(Upbeat music) >> Hey everyone. Welcome back to theCUBE's continuing coverage day two Snowflake Summit '22 live from Caesar's forum in Las Vegas. Lisa Martin here with Dave Vellante, bringing you wall to wall coverage yesterday, today, and tomorrow. We're excited to welcome Matthew Carroll to the program. The CEO of Immuta, we're going to be talking about removing barriers to secure data access security. Matthew, welcome. >> Thank you for having me, appreciate it. >> Talk to the audience a little bit about Immuta you're a Snowflake premier technology partner, but give him an overview of Immuta what you guys do, your vision, all that good stuff. >> Yeah, absolutely, thanks. Yeah, if you think about what Immunta at it's core is, we're a data security platform for the modern data stack, right? So what does that mean? It means that we embed natively into a Snowflake and we enforce policies on data, right? So, the rules to be able to use it, to accelerate data access, right? So, that means connecting to the data very easily controlling it with any regulatory or security policy on it as well as contractual policies, and then being able to audit it. So, that way, any corporation of any size can leverage their data and share that data without risking leaking it or potentially violating a regulation. >> What are some of the key as we look at industry by industry challenges that Immuta is helping those customers address and obviously quickly since everything is accelerating. >> Yeah. And it's, you're seeing it 'cause the big guys like Snowflake are verticalizing, right? You're seeing a lot of industry specific, you know, concepts. With us, if you think of, like, where we live obviously policies on data regulated, right? So healthcare, how do we automate HIPAA compliance? How do we redesign clinical trial management post COVID, right? If you're going to have billions of users and you're collecting that data, pharmaceutical companies can't wait to collect that data. They need to remove those barriers. So, they need to be able to collect it, secure it, and be able to share it. Right? So, double and triple blinded studies being redesigned in the cloud. Government organizations, how do we share security information globally with different countries instantaneously? Right? So these are some of the examples where we're helping organizations transform and be able to kind of accelerate their adoption of data. >> Matt, I don't know if you remember, I mean, I know you remember coming to our office. But we had an interesting conversation and I was telling Lisa. Years ago I wrote a piece of you know, how to build on top of, AWS. You know, there's so much opportunity. And we had a conversation, at our office, theCUBE studios in Marlborough, Massachusetts. And we both, sort of, agreed that there was this new workload emerging. We said, okay, there's AWS, there's Snowflake at the time, we were thinking, and you bring machine learning, at time where we were using data bricks, >> Yeah. >> As the example, of course now it's been a little bit- >> Yeah. Careful. >> More of a battle, right, with those guys. But, and so, you see them going in their different directions, but the premise stands is that there's an ecosystem developing, new workloads developing, on top of the hyper scale infrastructure. And you guys play a part in that. So, describe what you're seeing there 'cause you were right on in that conversation. >> Yeah. Yeah. >> It's nice to be, right. >> Yeah. So when you think of this design pattern, right, is you have a data lake, you have a warehouse, and you have an exchange, right? And this architecture is what you're seeing around you now, is this is every single organization in the world is adopting this design pattern. The challenge that where we fit into kind of a sliver of this is, the way we used to do before is application design, right? And we would build lots of applications, and we would build all of our business logic to enforce security controls and policies inside each app. And you'd go through security and get it approved. In this paradigm, any user could potentially access any data. There's just too many data sources, too many users, and too many things that can go wrong. And to scale that is really hard. So, like, with Immuta, what we've done, versus what everyone else has done is we natively embedded into every single one of those compute partners. So ,Snowflake, data breaks, big query, Redshift, synapse on and on. Natively underneath the covers, so that was BI tools, those data science tools hit Snowflake. They don't have to rewrite any of their code, but we automatically enforce policy without them having to do anything. And then we consistently audit that. I call that the separation of policy from platform. So, just like in the world in big data, when we had to separate compute from storage, in this world, because we're global, right? So we're, we have a distributed workforce and our data needs to abide by all these new security rules and regulations. We provide a flexible framework for them to be able to operate at that scale. And we're the only ones in the world doing it. >> Dave Vellante: See the key there is, I mean, Snowflake is obviously building out its data cloud and the functions that it's building in are quite impressive. >> Yeah. >> Dave Vellante: But you know at some point a customer's going to say, look I have other stuff, whether it's in an Oracle database, or data lake or wherever, and that should just be a node on this global, whatever you want to call it, mesh or fabric. And then if I'm hearing you right, you participate in all of that. >> Correct? Yeah We kind of, we were able to just natively inject into each, and then be able to enforce that policy consistently, right? So, hey, can you access HIPAA data? Who are you? Are you authorized to use this? What's the purpose you want to query this data? Is it for fraud? Is it for marketing? So, what we're trying to do as part of this new design paradigm is ensure that we can automate nearly the entire data access process, but with the confidence and de-risk it, that's kind of the key thing. But the one thing I will mention is I think we talk a lot about the core compute, but I think, especially at this summit, data sharing is everything. Right? And this concept of no copy data sharing, because the data is too big and there's too many sets to share, that's the keys to the kingdom. You got to get your lake and your warehouse set with good policy, so you can effectively share it. >> Yeah, so, I wanted to just to follow up, if I may. So, you'd mentioned separating compute from storage and a lot of VC money poured into that. A lot of VC money poured into cloud database. How do you see, do you see Snowflake differentiating substantially from all the other cloud databases? And how so? >> I think it's the ease of use, right? Apple produces a phone that isn't much different than other competitors. Right? But what they do is, end to end, they provide an experience that's very simple. Right? And so yes. Are there other warehouses? Are there other ways to, you know you heard about their analytic workloads now, you know through unistore, where they're going to be able to process analytical workloads as well as their ad hoc queries. I think other vendors are obviously going to have the same capabilities, but I think the user experience of Snowflake right now is top tier. Right? Is I can, whether I'm a small business, I can load my debt in there and build an app really quickly. Or if I'm a JP Morgan or, you know, a West Farmer's I can move legacy, you know monolithic architectures in there in months. I mean, these are six months transitions. When think about 20 years of work is now being transitioned to the cloud in six months. That's the difference. >> So measuring ease of views and time to value, time to market. >> Yeah. That's it's everything is time to value. No one wants to manage the infrastructure. In the Hudup world, no one wants to have expensive customized engineers that are, you know, keeping up your Hudup infrastructure any longer. Those days are completely over. >> Can you share an example of a joint customer, where really the joint value proposition that Immuta and Snowflake bring, are delivering some pretty substantial outcomes? >> Yeah. I, what we're seeing is and we're obviously highly incentivized to get them in there because it's easier on us, right? Because we can leverage their row and com level security. We can leverage their features that they've built in to provide a better experience to our customers. And so when we talk about large banks, they're trying to move Terra data workloads into Snowflake. When we talk about clinical trial management, they're trying to get away from physical copies of data, and leverage the exchanges of mechanism, so you can manage data contracts, right? So like, you know, when we think of even like a company like Latch, right? Like Latch uses us to be able to oversee all of the consumer data they have. Without like a Snowflake, what ends up happening is they end up having to double down and invest on their own people building out all their own infrastructure. And they don't have the capital to invest in third party tools like us that keep them safe, prevent data leaks, allow them to do more and get more value out of their data, which is what they're good at. >> So TCO reduction I'm hearing. >> Matthew Carroll: Yes, exactly. >> Matt, where are you as a company, you've obviously made a lot of progress since we last talked. Maybe give us the update on you know, the headcount, and fundraising, and- >> Yeah, we're just at about 250 people, which scares me every day, but it's awesome. But yeah, we've just raised 100 million dollars- >> Lisa Martin: Saw that, congratulations. >> Series E, thank you, with night dragon leading it. And night dragon was very tactical as well. We are moving, we found that data governance, I think what you're seeing in the market now is the catalog players are really maturing, and they're starting to add a suite of features around governance, right? So quality control, observability, and just traditional asset management around their data. What we are finding is is that there's a new gap in this space, right? So if you think about legacy it's we had infrastructure security we had the four walls and we protect our four walls. Then we moved to network security. We said, oh, the adversary is inside zero trust. So, let's protect all of our endpoints, right? But now we're seeing is data is the security flaw data could be, anyone could potentially access it in this organization. So how do we protect data? And so what we have matured into is a data security company. What we have found is, there's this next generation of data security products that are missing. And it's this blend between authentication like an, an Okta or an AuthO and auth- I'm sorry, authorization. Like Immuta, where we're authorizing certain access. And we have to pair together, with the modern observability, like a data dog, to provide an a layer above this modern data stack, to protect the data to analyze the users, to look for threats. And so Immuta has transformed with this capital. And we brought Dave DeWalt onto our board because he's a cybersecurity expert, he gives us that understanding of what is it like to sell into this modern cyber environment. So now, we have this platform where we can discover data, analyze it, tag it, understand its risk, secure it to author and enforce policies. And then monitor, the key thing is monitoring. Who is using the data? Why are they using the data? What are the risks to that? In order to enforce the security. So, we are a data security platform now with this raise. >> Okay. That, well, that's a new, you know, vector for you guys. I always saw you as an adjacency, but you're saying smack dab in the heart >> Matthew Carroll: Yes. Yeah. We're jumping right in. What we've seen is there is a massive global gap. Data is no longer just in one country. So it is, how do we automate policy enforcement of regulatory oversight, like GDPR or CCPA, which I think got this whole category going. But then we quickly realized is, well we have data jurisdiction. So, where does that data have to live? Where can I send it to? Because from Europe to us, what's the export treaty? We don't have defined laws anymore. So we needed a flexible framework to handle that. And now what we're seeing is data leaks, upon data leaks, and you know, the Snowflakes and the other cloud compute vendors, the last thing they ever want is a data leak out of their ecosystem. So, the security aspects are now becoming more and more important. It's going to be an insider threat. It's someone that already has access to that and has the rights to it. That's going to be the risk. And there is no pattern for a data scientist. There's no zero trust model for data. So we have to create that. >> How are you, last question, how are you going to be using a 100 million raised in series E funding, which you mentioned, how are you going to be leveraging that investment to turn the volume up on data security? >> Well, and we still have also another 80 million still in the bank from our last raise, so 180 million now, and potentially more soon, we'll kind of throw that out there. But, the first thing is M and A I believe in a recessing market, we're going to see these platforms consolidate. Larger customer of ours are driving us to say, Hey, we need less tools. We need to make this easier. So we can go faster. They're, even in a recessing market, these customers are not going to go slower. They're moving in the cloud as fast as possible, but it needs to be easier, right? It's going back to the mid nineties kind of Lego blocks, right? Like the IBM, the SAP, the Informatica, right? So that's number one. Number two is investing globally. Customer success, engineering, support, 24 by seven support globally. Global infrastructure on cloud, moving to true SaaS everywhere in the world. That's where we're going. So sales, engineering, and customer success globally. And the third is, is doubling down on R and D. That monitor capability, we're going to be building software around. How do we monitor and understand risk of users, third parties. So how do you handle data contracts? How do you handle data use agreements? So those are three areas we're focused on. >> Dave Vellante: How are you scaling go to market at this point? I mean, I presume you are. >> Yeah, well, I think as we're leveraging these types of engagements, so like our partners are the big cloud compute vendors, right? Those data clouds. We're injecting as much as we can into them and helping them get more workloads onto their infrastructure because it benefits us. And then obviously we're working with GSIs and then RSIs to kind of help with this transformation, but we're all in, we're actually deprecating support of legacy connectors. And we're all in on cloud compute. >> How did the pivot to all in on security, how did it affect your product portfolio? I mean, is that more positioning or was there other product extensions that where you had to test product market fit? >> Yeah. This comes out of customer drive. So we've been holding customer advisory boards across Europe, Asia and U.S. And what we just saw was a pattern of some of these largest banks and pharmaceutical companies and insurance companies in the world was, hey we need to understand who is actually on our data. We have a better understanding of our data now, but we don't actually understand why they're using our data. Why are they running these types of queries? Is this machine, you know logic, that we're running on this now, we invested all this money in AI. What's the risk? They just don't know. And so, yeah, it's going to change our product portfolio. We modularized our platform to the street components over the past year, specifically now, so we can start building custom applications on top of it, for specific users like the CSO, like, you know, the legal department, and like third party regulators to come in, as well as as going back to data sharing, to build data use agreements between one or many entities, right? So an SMP global can expose their data to third parties and have one consistent digital contract, no more long memo that you have to read the contract, like, Immuta can automate those data contracts between one or many entities. >> Dave Vellante: And make it a checkbox item. >> It's just a checkbox, but then you can audit it all, right? >> The key thing is this, I always tell people, there's negligence and gross negligence. Negligence, you can go back and fix something, gross negligence you don't have anything to put into controls. Regulators want you to be at least negligent, grossly negligent. They get upset. (laughs) >> Matthew, it sounds like great stuff is going on at Immuta, lots of money in the bank. And it sounds like a very clear and strategic vision and direction. We thank you so much for joining us on theCUBE this morning. >> Thank you so much >> For our guest and Dave Vellante, I'm Lisa Martin, you're watching theCUBE's coverage of day two, Snowflake Summit '22, coming at ya live, from the show floor in Las Vegas. Be right back with our next guest. (Soft music)

>>from around the globe. It's the Cube with digital coverage of AWS reinvent 2020 sponsored by Intel, AWS and our community partners. All right, you're continuing or we're continuing around the clock coverage and around the world coverage off a W s reinvent 2020 virtual conference This year, I'm guessing hundreds of thousands of folks are tuning in for coverage. And we have we have on the other end of the country a cube alarm. Stephen Towel, co founder and CTO of immunity. Stephen, welcome back to the show. >>Great. Great to be here. Thanks for having me again. I hope to match your enthusiasm. >>You know what is, uh, your co founder? I'm sure you could match the enthusiasm. Plus, we're talking about data governance. You You've been on the cute before, and you kind of laid the foundation for us last year. Talking about challenges around data access and data access control. I want to extend this conversation. I had a conversation with a CEO chief data officer a couple of years ago. He shared how his data analysts his the people that actually take the data and make business decisions or create outcomes to make business decisions spent 80% of their time wrangling the data just doing transformations. >>How's the >>Muda helping solve that problem? >>Yeah, great questions. So it's actually interesting. We're seeing a division of roles in these organizations where we have data engineering teams that are actually managing. Ah, lot of the prep work that goes into exposing data and releasing data analysts. Uh, and as part of their day to day job is to ensure that that data that they're released into the analyst is what they're allowed to see. Um and so we kind of see this, this problem of compliance getting in the way of analysts doing their own transformation. So it would be great if we didn't have to have a limited to just this small data engineering team to release the data. What we believe one of the rial issues behind that is that they are the ones that are trusted. They're the only ones that could see all the data in the clear. So it needs to be a very small subset of humans, so to speak, that can do this transformation work and release it. And that means that the data analyst downstream are hamstrung to a certain extent and bottlenecked by requesting these data engineers do some of this transformation work for them. Eso I think because, as you said, that's so critical to being able to analyze data, that bottleneck could could be a back breaker for organization. So we really think that to you need to tie transformation with compliance in order to streamline your analytics in your organization. >>So that has me curious. What does that actually look like? Because Because when I think of a data analyst, they're not always thinking about Well, who should have this data? They're trying to get the answer to the question Thio provide to the data engineer. What does that functionally looked like when that when you want to see that relationship of collaboration? >>Yeah, So we e think the beauty of a Muda and the beauty of governance solutions done right is that they should be invisible to the downstream analysts to a certain extent. So the data engineering team will takes on some requirements from their legal compliance. Seems such as you need a mask p I I or you need Thio. Hi. These kinds of rose from these kinds of analysts, depending on what the users doing. And we've just seen an explosion of different slices or different ways, you should dice up your data and what who's allowed to see what and not just about who they are, but what they're doing on DSO. You can kind of bake all these policies upfront on your data on a tool like Kamuda, and it will dynamically react based on who the analyst is and what they're doing to ensure that the right policies air being enforced. And we could do that in a way that when the analysts I mean, what we also see is just setting your policies on your data. Once up front, that's not the end of the story. Like a lot of people will tap themselves on the back and say, Look, we've got all our data protected appropriately, job done. But that's not really the case, because the analysts will start creating their own data products and they want to share that with other analysts. And so when you think about this, this becomes a very complex problem of okay. Before someone can share their data with anyone else, we need to understand what they were allowed to see eso being able to control the kind of this downstream flow of of transformations and feature engineering to ensure that Onley the right people, are seeing the things that they're allowed to see. But still, enabling analytics is really the challenges that that we saw that in Muda Thio, you know, help the the data teams create those initial policies at scale but also help the analytical teams build driven data products in a way that doesn't introduce data leaks. >>So as I think about the traditional ways in which we do this, we kind of, you know, take a data sad. Let's say, is the databases and we said, security rules etcetera on those data states. That's what you're painting to ISMM or of Dynamic. Has Muto approaching this problem from just a architectural direction? >>Yeah, great question. So I'm sure you've probably heard the term role based access control on, but it's been around forever where you basically aggregate your users in the roles, and then you build rules around those roles on gritty, much every legacy. Already, BMS manages data access this way. Um, what we're seeing now and I call it the private data era that we're now embarking on or have been embarking on for the past three years or so. Where consumers are more aware of their data, privacy and the needs they had their there's, you know, data regulations coming fast and furious with no end in sight. Um, we believe that this role based access control paradigm is just broken. We've got customers with thousands of roles that they're trying to manage Thio to, you know, slice up the data all the different ways that they need Thio. So instead, we we offer an accurate based access control solution and also policy based access control solution. We're. Instead, it's really about How do you dynamically enforced policy by separating who the user is from the policy that needs to be enforced and and having that execute at runtime? A good analogy to this is role based. Access control is like writing code without being able to use variables. You're writing the same block a code over and over again with slight changes based on the roll where actually based access control is, you're able to use variables and basically the policy gets decided at runtime based on who the user is and what they're doing. So >>that dynamic nature kind of lends itself to the public cloud. Were you seeing this applied in the world off a ws were here Reinvent so our customers using this with a W s >>So it all comes down to scalability so that the same reasons that used to separate storage from compute. You know, you get your storage in one place you could ephemera, lee, spin up, compute like EMR if you want. Um, you can use Athena against your storage in a server lis way that that kind of, um, freedom to choose whatever compute you want. Um, the same kind of concepts of apply with policy enforcement. You wanna separate your policy from your platform on that This private data era has has, you know, created this need just like you have to separate your compute from storage in the big data era. And this allows you to have a single plane of glass to enforce policy consistently, no matter what compute you're using or what a U s resource is you're using, um and so this gives our customers power to not only, um, you know, build the rules that they need to build and not have to do it uniquely her service in the U. S. But also proved to their legal and compliance teams that they're doing it correctly because, um, when when you do it this way, it really simplifies everything. And you have one place to go toe, understand how policies being enforced. And this really gives you the auditing and reporting around, um, be enforcement that you've been doing to put every one of these, that everything is being done correctly and that your data consumers can understand You know how your data is being protected. Their data is being protected. Um, and you could actually answer those questions when they come at you. >>So let's put this idea to the test a little bit. So I have the data engineer who kind of designs the security policy around the data or implements that policy using Kamuda Aziz dictated by the security and chief data officer of the organization. Then I have the analyst, and the analyst is just using the tools at their disposal. Let's say that one analyst wants to use AWS Lambda and another analysts wants to use our type database or analysis tools. You're telling me that Muda allows the flexibility for that analyst to use either tool within a W S. >>That's right, because we enforce policy at the data layer. Eso If you think about a Muda, it's really three layers policy authoring, which you touched on where those requirements get turned into real policies. Policy decision ing. So at query time we see who the user is, what they're doing on what policy has been defined to dynamically build that policy at run time and then enforcement, which is what you're getting at. The enforcement happens at the data layer, for example, we can enforce policies, natively and spark. So no matter how you're connecting to spark, that policy is going to get enforced appropriately. So we don't really care about what the clients Liz, because the enforcement is happening at the data or the compute layer is is a more accurate way todo to say it >>so. A practical reality off collaboration, especially around large data sets, is the ability to share data across organizations. How is immune hoping thio just make that barrier? Ah, little lower but ensuring security so that when I'm sharing data with, uh, analysts with within another firm. They're only seeing the data that they need to see, but we can effectively collaborate on those pieces of content. >>Yeah, I'm glad you asked this. I mean, this is like the, you know, the big finale, right? Like, this is what you get when you have this granularity on your own data ecosystem. It enables you to have that granularity now, when you want to share outside of your internal ecosystem. And so I think an important part about this is that when you think about governance, you can't necessarily have one God users so to speak, that has control over all tables and all policies. You really need segmentation of duty, where different parts of the organ hooking their own data build their own policies in a way where people can't step on each other and then this can expand this out. The third party data sharing where you can set different anonymous ation levels on your data when you're sharing an external the organization verse, if it's internal users and then someone else in your ord could share their data with you and then that also do that Third party. So it really enables and freeze these organizations Thio share with each other in ways that weren't possibly before. Because it happens in the day. The layer, um, these organizations can choose their own compute and still have the same policies being forced again. Going back to that consistency piece, um, it provides. Think of it is almost a authoritative way to share data in your organization. It doesn't have to be ad hoc. Oh, I have to share with this group over here. How should I do it? What policies should enforce. There's a single authoritative way to set policy and share your data. >>So the first thing that comes to my mind, especially when we give more power to the users, is when the auditors come and they say, You know what, Keith? I understand this is the policy, but prove it. How do we provide auditors with the evidence that you know, the we're implementing the policy that we designed and then two were ableto audit that policy? >>Yeah. Good question. So, um, I briefly spoke about this a little bit, but the when you author and define the policies in the Muda there immediately being enforced. So when you write something in our platform, um, it's not a glorified Wikipedia, right? It's actually turning those policies on and enforcing it at the data later. And because of that, any query that's coming through a Muda is going to be audited. But I think even more importantly, to be honest, we keep a history of how policy changes happening over time, too. So you could understand, you know, so and so changed the policy on this table versus other table, you know, got newly added, these people got dropped from it. So you get this rich history of not only who's touching what data and what data is important, but you're also getting a rich history off. Okay, how have we been treating this data from a policy perspective over time? How is it like what were my risk levels over the past year? With B six tables on? You can answer those kinds of questions as well. >>And then we're in the era of cloud. We expect to be able to consume these services via AP I via pay as you go type of thing. How is your relationship with AWS and how in the cutting. Ultimately, the customer. How do I consume a music? >>Yeah, so in Munich can pretty much be deployed anywhere. So obviously we're talking to us here. We have a SAS offering where you can spin up Muda pretrial and just be often running building policies and hooking up hooking our policy enforcement engine into your compute. Um, that runs in our, um you know, infrastructure. There's also a deployment model where you deploy immune it into your VPC s so it can run on your infrastructure. Behind your firewalls on DWI do not require any public Internet access at all for that to run. We don't do any kind of phone homing because, obviously, privacy company, we take this very seriously internally as well. We also have on premise deployments, um, again with zero connectivity air gapped environments. Eso. So we offer that kind of flexibility to our customers wherever they want immediate toe to be deployed. An important thing to remember their two is immediate. Does not actually store any data. We just store metadata and policy information. Um, so it's that also provides the customers some flexibility where if they want to use our SAS, they can simply go policy in there, and then the data still lives in their account. We're just kind of pushing policy down into that. Dynamically. >>So Stephen Towel co founder c t o of immunity. I don't think you have to worry about matching my energy level. I through some pretty tough questions at at you and you were ready there with all the answers. You wanna see more interesting conversations from around the world with founders, builders, AWS reinvent is all about builders and we're talking to the builders throughout this show. Visit us on the web. The Cube. You can engage with us on Twitter. Talk to you next episode off the Cube from AWS reinvent 2020.

>> Announcer: Live from Las Vegas, it's theCUBE! Covering AWS re:Invent 2019. Brought to you by Amazon Web Services and Intel, along with it's ecosystem partners. >> Welcome inside Live here at the Sands as we continue our coverage of AWS re:Invent 2019 on theCUBE, day three. Always an exciting time I think to get a summary of what's happened here. Dave Vellante, John Walls, we're joined by a couple of gentlemen from Immuta, Steven Touw who's a co-founder and CTO. Steve, good to see you. >> Yeah thanks for having me. >> John Walls: And Rob Lancaster, who's the GM of Cloud at Immuta. Rob, thanks for joining us as well. >> Great to be here. >> First off, let's talk about Immuta a little bit. You're all about governance right? You're trying to make it simple, easy, taking out the complexity. But for those at home who might not be too familiar with your company, tell us a little bit about you. >> Yeah so the company started out, our roots are in the U.S. intelligence community. So we had been dealing with access and control issues for data for years and we said to ourselves, "Hey this product has to be useful for non-IC customers. "This problem has to exist." And with the advent of all these privacy regulations like CCPA, GDPR and of course HIPPA's been around for a long time, really our goal was to bring a product to the market that makes it easy to govern access to data in a way that you don't have to be technical to do it, you don't have to understand how to write SQL statements, you don't have to be a system administrator. We really bring together three personas, the users that want to get access to the data, legal compliance that needs to understand how the rules are being enforced or even enforce them themselves, and then of course the data owners and the DBAs who need to expose the data. So usually those three personas are at odds with one another, we bring them together in our platform and allow them to work together in a way that's compliant and also accelerates their data analytics. >> Could we talk a little bit about why this is such a problem? Because it is a big problem and especially today and in the cloud and we'll get into that, but you've got data lakes, data oceans now, you got data coming in, all types of data. Might be internal transaction data, it might be stuff in your data warehouse. And the organization say, "Well I want some other data. "I want to bring in maybe some social data." So certain data is, everybody can have access to. Certain data not everybody can have access to. And it's not necessarily just a security problem, edicts of my organization that need to be enforced. So first of all, is that sort of, the problem that you're solving? And maybe you can double-click on that a little bit. >> Yeah sure, so the market has evolved and is evolving. You allude to data lakes, I think you can point to the immersion of Hadoop, as a distributed infrastructure as kind of the original data lakes, or the most recent data lakes, where you can store all your data and run analytics on all your data, and now with the advent, with the emergence of Cloud you've effectively got very low, if not zero cost storage, and the ability to throw an unlimited amount of compute at the data. That, kind of in conjunction with heightened awareness for consumer data privacy and risk associated with data, has created a market for data governance beyond kind of the course-grained access controls that people have been using on their databases for decades now. >> Yeah I mean Hadoop really got it all started. You're right and despite all it's problems, it had some real epiphany-like technical innovations, but one of the things that it didn't worry about at the time was governance. So whose responsibility is this? Is it the CISO? That is essentially trying to build out a new cloud stack to provide security, privacy, governance and what does that stack look like? >> Rob: Go ahead. >> Yeah so it depends, it's actually pretty interesting that different organizations have tackled this different ways. So we have CISOs that maintain this. In other organizations we've got the legal compliance teams that want to do this but maybe don't have the technical chops. And the CISO doesn't necessarily know all the privacy rules that need to be enforced, so it's kind of moving into this world where security is about keeping the bad guys out and black or white access, like you either can see the data or you won't, but with privacy controls it gets into this gray area where there's a lot of technical complexity and there's a lot of legal complexity. So the organizations struggle with this 'cause you've got to play in that gray area where it's not just like I said, black and white. The analogy we use is, security is like a light switch, you're either in or you're out. With privacy controls you need to anonymize the data, you need to do privacy by design. It's like a dimmer switch where you want to play in that gray area and allow some utility out of the data but also protect privacy at differing levels of whatever you're doing analytically. So this can be challenging for an organization to wrestle with because it's not as, I would argue it's not as black and white as it is with security. >> Your question is in many cases it's the business that's running really fast and that is building these data lakes because they want to get value out of their data and the CISO or the compliance or risk officers are the ones that are telling them to slow down. So our product that Steve set up caters to both parties. It checks the boxes for risk, but it also enable the business to get utility out of their data lake. >> It's a very complicated situation because you've got this corpus of data that's organic and constantly changing and you have, you mentioned GDPR, you've got California now, every state's going to have it's own regulations so you've got to be able to sort of adjudicate that. And can you talk about, I mean obviously I've interviewed Matt Carroll, we covered you guys so I know a little bit about you, but can you talk about your tech in terms of it's ability? You've got a capability to do really granular level understanding and governance policies, can you describe that a little bit? >> Yeah sure, so when we talk about privacy controls, these are things like way beyond just table-level access. So instead of saying, "Hey you have access to this table or not," or even, "You have access to this column or not," you've got to go deeper than that, you've got to be able to make rows disappear based on what people are doing. So for example, we have financial institution customers that are using us for all their trading data and only some traders can see some trade desks and we manage all that dynamically. We're not making anonymized copies of data. Everything happens at query time, and depending on what compute you're using that all works differently, but then at the column level we're able to do these anonymization techniques like we could make numeric data less specific, we could use techniques like k-anonymization that allows analysts to analyze the data but ensures that small groups that exist in that data won't reveal someone's true identity. And we have techniques like differential privacy, which provides mathematical guarantees of privacy. So for example, one of our manufacturing customers set aside, these are the four analytical use cases that we're using our data for and under GDPR we want different levels of privacy associated to those use cases. So they could do that all with Immuta. So they could say, "When I'm doing this "I want these columns to be anonymized to this level "and these rows to disappear, but if I'm doing something, "maybe more critical, which our consumers have consented to "you know there's less privacy controls." And that all happens dynamically so the analysts could actually switch context of what they're doing and get a different view of the data and all of that is audited so we understand why someone's doing what they're doing and when they're running queries we can associate those queries to purpose. >> We've talked about customers of course and they're adapting right, to a new world? How are you adapting? I mean what are you learning about, in terms of policy regulation and governance, what have you, you said you came out of the intelligence community, high bar there right? >> Steven Touw: Yeah. >> So what have you done to evolve as a company and what are you, as the headlights basically for these folks, what are you seeing change that is going to require a lot of shift on the other side? >> Yeah so, I don't know if you have thoughts. >> I mean it's a great question but there's really two parts to it, there's what are we doing? But, what is the market doing as well, right? So if you think about when we got started, even a year ago people understood the technology, they thought it was cool but maybe a little nichey for government or financial services or maybe healthcare because there's well understood regulation, these vertical regulation. Even over the past year with kind of this increasing or heightened awareness for consumer data privacy, not just driven by CCPA and GDPR but kind of this, call it the Facebook Effect right? Cambridge Analytica has created this awareness within the general population for what are these organizations actually doing with my data? Before it was okay 'cause you give your data to Google and you get a better search result and you're okay with that but now they may be using your data for their own profit in different ways so this has created this rising tides effect for the overall market and we talk a lot about organizations using something like Immuta to protect their highly sensitive data. I like to think of it is their most valuable data, which may be highly sensitive but it also could be the crown jewels, trading data for a bank for example. So it's become about extracting value and operational benefit from data, whereas the risk offices are trying to lock it down in many cases. >> So, there's definitely a big problem and people are becoming more aware of it. I want to talk about where you guys fit into this whole cloud ecosystem. There's a sea change now, there's this sort of, this new cloud coming into play. It's not just about infrastructure anymore. I'll give you some examples, you got all these data lakes, maybe you got Redshift running, Snowflake's another one, you've now got this data exchange where you can bring data right in the Cloud bring in all different types of data, you're bringing in some AML and AI and it's all, really again, a complicated situation. So I see you guys as fitting in there and real need but can you describe where you fit in the ecosystem, what your relationship is with AWS, how do I engage with you? >> Yeah absolutely, so a core part of our value is that we are heterogeneous in terms of the environment that we support. We support a hybrid estate so the architecture of the product is fully microservices based so we can run on PRIM as well as on Cloud, on any Cloud, we support effectively any popular database system or analytical tool. So think of us as a data abstraction layer across a hybrid environment, so we're here because AWS is obviously the big boy in the market, they have market share, this is a strategic relationship for us. We're working very deeply with AWS field teams, particularly around some of their verticals, the verticals that align to our business and at the end of the day we're trying to define a category. It's a similar category that we've had for decades but with all the changes that are happening in data and regulation and infrastructure what we're trying to do is raise the level of awareness for the fact that Immuta has actually solved the problem that many of these risk officers are struggling with today. >> Yeah and from a, diving a little on the technical side of that answer is that we are, think of us as the way to enforce policy in the Cloud. We consider ourselves a Cloud-first software vendor. And you don't necessarily want one point solution in Redshift or another point solution on your on-premise Cloudera instance, whatever it may be where you're using your data and running analytics, you need to abstract the policies out into a consistent layer and then have them be enforced across whatever you're using. So you might be using Cloudera today and then you switch to Databricks tomorrow, that shouldn't be a hard change from you from a policy perspective. You just re-point Immuta at Databricks and all your policies are still working like they used to so it gives you this flexibility now to use all these different services that AWS provides 'cause as was stated in the keynote on Tuesday, there's no one database solves all. You're always going to be using a heterogenous set of compute to do your job in analytics so you need a consistent way to enforce policies across all of that. >> That's a great point. I mean I don't know if you saw the Vanguard guy today in the keynote, he basically said, "We rip down, or tore down our big data infrastructure "moved it to the Cloud, spun up EMR." I mean there's a perfect example of, you got to bring your governance with you. You can't have to rebuild that whole stack. Are you in the Marketplace yet? >> Steve and Rob: Yes. >> You are, great, awesome. >> Yeah we launched a managed version of Immuta over the summer on AWS Marketplace. We'll be launching a second one shortly and it's really, the offering that we have out there is really geared toward, for lack of a better term, democratizing data governance. It's actually free up to the fifth user so any organization can deploy Immuta in under 30 minutes through Marketplace and start protecting their data. >> That's great, we had Dave McCann on yesterday, he runs the Marketplace, he was telling us just now, private offers for every marketplace, so ICV, so that's from. Last question I have is, how do you see this all playing out? You got GDPR, remember you talked about California regulations, there's a technology component, any predictions you guys want to share? What's your telescope say? >> All data will be regulated data eventually. So if you're not thinking about that now you need to. So, at least that's our theory, obviously, so we think it's critical that you're doing that from day one instead of day 365 and in your migration strategy. And if you're not thinking about that it's going to potentially bite you in the ass. >> Yeah you're right, I mean Web 2.0 was the wild, wild west, there was no privacy, there was no regulation, GDPR started to get people focused on that and it's now a whole new world. >> Gentlemen thank you, appreciate the time and best of luck. I know you said you had the big launch this summer but good things are ahead no doubt. >> For sure, thank you. >> Thank you. >> Dave Vellante: Thanks guys. >> Back with more coverage here on theCUBE. You're watching AWS re:Invent 2019. We are live and we're in Las Vegas. (upbeat tones)

>> From the Silicon Angle Media office, in Boston Massachusetts, it's the Cube. Now, here's your host, Dave Vellante. >> Hi everybody, welcome to this Cube Conversation here in our studios, outside of Boston. My name is Dave Vellante. I'm here with Matt Carroll, who's the CEO of Immuta. Matt, good to see ya. >> Good, nice to have me on. >> So we're going to talk about governance, how to automate governance, data privacy, but let me start with Immuta. What is Immuta, why did you guys start this company? >> Yeah, Immuta is an automated data governance platform. We started this company back in 2014 because we saw a gap in the market to be able to control data. What's happened in the market as changes is that every enterprise wants to leverage their data. Data's the new app. But, governments want to regulate it and consumers want to protect it. These were at odds with one another, so we saw a need of creating a platform that could meet the needs of everyone. To democratize access to data and in the enterprise, but at the same time, provide the necessary controls on the data to enforce any regulation, and ensure that there was transparency as to who is using it and why. >> So let's unpack that a little bit. Just try to dig into the problem here. So we all know about the data explosion, of course, and I often say data used to be a liability, now it's turned into an asset. People used to say get rid of the data, now everybody wants to mine it, and they want to take advantage of it, but that causes privacy concerns for individuals. We've seen this with Facebook and many others. Regulations now come into play, GDPR, different states applying different regulations, so you have all these competing forces. The business guys just want to go and get out to the market, but then the lawyers and the compliance officers and others. So are you attacking that problem? Maybe you could describe that problem a little further and talk about how you guys... >> Yeah, absolutely. As you described, there's over 150 privacy regulations being proposed over 25 states, just in 2019 alone. GDPR has created or opened the flood gates if you will, for people to start thinking about how do we want to insert our values into data? How should people use it? And so, the challenge now is, you're right, your most sensitive data in an enterprise is most likely going to give you the most insight into driving your business forward, creating new revenue channels, and be able to optimize your operational expenses. But the challenge is that consumers have awoken to, we're not exactly sure we're okay with that, right? We signed a YULU with you to just use our data for marketing, but now you're using it for other revenue channels? Why? And so, where Immuta is trying to play in there is how do we give the line of business the ability to access that instantaneously? But also give the CISO, the Chief Information Security Officer, and the governance seems the ability to take control back. So it's a delicate balance between speed and safety. And I think what's really happening in the market is we used to think about security from building firewalls, we invested in physical security controls around managing external adversaries from stealing our data. But now it's not necessarily someone trying to steal it, it's just potentially misusing it by accident in the enterprise. And the CISO is having to step in and provide that level of control. And it's also the collision of the cloud and these privacy regulations. Cause now, we have data everywhere, it's not just in our firewalls. And that's the big challenge. That's the opportunity at hand, democratization of data in the enterprise. The problem is data's not all in the enterprise. Data's in the cloud, data's in SaaS, data's in the infrastructure. >> It's distributed by it's very nature. All right, so there's a lot of things I want to follow up on. So first, there's GDPR. When GDPR came out of course, it was May of 2018 I think. It went into effect. It actually came out in 2017, but the penalties didn't take effect till '18. And I thought, okay, maybe this can be a framework for governments around the world and states. It sounds like yeah sort of, but not really. Maybe there's elements of GDPR that people are adopting, but then it sounds like they're putting in their own twists, which is going to be a nightmare for companies. So, are you not seeing a sort of, GDPR becoming this global standard? It sounds like, no. >> I don't think it's going to be necessarily global standard, but I do think the spirit of the GDPR, and at the core of it is, why are you using my data? What was the purpose? So traditionally, when we think about using data, we think about all right, who's the user, and what authorizations do they have, right? But now, there's a third question. Sure, you're authorized to see this data, depending on your role or organization right? But why are you using it? Are you using it for certain business use? Are you using it for personal use? Why are you using this? That's the spirit of GDPR that everyone is adopting across the board. And then of course, each state, or each federal organization is thinking about their unique lens on it, right? And so you're right. This is going to be incredibly complex. And the amount of policies being enforced at query time. I'm in my favorite, let's just say I'm in Tableau or Looker right? I'm just some simple analyst, I'm a young kid, I'm 22, my first job right? And I'm running these queries, I don't know where the data is, right? I don't know what I'm combining. And what we found is on average in these large enterprises, any query at any moment in time, might have over 500 thousand policies that need to be enforced in real time. >> Wow. >> And it's only getting worse. We have to automate it. No human can handle all those edge cases. We have to automate. >> So, I want to get into how you guys actually do that. Before I do, there seems to be... There's a lot of confusion in the marketplace. Take the word data management, data protection. All the backup guys are using that term, the database guys use that term, GOC folks use that term, so there's a lot of confusion there. You have all these adjacent markets coming together. You've got the whole governance risk and compliance space, you've got cyber security, there's privacy concerns, which is kind of two sides of the same coin. How do you see these adjacencies coming together? It seems like you sit in the middle of all that. >> Yeah, welcome to why my marketing budget is getting bigger and bigger. The challenge we're facing now is I think, who owns the problem right? The Chief Data Officer is taking on a much larger role in these organizations, the CISO is taking a much more larger role in reporting up to the board. You have the line of business who now is almost self-sustaining, they don't have to depend on IT as much any longer because of the cloud and because of the new compute layers to make it easier. So who owns it? At the end of the day, where we see it is we think there's a next generation of cyber tools that are coming out. We think that the CISO has to own this. And the reason is that the CISO's job is to protect the enterprise from cyber risk. And at the core of cyber risk is data. And they must own the data problem. The CDO must find the data, and explain what that data is, and make sure it's quality, but it is the CISO that must protect the enterprise from these threats. And so, I see us as part of this next wave of cyber tools that are coming out. There's other companies that are equally in our stratosphere, like BigID, we're seeing AWS with Macy doing sensitive data discovery, Google has their data loss prevention service. So the cloud players are starting to see, hey, we've got to identify sensitive data. There's other startups that are saying hey, we got to identify and catalog sensitive data. And for us, we're saying hey, we need to be able to consume all that cataloging, understand what's sensitive, and automatically apply policies to ensure that any regulation in that environment is met. >> I want to ask you about the cloud too. So much to talk to you about here, Matt. So, I also wanted to get your perspective on variances within industries. So you mentioned Chief Data Officers. The ascendancy of the Chief Data Officers started in financial services, healthcare, and government where we had highly regulation industries. And now it's sort of seeped into more commercial. But it terms of those regulated industries, take healthcare for example. There are specific nuances. Can you talk about what you're seeing in terms of industry variance. >> Yeah, it's a great point. Starting with like, healthcare. What does it mean to be HIPPA compliant anymore? There are different types of devices now where I can point it at your heartbeat from a distance away and I can have 99 percent accuracy of identifying you, right? It takes three data points in any data set to identify 87 percent of US citizens. If I have your age, sex, location, I can identify you. So, what does it mean anymore to be HIPPA compliant? So the challenge is how do we build guarantees of trust that we've de-identified these DESA's, cause we have to use it, right? No one's going to go into a hospital and say, "You know what, I don't want you to say my life. "Cause I want my data protected," right? No one's ever going to say that. So the challenges we face now across these regulated industries is the most sensitive data sets are critical for those businesses to operate. So there has to be a compromise. So, what we're trying to do in these organizations is help them leverage their data and build levels of proportionality, to access that right? So, the key isn't to stop people from using data. The key is to build the controls necessary to leverage a small bit of the data. Let's just say, we've made it indistinguishable. You can only ask Agriculture and Statistics the question. Well, you know what, we actually found some really interesting things there, we need to be a little bit more useful, it's this trade-off between privacy and utility. It's a pendulum that swings back and forth. As someone proves I need more of this, you can swing it, or just mask it. I need more of it? All right, we'll just redact some of the certain things. Nope, this is really important, it's going to save someone's life. Okay, completely unmasked, you have the raw data. But it's that control that's necessary in these environments, that's what's missing. You know, we came out of the US Intelligence community. We understood this better than anyone. Because highly regulated, very sensitive data, but we knew we needed the ability to rapidly control. Well is this just a hunch, or is this a 9-11 event? And you need the ability to switch like that. That's the difference and so, healthcare is going through a change of, we have all these new algorithms. Like Facebook the other day said, hey, we have machine learning algorithms that can look at MRI scans, and we're going to be better than anyone in the world at identifying these. Do you feel good about giving your data to Facebook? I don't know, but we can maybe provide guaranteed anonymization to them, to prove to the world they're going to do right. That's where we have to get to. >> Well, this is huge, especially for the consumer, cause you just gave several examples. Facebook's going to know a lot about me, a mobile device, a Fit Bit, and yet, if I want to get access to my own medical records, it's like Fort Knox to try to get, please, give this to my insurance company. You know, you got to go through all these forms. So, you've got those diverging objectives and so, as a consumer, I want to be able to trust that when I say yes you can use it, go, and I can get access to it, and other can get access to it. I want to understand exactly what it is that you guys do, what you sell. Is it software, is it SAS, and then let's get into how it works. So what is it? >> Yeah, so we're a software platform. We deploy into any infrastructure, but it is not multi-tenant so, we can deploy on any cloud, or on premises for any customer, and we do that with customers across the world. But if you think about at the core of what is Immuta, think of Immuta as a system of record for the CISO or the line of business where I can connect to any data, on any infrastructure, on any compute layer, and we connect into over 61 different storage platforms. We then have built a UI where lawyers... We actually have three lawyers as employees that act as product managers to help any lawyer of any stature take what's on paper, these regulations, these rules and policies, and they digitize it essentially, in active code. So they can build any policy they want on any data in the ecosystem, in the enterprise, and enforce it globally without having to write any code. And then because we're this plane where you can connect any tool to this data, and enforce any regulation because we're the man in the middle, we can audit who is using what data and why. In every action, in any change in policy. So, if you think about it, it's connect any tool to any data, control it, any regulation, and prove compliance in a court of law. >> So you can set the policy at the data set level? >> Correct. >> And so, how does one do that? Can you automate that on the creation of that data set? I mean you've got you know, dependencies. How does that all work? >> Yeah, what's a really interesting part of our secret sauce is that one, we could do that at the column level, we can do it at the row level, we can do it at the cell level. >> So very granular. >> Very, very granular. This is something again, we learned from the US Intelligence community, that we have to have very fine grained access to every little bit of the data. The reason is that, especially in the age of data, is people are going to combine many data sets together. The challenge isn't enforcing the policy on a static data set, the challenge is enforcing the policy across three data sets where you merge three pieces of data together, who have conflicting policies. What do you do then? That's the beauty of our system. We deal with that policy inheritance, we manage that lineage of the policy, and can tell you here's what the policy will be. >> In other words, you can manage to the highest common denominator as an example. >> Or we can automate it to the lowest common denominator, where you can work in projects together recognizing hey, we're going to bring someone into the project that's not going to have the level of access. Everyone else will automatically change it to the lowest common denominator. But then you share that work with another team and it'll automatically be brought to the highest common denominator. And we've built all these work flows in. That was what was missing and that's why I call it a system of record. It's really a symbiotic relationship between IT, the data owner, governance, the CISO, who are trying to protect the data, and the consumer, and all they want to do is access the data as fast as possible to make better, more informed decisions. >> So the other mega-trend you have is obviously, the super power of machine intelligence, or artificial intelligence, and then you've got edge devices and machine to machine communication, where it's just an explosion of IP addresses and data, and so, it sounds like you guys can attack that problem as well. >> Any of this data coming in on any system, the idea is that eventually it's going to land somewhere, right? And you got to protect it. We call that like rogue data, right? This is why I said earlier, when we talk about data, we have to start thinking about it as it's not in some building anymore. Data's everywhere. It's going to be on a cloud infrastructure, it's going to be on premises, and it's likely, in the future, going to be on many distributed data centers around the world cause business is global. And so, what's interesting to us is no matter where the data's sitting, we can protect it, we can connect to it, and we allow people to access it. And that's the key thing is not worrying about how to lock down your physical infrastructure, it's about logically separating it. And that's why what differentiates us from other people is one, we don't copy the data, right? That's the always the barrier for these types of platforms. We leave the data where it is. The second is we take all those regulations and we can actually, at query time, push it down to where that data is. So rather than bring it to us, we push the policy to the data. And what that does is that's what allows us, what differentiates us from everyone else is, it allows us to guarantee that protection, no matter where the data's living. >> So you're essentially virtualizing the data? >> Yeah, yeah. It's virtual views of data, but it's not all the data. What people have to realize is in the day of apps, we cared about storage. We put all the data into a database, we built some services on top of it and a UI, and it was controlled that way, right? You had all the nice business logic to control it. In the age of data, right? Data is the new app, right? We have all these automation tools, Data Robot, and H20, and Domino, and Tableau's building all these automation work flows. >> The robotic process automation. >> Yeah, RPA, UI Path, the Work Fusion, right? They're making it easier and easier for any user to connect to any data and then automate the process around it. They don't need an app to build a unique work flows, these new tools do that for them. The key is getting to the data. And the challenge with the supply chain of data is time to data is the most critical aspect of that. Cause, the time to insight is perishable. And so, what I always tell people, a little story, I came from the government, I worked in Baghdad, we had 42 minutes to know whether or not a bad guy in the environment, we could go after him. After that, that data was perishable, right? We didn't know where he was. It's the same thing in the real world. It's like imagine if Google told you, well, in 42 minutes it might be a good time to go 495. (laughter) It's not very useful, I need to know the information now. That's the key. What we see is policy enforcement and regulations are the key barrier of entry. So our ability to rapidly, with no latency, be able to connect anyone to that data and enforce those policies where the data lives, that's the critical nature. >> Okay, so you can apply the policies and you do it quickly, and so now you can help solve the problem. You mentioned a cloud before, or on prem. What is the strategy there with regard to various clouds and how do you approach multi-clouds? >> I think cloud is what used to be an infrastructure as a service game, is now becoming a compute game. I think large, regulated enterprises, government, healthcare, financial services, insurance, are all moving to cloud now in a different way. >> What do you mean by that? Cause people think infrastructure as service, they'll say oh that's compute storage and some networking. What do you mean by that? >> I think there's a whole new age of software that's being laid on top of the availability of compute and the availability of storage. That's companies like Databricks, companies like Snowflake, and what they're doing is dramatically changing how people interact with data. The availability zones, the different types of features, the ability to rip and replace legacy warehouses and main frames. It's changing the ability to not just access, but also the types of users that could even come on to leverage this data. And so these enterprises are now thinking through, "How do I move my entire infrastructure of data to them? "And what are these new capabilities "that I could get out of that?" Which, that is just happening now. A lot of people have been thinking, "Oh, this has been happening over the past five years," no, the compute game is now the new war. I used to think of like, Big Data, right? Big Data created, everyone started to understand, "Ah, if we've got our data assets together, "we can get value." Now they're thinking, "All right, let's move beyond that." The new cloud at our currents works is Snowflake and Databricks. What they're thinking about is, "How do I take all your meta-data "and allow anyone to connect any BI tool, "any data science tool, and provide highly performance, "and highly dependable compute services "to process petabytes of data?" It's pretty fantastic. >> And very cost efficient and being able to scale, compute independent of storage, from an architectural perspective. A lot of people claim they can do that, but it doesn't scale the same way. >> Yeah, when you're talking about... Cause that's the thing is you got to remember, these financial systems especially, they depend on these transactions. They cannot go down and they're processing petabytes of data. That's what the new war is over, is that data in the compute layer. >> And the opportunity for you is that data that can come from anywhere, it's not sitting in a God box, where you can enforce policies on that corpus. You don't know where it's coming from. >> We want to be invisible to that right? You're using Snowflake, it's just automatically enforced. You're using Databricks, it's automatically enforced. All these policies are enforced in flight. No one should even truly care about us. We just want to allow you to use the data the way you're used to using it. >> And you do this, this secret sauce you talked about is math, it's artificial intelligence? >> It's math. I wish I could say it was like super fancy, unsupervised neural nets or what not, it's 15 years of working in the most regulated, sticky environments. We learned about very simple novel ways of pushing it down. Great engineering's always simple. But what we've done is... At query time, what's really neat is we figured a way to take user attributes from identity management system and combine that with a purpose, and then what we do is we've built all these libraries to connect into all these dispert storage and compute systems, to push it in there. The nice thing about that is prior to this what people were doing, was making copies. They'd go to the data engineering team and they'd say hey, "I need to ETL this "and get a copy and it'll be anatomized." Think about that for a second. One, the load on your production systems, of all these copies, all the time, right? The second is CISO, the surface area. Now you've got all this data that in a snapshot in time, is legal and ethical, might change tomorrow. And so, now you've got an increase surface area of risk. Like that no-copy aspect. So the pushing it down and then the no-copy aspect really changed the game for enterprises. >> And you've got providence issues, like you say. You've got governance and compliance. >> And imagine trying, if someone said to you, imagine Congress said hey, "Any data source that you've processed "over the past five years, I want to know if "there was these three people in any of these data sources "and if there were, who touched that data "and why did they touch it?" >> Yeah and storage is cheap, but there's unintended consequences. People are, management isn't. >> We just don't have a unified way to look at all of the logs cross listed. >> So we started to talk about cloud and then I took you down a different path. But you offer your software on any cloud, is that right? >> Yeah, so right now, we are in production on Immuta's Marketplace. And that is a managed service, so you can go deploy in there, it'll go into your VPC, and we can manage the updates for you, we have no insight into your infrastructure, but we can push those updates, it'll automatically update, so you're getting our quarterly releases, we release every season. But yeah, we started with AWBS, and then we will grow out. We see cloud is just too ubiquitous. Currently, we still support though, Bigquery, Data Praq, we support Azure, Data Light Storage version two, as well as Azure Databricks. But you can get us through Immuta's Marketplace. We're also investing in ReInvent, we'll be out there in Vegas in a couple weeks. It's a big event for us just because obviously, the government has a very big stake in AWBS, but also commercial customers. It's been a massive endeavor to move. We've seen lots of infrastructure. Most of our deals now are on cloud infrastructure. >> Great, so tell us about the company. You've raised, I think in a Series B, about 28 million to date. Maybe you could give us the head count, and whatever you can share about momentum, maybe customer examples. >> Yeah, so we've raised 32 million to date. >> 32 million. >> From some great investors. The company's about 70 people now. So not too big, but not small anymore. Just this year, at this point, I haven't closed my fiscal year, so I don't want to give too much, but we've doubled our ARR and we've tripled our LOGO count this year alone and we've still got one more quarter here. We just started our fourth quarter. And some customer cases, the way I think about our business is I love healthcare, I love government, I love finance. To give you some examples is like, COGNO is a really great example. COGNO and what they're trying to solve is can they predict where a child is on the autism spectrum? And they're trying to use machine learning to be able to narrow these children down so that they can see patterns as to how a provider, a therapist is helping these families give these kids the skills to operate in the real world. And so it's like this symbiotic relationship utilizing software, surveys and video and what not, to help connect these kids that are in similar areas of the spectrum, to help say hey, this is a successful treatment, right? The problem with that is we need lots of training data. And this is children, one, two, this is healthcare, and so, how do you guarantee HIPPA compliance? How do you get through FDA trials, through third party, blind testing? And still continue to validate and retrain your models, while protecting the identity of these children? So we provide a platform where we can anonymize all the data for them, we can guarantee that there's blind studies, where the company doesn't have access to certain subsets of the data. We can also then connect providers to gain access to the HIPPA data as needed. We can automate the whole thing for them. And they're a startup too, there are 100 people. But imagine if you were a startup in this health-tech industry and you had to invest in the backend infrastructure to handle all of that. It's too expensive. What we're unlocking for them, I mean yes, it's great that they're HIPPA compliant and all that, that's what we want right? But the more important thing is like, we're providing a value add to innovate in areas utilizing machine learning, that regulations would've stymied, right? We're allowing startups in that ecosystem to really push us forward and help those families. >> Cause HIPPA compliance is table stay compulsory. But now you're talking about enabling new business models. >> Yeah, yeah exactly. >> How did you get into all this? You're CEO, you're business savvy, but it sounds like you're pretty technical as well. What's your background? >> Yeah I mean, so I worked in the intelligence community before this. And most of my focus was on how do we take data and be able to leverage it, either for counter-terrorism missions, to different non-kinetic operations. And so, where I kind of grew up in is in this age of, think about billions of dollars in Baghdad. Where I learned is that through the computing infrastructure there, everything changed. 2006 Baghdad created this boom of technology. We had drones, right? We had all these devices on our trucks that were collecting information in real time and telling us things. And then we started building computing infrastructure and it burst Hadoop. So, I kind of grew up in this era of Big Data. We were collecting it all, we had no idea what to do with it. We had nowhere to process it. And so, I kind of saw like, there's a problem here. If we can find the unique little, you know, nuggets of information out of that, we can make some really smart decisions and save lives. So once I left that community, I kind of dedicated myself to that. The birth of this company again, was spun out of the US Intelligence community and it was really a simple problem. It was, they had a bunch of data scientists that couldn't access data fast enough. So they couldn't solve problems at the speed they needed to. It took four to six months to get to data, the mission said they needed it in less than 72 hours. So it was orthogonal to one another, and so it was very clear we had to solve that problem fast. So that weird world of very secure, really sensitive, but also the success that we saw of using data. It was so obvious that we need to democratize access to data, but we need to do it securely and we need to be able to prove it. We work with more lawyers in the intelligence community than you could ever imagine, so the goal was always, how do we make a lawyer happy? If you figure that problem out, you have some success and I think we've done it. >> Well that's awesome in applying that example to the commercial business world. Scott McNeely's famous for saying there is no privacy in the internet, get over it. Well guess what, people aren't going to get over it. It's the individuals that are much more concerned with it after the whole Facebook and fake news debacle. And as well, organizations putting data in the cloud. They need to govern their data, they need that privacy. So Matt, thanks very much for sharing with us your perspectives on the market, and the best of luck with Immuta. >> Thanks so much, I appreciate it. Thanks for having me out. >> All right, you're welcome. All right and thank you everybody for watching this Cube Conversation. This is Dave Vellante, we'll see ya next time. (digital music)

>> Narrator: Live from Midtown Manhattan it's theCUBE! Covering Big Data, New York City 2017. Brought to you by SiliconANGLE Media and its ecosystem sponsor. >> Okay, welcome back everyone. Live here in New York this is theCUBE's coverage of Big Data NYC, our event. We've been doing it for five years, it's our event in conjunction with Strata Data, which is the O'Reilly Media that we run, it's a separate event. But we've been covering the Big Data for eight years since 2010, Hadoop World. This is theCUBE. Of course theCUBE is never going to change, they might call it Strata AI next year, whatever trend that they might see. But we're going to keep it theCUBE. This is in New York City, our eighth year of coverage. Guys, welcome to theCUBE. Our next two guests is Andrew Burt, Chief Privacy Officer and Andrew Gillman, Chief Customer Officer and CMO. It's a start-up so you got all these fancy titles, but you're on the A-team from Immuta. Hot start-up. Welcome to theCUBE. Great to see you again. >> Thanks for having us, appreciate it. >> Okay, so you guys are the start-up feature here this week on theCUBE, our little segment here. I think you guys are the hottest start-up that is out there and that people aren't really talking a lot about. So you guys are brand new, you guys have got a really good reputation. Getting a lot of props inside the community. Especially in the people who know data, data science, and know some of the intelligence organizations. But respectful people like Dan Hutchin says you guys are rockstars and doing great. So why all the buzz inside the community? Now you guys are just starting to go to the market? What's the update on the company? >> So great story. Founded in 2014, (mumbles) Investment, it was announced earlier this year. And the team, group of serial entrepreneurs sold their last company CSC, ran the public sector business for them for a while. Really special group of engineers and technologists and data scientists. Headquartered out of D.C. Customer success organization out of Columbus, Ohio, and we're servicing Fortune 100 companies. >> John: So Immuta, I-M-M-U-T-A. >> Immuta.com we just launched the new website earlier this week in preparation for the show. And the easiest way-- >> Immuta, immutable, I mean-- >> Immutable, I'm sure there's a backstory. >> Immutable, yeah. We do not ever touch the raw data. So we're all about managing risk and managing the integrity of the data. And so risk and integrity and security are baked into everything we do. We want our customers to know that their data will be immutable, and that in using us they'll never pose an additional risk to that underlying data. >> I think of blockchain when I think of immutability, like I'm so into blockchaining these dayS as you guys know, I've been totally into it. >> There's no blockchain in their technology. >> I know, but let's get down to why the motivation to enter the market. There's a lot of noisy stuff out there. Why do we need another unified platform? >> The big opportunity that we saw was, organizations had spent basically the past decade refining and upgrading their application infrastructure. But in doing so under the guise of digital transformation. We've really built that organization's people processes to support monolithic applications. Now those applications are moving to the cloud, they're being rearchitected in a microsurfaces architecture. So we have all this data now, how do we manage it for the new application, which we see is really algorithm-centric? The Amazons of the world have proven, how do you compete against anyone? How do you disrupt any industry? That's operationalize your data in a new way. >> Oh, they were developer-centric right? They were very focused on the developer. You guys are saying you're algorithm-centric, meaning the software within the software kind of thing. >> It's really about, we see the future enterprise to compete. You have to build thousands of algorithms. And each one of those algorithms is going to do something very specific, very precise, but faster than any human can do. And so how do you enable an application, excuse me, an algorithm-centric infrastructure to support that? And today, as we go and meet with our customers and other groups, the people, the processes, the data is everywhere. The governance folks who have to control how the data is used, the laws are dynamic. The tooling is complex. So this whole world looks very much like pre-DevOps IT, or pre-cloud IT. It takes on average between four to six months to get a data scientist up and running on a project. >> Let's get into the company. I wanted to just get that gist out, put some context. I see the problem you solve: a lot of algorithms out there, more and more open sources coming up to the scene. With the Linux Foundation, having their new event Rebrand the Open Source summit, shows exponential growth in open source. So no doubt about it, software's going to be new guys coming on, new gals. Tons of software. What is the company positioning? What do you guys do? How many employees? Let's go down by the numbers and then talk about the problem that you solve. >> Okay, cool. So, company. We'll be about 40 people by Q1. Heavy engineering, go to market. We're operating and working with, as I mentioned, Fortune 100 clients. Highly regulated industries. Financial services, healthcare, government, insurance, et cetera. So where you have lots of data that you need to operationalize, that's very sensitive to use. What else? Company positioning. So we are positioned as data management for data science. So the opportunity that we saw, again, managing data for applications is very different than managing data for algorithm development, data sciences. >> John: So you're selling to the CDO, Chief Data Officer? Are you selling to the analytics? >> In a lot of our customers, like in financial services, we're going right into the line of business. We're working with managing directors who are building next generation analytics infrastructure that need to unify and connect the data in a new way that's dynamic. It's not just the data that they have within their organization, they're looking to bring data in from outside. They want to also work collaboratively with governance professionals and lawyers who in financial services, they are, you know, we always jest in the company that different organizations have these cool new tools, like data scientists have all their new tools. And the data owners have flash disks and they have all this. But the governance people still have Microsoft Word. And maybe the newer tools are like Wikis. So now we can get it off of Word and make it shareable. But what we allow them to do is, and what Andrew Burt has really driven, is the ability for you to take internal logic, internal policies, external regulations, and put them into code that becomes dynamically enforceable as you're querying the data, as you're using it, to train algorithms, and to drive, mathematical decision-making in the enterprise. >> Let's jump into some of the privacy. You're the Chief Privacy Officer, which is codeword for you're doing all the governance stuff. And there's a lot of stuff business-wise that's going on around GDPR which is actually relevant. There's a lot of dollars on table for that too, so it's probably good for business. But there's a lot of policy stuff going on. What's going on with you guys in this area? >> So I think policy is really catching up to the world of big data. We've known for a very long time that data is incredibly important. It's the lifeblood of an increasingly large number of organizations, and because data is becoming more important, laws are starting to catch up. I think GDPR is really, it's hot to talk about. I think it is just the beginning of a larger trend. >> People are scared. People are nervous. It's like they don't know, this could be a blank check that they're signing away. The enforcement side is pretty outrageous. >> So I mean-- >> Is that right? I mean people are scared, or do you think? >> I think people are terrified because they know that its important, and they're also terrified because data scientists, and folks in IT have never really had to think very seriously about implementing complex laws. I think GDPR is the first example of laws, forcing technology to basically blend software and law. The only way, I mean one of our theses is, the only way to actually solve for GDPR is to invent laws within the software you're using. And so, we're moving away from this meetings and memos type approach to governing data, which is very slow and can take months, and we need it to happen dynamically. >> This is why I wanted to bring you guys in. Not only, Andrew, we knew each other from another venture, but what got my attention for you guys was really this intersection between law and society and tech. And this is just the beginning. You look at the tell-signs there. Peter Burris who runs research for Wikibon coined the term programming the real world. Life basically. You've got wearables, you've got IOT, this is happening. Self-driving cars. Who decides what side of the street people walk on now? Law and code are coming together. That's algorithm. There'll be more of them. Is there an algorithm for the algorithms? Who teaches the data set, who shares the data set? Wait a minute, I don't want to share my data set because I have a law that says I can't. Who decides all this stuff? >> Exactly. We're starting to enter a world where governments really, really care about that stuff. Just in-- >> In Silicon Valley, that's not in their DNA. You're seeing it all over the front pages of the news, they can't even get it right in inclusion and diversity. How can they work with laws? >> Tension is brewing. In the U.S. our regulatory environment is a little more lax, we want to see innovation happen first and then regulate. But the EU is completely different. Their laws in China and Russia and elsewhere around the world. And it's basically becoming impossible to be a global organization and still take that approach where you can afford to be scared of the law. >> John: I don't know how I feel about this because I get all kinds of rushes of intoxication to fear. Look at what's going on with Bitcoin and Blockchain, underbelly is a whole new counterculture going on around in-immutable data. Anonymous cultures, where they're complete anonymous underbellies going on. >> I think the risk-factors going up, when you mentioned IOTs, so its where you are and your devices and your home. Now think about 23 and Me, Verily, Freenome, where you're digitizing your DNA. We've already started to do that with MRIs and other operations that we've had. You think about now, I'm handing over my DNA to an organization because I want find out my lineage. I want to learn about where I came from. How do I make sure that the derived data off of that digital DNA is used properly? Not just for me, as Andrew, but for my progeny. That introduces some really interesting ethical issues. It's an intersection of this new wave of investment, to your point, like in Silicon Valley, of bringing healthcare into data science, into technology and the intersection. And the underpinning of the whole thing is the data. How do we manage the data, and what do we do-- >> And AI really is the future here. Even though machine-learning is the key part of AI, we just put out an article this morning on SiliconANGLE from Gina Smith, our new writer. Google Brain Chief: AI tops humans in computer vision, and healthcare will never be the same. They talk about little things, like in 2011 you can barely do character recognition of pictures, now you can 100%. Now you take that forward, in Heidelberg, Germany, the event this week we were covering the Heidelberg Laureate Forum, or HLF 2017. All the top scientists were there talking about this specific issue of, this is society blending in with tech. >> Absolutely. >> This societal impact, legal impact, kind of blending. Algorithms are the only thing that are going to scale in this area. This is what you guys are trying to do, right? >> Exactly, that's the interesting thing. When you look at training models and algorithms in AI, right, AI is the new cloud. We're in New York, I'm walking down the street, and there's the algorithm you're writing, and everything is Ernestine Young. Billboards on algorithms, I mean who would have thought, right? An AI. >> John: theCUBE is going to be an AI pretty soon. "Hey, we're AI! "Brought to you by, hey, Siri, do theCUBE interview." >> But the interesting part of the whole AI and the algorithm is you have n number of models. We have lots of data scientists and AI experts. Siri goes off. >> Sorry Siri, didn't mean to do that. >> She's trying to join the conversation. >> Didn't mean to insult you, Siri. But you know, it's applied math by a different name. And you have n number of models, assuming 90% of all algorithms are single linear regression. What ultimately drives the outcome is going to be how you prepare and manage the data. And so when we go back to the governance story. Governance in applications is very different than governance in data science because how we actually dynamically change the data is going to drive the outcome of that algorithm directly. If I'm in Immuta, we connect the data, we connect the data science tools. We allow you to control the data in a unique way. I refer to that as data personalization. It's not just, can I subscribe to the data? It's what does the data look like based on who I am and what those internal and external policies are? Think about this for example, I'm training a model that doesn't mask against race, and doesn't generalize against age. What do you think is going to happen to that model when it goes to start to interact? Either it's delivered as-- >> Well context is critical. And the usability of data, because it's perishable at this point. Data that comes in quick is worth more, but historically the value goes down. But it's worth more when you train the machine. So it's two different issues. >> Exactly. So it's really about longevity of the model. How can we create and train a model that's going to be able to stay in? It's like the new availability, right? That it's going to stay, it's going to be relevant, and it's going to keep us out of jail, and keep us from getting sued as long as possible. >> Well Jeff Dean, I just want to quote one more thing to add context. I want to ask Andrew over here about his view on this. Jeff Dean, the Google Brain Chief behind all of the stuff is saying AI-enabled healthcare. The sector's set to grow at an annual rate of 40% through 2021, when it's expected to hit 6.6 billion spent on AI-enabled healthcare. 6.6 billion. Today it's around 600 million. That's the growth just in AI healthcare impact. Just healthcare. This is going to go from a policy privacy issue, One, healthcare data has been crippled with HIPPA slowing us down. But where is the innovation going to come from? Where's the data going to be in healthcare? And other verticals. This is one vertical. Financial services is crazy too. >> I mean, honestly healthcare is one of the most interesting examples of applied AI, and it's because there's no other realm, at least now, where people are thinking about AI, and the risk is so apparent. If you get a diagnosis and the doctor doesn't understand why it's very apparent. And if they're using a model that has a very low level of transparency, that ends up being really important. I think healthcare is a really fascinating sector to think about. But all of these issues, all of these different types of risks that have been around for a while are starting to become more and more important as AI takes-- >> John: Alright, so I'm going to wrap up here. Give you guys both a chance, and you can't copy each other's answer. So we'll start with you Andrew over here. Explain Immuta in a simple way. Someone who's not in the industry. What do you guys do? And then do a version for someone in the industry. So elevator pitch for someone who's a friend, who's not in the industry, and someone who is. >> So Immuta is a data management platform for data science. And what that actually gives you is, we take the friction out of trying to access data, and trying to control data, and trying to comply with all of the different rules that surround the use of that data. >> John: Great, now do the one for normal people. >> That was the normal pitch. >> Okay! (laughing) I can't wait to hear the one for the insiders. >> And then for the insiders-- >> Just say, "It's magic". >> It's magic. >> We're magic, you know. >> Coming from the infrastructure role, I like to refer to it as a VMWare for data science. We create an abstraction layer than sits between the data and the data science tools, and we'll dynamically enforce policies based on the values of the organization. But also, it drives better outcomes. Because today, the data owners aren't confident that you're going to do with the data what you say you're going to do. So they try to hold it. Like the old server-huggers, the data-huggers. So we allowed them to unlock that and make it universally available. We allow the governance people to get off those memos, that have to be interpreted by IT and enforced, and actually allow them to write code and have it be enforced as the policy mandates. >> And the number one problem you solve is what? >> Accelerate with confidence. We allow the data scientists to go and build models faster by connecting to the data in a way that they're confident that when they deploy their model, that it's going to go into production, and it's going to stay into production for as long as possible. >> And what's the GDPR angle? You've got the legal brain over here, in policy. What's going on with GDPR? How are you guys going to be a solution for that? >> We have the most, I'd say, robust option of policy enforcement on data, I think, available. We make it incredibly easy to comply with GDPR. We actually put together a sample memo that says, "Here's what it looks like to comply with GDPR." It's written from a governance department, sent to the internal data science department. It's about a page and a half long. We actually make that very onerous process-- >> (mumbles) GDPR, you guys know the size of that market? In terms of spend that's going to be coming around the corner? I think it's like the Y2K problem that's actually real. >> Exactly, it feels the same way. And actually Andrew and his team have taken apart the regulation article by article and have actually built-in product features that satisfy that. It's an interesting and unique--- >> John: I think it's really impressive that you guys bring a legal and a policy mind into the product discussion. I think that's something that I think you guys are doing a little bit different than I see anyone out there. You're bringing legal and policy into the software fabric, which is unique, and I think it's going to be the standard in my opinion. Hopefully this is a good trend, hopefully you guys keep in touch. Thanks for coming on theCUBE, thanks for-- >> Thanks for having us. >> For making time to come over. This is theCUBE, breaking out the start-up action sharing the hot start-ups here, that really are a good position in the marketplace, as the generation of the infrastructure changes. It's a whole new ballgame. Global development platform, called the Internet. The new Internet. It's decentralized, we even get into Blockchain, we want to try that a little later, maybe another segment. It's theCUBE in New York City. More after this short break.

>> From theCUBE Studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE and ETR, this is Breaking Analysis with Dave Vellante. >> The pandemic has changed the way we think about and predict the future. As we enter the third year of a global pandemic, we see the significant impact that it's had on technology strategy, spending patterns, and company fortunes Much has changed. And while many of these changes were forced reactions to a new abnormal, the trends that we've seen over the past 24 months have become more entrenched, and point to the way that's coming ahead in the technology business. Hello and welcome to this week's Wikibon CUBE Insights powered by ETR. In this Breaking Analysis, we welcome our partner and colleague and business friend, Erik Porter Bradley, as we deliver what's becoming an annual tradition for Erik and me, our predictions for Enterprise Technology in 2022 and beyond Erik, welcome. Thanks for taking some time out. >> Thank you, Dave. Luckily we did pretty well last year, so we were able to do this again. So hopefully we can keep that momentum going. >> Yeah, you know, I want to mention that, you know, we get a lot of inbound predictions from companies and PR firms that help shape our thinking. But one of the main objectives that we have is we try to make predictions that can be measured. That's why we use a lot of data. Now not all will necessarily fit that parameter, but if you've seen the grading of our 2021 predictions that Erik and I did, you'll see we do a pretty good job of trying to put forth prognostications that can be declared correct or not, you know, as black and white as possible. Now let's get right into it. Our first prediction, we're going to go run into spending, something that ETR surveys for quarterly. And we've reported extensively on this. We're calling for tech spending to increase somewhere around 8% in 2022, we can see there on the slide, Erik, we predicted spending last year would increase by 4% IDC. Last check was came in at five and a half percent. Gardner was somewhat higher, but in general, you know, not too bad, but looking ahead, we're seeing an acceleration from the ETR September surveys, as you can see in the yellow versus the blue bar in this chart, many of the SMBs that were hard hit by the pandemic are picking up spending again. And the ETR data is showing acceleration above the mean for industries like energy, utilities, retail, and services, and also, notably, in the Forbes largest 225 private companies. These are companies like Mars or Koch industries. They're predicting well above average spending for 2022. So Erik, please weigh in here. >> Yeah, a lot to bring up on this one, I'm going to be quick. So 1200 respondents on this, over a third of which were at the C-suite level. So really good data that we brought in, the usual bucket of, you know, fortune 500, global 2000 make up the meat of that median, but it's 8.3% and rising with momentum as we see. What's really interesting right now is that energy and utilities. This is usually like, you know, an orphan stock dividend type of play. You don't see them at the highest point of tech spending. And the reason why right now is really because this state of tech infrastructure in our energy infrastructure needs help. And it's obvious, remember the Florida municipality break reach last year? When they took over the water systems or they had the ability to? And this is a real issue, you know, there's bad nation state actors out there, and I'm no alarmist, but the energy and utility has to spend this money to keep up. It's really important. And then you also hit on the retail consumer. Obviously what's happened, the work from home shift created a shop from home shift, and the trends that are happening right now in retail. If you don't spend and keep up, you're not going to be around much longer. So I think the really two interesting things here to call out are energy utilities, usually a laggard in IT spend and it's leading, and also retail consumer, a lot of changes happening. >> Yeah. Great stuff. I mean, I recall when we entered the pandemic, really ETR was the first to emphasize the impact that work from home was going to have, so I really put a lot of weight on this data. Okay. Our next prediction is we're going to get into security, it's one of our favorite topics. And that is that the number one priority that needs to be addressed by organizations in 2022 is security and you can see, in this slide, the degree to which security is top of mind, relative to some other pretty important areas like cloud, productivity, data, and automation, and some others. Now people may say, "Oh, this is obvious." But I'm going to add some context here, Erik, and then bring you in. First, organizations, they don't have unlimited budgets. And there are a lot of competing priorities for dollars, especially with the digital transformation mandate. And depending on the size of the company, this data will vary. For example, while security is still number one at the largest public companies, and those are of course of the biggest spenders, it's not nearly as pronounced as it is on average, or in, for example, mid-sized companies and government agencies. And this is because midsized companies or smaller companies, they don't have the resources that larger companies do. Larger companies have done a better job of securing their infrastructure. So these mid-size firms are playing catch up and the data suggests cyber is even a bigger priority there, gaps that they have to fill, you know, going forward. And that's why we think there's going to be more demand for MSSPs, managed security service providers. And we may even see some IPO action there. And then of course, Erik, you and I have talked about events like the SolarWinds Hack, there's more ransomware attacks, other vulnerabilities. Just recently, like Log4j in December. All of this has heightened concerns. Now I want to talk a little bit more about how we measure this, you know, relatively, okay, it's an obvious prediction, but let's stick our necks out a little bit. And so in addition to the rise of managed security services, we're calling for M&A and/or IPOs, we've specified some names here on this chart, and we're also pointing to the digital supply chain as an area of emphasis. Again, Log4j really shone that under a light. And this is going to help the likes of Auth0, which is now Okta, SailPoint, which is called out on this chart, and some others. We're calling some winners in end point security. Erik, you're going to talk about sort of that lifecycle, that transformation that we're seeing, that migration to new endpoint technologies that are going to benefit from this reset refresh cycle. So Erik, weigh in here, let's talk about some of the elements of this prediction and some of the names on that chart. >> Yeah, certainly. I'm going to start right with Log4j top of mind. And the reason why is because we're seeing a real paradigm shift here where things are no longer being attacked at the network layer, they're being attacked at the application layer, and in the application stack itself. And that is a huge shift left. And that's taking in DevSecOps now as a real priority in 2022. That's a real paradigm shift over the last 20 years. That's not where attacks used to come from. And this is going to have a lot of changes. You called out a bunch of names in there that are, they're either going to work. I would add to that list Wiz. I would add Orca Security. Two names in our emerging technology study, in addition to the ones you added that are involved in cloud security and container security. These names are either going to get gobbled up. So the traditional legacy names are going to have to start writing checks and, you know, legacy is not fair, but they're in the data center, right? They're, on-prem, they're not cloud native. So these are the names that money is going to be flowing to. So they're either going to get gobbled up, or we're going to see some IPO's. And on the other thing I want to talk about too, is what you mentioned. We have CrowdStrike on that list, We have SentinalOne on the list. Everyone knows them. Our data was so strong on Tanium that we actually went positive for the first time just today, just this morning, where that was released. The trifecta of these are so important because of what you mentioned, under resourcing. We can't have security just tell us when something happens, it has to automate, and it has to respond. So in this next generation of EDR and XDR, an automated response has to happen because people are under-resourced, salaries are really high, there's a skill shortage out there. Security has to become responsive. It can't just monitor anymore. >> Yeah. Great. And we should call out too. So we named some names, Snyk, Aqua, Arctic Wolf, Lacework, Netskope, Illumio. These are all sort of IPO, or possibly even M&A candidates. All right. Our next prediction goes right to the way we work. Again, something that ETR has been on for awhile. We're calling for a major rethink in remote work for 2022. We had predicted last year that by the end of 2021, there'd be a larger return to the office with the norm being around a third of workers permanently remote. And of course the variants changed that equation and, you know, gave more time for people to think about this idea of hybrid work and that's really come in to focus. So we're predicting that is going to overtake fully remote as the dominant work model with only about a third of the workers back in the office full-time. And Erik, we expect a somewhat lower percentage to be fully remote. It's now sort of dipped under 30%, at around 29%, but it's still significantly higher than the historical average of around 15 to 16%. So still a major change, but this idea of hybrid and getting hybrid right, has really come into focus. Hasn't it? >> Yeah. It's here to stay. There's no doubt about it. We started this in March of 2020, as soon as the virus hit. This is the 10th iteration of the survey. No one, no one ever thought we'd see a number where only 34% of people were going to be in office permanently. That's a permanent number. They're expecting only a third of the workers to ever come back fully in office. And against that, there's 63% that are saying their permanent workforce is going to be either fully remote or hybrid. And this, I can't really explain how big of a paradigm shift this is. Since the start of the industrial revolution, people leave their house and go to work. Now they're saying that's not going to happen. The economic impact here is so broad, on so many different areas And, you know, the reason is like, why not? Right? The productivity increase is real. We're seeing the productivity increase. Enterprises are spending on collaboration tools, productivity tools, We're seeing an increased perception in productivity of their workforce. And the CFOs can cut down an expense item. I just don't see a reason why this would end, you know, I think it's going to continue. And I also want to point out these results, as high as they are, were before the Omicron wave hit us. I can only imagine what these results would have been if we had sent the survey out just two or three weeks later. >> Yeah. That's a great point. Okay. Next prediction, we're going to look at the supply chain, specifically in how it's affecting some of the hardware spending and cloud strategies in the future. So in this chart, ETRS buyers, have you experienced problems procuring hardware as a result of supply chain issues? And, you know, despite the fact that some companies are, you know, I would call out Dell, for example, doing really well in terms of delivering, you can see that in the numbers, it's pretty clear, there's been an impact. And that's not not an across the board, you know, thing where vendors are able to deliver, especially acute in PCs, but also pronounced in networking, also in firewall servers and storage. And what's interesting is how companies are responding and reacting. So first, you know, I'm going to call the laptop and PC demand staying well above pre-COVID norms. It had peaked in 2012. Pre-pandemic it kept dropping and dropping and dropping, in terms of, you know, unit volume, where the market was contracting. And we think can continue to grow this year in double digits in 2022. But what's interesting, Erik, is when you survey customers, is despite the difficulty they're having in procuring network hardware, there's as much of a migration away from existing networks to the cloud. You could probably comment on that. Their networks are more fossilized, but when it comes to firewalls and servers and storage, there's a much higher propensity to move to the cloud. 30% of customers that ETR surveyed will replace security appliances with cloud services and 41% and 34% respectively will move to cloud compute and storage in 2022. So cloud's relentless march on traditional on-prem models continues. Erik, what do you make of this data? Please weigh in on this prediction. >> As if we needed another reason to go to the cloud. Right here, here it is yet again. So this was added to the survey by client demand. They were asking about the procurement difficulties, the supply chain issues, and how it was impacting our community. So this is the first time we ran it. And it really was interesting to see, you know, the move there. And storage particularly I found interesting because it correlated with a huge jump that we saw on one of our vendor names, which was Rubrik, had the highest net score that it's ever had. So clearly we're seeing some correlation with some of these names that are there, you know, really well positioned to take storage, to take data into the cloud. So again, you didn't need another reason to, you know, hasten this digital transformation, but here we are, we have it yet again, and I don't see it slowing down anytime soon. >> You know, that's a really good point. I mean, it's not necessarily bad news for the... I mean, obviously you wish that it had no change, would be great, but things, you know, always going to change. So we'll talk about this a little bit later when we get into the Supercloud conversation, but this is an opportunity for people who embrace the cloud. So we'll come back to that. And I want to hang on cloud a bit and share some recent projections that we've made. The next prediction is the big four cloud players are going to surpass 167 billion, an IaaS and PaaS revenue in 2022. We track this. Observers of this program know that we try to create an apples to apples comparison between AWS, Azure, GCP and Alibaba in IaaS and PaaS. So we're calling for 38% revenue growth in 2022, which is astounding for such a massive market. You know, AWS is probably not going to hit a hundred billion dollar run rate, but they're going to be close this year. And we're going to get there by 2023, you know they're going to surpass that. Azure continues to close the gap. Now they're about two thirds of the size of AWS and Google, we think is going to surpass Alibaba and take the number three spot. Erik, anything you'd like to add here? >> Yeah, first of all, just on a sector level, we saw our sector, new survey net score on cloud jumped another 10%. It was already really high at 48. Went up to 53. This train is not slowing down anytime soon. And we even added an edge compute type of player, like CloudFlare into our cloud bucket this year. And it debuted with a net score of almost 60. So this is really an area that's expanding, not just the big three, but everywhere. We even saw Oracle and IBM jump up. So even they're having success, taking some of their on-prem customers and then selling them to their cloud services. This is a massive opportunity and it's not changing anytime soon, it's going to continue. >> And I think the operative word there is opportunity. So, you know, the next prediction is something that we've been having fun with and that's this Supercloud becomes a thing. Now, the reason I say we've been having fun is we put this concept of Supercloud out and it's become a bit of a controversy. First, you know, what the heck's the Supercloud right? It's sort of a buzz-wordy term, but there really is, we believe, a thing here. We think there needs to be a rethinking or at least an evolution of the term multi-cloud. And what we mean is that in our view, you know, multicloud from a vendor perspective was really cloud compatibility. It wasn't marketed that way, but that's what it was. Either a vendor would containerize its legacy stack, shove it into the cloud, or a company, you know, they'd do the work, they'd build a cloud native service on one of the big clouds and they did do it for AWS, and then Azure, and then Google. But there really wasn't much, if any, leverage across clouds. Now from a buyer perspective, we've always said multicloud was a symptom of multi-vendor, meaning I got different workloads, running in different clouds, or I bought a company and they run on Azure, and I do a lot of work on AWS, but generally it wasn't necessarily a prescribed strategy to build value on top of hyperscale infrastructure. There certainly was somewhat of a, you know, reducing lock-in and hedging the risk. But we're talking about something more here. We're talking about building value on top of the hyperscale gift of hundreds of billions of dollars in CapEx. So in addition, we're not just talking about transforming IT, which is what the last 10 years of cloud have been like. And, you know, doing work in the cloud because it's cheaper or simpler or more agile, all of those things. So that's beginning to change. And this chart shows some of the technology vendors that are leaning toward this Supercloud vision, in our view, building on top of the hyperscalers that are highlighted in red. Now, Jerry Chan at Greylock, they wrote a piece called Castles in the Cloud. It got our thinking going, and he and the team at Greylock, they're building out a database of all the cloud services and all the sub-markets in cloud. And that got us thinking that there's a higher level of abstraction coalescing in the market, where there's tight integration of services across clouds, but the underlying complexity is hidden, and there's an identical experience across clouds, and even, in my dreams, on-prem for some platforms, so what's new or new-ish and evolving are things like location independence, you've got to include the edge on that, metadata services to optimize locality of reference and data source awareness, governance, privacy, you know, application independent and dependent, actually, recovery across clouds. So we're seeing this evolve. And in our view, the two biggest things that are new are the technology is evolving, where you're seeing services truly integrate cross-cloud. And the other big change is digital transformation, where there's this new innovation curve developing, and it's not just about making your IT better. It's about SaaS-ifying and automating your entire company workflows. So Supercloud, it's not just a vendor thing to us. It's the evolution of, you know, the, the Marc Andreessen quote, "Every company will be a SaaS company." Every company will deliver capabilities that can be consumed as cloud services. So Erik, the chart shows spending momentum on the y-axis and net score, or presence in the ETR data center, or market share on the x-axis. We've talked about snowflake as the poster child for this concept where the vision is you're in their cloud and sharing data in that safe place. Maybe you could make some comments, you know, what do you think of this Supercloud concept and this change that we're sensing in the market? >> Well, I think you did a great job describing the concept. So maybe I'll support it a little bit on the vendor level and then kind of give examples of the ones that are doing it. You stole the lead there with Snowflake, right? There is no better example than what we've seen with what Snowflake can do. Cross-portability in the cloud, the ability to be able to be, you know, completely agnostic, but then build those services on top. They're better than anything they could offer. And it's not just there. I mean, you mentioned edge compute, that's a whole nother layer where this is coming in. And CloudFlare, the momentum there is out of control. I mean, this is a company that started off just doing CDN and trying to compete with Okta Mite. And now they're giving you a full soup to nuts with security and actual edge compute layer, but it's a fantastic company. What they're doing, it's another great example of what you're seeing here. I'm going to call out HashiCorp as well. They're more of an infrastructure services, a little bit more of an open-source freemium model, but what they're doing as well is completely cloud agnostic. It's dynamic. It doesn't care if you're in a container, it doesn't matter where you are. They recently IPO'd and they're down 25%, but their data looks so good across both of our emerging technology and TISA survey. It's certainly another name that's playing on this. And another one that we mentioned as well is Rubrik. If you need storage, compute, and in the cloud layer and you need to be agnostic to it, they're another one that's really playing in this space. So I think it's a great concept you're bringing up. I think it's one that's here to stay and there's certainly a lot of vendors that fit into what you're describing. >> Excellent. Thank you. All right, let's shift to data. The next prediction, it might be a little tough to measure. Before I said we're trying to be a little black and white here, but it relates to Data Mesh, which is, the ideas behind that term were created by Zhamak Dehghani of ThoughtWorks. And we see Data Mesh is really gaining momentum in 2022, but it's largely going to be, we think, confined to a more narrow scope. Now, the impetus for change in data architecture in many companies really stems from the fact that their Hadoop infrastructure really didn't solve their data problems and they struggle to get more value out of their data investments. Data Mesh prescribes a shift to a decentralized architecture in domain ownership of data and a shift to data product thinking, beyond data for analytics, but data products and services that can be monetized. Now this a very powerful in our view, but they're difficult for organizations to get their heads around and further decentralization creates the need for a self-service platform and federated data governance that can be automated. And not a lot of standards around this. So it's going to take some time. At our power panel a couple of weeks ago on data management, Tony Baer predicted a backlash on Data Mesh. And I don't think it's going to be so much of a backlash, but rather the adoption will be more limited. Most implementations we think are going to use a starting point of AWS and they'll enable domains to access and control their own data lakes. And while that is a very small slice of the Data Mesh vision, I think it's going to be a starting point. And the last thing I'll say is, this is going to take a decade to evolve, but I think it's the right direction. And whether it's a data lake or a data warehouse or a data hub or an S3 bucket, these are really, the concept is, they'll eventually just become nodes on the data mesh that are discoverable and access is governed. And so the idea is that the stranglehold that the data pipeline and process and hyper-specialized roles that they have on data agility is going to evolve. And decentralized architectures and the democratization of data will eventually become a norm for a lot of different use cases. And Erik, I wonder if you'd add anything to this. >> Yeah. There's a lot to add there. The first thing that jumped out to me was that that mention of the word backlash you said, and you said it's not really a backlash, but what it could be is these are new words trying to solve an old problem. And I do think sometimes the industry will notice that right away and maybe that'll be a little pushback. And the problems are what you already mentioned, right? We're trying to get to an area where we can have more assets in our data site, more deliverable, and more usable and relevant to the business. And you mentioned that as self-service with governance laid on top. And that's really what we're trying to get to. Now, there's a lot of ways you can get there. Data fabric is really the technical aspect and data mesh is really more about the people, the process, and the governance, but the two of those need to meet, in order to make that happen. And as far as tools, you know, there's even cataloging names like Informatica that play in this, right? Istio plays in this, Snowflake plays in this. So there's a lot of different tools that will support it. But I think you're right in calling out AWS, right? They have AWS Lake, they have AWS Glue. They have so much that's trying to drive this. But I think the really important thing to keep here is what you said. It's going to be a decade long journey. And by the way, we're on the shoulders of giants a decade ago that have even gotten us to this point to talk about these new words because this has been an ongoing type of issue, but ultimately, no matter which vendors you use, this is going to come down to your data governance plan and the data literacy in your business. This is really about workflows and people as much as it is tools. So, you know, the new term of data mesh is wonderful, but you still have to have the people and the governance and the processes in place to get there. >> Great, thank you for that, Erik. Some great points. All right, for the next prediction, we're going to shine the spotlight on two of our favorite topics, Snowflake and Databricks, and the prediction here is that, of course, Databricks is going to IPO this year, as expected. Everybody sort of expects that. And while, but the prediction really is, well, while these two companies are facing off already in the market, they're also going to compete with each other for M&A, especially as Databricks, you know, after the IPO, you're going to have, you know, more prominence and a war chest. So first, these companies, they're both looking pretty good, the same XY graph with spending velocity and presence and market share on the horizontal axis. And both Snowflake and Databricks are well above that magic 40% red dotted line, the elevated line, to us. And for context, we've included a few other firms. So you can see kind of what a good position these two companies are really in, especially, I mean, Snowflake, wow, it just keeps moving to the right on this horizontal picture, but maintaining the next net score in the Y axis. Amazing. So, but here's the thing, Databricks is using the term Lakehouse implying that it has the best of data lakes and data warehouses. And Snowflake has the vision of the data cloud and data sharing. And Snowflake, they've nailed analytics, and now they're moving into data science in the domain of Databricks. Databricks, on the other hand, has nailed data science and is moving into the domain of Snowflake, in the data warehouse and analytics space. But to really make this seamless, there has to be a semantic layer between these two worlds and they're either going to build it or buy it or both. And there are other areas like data clean rooms and privacy and data prep and governance and machine learning tooling and AI, all that stuff. So the prediction is they'll not only compete in the market, but they'll step up and in their competition for M&A, especially after the Databricks IPO. We've listed some target names here, like Atscale, you know, Iguazio, Infosum, Habu, Immuta, and I'm sure there are many, many others. Erik, you care to comment? >> Yeah. I remember a year ago when we were talking Snowflake when they first came out and you, and I said, "I'm shocked if they don't use this war chest of money" "and start going after more" "because we know Slootman, we have so much respect for him." "We've seen his playbook." And I'm actually a little bit surprised that here we are, at 12 months later, and he hasn't spent that money yet. So I think this prediction's just spot on. To talk a little bit about the data side, Snowflake is in rarefied air. It's all by itself. It is the number one net score in our entire TISA universe. It is absolutely incredible. There's almost no negative intentions. Global 2000 organizations are increasing their spend on it. We maintain our positive outlook. It's really just, you know, stands alone. Databricks, however, also has one of the highest overall net sentiments in the entire universe, not just its area. And this is the first time we're coming up positive on this name as well. It looks like it's not slowing down. Really interesting comment you made though that we normally hear from our end-user commentary in our panels and our interviews. Databricks is really more used for the data science side. The MLAI is where it's best positioned in our survey. So it might still have some catching up to do to really have that caliber of usability that you know Snowflake is seeing right now. That's snowflake having its own marketplace. There's just a lot more to Snowflake right now than there is Databricks. But I do think you're right. These two massive vendors are sort of heading towards a collision course, and it'll be very interesting to see how they deploy their cash. I think Snowflake, with their incredible management and leadership, probably will make the first move. >> Well, I think you're right on that. And by the way, I'll just add, you know, Databricks has basically said, hey, it's going to be easier for us to come from data lakes into data warehouse. I'm not sure I buy that. I think, again, that semantic layer is a missing ingredient. So it's going to be really interesting to see how this plays out. And to your point, you know, Snowflake's got the war chest, they got the momentum, they've got the public presence now since November, 2020. And so, you know, they're probably going to start making some aggressive moves. Anyway, next prediction is something, Erik, that you and I have talked about many, many times, and that is observability. I know it's one of your favorite topics. And we see this world screaming for more consolidation it's going all in on cloud native. These legacy stacks, they're fighting to stay relevant, but the direction is pretty clear. And the same XY graph lays out the players in the field, with some of the new entrants that we've also highlighted, like Observe and Honeycomb and ChaosSearch that we've talked about. Erik, we put a big red target around Splunk because everyone wants their gold. So please give us your thoughts. >> Oh man, I feel like I've been saying negative things about Splunk for too long. I've got a bad rap on this name. The Splunk shareholders come after me all the time. Listen, it really comes down to this. They're a fantastic company that was designed to do logging and monitoring and had some great tool sets around what you could do with it. But they were designed for the data center. They were designed for prem. The world we're in now is so dynamic. Everything I hear from our end user community is that all net new workloads will be going to cloud native players. It's that simple. So Splunk has entrenched. It's going to continue doing what it's doing and it does it really, really well. But if you're doing something new, the new workloads are going to be in a dynamic environment and that's going to go to the cloud native players. And in our data, it is extremely clear that that means Datadog and Elastic. They are by far number one and two in net score, increase rates, adoption rates. It's not even close. Even New Relic actually is starting to, you know, entrench itself really well. We saw New Relic's adoption's going up, which is super important because they went to that freemium model, you know, to try to get their little bit of an entrenched customer base and that's working as well. And then you made a great list here, of all the new entrants, but it goes beyond this. There's so many more. In our emerging technology survey, we're seeing Century, Catchpoint, Securonix, Lucid Works. There are so many options in this space. And let's not forget, the biggest data that we're seeing is with Grafana. And Grafana labs as yet to turn on their enterprise. Elastic did it, why can't Grafana labs do it? They have an enterprise stack. So when you look at how crowded this space is, there has to be consolidation. I recently hosted a panel and every single guy on that panel said, "Please give me a consolidation." Because they're the end users trying to actually deploy these and it's getting a little bit confusing. >> Great. Thank you for that. Okay. Last prediction. Erik, might be a little out of your wheelhouse, but you know, you might have some thoughts on it. And that's a hybrid events become the new digital model and a new category in 2022. You got these pure play digital or virtual events. They're going to take a back seat to in-person hybrids. The virtual experience will eventually give way to metaverse experiences and that's going to take some time, but the physical hybrid is going to drive it. And metaverse is ultimately going to define the virtual experience because the virtual experience today is not great. Nobody likes virtual. And hybrid is going to become the business model. Today's pure virtual experience has to evolve, you know, theCUBE first delivered hybrid mid last decade, but nobody really wanted it. We did Mobile World Congress last summer in Barcelona in an amazing hybrid model, which we're showing in some of the pictures here. Alex, if you don't mind bringing that back up. And every physical event that we're we're doing now has a hybrid and virtual component, including the pre-records. You can see in our studios, you see that the green screen. I don't know. Erik, what do you think about, you know, the Zoom fatigue and all this. I know you host regular events with your round tables, but what are your thoughts? >> Well, first of all, I think you and your company here have just done an amazing job on this. So that's really your expertise. I spent 20 years of my career hosting intimate wall street idea dinners. So I'm better at navigating a wine list than I am navigating a conference floor. But I will say that, you know, the trend just goes along with what we saw. If 35% are going to be fully remote. If 70% are going to be hybrid, then our events are going to be as well. I used to host round table dinners on, you know, one or two nights a week. Now those have gone virtual. They're now panels. They're now one-on-one interviews. You know, we do chats. We do submitted questions. We do what we can, but there's no reason that this is going to change anytime soon. I think you're spot on here. >> Yeah. Great. All right. So there you have it, Erik and I, Listen, we always love the feedback. Love to know what you think. Thank you, Erik, for your partnership, your collaboration, and love doing these predictions with you. >> Yeah. I always enjoy them too. And I'm actually happy. Last year you made us do a baker's dozen, so thanks for keeping it to 10 this year. >> (laughs) We've got a lot to say. I know, you know, we cut out. We didn't do much on crypto. We didn't really talk about SaaS. I mean, I got some thoughts there. We didn't really do much on containers and AI. >> You want to keep going? I've got another 10 for you. >> RPA...All right, we'll have you back and then let's do that. All right. All right. Don't forget, these episodes are all available as podcasts, wherever you listen, all you can do is search Breaking Analysis podcast. Check out ETR's website at etr.plus, they've got a new website out. It's the best data in the industry, and we publish a full report every week on wikibon.com and siliconangle.com. You can always reach out on email, David.Vellante@siliconangle.com I'm @DVellante on Twitter. Comment on our LinkedIn posts. This is Dave Vellante for the Cube Insights powered by ETR. Have a great week, stay safe, be well. And we'll see you next time. (mellow music)