>>Hello, and welcome to the cubes presentation of the AWS startup showcase. This is season two, episode four, the ongoing series covering exciting startups from the AWS ecosystem to talk about cyber security. I'm your host, John feer. And today we're excited to join by a Mediatel Walker, CEO of Quin security and sub IER, vice president of product management of sequence security gentlemen, thanks for joining us today on this showcase. >>Thank you, John PRAs. >>So the title of this session is continuous API protection life cycle to discover, detect, and defend security. APIs are part of it. They're hardened, everyone's using them, but they're they're target for malicious behavior. This is the focus of this segment. You guys are in the leading edge of this. What are the biggest challenges for organizations right now in assessing their security risks? Because you're seeing APIs all over the place in the news, just even this week, Twitter had a whistleblower come out from the security group, talking about their security plans, misleading the FTC on the bots and some of the malicious behavior inside the API interface of Twitter. This is really a mainstream Washington post is reporting on it. New York times, all the global outlets are talking about this story. This is the risk. I mean, yeah, this is what you guys do protect against this. >>Yeah, this is absolutely top of mind for a lot of security folks today. So obviously in the media and the type of attack that that is being discussed with this whistleblower coming out is called reputation bombing. This is not new. This has been going on since I would say at least eight to 10 years where the, the bad actors are using bots or automation and ultimately using APIs on these large social media platforms, whether it's Facebook, whether it's Twitter or some other social media platform and messing with the reputation system of those large platforms. And what I mean by that is they will do fake likes, fake commenting, fake retweeting in the case of Twitter. And what that means is that things that are, should not be very popular, all of a sudden become popular. That that way they're able to influence things like elections, shopping habits, personnel. >>We, we work with similar profile companies and we see this all the time. We, we mostly work on some of the secondary platforms like dating and other sort of social media platforms around music sharing and things like video sharing. And we see this all the time. These, these bots are bad. Actors are using bots, but ultimately it's an API problem. It's not just a bot problem. And that's what we've been trying to sort of preach to the world, which is your bot problem is subset of your API security challenges that you deal as an organization. >>You know, IMIA, we talked about this in the past on a previous conversation, but this really is front and center mainstream for the whole world to see around the challenges. All companies face, every CSO, every CIO, every board member organizations out there looking at this security posture that spans not just information technology, but physical and now social engineering. You have all kinds of new payloads of malicious behavior that are being compromised through, through things like APIs. This is not just about CSO, chief information security officer. This is chief security officer issues. What's your reaction >>Very much so I think the, this is a security problem, but it's also a reputation problem. In some cases, it's a data governance problem. We work with several companies which have very restrictive data governance and data regulations or data residency regulations there to conform to those regulations. And they have to look at that. It's not just a CSO problem anymore. In case of the, the news of the day to day, this is a platform problem. This goes all the way to the, that time CTO of Twitter. And now the CEO of Twitter, who was in charge of dealing with these problems. We see as just to give you an example, we, we work, we work with a similar sort of social media platform that allows Oop based login to their platform that is using tokens. You can sort of sign in with Facebook, sign in with Twitter, sign in with Google. These are API keys that are generated and trusted by these social media platforms. When we saw that Facebook leaked about 50 million of these login credentials or API keys, this was about three, four years ago. I wrote a blog about it. We saw a huge spike in those API keys being used to log to other social media platforms. So although one social platform might be taking care of its, you know, API or what problem, if something else gets reached somewhere else, it has a cascading impact on a variety of platforms. >>You know, that's a really interesting dynamic. And if you think about just the token piece that you mentioned, that's kind of under the coverage, that's a technology challenge, but also you get in the business logic. So let's go back and, and unpack that, okay, they discontinue the tokens. Now they're being reused here. In the case of Twitter, I was talking to an executive here in Silicon valley and they said, yeah, it's a cautionary tale, for sure. Although Twitter's a unique situation, but they abstract out the business value and say, Hey, they had an M and a deal on the table. And so if someone wants to unwind that deal, all I gotta say is, Hey, there's a bot problem. And now you have essentially new kinds of risk in the business have nothing to do with some sign the technology, okay. They got a security breach, but here with Twitter, you have an, an, an M and a deal, an acquisition that's being contested because of the, the APIs. So, so if you're in business, you gotta think to yourself, what am I risking with my API? So every organization should be assessing their security risks, tied to their APIs. This is a huge awakening for them. Where should they start? And that's the, that's the core question. Okay. You got my attention risks with the API. What do I do? >>So when I talked to you in my previous interview, the start is basically knowing what to, in most cases, you see these that are hitting the wire much. Every now there is a major in cases you'll find these APIs are targeted, that are not poorly protected. They're absolutely just not protected at all, which means the security team or any sort of team that is responsible for protecting these APIs are just completely unaware of these APIs being there in the first place. And this is where we talk about the shadow it or shadow API problem. Large enterprises have teams that are geo distributed, and this problem is escalated after the pandemic even more because now you have teams that are completely distributed. They do M and a. So they acquire new companies and have no visibility into their API or security practices. And so there are a lot of driving factors why these APIs are just not protected and, and just unknown even more to the security team. So the first step has to be discover your API attack surface, and then prioritize which APIs you wanna target in terms of runtime protection. >>Yeah. I wanna dig into that API kind of attack surface area management, runtime monitoring capability in a second, but so I wanna get you in here too, because we're talking about APIs, we're talking about attacks. What does an API attack look like? >>Yeah, that's a very good question, John, there are really two different forms of attacks of APIs, one type of attack, exploits, APIs that have known vulnerabilities or some form of vulnerabilities. For instance, APIs that may use a weak form of authentication or are really built with no authentication at all, or have some sort of vulnerability that makes them very good targets for an attacker to target. And the second form of attack is a more subtle one. It's called business logic abuse. It's, it's utilizing APIs in completely legitimate manner manners, but exploiting those APIs to exfiltrate information or key sensitive information that was probably not thought through by the developer or the designers or those APIs. And really when we do API protection, we really need to be able to handle both of those scenarios, protect against abuse of APIs, such as broken authentication, or broken object level authorization APIs with that problem, as well as protecting APIs from business logic abuse. And that's really how we, you know, differentiate against other vendors in this >>Market. So just what are the, those key differentiated ways to identify the, in the malicious intents with APIs? Can you, can you just summarize that real quick, the three ways? >>Sure. Yeah, absolutely. There are three key ways that we differentiate against our competition. One is in the, we have built out a, in the ability to actually detect such traffic. We have built out a very sophisticated threat intelligence network built over the entire lifetime of the company where we have very well curated information about malicious infrastructures, malicious operators around the world, including not just it address ranges, but also which infrastructures do they operate on and stuff like that, which actually helps a lot in, in many environments in especially B2C environments, that alone accounts for a lot of efficacy for us in detecting our weed out bad traffic. The second aspect is in analyzing the request that are coming in the API traffic that is coming in and from the request itself, being able to tell if there is credential abuse going on or credential stuffing going on or known patterns that the traffic is exhibiting, that looks like it is clearly trying to attack the attack, the APM. >>And the third one is, is really more sophisticated as they go farther and farther. It gets more sophisticated where sequence actually has a lot of machine learning models built in which actually profile the traffic that is coming in and separate. So the legitimate or learns the legitimate traffic from the anomalous or suspicious traffic. So as the traffic, as the API requests are coming in, it automatically can tell that this traffic does not look like legitimate traffic does not look like the traffic that this API typically gets and automatically uses that to figure out, okay, where is this traffic coming from? And automatically takes action to prevent that attack? >>You know, it's interesting APIs have been part of the goodness of cloud and cloud scale. And it reminds me of the old Andy Grove quote, founder of, in one of the founders of Intel, you know, let chaos, let, let the chaos happen, then reign it in it's APIs. You know, a lot of people have been creating them and you've got a lot of different stakeholders involved in creating them. And so now securing them and now manage them. So a lot of creation now you're starting to secure them and now you gotta manage 'em. This all is now big focus. As you pointed out, what are some of the dynamics that customers who have to deal with on the product side and, and organization, let, let chaos rain, and then rain in the chaos, as, as the saying goes, what, what do companies do? >>Yeah. Typically companies start off with like, like a mayor talked about earlier. Discovery is really the key thing to start with, like figuring out what your API attack surfaces and really getting your arms around that problem. And typically we are finding customers start that off from the security organization, the CSO organization to really go after that problem. And in some cases, in some customers, we even find like dedicated centers of excellence that are created for API security, which go after that problem to be able to get their arms around the whole API attack surface and the API protection problem statement. So that's where usually that problem starts to get addressed. >>I mean, organizations and your customers have to stop the attacks. A lot of different techniques, you know, run time. You mentioned that earlier, the surface area monitoring, what's the choice. What's the, where are, where are, where is everybody? Is everyone in the, in the boiling water, like the frog and boiling water or they do, they know it's happening? Like what did they do? What's their opportunity to get in >>Position? Yeah. So I, I think let's take a step back a little bit, right? What has happened is if you draw the cloud security market, if you will, right. Which is the journey to the cloud, the security of these applications or APIs at a container level, in terms of vulnerabilities and, and other things that market grew with the journey to the cloud, pretty much locked in lockstep. What has happened in the API side is the API space has kind of lacked behind the growth and explosion in the API space. So what that means is APIs are getting published way faster than the security teams are able to sort of control and secure them. APIs are getting published in environments that the security completely unaware of. We talked about in the past about the parameter, the parameter, as we know, it doesn't exist anymore. It used to be the case that you hit a CDN, you terminate your SSL, you stop your layer three and four DDoS. >>And then you go into the application and do the business logic. That parameter is just gone because it's now could be living in multi-cloud environment. It could be living in the on-prem environment, which is PubNet is friendly. And so security teams that are used to protecting apps, using a perimeter defense plus changes, it's gone. You need to figure out where your perimeter is. And therefore we sort of recommend an approach, which is have a uniform view across all your APIs, wherever they could be distributed and have a single point of control across those with a solution like sequence. And there are others also in this space, which is giving you that uniform view, which is first giving you that, you know, outside and looking view of what APIs to protect. And then let's, you sort of take the journey of securing the API life cycle. >>So I would say that every company now hear me out on this indulges me for a second. Every company in the world will be non perimeter based, except for maybe 5% because of maybe unique reason, proprietary lockdown, information, whatever. But for most, most companies, everyone will be in the cloud or some cloud native, non perimeter based security posture. So the question is, how does your platform fit into that trajectory? And specifically, why are you guys in the position in your mind to help customers solve this API problem? Because again, APIs have been the greatest thing about the cloud, right? Yeah. So the goodness is there because of APS. Now you gotta reign it in reign in the chaos. Yeah. What, what about your platform share? What is it, why is it win? Why should customers care about this? >>Absolutely. So if you think about it, you're right, the parameter doesn't exist. People have APIs deployed in multiple environments, multicloud hybrid, you name it sequence is uniquely positioned in a way that we can work with your environment. No matter what that environment is. We're the only player in this space that can protect your APIs purely as a SA solution or purely as an on-prem deployment. And that could be a SaaS platform. It doesn't need to be RackN, but we also support that and we could be a hybrid deployment. We have some deployments which are on your prem and the rest of this solution is in our SA. If you think about it, customers have secured their APIs with sequence with 15 minutes, you know, going live from zero to life and getting that protection instantaneously. We have customers that are processing a billion API calls per day, across variety of different cloud environments in sort of six different brands. And so that scale, that flexibility of where we can plug into your infrastructure or be completely off of your infrastructure is something unique to sequence that we offer that nobody else is offering >>Today. Okay. So I'll be, I'll be a naysayer. Yeah, look, it, we are perfectly coded APIs. We are the best in the business. We're locked down. Our APIs are as tight as a drum. Why do I need you? >>So that goes back to who's answer. Of course, >>Everyone's say that that's, that's great, but that's my argument. >>There are two types of API attacks. One is a tactic problem, which is exploiting a vulnerability in an API, right? So what you're saying is my APIs are secure. It does not have any vulnerability I've taken care of all vulnerabilities. The second type of attack that targets APIs is the business logic. Use this stuff in the news this week, which is the whistleblower problem, which is, if you think APIs that Twitter is publishing for users are perfectly secure. They are taking care of all the vulnerabilities and patching them when they find new ones. But it's the business logic of, you know, REWE liking or commenting that the bots are targeting, which they have no against. Right. And then none of the other social networks too. Yeah. So there are many examples. Uber wrote a program to impersonate users in different geo locations to find lifts, pricing, and driver information and passenger information, completely legitimate use of APIs for illegitimate, illegitimate purpose using bots. So you don't need bots by the way, don't, don't make this about bot versus not. Yeah. You can use APIs sort of for the, the purpose that they're not designed for sort of exploiting their business logic, either using a human interacting, a human farm, interacting with those APIs or a bot form targeting those APIs, I think. But that's the problem when you have, even when you've secured all your problem, all your APIs, you still have to worry about these of challenges. >>I think that's the big one. I think the business logic one, certainly the Twitter highlights that the Uber example is a good one. That is basically almost the, the backlash of having a simplistic API, which people design to. Right. Yeah. You know, as you point out, Twitter is very simple API, hardened, very strong security, but they're using it to maliciously manipulate what's inside. So in a way that perimeter's dead too. Right. So how do you stop that business logic? What's the, what's the solution what's the customer do about that? Because their goal is to create simple, scalable APIs. >>Yeah. I'll, I'll give you a little bit, and then I think Subaru should maybe go into a little bit of the depth of the problem, but what I think that the answer lies in what Subaru spoke earlier, which is our ML. AI is, is good at profiling plus split between the API users, are these legitimate users, humans versus bots. That's the first split we do. The split second split we do is even when these, these are classified users as bots, we will say there are some good bots that are necessary for the business and bad bots. So we are able to split this across three types of users, legitimate humans, good bots and bad bots. And just to give you an example of good bots is there are in the financial work, there are aggregators that are scraping your data and aggregating for end users to consume, right? Your, your, and other type of financial aggregators FinTech companies like MX. These are good bots and you wanna allow them to, you know, use your APIs, whereas you wanna stop the bad bots from using your APIs super, if you wanna add so, >>So good bots versus bad bots, that's the focus. Go ahead. Weigh in, weigh in on your thought on this >>Really breaks down into three key areas that we talk about here, sequence, right? One is you start by discovering all your APIs. How many APIs do I have in my environment that ly immediately highlight and say, Hey, you have, you know, 10,000 APIs. And that usually is an eye opener to many customers where they go, wow. I thought we had a 10th of that number. That usually is an eyeopener for them to, to at least know where they're at. The second thing is to tell them detection information. So discover, detect, and defend detect will tell them, Hey, your APIs are getting traffic from. So and so it addresses so and so infrastructure. So and so countries and so on that usually is another eye opener for them. They then get to see where their API traffic is coming from. Let's say, if you are a, if you're running a pizza delivery service out of California and your traffic is coming from Eastern Europe to go, wait a minute, nobody's trying, I'm not, I'm not, I don't deliver pizzas in Eastern Europe. Why am I getting traffic from that part of the world? So that sort of traffic immediately comes up and it will tell you that it is hitting your unauthenticated API. It is hitting your API. That has, that is vulnerable to a broken object level, that authorization, vulnerable be and so on. >>Yeah, I think, and >>Then comes the different aspect. Yeah. The different aspect is where you can take action and say, I wanna block certain types of traffic, or I wanna rate limit certain types of traffic. If, if you're seeing spikes there or you could maybe insert header so that it passes on to the end application and the application team can use that bit to essentially take a, a conscious response. And so, so the platform is very flexible in allowing them to take an action that suits their needs. >>Yeah. And I think this is the big trend. This is why I like what you guys are doing. One APIs we're built for the goodness of cloud. They're now the plumbing, you know, anytime you see plumbing involved, connection points, you know, that's pretty important. People are building it out and it has made the cloud what it is. Now, you got a security challenge. You gotta add more intelligence, more smarts to it. This is where I think platform versus tools matter. Can you guys just quickly share your thoughts on that? Cuz a lot of your customers and, and future customers have dealt with the sprawls of all these different tools. Right? I got a tool for this. I got a tool for that, but people are gravitating towards platforms, but how many platforms can a customer have? So again, this brings up the point point around how you guys are engaging with customers. Can you share your thoughts on tooling platforms? Your customers are constantly inundated with the same tsunami. Isn't new thing. Why, what, how should they look at this? >>Yeah, I mean, we don't wanna be, we don't wanna add to that alert fatigue problem that affects much of the cybersecurity industry by generating a whole bunch of alerts and so on. So what we do is we actually integrate very well with S IEM systems or so systems and allow customers to integrate the information that we are detecting or mitigating and feed them onto enterprise systems like a Splunk or a Datadog where they may have sophisticated processes built in to monitor, you know, spikes in anomalous traffic or actions that are taken by sequence. And that can be their dashboard where a whole bunch of alerting and reporting actually happens. So we play in the security ecosystem very well by integrating with other products and integrate very tightly with them, right outta the box. >>Okay. Mia, this is a wrap up now for the showcase. Really appreciate you guys sharing your awesome technology and very relevant product for your customers and where we are right now in this we call Supercloud or now multi-cloud or hybrid world of cloud. Share a, a little bit about the company, how people can get involved in your solution, how they can consume it and things they should know about, about sequence security. >>Yeah, we've been on this journey, an exciting journey it's been for, for about eight years. We have very large fortune 100 global 500 customers that use our platform on a daily basis. We have some amazing logos, both in Europe and, and, and in us customers are, this is basically not the shelf product customers not only use it, but depend on sequence. Several retailers. We are sitting in front of them handling, you know, black Friday, cyber, Monday, Christmas shopping, or any sort of holiday seasonality shopping. And we have handled that the journey starts by, by just simply looking at your API attack surface, just to a discover call with sequence, figure out where your APIs are posted work with you to prioritize how to protect them in a sort of a particular order and take the whole life cycle with sequence. This is, this is an exciting phase exciting sort of stage in the company's life. We just raised a very sort of large CDC round of funding in December from Menlo ventures. And we are excited to see, you know, what's next in, in, in the next, you know, 12 to 18 months. It certainly is the, you know, one of the top two or three items on the CSOs, you know, budget list for next year. So we are extremely busy, but we are looking for, for what the next 12 to 18 months are, are in store for us. >>Well, congratulations to all the success. So will you run the roadmap? You know, APIs are the plumbing. If you will, you know, they connection points, you know, you want to kind of keep 'em simple, as they say, keep the pipes dumb and make the intelligence around it. You seem to see more and more intelligence coming around, not just securing it, but does, where does this go in your mind? Where, where do we go beyond once we secure everything and manage it properly, APRs, aren't going away, they're only gonna get better and smarter. Where's the intelligence coming share a little bit. >>Absolutely. Yeah. I mean, there's not a dull moment in the space. As digital transformation happens to most enterprise systems, many applications are getting transformed. We are seeing an absolute explosion in the volume of APIs and the types of APIs as well. So the applications that were predominantly limited to data centers sort of deployments are now splintered across multiple different cloud environments are completely microservices based APIs, deep inside a Kubernetes cluster, for instance, and so on. So very exciting stuff in terms of proliferation of volume of APIs, as well as types of APIs, there's nature of APIs. And we are building very sophisticated machine learning models that can analyze traffic patterns of such APIs and automatically tell legitimate behavior from anomalous or suspicious behavior and so on. So very exciting sort of breadth of capabilities that we are looking at. >>Okay. I mean, yeah. I'll give you the final words since you're the CEO for the CSOs out there, the chief information security officers and the chief security officers, what do you want to tell them? If you could give them a quick shout out? What would you say to them? >>My shout out is just do an assessment with sequence. I think this is a repeating thing here, but really get to know your APIs first, before you decide what and where to protect them. That's the one simple thing I can mention for thes >>Am. Thank you so much for, for joining me today. Really appreciate it. >>Thank you. >>Thank you. Okay. That is the end of this segment of the eight of his startup showcase. Season two, episode four, I'm John for your host and we're here with sequin security. Thanks for watching.

>>Hey, welcome back everyone to the cubes coverage of eaters reinvent 2021. So our third day wall-to-wall coverage. I'm my coach, Dave Alonzo. He we're getting all the action two sets in person. It's also a virtual hybrid events with a lot of great content online, bringing you all the fresh voices, all the knowledge, all the news and all the action and got great guests here today. As your renderer, managing director of AWS is Europe, middle east, and Africa also known as EMIA. Welcome to the cube. Welcome, >>Welcome. Thanks for coming on. Lovely to be here. >>So Europe is really hot. Middle east Africa. Great growth. The VC culture in Europe specifically has been booming this year. A lot of great action. We've done many cube gigs out there talking to folks, uh, entrepreneurship, cloud, native growth, and then for us it's global. It's awesome. So first question got to ask you is, is you're new to AWS? What brought you here? >>Yeah, no, John, thank you so much. I've been here about three and a half months now, actually. Um, so what brought me here? Um, I have been in and around the tech world since I was a baby. Um, my father was an entrepreneur. I sold fax machines and microfilm equipment in my early days. And then my career has spanned technology in some form or the other. I was at EMC when we bought VMware. Uh, I was a Colt when we did a FinTech startup joined Schneider in my background, which is industrial tech. So I guess I'm a bit of a tech nerd, although I'm not an engineer, that's for sure. The other thing is I've spent a huge part of my career advising clients. And so while I was at McKinsey on business transformation and cloud keeps coming up, especially post pandemic, huge, huge, huge enabler, right of transformation. So when I got the call from AWS, I thought here's my opportunity to finally take what companies are wrestling with, bring together a pioneer in cloud with our enterprise and start-up and SMB clients connect those dots between business and technology and make things happen. So it real magic. So that's what brought me here. And I guess the only other thing to say is I'd heard a lot of other culture, customer mash, obsession, and leadership principles. >>That's why I'm here. It's been a great success. I got to ask you too, now that your new ostium McKinsey, even seeing the front lines, all the transformation, the pandemic has really forced everybody globally to move faster. Uh, things like connect were popular in EMEA. How, how is that going out? There's at the same kind of global pressure on the digital transformation with cloud? What are you seeing out there? >>I've been traveling since I joined, uh, around 10 of the countries already. So Ben planes, trains, automobiles, and what you definitely see is massive acceleration. And I think it's around reinvention of the business. So people are adopting cloud because it's obviously there's cost reasons. There's MNA reasons. There's really increasingly more about innovating. How do I innovate my business? How do I reinvent my business? So you see that constantly. Um, and whether you're a enterprise company or you're a startup, they're all adopting cloud in different, different ways. Um, I mean, I want to tell a core to stack because it's really interesting. And Adam mentioned this in his keynote five to 15% only of workloads have moved to the cloud. So there's a tremendous runway ahead of us. Um, and the three big things on people's minds helped me become a tech company. So it doesn't matter who you are, you're retail, whether you're life sciences or healthcare. You've probably heard about the Roche, uh, work that we're doing with Roche around accelerating R and D with data, or if you're a shoes Addie desk, how do you accelerate again, your personalized experiences? So it doesn't matter who you have helped me become a tech company, give me skills, digital skills, and then help me become a more sustainable company. Those are the three big things I'm thinking of. >>So a couple of things to unpack there. So think about it. Transformation. We still have a long way to go to your point, whatever 10, 15%, depending on which numbers you look at. We've been talking a lot in the cube about the next decade around business transformation, deeper business integration, and the four smarts to digital. And the woke us up to that, accelerated that as you say, so as you travel around to customers in AMEA, what are you hearing with regard to that? I mean, many customers maybe didn't have time to plan. Now they can sit back and take what they've learned. What are you hearing? >>Yeah. And it's, it's a little bit different in different places, right? So, I mean, if you start, if you look at, uh, you know, our businesses, for example, in France, if you look at our businesses in Iberia or Italy, a lot of them are now starting they're on the, at least on the enterprise front, they are now starting to adopt cloud. So they stepping back and thinking about their overall strategy, right? And then the way that they're doing it is actually they're using data as the first trigger point. And I think that makes it easier to migrate because if you, if you look at large enterprises and if you think of the big processes that they've got and all the mainframes and everything that they need to do, if you S if you look at it as one big block, it's too difficult. But when you think about data, you can actually start to aggregate all of your data into one area and then start to analyze and unpack that. >>So I think what I'm seeing for sure is in those countries, data is the first trigger. If you go out to Israel, well that you've got all, it's really start up nation as you know, right. And then we've got more of the digital natives and they want to, you know, absorb all of the innovation that we're throwing at them. And you've heard a lot here at reinvent on some of the things, whether it's digital twins or robotics, or frankly, even using 5g private network, we've just announcement. They are adopting innovation and really taking that in. So it really does differ, but I think the one big message I would leave you with is bringing industry solutions to business is critical. So rather than just talking it and technology, we've got to be able to bring some of what we've done. So for example, the Goldman Sachs financial cloud, bring that to the rest of financial services companies and the media, or if you take the work we're doing on industrials and IOT. So it's really about connecting what industry use cases with. >>What's interesting about the Goldman Dave and I were commenting. I think we coined the term, the story we wrote on Thursday last week, and then PIP was Sunday superclouds because you look at the rise of snowflake and Databricks and Goldman Sachs. You're going to start to see people building on AWS and building these super clouds because they are taking unique platform features of AWS and then sacrificing it for their needs, and then offering that as a service. So there's kind of a whole nother tier developing in the natural evolution of clouds. So the partners are on fire right now because the creativity, the market opportunities are there to be captured. So you're seeing this opportunity recognition, opportunity, capture vibe going on. And it's interesting. I'd love to get your thoughts on how you see that, because certainly the VCs are here in force. I did when I saw all the top Silicon valley VCs here, um, and some European VCs are all here. They're all seeing this. >>So pick up on two things you mentioned that I think absolutely spot on. We're absolutely seeing with our partners, this integration on our platform is so important. So we talk about the power of three, which is you bring a JSI partner, you bring an ISV partner, you bring AWS, you create that power of three and you take it to our customers. And it doesn't matter which industry we are. Our partner ecosystem is so rich. The Adam mentioned, we have a hundred thousand partners around the world, and then you integrate that with marketplace. Um, and the AWS marketplace just opens the world. We have about 325,000 active customers on marketplace. So sassiphy cation integration with our platform, bringing in the GSI and the NSIs. I think that's the real power to, to, to coming back to your point on transformation on the second one, the unicorns, you know, it's interesting. >>So UK France, um, Israel, Mia, I spent a lot of time, uh, recently in Dubai and you can see it happening there. Uh, Africa, Nigeria, South Africa, I mean all across those countries, you're saying huge amount of VC funding going in towards developers, towards startups to at scale-ups more and more of a, um, our startup clients, by the way, uh, are actually going IPO. You know, initially it used to be a lot of M and a and strategic acquisitions, but they have actually bigger aspirations and they're going IPO and we've seen them through from when they were seed or pre-seed all the way to now that they are unicorns. Right? So that there's just a tremendous amount happening in EMEA. Um, and we're fueling that, you know, you know, I mean, born in the cloud is easy, right? In terms of what AWS brings to the table. >>Well, I've been sacred for years. I always talked to Andy Jassy about this. Cause he's a big sports nut. When you bring like these stadiums to certain cities that rejuvenates and Amazon regions are bringing local rejuvenation around the digital economies. And what you see with the startup culture is the ecosystems around it. And Silicon valley thrives because you have all the service providers, you have all the fear of failure goes away. There's support systems. You start to see now with AWS as ecosystem, that same ecosystem support the robustness of it. So, you know, it's classic, rising tide floats all boats kind of vibe. So, I mean, we don't really have our narrative get down on this, but we're seeing this ecosystem kind of play going on. Yeah. >>And actually it's a real virtuous circle, or we call flywheel right within AWS because a startup wants to connect to an enterprise. An enterprise wants to connect to a startup, right? A lot of our ISV partners, by the way, were startups. Now they've graduated and they're like very large. So what we are, I see our role. And by the way, this is one of the other reasons I came here is I see our role to be able to be real facilitators of these ecosystems. Right. And, you know, we've got something that we kicked off in EMEA, which I'm really proud of called our EMEA startup loft accelerator. And we launched that a web summit. And the idea is to bring startups into our space virtually and physically and help them build and help them make those connections. So I think really, I really do think, and I enterprise clients are asking us all the time, right? Who do I need to involve if I'm thinking IOT, who do I need to involve if I want to do something with data. And that's what we do. Super connectors, >>John, you mentioned the, the Goldman deal. And I think it was Adam in his keynote was talking about our customers are asking us to teach them how to essentially build a Supercloud. I mean, our words. But so with your McKinsey background, I would imagine there's real opportunities there, especially as you, I hear you talk about IMIA going around to see customers. There must be a lot of, sort of non-digital businesses that are now transforming to digital. A lot of capital needs there, but maybe you could talk about sort of how you see that playing out over the next several years in your role and AWS's role in affecting that transfer. >>Yeah, no, absolutely. I mean, you're right actually. And I, you know, maybe I will, from my past experience pick up on something, you know, I was in the world of industry, uh, with Schneider as an example. And, you know, we did business through the channel. Um, and a lot of our channel was not digitized. You know, you had point of sale, electrical distributors, wholesalers, et cetera. I think all of those businesses during the pandemic realized that they had to go digital and online. Right. And so they started from having one fax machine in a store. Real literally I'm not kidding nothing else to actually having to go online and be able to do click and collect and various other things. And we were able with AWS, you can spin up in minutes, right. That sort of service, right. I love the fact that you have a credit card you can get onto our cloud. >>Right. That's the whole thing. And it's about instances. John Adam talked about instances, which I think is great. How do businesses transform? And again, I think it's about unpacking the problem, right? So what we do a lot is we sit down with our customers and we actually map a migration journey with them, right? We look across their core infrastructure. We look at their SAP systems. For example, we look at what's happening in the various businesses, their e-commerce systems, that customer life cycle value management systems. I think you've got to go business by business by business use case by use case, by use case, and then help our technology enable that use case to actually digitize. And whether it's front office or back office. I think the advantages are pretty clear. It's more, I think the difficulty is not technology anymore. The difficulty is mindset, leadership, commitment, the operating model, the organizational model and skills. And so what we have to do is AWS is bringing not only our technology, but our culture of innovation and our digital innovation teams to help our clients on that journey >>Technology. Well, we really appreciate you taking the time coming on the cube. We have a couple more minutes. I do want to get into what's your agenda. Now that you're got you're in charge, got the landscape and the 20 mile stare in front of you. Cloud's booming. You got some personal passion projects. Tell us what your plans are. >>So, um, three or four things, right? Three or four, really big takeaways for me is one. I, I came here to help make sure our customers could leverage the power of the cloud. So I will not feel like my job's been done if I haven't been able to do that. So, you know, that five to 15% we talked about, we've got to go 50, 60, 70%. That that's, that's the goal, right? And why not a hundred percent at some point, right? So I think over the next few years, that's the acceleration we need to help bring in AMEA Americas already started to get there as you know, much more, and we need to drive that into me. And then eventually our APJ colleagues are going to do the same. So that's one thing. The other is we talked about partners. I really want to accelerate and expand our partner ecosystem. >>Um, we have actually a huge growth by the way, in the number of partners signing up the number of certifications they're taking, I really, really want to double down on our partners and actually do what they ask us for, which is join. Co-sell joined marketing globalization. So that's two, I think the third big thing is when you mentioned industry industry industry, we've got to bring real use cases and solutions to our customers and not only talk technology got to connect those two dots. And we have lots of examples to bring by the way. Um, and then for hire and develop the best, you know, we've got a new LP as you know, to strive to be at its best employer. I want to do that in a Mia. I want to make sure we can actually do that. We attract, we retain and we grow and we develop that. >>And the diversity has been a huge theme of this event. It's front and center in virtually every company. >>I am. I'm usually passionate about diversity. I'm proud actually that when I was back at Schneider, I launched something called the power women network. We're a network of a hundred senior women and we meet every month. I've also got a podcast out there. So if anyone's listening, it's called power. Women's speak. It is, I've done 16 over the pandemic with CEOs of women podcast, our women speak >>Or women speak oh, >>And Spotify and >>Everything else. >>And, um, you know, what I love about what we're doing is AWS on diversity and you heard Adam onstage, uh, talk to this. We've got our restock program where we really help under employed and unemployed to get a 12 week intensive course and get trained up on thought skills. And the other thing is, get it helping young girls, 12 to 15, get into stem. So lots of different things on the whole, but we need to do a lot more of course, on diversity. And I look forward to helping our clients through that as well. >>Well, we had, we had the training VP on yesterday. It's all free trainings free. >>We've got such a digital skills issue that I love that we've said 29 million people around the world, free cloud training. >>Literally the th the, the gap there between earnings with cloud certification, you can be making six figures like with cloud training. So, I mean, it's really easy. It's free. It's like, it's such a great thing. >>Have you seen the YouTube video on Charlotte Wilkins? Donald's fast food. She changed her mind. She wanted to take Korea. She now has a tech career as a result of being part of restock. Awesome. >>Oh, really appreciate. You got a lot of energy and love, love the podcast. I'm subscribing. I'm going to listen. We love doing the podcast as well. So thanks for coming on the >>Queue. Thank you so much for having me >>Good luck on anemia and your plans. Thank you. Okay. Cube. You're watching the cube, the leader in global tech coverage. We go to the events and extract the signal from the noise. I'm John furrier with Dave, a lot to here at re-invent physical event in person hybrid event as well. Thanks for watching.

>> Announcer: From Berlin, Germany, it's the Cube. Covering NetApp Insight 2017, brought to you by NetApp. Welcome back to the Cube's live coverage of NetApp Insight here in Berlin, Germany, I'm your host Rebecca Knight along with my cohost Peter Burris. We are joined by Manfred Buchanan, he is the VP systems engineering IMIA for NetApp and Mark Carlton who is an independent IT consultant. Manfred, Mark, thanks so much for coming on the show. Thank you. Thank you for having us. So Manfred, I want to start with you, you're a company veteran, you've been with NetApp for a long time, lets talk about the data management innovations that make IT modernization possible. It's a big question. That's a great question, you know, as a veteran talking about AI and the future and data management, things make it capable, but just coming off the general session, it takes something like our object store and think about, I put an object, a picture from you, I just put it into the storage and you know, it gets handed over into Amazon analytics and Amazon analytics, oh, you are smiling. And think about this without any coding and just few things to pluck it together and it works and if you take it further it works at scale so it's not only your face, it's the two thousand, four thousand, ten thousand faces here. You just put it in in parallel at scale Amazon at scale does the analytics on top and you get the results back just as a blocking in architecture, this data management at scale is this innovation. Is this the next gen data centers, all of them. But it's not magic, something allows that to happen. So what are those kind of two or three technologies that are so crucial to ensuring that that change in system actually is possible? I will put it pretty simple, the core technology we provide connect the non premise data center with the public cloud and make this whole thing seamless happen. And make it happen for all different protocols. You have it in the send space and then an ice class in the cloud, you have it on files on premise move the file over, and you have it with an object, and an object even we go further we integrate it into message pass. Maybe it's too technical but a message pass is just I got an event and I tell someone else this event coming to something and that's what we do with the picture analyzers. I got an event, which is, I get the picture, and with this event, I tell Amazon please do something with the picture and I give you the picture to analyze. So it's a fabric, there's object storage and there's AI and related technologies that allow you to do something as long as the data is ready for that to be done. Yeah and even move to data with it basically that's what we do. And if you think about it's unbelievable magic. Mark I want to ask you, you are, you're an independent IT consultant, you've been following NetApp for a long time, you have your own blog what are some of the biggest trends that you're seeing, what are some of the biggest concerns you hear from customers? Really from customers it's more around what steps to take the markets changing as we can see what we were saying there with data sprawling and it's spreading so fast, it's growing so fast. What we were storing a few years ago a few years ago when I first started someone talked about a terabyte and you thought that's a big system or you got 50 terabytes and you were huge. Now we're talking about 500 terabytes, 100 terabytes and the difference is is what sort of data that is. Is it stored in the right place? And I think that's one of the biggest challenges is knowing what data you have, how to use it and how to get the most out of the data that, and in the right place so we talked about the on prem, on process whether it be in the cloud, whether it be an object and I think that's key from where we're moving with the data fabric within NetApp and how NetApp's creating their data management suite as such for on tap, for the solufy suite and how they're joining the products up so it makes it seamless that we can move this data about from these different platforms. And I think one of the biggest things, biggest thing for me, especially when I'm talking to customers is it's the strategy of what you can do with data. It's the, it's there's no complications, as Manfred said, it's as if it's magic, it's that type of thing, it will go, you can do whatever you want with it. And I think from a customer point of view because they don't have to make that choice and say that's what I want to do today they've got scale, they've got flexibility, they can control where their data sits, they can move it back and forth and the sprawl out into AWS this year and then Google and with a cloud that size and being able to use those three different cloud platforms, even IBM cloud and how they can plug into theirs. It's, it's really starting to open those doors and really argue the point around the challenges. You've got a lot of answers to a lot of different things. So how do you help customers make sense of all of this, I mean as you said, there are a lot of options, they can go a lot of different ways, they know that they need to use their data as an asset, they need to, they need to deploy it find that value, what's your advice? You know let me just also take a step back, we talk about we get more and more data. We talk about connecting the different clouds, but at the same time we also talked about basics I move from fresh into search class memory and I make everything faster. If you think about more data, to process more data in the same time everything needs to go faster and I give you a simple example or just challenge you, how many have you sitting before a business application in your company and you sit, you press an enter button and it takes, takes a minute, takes another and you go, uh, sorry. Thinking about it. Why does it take so long? As a veteran in the old days, what we said is basically, we press the enter button and we said we need to go for a coffee and come back and after the coffee the transaction is done. Now we talked about one stage about microseconds and milliseconds and all these things but put it into relation, take a transaction I press the enter button and it would have taken let me say 10 minutes until I got a result out of it. And this was in times of when storage response times were 10 milliseconds. Take this one into response time is now one millisecond and you do the same amount of data, you press the enter button and it's not 10 minutes, it's a minute. Now you say the next generation technology we showed, it's even a thousand times faster. You go now from a minute, to a thousand of a minute, a millisecond, you know what a millisecond means for you? You press the enter button, result is there. And now you think you get more and more data petabytes of data, how can I make sure and process it as fast as possible? So that's one character you look into and I believe the future is also for AI and all these things is how fast can you process, maybe we get a measurement which called petabytes per second or petabytes per millisecond can you process to get information out of it. And then at the same time you said which solution, which choices? I believe in the current world, as it's so fast moving, all the solutions evolve at a high speed so at a certain time you just make a decision, I just go with this one and even if you go with the public cloud, you choose the public cloud, one is price but also choose it on capabilities, if you go to the IBM side, what an IBM Watson is doing in terms of AI, incredible and that's what we use for actify queue in the support side so it's not only the system, the speed of the system, where do you ploy the data, but at the same time I give you all the information, what are you doing with your data on the support side? You're connecting this and customers will choose like we do it internally the best solution and what we give them, we give them the choice, we give them reference architectures, how it works with this one, how it works with this one, we may give them some kind of guidance but to be frank and as a veteran and sometimes as the guys know me, I'm straightforward, the decision is something the customer needs to make or the partner with the customer together because you have the knowledge basically on the implementation side, need to make, I'm the best one in this one, I know how it works, I know how I can do it, but that's a choice which is more under customer together with their implementation partners. Great, well Manfred, Mark, thanks so much for coming on the Cube, this was great, great having you on. Thank you very much. I'm Rebecca Knight, for Peter Burris, we will have more from NetApp Insight just after this.