairly sophisticated attack. Am I, am I getting that right? That they did their sort of their, their, their increased sophistication in the first half, and then they sort of deployed it, did it, uh, w what actually happened there from your data? >>Well, if we look at, so generally there's two types of attacks that we look at, we look at the, uh, the premeditated sophisticated attacks that can have, um, you know, a lot of ramp up work on their end, a lot of time developing the, the, the, the weaponization phase. So developing, uh, the exploits of the sophisticated malware that they're gonna use for the campaign reconnaissance, understanding the targets, where platforms are developed, um, the blueprinting that DNA of, of, of the supply chain, those take time. Um, in fact years, even if we look back to, um, uh, 10 plus years ago with the Stuxnet attacks, as an example that was on, uh, nuclear centrifuges, um, and that, that had four different zero-day weapons at the time. That was very sophisticated, that took over two years to develop as an example. So some of these can take years of time to develop, but they're, they're, uh, very specific in terms of the targets are going to go after obviously the ROI from their end. >>Uh, the other type of attack that we see is as ongoing, um, these broad, wide sweeping attacks, and the reality for those ones is they don't unfortunately need to be too sophisticated. And those ones were the ones I was talking about that were really just playing on the cool, the deem, and they still do today with the vaccine road and development. Uh, but, but it's really because they're just playing on, on, um, you know, social engineering, um, using, uh, topical themes. And in fact, the weapons they're using these vulnerabilities are from our research data. And this was highlighted actually the first pop landscape before last year, uh, on average were two to three years old. So we're not talking about fresh vulnerabilities. You've got to patch right away. I mean, these are things that should have been patched two years ago, but they're still unfortunately having success with that. >>So you mentioned stuck next Stuxnet as the former sort of example, of one of the types of attacks that you see. And I always felt like that was a watershed moment. One of the most sophisticated, if not the most sophisticated attack that we'd ever seen. When I talk to CSOs about the recent government hack, they, they, they suggest I infer maybe they don't suggest it. I infer that it was of similar sophistication. It was maybe thousands of people working on this for years and years and years. Is that, is that accurate or not necessarily? >>Yeah, there's definitely a, there's definitely some comparisons there. Uh, you know, one of the largest things is, uh, both attacks used digital circuits certificate personation, so they're digitally signed. So, you know, of course that whole technology using cryptography is designed by design, uh, to say that, you know, this piece of software installed in your system, hassles certificate is coming from the source. It's legitimate. Of course, if that's compromised, that's all out of the window. And, um, yeah, this is what we saw in both attacks. In fact, you know, stocks in that they also had digitally designed, uh, certificates that were compromised. So when it gets to that level of students or, uh, sophistication, that means definitely that there's a target that there has been usually months of, of, uh, homework done by cyber criminals, for reconnaissance to be able to weaponize that. >>W w what did you see with respect to ransomware? What were the trends there over the past 12 months? I've heard some data and it's pretty scary, but what did you see? >>Yeah, so we're actually, ransomware is always the thorn in our side, and it's going to continue to be so, um, you know, in fact, uh, ransomware is not a new itself. It was actually first created in 1989, and they demanded ransom payments through snail mail. This was to appeal a box, obviously that, that, that didn't take off. Wasn't a successful on the internet was porn at the time. But if you look at it now, of course, over the last 10 years, really, that's where it ran. The ransomware model has been, uh, you know, lucrative, right? I mean, it's been, um, using, uh, by force encrypting data on systems, so that users had to, if they were forced to pay the ransom because they wanted access to their data back data was the target currency for ransomware. That's shifted now. And that's actually been a big pivotal over the last year or so, because again, before it was this let's cast a wide net, in fact, as many people as we can random, um, and try to see if we can hold some of their data for ransom. >>Some people that data may be valuable, it may not be valuable. Um, and that model still exists. Uh, and we see that, but really the big shift that we saw last year and the threat landscape before it was a shift to targeted rats. So again, the sophistication is starting to rise because they're not just going out to random data. They're going out to data that they know is valuable to large organizations, and they're taking that a step further now. So there's various ransomware families. We saw that have now reverted to extortion and blackmail, right? So they're taking that data, encrypting it and saying, unless you pay us as large sum of money, we're going to release this to the public or sell it to a buyer on the dark web. And of course you can imagine the amount of, um, you know, damages that can happen from that. The other thing we're seeing is, is a target of going to revenue services, right? So if they can cripple networks, it's essentially a denial of service. They know that the company is going to be bleeding, you know, X, millions of dollars a day, so they can demand Y million dollars of ransom payments, and that's effectively what's happening. So it's, again, becoming more targeted, uh, and more sophisticated. And unfortunately the ransom is going up. >>So they go to where the money is. And of course your job is to, it's a lower the ROI for them, a constant challenge. Um, we talked about some of the attack vectors, uh, that you saw this year that, that cyber criminals are targeting. I wonder if, if, you know, given the work from home, if things like IOT devices and cameras and, you know, thermostats, uh, with 75% of the work force at home, is this infrastructure more vulnerable? I guess, of course it is. But what did you see there in terms of attacks on those devices? >>Yeah, so, uh, um, uh, you know, unfortunately the attack surface as we call it, uh, so the amount of target points is expanding. It's not shifting, it's expanding. We still see, um, I saw, I mentioned earlier vulnerabilities from two years ago that are being used in some cases, you know, over the holidays where e-commerce means we saw e-commerce heavily under attack in e-commerce has spikes since last summer, right. It's been a huge amount of traffic increase everybody's shopping from home. And, uh, those vulnerabilities going after a shopping cart, plugins, as an example, are five to six years old. So we still have this theme of old vulnerabilities are still new in a sense being attacked, but we're also now seeing this complication of, yeah, as you said, IOT, uh, B roll out everywhere, the really quick shift to work from home. Uh, we really have to treat this as if you guys, as the, uh, distributed branch model for enterprise, right. >>And it's really now the secure branch. How do we take, um, um, you know, any of these devices on, on those networks and secure them, uh, because yeah, if you look at the, what we highlighted in our landscape report and the top 10 attacks that we're seeing, so hacking attacks hacking in tabs, this is who our IPS triggers. You know, we're seeing attempts to go after IOT devices. Uh, right now they're mostly, uh, favoring, uh, well in terms of targets, um, consumer grade routers. Uh, but they're also looking at, um, uh, DVR devices as an example for, uh, you know, home entertainment systems, uh, network attached storage as well, and IP security cameras, um, some of the newer devices, uh, what, the quote unquote smart devices that are now on, you know, virtual assistance and home networks. Uh, we actually released a predictions piece at the end of last year as well. So this is what we call the new intelligent edge. And that's what I think is we're really going to see this year in terms of what's ahead. Um, cause we always have to look ahead and prepare for that. But yeah, right now, unfortunately, the story is, all of this is still happening. IOT is being targeted. Of course they're being targeted because they're easy targets. Um, it's like for cybercriminals, it's like shooting fish in a barrel. There's not just one, but there's multiple vulnerabilities, security holes associated with these devices, easy entry points into networks. >>I mean, it's, um, I mean, attackers they're, they're highly capable. They're organized, they're well-funded they move fast, they're they're agile, uh, and they follow the money. As we were saying, uh, you, you mentioned, you know, co vaccines and, you know, big pharma healthcare, uh, where >>Did you see advanced, persistent >>Threat groups really targeting? Were there any patterns that emerged in terms of other industry types or organizations being targeted? >>Yeah. So just to be clear again, when we talk about AP teams, um, uh, advanced, specific correct group, the groups themselves they're targeting, these are usually the more sophisticated groups, of course. So going back to that theme, these are usually the target, the, um, the premeditated targeted attacks usually points to nation state. Um, sometimes of course there's overlap. They can be affiliated with cyber crime, cyber crime, uh, uh, groups are typically, um, looking at some other targets for ROI, uh, bio there's there's a blend, right? So as an example, if we're looking at the, uh, apt groups I had last year, absolutely. Number one I would say would be healthcare. Healthcare was one of those, and it's, it's, it's, uh, you know, very unfortunate, but obviously with the shift that was happening at a pop up medical facilities, there's a big, a rush to change networks, uh, for a good cause of course, but with that game, um, you know, uh, security holes and concerns the targets and, and that's what we saw IPT groups targeting was going after those and, and ransomware and the cyber crime shrine followed as well. Right? Because if you can follow, uh, those critical networks and crippled them on from cybercriminals point of view, you can, you can expect them to pay the ransom because they think that they need to buy in order to, um, get those systems back online. Uh, in fact, last year or two, unfortunately we saw the first, um, uh, death that was caused because of a denial of service attack in healthcare, right. Facilities were weren't available because of the cyber attack. Patients had to be diverted and didn't make it on the way. >>All right. Jericho, sufficiently bummed out. So maybe in the time remaining, we can talk about remediation strategies. You know, we know there's no silver bullet in security. Uh, but what approaches are you recommending for organizations? How are you consulting with folks? >>Sure. Yeah. So a couple of things, um, good news is there's a lot that we can do about this, right? And, um, and, and basic measures go a long way. So a couple of things just to get out of the way I call it housekeeping, cyber hygiene, but it's always worth reminding. So when we talk about keeping security patches up to date, we always have to talk about that because that is reality as et cetera, these, these vulnerabilities that are still being successful are five to six years old in some cases, the majority two years old. Um, so being able to do that, manage that from an organization's point of view, really treat the new work from home. I don't like to call it a work from home. So the reality is it's work from anywhere a lot of the times for some people. So really treat that as, as the, um, as a secure branch, uh, methodology, doing things like segmentations on network, secure wifi access, multi-factor authentication is a huge muscle, right? >>So using multi-factor authentication because passwords are dead, um, using things like, uh, XDR. So Xers is a combination of detection and response for end points. This is a mass centralized management thing, right? So, uh, endpoint detection and response, as an example, those are all, uh, you know, good security things. So of course having security inspection, that that's what we do. So good threat intelligence baked into your security solution. That's supported by labs angles. So, uh, that's, uh, you know, uh, antivirus, intrusion prevention, web filtering, sandbox, and so forth, but then it gets that that's the security stack beyond that it gets into the end user, right? Everybody has a responsibility. This is that supply chain. We talked about. The supply chain is, is, is a target for attackers attackers have their own supply chain as well. And we're also part of that supply chain, right? The end users where we're constantly fished for social engineering. So using phishing campaigns against employees to better do training and awareness is always recommended to, um, so that's what we can do, obviously that's, what's recommended to secure, uh, via the endpoints in the secure branch there's things we're also doing in the industry, um, to fight back against that with prime as well. >>Well, I, I want to actually talk about that and talk about ecosystems and collaboration, because while you have competitors, you all want the same thing. You, SecOps teams are like superheroes in my book. I mean, they're trying to save the world from the bad guys. And I remember I was talking to Robert Gates on the cube a couple of years ago, a former defense secretary. And I said, yeah, but don't, we have like the best security people and can't we go on the offensive and weaponize that ourselves. Of course, there's examples of that. Us. Government's pretty good at it, even though they won't admit it. But his answer to me was, yeah, we gotta be careful because we have a lot more to lose than many countries. So I thought that was pretty interesting, but how do you collaborate with whether it's the U S government or other governments or other other competitors even, or your ecosystem? Maybe you could talk about that a little bit. >>Yeah. Th th this is what, this is what makes me tick. I love working with industry. I've actually built programs for 15 years of collaboration in the industry. Um, so, you know, we, we need, I always say we can't win this war alone. You actually hit on this point earlier, you talked about following and trying to disrupt the ROI of cybercriminals. Absolutely. That is our target, right. We're always looking at how we can disrupt their business model. Uh, and, and in order, there's obviously a lot of different ways to do that, right? So a couple of things we do is resiliency. That's what we just talked about increasing the security stack so that they go knocking on someone else's door. But beyond that, uh, it comes down to private, private sector collaborations. So, uh, we, we, uh, co-founder of the cyber threat Alliance in 2014 as an example, this was our fierce competitors coming in to work with us to share intelligence, because like you said, um, competitors in the space, but we need to work together to do the better fight. >>And so this is a Venn diagram. What's compared notes, let's team up, uh, when there's a breaking attack and make sure that we have the intelligence so that we can still remain competitive on the technology stack to gradation the solutions themselves. Uh, but let's, let's level the playing field here because cybercriminals moved out, uh, you know, um, uh, that, that there's no borders and they move with great agility. So, uh, that's one thing we do in the private private sector. Uh, there's also, uh, public private sector relationships, right? So we're working with Interpol as an example, Interfor project gateway, and that's when we find attribution. So it's not just the, what are these people doing like infrastructure, but who, who are they, where are they operating? What, what events tools are they creating? We've actually worked on cases that are led down to, um, uh, warrants and arrests, you know, and in some cases, one case with a $60 million business email compromise fraud scam, the great news is if you look at the industry as a whole, uh, over the last three to four months has been for take downs, a motet net Walker, uh, um, there's also IE Gregor, uh, recently as well too. >>And, and Ian Gregor they're actually going in and arresting the affiliates. So not just the CEO or the King, kind of these organizations, but the people who are distributing the ransomware themselves. And that was a unprecedented step, really important. So you really start to paint a picture of this, again, supply chain, this ecosystem of cyber criminals and how we can hit them, where it hurts on all angles. I've most recently, um, I've been heavily involved with the world economic forum. Uh, so I'm, co-author of a report from last year of the partnership on cyber crime. And, uh, this is really not just the pro uh, private, private sector, but the private and public sector working together. We know a lot about cybercriminals. We can't arrest them. Uh, we can't take servers offline from the data centers, but working together, we can have that whole, you know, that holistic effect. >>Great. Thank you for that, Derek. What if people want, want to go deeper? Uh, I know you guys mentioned that you do blogs, but are there other resources that, that they can tap? Yeah, absolutely. So, >>Uh, everything you can see is on our threat research blog on, uh, so 40 net blog, it's under expired research. We also put out, uh, playbooks, w we're doing blah, this is more for the, um, the heroes as he called them the security operation centers. Uh, we're doing playbooks on the aggressors. And so this is a playbook on the offense, on the offense. What are they up to? How are they doing that? That's on 40 guard.com. Uh, we also release, uh, threat signals there. So, um, we typically release, uh, about 50 of those a year, and those are all, um, our, our insights and views into specific attacks that are now >>Well, Derek Mackie, thanks so much for joining us today. And thanks for the work that you and your teams do. Very important. >>Thanks. It's yeah, it's a pleasure. And, uh, rest assured we will still be there 24 seven, three 65. >>Good to know. Good to know. And thank you for watching everybody. This is Dave Volante for the cube. We'll see you next time.

>>As we've been reporting, the pandemic has called CSOs to really shift their spending priorities towards securing remote workers. Almost overnight. Zero trust has gone from buzzword to mandate. What's more as we wrote in our recent cybersecurity breaking analysis, not only Maseca pro secured increasingly distributed workforce, but now they have to be wary of software updates in the digital supply chain, including the very patches designed to protect them against cyber attacks. Hello everyone. And welcome to this Q conversation. My name is Dave Vellante and I'm pleased to welcome Derek manky. Who's chief security insights, and global threat alliances for four guard labs with fresh data from its global threat landscape report. Derek. Welcome. Great to see you. >>Thanks so much for, for the invitation to speak. It's always a pleasure. Multicover yeah, >>You're welcome. So first I wonder if you could explain for the audience, what is for guard labs and what's its relationship to fortunate? >>Right. So 40 grand labs is, is our global sockets, our global threat intelligence operation center. It never sleeps, and this is the beat. Um, you know, it's, it's been here since inception at port in it. So it's it's 20, 21 years in the making, since Fortinet was founded, uh, we have built this in-house, uh, so we don't go yum technology. We built everything from the ground up, including creating our own training programs for our, our analysts. We're following malware, following exploits. We even have a unique program that I created back in 2006 to ethical hacking program. And it's a zero-day research. So we try to meet the hackers, the bad guys to their game. And we of course do that responsibly to work with vendors, to close schools and create virtual patches. Um, and, but, you know, so it's, it's everything from, uh, customer protection first and foremost, to following, uh, the threat landscape and cyber. It's very important to understand who they are, what they're doing, who they're, uh, what they're targeting, what tools are they using? >>Yeah, that's great. Some serious DNA and skills in that group. And it's, it's critical because like you said, you can, you can minimize the spread of those malware very, very quickly. So what, what now you have, uh, the global threat landscape report. We're going to talk about that, but what exactly is that? >>Right? So this a global threat landscape report, it's a summary of, uh, all, all the data that we collect over a period of time. So we released this, that biannually two times a year. Um, cyber crime is changing very fast, as you can imagine. So, uh, while we do release security blogs, and, uh, what we call threat signals for breaking security events, we have a lot of other vehicles to release threat intelligence, but this threat landscape report is truly global. It looks at all of our global data. So we have over 5 million censorship worldwide in 40 guard labs, we're processing. I know it seems like a very large amount, but North of a hundred billion, uh, threat events in just one day. And we have to take the task of taking all of that data and put that onto scale for half a year and compile that into something, um, that is, uh, the, you know, that that's digestible. That's a, a very tough task, as you can imagine, so that, you know, we have to work with a huge technologies back to machine learning and artificial intelligence automation. And of course our analyst view to do that. >>Yeah. So this year, of course, there's like the every year is a battle, but this year was an extra battle. Can you explain what you saw in terms of the hacker dynamics over the past? Let's say 12 months. I know you do this twice a year, but what trends did you see evolving throughout the year and what have you seen with the way that attackers have exploited this expanded attack surface outside of corporate network? >>Yeah, it was quite interesting last year. It certainly was not normal. Like we all say, um, and that was no exception for cybersecurity. You know, if we look at cyber criminals and how they pivoted and adapted to the scrap threat landscape, cyber cyber criminals are always trying to take advantage of the weakest link of the chain. They're trying to always prey off here and ride waves of global trends and themes. We've seen this before in, uh, natural disasters as an example, you know, um, trying to do charity kind of scams and campaigns. And they're usually limited to a region where that incident happened and they usually live about two to three weeks, maybe a month at the most. And then they'll move on to the next to the next trip. That's braking, of course, because COVID is so global and dominant. Um, we saw attacks coming in from, uh, well over 40 different languages as an example, um, in regions all across the world that wasn't lasting two to three weeks and it lasted for the better part of a year. >>And of course, what they're, they're using this as a vehicle, right? Not preying on the fear. They're doing everything from initial lockdown, uh, fishing. We were as COVID-19 movers to, um, uh, lay off notices then to phase one, reopenings all the way up to fast forward to where we are today with vaccine rollover development. So there's always that new flavor and theme that they were rolling out, but because it was so successful for them, they were able to, they didn't have to innovate too much, right. They didn't have to expand and shifted to new to new trends. And themes are really developed on new rats families as an example, or a new sophisticated malware. That was the first half of the year and the second half of the year. Um, of course people started to experience COVID fatigue, right? Um, people started to become, we did a lot of education around this. >>People started to become more aware of this threat. And so, um, cyber criminals have started to, um, as we expected, started to become more sophisticated with their attacks. We saw an expansion in different ransomware families. We saw more of a shift of focus on, on, um, uh, you know, targeting the digital supply chain as an example. And so that, that was, that was really towards Q4. Uh, so it, it was a long lived lead year with success on the Google themes, um, targeting healthcare as an example, a lot of, um, a lot of the organizations that were, you know, really in a vulnerable position, I would say >>So, okay. I want to clarify something because my assumption was that they actually did really increase the sophistication, but it sounds like that was kind of a first half trends. Not only did they have to adapt and not have to, but they adapt it to these new vulnerabilities. Uh, my sense was that when you talk about the digital supply chain, that that was a fairly sophisticated attack. Am I, am I getting that right? That they did their sort of their, their, their increased sophistication in the first half, and then they sort of deployed it, did it, uh, w what actually happened there from your data? >>Well, if we look at, so generally there's two types of attacks that we look at, we look at the, uh, the premeditated sophisticated attacks that can have, um, you know, a lot of ramp up work on their end, a lot of time developing the, the, the, the weaponization phase. So developing, uh, the exploits of the sophisticated malware that they're gonna use for the campaign reconnaissance, understanding the targets, where platforms are developed, um, the blueprinting that DNA of, of, of the supply chain, those take time. Um, in fact years, even if we look back to, um, uh, 10 plus years ago with the Stuxnet attacks, as an example that was on, uh, nuclear centrifuges, um, and that, that had four different zero-day weapons at the time. That was very sophisticated, that took over two years to develop as an example. So some of these can take years of time to develop, but they're, they're, uh, very specific in terms of the targets are going to go after obviously the ROI from their end. >>Uh, the other type of attack that we see is as ongoing, um, these broad, wide sweeping attacks, and the reality for those ones is they don't unfortunately need to be too sophisticated. And those ones were the ones I was talking about that were really just playing on the cool, the deem, and they still do today with the vaccine road and development. Uh, but, but it's really because they're just playing on, on, um, you know, social engineering, um, using, uh, topical themes. And in fact, the weapons they're using these vulnerabilities are from our research data. And this was highlighted actually the first pop landscape before last year, uh, on average were two to three years old. So we're not talking about fresh vulnerabilities. You've got to patch right away. I mean, these are things that should have been patched two years ago, but they're still unfortunately having success with that. >>So you mentioned stuck next Stuxnet as the former sort of example, of one of the types of attacks that you see. And I always felt like that was a watershed moment. One of the most sophisticated, if not the most sophisticated attack that we'd ever seen. When I talk to CSOs about the recent government hack, they, they, they suggest I infer maybe they don't suggest it. I infer that it was of similar sophistication. It was maybe thousands of people working on this for years and years and years. Is that, is that accurate or not necessarily? >>Yeah, there's definitely a, there's definitely some comparisons there. Uh, you know, one of the largest things is, uh, both attacks used digital circuits certificate personation, so they're digitally signed. So, you know, of course that whole technology using cryptography is designed by design, uh, to say that, you know, this piece of software installed in your system, hassles certificate is coming from the source. It's legitimate. Of course, if that's compromised, that's all out of the window. And, um, yeah, this is what we saw in both attacks. In fact, you know, stocks in that they also had digitally designed, uh, certificates that were compromised. So when it gets to that level of students or, uh, sophistication, that means definitely that there's a target that there has been usually months of, of, uh, homework done by cyber criminals, for reconnaissance to be able to weaponize that. >>W w what did you see with respect to ransomware? What were the trends there over the past 12 months? I've heard some data and it's pretty scary, but what did you see? >>Yeah, so we're actually, ransomware is always the thorn in our side, and it's going to continue to be so, um, you know, in fact, uh, ransomware is not a new itself. It was actually first created in 1989, and they demanded ransom payments through snail mail. This was to appeal a box, obviously that, that, that didn't take off. Wasn't a successful on the internet was porn at the time. But if you look at it now, of course, over the last 10 years, really, that's where it ran. The ransomware model has been, uh, you know, lucrative, right? I mean, it's been, um, using, uh, by force encrypting data on systems, so that users had to, if they were forced to pay the ransom because they wanted access to their data back data was the target currency for ransomware. That's shifted now. And that's actually been a big pivotal over the last year or so, because again, before it was this let's cast a wide net, in fact, as many people as we can random, um, and try to see if we can hold some of their data for ransom. >>Some people that data may be valuable, it may not be valuable. Um, and that model still exists. Uh, and we see that, but really the big shift that we saw last year and the threat landscape before it was a shift to targeted rats. So again, the sophistication is starting to rise because they're not just going out to random data. They're going out to data that they know is valuable to large organizations, and they're taking that a step further now. So there's various ransomware families. We saw that have now reverted to extortion and blackmail, right? So they're taking that data, encrypting it and saying, unless you pay us as large sum of money, we're going to release this to the public or sell it to a buyer on the dark web. And of course you can imagine the amount of, um, you know, damages that can happen from that. The other thing we're seeing is, is a target of going to revenue services, right? So if they can cripple networks, it's essentially a denial of service. They know that the company is going to be bleeding, you know, X, millions of dollars a day, so they can demand Y million dollars of ransom payments, and that's effectively what's happening. So it's, again, becoming more targeted, uh, and more sophisticated. And unfortunately the ransom is going up. >>So they go to where the money is. And of course your job is to, it's a lower the ROI for them, a constant challenge. Um, we talked about some of the attack vectors, uh, that you saw this year that, that cyber criminals are targeting. I wonder if, if, you know, given the work from home, if things like IOT devices and cameras and, you know, thermostats, uh, with 75% of the work force at home, is this infrastructure more vulnerable? I guess, of course it is. But what did you see there in terms of attacks on those devices? >>Yeah, so, uh, um, uh, you know, unfortunately the attack surface as we call it, uh, so the amount of target points is expanding. It's not shifting, it's expanding. We still see, um, I saw, I mentioned earlier vulnerabilities from two years ago that are being used in some cases, you know, over the holidays where e-commerce means we saw e-commerce heavily under attack in e-commerce has spikes since last summer, right. It's been a huge amount of traffic increase everybody's shopping from home. And, uh, those vulnerabilities going after a shopping cart, plugins, as an example, are five to six years old. So we still have this theme of old vulnerabilities are still new in a sense being attacked, but we're also now seeing this complication of, yeah, as you said, IOT, uh, B roll out everywhere, the really quick shift to work from home. Uh, we really have to treat this as if you guys, as the, uh, distributed branch model for enterprise, right. >>And it's really now the secure branch. How do we take, um, um, you know, any of these devices on, on those networks and secure them, uh, because yeah, if you look at the, what we highlighted in our landscape report and the top 10 attacks that we're seeing, so hacking attacks hacking in tabs, this is who our IPS triggers. You know, we're seeing attempts to go after IOT devices. Uh, right now they're mostly, uh, favoring, uh, well in terms of targets, um, consumer grade routers. Uh, but they're also looking at, um, uh, DVR devices as an example for, uh, you know, home entertainment systems, uh, network attached storage as well, and IP security cameras, um, some of the newer devices, uh, what, the quote unquote smart devices that are now on, you know, virtual assistance and home networks. Uh, we actually released a predictions piece at the end of last year as well. So this is what we call the new intelligent edge. And that's what I think is we're really going to see this year in terms of what's ahead. Um, cause we always have to look ahead and prepare for that. But yeah, right now, unfortunately, the story is, all of this is still happening. IOT is being targeted. Of course they're being targeted because they're easy targets. Um, it's like for cybercriminals, it's like shooting fish in a barrel. There's not just one, but there's multiple vulnerabilities, security holes associated with these devices, easy entry points into networks. >>I mean, it's, um, I mean, attackers they're, they're highly capable. They're organized, they're well-funded they move fast, they're they're agile, uh, and they follow the money. As we were saying, uh, you, you mentioned, you know, co vaccines and, you know, big pharma healthcare, uh, where >>Did you see advanced, persistent >>Threat groups really targeting? Were there any patterns that emerged in terms of other industry types or organizations being targeted? >>Yeah. So just to be clear again, when we talk about AP teams, um, uh, advanced, specific correct group, the groups themselves they're targeting, these are usually the more sophisticated groups, of course. So going back to that theme, these are usually the target, the, um, the premeditated targeted attacks usually points to nation state. Um, sometimes of course there's overlap. They can be affiliated with cyber crime, cyber crime, uh, uh, groups are typically, um, looking at some other targets for ROI, uh, bio there's there's a blend, right? So as an example, if we're looking at the, uh, apt groups I had last year, absolutely. Number one I would say would be healthcare. Healthcare was one of those, and it's, it's, it's, uh, you know, very unfortunate, but obviously with the shift that was happening at a pop up medical facilities, there's a big, a rush to change networks, uh, for a good cause of course, but with that game, um, you know, uh, security holes and concerns the targets and, and that's what we saw IPT groups targeting was going after those and, and ransomware and the cyber crime shrine followed as well. Right? Because if you can follow, uh, those critical networks and crippled them on from cybercriminals point of view, you can, you can expect them to pay the ransom because they think that they need to buy in order to, um, get those systems back online. Uh, in fact, last year or two, unfortunately we saw the first, um, uh, death that was caused because of a denial of service attack in healthcare, right. Facilities were weren't available because of the cyber attack. Patients had to be diverted and didn't make it on the way. >>All right. Jericho, sufficiently bummed out. So maybe in the time remaining, we can talk about remediation strategies. You know, we know there's no silver bullet in security. Uh, but what approaches are you recommending for organizations? How are you consulting with folks? >>Sure. Yeah. So a couple of things, um, good news is there's a lot that we can do about this, right? And, um, and, and basic measures go a long way. So a couple of things just to get out of the way I call it housekeeping, cyber hygiene, but it's always worth reminding. So when we talk about keeping security patches up to date, we always have to talk about that because that is reality as et cetera, these, these vulnerabilities that are still being successful are five to six years old in some cases, the majority two years old. Um, so being able to do that, manage that from an organization's point of view, really treat the new work from home. I don't like to call it a work from home. So the reality is it's work from anywhere a lot of the times for some people. So really treat that as, as the, um, as a secure branch, uh, methodology, doing things like segmentations on network, secure wifi access, multi-factor authentication is a huge muscle, right? >>So using multi-factor authentication because passwords are dead, um, using things like, uh, XDR. So Xers is a combination of detection and response for end points. This is a mass centralized management thing, right? So, uh, endpoint detection and response, as an example, those are all, uh, you know, good security things. So of course having security inspection, that that's what we do. So good threat intelligence baked into your security solution. That's supported by labs angles. So, uh, that's, uh, you know, uh, antivirus, intrusion prevention, web filtering, sandbox, and so forth, but then it gets that that's the security stack beyond that it gets into the end user, right? Everybody has a responsibility. This is that supply chain. We talked about. The supply chain is, is, is a target for attackers attackers have their own supply chain as well. And we're also part of that supply chain, right? The end users where we're constantly fished for social engineering. So using phishing campaigns against employees to better do training and awareness is always recommended to, um, so that's what we can do, obviously that's, what's recommended to secure, uh, via the endpoints in the secure branch there's things we're also doing in the industry, um, to fight back against that with prime as well. >>Well, I, I want to actually talk about that and talk about ecosystems and collaboration, because while you have competitors, you all want the same thing. You, SecOps teams are like superheroes in my book. I mean, they're trying to save the world from the bad guys. And I remember I was talking to Robert Gates on the cube a couple of years ago, a former defense secretary. And I said, yeah, but don't, we have like the best security people and can't we go on the offensive and weaponize that ourselves. Of course, there's examples of that. Us. Government's pretty good at it, even though they won't admit it. But his answer to me was, yeah, we gotta be careful because we have a lot more to lose than many countries. So I thought that was pretty interesting, but how do you collaborate with whether it's the U S government or other governments or other other competitors even, or your ecosystem? Maybe you could talk about that a little bit. >>Yeah. Th th this is what, this is what makes me tick. I love working with industry. I've actually built programs for 15 years of collaboration in the industry. Um, so, you know, we, we need, I always say we can't win this war alone. You actually hit on this point earlier, you talked about following and trying to disrupt the ROI of cybercriminals. Absolutely. That is our target, right. We're always looking at how we can disrupt their business model. Uh, and, and in order, there's obviously a lot of different ways to do that, right? So a couple of things we do is resiliency. That's what we just talked about increasing the security stack so that they go knocking on someone else's door. But beyond that, uh, it comes down to private, private sector collaborations. So, uh, we, we, uh, co-founder of the cyber threat Alliance in 2014 as an example, this was our fierce competitors coming in to work with us to share intelligence, because like you said, um, competitors in the space, but we need to work together to do the better fight. >>And so this is a Venn diagram. What's compared notes, let's team up, uh, when there's a breaking attack and make sure that we have the intelligence so that we can still remain competitive on the technology stack to gradation the solutions themselves. Uh, but let's, let's level the playing field here because cybercriminals moved out, uh, you know, um, uh, that, that there's no borders and they move with great agility. So, uh, that's one thing we do in the private private sector. Uh, there's also, uh, public private sector relationships, right? So we're working with Interpol as an example, Interfor project gateway, and that's when we find attribution. So it's not just the, what are these people doing like infrastructure, but who, who are they, where are they operating? What, what events tools are they creating? We've actually worked on cases that are led down to, um, uh, warrants and arrests, you know, and in some cases, one case with a $60 million business email compromise fraud scam, the great news is if you look at the industry as a whole, uh, over the last three to four months has been for take downs, a motet net Walker, uh, um, there's also IE Gregor, uh, recently as well too. >>And, and Ian Gregor they're actually going in and arresting the affiliates. So not just the CEO or the King, kind of these organizations, but the people who are distributing the ransomware themselves. And that was a unprecedented step, really important. So you really start to paint a picture of this, again, supply chain, this ecosystem of cyber criminals and how we can hit them, where it hurts on all angles. I've most recently, um, I've been heavily involved with the world economic forum. Uh, so I'm, co-author of a report from last year of the partnership on cyber crime. And, uh, this is really not just the pro uh, private, private sector, but the private and public sector working together. We know a lot about cybercriminals. We can't arrest them. Uh, we can't take servers offline from the data centers, but working together, we can have that whole, you know, that holistic effect. >>Great. Thank you for that, Derek. What if people want, want to go deeper? Uh, I know you guys mentioned that you do blogs, but are there other resources that, that they can tap? Yeah, absolutely. So, >>Uh, everything you can see is on our threat research blog on, uh, so 40 net blog, it's under expired research. We also put out, uh, playbooks, w we're doing blah, this is more for the, um, the heroes as he called them the security operation centers. Uh, we're doing playbooks on the aggressors. And so this is a playbook on the offense, on the offense. What are they up to? How are they doing that? That's on 40 guard.com. Uh, we also release, uh, threat signals there. So, um, we typically release, uh, about 50 of those a year, and those are all, um, our, our insights and views into specific attacks that are now >>Well, Derek Mackie, thanks so much for joining us today. And thanks for the work that you and your teams do. Very important. >>Thanks. It's yeah, it's a pleasure. And, uh, rest assured we will still be there 24 seven, three 65. >>Good to know. Good to know. And thank you for watching everybody. This is Dave Volante for the cube. We'll see you next time.

>>From around the globe. It's the cube with coverage of coop con and cloud native con North America, 2020 virtual brought to you by red hat, the cloud native computing foundation and ecosystem partners. >>Hey, welcome back, everybody Jeffrey here with the cube coming to you from our Palo Alto studios today with our ongoing coverage of coupon cloud native con North America, 2020. It's not really North America, it's virtual like everything else, but you know that the European show earlier in the summer, and this is the, this is the late fall show. So we're excited to welcome in our very next two guests. Uh, first joining us from Madrid. Spain is Miguel Perez, Kaleena. He is a principal product manager from red hat, Miguel. Great to see you. >>Good to see you happy to be in the cube. >>Yes. Great. Well welcome. And joining us from North Carolina is rich Sharples. He is a senior director, product management of red hat. Rich. Great to see you. >>Yeah, likewise, thanks for inviting me again. >>So we're talking about Java today and before we kind of jump into it, you know, in preparing for this rich, I saw an interview that you did, I think earlier about halfway through the year, uh, celebrating the 25th anniversary of Java and talking about the 25th anniversary Java. And before we kind of get into the future, I think it's worthwhile to take a look back at, you know, kind of where Java came from and how it's lasted for 25 years of such an important enterprise, you know, kind of application framework, because we always hear jokes about people looking for COBOL programmers or, you know, all these old language programmers, because they have some old system that's that needs a little assist. What's special about Java. Why are we 25 years into it? And you guys are still excited about Java yesterday, today and in the future. >>Yeah. And I should add that, um, in terms of languages, uh, twenty-five is actually still pretty young. Java's, uh, kind of middle aged, I guess. Um, you know, things like CC plus bus rrr you're 45, 50 years old Python, I think is about the same as Java in terms of years. So, you know, the languages do tend to move at a, um, at a, they do tend to stick around, uh, uh, a bit, well what's made Java really, really important for enterprises building business critical applications is it started off with a very large ecosystem of big vendors supporting it. Um, it was open in a sense from the very start and it's remained open as in open source and an open community as well. So that's really, really helped, um, you know, keep the language innovating and moving along and attracting new developers. And, um, it's, it's still a fairly modern language in terms of some of the new features it's advancing with the industry taking on new kinds of workloads and new kinds of per program paradigms as well. So, you know, it's, it's evolved very well and has a huge base out somewhere between 11 and 13 million developers still use it as a primary development language in professional settings. Yeah. >>What struck me about what you said though in that interview was kind of the evolution and how Java has been able to continue to adapt based on kind of what the new frameworks are. So whether it was early days in a machine, like you talked about being in a set top box, or, you know, kind of really lightweight kind of almost IOT applications then to be calming, you know, this really a great application to deliver enterprise applications via a web browser and that, you know, and it continues to morph and change and adapt over time. I thought that was pretty interesting given the vast change in the way applications are delivered today versus what they were 25 years ago. >>Yeah, absolutely. It's, you know, the very early days were around embedded devices, uh, intelligent toasters and, you know, whatever. Um, and, and then where it really, really took off was, but the building supporting big backend systems, big transactional workloads, whether you're a bank or an airline you're running both the scale, but also running really, really complex transactional systems that were business critical. And that's that's for the last, you know, 15 years has been, um, where it's, it's really shown building backend, um, systems. Now, as we kind of move forward, you know, the idea of, uh, um, like server side, uh, server side application versus a front end is kind of changed. You know, now we're talking microservices, we're talking about running in containers. So really the focus of where we run Java and the kinds of applications we're building with Java as this has radically changed. And as such the language has to change as well, which is, you know, one, I'm pretty excited to talk about caucus today. >>So let's, let's jump into it and talk about corcus cause the other big trend, you know, along with, with, with obviously, uh, uh, browsers being great enterprise applications, delivery vehicles is this thing called containers, right? And, and specifically more recently Kubernetes is the one that's grabbing all the attention and grabbing all the, all the momentum. Um, so I wonder Miguel, if you could talk about, you know, kind of as, as the popularity of containerized applications and containerized to everything right, containerized storage, or you even talked about containerizing networking, troll, how that's impacted, uh, what you guys are doing and the impact of Java, uh, and making it work with kind of a containerized Kubernetes world. >>Well, what we found is that the paradigm of development has teeth. So we have this top up, uh, uh, paradigm that the people are following to be able to do the best with containers, to the best with Kubernetes on the, this has worked quite fine in Greenfield on for, for many cases has been a way to develop applications faster, to be able to obtain variably salts. And the thing is that for many, uh, users, for many companies that we work with, uh, they also want to bring some of their stuff that the applications that are currently are running into this world. And, uh, I mean, we, we walk especially a lot in helping these customers be able to adopt those obligations, but we try to do it, uh, as we say, the N pixie dust, you know, we really dig into the code, we'll review the code with modernize. The application will help their customer with that application. We provide the tools are open for anyone to be able to review it and to be able to take it. So we are moving away from Greenfield into brownfield and not a way we are evolving together to say we more precise, you know, all these Greenfield applications keep coming, but also the current applications want to be more organized. >>Right. Right. So it's pretty interesting. Cause that's always the big conversation. There's, it's, it's all fine. And good if you're just building something new, uh, to use the latest tools. But as you mentioned, there's a whole lot of conversation about application modernization and this is really an opportunity to apply some of these techniques to do that. So quirky. So I wonder if you just give, let's just jump into it. What is it at the highest level? Uh, what's it all about? What should people know? >>Yeah. So, so Corker says I'm reading an attempt by red hat to ensure Java is a first-class citizen in containerized environments, but building reactive applications, uh, cloud native applications, uh, functions, Java is an incredible piece of engineering. It does some incredible things. It sudden can self optimize. As it's running in line code, it can do some really amazing things the longer it runs, but in a containerized environment, you're likely not going to be running huge amounts of code. You'd likely be running microservices and your, your services are likely to have a kind of limited life cycle as we you're able to deploy more frequently or in a function environment where, you know, you've been bought once and then you're done, um, you know, during all those long, um, kind of, um, those optimizations over time, don't really, um, make a lot of sense. So what we can do is remove a lot of the, um, the weights of Java, a lot of the complexity of Java, and we can optimize for an environment where your code is maybe just running for a few microseconds as in the case of the function or something running in native, cause you scale up and scale down. >>So we move a lot of the op side. We move a lot of the, um, the, the efforts within the application, uh, to compile time, we pre compile all of your, of your config and initialization, so that doesn't have to happen in your, um, your, your, your runtime or your production environment. Um, and then we can optimize the code week. We can, we can remove that code. We can remove, you know, whole, uh, trees and class libraries and really slimmed down the memory footprint and radically, um, slim, the Maddie memory footprint, um, increase the startup time as well. So, you know, you have less downtime in your applications. Um, and we've recently done a S a study with ADC that shows some pretty stunning results compared to, you know, some existing frameworks. And, you know, we get, um, you know, sort of like, you know, overall cost savings of, you know, 60, 64%. >>Um, we can get eight times better density. You're running more in a, in a, in a cluster and, um, you know, reduction in memory up to 90% as well. So it's, these are significant changes now. That's all good, you know, saving, saving 60, 60% on your operational costs is significant. But what we find is that most organizations, they come for the performance and the optimizations, but what actually stay for is the speed of development. So I think, I think caucus real silver bullets is, um, the developer productivity, you know, for organizations, the cost of development is still one of the major costs. I mean, the operational costs, the hosting costs a significant, but development costs, time to market will always be top of mind for organizations that are trying to move faster than the competition. And I think that's really where, um, um, caucus special and coupled in, uh, in, uh, OpenShift or Coobernetti's environment really, really does shine. Yeah, >>It's pretty interesting. So people can go to corcus.io and see a lot of the statistics that you just referenced in terms of memory usage and speed and, and whole bunch of stuff. But what struck me when I went to the site was that was this big, uh, uh, two words that jumped out developer joy. And it's funny that you talked on that just now about really, um, the benefits that come to the developer directly to make them happier. I mean, really calling out their joy. So they're more productive and ultimately that's what you said. That's where the great value is in terms of speed of deployment, happy developers, and productive developers. You know, Miguel, you get your, you get down into the weeds of this stuff. Again, the presentations on your LinkedIn, everyone needs to go look and you talk a lot about at migration and you lot talk a lot about app modernization. So without going through all 120 some odd slides that I think you have, which is good, phenomenal information, what are some of the top things that people need to think about and consider both for app modernization as well as at migration? >>Um, that's, that's, that's an interesting question. Uh, the thing is that, um, the tolling is important on the current code is, and the thing is that normally when, when we started migration project, we tried to find architects in the applications to be able to find patterns. You know, you find parents is much easier because, uh, once you solve one part on the same part on can be solved in a very similar way. So this is one of the parts of that. We focus a lot, but before getting to that point, it's very important how you stop, you know, so the assessment phase is, is very important to be able to review well, what is the status of the applications, the context of the applications. And with that, I mean, things like, for example, the requirements that they have, there's the maintenance that they take in their resiliency and so on. >>So you have to prepare very well, the project by starting with a good assessment, you have to check which applications makes more, make more sense to start with and see which, how to group them together by similarities. And then you can start with the project that saying, okay, let's go for these set of applications that make more sense that are more likely to be containerized because of the way we are developing them because of the dependencies that they have because of the resiliency that is already embedded into them and so on. So that, that the methodology is important. And we normally, for example, when we, when we help partners do a application migration, one of the things that we stress is that this is the methodology that we follow and in the website for my vision, totally for application, you can find also, um, methodology, uh, part that, uh, could help, uh, people understand, okay, these, these are the stages that we normally follow to be successful with migrating applications. >>Yeah. Let go. You don't, we're not friends. We don't hang out a lot, but if we did, you would know I never ever recommend PowerPoint for anything. So, so the fact that I'm calling out your PowerPoint actually means something. Cause I think it's the worst application ever built, but you got some tremendous, tremendous information in there and people do need to go in and look, and again, it's all from your LinkedIn work, but I wanted to shift gears a little bit, right? We're at CubeCon cloud native con. Um, obviously it's virtual is 2020. That's the way the world today. But I just curious to get your guys' take on, on what does this, uh, event mean for you obviously really active, open source community, you know, red hat has a long open-source history. Um, what does CubeCon cloud native con mean for you guys? What do you hope to get out of it? What should people hope to, uh, to learn from red hat? >>Yeah, we, um, yeah, we're, we're buying your DNA. We're very, very collaborative. Uh, we, we love to learn from our customers, users of the technologies, um, in the communities that we support. Um, speaking as a, you know, we're both product guys, there's nothing better than getting with, um, people that actually use the products, um, in anger, in real life, whether they're products are upstream technologies, learning, learning, what they're doing, understanding where, um, some of the gaps are there's. Um, yeah, we just couldn't do our jobs without engaging with developers, users in these kind of conferences. Yeah. A lot of the, um, love interest we've seen with coworkers is, is in the community, you know, um, like I'd been part of many, many successful open source projects, um, um, over red hat. And it's great when your customers, you know, like, uh, Vodafone, Greece or Carrefour in Spain are openly publicly talking about how good your technology is, what they're using it for. And that's really good. So it's just nothing, there's no alternative that, you know, whether it be virtual virtually or physically sitting down with, uh, with users of your technology, >>How about you, Miguel? What are you hoping to get out of, uh, out of the show this year? >>Um, we are working a lot with, on Kubernetes in red hat, on, uh, as part of the community, of course. And, um, I mean, there are so many new stuff that is coming around, Kubernetes that, uh, it's mostly about it, about all the capabilities that were arming, especially for example, several lists, you know, several lessons, there is an important topic with crackers, because for example, as you make the application stopped so much faster and react so much faster, you could have known of them running and just waiting for an event to happen, which saves a lot of resources and makes us super efficient. So this is one of the topics, for example, that we wanted to cover in this edition, you know, how we are implementing serverless with Kubernetes and OpenShift and many other things like pipelines. Like, I don't know, we just had quite a visit in the, uh, uh, video, uh, life of what is coming up. I see for the six. And I recommend people to take a look at it, to get everything that's new because there's a lot. Yeah, >>Yeah. You guys are technical people. You've been doing this for a long time. Why is Kubernetes so special? W Y Y you know, there's been containers in the past, right. And we've seen other kind of branded open source projects that got a lot of momentum, but Kubernetes just seems to be blowing everybody out of the out of its path. Why, what should people know about Kubernetes that aren't necessarily developers? >>Yeah, there's really nothing interesting about a single container or a single microservice, right? That's not, that's not the kind of environment that, um, real organizations live in. They live in organizations where they're going to have hundreds of services, um, who just containers and you need a technology to orchestrate and manage that in that complex environment. And Kubernete's has just quickly become the, the district per standard. Um, yeah, folks are red hat jumped on my very, very early, um, I mean, one of the advantages around her have is where we're embedded with developers and open source communities. We often have a pretty good, it gives us a pretty good crystal ball. So we're often quick to jump on the emerging technologies that are coming out of open source. And that's exactly what happened with Cubanetis. It was clear. It was, um, you're going to be sophisticated for our, you know, most, um, most sophisticated customers running at scale. Um, but, but also, you know, great for development environments as well. So it really a good fit for, uh, where we were headed and, you know, just very, very quickly became the fact that standard. And you, you just gotta go with the de facto standard. Right, right. >>Right. Well, the another thing that you mentioned rich in that other interview that I was watching is it came up the conversation in terms of managing open source projects. And at some point, you know, they kind of start, and then, you know, I think this one, if I go to corcus and look at the bottom of the page sponsored by red hat, but you talked about, you know, at some point, do you move it over to a foundation, um, you know, and kind of what are the things that kind of drive that process, that decision, um, and, you know, I would imagine that part of it has to do with popularity and scale, is that something, you know, potentially down the road, how do you think that you said you've been in lots of open source projects, when does it move from, you know, kind of single point of origin to more of a foundational support? >>Yeah. I mean, in fact the foundation's owner was necessary. Um, you know, when you have a, yeah. If you, if you have a, an open, very open project with, um, um, clear, clear rules for collaboration and kind of the encouragement or others to collaborate and be able to, you know, um, move the project and, you know, the foundation as low as necessarily what we've seen, I've been part of the no GS world where, you know, the, the community reached Belden to keep no GS moving forward. Um, we had to go from a, what we call a benevolent dictator for life, somebody who's well-intentioned, but, um, yeah, we're on stone, the technology, so a foundation, which is much more inclusive and, um, you know, greater collaboration and you can move even quicker. So, you know, um, I think what's required is, is open governance for open source projects and where that doesn't happen. You know, maybe a foundation is, is the right way forward. Right, right now with, with caucus, um, you know, the, the non red hat developers seem pretty happy with the way they can get, uh, get engaged and contribute. Um, but if we get to a point where the community is demanding a foundation and we'll absolutely consider it, that's the best project we'll do. >>So, so we're, we're coming to the end of our time. I want to give you each the last word, really with two questions, one again, you know, just kind of a summary of, of, uh, of CubeCon cloud, native con, you know, what should people be looking for, uh, find you, and, and, and I don't know if you guys are sponsoring any sessions, I'm sure there's a lot of great content. If you want to highlight one or two things. And then most importantly, as we turn the calendars, we come to the end of 2020, uh, thankfully, um, as you look ahead to 2021, you know, what are some of your priorities, uh, as, as we get ready to turn the turn, the calendar, and Miguel let's start with you. >>So, um, I mean, we have been working very hard this year on the migration, took it for applications to help her every user that is using Java to bring the two containers. You know, whether it is data IE or these crackers, but we're putting like a lot of effort in crackers. And now we are bringing in new rules. And, uh, by the, by December, we expect to have the new version of the migration looking for applications that is going to include the, all the bulls to help developers bring their, their code to the Java code, to, to carcass. And, uh, on this, this is the main goal for us right now. We are moving forward to the next year to include more, more capabilities in that project. Everything's up on site. You can go to the conveyor, uh, project and ticket on, uh, on the up capabilities for the assessment phase. So whenever any partner, any, any of our consultants are working on, on migration or anyone that would like to go and try it themselves on adopted, would like to do these migrations to the cloud native world, uh, will feel comfortable with, with this tool. So that is our main goal in, in my, in my team. >>All right. And how about you rich? >>Yeah, I think we're going to see this, um, um, kind of syllabus solidification kind of web of, um, microservices. Um, you know, if you like hate that, I'm sorry, but I'm just going to next generation microservice. There's going to be, as Miguel mentioned, is gonna be based around, um, uh, native, um, advancing, um, serverless functions. I think that's really the, the, the ideal architecture, the building March services, um, on, on Coobernetti's and caucus plays really, really well there. Um, I think there's, there's a, there's a kind of backlog of projects, um, within organizations that, um, you know, hopefully next year, everything really does start to crank up. And I think, um, yeah, I think a lot of the migration that Miguel has talked about is going to be, is going to rise in terms of importance. So app modernization, taking those existing applications, maybe taking aspects of those and, you know, doing some kind of decomposition in some microservices using caucus and a native, I think we'll see a lot of that. So I think we'll see a real drive around both the kind of Greenfield, um, applications, uh, you know, this next generation of microservices, as well as pulling those existing applications forward into these new environments, don't give an answers. So it's going to be excellent. >>Awesome. Well, thank you both for taking a few minutes with us and sharing the story of corcus, uh, and have a great show. Great to see you and a really good the conversation. All right. He's Miguel, he's rich. I'm Jeff. You're watching the cubes ongoing coverage of CubeCon cloud native con 2020 North America. Virtual. Thanks for watching. We'll see you next time.

>> From the CUBE studios in Palo Alto in Boston, bringing you data-driven insights from the CUBE in ETR. This is breaking analysis with Dave Vellante. >> Earlier these week, the U S department of justice, along with attorneys general from 11 States filed a long expected antitrust lawsuit, accusing Google of being a monopoly gatekeeper for the internet. The suit draws on section two of the Sherman antitrust act, which makes it illegal to monopolize trade or commerce. Of course, Google is going to fight the lawsuit, but in our view, the company has to make bigger moves to diversify its business and the answer we think lies in the cloud and at the edge. Hello everyone. This is Dave Vellante and welcome to this week's Wiki Bond Cube insights powered by ETR. In this Breaking Analysis, we want to do two things. First we're going to review a little bit of history, according to Dave Vollante of the monopolistic power in the computer industry. And then next, we're going to look into the latest ETR data. And we're going to make the case that Google's response to the DOJ suit should be to double or triple its focus on cloud and edge computing, which we think is a multi-trillion dollar opportunity. So let's start by looking at the history of monopolies in technology. We start with IBM. In 1969 the U S government filed an antitrust lawsuit against Big Blue. At the height of its power. IBM generated about 50% of the revenue and two thirds of the profits for the entire computer industry, think about that. IBM has monopoly on a relative basis, far exceeded that of the virtual Wintel monopoly that defined the 1990s. IBM had 90% of the mainframe market and controlled the protocols to a highly vertically integrated mainframe stack, comprising semiconductors, operating systems, tools, and compatible peripherals like terminal storage and printers. Now the government's lawsuit dragged on for 13 years before it was withdrawn in 1982, IBM at one point had 200 lawyers on the case and it really took a toll on IBM and to placate the government during this time and someone after IBM made concessions such as allowing mainframe plug compatible competitors to access its code, limiting the bundling of application software in fear of more government pressure. Now the biggest mistake IBM made when it came out of antitrust was holding on to its mainframe past. And we saw this in the way it tried to recover from the mistake of handing its monopoly over to Microsoft and Intel. The virtual monopoly. What it did was you may not remember this, but it had OS/2 and Windows and it said to Microsoft, we'll keep OS/2 you take Windows. And the mistake IBM was making with sticking to the PC could be vertically integrated, like the main frame. Now let's fast forward to Microsoft. Microsoft monopoly power was earned in the 1980s and carried into the 1990s. And in 1998 the DOJ filed the lawsuit against Microsoft alleging that the company was illegally thwarting competition, which I argued at the time was the case. Now, ironically, this is the same year that Google was started in a garage. And I'll come back to that in a minute. Now, in the early days of the PC, Microsoft they were not a dominant player in desktop software, you had Lotus 1-2-3, WordPerfect. You had this company called Harvard Presentation Graphics. These were discreet products that competed very effectively in the market. Now in 1987, Microsoft paid $14 million for PowerPoint. And then in 1990 launched Office, which bundled Spreadsheets, Word Processing, and presentations into a single suite. And it was priced far more attractively than the some of the alternative point products. Now in 1995, Microsoft launched Internet Explorer, and began bundling its browser into windows for free. Windows had a 90% market share. Netscape was the browser leader and a high flying tech company at the time. And the company's management who pooed Microsoft bundling of IE saying, they really weren't concerned because they were moving up the stack into business software, now they later changed that position after realizing the damage that Microsoft bundling would do to its business, but it was too late. So in similar moves of ineptness, Lotus refuse to support Windows at its launch. And instead it wrote software to support the (indistinct). A mini computer that you probably have never even heard of. Novell was a leader in networking software at the time. Anyone remember NetWare. So they responded to Microsoft's move to bundle network services into its operating systems by going on a disastrous buying spree they acquired WordPerfect, Quattro Pro, which was a Spreadsheet and a Unix OS to try to compete with Microsoft, but Microsoft turned the volume and kill them. Now the difference between Microsoft and IBM is that Microsoft didn't build PC hardware rather it partnered with Intel to create a virtual monopoly and the similarities between IBM and Microsoft, however, were that it fought the DOJ hard, Okay, of course. But it made similar mistakes to IBM by hugging on to its PC software legacy. Until the company finally pivoted to the cloud under the leadership of Satya Nadella, that brings us to Google. Google has a 90% share of the internet search market. There's that magic number again. Now IBM couldn't argue that consumers weren't hurt by its tactics. Cause they were IBM was gouging mainframe customers because it could on pricing. Microsoft on the other hand could argue that consumers were actually benefiting from lower prices. Google attorneys are doing what often happens in these cases. First they're arguing that the government's case is deeply flawed. Second, they're saying the government's actions will cause higher prices because they'll have to raise prices on mobile software and hardware, Hmm. Sounds like a little bit of a threat. And of course, it's making the case that many of its services are free. Now what's different from Microsoft is Microsoft was bundling IE, that was a product which was largely considered to be crap, when it first came out, it was inferior. But because of the convenience, most users didn't bother switching. Google on the other hand has a far superior search engine and earned its rightful place at the top by having a far better product than Yahoo or Excite or Infoseek or even Alta Vista, they all wanted to build portals versus having a clean user experience with some non-intrusive of ads on the side. Hmm boy, is that part changed, regardless? What's similar in this case with, as in the case with Microsoft is the DOJ is arguing that Google and Apple are teaming up with each other to dominate the market and create a monopoly. Estimates are that Google pays Apple between eight and $11 billion annually to have its search engine embedded like a tick into Safari and Siri. That's about one third of Google's profits go into Apple. And it's obviously worth it because according to the government's lawsuit, Apple originated search accounts for 50% of Google search volume, that's incredible. Now, does the government have a case here? I don't know. I'm not qualified to give a firm opinion on this and I haven't done enough research yet, but I will say this, even in the case of IBM where the DOJ eventually dropped the lawsuit, if the U S government wants to get you, they usually take more than a pound of flesh, but the DOJ did not suggest any remedies. And the Sherman act is open to wide interpretation so we'll see. What I am suggesting is that Google should not hang too tightly on to it's search and advertising past. Yes, Google gives us amazing free services, but it has every incentive to appropriate our data. And there are innovators out there right now, trying to develop answers to that problem, where the use of blockchain and other technologies can give power back to us users. So if I'm arguing that Google shouldn't like the other great tech monopolies, hang its hat too tightly on the past, what should Google do? Well, the answer is obvious, isn't it? It's cloud and edge computing. Now let me first say that Google understandably promotes G Suite quite heavily as part of its cloud computing story, I get that. But it's time to move on and aggressively push into the areas that matters in cloud core infrastructure, database, machine intelligence containers and of course the edge. Not to say that Google isn't doing this, but there are areas of greatest growth potential that they should focus on. And the ETR data shows it. But let me start with one of our favorite graphics, which shows the breakdown of survey respondents used to derive net score. Net score remembers ETR's quarterly measurement of spending velocity. And here we show the breakdown for Google cloud. The lime green is new adoptions. The forest green is the percentage of customers increasing spending more than 5%. The gray is flat and the pinkish is decreased by 6% or more. And the bright red is we're replacing or swapping out the platform. You subtract the reds from the greens and you get a net score at 43%, which is not off the charts, but it's pretty good. And compares quite favorably to most companies, but not so favorite with AWS, which is at 51% and Microsoft which is at 49%, both AWS and Microsoft red scores are in the single digits. Whereas Google's is at 10%, look all three are down since January, thanks to COVID, but AWS and Microsoft are much larger than Google. And we'd like to see stronger across the board scores from Google. But there's good news in the numbers for Google. Take a look at this chart. It's a breakdown of Google's net scores over three survey snapshots. Now we skip January in this view and we do that to provide a year of a year context for October. But look at the all important database category. We've been watching this very closely, particularly with the snowflake momentum because big query generally is considered the other true cloud native database. And we have a lot of respect for what Google is doing in this area. Look at the areas of strength highlighted in the green. You've got machine intelligence where Google is a leader AI you've got containers. Kubernetes was an open source gift to the industry, and linchpin of Google's cloud and multi-cloud strategy. Google cloud is strong overall. We were surprised to see some deceleration in Google cloud functions at 51% net scores to be on honest with you, because if you look at AWS Lambda and Microsoft Azure functions, they're showing net scores in the mid to high 60s. But we're still elevated for Google. Now. I'm not that worried about steep declines, and Apogee and Looker because after an acquisitions things kind of get spread out around the ETR taxonomy so don't be too concerned about that. But as I said earlier, G Suite may just not that compelling relative to the opportunity in other areas. Now I won't show the data, but Google cloud is showing good momentum across almost all interest industries and sectors with the exception of consulting and small business, which is understandable, but notable deceleration in healthcare, which is a bit of a concern. Now I want to share some customer anecdotes about Google. These comments come from an ETR Venn round table. The first comment comes from an architect who says that "it's an advantage that Google is "not entrenched in the enterprise." Hmm. I'm not sure I agree with that, but anyway, I do take stock in what this person is saying about Microsoft trying to lure people away from AWS. And this person is right that Google essentially is exposed its internal cloud to the world and has ways to go, which is why I don't agree with the first statement. I think Google still has to figure out the enterprise. Now the second comment here underscores a point that we made earlier about big query customers really like the out of the box machine learning capabilities, it's quite compelling. Okay. Let's look at some of the data that we shared previously, we'll update this chart once the company's all report earnings, but here's our most recent take on the big three cloud vendors market performance. The key point here is that our data and the ETR data reflects Google's commentary in its earning statements. And the GCP is growing much faster than its overall cloud business, which includes things that are not apples to apples with AWS the same thing is true with Azure. Remember AWS is the only company that provides clear data on its cloud business. Whereas the others will make comments, but not share the data explicitly. So these are estimates based on those comments. And we also use, as I say, the ETR survey data and our own intelligence. Now, as one of the practitioners said, Google has a long ways to go as buddy an eighth of the size of AWS and about a fifth of the size of Azure. And although it's growing faster at this size, we feel that its growth should be even higher, but COVID is clear a factor here so we have to take that into consideration. Now I want to close by coming back to antitrust. Google spends a lot on R&D, these are quick estimates but let me give you some context. Google shells out about $26 billion annually on research and development. That's about 16% of revenue. Apple spends less about 16 billion, which is about 6% of revenue, Amazon 23 billion about 8% of the top line, Microsoft 19 billion or 13% of revenue and Facebook 14 billion or 20% of revenue, wow. So Google for sure spends on innovation. And I'm not even including CapEx in any of these numbers and the hype guys as you know, spend tons on CapEx building data centers. So I'm not saying Google cheaping out, they're not. And I got plenty of cash in there balance sheet. They got to run 120 billion. So I can't criticize they're roughly $9 billion in stock buybacks the way I often point fingers at what I consider IBM's overly wall street friendly use of cash, but I will say this and it was Jeff Hammerbacher, who I spoke with on the Cube in the early part of last decade at a dupe world, who said "the best minds of my generation are spending there time, "trying to figure out how to get people to click on ads." And frankly, that's where much of Google's R&D budget goes. And again, I'm not saying Google doesn't spend on cloud computing. It does, but I'm going to make a prediction. The post cookie apocalypse is coming soon, it may be here. iOS 14 makes you opt in to find out everything about you. This is why it's such a threat to Google. The days when Google was able to be the keeper of all of our data and to house it and to do whatever it likes with that data that ended with GDPR. And that was just the beginning of the end. This decade is going to see massive changes in public policy that will directly affect Google and other consumer facing technology companies. So my premise is that Google needs to step up its game and enterprise cloud and the edge much more than it's doing today. And I like what Thomas Kurian is doing, but Google's undervalued relative to some of the other big tech names. And I think it should tell wall street that our future is in enterprise cloud and edge computing. And we're going to take a hit to our profitability and go big in those areas. And I would suggest a few things, first ramp up R&D spending and acquisitions even more. Go on a mission to create cloud native fabric across all on-prem and the edge multicloud. Yes, I know this is your strategy, but step it up even more forget satisfying investors. You're getting dinged in the market anyway. So now's the time the moon wall street and attack the opportunity unless you don't see it, but it's staring you right in the face. Second, get way more cozy with the enterprise players that are scared to death of the cloud generally. And they're afraid of AWS in particular, spend the cash and go way, way deeper with the big tech players who have built the past IBM, Dell, HPE, Cisco, Oracle, SAP, and all the others. Those companies that have the go to market shops to help you win the day in enterprise cloud. Now, I know you partner with these companies already, but partner deeper identify game-changing innovations that you can co-create with these companies and fund it with your cash hoard. I'm essentially saying, do what you do with Apple. And instead of sucking up all our data and getting us to click on ads, solve really deep problems in the enterprise and the edge. It's all about actually building an on-prem to cloud across cloud, to the edge fabric and really making that a unified experience. And there's a data angle too, which I'll talk about now, the data collection methods that you've used on consumers, it's incredibly powerful if applied responsibly and correctly for IOT and edge computing. And I don't mean to trivialize the complexity at the edge. There really isn't one edge it's Telcos and factories and banks and cars. And I know you're in all these places Google because of Android, but there's a new wave of data coming from machines and cars. And it's going to dwarf people's clicks and believe me, Tesla wants to own its own data and Google needs to put forth a strategy that's a win-win. And so far you haven't done that because your head is an advertising. Get your heads out of your ads and cut partners in on the deal. Next, double down on your open source commitment. Kubernetes showed the power that you have in the industry. Ecosystems are going to be the linchpin of innovation over the next decade and transcend products and platforms use your money, your technology, and your position in the marketplace to create the next generation of technology leveraging the power of the ecosystem. Now I know Google is going to say, we agree, this is exactly what we're doing, but I'm skeptical. Now I think you see either the cloud is a tiny little piece of your business. You have to do with Satya Nadella did and completely pivot to the new opportunity, make cloud and the edge your mission bite the bullet with wall street and go dominate a multi-trillion dollar industry. Okay, well there you have it. Remember, all these episodes are available as podcasts, so please subscribe wherever you listen. I publish weekly on Wikibond.com and Siliconangle.com and I post on LinkedIn each week as well. So please comment or DM me @DVollante, or you can email me @David.Vollante @Siliconangle.com. And don't forget to check out etr.plus that's where all the survey action is. This is Dave Vollante for the Cube Insights powered by ETR. Thanks for watching everybody be well. And we'll see you next. (upbeat instrumental)

>>from Santa Clara, California. In the heart of Silicon Valley, it's the queue covering altitude 2020. Brought to you by aviatrix. >>Next panel is the aviatrix certified engineers, also known as Aces. This is the folks that are certified their engineering. They're building these new solutions. Please welcome Toby Foster Informatica Stacy Linear from terror data. And Jennifer read with Victor Davis to the stage. >>So we're gonna show you a jacket. Yeah, I get it. >>I was just gonna I was just gonna really rib you guys. See? Where's your jackets? And Jen's got the jacket on. Okay. >>Good. Love. The aviators. Aces, Pilot gear. They're above the clouds. Storage to new heights. So guys, aviatrix pace is love the name. I think it's great. Certified. This is all about getting things engineered. So that level of certification I want to get into that. But first take us through the day in the life on a SAS. And just to point out, Stacy's a squad leader. So he's He's like Squadron leader, quadrant leader, quadrant leader. So it's got a bunch of pieces underneath him, but share your perspective day in the life. We'll start with you. >>Sure, So I have actually a whole team that works for me both in the in the North America, both in the U. S. And in Mexico. And so I'm eagerly working to get them certified as well, so I can become a squad leader myself. But it's important because one of the critical gaps that we found is people having the networking background. Because there you graduate from college and you have a lot of computer science background. You can program. We've got python, but now working and packets they just don't get. And so just taking them through all of the processes that it's really necessary to understand when you're troubleshooting is really critical. And, um, because you're going to get an issue where you need to figure out where, exactly is that happening on the network, you know, is by my issue just in a vpc is on the instant side is a security group or is it going on prim? And is this something actually embedded within Amazon itself? I mean, I trouble shot an issue for about six months going back and forth with Amazon, and it was the VW VPN because they were auto scaling on two sides, and we ended up having to pull out the Cisco's and put in aviatrix so I could just say OK, it's fixed and actually actually help the application teams get to that and get it solved. But I'm taking a lot of junior people and getting them through that certification process so they can understand and see the network The way I see the network, I mean, look, I've been doing this for 25 years, but I got out when I went in the Marine Corps. That's what I did and coming out The network is still the network, but people don't get the same training they get. They got >>just so he just write some software that takes care of itself, but we'll come back to that. I want to come back to that problem solve with Amazon, but I think the only thing I have to >>add to that is that it's always the network as long as I've been in. Networking has always been the network's fault. If you're in the I'm even to this day, you know, still, networks fault, and part of being a network guy is that you need to prove when it is and when It's not your fault. And that means you need to know a little bit about 100 different things. Make that >>And now you got a full stack. Dev Ops, you know, a lot more time. Another 100 times are changing your squadron leader. I get that right. What is? What is the squadron leader first? Could you describe what it is? I think probably just leading off with network components of it. But they from my perspective when you think about what you asked them was it's about no issues and the escalations off my days like that. That's a good outcome. That's a good day. Is a good day's a good day for you. Mention the Amazon. This brings up a good point when you have these new waves come in. You have a lot of new things. New use cases, a lot of the finger point against that guy's problem that girls problems. So what? How do you solve that? And how do you get the young guns up to speed? Is there training is that this with a certification comes in, >>whatever the certification is really going to come in I know when we, uh, we got together at reinvent one of the questions that that we had with with Steven the team was What? What should our certification look like? You know, she would just be teaching about what aviatrix troubleshooting brings to bear. But what should that be like? And I think Toby and I was like, No, no, no, no, that's going a little too high. We need to get really low because the better someone can get actually understanding what's actually happening in the network and where to actually troubleshoot the problem, how to step back each of those processes. Because without that, it's just a big black box and they don't know, you know, because everything is abstracted in Amazon and a Net and Azure and Google, it's abstracted in there. These virtual gateways they have VPN is that you just don't have the logs on is you just don't know. And so then what tools can you put in front of them of where they can look because there are full logs? Well, as long as they turned on the flow logs when I built it, you know, and there's like each one of those little things that well, if they had decided to do that when they built it, it's there. But if you can come in later to really supplement that with training to actual troubleshoot and do a packet capture here as it's going through the teaching them how to read act. Even >>so, we were talking before we came on up on stage about your career. You've been networking all your time, and then, you know, you're no mentoring a lot of younger people. How is that going? Because the people who come in fresh, they don't have all the old war stories they don't talk about, You know, it's never fall. I walk in bare feet in the snow when I was your age, so easy now, right? They say, What's your take on how you train the young piece? >>So I've noticed two things. One is that they are up to speed a lot faster in generalities of networking. They can tell you what network is in high school level now where I didn't learn that until midway through my career, and they're learning it faster, but they don't necessarily understand why it's that way here, you know, everybody thinks that it's always slash 24 for a submit, and they don't understand why you can break it down. Smaller. What? It's really necessary. So the ramp up speed is much faster for these guys that are coming in, but they don't understand why. And they need some of that background knowledge to see where it's coming from. And why is it important? And that's old guys. That's where we thrive. >>Jennifer, you mentioned you got in from the Marines helps. But when you got into networking, how what was it like that? And compare it now? Almost like we heard earlier. Static versus Dynamic. Don't be static. And then you just set the network. You got a perimeter? >>Yeah. No, there was no such thing. Yeah, no. So, back in the day, I mean, yeah, I mean, we had banyan vines for email, you know, we had token ring and I had to set up token ring networks and figure out why that didn't work. Because how many of things were actually sharing it, But then actually, just cutting fiber and running fiber cables and dropping them over, you know, shelters to plug them in, and Oh, crap. They swung it too hard and shattered. And I got a great polish this thing and actually shoot like to see if it works. I mean, that was the network crypt. Five cat, five cables to run an Ethernet, you know? And then from that to set network switches. Dumb switches like those were the most common ones you had then, actually configuring routers and, you know, logging into a Cisco router and actually knowing how to configure that. And it was funny because I had gone all the way up. It was a software product manager for a while, So I've gone all the way up the stack. And then, ah, two and 1/2 3 years ago, I came across, too, to work with NTT Group that became Victor Davis. But we went to help one of our customers, Avis, and it was like, Okay, so we need to fix the network. Okay, I haven't done this in 20 years, but all right, let's get to it, you know, because it really fundamentally does not change. It's still the network. I mean, I've had people tell me Well, you know, when we go to containers, we will not have to worry about the network. And I'm like, Yeah, you don't I >>dio. And then with this with program ability is really interesting. So I think this brings up the certification. What are some of the new things that people should be aware of that come in with the aviatrix? A certification? What are some of the highlights? Can you guys share some of the highlights around certifications? >>I think some of the importance is that its it doesn't need to be vendor specific for network generality or basic networking knowledge. And instead of learning how Cisco does something or how Palo Alto does something, we need to understand how and why it works as a basic model and then understand how each vendor has gone about that problem and solve it in a general. That's true in Multi Cloud as well. You can't learn how cloud networking works without understanding how AWS and Measure and GC P r. All slightly the same, but slightly different and some things work and some things don't. I think that's probably the number one take. >>I think having a certification across clouds is really valuable because we heard the global outside of the business issues. What does it mean to do? That code is that networking is the configurations that aviatrix what is the state matrix is a certification, but what is it about the multi cloud that makes it multi networking and multi vendor? But the >>easy answer is yes, >>yes, it's >>all got to be a general. Let's get your hands and you have to be >>right. And it takes experience because it's every every cloud vendor has their own certification. Um, whether that stops and, um, advanced networking and events, security or whatever it might be. Yeah, they can take the test, but they have no idea how to figure out what's wrong with that system in the same thing with any certification. But it's really getting your hands in there. And actually having to troubleshoot the problems, you know, actually work the problem, you know, and calm down. It's going to be OK because I don't know how many calls I've been on or even had aviatrix join me on. It's like, Okay, so everyone calm down. Let's figure out what's happening. It's like we've looked at that screen three times looking at it again. It's not going to solve that problem, right, But at the same time, remaining calm. But knowing that it really is, I'm getting a packet from here to go over here. It's not working. So what could be the problem, you know, and actually stepping them through those scenarios. But that's like, you only get that by having to do it, you know, and and seeing it and going through it. And >>I have a question. So, you know, I just see it. We started this program maybe six months ago. We're seeing a huge amount of interest. I mean, where oversubscribed on all the training sessions, we've got people flying from around the country, even with Corona virus flying to go to Seattle to go to these events were over >>subscribed. Good is that originally they would put their Yeah. Is >>that something that you see in your organizations? Are you recommending that two people do you see? I mean, I'm just I guess I'm surprised. I'm not surprised, but I'm really surprised by the demand, if you would of this multi cloud network certification. Is there really isn't anything like that? Is that something you guys could comment on? That do you see the same things in your organization I see from >>my side Because we operate in a multi cloud environments that really helps. It's beneficial. Yeah, >>I think I would add that, um, networking guys have always needed to use certifications to prove that they know what they know. It's not good enough to say. Yeah, I know. I p addresses are I know how the network works and a couple little check marks. Our little letters by your helps give you validity. So even in our team, we can say, Hey, you know, we're using these certifications to know that you know enough of the basics and enough of the understandings that you have the tools necessary, >>right? So I guess my final question for you guys is why and a certification is relevant. And then second part is share with Livestream folks who aren't yet a certified or might want to jump in to be aviator certified engineers. Why is it important? So why is it relevant? And why should someone want to be a certified engineer? >>I think my V is a little different. I think certification comes from proving that you have the knowledge not proving that you get a certification to get. I mean, they're backwards. So when you've got the training and the understanding in the you use that to prove and you can, like, grow your certification list with it versus studying for a test to get a certification and have no understanding of >>that. So that who is the right person that look at this and saying I'm qualified is a network engineer. Is that a Dev ops person? What your view? Is it a certain >>you know, I think Cloud is really the answer. It's the as we talked like the edge is getting eroded. So is the network definition getting eroded? We're getting more and more of some network. Some develop some security lots and lots of security. Because network is so involved in so many of them, that's just the next progression. >>You want to add something there, I would say expand that to more automation engineers because we have those now, so I'm probably extended >>Well, I think the training classes themselves are helpful, especially the entry level ones for people who maybe quote unquote cloud architects. But I've never done anything in networking for them to understand why we need those things to really work, Whether or not they go through it. Eventually get a certification is something different. But I really think fundamentally understanding how these things work. It makes them a better architect. Make some better application developer, but even more so as you deploy more of your applications into the cloud. Really getting an understanding even from our people have tradition down on Prem networking. They can understand how that's gonna work in the cloud. >>I know we've got just under 30 seconds left. I want to get one more question than just one more for the folks watching that are maybe younger than I don't have. The networking training from your experience is, each of you can answer. Why should they know about networking? What's the benefit? What's in it for them? Motivate them, share some insights and why they should go with the deeper and networking space we'll start with. You know, I would say it's probably fundamental right after delivery solutions networking. Use the very top. I >>would say. If you fundamental of an operating system running on a machine, how those machines talk together, um, is a fundamental change is something that starts from the base and work your way up. >>Well, I think it's a challenge because you've come from top down. Now you're going to start looking from bottom up, and you want those different systems to cross, communicate and say you built something and your overlapping eyepiece space. Not that that doesn't happen. But how can I actually make that still operate without having to re? I re platform? It's like those challenges, like those younger developers or Cisco engineers can really start to get their hands around and understand those complexities and bring that forward in their careers. >>And, you know, the pipes are working plumbing. >>That's right. >>And they know how it works. How to code it. >>That's right. >>Awesome. Thank you, guys for great insights. Ace certified engineers, also known as aces, give a round of applause. >>Yeah, Yeah, that's great. Thank you. Okay, alright, that >>concludes my portion. Thank you, Steve. Thanks for having >>on. Thank you very much. That was fantastic. Everybody >>running with John Furrier. Yeah. So Great event. Great event. I'm >>not gonna take along with that. We got lunch outside for the people here. Just a couple of things. I just called action, right? So we saw the aces. You know, for those of you out of the stream here, become a certified. It's great for your career. Is great for not knowledge is is fantastic. It's not just an aviatrix thing. It's going to teach you about cloud networking, multi cloud networking with a little bit of aviatrix, exactly what the Cisco CC IE program was for I p Network. That type of the thing that's number one second thing is, is is learn, right? So there's a There's a link up there for the for to join the community, get like I started this. This is a community. This is the kickoff to this community, and it's a movement. So go to what may be community dot IBM dot com. Starting a community of multi cloud. So you get trained learn. I'd say the next thing is we're doing over 100 seminars in across the United States and also starting into Europe. Soon we will come out and we'll actually spend a couple hours and talk about architecture and talk about those beginning things. For those of you on the you know, on the live stream in here as well. You know, we're coming to a city near you. Go to one of those events. It's a great way to network with other people that are in the industry as well is to start to learn and get on that multi cloud journey. And then I'd say the last thing is, you know, we haven't talked a lot about what aviatrix does here, and that's intentional. We want you, you know, leaving with wanting to gnome or and schedule get with us and schedule a multi our architecture workshop sessions. So we we sit down with customers and we talk about where they're at in that journey and, more importantly, where they're going and define that end state architecture from networking, compute storage, everything and everything you've heard. Today. Every panel kept talking about architecture, talking about operations. Those are the types of things that we saw. We help. You could define that canonical architecture that system architecture, that's yours. So for so many of our customers, they have three by five plotted lucid charts, architecture, drawings, and it's the customer name slash aviatrix our network architecture, and they put it on the whiteboard that's what we and that's the most valuable thing they get from us. So this becomes there 20 year network architecture, drawing that. They don't do anything without talking us. And look at that architecture. That's what we do in these multi hour workshop sessions with customers. And that's super super powerful. So if you're interested, definitely call us. And let's schedule that with our team. So anyway, I just want to thank everybody on the livestream. Thank everybody here. Hopefully it was It was very useful. I think it waas and join the movement. And for those of you here, join us for lunch and thank you very much. >>Yeah, >>yeah, yeah.

>> live from Boston, Massachusetts. It's the Cube covering AWS reinforce 2019. Brought to you by Amazon Web service is and its ecosystem partners. >> Okay, welcome back. It was two cubes. Live coverage in Boston, Massachusetts, for Amazon Web services reinforces A W s, his first inaugural conference around security, cloud security and all the benefits of security vendors of bringing. We're here with a man who runs the marketplace and more. Dave McCann Cube, alumni vice president of migration, marketplace and control surfaces. That's a new tail you were that you have here since the last time we talked. Lots changed. Give us the update. Welcome to the Cube. >> Great to be back, ma'am. Believe it's seven months of every event. >> Feels like this. Seven years. You know, you've got a lot new things happening. >> We do >> explain. You have new responsibility. You got the marketplace, which we talked about a great product solutions. What else do you have? >> So we've obviously been expanding our service portfolio, right? So either us is launching. New service is all the time. We have a set of service is a road in the migration of software. So I run. No, the immigration Service's team and interesting. We were sitting in Boston, and that's actually headquartered 800 yards down the road. So there's a set of surfaces around the tools to help you as a CEO. Move your applications onto the clothes. Marketplace is obviously where we want you to find short where you need to buy. And then once you get into the topic of governance, we had one product called Service Catalog and reinvent. We announced a new product. That was a preview called Control. Yesterday we went to G A full availability off control, Terror and Control term service catalog together are in the government space, but we're calling them control service is because it's around controlling the access off teams to particular resources. So that's control service. >> What people moving into the cloud and give us a sense of the the workload. I know you see everything but any patterns that you can see a >> lot of patterns and merging and migration, and they are very industry specific. But there are some common patterns, so you know we're doing migrations and frozen companies were weighed and professional service is run by. Todd Weatherby is engaged in hundreds of those migrations. But we also have no over 70 partners that we've certified of migration partners. Migration partners are doing three times as many migrations as our old professional service is. Team are doing so in collection. There's a lot going on there, one of the common patterns. First of all, everybody is moved a Web development other websites have done. They're all running on the AWS know what they're doing is they're modernizing new applications. So the building in Europe or bring enough over moving onto containers. So it was a lie that ran on a sever server on. As they move into the clothes, they're gonna reshape the throw away. Some of the court brief the court up into micro service is on. Deploy out, Let's see on E. C s, which is continuing. There's a lot of application organization, and then on the migration side, we're seeing applications clearly were migrating a lost a lot of ASAP. So the big partners like Deloitte and Accenture are doing a C P migrations, and we've done a lot of ASAP migrations. And then there are other business applications are being moved with particular software vendors. You know there's a company here in Boston called Pegasystems. They do a world leading workflow platform. We've worked with Pagan, and we have migrated loss of paga warped floors in dozens of paying customers up on the float. >> You innovated on the marketplace, which is where people buy so they can contract with software. So now you got moving to the cloud, buying on the cloud, consuming the cloud and then governing it and managing that aspect all under one cohesive unit. That's you. Is that good? >> Yeah, it's a good way to think about it. It's a san of engineering teams with Coleman purpose for the customer. So you know, one of the things we do AWS is we innovate a lot, and then we organize the engineering teams around a common customer needs. So we said, above all of the computer stories service is on. We pay attention to the application layer. We described the application, So if you think of a migration service is says, I've actually got a service called Discovery, I crawl over your servers and I find what you have way. Then what we do is we have a tool that says, Are you gonna bring and move the till. So you have to build a business case. We just bought a company in Canada called TSA Logic. They had a Super Two for building a business case that said, what would this absolutely running with either of us. >> So is the need of the business case. What's the courtney that you guys have focused on? What was that? >> So, interestingly, we run more Windows Server and the clothes when Microsoft. So you actually have to business keys here. So many windows servers are running on print. What does it look like when a run on either the U. S. And T s so logic? Really good, too. And we find our customers using it. That says, Here's your own prim Windows server configuration with an app on run the mortal What would it look like when it runs on AWS? >> But why would you just do that with a spreadsheet? What? What is the T s so logic do that you couldn't do especially >> well? First of all, you want to make a simple too Somebody has to go run a spreadsheet. They've turned it into a tool that a business years Ercan used a sales person you could use on. They've built on top of a database. So it's got a rich set of choices. You are richer than you put in. A special with a U IE is intuitive, and you're gonna learn it in 20 minutes. I'm not gonna have you made up >> this date in their best practice things like that that you can draw a library >> of what's going down, and it keeps the data store of all the ones we've done. So we're turning that into two. Were giving Old Toller solution architect. >> Well, you got a good thing going on with the marketplace. Good to see you wrapping around those needs there. I gotta ask for the marketplace. Just give us the latest stats. How many subscriptions air in the marketplace these days? What's the overall number in the marketplace? It's >> pretty exciting. Way decided just at San Francisco to announce that we now have over 1,000,000 active subscriptions in the marketplace, which is a main boggling number on its own 1,000,000 subscriptions. Ice of Scrape. Within those subscriptions, we've got over 240 foes and active accounts, you know, and the audience doors you could be an enterprise with 100 cases and in an enterprise. What we typically see is that there are seven or eight teams that are buying or using software, so we'll have seven or eight accounts that have the right to subscribe. So you could be a one team and you're in another team you're buying B I tools. You're buying security tools. So those accounts on what? We're announcing the show for the first time ever. Its security is we have over 100,000 security subscriptions. That's a while. That's a big number. Some companies only have 100 customers, and the market, please. Our customers are switched on 100,000 security. So >> many product listings is that roughly it's just security security. At 300 >> there's over 100 listings. Thing is a product with a price okay on a vendor could be Let's see Paolo off networks or crowdstrike or trains or semantic or McAfee or a brand new company like Twist located of Israel. These companies might have one offer or 20 offers, so we have over 800 offers from over 300. Vendors were having new vendors every week. >> That's the next question. How many security app developers are eyes? Do you have over 300? 300? Okay. About 100. Anyway, I heard >> this morning from Gartner that they believe that are over 1000 security vendors. So I'm only 30% done. I got a little work >> tonight. How >> do you >> govern all this stuff? I was a customer. Sort of Make sure that they're in compliance. >> Great question. Steven Smith yesterday was talking about governance once she moved things on the clothes. It's very elastic. You could be running it today, not running a tomato, running it in I d running in Sydney. So it's easy to fire up running everywhere. So how did the governance team of a company nor watch running where you know, you get into tagging, everything has to be tagged. Everything has to have a cord attached to it. And then you do want to control who gets to use what I may have bought about a cuter appliance. But I don't know that I gave you rates to use it, right, so we could have border on behalf of the company. But I need to grant you access. So we launched a couple of years ago. Service catalog is our first governance to and yesterday we went into full release over new to call the control tower. >> Right. What you announced way reinvents >> preview. And yesterday we went to Jenny. What control does is it Natural Owes me to set up a set of accounts. So if you think of it, your development team, you've got David Kay and tested and the product ain't your brand new to the company. I'm a little worried. What, you're going to get up. You >> don't want to give him the keys to the kingdom, >> so I'm actually going to grant you access to a set of resources, and then I'm gonna apply some rules, or what we call God reels is your brand. You you haven't read my manual, you're in the company. So I'm gonna put a set of God reels on you to make sure that you follow our guide length >> Just training. And so is pressing the wrong button, that kind of thing. So I gotta ask you I mean, on the buying side consumption. I heard you say in a talk upstairs on Monday. You have a buyer, buyer, lead, engineering teams and cellar Let engineering, which tells me that you got a lot of innovation going on the marketplace. So the results are obviously they mention the listings. But one of the trends that's here security conference and it was proper is ecosystems importance in monetization. So back in the old days, Channel partners were a big part of the old computer industry. You're essentially going direct with service listings, which is great. How does that help the channel? Is there sinking around channel as a buyer opportunity? How do you How does that work with the market? Is what your thinking around the relationship between the scale of a simplicity and efficiency, the marketplace with the relationships the channel partners may have with their customers? And how do you bridge that together? What's the thinking >> you've overstayed? Been around a long time? >> Uh, so you have 90 Sydney? Well, the channels have been modernizes the nineties. You think about a >> long time. It's really interesting when we conceived Market please candidly. Way didn't put the channel in marketplace, and in retrospect, that was a miss. Our customers are big customers or small customers. Trust some of the resellers. Some resellers operates surely on price. Some resellers bring a lot of knowledge, even the biggest of the global 2000 Fortune 100. They have a prepared advisor. Let's take a company record. You often got 700 security engineers that are blue chip companies in America trusts or they buy the software the adoptive recommends. So mark it, please really didn't accommodate for Let's Pick another One in Europe, it would be computer center. So in the last two years we've dedicated the data separate engineering team were actually opened up. A team in a different city on their sole customer is a reseller. And so we launch this thing called Consulting Partner Private offer. And so now you're Palo. Also, for your trained, you can authorize active or serious or s h I to be the re sailor at this corporation, and they can actually negotiate the price, which is what a role resellers do. They negotiate price in terms, so we've actually true reseller >> write software for fulfillment through the marketplace. Four partners which are now customers to you now so that they could wrap service is because that's something we talk to. People in the Channel number one conversation is we love the cloud. But how do I make money and that is Service is right. They all want to wrap Service's around, So okay, you guys are delivering this. Is that my getting that right? You guys are riding a direct link in tow marketplace for partners, and they could wrap service is around there, >> will you? Seeing two things? First of all, yes. We're lowering the resale of to sell the software for absolutely. So you re sailor, you can quote software you build rebuild for you so that I become the billing partner for a serious or a billing partner for active on active can use marketplace to fulfill clothes software for their customers. Dan Burns to see you about pretty happy. You crossed the line into a second scenario, which is condone burns attached. Service is on. Clearly, that's a use case we hear usually would we hear use cases way end up through feeling that a little, little not a use case I have enabled, but we've done >> what you're working on It. We've had what the customer. How does the reseller get into the marketplace? What kind of requirements are there. Is it? Is it different than some of your other partners, or is it sort of a similar framework? >> They have to become an approved resale or so First of all, they have to be in a peon partner. I mean, we work tightly with a p N e p M screens partners for AWS. So Josh Hoffman's team Terry Wise, his team, whole part of team screen. The reseller we would only work with resellers are screened and approved by the PM Wants the AP en approved way have no set up a dedicated program team. They work with a reseller with trained them what's involved. Ultimately, however, the relationship is between Splunk in a tree sailor, a five and a three sailor named after a tree sailor or Paulo trend or Croat straight. So it's up to the I S V to tail us that hey, computer centers my reseller. I don't control that relationship. A fulfillment agent you crow strike to save resellers, and I simply have to meet that work so that I get the end customer happy. >> So your enabler in that instance, that's really no, I'm >> really an engine, even team for everybody engineer for the Iast way, engineer for the buyer. And they have to engineer for the re. So >> you have your hands in a lot of the action because you're in the middle of all this marketplace and you must do a lot of planning. I gotta ask you the question and this comes up. That kind of put on my learning all the Amazon lingo covering reinvent for eight years and covering all the different events. So you gotta raise the bar, which is an internal. You keep innovating. Andy Jassy always sucks about removing the undifferentiated heavy lifting. So what is the undifferentiated heavy lifting that you're working toe automate for your customers? >> Great questions. Right now there's probably three. We'll see what the buyer friction is, and then we'll talk about what the sale of friction is. The buyer frustration that is, undifferentiated. Heavy lifting is the interestingly, it's the team process around choosing software. So a couple of customers were on stage yesterday right on those big institutions talked about security software. But in order for an institution to buy that software, there are five groups involved. Security director is choosing the vendor, but procurement has to be involved. Andre. No procurement. We can't be left out the bit. So yesterday we did. The integration to Cooper is a procurement system. So that friction is by subscribing marketplace tied round. Match it with appeal because the p O is what goes on the ledgers with the company. A purchase order. So that has to be a match in purchase order for the marketplace subscription. And then engineers don't Tidwell engineers to always remember you didn't tag it. Hi, this finance nowhere being spent. So we're doing work on working service catalog to do more tagging. And so the buyer wants good tagging procurement integrated. So we're working on a walk slow between marketplace service catalog for procurement. >> Tiring. So you've kind of eliminated procurement or are eliminating procurement as a potential blocker, they use another. Actually, we won't be >> apart for leading procurement. VPs want their V piece of engineering to be happy. >> This is legal. Next. Actually, Greek question. We actually tackled >> legal. First, we did something called Enterprise Code tracked and our customer advisory board Two years ago, one of our buyers, one of our customers, said we're gonna be 100 vendors to deploy it. We're not doing 100 tracks. We've only got one lawyer, You know, 6000 engineers and one lawyer. Well, lawyers, good cord is quickly. So we've created a standard contract. It take stain to persuade legal cause at risk. So we've got a whole bunch of corporations adopting enterprise contract, and we're up to over 75 companies adopting enterprise contract. But legal is apartment >> so modernizing the procurement, a key goal >> procurement, legal, security, engineering. And then the next one is I t finance. So if you think of our budgets on their course teams on AWS, everything needs to be can become visible in either of US budgets. And everything has become visible in course exporter. So we have to call the rate tags. >> I heard a stat that 6,000,000 After moving to the cloud in the next 6,000,000 3 to 5 years, security as a focus reinforces not a summit. It's branded as a W s reinforce, just like reinvents. Same kind of five year for security. What's your impression of the show so far? No, you've been highly active speaking, doing briefing started a customer's burn, the midnight oil with partners and customers What's that? What's your vibe of the show? What's your takeaway? What's the most important thing happening here? What's your what's your summary? >> So I always think you get the truth in the booth. Cut to the chase. I made a customer last night from a major media company who we all know who's in Los Angeles. His comment was weeks, either. These expectations wasn't she wanted to come because he goes to reinvent. Why am I coming to Boston in June? Because I'm gonna go to reinvent November on this. The rates of security for a major media company last night basically said, I love the love. The subject matter, right? It's so security centric. He actually ended up bringing a bunch of people from his team on, and he loves the topics in the stations. The other thing he loved was everybody. Here is insecurity, reinvent. There's lots of people from what's the functions, But everybody here is a security professional. So that was the director of security for a media company. He was at an event talking to one of the suppliers, the marketplace. I asked this president of a very well known security vendor and I said. So what's your reaction to reinforce? And he said, Frankly, when you guys told me it was coming, we didn't really want the bother. It's the end of the quarter. It's a busy time of year. It's another event, he said. I am sure glad we came on. He was standing talking to these VP of marketing, saying, We want to bring more people, make sure, So he's overjoyed. His His comment was, when I go to Rio event 50,000 people but only 5% of their own security. I can't reinforce everybody's insecurity >> in Houston in 2020. Any inside US tow? Why Houston? I have no clue what I actually think >> is really smart about the Vineyard, and this is what a customer said Last night. I met a customer from Connecticut who isn't a load to travel far. They don't get to go to reinvent in Vegas. I think what we did when we came to Boston way tapped into all the states that could drive. So there are people here who don't get to go to reinvent. I think when we go to Houston, we're going to get a whole bunch of takes its customers. Yeah, you don't get a flight to Vegas. So I think it's really good for the customer that people who don't get budget to travel >> makes sense on dry kind of a geographic beograd. The world >> if we're expanding the customers that can learn. So from an education point of view, we're just increase the audience that we're teaching. Great, >> Dave. Great to have you on. Thanks for the insights and congratulations on the new responsibility as you get more coz and around marketplace been very successful. 1,000,000 subscriptions. That's good stuff again. They were >> you reinvented and >> a couple of months, Seven days? What? We're excited. I love covering the growth of the clouds. Certainly cloud security of his own conference. Dave McCann, Vice president Marketplace Migration and Control Service is controlled cattle up. How they how you how you move contract and governed applications in the future. All gonna be happening online. Cloud Mr. Q coverage from Boston. They just reinforced. We right back with more after this short break

>> live from Las Vegas. It's the queue covering Inform Attica, World 2019. Brought to you by in from Attica. >> Welcome back, everyone to the cubes. Live coverage of infra Matic A world. I am your host, Rebecca Night, along with my co host, John Furrier. We are joined by sir Rushman, and he is the senior vice president and general manager. Master Data Management here it in from Attica. Thank you so much for coming on the show. >> Thank you. It's great to be back. >> Great to welcome a Cube alum. So a major theme of this conference is customer 3 60 It's about customers need for trusted accurate data as they embark on their own digital transformation initiatives. Can you just talk a little bit about what you're hearing, what you're hearing from customers, what their priorities are? >> Yeah, absolutely. You know, with MGM, the promise of MGM has always been creating a trusted, authoritative version ofthe any business critical entity on DH who are the most important business critical entities for any organization customers. So almost 80 to 90% off. You know, if our customers are talking about re inventing a new customer experience because some >> of the >> things that they've been telling us is that we've all learned, you know, in the past that bad customer experience means that, you know, we've all had those experiences. We goto hotel, we use a particular airline, we have bad experience and we say, Promise ourselves we'll never go back there again. So organizations have always for years now understood that there is a cost to not delivering a good enough customer experience. The big change that I'm hearing, at least over the last you know, you're also now and especially at this event, is that organizations have now been able to quantify what great customer experience can mean in terms ofthe a premium that they can charge for that products or services. Now that is a big shift. When you start thinking about saying if I'd deliver a better customer experience, I'm actually be able to charge 10 cents more for a cup of coffee. I can charge, you know, 20% more for an airline ticket that now has a direct impact on the top line >> and data drives. This obviously data's a key part of it. What's changed this last year, I mean a lot happened. We see on the regular tourist my one year anniversary of GDP are a lot of pressure around regulation. We see everyone sees Facebook and goes, Oh my God, maybe I don't want to follow that trap. Woman Enterprise pressure to develop sass like applications with data because we know what cloud native and born the Cloud looks like. We've seen companies come out of the woodwork from his fresh start and used data as part of the input with a IE application for great software. So now the enterprise I want to do that exactly. It's hard, >> it's hard. And I think you know, they're in a lot of organizations minds, you know, collective minds. This is cushion pulled because in order to deliver that best possible customer experience, they realize they need to gather more data about us, right? Every in every touch, point, every interaction. If you can gain that complete 3 60 view, it just means that you'd be able to deliver better possible experience. But now you're gathering more data about customers into your example about Facebook. Now means that we in our custodians off what was you know, an explosion of data than what we used to have before. And if you're moving those to the cloud, how do I make sure that I don't end up, you know, in the front page of The Wall Street Journal? You know, like some of the other organizations have. So there is great, you know, volumes of data being collected. But how do I manage it? Secure it government effectively so that we don't have those? >> Don't ask a question. I have been talking a lot about fake news and Facebook lately because, you know, we're digital Cuba's official distribution. 10 years been doing it, putting out good payload with content. Great gets like yourself. But this really kind of too things. That's where I want to get your reaction to. There's the content payload. And then there's the infrastructure dynamics of network effect. So Facebook is an example where there was no regulation, I'll say they were incentive to actually get more data from the users, but she got content or data and then you got infrastructure kind of like dynamics. You guys are looking at an end to end. You got on premises to cloud that's it structure, and that's going to be powering the aye Aye, And the SAS data becomes the payload, right? So what? You're a zoo, a product management executive and someone thinking about the customer and talking to customers. How do you view that? What's the customers formula for success to take advantage of the best use of the content or data and digital while maximizing the opportunities around these new kinds of infrastructure scale and technology? >> Yeah, I think you know, they've come to the realization that data is not entirely sitting on premise animal, you know, in the in the in the old World, to get customer data, you go 23 applications of CR m nd R B and some kind of, you know, a couple of homegrown applications in on premise now for the same functionality. But that's wise of customer customer experience applications that whatever you call it, there's an app for it. And it happened to reside in the clouds. So now you have about 1,100 on average cloud applications that store components. So where do you where do you start bringing all of that content together? A lot of organizations have realized that, you know, do it in the cloud for two reasons because that's where the bulk of this data is being generated. That's where the bulk of this data is being consumed. But the other aspect of it is we're not no longer talking about hundreds of millions of records, but I just thought bringing in transaction data interaction later don't know billions of records, And where else can you scale with that? Much is other than the club s O. But at the same time, that is, there is a hybrid that is extremely important because those applications are sitting on premise are not going away. You know, they still serve up a lot of valuable customer data and continue to be frontline operation systems for a lot of the user. So a truly hybrid approach is being developed. I think that thought process is coming around where some domains live in the clouds. Some domains live on premise, but it's seamless experience across book. >> That's great insight I wanted Then follow up and ask you Okay, how did in from Attica fitted that because you guys want to provide that kind of horrors? Office scaleable data layer, depending on where the customer's needs are at any given time you got a pea Eye's out. There's things that Where do you guys How do you make that a reality? That statement you just made? >> Yeah. And the reality is eyes already being, you know, being lived today with a few of the few of our customers on it is that data layer that says, you know, we can, you know, bring data run work loads that are behind the firewall. We can do the same work, load in the cloud if that's where you want to scale the new workloads, but at the same time have a data layer that looks like one seamless bridge between the cloud and on premise. And that a number of different experiences that can, you know, help that we've invested in cloud, you know, designing and monitoring capabilities that allow view for a completely cloud like experience. But all of the data still decides on premise. It's still being managed and behind your firewalls, which is where a lot of the organizations are going as well, especially more conservative, more regulated organisations. >> One of things. I want to get your reaction to a swell, great great commentary, By the way, Great Insight is some success examples that might not be directly the inn from Attica, but kind of point to some of the patterns. Let's take slack, for instance, Great software. It's basically an IRC measures chat room with on the Web with great user experience. But the adoption really kicked in when they built integration points into other systems. So this seems to be a fundamental piece of informatics. Opportunity is, you kind of do this layer, but also integrating it. Because although you might have monitoring, I might want to use a better monitoring system. So So you're now thinking about immigration. How do you respond to that? What are you guys doing? Respected. Integration? What's What's the product touchpoints can He shared a commentary >> on Yeah, So you know, the openness off our entire data architecture and all of the solutions is something that we you know, I think they use the word Switzerland quite often. But what it also means is that you know, you are able to plug in a best of breed execution engine for a particular workload on a particular platform if you so desire. If you want to plug in a you know I am a model that happened to be developed on a specific let's say, an azure or a W You'd be ableto bring that in because the architecture's open completely FBI driven as a zoo mentioned. So we're able tto. Our customers have the flexibility to plug in, and we try to make that a little easier for them also, you know, as you might have seen some of the demos yesterday, we are providing recommendations and saying, You know, for this particular segment of your work, Lord, here are the choices that we recommend to you. And that's where Claire Gia, you know, comes in because it's very hard for users to keep up with all of the different possibilities. You know, our options that they might be having in that particular day, the landscape, and we can provide those recommendations to them. >> I want to ask about something you were saying earlier, and this is the company's heir using data to realize that they can charge a premium for a better customer experience. And that really requires a change in mindset from a gut driven decision making to a data driven decision making method and approach. How how are you seeing this? This mindset shift is it? Our company is still having a hard time sort of giving up my guts, telling me to do this in particular, with relationship to the new thie acquisition you made in February of all site. >> Yes. You know, I think the good news is, you know, across the board line of business leaders, CEOs, even boards are now recognizing custom experience. Customer engagement happened to be top of mind, but there's also equally react. You know, a recognition that data is what is going to help, you know, make this a reality. But so that was one of the reasons why you went out and, you know, do this acquisitions also, because if you think about it, customer data is no longer just a handful of slowly changing attributes like a name and address and telephone number or social media handles that, you know, you could be used to contact us. But it's really about now. Thousands of interactions we might have on the websites Click stream data Web chat, you know, even calls into call centers. All of this and even what we're tweeting about a product or service online is all the interactions and touch points that need to be pulled in and the dogs have to be connected in order. Bill that customer profile. So we have to do the scale, and that's something that Alcide, you know, has been doing very well. But it's now become more about just connecting the dots. So we can say, Here is this customer and this is the all the different Touchpoints customers had all the different products of purchase from us over the last few months. Few years. But now can we derive some inside some intelligence? So if I'm connecting four pieces of information cannot in for a life event, can I detect that an insurance customers ready to retire? Can I detect that this family is actually shopping for a vacation to Hawaii? That's the first level off Dr Intelligence Insight that we can now offer with. Also, the next level is also about saying >> cannot be >> understanding. You know, some of these, you know, intent. Can we also understand how happy is this customer, you know, have been mentioning competitive product, which can allow us to infer that person probably going to go off and buy a competitors product. If this problem they're having with this device or product is not resolved, so turn scoring, sentiment scoring. And now the third level on top of that which I think is really the game changer, is now. Can we in for what the next best action or interaction should be based upon all these things? Can we even do things such as, as I left here, not too happy customer with a particular maybe laptop that I, you know, perches I called the call center can before as a call is coming through, can we in for what I'm calling about based upon all of the interactions have had over the recent past and direct that call to 11 to 11 3 Technician who specialized in the laptop model >> that I have >> in orderto make me continue to be a customer for life. >> One of the biggest challenge is happening in the in the technology industry is the skills gap. I want to hear your thoughts on it and also how they help my how concerned are you about finding qualified candidates for your roles? >> So, you know, I think being a globally, you know, global organization with R and D centers distributed around the world. I think one of the luxuries we have is we're able to look across not just, you know, way from Silicon Valley, you know? And you know, there is a definitely a huge competition for skills over there. I think one of the things that we've been able to do is locations like Toronto we were just talking about. That's where Alcide is based. Extremely cool technology that's come out, that that's, you know, really transforming organisations and their approach. The customers stood guard, doubling bangle or Chennai Hyderabad. So you know, we are tapping into centers that have lots of skilled, you know, folks on DH calling hedging our you know, our approach and looking at this globally. Yes, there's definitely going to be even more of a demand as a lot of technology changes go for these skills. But I think, you know, by spreading you know that skills and having complete developed R and D centers in each of those locations helps us mitigate the farm. >> What about kids in school, elementary school, high school, college or even people retraining? Is there a certain discipline? Stats, philosophy, ethics will you see data opportunities for folks that may or may not have been obvious or even in place. I mean, Berkeley just had their first graduating class of data science this year. I mean, that's that's so early. People wanna hone in. What's what do you see? Its success for people attaining certain certain skills. What do you recommend? >> So I think that is definitely a combination ofthe technical skills, whether it is the new a n M L applications. But I think that is also, you know, in the past, we would have said, Let's go on higher than someone who has done computer science You know, on is very deep in that topic. But look at the problems we're trying to solve with data on the application of the animal. They're all in service of a business outcome, some kind of a business on DH more, we find people who are able to bridge the gap between strong application off the newer technologies on a animal and also an understanding off the broader world. And the business, I think, is really the combination of skills is really what's going to be required to succeed. >> Excellent, great note to end on. Thank you so much, sir. Arrest for coming on the show. >> Thank you. Thanks. >> I'm Rebecca Knight for John Furrier. You are watching the Cube.