>>Good afternoon, brilliant humans, and welcome back to the Cube. We're live in Detroit, Michigan at Cub Con, and I'm joined by John Furrier. John three exciting days buzzing. How you doing? >>That's great. I mean, we're coming down to the third day. We're keeping the energy going, but this segment's gonna be awesome. The CD foundation's doing amazing work. Developers are gonna be running businesses and workflows are changing. Productivity's the top conversation, and you're gonna start to see a coalescing of the communities who are continuous delivery, and it's gonna be awesome. >>And, and our next guess is an outstanding person to talk about this. We are joined by Stephen Chin, the chair of the CD Foundation. Steven, thanks so much for being here. >>No, no, my pleasure. I mean, this has been an amazing week quote that CubeCon with all of the announcements, all of the people who came out here to Detroit and, you know, fantastic. Like just walking around, you bump into all the right people here. Plus we held a CD summit zero day events, and had a lot of really exciting announcements this week. >>Gotta love the shirt. I gotta say, it's one of my favorites. Love the logos. Love the love the branding. That project got traction. What's the news in the CD foundation? I tried to sneak in the back. I got a little laid into your co-located event. It was packed. Everyone's engaged. It was really looked, look really cool. Give us the update. >>What's the news? Yeah, I know. So we, we had a really, really powerful event. All the key practitioners, the open source leads and folks were there. And one of, one of the things which I think we've done a really good job in the past six months with the CD foundation is getting back to the roots and focusing on technical innovation, right? This is what drives foundations, having strong projects, having people who are building innovation, and also bringing in a new innovation. So one of the projects which we added to the CD foundation this week is called Persia. So it's a, it's a decentralized package repository for getting open source libraries. And it solves a lot of the problems which you get when you have centralized infrastructure. You don't have the right security certificates, you don't have the right verification libraries. And these, these are all things which large companies provision and build out inside of their infrastructure. But the open source communities don't have the benefit of the same sort of really, really strong architecture. A lot of, a lot of the systems we depend upon. It's >>A good point, yeah. >>Yeah. I mean, if you think about the systems that developers depend upon, we depend upon, you know, npm, ruby Gems, Mayn Central, and these systems been around for a while. Like they serve the community well, right? They're, they're well supported by the companies and it's, it's, it's really a great contribution that they give us. But every time there's an outage or there's a security issue, guess, guess how many security issues that our, our research team found at npm? Just ballpark. >>74. >>So there're >>It's gotta be thousands. I mean, it's gotta be a lot of tons >>Of Yeah, >>They, they're currently up to 60,000 >>Whoa. >>Vulnerable, malicious packages in NPM and >>Oh my gosh. So that's a super, that's a jar number even. I know it was gonna be huge, but Holy mo. >>Yeah. So that's a software supply chain in actually right there. So that's, that's open source. Everything's out there. What's, how do, how does, how do you guys fix that? >>Yeah, so per peria kind of shifts the whole model. So when, when you think about a system that can be sustained, it has to be something which, which is not just one company. It has to be a, a, a set of companies, be vendor neutral and be decentralized. So that's why we donated it to the Continuous Delivery Foundation. So that can be that governance body, which, which makes sure it's not a single company, it is to use modern technologies. So you, you, you just need something which is immutable, so it can't be changed. So you can rely on it. It has to have a strong transaction ledger so you can see all of the history of it. You can build up your software, build materials off of it, and it, it has to have a strong peer-to-peer architecture, so it can be sustained long term. >>Steven, you mentioned something I want to just get back to. You mentioned outages and disruption. I, you didn't, you didn't say just the outages, but this whole disruption angle is interesting if something happens. Talk about the impact of the developer. They stalled, inefficiencies create basically disruption. >>No, I mean, if, if, so, so if you think about most DevOps teams in big companies, they support hundreds or thousands of teams and an hour of outage. All those developers, they, they can't program, they can't work. And that's, that's a huge loss of productivity for the company. Now, if you, if you take that up a level when MPM goes down for an hour, how many millions of man hours are wasted by not being able to get your builds working by not being able to get your codes to compile. Like it's, it's >>Like, yeah, I mean, it's almost hard to fathom. I mean, everyone's, It's stopped. Exactly. It's literally like having the plug pulled >>Exactly on whenever you're working on, That's, that's the fundamental problem we're trying to solve. Is it, it needs to be on a, like a well supported, well architected peer to peer network with some strong backing from big companies. So the company is working on Persia, include J Frog, which who I work for, Docker, Oracle. We have Deploy hub, Huawei, a whole bunch of other folks who are also helping out. And when you look at all of those folks, they all have different interests, but it's designed in a way where no single party has control over the network. So really it's, it's a system system. You, you're not relying upon one company or one logo. You're relying upon a well-architected open source implementation that everyone can rely >>On. That's shared software, but it's kind of a fault tolerant feature too. It's like, okay, if something happens here, you have a distributed piece of it, decentralized, you're not gonna go down. You can remediate. All right, so where's this go next? I mean, cuz we've been talking about the role of developer. This needs to be a modern, I won't say modern upgrade, but like a modern workflow or value chain. What's your vision? How do you see that? Cuz you're the center of the CD foundation coming together. People are gonna be coalescing multiple groups. Yeah. >>What's the, No, I think this is a good point. So there, there's a, a lot of different continuous delivery, continuous integration technologies. We're actually, from a Linux Foundation standpoint, we're coalescing all the continued delivery events into one big conference >>Next. You just made an announcement about this earlier this week. Tell us about CD events. What's going on, what's in, what's in the cooker? >>Yeah, and I think one of the big announcements we had was the 0.1 release of CD events. And CD events allows you to take all these systems and connect them in an event scalable, event oriented architecture. The first integration is between Tecton and Capin. So now you can get CD events flowing cleanly between your, your continuous delivery and your observability. And this extends through your entire DevOps pipeline. We all, we all need a standards based framework Yep. For how we get all the disparate continuous integration, continuous delivery, observability systems to, to work together. That's also high performance. It scales with our needs and it, it kind of gives you a future architecture to build on top of. So a lot of the companies I was talking with at the CD summit Yeah. They were very excited about not only using this with the projects we announced, but using this internally as an architecture to build their own DevOps pipelines on. >>I bet that feels good to hear. >>Yeah, absolutely. Yeah. >>Yeah. You mentioned Teton, they just graduated. I saw how many projects have graduated? >>So we have two graduated projects right now. We have Jenkins, which is the first graduated project. Now Tecton is also graduated. And I think this shows that for Tecton it was, it was time, the very mature project, great support, getting a lot of users and having them join the set of graduated projects. And the continuous delivery foundation is a really strong portfolio. And we have a bunch of other projects which also are on their way towards graduation. >>Feels like a moment of social proof I bet. >>For you all. Yeah, yeah. Yeah. No, it's really good. Yeah. >>How long has the CD Foundation been around? >>The CD foundation has been around for, i, I won't wanna say the exact number of years, a few years now. >>Okay. >>But I, I think that it, it was formed because what we wanted is we wanted a foundation which was purpose built. So CNCF is a great foundation. It has a very large umbrella of projects and it takes kind of that big umbrella approach where a lot of different efforts are joining it, a lot of things are happening and you can get good traction, but it produces its own bottlenecks in process. Having a foundation which is just about continuous delivery caters to more of a DevOps, professional DevOps audience. I think this, this gives a good platform for best practices. We're working on a new CDF best practices Yeah. Guide. We're working when use cases with all the member companies. And it, it gives that thought leadership platform for continuous delivery, which you need to be an expert in that area >>And the best practices too. And to identify the issues. Because at the end of the day, with the big thing that's coming out of this is velocity and more developers coming on board. I mean, this is the big thing. More people doing more. Yeah. Well yeah, I mean you take this open source continuous thunder away, you have more developers coming in, they be more productive and then people are gonna even either on the DevOps side or on the straight AP upside. And this is gonna be a huge issue. And the other thing that comes out that I wanna get your thoughts on is the supply chain issue you talked about is hot verifications and certifications of code is such big issue. Can you share your thoughts on that? Because Yeah, this is become, I won't say a business model for some companies, but it's also becoming critical for security that codes verified. >>Yeah. Okay. So I, I think one of, one of the things which we're specifically doing with the Peria project, which is unique, is rather than distributing, for example, libraries that you developed on your laptop and compiled there, or maybe they were built on, you know, a runner somewhere like Travis CI or GitHub actions, all the libraries being distributed on Persia are built by the authorized nodes in the network. And then they're, they're verified across all of the authorized nodes. So you nice, you have a, a gar, the basic guarantee we're giving you is when you download something from the Peria network, you'll get exactly the same binary as if you built it yourself from source. >>So there's a lot of trust >>And, and transparency. Yeah, exactly. And if you remember back to like kind of the seminal project, which kicked off this whole supply chain security like, like whirlwind it was SolarWinds. Yeah. Yeah. And the exact problem they hit was the build ran, it produced a result, they modified the code of the bill of the resulting binary and then they signed it. So if you built with the same source and then you went through that same process a second time, you would've gotten a different result, which was a malicious pre right. Yeah. And it's very hard to risk take, to take a binary file Yep. And determine if there's malicious code in it. Cuz it's not like source code. You can't inspect it, you can't do a code audit. It's totally different. So I think we're solving a key part of this with Persia, where you're freeing open source projects from the possibility of having their binaries, their packages, their end reduces, tampered with. And also upstream from this, you do want to have verification of prs, people doing code reviews, making sure that they're looking at the source code. And I think there's a lot of good efforts going on in the open source security foundation. So I'm also on the governing board of Open ssf >>To Do you sleep? You have three jobs you've said on camera? No, I can't even imagine. Yeah. Didn't >>You just spin that out from this open source security? Is that the new one they >>Spun out? Yeah, So the Open Source Security foundation is one of the new Linux Foundation projects. They, they have been around for a couple years, but they did a big reboot last year around this time. And I think what they really did a good job of now is bringing all the industry players to the table, having dialogue with government agencies, figuring out like, what do we need to do to support open source projects? Is it more investment in memory, safe languages? Do we need to have more investment in, in code audits or like security reviews of opensource projects. Lot of things. And all of those things require money investments. And that's what all the companies, including Jay Frogger doing to advance open source supply chain security. I >>Mean, it's, it's really kind of interesting to watch some different demographics of the developers and the vendors and the customers. On one hand, if you're a hardware person company, you have, you talk zero trust your software, your top trust, so your trusted code, and you got zero trust. It's interesting, depending on where you're coming from, they're all trying to achieve the same thing. It means zero trust. Makes sense. But then also I got code, I I want trust. Trust and verified. So security is in everything now. So code. So how do you see that traversing over? Is it just semantics or what's your view on that? >>The, the right way of looking at security is from the standpoint of the hacker, because they're always looking for >>Well said, very well said, New >>Loop, hope, new loopholes, new exploits. And they're, they're very, very smart people. And I think when you, when you look some >>Of the smartest >>Yeah, yeah, yeah. I, I, I work with, well former hackers now, security researchers, >>They converted, they're >>Recruited. But when you look at them, there's like two main classes of like, like types of exploits. So some, some attacker groups. What they're looking for is they're looking for pulse zero days, CVEs, like existing vulnerabilities that they can exploit to break into systems. But there's an increasing number of attackers who are now on the opposite end of the spectrum. And what they're doing is they're creating their own exploits. So, oh, they're for example, putting malicious code into open source projects. Little >>Trojan horse status. Yeah. >>They're they're getting their little Trojan horses in. Yeah. Or they're finding supply chain attacks by maybe uploading a malicious library to NPM or to pii. And by creating these attacks, especially ones that start at the top of the supply chain, you have such a large reach. >>I was just gonna say, it could be a whole, almost gives me chills as we're talking about it, the systemic, So this is this >>Gnarly nation state attackers, like people who wanted serious >>Damages. Engineered hack just said they're high, highly funded. Highly skilled. Exactly. Highly agile, highly focused. >>Yes. >>Teams, team. Not in the teams. >>Yeah. And so, so one, one example of this, which actually netted quite a lot of money for the, for the hacker who exposed it was, you guys probably heard about this, but it was a, an attack where they uploaded a malicious library to npm with the same exact namespace as a corporate library and clever, >>Creepy. >>It's called a dependency injection attack. And what happens is if you, if you don't have the right sort of security package management guidelines inside your company, and it's just looking for the latest version of merging multiple repositories as like a, like a single view. A lot of companies were accidentally picking up the latest version, which was out in npm uploaded by Alex Spearson was the one who did the, the attack. And he simultaneously reported bug bounties on like a dozen different companies and netted 130 k. Wow. So like these sort of attacks that they're real Yep. They're exploitable. And the, the hackers >>Complex >>Are finding these sort of attacks now in our supply chain are the ones who really are the most dangerous. That's the biggest threat to us. >>Yeah. And we have stacker ones out there. You got a bunch of other services, the white hat hackers get the bounties. That's really important. All right. What's next? What's your vision of this show as we end Coan? What's the most important story coming outta Coan in your opinion? And what are you guys doing next? >>Well, I, I actually think this is, this is probably not what most hooks would say is the most exciting story to con, but I find this personally the best is >>I can't wait for this now. >>So, on, on Sunday, the CNCF ran the first kids' day. >>Oh. >>And so they had a, a free kids workshop for, you know, underprivileged kids for >>About, That's >>Detroit area. It was, it was taught by some of the folks from the CNCF community. So Arro, Eric hen my, my older daughter, Cassandra's also an instructor. So she also was teaching a raspberry pie workshop. >>Amazing. And she's >>Here and Yeah, Yeah. She's also here at the show. And when you think about it, you know, there's always, there's, there's, you know, hundreds of announcements this week, A lot of exciting technologies, some of which we've talked about. Yeah. But it's, it's really what matters is the community. >>It this is a community first event >>And the people, and like, if we're giving back to the community and helping Detroit's kids to get better at technology, to get educated, I think that it's a worthwhile for all of us to be here. >>What a beautiful way to close it. That is such, I'm so glad you brought that up and brought that to our attention. I wasn't aware of that. Did you know that was >>Happening, John? No, I know about that. Yeah. No, that was, And that's next generation too. And what we need, we need to get down into the elementary schools. We gotta get to the kids. They're all doing robotics club anyway in high school. Computer science is now, now a >>Sport, in my opinion. Well, I think that if you're in a privileged community, though, I don't think that every school's doing robotics. And >>That's why Well, Cal Poly, Cal Poly and the universities are stepping up and I think CNCF leadership is amazing here. And we need more of it. I mean, I'm, I'm bullish on this. I love it. And I think that's a really great story. No, >>I, I am. Absolutely. And, and it just goes to show how committed CNF is to community, Putting community first and Detroit. There has been such a celebration of Detroit this whole week. Stephen, thank you so much for joining us on the show. Best Wishes with the CD Foundation. John, thanks for the banter as always. And thank you for tuning in to us here live on the cube in Detroit, Michigan. I'm Savannah Peterson and we are having the best day. I hope you are too.

>>Hello and welcome back to the cubes coverage of dr khan 2021. I'm john for your host of the cube. Great guests here cube alumni Stephen Chin, vice president of developer relations for jay frog Stephen, great to see you again this remote this time this last time was in person. Our last physical event. We had you in the queue but great to see you. Thanks for coming in remotely. >>No, no, I'm very glad to be here. And also it was, it was awesome to be in person at our s a conference when we last talked and the last year has been super exciting with a whole bunch of crazy things like the I. P. O. And doing virtual events. So we've, we're transitioning to the new normal. We're looking forward to things getting to be hybrid. >>Great success with jay frog. We've been documenting the history of this company, very developer focused the successful I. P. O. And just the continuation that you guys have transitioned beautifully to virtual because you know, developer company, it runs virtual, but also you guys have been all about simplicity for developers and and we've been talking for many, many years with you guys on this. This is the theme that dr khan again, this is a developer conference, not so much an operator conference, but more of a deva deV developer focused. You guys have been there from the beginning, um nationally reported on it. But talk about jay Frog and the Doctor partnership and why is this event so important for you? >>Yeah. So I think um like like you said, jay Frog has and always is a developer focused company. So we we build tools and things which which focus on developer use cases, how you get your code to production and streamlining the entire devoPS pipeline. And one of the things which which we believe very strongly in and I think we're very aligned with with doctor on this is having secure clean upstream dependencies for your Docker images for other package and language dependencies and um you know, with the announcement of dr khan and dr Hubbs model changing, we wanted to make sure that we have the best integration with doctor and also the best support for our customers on with Docker hub. So one of the things we did strategically is um, we um combined our platforms so um you can get the best in class developer tools for managing images from Docker. Um everyone uses their um desktop tools for for building and managing your containers and then you can push them right to the best container registry for managing Docker Images, which is the jay frog platform. And just like Docker has free tools available for developers to use. We have a free tier which integrates nicely what their offerings and one of the things which we collaborate with them on is for anybody using our free tier in the cloud. Um there's there's no limits on the Docker images. You can pull no rate limiting, no throttling. So it just makes a clean seamless developer experience to to manage your cloud native projects and applications. >>What's the role of the container registry in cloud NATO? You brought that up? But can you just expand on that point? >>Yeah. So I think when you when you're doing deployments to production, you want to make sure both that you have the best security so that you're making sure that you're scanning and checking for vulnerabilities in your application and also that you have a complete um traceability. Basically you need a database in a log of everything you're pushing out to production. So what container registries allow you to do is um they keep all of the um releases all of the Docker images which are pushing out. You can go back and roll back to a previous version. You can see exactly what's included in those Docker images. And we jay frog, we have a product called X ray which does deep scanning of container images. So it'll go into the Docker Image, it'll go into any packages installed, it'll go into application libraries and it does kind of this onion peel apart of your entire document image to figure out exactly what you're using. Are there any vulnerabilities? And the funny thing about about Docker Images is um because of the number of libraries and packages and installed things which you haven't given Docker Image. If you just take your released Docker Image and let it sit on the shelf for a month, you have thousands of vulnerabilities, just just buy it um, by accruing from different reported zero day vulnerabilities over time. So it's extremely important that you, you know what those are, you can evaluate the risk to your organization and then mitigated as quickly as possible. If there is anything which could impact your customers, >>you bring up a great point right there and that is ultimately a developer thing that's been, that's generational, you know what generation you come from and that's always the problem getting the patches in the old days, getting a new code updated now when you have cloud native, that's more important than ever. And I also want to get your thoughts on this because you guys have been early on shift left two years ago, shift left was not it was not a new thing for you guys ever. So you got shift left building security at the point of coding, but you're bringing up a whole another thing which is okay automation. How do you make it? So the developments nothing stop what they're doing and then get back and say, okay, what's out there and my containers. So so how do you simplify that role? Because that's where the partnership, I think really people are looking to you guys and Dakar on is how do you make my life easier? Bottom line, what's it, what's it, what's it about? >>Yeah. So I I think when you when you're looking at trying to manage um large applications which are deployed to big kubernetes clusters and and how you have kind of this, this um all this infrastructure behind it. One of the one of the challenges is how do you know what you have that in production? Um So what, how do you know exactly what's released and what dependencies are out there and how easily can you trace those back? Um And one of the things which we're gonna be talking about at um swamp up next week is managing the overall devops lifecycle from code all the way through to production. Um And we we have a great platform for doing package management for doing vulnerability scanning, for doing um ci cd but you you need a bunch of other tools too. So you need um integrations like docker so you can get trusted packages into your system. You need integrations with observe ability tools like data, dog, elastic and you need it some tools for doing incident management like Patriot duty. And what we've, what we've built out um is we built out an ecosystem of partner integrations which with the J frog platform at the center lets you manage your entire and and life cycle of um devops infrastructure. And this this addresses security. It addresses the need to do quick patches and fixes and production and it kind of stitches together all the tools which all of the successful companies are using to manage their fast moving continuous release cycle, um and puts all that information together with seamless integration with even developer tools which um which folks are using on a day to day basis, like slack jeer A and M. S. Teams. >>So the bottom line then for the developer is you take the best of breed stuff and put it, make it all work together easily. That right? >>Yeah. I mean it's like it's seamless from you. You've got an incidents, you click a button, it sticks Ajira ticket in for you to resolve. Um you can tie that with the code, commits what you're doing and then directly to the security vulnerability which is reported by X ray. So it stitches all these different tools and technologies together for a for a seamless developer experience. And I think the great relationship we have with Docker um offers developers again, this this best in class container management um and trusted images combined with the world's best container registry. >>Awesome. Well let's get into that container issue products. I think that's the fascinating and super important thing that you guys solve a big problem for. So I gotta ask you, what are the security risks of using unverified and outdated Docker containers? Could you share your thoughts on what people should pay attention to because if they got unverified and outdated Docker containers, you mentioned vulnerabilities. What are those specific risks to them? >>Yeah, so I there's there's a lot of um different instances where you can see in the news or even some of the new government mandates coming out that um if you're not taking the right measures to secure your production applications and to patch critical vulnerabilities and libraries you're using, um you end up with um supply chain vulnerability risks like what happened to solar winds and what's been fueling the recent government mandates. So I think there's a there's a whole class of of different vulnerabilities which um bad actors can exploit. It can actually go quite deep with um folks um exploiting application software. Neither your your company or in other people's systems with with the move to cloud native, we also have heavily interconnected systems with a lot of different attack points from the container to the application level to the operating system level. So there's multiple different attack vectors for people to get into your software. And the best defense is an organization against security. Vulnerabilities is to know about them quickly and to mitigate them and fix them in production as quickly as possible. And this requires having a fast continuous deployment strategy for how you can update your code quickly, very quick identification of vulnerabilities with tools like X ray and other security scanning tools, um and just just good um integration with tools developers are using because at the end of the day it's the developers who both are picking the libraries and dependencies which are gonna be pushed into production and also they're the ones who have to react and and fix it when there's a uh production incident, >>you know, machine learning and automation. And it's always, I love that tech because it's always kind of cool because it's it's devops in action, but you know, it's it's not like a silver bullet, your machine, your machine learning is only as good as your your data and the code is written on staying with automation. You're not automating the right things or or wrong things. It's all it's all subjective based on what you're doing and you know Beauty's in the eye of the beholder when you do things like that. So I wanna hear your thoughts on on automation because that's really been a big part of the story here, both on simplicity and making the load lighter for developers. So when you have to go out and look at modifying code updates and looking at say um unverified containers or one that gets a little bit of a hair on it with with with more updates that are needed as we say, what do you what's the role of automation? How do you guys view that and how do you talk to the developers out there when posturing for a strategy on and a playbook for automation? >>Yeah, I think you're you're touching on one of the most critical parts of of any good devops um platform is from end to end. Everything should be automated with the right quality gates inserted at different points so that if there's a um test failure, if you have a build failure, if you have a security vulnerability, the the automatic um points in there will be triggered so that your release process will be stopped um that you have automated rollbacks in production um so that you can make sure that their issues which affect your customers, you can quickly roll back and once you get into production um having the right tools for observe ability so that you can actually sift through what is a essentially a big data problem. So with large systems you get so much data coming back from your application, from the production systems, from all these different sources that even an easy way to sift through and identify what are the messages coming back telling you that there's a problem that there's a real issue that you need to address versus what's just background noise about different different processes or different application alerts, which really don't affect the security of the functionality of your applications. So I think this this end to end automation gives you the visibility and the single pane of glass to to know how to manage and diagnose your devops infrastructure. >>You know, steve you bring up a great point. I love this conversation because it always highlights to me why I love uh Coop Con and Cloud Native con part of the C N C F and dr khan, because to me it's like a microcosm of two worlds that are living together. Right? You got I think Coop khan has proven its more operated but not like operator operator, developer operators. And you got dr khan almost pure software development, but now becoming operators. So you've got that almost those two worlds are fusing together where they are running together. You have operating concerns like well the Parachute open, will it work? And how do I roll back these roll back? These are like operating questions that now developers got to think about. So I think we're seeing this kind of confluence of true devops next level where you can't you can be just a developer and have a little bit of opposite you and not be a problem. Right? Or or get down under the under the hood and be an operator whenever you want. So they're seeing a flex. What's your thoughts on this is just more about my observation kind of real time here? >>Yeah, so um I think it's an interesting, obviously observation on the industry and I think you know, I've been doing DEVOPS for for a long time now and um I started as a developer who needed to push to production, needed to have the ability to to manage releases and packages and be able to automate everything. Um and this naturally leads you on a path of doing more operations, being able to manage your production, being able to have fewer incidents and issues. Um I think DEVOPS has evolved to become a very complicated um set of tools and problems which it solves and even kubernetes as an example. Um It's not easy to set up like setting up a kubernetes cluster and managing, it is a full time job now that said, I think what you're seeing now is more and more companies are shifting back to developers as a focus because teams and developers are the kingmakers ends with the rise of cloud computing, you don't need a full operations team, you don't need a huge infrastructure stack, you can you can easily get set up in the cloud on on amazon google or as your and start deploying today to production from from a small team straight from code to production. And I think as we evolve and as we get better tools, simpler ways of managing your deployments of managing your packages, this makes it possible for um development teams to do that entire site lifecycle from code through to production with good quality checks with um good security and also with the ability to manage simple production incidents all by themselves. So I think that's that's coming where devoPS is shifting back to development teams. >>It's great to have your leadership and your experience. All right there. That's a great call out, great observation, nice gym there. I think that's right on. I think to get your thoughts if you don't mind going next level because you're, you're nailing what I see is the successful companies having these teams that could be and and workflows and have a mix of a team. I was talking about Dana Lawson who was the VP of engineering get up and she and I were riffing on this idea that you don't have to have a monolithic team because you've got you no longer have a monolithic environment. So you have this microservices and now you can have these, I'm gonna call micro teams, but you're starting to see an SRE on the team, that's the developer. Right? So this idea of having an SRE department maybe for big companies, that could be cool if you're hyper scalar, but these development teams are having certain formations. What's your observation to your customer base in terms of how your customers are organizing? Because I think you nailed the success form of how teams are executing because it's so much more agile, you get the reliability, you need to have security baked in, you want end to end visibility because you got services starting and stopping. How are teams? How are you seeing developers? What's the state of the art in your mind for formation? >>Yeah, so I think um we we work with a lot of the biggest companies who were really at the bleeding edge of innovation and devoPS and continuous delivery. And when you look at those teams, they have, they have very, very small teams, um supporting thousands of developers teams um building and deploying applications. So um when you think of of SRE and deVOPS focus there is actually a very small number of those folks who typically support humongous organizations and I think what we're hearing from them is their increasingly getting requirements from the teams who want to be self service, right? They want to be able to take their applications, have simple platforms to deploy it themselves to manage things. Um They don't they don't want to go through heavy way processes, they wanted to be automated and lightweight and I think this is this is putting pressure on deVOPS teams to to evolve and to adopt more platforms and services which allow developers to to do things themselves. And I think over time um this doesn't this doesn't get rid of the need for for devops and for SRE roles and organizations but it it changes because now they become the enablers of success and good development teams. It's it's kind of like um like how I. T. Organizations they support you with automated rollouts with all these tools rather than in person as much as they can do with automation. Um That helps the entire organization. I think devops is becoming the same thing where they're now simplifying and automating how developers can be self service and organizations. >>And I think it's a great evolution to because that makes total sense because it is kind of like what the I. T. Used to do in the old days but its the scale is different, the services are different, the deVOPS tools are different and so they really are enabling not just the cost center there really driving value. Um and this brings up the whole next threat. I'd love to get your thoughts because you guys are, have been doing this for developers for a while. Tools versus platform because you know, this whole platform where we're a platform were control plane, there's still a need for tooling for developers. How do we thread the needle between? What's, what's good for a tool? What's good for a platform? >>Yeah, So I I think that um, you know, there's always a lot of focus and it's, it's easier if you can take an end to end platform, which solves a bunch of different use cases together. But um, I I think a lot of folks, um, when you're looking at what you need and how you want to apply, um, devops practices to your organization, you ideally you want to be able to use best in breed tools to be able to solve exactly what your use cases. And this is one of the reasons why as a company with jay frog, we we try to be as open as possible to integrations with the entire vendor ecosystem. So um, it doesn't matter what ci cd tool you're using, you could be using Jenkins circle, ci spinnaker checked on, it doesn't matter what observe ability platform you're using in production, it doesn't matter what um tools you're using for collaboration. We, we support that whole ecosystem and we make it possible for you to select the the best of breed tools and technologies that you need to be successful as an organization. And I think the risk is if, if you, if you kind of accept vendor lock in on a single platform or or a single cloud platform even um then you're, you're not getting the best in breed tools and technologies which you need to stay ahead of the curve and devops is a very, very fast moving um, um, discipline along with all the cloud native technologies which you use for application development and for production. So if you're, if you're not staying at the bleeding edge and kind of pushing things forward, then you're then you're behind and if you're behind, you're not be able to keep up with the releases, the deployments, you need to be secure. So I think what you see is the leading organizations are pushing the envelope on on security, on deployment and they're they're using the best tools in the industry to make that happen. >>Stephen great to have you on the cube. I want to just get your thoughts on jay frog and the doctor partnership to wrap this up. Could you take them in to explain what's the most important thing that developers should pay attention to when it comes to security for Docker images? >>Yeah. So I think when you're when you're developer and you're looking at your your security strategy, um you want tools that help you that come to you and that help you. So you want things which are going to give you alerts in your I. D. With things which are going to trigger your in your Ci cd and your build process. And we should make it easy for you to identify mitigate and release um things which will help you do that. So we we provide a lot of those tools with jay frog and our doctor partnership. And I think if you if you look at our push towards helping developers to become more productive, build better applications and more secure applications, this is something the entire industry needs for us to address. What's increasingly a risk to software development, which is a higher profile vulnerabilities, which are affecting the entire industry. >>Great stuff. Big fan of jay frog watching you guys be so successful, you know, making things easy for developers is uh, and simpler and reducing the steps it takes to do things as a, I say, is the classic magic formula for any company, Make it easier, reduce the steps it takes to do something and make it simple. Um, good success formula. Great stuff. Great to have you on um for a minute or two, take a minute to plug what's going on in jay frog and share what's the latest increase with the company, what you guys are doing? Obviously public company. Great place to work, getting awards for that. Give the update on jay frog, put a plug in. >>Yeah. And also dr Frog, I've been having a lot of fun working at J frog, it's very, very fast growing. We have a lot of awesome announcements at swamp up. Um like the partnerships were doing um secure release bundles for deployments and just just a range of advances. I think the number of new features and innovation we put into the product in the past six months since I. P. O. Is astounding. So we're really trying to push the edge on devops um and we're also gonna be announcing and talking about stuff that dr khan as well and continue to invest in the cloud native and the devops ecosystem with our support of the continuous delivery foundation and the C. N C F, which I'm also heavily involved in. So it's it's exciting time to be in the devoPS industry and I think you can see that we're really helping software developers to improve their art to become better, better at release. Again, managing production applications >>and the ecosystem is just flourishing. It's only the beginning and again Making bring the craft back in Agile, which is a super big theme this year. Stephen. Great, great to see you. Thanks for dropping those gems and insights here on the Cube here at Dr. 2021 virtual. Thanks for coming on. >>Yeah. Thank you john. >>Okay. Dr. 2020 coverage virtual. I'm John for your host of the Cube. Thanks for watching. Mhm. Mhm. Yeah.

>>from around the globe. It's the Cube with digital coverage of AWS reinvent 2020 sponsored by Intel AWS and our community partners >>Telephone. Welcome back to the cubes. Virtual coverage of AWS reinvent 2020. We got the cube virtual because we're not in person. Got a great remote interview. Slummy Mannheim. Who's the CEO? Co founder, uh, exciting company. Drake J Frog. We went public this year. Congratulations, Cube alumni. Really a successor of White. The cloud exists in all the greatness and goodness of technology. It's not great to see you. Thanks for coming off of the special reinvent segment. >>Thank you. Thank you for having me, John. Great to see you again. >>So you guys have your mission continues. You're growing. We're here at reinvent. What's the story? Give us the quick news. Visa vee. Reinvent N A W s. >>Well, we had Ah, wonderful, uh, wonderful. Two months. Uh, since we went public on September 16, um, the company actually going past and they have UPS. Industry is going along us along. Excite us. So we're very excited about it. Um, great. Here. Great journey. You guys met us two years ago. So So you know the swamp. Well, then we're very excited being reinvent again, although virtually defined. >>You know, when you get a tailwind and you have a trend that your friend you guys had certainly had that with the developer first. That's the mantra. Everyone's talking about that now. You guys saw it early. The future of binary lifecycle management Dev Ops was the lifeblood of Dev ops. Now more is happening. You got automation. You got everything as a service which makes the developer equation even more powerful. Abstracting away complexities is even more needed. What's your vision on this? How do you guys continue the momentum in this now Highly accelerated cove it and soon to be post covert environment. >>Yeah. You know, John co vid actually accelerated what we already so years ago. And, uh, what we've seen is that the war demands a better way to update software. Look at us. Even this interview is being powered by software, right? I'm staring at the camera. I e used to sit in your studio and everything we do we all the food by by software. Our kids are at home learning with software. So obviously the demand for most software and most software updates is there, and Dev Ops is just the vehicle now. Once you understand that, you have to ask yourself, what is the primary asset that we really need to automate in order to become faster and secure and to provide a seamless software really slow? And what we identify 12 years ago is that it's the software packages, the binaries azi. We were named by the community, the binary people. >>Yeah, and and this is cool because not only it's just not a tool, it's a platform. You guys don't have a platform view. We talked about this in 2017. I remember The conversation like this is pretty compelling. This is Ah, go big or go home. You guys went big, for sure and successful. How do you take that platform approach to Dev Ops, where you have to enable success, you gotta have the enterprise features you got now hybrid multiple environment with the edge and other clouds air happening. How are you looking at this? >>Yes, So today it's it's quite clear in the in the enterprise falls zero. Everybody understand. Developers are the rainmakers. The communities is what powers innovation and what makes changes Look a talker. Look at problematic. Look at cloud native. It didn't started the enterprise. It starts with the developer. The developer mind this is, I think, the biggest democracy. And when we realized that 10 years ago, our philosophy was very, very clear, we would like the developers to have the freedom of choice. We want them to have ah, universal solution that supports all technologies, all software packages. Then we want them to have a hybrid solution. They prefer to one in the cloud also fostered. We will be, um, completely for it. And then not just in the cloud, but also multi cloud. So the full the full freedom of choice coined by the community, the Switzerland of develops. And, uh, starting as you mentioned, we started without a factory housing factories. The database of them are posting all of your software packages, all type of software packages. Then J. Fogg, X ray, our security vulnerability and license compliance tool that natively integrate without the factory. Then J Fogg distribution that push your software packages to the edge. We acquired two companies cloud much for the dashboard, did oversee all the pipeline and ship a bell, which is today, Jeff Pipelines, Our C I c d. And then we did you know, it was a long journey, but very food food for us, and we are very proud to build it together with the community. >>Well, not only did you guys succeed execution wise, the vision was phenomenal. The execution with the acquisitions, you really knocked down some great accomplishments. Eso Congratulations. You just laid that out, you know? Good call out there. I do want to ask you about this liquid software narrative. Can you take a minute toe? Unpack that a little bit? Because this is new. It seems to be something that is about the collective vision. How does this come together? Because you gotta do act to now. Act one is over. You went public. You did all the work. You built the company. You got a durable business. Got great customers. Happy community. What's this liquid software thing? >>Well, think about it. Liquid software might be our vision J. Fogg vision, but it's the world's mission. Now we want to have Netflix podcasting to our home without any software update disturbing us. We want to have our iPhone being updated automatically and seamlessly without a reboot. We want our Tesla, uh, to be updated without shutting down the model and schedule and update. And this is our mission. This is the big picture. How can we make sure that software is running smoothly from the developers Single tips all the way to the edge, no matter what the edges. Now, in order to achieve that, you have to be fast. You have to be automated, you have to be secure. And you have to be focused on the assets that moved from the developer, the hands off from the developers to the op that goes all the way to the devices, the machines or whatever edge. And these are the binaries. So the vision of flick with software is a software updates slowing, uh, into your pipe seamlessly all the way from from the creator to the consumer. >>You know, that's the Holy Grail. That's the Nirvana. That's the dream of edge. You know, if you think about the old days, I'm old enough to remember back in the eighties, when we used to build purpose, built everything full stack developer hardware, ground up everything supply chain hardware, software done. Now you got an edge that still needs to be purpose built at the same time, you have a half of a software operating model. This to me, seems to be a great liquid software moment where I need to have special is, um, at the device. But I need a root of trust. I need quality. I need to have software operations, but I can't go down, whether it's in space or in the data center. What's your reaction to that? >>I think that, you know, liquid software is already happening. Um, if I would ask you what's version off Facebook are using, I bet you don't know what both version of Zuma we currently using, uh, for this interview. We don't know because it's happening behind the scene. Liquid software is happening and and you're right. It was It was the one big back that we had to take care of everything. And now it's a different way. But still developers are taking care of all the gates, all the stages. Think about all the, um, all the gates that kind of shifted left like security. Now it's in the hands of the developers, test automation developers automation in order to be fast and to scale fast developers and the option the and the depth kind of come together. This is already a cliche, so I don't need to again talk about Deva. But if you do it right from the moment you build and secure your software, then you will be faster than your competitors and organization realized that if you are not fastened secure, you will fall behind and you will lose your competitive advantage. So what we see now is the liquid doctor already happened and there is much more responsibility and much more expectations from the development organization. >>Yeah, it's awesome. You want to security Big 10. By the way, I'm running 10 15.7 uh, Catalina And when you run your >>you have to go liquid. >>When you when you go liquid, can you just make sure that always lands on a odd number? We know the even numbers are unlucky, so don't give me the, you know, make it work for me. Keep it liquid. Um, you >>know, one. I'm sorry. One of the biggest campaign we ever had was a big sign that says, imagine there's no version. Imagine There's no version. Imagine that you don't care what the version is because actually the consumer. My mother, she doesn't want to know what zoom version she used when she picked with me. >>Hey, we got server list. I could go version list, too. I mean, who doesn't want a version of this system? Look, this is critical. I love the hands on Hands off mindset. This is about non disruptive operations. You're starting to get into that kind of liquidity. What's next? What do you guys hearing at reinvent this year? Obviously, is virtual. So there's a lot of different touch points of over this three weeks. We got a lot of cube coverage. We're hearing speed, agility, agility has been around for a while. We're hearing speed is critical right now. It's the number one thing we're hearing across environments. That's the number one feature that we're hearing. What are you hearing? >>Yeah, well, John first, you know, I'm grateful as the CEO to have ah team off almost 700 employees worldwide doing this with the community, by the community and for the community. And we are very, very honored to have, um, over 6000 customers the majority. The vast majority of the Fortune 100 already powered by J Foe, the biggest bank, the biggest retail, the biggest tech company and what we hear from them. And I think that you know, a mental that stay humbled and listen to the community learns a lot. And the wisdom of the community is telling us the following number one double down on security because we still in the process in the transition of moving the responsibility to the developers. Even the system off the organization is still freaking out from from releases seven times a day. The second thing that we hear is that if software packages are the primary asset, then we want to have the freedom of choice. We want to integrate with whatever ecosystems I want to use Docker and dotnet and Java and pipe I and N P m. At the same time in the same resource. So consolidate consolidate this all for me And the last thing we hear is we We are also best of breed, But some some packages must come together and this is where the end to end solution coming from J. Prague is vital for the organization. You get the repository, the security, the distribution and the C I c d from the same vandal. Now take this and push the pedal even more, Uh, toe to the end. And you will see that the deployment environment that also got a bit more complex requires hybrid solution and multi cloud solution. There is no Fortune 100 company. It will just go with one cloud or with one solution. And when you come with unauthentic hybrid solution, multi cloud, that's a real This is a fanatic freedom of choice and the fanatic democracy that we give to developers. >>That's a great mission. Freedom of choice. No lock in lock ins. The new the new lock in his choice. New lock in his performance and scale. Slow me. Thank you for coming on The Cube behind CEO and co founder of Jay Frog. Mad props and congratulations to you and your team and swamp for great success having the right product at the right time. Developer first. Great stuff. Congratulations. Thanks for coming. >>Thank you very much and made the frog be with us and made this pandemic Thanks. Thank you very >>much. I want to get back to real life. I miss life. Thank you for coming. I miss it. This is the Cube. Virtual. We are cute. Virtual. Thanks for watching reinvent coverage. 2020. I'm John for your host. Yeah.

>> Narrator: Live from San Francisco, it's theCube covering RSA Conference 2020 San Francisco brought to you by Silicon Angle Media. >> Hey welcome back here ready Jeff Frick here with theCube. We're at the RSA Conference downtown San Francisco, about 40,000 people In the year we're going to know everything with the benefit of fine sight. It's not really working out that way. So we're still going out to the events, getting the smartest people we can find, bringing them to you. We're excited to have our very next guest. He's Steve Chin, the senior director of developer relations for JFrog. Steve, great to meet you. >> Thanks very much for having me here at the conference. >> Absolutely so for people that don't know JFrog, give him kind of the one on one. >> So I think the simplest way to describe our company is where the database of DevOps >> The database of DevOps. (laughs) I don't know that that would be the simplest way, >> But basically when companies want to deliver software faster, when they're looking at how to speed up their feature development, how to respond quicker to security, we provide a end-to-end DevOps platform, the JFrog platform, which accomplishes this for companies. >> Okay so a lot of people know about DevOps. A lot of people have experienced with rapid iteration on their apps. I don't know why they have to keep uploading updates all the time. There's a ton of great benefits to that and this really revolutionize the software industry. That said, the other kind of theme here at RSA and a lot of the security conferences is you can no longer bolt security on. It can no longer be a moat around the castle. It can no longer be a firewall on the edge of the network that it has to be baked in all the way through the product. And that goes right back to kind of what you guys do. And on the DevOps, how do devs who didn't necessarily get trained on security don't necessarily want to know about security and probably would prefer not to have to deal they probably liked the better when they could just push it off, but kind of like they used to push it off to prod. That's not the way anymore they have to bake it in. So how do you help them do that? What do you kind of see in terms of trends in the space? >> Yeah, so I think what we're seeing in the industry is that companies want to deliver, they need to deliver software more quickly and more rapidly. Just based on user requirements. So if you think about your phone, your car, like pretty much everything is updating constantly and it's not even a choice anymore. Updates get pushed to you because you need new features. You also need security fixes for things. And this is happening weekly, daily, hourly. As new threats are exposed and for companies, the standard processes which might have been used in the past to type security or reviews to run a complicated scanners to have like different checkpoints that doesn't work in an environment where you're continuously deploying. And really if you think about it, the only way you can accomplish rapid iteration, high security is to be doing security scanning as a part of your workflow. As a part of your DevOps workflow and shifting left. So going towards the developers and giving them more tools, which give them information about potential security risks. So as an example, developers code and an IDE or some sort of visual environment. And if you can present the information up front right there and tell them, "Hey, this open source library "you're using it has a security vulnerability, "there's a new version you should upgrade." Or "Hey this component that has an incompatible license. "Like this doesn't meet our security requirements." Those sort of things if they're caught while you're developing new features, it saves time and money there. But it delays potential slippage, risks, pushback from the security team at the other end. The next step is when they check in code or when they're executing a build. You want to be scanning up front scan the bills, scan the binary's really far up the chain. And that way you're catching security vulnerabilities during the iterative development process. By the time you get to like QA to stage to production, security vulnerabilities shouldn't be a surprise. They should be something which the teams up front know about. They're addressing and you're using tools which are designed in that workflow to really give early, often feedback to the teams up the chain and see it's the only way like all the large companies doing continuous deployments. This is how you have to approach it. You use multiple techniques, you use binary scatters, you use source code scanners even runtime scanners and you make sure you shift as much left as possible, which is exactly what the JFrog platform enables development teams to do. >> So what percentage roughly is just making sure you've got the first thing that you described that you've got the right libraries that you're using the right tools that have already gone through some security protocol check versus just writing in a bad sequence of steps or that API call or opening up some hole via just bad code choices. Yeah so I think increasingly as companies depends more on third party libraries, open source libraries. if you think about your average application, you're bundling in hundreds of different components and libraries which you have relatively little control over. And a simple way to look at this as if you created a Docker container today, you loaded up with a bunch of DB and packages, maybe a few application bundles within a few days, at the end of a month, that will be full of security vulnerabilities. So that container you build one month ago, it will be full which is outdated. You'll have hundreds of security vulnerabilities >> Just because validated patches or because people see it in attacking? >> Well the thing is you constantly have folks releasing new software, identifying vulnerability risks, patching those risks. And if you don't stay current, if you're not constantly updating your software to stay up with the latest security patches, you're putting your customers and your own business at risk. So I think today that is the number one issue with software is we all depend on open source libraries and components which are used by a lot of companies are constantly being improved and then patched. And the most important thing is knowing when their security vulnerability is identifying the risk of how those impact your customers and then patching as quickly as possible. >> And then the other piece of it is just API is to lots of other people, software that I don't necessarily have access to rights to. So the fact that so much of this stuff is all tied together. Now an attendant just opens up kind of a whole another layer of a potential attack surface. So have you seen things change in kind of IOT as kind of OT and IT come together with IOT and a lot of those OT devices, we're not necessarily set up for patching, they weren't necessarily set up with easy to get into operating systems or maybe too easy to get into operating systems. How are you seeing kind of all the growth that's happening there impact this conversation? >> Yeah, so I think especially with edge devices, I think what we've realized is that edge devices which aren't being updated or insecurity devices. So if you don't have a plan for how you update a new patch and you address security vulnerabilities in your edge devices, they're subject to the same risks. If they're running a variant of Linux, then they're running open source software. They're running a bunch of libraries. If they're on the network, they're open to network attacks. And we have even more complicated edge devices rolling around the roads now. There were some critical security patches and several of the self driving cars with braking systems, with obstacle avoidance systems. So if you don't have an aggressive plan on how you're patching your edge devices you reached the same sort of challenge. And what that involves again is identifying what libraries and components you depend upon, assessing the security risks, which those pose and then having a distribution plan. How do you go from your systems through builds, through deployments and then do the edge distribution to all the devices to get critical security updates to your end users as quickly as possible. >> I'm just curious who do you see on the teams that ultimately has responsibility that this is ready to go or not go. 'Cause we've seen too many instances of stuff that gets shipped that's not ready to go. I can certainly see the pressure to get stuff shipped and somebody says, well, that's okay, we'll just get that patch out. We'll get that patch out next week or we'll get that patch out sometime down the road. And we've seen a ton of things go out that are super easily hacked children's toys and some of these things that have all kinds of really bad implications to it. Is there somebody usually on the team that's, that needs to give the stamp of approval? Is it more of kind of a broad? >> Yes I think the traditional approach is having somebody within the company responsible for security, but increasingly to effectively address security, it needs to be the ownership of the whole team from end to end to make it successful. So the more the security team can be an ally of the QA team of the development team, of the DevOps team rather than being the gatekeeper, they want to be the ally of those teams. Then the more successful it is. So arming the other teams in your company with knowledge about security risks, arming with tools which provide visibility into different security vulnerabilities. That's the way which you have a end-to-end secure product because when you get to the release, if the security team holds up the release, you're either making a bad decision or a bad decision. Catching it up front. When you're building features, then you actually can address it and build the right security into your product, which is much better for your customers and your company. >> Well, Steve, interesting conversation, interesting times. The DevOps and the rapid deploy is certainly the way it is that we're here. So being able to effectively bake that security is only a good thing, but really a necessary thing. >> Well, this was great chatting with you and the conference here is great to see all of these folks focused on improving security and taking us to the next generation with more secure edge devices. >> I don't think there'll be any shortage of need for security professionals anytime soon. All right well thanks again Steve. >> All right, thank you. All right Steve, I'm Jeff Frick. You're watching theCube. We're at the RSA Conference in downtown San Francisco. Thanks for watching. We'll see you next time. (upbeat music)

(string music) >> Welcome to the Cube conversation here at the Cube studios in Palo Alto California, I'm John Furrier, cohost of the Cube and cofounder of Slip and Angle Media. We're here with Shlomi Ben Haim who's the founder and CEO of Jfrog, hot startup. I asked him to come in to chat about his business. In the dev/op space, we see him at a lot of shows, your company's doing well, we love the marketing, the frog thing is great, love it, very cool. But there's a lot of real serious action going on in the enterprise and in the cloud and in emerging tech, whether it's AI or machine learning, whether its innovative things, developers are front and center in the marketplace and there's a boatload of noise out there, there's like this approach, this approach, there's a lot of different approaches, but at the end of the day, the devs are driving a lot of innovation. You guys are at the center of it so welcome to the Cube. >> Thank you. >> First question for you, just take a minute to talk about what you guys do, Jfrog, what's your company, what's your business, what are you guys up to, what's your deal? >> The way I think that the community will describe us would be that we are the binaries people, we are taking care of your binaries. As you know in the dev/ops world, everything you do you do with your binaries, with your software artifacts, so I heard some of the community members call us the database of dev/ops and we are the providers of artifactory, bintray, xray and mission control which take care of your binaries, managing them, host them, distribute them and secure them. >> Open source event we were at, we saw you guys because I was doing all the interviews and you guys were right on the edge there, then you guys got some nice background images off the Cube videos, but it was really interesting. The trend is your friend as the saying goes and the number of open source projects is increasing, the actual lines of code is exponentially going to grow from 22 million to 200, 400 million lines of code over the next couple of years, that's hockey stick. More developers are coming in, not old school like me that built their own stuff from scratch, there's a lot of lego blocks in fact Jim Samlin said that 10% of the code will probably be original ideas and differentiation, 90% of most of the code will be a code sandwich, which I believe, I think that's the legit direction. How do you guys fit into that trend and what does that mean for your business because I can imagine, there's a ton of Git Hub stuff going on, tons of forking, tons of projects, you got block chain catching the world by storm, there is a massive developer tsunami going on. How do you guys help them? >> It's very interesting, when we started Jfrog, actually my co-founder Yoav Landman started by providing developers with a very dummy, basic solution to proxy, public repositories like Maven central and it was not about the code for the first time, it was about the binaries. Code is great and the line of code, as you said, it's going to go enormous but what happened is that when you need to automate, when you need to rebuild, when you need to release faster, you go down to the binary level, to the software artifact level and guess what, no one took care of your binaries before, you were just throwing your binaries to your version controller or file store, maybe you were hosting them. >> They were messy, it's like a kid with their room, all the stuff spread around all over the place, where's that binary, no one keeps track of it. >> Nobody care about that, but this is the one thing that you keep consuming, keep building with, keep recompiling and in the era of dev/ops, is the one asset that you need to automate and reuse. This is where we, >> The core problem if I get this right, is that compiling is going to be, if you think of dev/ops, it's infrastructure as code, as the phrase goes as we always say and programming infrastructure is what dev guys want to do, they don't want to be in the business of switching configurations, getting in the routers and the network. They want it to be just one layer of resource, serverless is a great trend for you, more and more developers are going to love this. They want to program, so when you're programming, the inherent next step is where's the code, who's compiling it, does it need to be compiled? Is that the core problem, that there's more and more stuff going on under the hood that needs to be managed? Is that growing part of your business solution or is the problem just lost binaries, what's the core problem? >> It's a perfect question. First of all, we are providers, we are the providers of the only universal solution. Binaries are not just for java developers, they are not just for python developers, they are not just for dot net developers, they are not just for docker users and the way you package it, binaries happens between your get and your CI server, let's say Jenkins, get and Jenkins and your Kubernetes. Something happens between those two sites. Your orchestration tool and your code repository tool. In this land is where binaries play a very significant role and this is where we are a major player. >> Is the problem error prone in that zone, in that zone it's like the wild west, it's like a black hole if you will, think about what you're saying, if I get it right. There's a lot of stuff that goes on in there, is it mismanagement, what's the core thing that you guys got to do there? >> Tons of binaries, too much public repositories that the community cannot rely on. You need to manage and host your own binaries, the ones that you create yourself, and to provide and this is the last strength we see in the market, big organization need to provide dev/ops as a service to their own developers, so they need to ask this very important asset that we call software artifact and binaries or darker images or whatever you want to call it. >> Yeah a lot of great trends going on, obviously containers and Kubernetes you mentioned. Let's get into those, that's driving a lot of change. Certainly containers has been around for a while, whether you call it wrappers or whatever, it's a great magical thing, we love containers, Kubernetes really gets the trend right, if you look at the google trend, you see Kubernetes has got so much more traction than containers, although I'm not saying one's more relevant than the other, certainly orchestration's important, linking and loading all these containers together. Why is Kubernetes accelerating the binary conversation? Is it because more rapid development is going on, more programmability's going on, why is Kubernetes impacting the binaries components more now than ever? >> Putting aside the need for automating and integrating, this whole orchestration solution requires some work on the binary level but if you think about what Kubernetes is trying to solve, or what the containers are all trying to solve is a better, faster release, better, faster deployment, better, faster delivery and then you can do it only if you will combine the power of the developers and the power of the machine and release faster. This is what we say in Jfrog, release fast or die because it's all about how fast can you release? >> Before we get into some of the product specific stuff, I want to ask you some pointed questions on that. I want to ask you about automation. AI is obviously hot, I love AI, even though it's hyped up, it still promotes great software development, machine learning really is where the meat on the bone is there, so machine learning and automation bots, whatever you want to look at it, is an opportunity to actually to create adaptive code. How did that new software paradigm affect binaries because I can almost imagine that if you got a bot going wild, it could screw up the binaries. >> Completely. >> So can you comment on that, that area. Obviously we want more bots, automation is a good thing on one level, but how do you guys look at that market as an opportunity, as a challenge, what's that whole AI thing look like? >> Well if we take a step back, I think the dev/ops started with the need to automate and release faster. It was like the playground of developers, we need a better integration, we need a continuous integration, we need better delivery, we need continuous delivery. If you think about it now, in 20/20 perspective, you understand that this was all milestones. The next big challenge is continuous updates. People like me, people like you, just want their devices and machines to be updated. >> And secure, look at Equifax. Equifax is a great example, they didn't update the code. >> Absolutely and it's flowing and just happening and secure and in the world of automation, the world of AI, I think that the big challenge or the next big challenge of dev/ops is how can I create a continuous update machine which is also secure and software update will just flow. It will not be something that you press I agree, I reboot and do any kind of crazy stuff in order just to get your software update. It's more about the user experience of all of us. It's not just developers and dev/ops companies anymore. >> That's a great vision by the way, I love that. It should work like that and programmable infrastructure for dev/ops should be programmable and always available and highly reliable. Mark Zuckerberg used to have the saying, move fast, break stuff, that's not a dev/ops ethos by the way, they built their own dev/ops, but then he kind of quickly waffled back to move fast, be reliable, because he got some religion on ops. Totally get that, let's go into today's world. That gives us a little future view, what is a use case for a customer? Take me through the day and the life of a customer that's using Jfrog, what are their problems, what are some of the things that are burning in their office? Where's the smoke, what's the problem that they have that they need to take care of the binaries? Sprawl of code, just mismanagement, what are some of the signals? Share with your view there. >> It starts with the fact that it's not your developer anymore that builds software. You have a CI server there that never goes to a lunch break, never take a break with Facebook, which by the way, it's a great company but sometimes it stop giving the time during the work time and you keep building and building like crazy. Your CI server keep producing binaries. >> It's an always on code machine basically. >> It's a binaries machine and it's being built 24 by seven and yes, you use just a portion of it but you have to host and manage all of it and if you will host it in your version controller, it will explode, if you will put it in a file store, it will not be something, >> Explode because of capacity? >> Because you cannot do any cleanups on the version controller, not get or subversion or the false or any of them, you don't do cleanups on version control. >> Hygiene is an issue. >> Yes, plus integration. You need to integrate with your records system, plus promotion, you need to allow and automate promotion of the specific bites that you build. >> So that's why people call you the database or I would even say the brains of binaries, you got to keep track of the goods if you will, it's like the crown jewel is the binary. >> Right. >> If I get that right, okay let's take it to the next level. You have good hygiene, you have good stuff going on, what are you guys doing specifically that gives you a differentiation of the market because is it software, is it hardware, what is the Jfrog differentiation? >> I think that the first thing that happened to us was that we realized that binaries is for everyone. If you remember Jfrog's slogans from 2010, it was binaries for the people. We felt like we are leading the revolution of taking care of your binaries and therefore, we decided that whatever we build, our philosophy base, our concept will be universal. We started with the Java community, Maven and Gradel and then the dot net community with Nougat and then when it came to be more like a dev/ops industry in 2013 or '14 was it, >> Roughly, 2008 to 2014 was really the cloud errati and then it grew and then it matured a little bit. >> And the combination of dev and ops and IT and then we started to support packages like Debian and RPM, beyond repositories, docker registry, we were the first docker registry in the market. >> You were riding the wave from the beginning. >> Yes. >> You were right there riding the binary wave with the native cloud growth, public cloud growth big time which by the way had a lot of iterations quickly. >> Which is also one of our differentiators, we are the only hybrid providers for your binary solution. We have it in the cloud, any cloud or on prem. >> Who's the competition? >> It's a very good question, on a niche level, we have companies like docker that provide a docker registry we have Cores that provide docker registry, by the way, anyone in the market now that want to have a docker registry, a container registry. On the Java Maven domains, Sonotype provide a nexus which is a binary repository manager for Java for Maven builds. NPM provide a solution for NPM but if you think about the universal solution that supports other, >> Those are siloed platform specific binaries. >> Yes. >> You're taking much more of a wholistic, horizontally scalable, any binary any time management. >> Exactly, we don't do the before and after, but in the binaries world, we want to be one solution for all. >> I get the whole registry thing, love that positioning. Just a dumb question, when someone's coming in and managing intermittently in the registry, how do you guys handle that piece? How do you know that a Java request coming in from a Java registry, you guys have a front end to this thing, is it your software, how do you guys manage the integration of requests to and from the binaries. >> The read and write to the repository you mean? >> Yes. >> Artifactor is a very sophisticated repository if I may say it's built more like a database, it's based on a check sum mechanism and not just a basic file store. >> You verify it coming in on the front end. >> Right, the parts and machine caching, managing, hosting and distributing, it's all happening in artifactor. >> And performance is as good? No problems with performance? >> Well we are the only provider that has a highly available solution with over 4000 customers, so I guess it is. >> You got a smile yeah, I see you at the shows. You got a good reputation so it's great to have you come in. I want to just take a minute to pause because I know we're having a great conversation, I could talk about CI servers til the cows come home, one of my favorite topics dev/ops, as people who have been following me since 2008 know, I love the cloud, cloud native vision from day one. There's a lot of people out there who don't know what the hell a binary is, so take a minute and explain, what is a binary and why is it such an important thing right now in context to open source growth, more developers coming in, context to enterprises trying to be cloud like and just for the general purpose, why are binaries important? Why should the general public, how would you talk about what is a binary? >> I'll try. I think that the main difference is that binaries are more like, maybe it's a basic metaphor, but binaries are more like fresh food, unlike freeze food. Your source code is freezed, you're not allowed to touch it, you're not allowed to clean it, you're not allowed to change it. Your one dot seal would be my one dot seal. It's kind of freeze food, this is why in dev for get and other player in this market are so important. We see how bit bucket with the class in and Git Hub are growing and still playing a significant role binaries are different, binaries is the fresh food. Something that you keep changing, any minute and you build with a specific binary something and then something else and it become another binary if I may say so. I think that the flexibility that you need to gain when you go on full automation and full integration is the flexibility that you can get on the binary level. You cannot get it on the code level. Therefore, binaries playing a very significant role in the cloud era and in the dev/ops era. >> Sure it allows for extensibility of source code. In a way what you're saying. You can eat the frozen food or you can chop up your own organic meal yourself. >> Exactly. >> Okay I get that, final question for you, thanks for coming in, appreciate the one on one on binaries there. People can always just go on Wikipedia and look at other definitions on stack overflow and whatnot. What is the customer value proposition for Jfrog? Why should I work with you, what's the main reason for you to have 4000 customers? What's driving them to use you? Is it just convenience? Is it scalability, all of the above? Just take a minute to explain why customers go to you and if people don't work with you, why should they work with you? >> I think that the biggest challenge today is that you want to treat binaries as first level citizens and instead of having an NPM repository, docker registry, Maven repository, python repository and there is no single organization that will have just one repository, you can have it all with Jfrog. The second thing we are the providers of highly available solution to protect your data centers so if you don't want your 1000 developers sitting down, waiting for the binary repository to be up and running and to allow the environment, then you probably want to, >> Productivity right there is one. >> Productivity and efficiency, absolutely. We are also providing it to secure your binary flow and the platform that distributes your binaries. We take binaries very seriously, over two billion downloads a month on bintray, our distribution hub and we work with the community and for the community, we are developers ourself, coming from the open source community so it's all bottom up and community friendly. >> Shlomi, great commentary, I want to just get a personal, take your Jfrog hat off for a minute, put your developer, executive, industry expert hat on. Share with the audience your view on the developer market. There's been a lot of negative press around the brogrammer lately and all these things, but trends are clear that you have massive growth in open source, comment on the role open source plays as it goes into some argue fifth generation, fourth, fifth generation, I remember when the first generation I was coding on. Those were the days but different, it's changed. You have so much code, it's really a party right now in open source, there's so much good stuff happening. Google's donating tensorflow, all these people putting real big libraries out there to code on. Kubernetes is just so awesome, system guys specifically love what's going on in the cloud. But cloud is exploding a lot of opportunities, IoT and AI, what's the developer market like right now, just share your thoughts, what's the sentiment, what's the excitement, what are the young kids doing? What are some of the big things that you see happening? >> From business perspective, what we see in the market is developers first of all taking decisions. They hear their managers coming with the pain and expect it to solve it and the bottom up process is something we never saw in the market. The last five, six years, we see more and more developers kind of educating their managers with how to do it and how to do it faster. The second thing and this is, >> So bottom up's happening now you're saying. >> Happening for the last five years and it's growing. The second thing we see in the cloud, you see it more than I am, Google and Amazon and Microsoft and Red Hat, everyone want a piece of the cloud, Orca now just announced two days ago, three days ago. Everyone want a piece of the cloud and everybody understand that data traffic comes from developers, it's not individuals, it's communities, the open source community is giant and it's a very, there's a very important player in the data traffic of what we call the cloud highway. >> And the communities are very most important piece, you would agree with that, right? We're very community focused, that's the key, right? >> Yes, absolutely. >> I think the world will be developer indoctrinated with basically developer premises across all business, so it's not a department anymore, it's permeating all through organizations. >> Right and also impact our user experience. People like simple people that doesn't understand code, they're not contributing to the open source world still need software updates and competitive analysis are talking about that, how fast can you release? >> Well Stu Miniman and Dave Alante and Peter Burris and I always talk about community is the key in open source, you guys have been very successful in the community. Congratulations, obviously we're very community focused with our content, with the Cube. If you like the Cube, check us out at cube.net, give us a call, come in the studio if you're a thought leader, love to chat with you. I'm John Furrier with the Cube, more thought leadership coverage in Palo Alto here inside the Cube. We'll be right back, thanks for watching. (electronic music)

>> From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is "Breaking Analysis" with Dave Vellante. >> Virtually all tech companies have expressed caution in their respective earnings calls, and why not? I know you're sick in talking about the macroeconomic environment, but it's full of uncertainties and there's no upside to providing aggressive guidance when sellers are in control. They punish even the slightest miss. Moreover, the spending data confirms the softening market across the board, so it's becoming expected that CFOs will guide cautiously. But companies facing execution challenges, they can't hide behind the macro, which is why it's important to understand which firms are best positioned to maintain momentum through the headwinds and come out the other side stronger. Hello, and welcome to this week's Wikibon Cube Insights powered by ETR. In this "Breaking Analysis," we'll do three things. First, we're going to share a high-level view of the spending pinch that almost all sectors are experiencing. Second, we're going to highlight some of those companies that continue to show notably strong momentum and relatively high spending velocity on their platforms, albeit less robust than last year. And third, we're going to give you a peak at how one senior technology leader in the financial sector sees the competitive dynamic between AWS, Snowflake, and Databricks. So I landed on the red eye this morning and opened my eyes, and then opened my email to see this. My Barron's Daily had a headline telling me how bad things are and why they could get worse. The S&P Thursday hit a new closing low for the year. The safe haven of bonds are sucking wind. The market hasn't seemed to find a floor. Central banks are raising rates. Inflation is still high, but the job market remains strong. Oh, not to mention that the US debt service is headed toward a trillion dollars per year, and the geopolitical situation is pretty tense, and Europe seems to be really struggling. Yeah, so the Santa Claus rally is really looking pretty precarious, especially if there's a liquidity crunch coming, like guess why they call Barron's Barron's. Last week, we showed you this graphic ahead of the UiPath event. For months, the big four sectors, cloud, containers, AI, and RPA, have shown spending momentum above the rest. Now, this chart shows net score or spending velocity on specific sectors, and these four have consistently trended above the 40% red line for two years now, until this past ETR survey. ML/AI and RPA have decelerated as shown by the squiggly lines, and our premise was that they are more discretionary than the other sectors. The big four is now the big two: cloud and containers. But the reality is almost every sector in the ETR taxonomy is down as shown here. This chart shows the sectors that have decreased in a meaningful way. Almost all sectors are now below the trend line and only cloud and containers, as we showed earlier, are above the magic 40% mark. Container platforms and container orchestration are those gray dots. And no sector has shown a significant increase in spending velocity relative to October 2021 survey. In addition to ML/AI and RPA, information security, yes, security, virtualizations, video conferencing, outsourced IT, syndicated research. Syndicated research, yeah, those Gartner, IDC, Forrester, they stand out as seemingly the most discretionary, although we would argue that security is less discretionary. But what you're seeing is a share shift as we've previously reported toward modern platforms and away from point tools. But the point is there is no sector that is immune from the macroeconomic environment. Although remember, as we reported last week, we're still expecting five to 6% IT spending growth this year relative to 2021, but it's a dynamic environment. So let's now take a look at some of the key players and see how they're performing on a relative basis. This chart shows the net score or spending momentum on the y-axis and the pervasiveness of the vendor within the ETR survey measured as the percentage of respondents citing the vendor in use. As usual, Microsoft and AWS stand out because they are both pervasive on the x-axis and they're highly elevated on the vertical axis. For two companies of this size that demonstrate and maintain net scores above the 40% mark is extremely impressive. Although AWS is now showing much higher on the vertical scale relative to Microsoft, which is a new trend. Normally, we see Microsoft dominating on both dimensions. Salesforce is impressive as well because it's so large, but it's below those two on the vertical axis. Now, Google is meaningfully large, but relative to the other big public clouds, AWS and Azure, we see this as disappointing. John Blackledge of Cowen went on CNBC this past week and said that GCP, by his estimates, are 75% of Google Cloud's reported revenue and is now only five years behind AWS in Azure. Now, our models say, "No way." Google Cloud Platform, by our estimate, is running at about $3 billion per quarter or more like 60% of Google's reported overall cloud revenue. You have to go back to 2016 to find AWS running at that level and 2018 for Azure. So we would estimate that GCP is six years behind AWS and four years behind Azure from a revenue performance standpoint. Now, tech-wise, you can make a stronger case for Google. They have really strong tech. But revenue is, in our view, a really good indicator. Now, we circle here ServiceNow because they have become a generational company and impressively remain above the 40% line. We were at CrowdStrike with theCUBE two weeks ago, and we saw firsthand what we see as another generational company in the making. And you can see the company spending momentum is quite impressive. Now, HashiCorp and Snowflake have now surpassed Kubernetes to claim the top net score spots. Now, we know Kubernetes isn't a company, but ETR tracks it as though it were just for context. And we've highlighted Databricks as well, showing momentum, but it doesn't have the market presence of Snowflake. And there are a number of other players in the green: Pure Storage, Workday, Elastic, JFrog, Datadog, Palo Alto, Zscaler, CyberArk, Fortinet. Those last ones are in security, but again, they're all off their recent highs of 2021 and early 2022. Now, speaking of AWS, Snowflake, and Databricks, our colleague Eric Bradley of ETR recently held an in-depth interview with a senior executive at a large financial institution to dig into the analytics space. And there were some interesting takeaways that we'd like to share. The first is a discussion about whether or not AWS can usurp Snowflake as the top dog in analytics. I'll let you read this at your at your leisure, but I'll pull out some call-outs as indicated by the red lines. This individual's take was quite interesting. Note the comment that quote, this is my area of expertise. This person cited AWS's numerous databases as problematic, but Redshift was cited as the closest competitors to Snowflake. This individual also called out Snowflake's current cross-cloud Advantage, what we sometimes call supercloud, as well as the value add in their marketplace as a differentiator. But the point is this person was actually making, the point that this person was actually making is that cloud vendors make a lot of money from Snowflake. AWS, for example, see Snowflake as much more of a partner than a competitor. And as we've reported, Snowflake drives a lot of EC2 and storage revenue for AWS. Now, as well, this doesn't mean AWS does not have a strong marketplace. It does. Probably the best in the business, but the point is Snowflake's marketplace is exclusively focused on a data marketplace and the company's challenge or opportunity is to build up that ecosystem and to continue to add partners and create network effects that allow them to create long-term sustainable moat for the company, while at the same time, staying ahead of the competition with innovation. Now, the other comment that caught our attention was Snowflake's differentiators. This individual cited three areas. One, the well-known separation of compute and storage, which, of course, AWS has replicated sort of, maybe not as elegant in the sense that you can reduce the compute load with Redshift, but unlike Snowflake, you can't shut it down. Two, with Snowflake's data sharing capability, which is becoming quite well-known and a key part of its value proposition. And three, its marketplace. And again, key opportunity for Snowflake to build out its ecosystem. Close feature gaps that it's not necessarily going to deliver on its own. And really importantly, create governed and secure data sharing experiences for anyone on the data cloud or across clouds. Now, the last thing this individual addressed in the ETR interview that we'll share is how Databricks and Snowflake are attacking a similar problem, i.e. simplifying data, data sharing, and getting more value from data. The key messages here are there's overlap with these two platforms, but Databricks appeals to a more techy crowd. You open a notebook, when you're working with Databricks, you're more likely to be a data scientist, whereas with Snowflake, you're more likely to be aligned with the lines of business within sometimes an industry emphasis. We've talked about this quite often on "Breaking Analysis." Snowflake is moving into the data science arena from its data warehouse strength, and Databricks is moving into analytics and the world of SQL from its AI/ML position of strength, and both companies are doing well, although Snowflake was able to get to the public markets at IPO, Databricks has not. Now, even though Snowflake is on the quarterly shock clock as we saw earlier, it has a larger presence in the market. That's at least partly due to the tailwind of an IPO, and, of course, a stronger go-to market posture. Okay, so we wanted to share some of that with you, and I realize it's a bit of a tangent, but it's good stuff from a qualitative practitioner perspective. All right, let's close with some final thoughts. Look forward a little bit. Things in the short-term are really hard to predict. We've seen these oversold rallies peter out for the last couple of months because the world is such a mess right now, and it's really difficult to reconcile these counterveiling trends. Nothing seems to be working from a public policy perspective. Now, we know tech spending is softening, but let's not forget it, five to 6% growth. It's at or above historical norms, but there's no question the trend line is down. That said, there are certain growth companies, several mentioned in this episode, that are modern and vying to be generational platforms. They're well-positioned, financially sound, disciplined, with strong cash positions, with inherent profitability. What I mean by that is they can dial down growth if they wanted to, dial up EBIT, but being a growth company today is not what it was a year ago. Because of rising rates, the discounted cash flows are just less attractive. So earnings estimates, along with revenue multiples on these growth companies, are reverting toward the mean. However, companies like Snowflake, and CrowdStrike, and some others are able to still command a relative premium because of their execution and continued momentum. Others, as we reported last week, like UiPath for example, despite really strong momentum and customer spending, have had execution challenges. Okta is another example of a company with strong spending momentum, but is absorbing off zero for example. And as a result, they're getting hit harder from evaluation standpoint. The bottom line is sellers are still firmly in control, the bulls have been humbled, and the traders aren't buying growth tech or much tech at all right now. But long-term investors are looking for entry points because these generational companies are going to be worth significantly more five to 10 years down the line. Okay, that's it for today. Thanks for watching this "Breaking Analysis" episode. Thanks to Alex Myerson and Ken Schiffman on production. And Alex manages our podcast as well. Kristen Martin and Cheryl Knight. They help get the word out on social media and in our newsletters. And Rob Hof is our editor-in-chief over at SiliconANGLE do some wonderful editing for us, so thank you. Thank you all. Remember that all these episodes are available as podcast wherever you listen. All you do is search "Breaking Analysis" podcast. I publish each week on wikibon.com and siliconangle.com and you can email me at david.vellante@siliconangle.com, or DM me @dvellante, or comment on my LinkedIn post. And please check out etr.ai for the very best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights, powered by ETR. Thanks for watching, and we'll see you next time on "Breaking Analysis." (gentle music)

>> From theCUBE studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE and ETR, this is Breaking Analysis with Dave Vellante. >> In our 2020 predictions post, we said that organizations would begin to operationalize their digital transformation experiments and POCs. We also said that based on spending data that cybersecurity companies like CrowdStrike and Okta were poised to rise above the rest in 2020, and we even said the S&P 500 would surpass 3,700 this year. Little did we know that we'd have a pandemic that would make these predictions a virtual lock, and, of course, COVID did blow us out of the water in some other areas, like our prediction that IT spending would increase plus 4% in 2020, when in reality, we have a dropping by 4%. We made a number of other calls that did pretty well, but I'll let you review last year's predictions at your leisure to see how we did. Hello, everyone. This is Dave Vellante and welcome to this week's Wikibon CUBE Insights powered by ETR. Erik Bradley of ETR is joining me again for this Breaking Analysis, and we're going to lay out our top picks for 2021. Erik, great to see you. Welcome back. Happy to have you on theCUBE, my friend. >> Always great to see you too, Dave. I'm excited about these picks this year. >> Well, let's get right into it. Let's bring up the first prediction here. Tech spending will rebound in 2021. We expect a 4% midpoint increase next year in spending. Erik, there are a number of factors that really support this prediction, which of course is based on ETR's most recent survey work, and we've listed a number of them here in this slide. I wonder if we can talk about that a little bit, the pace of the vaccine rollout. I've called this a forced march to COVID, but I can see people doubling down on things that are working. Productivity improvements are going to go back into the business. People are going to come back to the headquarters and that maybe is going to spur infrastructure on some pent-up demand, and work from home, we're going to talk about that. What are your thoughts on this prediction? >> Well, first of all, you weren't wrong last year. You were just, (laughs) you were just delayed. Just delayed a little bit, that's all. No, very much so. Early on, just three months ago, we were not seeing this optimism. The most recent survey, however, is capturing 4%. I truly believe that still might be a little bit mild. I think it can go even higher, and that's going to be driven by some of the things you've said about. This is a year where a lot of spending was paused on machine learning, on automation, on some of these projects that had to be stopped because of what we all went through. Right now, that is not a nice to have, it's a must have, and that spending is going quickly. There's a rapid pace on that spending, so I do think that's going to push it and, of course, security. We're going to get to this later on so I don't want to bury the lede, but with what's happening right now, every CISO I speak to is not panicked, but they are concerned and there will definitely be increased security spending that might push this 4% even higher. >> Yeah, and as we've reported as well, the survey data shows that there's less freezing of IT, there are fewer layoffs, there's more hiring, we're accelerating IT deployments, so that, I think, 34% last survey, 34% of organizations are accelerating IT deployments over the next three months, so that's great news. >> And also your point too about hiring. I was remiss in not bringing that up because we had layoffs and we had freezes on hiring. Both of that is stopping. As you know, as more head count comes in, whether that be from home or whether that be in your headquarters, both of those require support and require spending. >> All right, let's bring up the next prediction. Remote worker trends are going to become fossilized, settling in at an average of 34% by year-end 2021. Now, I love this chart, you guys. It's been amazingly consistent to me, Erik. We're showing data here from ETR's latest COVID survey. So it shows that prior to the pandemic, about 15 to 16% of employees on average worked remotely. That jumped to where we are today and well into the 70s, and we're going to stay close to that, according to the ETR data, in the first half of 2021, but by the end of the year, it's going to settle in at around 34%. Erik, that's double the pre-pandemic numbers and that's been consistent in your surveys over the past six month, and even within the sub-samples. >> Yeah, super surprised by the consistency, Dave. You're right about that. We were expecting the most recent data to kind of come down, right? We see the vaccines being rolled out. We kind of thought that that number would shift, but it hasn't, it has been dead consistent, and that's just from the data perspective. What we're hearing from the interviews and the feedback is that's not going to change, it really isn't, and there's a main reason for that. Productivity is up, and we'll talk about that in a second, but if you have productivity up and you have employees happy, they're not commuting, they're working more, they're working effectively, there is no reason to rush. And now imagine if you're a company that's trying to hire the best talent and attract the best talent but you're also the only company telling them where they have to live. I mean, good luck with that, right? So even if a few of them decide to make this permanent, that's something where you're going to really have to follow suit to attract talent. >> Yeah, so let's talk about that. Productivity leads us to our next prediction. We can bring that up. Number three is productivity increases are going to lead organizations to double down on the successes of 2020 and productivity apps are going to benefit. Now, of course, I'm always careful to cautious to interpret when you ask somebody by how much did productivity increase. It's a very hard thing to estimate depending on how you measure it. Is it revenue per employee? Is it profit? But nonetheless, the vast majority of people that we talk to are seeing productivity is going up. The productivity apps are really the winners here. Who do you see, Erik, as really benefiting from this trend? This year we saw Zoom, Teams, even Webex benefit, but how do you see this playing out in 2021? >> Well, first of all, the real beneficiaries are the companies themselves because they are getting more productivity, and our data is not only showing more productivity, but that's continuing to increase over time, so that's number one. But you're 100% right that the reason that's happening is because of the support of the applications and what would have been put in place. Now, what we do expect to see here, early on it was a rising tide lifted all boats, even Citrix got pulled up, but over time you realize Citrix is really just about legacy applications. Maybe that's not really the virtualization platform we need or maybe we just don't want to go that route at all. So the ones that we think are going to win longer term are part of this paradigm shift. The easiest one to put out as example is DocuSign. Nobody is going to travel and sit in an office to sign a paper ever again. It's not happening. I don't care if you go back to the office or you go back to headquarters. This is a paradigm shift that is not temporary. It is permanent. Another one that we're seeing is Smartsheet. Early on it started in. I was a little concerned about it 'cause it was a shadow IT type of a company where it was just spreading and spreading and spreading. It's turned out that this, the data on Smartsheet is continuing to be strong. It's an effective tool for project management when you're remotely working, so that's another one I don't see changing anytime. The other one I would call out would be Twilio. Slightly different, yes. It's more about the customer experience, but when you look at how many brick and mortar or how many in-person transactions have moved online and will stay there, companies like Twilio that support that customer experience, I'll throw out a Qualtrics out there as well, not a name we hear about a lot, but that customer experience software is a name that needs to be watched going forward. >> What do you think's going to happen to Zoom and Teams? Certainly Zoom just escalated this year, a huge ascendancy, and Teams I look at a little differently 'cause it's not just video conferencing, and both have done really, really well. How do you interpret the data that you're seeing there? >> There's no way around it, our data is decelerating quickly, really quickly. We were kind of bullish when Zoom first came out on the IPO prospects. It did very well. Obviously what happened in this remote shift turned them into an absolute overnight huge success. I don't see that continuing going forward, and there's a reason. What we're seeing and hearing from our feedback interviews is that now that people recognize this isn't temporary and they're not scrambling and they need to set up for permanency, they're going to consolidate their spend. They don't need to have Teams and Zoom. It's not necessary. They will consolidate where they can. There's always going to be the players that are going to choose Slack and Zoom 'cause they don't want to be on Microsoft architecture. That's fine, but you and I both know that the majority of large enterprises have Microsoft already. It's bundled in in pricing. I just don't see it happening. There's going to be M&A out there, which we can talk about again soon, so maybe Zoom, just like Slack, gets to a point where somebody thinks it's worthwhile, but there's a lot of other video conferencing out there. They're trying to push their telephony. They're trying to push their mobile solutions. There's a lot of companies out there doing it, so we'll see, but the current market cap does not seem to make sense in a permanent remote work situation. >> I think I'm inferring Teams is a little different because it's Microsoft. They've got this huge software estate they can leverage. They can bundle. Now, it's going to be interesting to see how and if Zoom can then expand its TAM, use its recent largesse to really enter potentially new markets. >> It will be, but listen, just the other day there was another headline that one of Zoom's executives out in China was actually blocking content as per directed by the Chinese government. Those are the kind of headlines that just really just get a little bit difficult when you're running a true enterprise size. Zoom is wonderful in the consumer space, but what I do is I research enterprise technology, and it's going to be really, really difficult to make inroads there with Microsoft. >> Yep. I agree. Okay, let's bring up number four, prediction number four. Permanent shifts in CISO strategies lead to measurable share shifts in network security. So the remote work sort of hyper-pivot, we'll call it, it's definitely exposed us. We've seen recent breaches that underscore the need for change. They've been well-publicized. We've talked a lot about identity access management, cloud security, endpoint security, and so as a result, we've seen the upstarts, and just a couple that we called, CrowdStrike, Okta, Zscaler has really benefited and we expect them to continue to show consistent growth, some well over 50% revenue growth. Erik, you really follow this space closely. You've been focused on microsegmentation and other, some of the big players. What are your thoughts here? >> Yeah, first of all, security, number one in spending overall when we started looking and asking people what their priority is going to be. That's not changing, and that was before the SolarWinds breach. I just had a great interview today with a CISO of a global hospitality enterprise to really talk about the implications of this. It is real. Him and his peers are not panicking but pretty close, is the way he put it, so there is spend happening. So first of all, to your point, continued on Okta, continued on identity access. See no reason why that changes. CrowdStrike, continue. What this is going to do is bring in some new areas, like we just mentioned, in network segmentation. Illumio is a pure play in that name that doesn't have a lot of citations, but I have watched over the last week their net spending score go from about 30 to 60%, so I am watching in real time, as this data comes in in the later part of our survey, that it's really happening Forescout is another one that's in there. We're seeing some of the zero trust names really picking up in the last week. Now, to talk about some of the more established names, yeah, Cisco plays in this space and we can talk about Cisco and what they're doing in security forever. They're really reinventing themselves and doing a great job. Palo Alto was in this space as well, but I do believe that network and microsegmentation is going to be something that's going to continue. The other one I'm going to throw out that I'm hearing a lot about lately is user behavior analytics. People need to be able to watch the trends, compare them to past trends, and catch something sooner. Varonis is a name in that space that we're seeing get a lot of adoptions right now. It's early trend, but based on our data, Varonis is a name to watch in that area as well. >> Yeah, and you mentioned Cisco transitioning, reinventing themselves toward a SaaS player. Their subscription, Cisco's security business is a real bright spot for them. Palo Alto, every time I sit in on a VENN, which is ETR's proprietary roundtable, the CISOs, they love Palo Alto. They want to work, many of them, anyway, want to work with Palo Alto. They see them as a thought leader. They seem to be getting their cloud act together. Fortinet has been doing a pretty good job there and especially for mid-market. So we're going to see this equilibrium, best of breed versus the big portfolio companies, and I think 2021 sets up as a really interesting battle for those guys with momentum and those guys with big portfolios. >> I completely agree and you nailed it again. Palo Alto has this perception that they're really thought leaders in the space and people want to work with them, but let's not rule Cisco out. They have a much, much bigger market cap. They are really good at acquisitions. In the past, they maybe didn't integrate them as well, but it seems like they're getting their act together on that. And they're pushing now what they call SecureX, which is sort of like their own full-on platform in the cloud, and they're starting to market that, I'm starting to hear more about it, and I do think Cisco is really changing people's perception of them. We shall see going forward because in the last year, you're 100% right, Palo Alto definitely got a little bit more of the sentiment, of positive sentiment. Now, let's also realize, and we'll talk about this again in a bit, there's a lot of players out there. There will probably be continued consolidation in the security space, that we'll see what happens, but it's an area where spending is increasing, there is a lot of vendors out there to play with, and I do believe we'll see consolidation in that space. >> Yes. No question. A highly fragmented business. A lack of skills is a real challenge. Automation is a big watch word and so I would expect, which brings us, Erik, to prediction number five. Can be hard to do prediction posts without talking about M&A. We see the trend toward increased tech spending driving more IPOs, SPACs and M&A. We've seen some pretty amazing liquidity events this year. Snowflake, obviously a big one. Airbnb, DoorDash, outside of our enterprise tech but still notable. Palantir, JFrog, number of others. UiPath just filed confidentially and their CEO said, "Over the next 12 to 18 months, I would think Automation Anywhere is going to follow suit at some point." Hashicorp was a company we called out in our 2020 predictions as one to watch along with Snowflake and some others, and, Erik, we've seen some real shifts in observability. The ELK Stack gaining prominence with Elastic, ChaosSearch just raised 40 million, and everybody's going after 5G. Lots of M&A opportunities. What are your thoughts? >> I think if we're going to make this a prediction show, I'm going to say that was a great year, but we're going to even have a better year next year. There is a lot of cash on the balance sheet. There are low interest rates. There is a lot of spending momentum in enterprise IT. The three of those set up for a perfect storm of more liquidity events, whether it be continued IPOs, whether it could be M&A, I do expect that to continue. You mentioned a lot of the names. I think you're 100% right. Another one I would throw out there in that observability space, is it's Grafana along with the ELK Stack is really making changes to some of the pure plays in that area. I've been pretty vocal about how I thought Splunk was having some problems. They've already made three acquisitions. They are trying really hard to get back up and keep that growth trajectory and be the great company they always have been, so I think the observability area is certainly one. We have a lot of names in that space that could be taken out. The other one that wasn't mentioned, however, that I'd like to mention is more in the CDN area. Akamai being the grandfather there, and we'll get into it a little bit too, but CloudFlare has a huge market cap, Fastly running a little bit behind that, and then there's Limelight, and there's a few startups in that space and the CDN is really changing. It's not about content delivery as much as it is about edge compute these days, and they would be a real easy takeout for one of these large market cap names that need to get into that spot. >> That's a great call. All right, let's bring up number six, and this is one that's near and dear to my heart. It's more of a longer-term prediction and that prediction is in the 2020s, 75% of large organizations are going to re-architect their big data platforms, and the premise here is we're seeing a rapid shift to cloud database and cross-cloud data sharing and automated governance. And the prediction is that because big data platforms are fundamentally flawed and are not going to be corrected by incremental improvements in data lakes and data warehouses and data hubs, we're going to see a shift toward a domain-centric ownership of the data pipeline where data teams are going to be organized around data product or data service builders and embedded into lines of business. And in this scenario, the technology details and complexity will become abstracted. You've got hyper-specialized data teams today. They serve multiple business owners. There's no domain context. Different data agendas. Those, we think, are going to be subsumed within the business lines, and in the future, the primary metric is going to shift from the cost and the quality of the big data platform outputs to the time it takes to go from idea to revenue generation, and this change is going to take four to five years to coalesce, but it's going to begin in earnest in 2021. Erik, anything you'd add to this? >> I'm going to let you kind of own that one 'cause I completely agree, and for all the listeners out there, that was Dave's original thought and I think it's fantastic and I want to get behind it. One of the things I will say to support that is big data analytics, which is what people are calling it because they got over the hype of machine learning, they're sick of vendors saying machine learning, and I'm hearing more and more people just talk about it as we need big data analytics, we need 'em at the edge, we need 'em faster, we need 'em in real time. That's happening, and what we're seeing more is this is happening with vendor-agnostic tools. This isn't just AWS-aligned. This isn't just GCP-aligned or Azure-aligned. The winners are the Snowflakes. The winners are the Databricks. The winners are the ones that are allowing this interoperability, the portability, which fully supports what you're saying. And then the only other comment I would make, which I really like about your prediction, is about the lines of business owning it 'cause I think this is even bigger. Right now, we track IT spending through the CIO, through the CTO, through IT in general. IT spending is actually becoming more diversified. IT spending is coming under the purview of marketing, it's coming under the purview of sales, so we're seeing more and more IT spending, but it's happening with the business user or the business lines and obviously data first, so I think you're 100% right. >> Yeah, and if you think about it, we've contextualized our operational systems, whether it's the CRM or the supply chain, the logistics, the business lines own their respective data. It's not true for the analytics systems, and we talked about Snowflake and Databricks. I actually see these two companies who were sort of birds of a feather in the early days together, applying Databricks machine learning on top of Snowflake, I actually see them going in diverging places. I see Databricks trying to improve on the data lake. I see Snowflake trying to reinvent the concept of data warehouse to this global mesh, and it's going to be really interesting to see how that shakes out. The data behind Snowflake, obviously very, very exciting. >> Yeah, it's just, real quickly to add on that if we have time, Dave. >> Yeah, sure. >> We all know the valuation of Snowflake, one of the most incredible IPOs I've seen in a long time. The data still supports it. It still supports that growth. Unfortunately for Databricks, their IPO has been a little bit more volatile. If you look at their stock chart every time they report, it's got a little bit of a roller coaster ride going on, and our most recent data for Databricks is actually decelerating, so again, I'm going to use the caveat that we only have about 950 survey responses in. We'll probably get that up to 1,300 or so, so it's not done yet, but right now we are putting Databricks into a category where we're seeing it decelerate a little bit, which is surprising for a company that's just right out of the gate. >> Well, it's interesting because I do see Databricks as more incremental on data lakes and I see Snowflake as more transformative, so at least from a vision standpoint, we'll see if they can execute on that. All right, number seven, let's bring up number seven. This is talking about the cloud, hybrid cloud, multi-cloud. The battle to define hybrid and multi-cloud is going to escalate in 2021. It's already started and it's going to create bifurcated CIO strategies. And, Erik, spending data clearly shows that cloud is continuing its steady margin share gains relative to on-prem, but the definitions of the cloud, they're shifting. Just a couple of years ago, AWS, they never talk about hybrid, just like they don't talk about multi-cloud today, yet AWS continues now to push into on-prem. They treat on-prem as just another node at the edge and they continue to win in the marketplace despite their slower growth rates. Still, they're so large now. 45 billion or so this year. The data is mixed. This ETR data shows that just under 50% of buyers are consolidating workloads, and then a similar, in the cloud workloads, and a similar percentage of customers are spreading evenly across clouds, so really interesting dynamic there. Erik, how do you see it shaking out? >> Yeah, the data is interesting here, and I would actually state that overall spend on the cloud is actually flat from last year, so we're not seeing a huge increase in spend, and coupled with that, we're seeing that the overall market share, which means the amount of responses within our survey, is increasing, certainly increasing. So cloud usage is increasing, but it's happening over an even spectrum. There's no clear winner of that market share increase. So they really, according to our data, the multi-cloud approach is happening and not one particular winner over another. That's just from the data perspective that various do point on AWS. Let's be honest, when they first started, they wanted all the data. They just want to take it from on-prem, put it in their data center. They wanted all of it. They never were interested in actually having interoperability. Then you look at an approach like Google. Google was always about the technology, but not necessarily about the enterprise customer. They come out with Anthos which is allowing you to have interoperability in more cloud. They're not nearly as big, but their growth rate is much higher. Law of numbers, of course. But it really is interesting to see how these cloud players are going to approach this because multi-cloud is happening whether they like it or not. >> Well, I'm glad you brought up multi-cloud in a context of what the data's showing 'cause I would agree we're, and particularly two areas that I would call out in ETR data, VMware Cloud on AWS as well as VM Cloud Foundation are showing real momentum and also OpenStack from Red Hat is showing real progress here and they're making moves. They're putting great solutions inside of AWS, doing some stuff on bare metal, and it's interesting to see. VMware, basically it's the VMware stack. They want to put that everywhere. Whereas Red Hat, similarly, but Red Hat has the developer angle. They're trying to infuse Red Hat in throughout everybody's stack, and so I think Red Hat is going to be really interesting to, especially to the extent that IBM keeps them, sort of lets them do their own thing and doesn't kind of pollute them. So, so far so good there. >> Yeah, I agree with that. I think you brought up the good point about it being developer-friendly. It's a real option as people start kicking a little bit more of new, different developer ways and containers are growing, growing more. They're not testing anymore, but they're real workloads. It is a stack that you could really use. Now, what I would say to caveat that though is I'm not seeing any net new business go to IBM Red Hat. If you were already aligned with that, then yes, you got to love these new tools they're giving you to play with, but I don't see anyone moving to them that wasn't already net new there and I would say the same thing with VMware. Listen, they have a great entrenched base. The longer they can kick that can down the road, that's fantastic, but I don't see net new customers coming onto VMware because of their alignment with AWS. >> Great, thank you for that. That's a good nuance. Number eight, cloud, containers, AI and ML and automation are going to lead 2021 spending velocity, so really is those are the kind of the big four, cloud, containers, AI, automation, And, Erik, this next one's a bit nuanced and it supports our first prediction of a rebound in tech spending next year. We're seeing cloud, containers, AI and automation, in the form of RPA especially, as the areas with the highest net scores or spending momentum, but we put an asterisk around the cloud because you can see in this inserted graphic, which again is preliminary 'cause the survey's still out in the field and it's just a little tidbit here, but cloud is not only above that 40% line of net score, but it has one of the higher sector market shares. Now, as you said, earlier you made a comment that you're not necessarily seeing the kind of growth that you saw before, but it's from a very, very large base. Virtually every sector in the ETR dataset with the exception of outsourcing and IT consulting is seeing meaningful upward spending momentum, and even those two, we're seeing some positive signs. So again, with what we talked about before, with the freezing of the IT projects starting to thaw, things are looking much, much better for 2021. >> I'd agree with that. I'm going to make two quick comments on that, one on the machine learning automation. Without a doubt, that's where we're seeing a lot of the increase right now, and I've had a multiple number of people reach out or in my interviews say to me, "This is very simple. These projects were slated to happen in 2020 and they got paused. It's as simple as that. The business needs to have more machine learning, big data analytics, and it needs to have more automation. This has just been paused and now it's coming back and it's coming back rapidly." Another comment, I'm actually going to post an article on LinkedIn as soon as we're done here. I did an interview with the lead technology director, automation director from Disney, and this guy obviously has a big budget and he was basically saying UiPath and Automation Anywhere dominate RPA, and that on top of it, the COVID crisis greatly accelerated automation, greatly accelerated it because it had to happen, we needed to find a way to get rid of these mundane tasks, we had to put them into real workloads. And another aspect you don't think about, a lot of times with automation, there's people, employees that really have friction. They don't want to adopt it. That went away. So COVID really pushed automation, so we're going to see that happening in machine learning and automation without a doubt. And now for a fun prediction real quick. You brought up the IT outsourcing and consulting. This might be a little bit more out there, the dark horse, but based on our data and what we're seeing and the COVID information about, you said about new projects being unwrapped, new hiring happening, we really do believe that this might be the bottom on IT outsourcing and consulting. >> Great, thank you for that, and then that brings us to number nine here. The automation mandate is accelerating and it will continue to accelerate in 2021. Now, you may say, "Okay, well, this is a lay-up," but not necessarily. UiPath and Automation Anywhere go public and Microsoft remains a threat. Look, UiPath, I've said UiPath and Automation Anywhere, if they were ready to go public, they probably would have already this year, so I think they're still trying to get their proverbial act together, so this is not necessarily a lay-up for them from an operational standpoint. They probably got some things to still clean up, but I think they're going to really try to go for it. If the markets stay positive and tech spending continues to go forward, I think we can see that. And I would say this, automation is going mainstream. The benefits of taking simple RPA tools to automate mundane tasks with software bots, it's both awakened organizations to the possibilities of automation, and combined with COVID, it's caused them to get serious about automation. And we think 2021, we're going to see organizations go beyond implementing point tools, they're going to use the pandemic to restructure their entire business. Erik, how do you see it, and what are the big players like Microsoft that have entered the market? What kind of impact do you see them having? >> Yeah, completely agree with you. This is a year where we go from small workloads into real deployment, and those two are the leader. In our data, UiPath by far the clear leader. We are seeing a lot of adoptions on Automation Anywhere, so they're getting some market sentiment. People are realizing, starting to actually adopt them. And by far, the number one is Microsoft Power Automate. Now, again, we have to be careful because we know Microsoft is entrenched everywhere. We know that they are good at bundling, so if I'm in charge of automation for my enterprise and I'm already a Microsoft customer, I'm going to use it. That doesn't mean it's the best tool to use for the right job. From what I've heard from people, each of these have a certain area where they are better. Some can get more in depth and do heavier lifting. Some are better at doing a lot of projects at once but not in depth, so we're going to see this play out. Right now, according to our data, UiPath is still number one, Automation Anywhere is number two, and Microsoft just by default of being entrenched in all of these enterprises has a lot of market share or mind share. >> And I also want to do a shout out to, or a call out, not really a shout out, but a call out to Pegasystems. We put them in the RPA category. They're covered in the ETR taxonomy. I don't consider them an RPA vendor. They're a business process vendor. They've been around for a long, long time. They've had a great year, done very, very well. The stock has done well. Their spending momentum, the early signs in the latest survey are just becoming, starting to moderate a little bit, but I like what they've done. They're not trying to take UiPath and Automation Anywhere head-on, and so I think there's some possibilities there. You've also got IBM who went to the market, SAP, Infor, and everybody's going to hop on the bandwagon here who's a software player. >> I completely agree, but I do think there's a very strong line in the sand between RPA and business process. I don't know if they're going to be able to make that transition. Now, business process also tends to be extremely costly. RPA came into this with trying to be, prove their ROI, trying to say, "Yeah, we're going to cost a little bit of money, but we're going to make it back." Business process has always been, at least the legacies, the ones you're mentioning, the Pega, the IBMs, really expensive. So again, I'm going to allude to that article I'm about to post. This particular person who's a lead tech automation for a very large company said, "Not only are UiPath and AA dominating RPA, but they're likely going to evolve to take over the business process space as well." So if they are proving what they can do, he's saying there's no real reason they can't turn around and take what Appian's doing, what IBM's doing and what Pega's doing. That's just one man's opinion. Our data is not actually tracking it in that space, so we can't back that, but I did think it was an interesting comment for and an interesting opportunity for UiPath and Automation Anywhere. >> Yeah, it's always great to hear directly from the mouths of the practitioners. All right, brings us to number 10 here. 5G rollouts are going to push new edge IoT workloads and necessitate new system architectures. AI and real-time inferencing, we think, require new thinking, particularly around processor and system design, and the focus is increasingly going to be on efficiency and at much, much lower costs versus what we've known for decades as general purpose workloads accommodating a lot of different use cases. You're seeing alternative processors like Nvidia, certainly the ARM acquisition. You've got companies hitting the market like Fungible with DPAs, and they're dominating these new workloads in the coming decade, we think, and they continue to demonstrate superior price performance metrics. And over the next five years they're going to find their way, we think, into mainstream enterprise workloads and put continued pressure on Intel general purpose microprocessors. Erik, look, we've seen cloud players. They're diversifying their processor suppliers. They're developing their own in-house silicon. This is a multi-year trend that's going to show meaningful progress next year, certainly if you measure it in terms of innovations, announcements and new use cases and funding and M&A activity. Your thoughts? >> Yeah, there's a lot there and I think you're right. It's a big trend that's going to have a wide implication, but right now, it's there's no doubt that the supply and demand is out of whack. You and I might be the only people around who still remember the great chip famine in 1999, but it seems to be happening again and some of that is due to just overwhelming demand, like you mentioned. Things like IoT. Things like 5G. Just the increased power of handheld devices. The remote from work home. All of this is creating a perfect storm, but it also has to do with some of the chip makers themselves kind of misfired, and you probably know the space better than me, so I'll leave you for that on that one. But I also want to talk a little bit, just another aspect of this 5G rollout, in my opinion, is we have to get closer to the edge, we have to get closer to the end consumer, and I do believe the CDN players have an area to play in this. And maybe we can leave that as there and we could do this some other time, but I do believe the CDN players are no longer about content delivery and they're really about edge compute. So as we see IoT and 5G roll out, it's going to have huge implications on the chip supply. No doubt. It's also could have really huge implications for the CDN network. >> All right, there you have it, folks. Erik, it's great working with you. It's been awesome this year. I hope we can do more in 2021. Really been a pleasure. >> Always. Have a great holiday, everybody. Stay safe. >> Yeah, you too. Okay, so look, that's our prediction for 2021 and the coming decade. Remember, all these episodes are available as podcasts. All you got to do is search Breaking Analysis podcast. You'll find it. We publish each week on wikibon.com and siliconangle.com, and you got to check out etr.plus. It's where all the survey action is. Definitely subscribe to their services if you haven't already. You can DM me @dvellante or email me at david.vellante@siliconangle.com. This is Dave Vellante for Erik Bradley for theCUBE Insights powered by ETR. Thanks for watching, everyone. Be well and we'll see you next time. (relaxing music)

>> From theCUBE studios in Palo Alto and Boston, bringing you data-driven insights from theCUBE and ETR, this is Breaking Analysis with Dave Vellante. >> The steepest drop in the stock market since June 11th flipped the narrative and sent investors scrambling. Tech got hammered after a two-month run, and people are asking questions. Is this a bubble popping, or is it a healthy correction? Are we now going to see a rotation into traditional stocks, like banks and maybe certain cyclicals that have lagged behind the technology winners? Hello, everyone, and welcome to this week's episode of Wikibon's CUBE Insights powered by ETR. In this Breaking Analysis, we want to give you our perspective on what's happening in the technology space and unpack what this sentiment flip means for the balance of 2020 and beyond. Let's look at what happened on September 3rd, 2020. The tech markets recoiled this week as the NASDAQ Composite dropped almost 5% in a single day. Apple's market cap alone lost $178 billion. The Big Four: Apple, Microsoft, Amazon, and Google lost a combined value that approached half a trillion dollars. For context, this number is larger than the gross domestic product for countries as large as Thailand, Iran, Austria, Norway, and even the UAE, and many more. The tech stocks that have been running due to COVID, well, they got crushed. These are the ones that we've highlighted as best positioned to thrive during the pandemic, you know, the work-from-home, SaaS, cloud, security stocks. We really have been talking about names like Zoom, ServiceNow, Salesforce, DocuSign, Splunk, and the security names like CrowdStrike, Okta, Zscaler. By the way, DocuSign and CrowdStrike and Okta all had nice earnings beats, but they still got killed underscoring the sentiment shift. Now the broader tech market was off as well on sympathy, and this trend appears to be continuing into the Labor Day holiday. Now why is this happening, and why now? Well, there are a lot of opinions on this. And first, many, like myself, are relatively happy because this market needed to take a little breather. As we've said before, the stock market, it's really not reflecting the realities of the broader economy. Now as we head into September in an election year, uncertainty kicks in, but it really looks like this pullback was fueled by a combination of an overheated market and technical factors. Specifically, take a look at volatility indices. They were high and rising, yet markets kept rising along with them. Robinhood millennial investors who couldn't bet on sports realized that investing in stocks was as much of a rush and potentially more lucrative. The other big wave, which was first reported by the Financial Times, is that SoftBank made a huge bet on tech and bought options tied to around $50 billion worth of high-flying tech stocks. So the option call volumes skyrocketed. The call versus put ratio was getting way too hot, and we saw an imbalance in the market. Now market makers will often buy an underlying stock to hedge call options to ensure liquidity in these cases. So to be more specific, delta in options is a measure of the change in the price of an option relative to the underlying stock, and gamma is a measure of the volatility of the delta. Now usually, volatility is relatively consistent on both sides of the trade, the calls and the puts, because investors often hedge their bets. But in the case of many of these hot stocks, like Tesla, for example, you've seen the call skew be much greater than the skew in the downside. So let's take an example. If people are buying cheap out of the money calls, a market maker might buy the underlying stock to hedge for liquidity. And then if Elon puts out some good news, which he always does, the stock goes up. Market makers have to then buy more of the underlying stock. And then algos kick in to buy even more. And then the price of the call goes up. And as it approaches it at the money price, this forces market makers to keep buying more of that underlying stock. And then the melt up until it stops. And then the market flips like it did this week. When stock prices begin to drop, then market makers were going to rebalance their portfolios and their risk and sell their underlying stocks, and then the rug gets pulled out from the markets. And that's really why some of the stocks that have run dropped so precipitously. Okay, why did I spend so much time on this, and why am I not freaking out? Because I think these market moves are largely technical versus fundamental. It's not like 1999. We had a double whammy of technical rug pulls combined with poor underlying fundamentals for high-flying companies like CMGI and Internet Capital Group, whose businesses, they were all about placing bets on dot-coms that had no business models other than non-monetizable eyeballs. All right, let's take a look at the NASDAQ and dig into the data a little bit. And I think you'll see what I mean and why I'm not too concerned. This is a year-to-date chart of the NASDAQ, and you can see it bottomed on March 23rd at 6,860. And then ran up until June 11th and had that big drop, but was still elevated at 9,492. And then it ran up to over 12,000 and hit an all-time high. And then you see the big drop. And that trend continued on Friday morning. The NASDAQ Composite traded below 11,000. It actually corrected to 10% of its high, 9.8% to be precise, and then it snapped back. But even at its low, that's still up over 20% for the year. In the year of COVID, would that have surprised you in March? It certainly would have surprised me. So to me, this pullback is sort of a relief. It's good and actually very normal and quite predictable. Now the exact timing of these pullbacks, of course, on the other hand is not entirely predictable. Not at all, frankly, at least for this observer. So the big question is where do we go from here? So let's talk about that a little bit. Now the economy continues to get better. Take a look at the August job report; it was good. 1.4 million new jobs, 340,000 came from the government. That was positive numbers. And the other good news is it translates into a drop in unemployment under 10%. It's now at 8.4%. And this is really good relative to expectations. Now the sell-off continued, which suggested that the market wanted to keep correcting, so that's good. Maybe some buying opportunities would emerge in over the next several months, the market snapped back, but for those who have been waiting, I think that's going to happen. And so that snapback, maybe that's an indicator that the market wants to keep going up, we'll see. But I think there are more opportunities ahead because there's really so much uncertainty. What's going to happen with the next round of the stimulus? The jobs report, maybe that's a catalyst for compromise between the Democrats and the Republicans, maybe. The US debt is projected to exceed 100% of GDP this calendar year. That's the highest it's been since World War II. Does that give you a good feeling? That doesn't give me a good feeling. And when we talk about the election, that brings additional uncertainty. So there's a lot to think about for the markets. Now let's talk about what this means for tech. Well, as we've been projecting for months with our colleagues at ETR, despite what's going on in the stock market and its rise, there's those real tech winners, we still see a contraction in 2020 for IT spend of minus 5 to 8%. And we talk a lot about the bifurcation in the market due to COVID accelerating some of these trends that were already in place, like digital transformation and SaaS and cloud. And then the work-from-home kicks in with other trends like video conferencing and the shift to security spend. And we think this is going to continue for years. However, because these stocks have run up so much, they're going to have very tough compares in 2021. So maybe time for a pause. Now let's take a look at the IT spending macroeconomics. This data is from a series of surveys that ETR conducted to try to better understand spending patterns due to COVID. Those yellow slices of the pies show the percent of customers that indicate that their budgets will be impacted by coronavirus. And you can see there's a steady increase from mid-March, which blend into April, and then you can see the June data. It goes from 63% saying yes, which is very high, to 78%, which is very, very high. And the bottom part of the chart shows the degree of that change. So 22% say no change in the latest survey, but you can see much more of a skew to the red declines on the left versus the green upticks on the right-hand side of the chart. Now take a look at how IT buyers are seeing the response to the pandemic. This chart shows what companies are doing as a result of COVID in another recent ETR survey. Now of course, it's no surprise, everybody's working from home. Nobody's traveling for business, not nobody, but most people aren't, we know that. But look at the increase in hiring freezes and freezing new IT deployments, and the sharp rise in layoffs. So IT is yet again being asked to do more with less. They're used to it. Well, we see this driving an acceleration to automation, and that's going to benefit, for instance, the RPA players, cloud providers, and modern software vendors. And it will also precipitate a tailwind for more aggressive AI implementations. And many other selected names are going to continue to do well, which we'll talk about in a second, but they're in the work-from-home, the cloud, the SaaS, and the modern data sectors. But the problem is those sectors are not large enough to offset the declines in the core businesses of the legacy players who have a much higher market share, so the overall IT spend declines. Now where it gets kind of interesting is the legacy companies, look, they all have growth businesses. They're making acquisitions, they're making other bets. IBM, for example, has its hybrid cloud business in Red Hat, Dell has VMware and it's got work-from-home solutions, Oracle has SaaS and cloud, Cisco has its security business, HPE, it's as a service initiative, and so forth. And again, these businesses are growing faster, but they are not large enough to offset the decline in core on-prem legacy and drive anything more than flat growth, overall, for these companies at best. And by the time they're large enough, we'll be into the next big thing, so the cycle continues. But these legacy companies are going to compete with the upstarts, and that's where it gets interesting. So let's get into some of the specific names that we've been talking about for over a year now and make some comments around their prospects. So what we want to do is let's start with one of our favorites: Snowflake. Now Snowflake, along with Asana, JFrog, Sumo Logic, and Unity, has a highly anticipated upcoming IPO. And this chart shows new adoptions in the database sector. And you can see that Snowflake, while down from the October 19th survey, is far outpacing its competitors, with the exception of Google, where BigQuery is doing very well. But you see Mongo and AWS remain strong, and I'm actually quite encouraged that it looks like Cloudera has righted the ship and you kind of saw that in their earnings recently. But my point is that Snowflake is a share gainer, and we think will likely continue to be one for a number of quarters and years if they can execute and compete with the big cloud players, and that's a topic that we've covered extensively in previous Breaking Analysis segments, and, as you know, we think Snowflake can compete. Now let's look at automation. This is another space that we've been talking about quite a bit, and we've largely focused on two leaders: UiPath and Automation Anywhere. But I have to say, I still like Blue Prism. I think they're well-positioned. And I especially like Pegasystems, which has, for years, been embarking on a broader automation agenda. What this chart shows is net score or spending velocity data for those customers who said they were decreasing spend in 2020. Those red bars that we showed earlier are the ones who are decreasing. And you can see both Automation Anywhere and UiPath show elevated levels within that base where spending is declining, so that's a real positive. Now Microsoft, as we've reported, is elbowing its way into the market with what is currently an inferior point product, but, you know, it's Microsoft, so we can't ignore that. And finally, let's have a look at the all-important security sector, which we've covered extensively and put out a report recently. So what this next chart does is cherry-picks of a few of our favorite names, and it shows the net score or spending momentum and the granularity for some of the leaders and emerging players. All of these players are in the green, as you can see in the upper right, and they all have decent presence in the dataset as indicated by the shared NS. Okta is at the top of the list with 58% net score. Palo Alto, they're a more mature player, but still, they have an elevated net score. CrowdStrike's net score dropped this quarter, which was a bit of a concern, but it's still high. And it followed by SailPoint and Zscaler, who are right there. The big three trends in this space right now are cloud security, identity access management, and endpoint security. Those are the tailwinds, and we think these trends have legs. Remember, net score in this survey is a forward-looking metric, so we'll come back and look at the next survey, which is running this month in the field from ETR. Now everyone on this chart has reported earnings, except Zscaler, which reports on September 9th, and all of these companies are doing well and exceeding expectations, but as I said earlier, next year's compares won't be so easy. Oh, and by the way, their stock prices, they all got killed this week as a result of the rug pull that we explained earlier. So we really feel this isn't a fundamental problem for these firms that we're talking about. It's more of a technical in the market. Now Automation Anywhere and UiPath, you really don't know because they're not public and I think they need to get their house in order so they can IPO, so we'll see when they make it to public markets. I don't think that's an if, that I think they will IPO, but the fact that they haven't filed yet says they're not ready. Now why wouldn't you IPO if you are ready in this market despite the recent pullbacks? Okay, let's summarize. So listen, all you new investors out there that think stock picking is easy, look, any fool can make money in a market that goes up every day, but trees don't grow to the moon and there are bulls and bears and pigs, and pigs get slaughtered. And I can throw a dozen other cliches at you, but I am excited that you're learning. You maybe have made a few bucks playing the options game. It's not as easy as you might think. And I'm hoping that you're not trading on margin. But look, I think there are going to be some buying opportunities ahead, there always are, be patient. It's very hard, actually impossible, to time markets, and I'm a big fan of dollar-cost averaging. And young people, if you make less than $137,000 a year, load up on your Roth, it's a government gift that I wish I could have tapped when I was a newbie. And as always, please do your homework. Okay, that's it for today. Remember, these episodes, they're all available as podcasts, wherever you listen, so please subscribe. I publish weekly on wikibon.com and siliconangle.com, so check that out, and please do comment on my LinkedIn posts. Don't forget, check out etr.plus for all the survey action. Get in touch on Twitter, I'm @dvellante, or email me at david.vellante@siliconangle.com. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching, everyone. Be well, and we'll see you next time. (gentle upbeat music)

>> Advertiser: From theCUBE Studios in Palo Alto, in Boston, connecting with thought leaders all around the world, this is theCUBE Conversation. >> Hi, everybody, this is Dave Vellante and welcome to our ongoing CXO series, Charlie Giancarlo season, chief executive officer of Pure Storage. Charlie, always a pleasure. Thanks so much for taking the time. >> Thanks, Dave. And like you said, always a pleasure, thank you. >> Well, I got to start asking you, the last time we talked, you were recovering from COVID. How are you doing? >> Yeah, I'm doing great actually. I seem to have fully recovered. I've been on 17 mile hikes at 10,000 feet. I've been doing a lot of biking, so it looks like other than my wife telling me that maybe I'm not all there, but she did that before COVID. So I'm used to it. >> Well, that's awesome to hear. Well, of course, just yesterday, you guys announced your quarter. I want to start there. You beat expectations, although revenue growth was a little less robust than we're used to from Pure, but you clearly had some activity regarding COVID in the US. International, very strong, but again, we'll talk about this US customers kind of reevaluating was your other key point. I got a lot of takeaways from the call that I want to ask you about. But the big thing was you had set a very confident tone on the Earnings Call. So I kind of want to start there. Well, give us your summary. >> Yeah, no, thank you for that. So first of all, we feel like we're operating really with all of our cylinders going. We have operational discipline. We've been adding to our R&D capabilities. We've hired people this year. and we showed a profit this quarter. So we're operating, I think very well. We've introduced a boatload of new products continuously over the last couple of quarters, including, FlashArray//C, the first and only all-flash product that competes at second Tier disc levels. We introduced our file services on FlashArray//C, which really allows us to go into the general purpose of file market. And we picked up a huge amount of share as you well know in Q1. We believe we're going to pick up significant share in Q2 as well, well above our competitors. So we feel like given everything we can control, we're doing very well. As you said, in Q2, what we saw was Europe, which came out of the crisis for the most part recover very, very nicely. The US, that's still in the crisis. Of course, we're seeing some slowness and especially among what we call the mid tier or the commercial market. They've been hurt very badly by the lockdown in the economy. And they have our sympathies, but we definitely saw some slow down there. >> Yeah, so I want to talk about the market share and maybe unpack some of that data. I mean, you guys gave a cautious outlook. It kind of gave no formal guidance, but you did informally guide flat, so you kind of gave some visibility there. So actually I appreciated it. I think some of the analysts were a little bit concerned there, but I think that's prudent. And they're really the expectations are a function of your expectations around the COVID recovery. I think you mentioned your account almost state by state and very clearly the international where you've seen comebacks have been very, very strong. >> Right, so I think our customers' data continues to grow if anything, growing faster under a lockdown environment and the move to more digital engagement with everyone, their customers, their employees, et cetera. So digital continues to grow, which generally creates more demand. However, of course, as you know, in storage customers generally always have a buffer. And what we saw on Q2 was customers starting to reconsider how they're going to spend their IT budget. And whenever you have a reconsideration, you have a slowdown. And that's what we experienced. And especially in the US where the effects of the pandemic, of the economy have been much more severe than in other parts of the world. >> Yeah, so I want to talk about some data. I often, as you know, like to share some data from our partner ETR every quarter we do the survey. So guys bring up that chart. And what it shows here, let's just set it up for the audience and Charlie for you as well. That this is essentially net score, which is a measure of spending velocity for the major primary guys. So we show Pure at the top in orange, that's just a coincidence guys. And then HPE, NetApp, Dell, and IBM. And you can see the net score, and then I've super imposed there in that table, in the upper left. And you can see Pure Storage is really the only one of these majors in the green. Everybody else is in the red, which is either the lower or high teens. And you can see a little bit of a COVID impact, last quarter, but holding strong at about a 40% net score where everybody else is, as I say, in the mid teens. And so that's a real positive. I point out, this is a forward looking survey. So we're asking people, what are you planning on spending in the second half relative to what you spent in the first half. And again, we see Pure with consistent momentum. I'll add, just if you looked at the past quarter, you guys announced plus 2% growth. IBM was plus 3% growth and we know why, they have the mainframe tailwind. HPE played a little hide, the growth ball. I don't know Charlie, how closely you looked at it, but they said 4% growth sequentially. Now, the last quarter they were down 16%. The same quarter last year, they were flat. So it looks to me like they were down this quarter. So we appreciate when you have clear guidance. >> Their storage, by the way, was down 10% year over year. >> Yeah, okay, great, thank you. I didn't pick up on that. And so, yeah, that seemed like that to me. And then NetApp happens tonight and we get Dell tomorrow. But so you were saying that you gained share, what gives you that confidence? >> Well, several, you mean for Q2? We know we gained Q1, right? We were 15 points above the industry average and maybe about 20 points ahead of our competitors. We saw a similar momentum from our partner. Remember, we're 100% partner fulfilled, right? And so in conversations with our partners, we have a general sense of how we're doing vis-a-vis competitive environments. We also know that our win rates have held very nicely and in quarters, almost every quarter, we're used to about a 20% per annum higher growth rate than our competitors. So when all of our metrics, that is our relative metrics. Things like win rates and so forth continue unabated, we generally expect to have the same outcome. >> Great, and then so let me go through some of the takeaways that I have from the quarter. I'll just run through them and we can go wherever you like. But the COVID snapback obviously is a key indicator. We saw that in international versus the US. >> Charlie: Right. >> New opportunities for growth. I want to talk about that, at some length the FlashArray//C object, the Cohesity pieces and other TAM expansion. The pipeline is very encouraging, but there's some uncertainty leading to your tepid guidance. Very strong, gross margins as usual. The subscription model is growing nicely. I want to hit on that. And the RPO, the remaining performance obligations grew to almost a billion dollars. That's a big number. New logo, solid at 20%. No real change in the competitive, but you called out, you'll see more PowerMax than PowerStore. That was really interesting. You're still hiring pretty aggressively, last quarter. And your technology investments continue. And I'll throw in the seven nines, which I think is another industry first, but where do you want to go there? >> Yeah, well, seven nines is a reliability figure for those of your audience that doesn't know. It relates to how much uptime or availability a product has or in our case, fleet of products. We have tens of thousands of arrays in the field. And last quarter we achieved what's called seven nines, which is the equivalent across the fleet of only three seconds of downtime per array per year. Which is, most other vendors had struggled to stay to five nines. And that's typically without even counting what they call scheduled downtime for upgrades. We don't even count that. We count all downtime of any type. So we're clearly, I think with no doubt, we're the most reliable product on the these days. >> So I want to come back to the TAM discussion because you, I inferred many opportunities for you guys to continue to grow. I mean, it's Flash, it's still about flash. flash is gaining share relative to spinning disk and relative to hybrid, you guys made that point a lot. FlashArray//C, you sound pretty happy with that, again, going after hybrid. And then this notion of bringing file services and object that unify play. kind of the man made great strides years ago with that capability. And then the data protection piece, the recovery with Cohesity, the faster recovery. That's another TAM expansion. So really, I identified four points of potential growth area for you over the next several years. I wonder if you could talk about that? >> Absolutely, we do feel very positive about all these areas. These areas open up a huge amount of the TAM that we didn't play in before. So FlashArray//C for example, as you say, flash was always a primary workload environment for flash 'cause it was very expensive compared to disc. Higher performance, better ecological footprint, denser, faster, cheaper, are more expensive though. So it only went after primary workload, but the vast majority of data storage is secondary workload. Things that don't require the high performance and therefore customers want it less expensive. And of course there were even more bits there. But FlashArray//C now competes very well with low cost disc, which is amazing. And of course it's 10 times lower footprint and 10 times more reliable. So this is the first and literally today only product that has all-flash in that secondary workload market. So just opens up a huge amount for us. And then, yes, I love talking about data protection for the following reason, customers actually don't want to do a backup, right? If you think about it, what they really want is recovery. Backup is what you have to do in order to get recovery. And these backup systems have been very good at backup, but usually can take 24 or 48 or even more hours to be able to recover from a failure. And now with ransomware, you don't want your website to be down for days before it comes back up. You don't want your traders not trading for days. It costs a lot of money. And with what we call rapid recovery and now flash recover, we can have companies come back within an hour or two at most, with a rapid recovery solution. And so the integrated solution that we've put together with Cohesity, allows customers to very quickly get up and running with an anti ransomware solution that allows them to get back up and operating in no time at all. >> Well, was interesting to see you choosing the partner route. I mean, you could have, if you remember EMC in the day. They bought in, data protection and it had actually worked out pretty well for them. You look at a company like NetApp, they've chosen not to vertically integrate with backup. You're choosing the same path. What's the thinking there? Stick to your knitting and partner up and add value where you can? >> Yeah, we have strong partnerships actually with all of the data backup players, Veritas Veeam, with Rubrik and others. In many cases, customers have already made their decision who their backup player is. Also, backup is actually a very relatively fragmented market. There's backup for different types of applications and different vendors have strengths and weaknesses in each one of those. And so our partnership across the backup board is very important to us. We did see however customers wanting an integrated solution, which we have, let's say initiated with Cohesity. But we believe it's the first of what will be multiple pure validated designs. Not all of which will be OEM, but all of which will be available as integrated systems in the market, through our channel partners. And so you can expect to see more of these as we go forward. >> So kind of the PVDs okay. I want to ask you about your subscription model. I mean, it's growing very nicely. Are there nuances there just in terms of understanding the income statement ie, product revenue was down, subscriptions growing. Are you going through that transition and having to sort of educate people on the impact on the income statement? You didn't make a big deal out of that on the Earnings Call and I thought, well, maybe I'm overstating that, but I wonder if you could talk about that dynamic? >> No, no, you're absolutely correct. And there is some of that going on on the earning statement. The bigger part, though, of let's say the lower growth this quarter was due, and the forecast was due to the pandemic. No doubt and especially in the US, especially hard hit in the US. But simultaneously we are going through the transition that many companies have had to go through in the past where a larger proportion over time of our sales are going to be what we call Pure as-a-Service and our unified subscription. So moving to subscription from CapEx. And whenever you do that, it takes a while, even though your sales, as in bookings, can stay in the growth path. The revenue takes a while to catch up as your subscription bookings grow. So there is some of that going on on our P and L as well. >> Yeah, well, it's the nirvana to the extent you can get that model. And of course your RPO is a good indication of you got a nice backlog that's yielding, that's certainty in revenue. >> That's correct. And the RPO is very nice and it reflects the fact that we have multi-year contracts going in with customers who are choosing Pure as-a-Service in Evergreen. And of course, the billing only reflects what we've actually built them for. >> I was struck by your comments regarding your main competitor, which is Dell, Dell EMC. Now, of course, in the early days of Pure, I've always said you guys drove a truck through the old VNX and symmetrics base. You said you're seeing PowerMax more than you're seeing PowerStore. That was interesting and somewhat surprising to me. >> Yeah, well, a standard play of Dell is to offer VMAX because it's less expensive versus our FlashArray. And then when the customer clearly says, well, it's just not performance enough or it just can't do the work that we need, then they'll offer PowerMax at a supposedly a deep discount to be able to compete with a FlashArray. So that's been a favorite tactic of theirs for quite some time. We maintain our win rates against that. PowerStore on the other hand, remember, it's a forklift upgrade with a new product on four different Dell existing products, right? And two things. One, is customers are just reluctant right now to try new things, right? They don't have the time to be able to test them properly. But I also think there's some reluctance even on Dell's part to put those properties up for grabs right now, when customers are more risk adverse. So, we continue, as I said, we are not seeing it as much as we had thought we might going into this. >> Yeah, we'll definitely find out more tomorrow. And I would expect that, to the extent that you're having more and more success in file, you're going to obviously run into NetApp more. >> Yeah, and that's what we're expecting. The file services on FlashArray//C really allow us to start to penetrate the general purpose file market. Clearly not on the very small, and we're not going after the very small market. We're going after the data center file share market on this and the Tier 2 workloads. >> Well, what's the early returns there? I mean, you saw the NetApp did the SolidFire acquisition to shore up NetApp kind of missed flash, and then bought SolidFire but that is obviously a good play. Do you feel like it's a tougher road than perhaps the old EMC install base or what are you seeing early on? >> Well, there's a lot of maturity obviously in files. And it will take us a while to be able to get up to full levels of maturity in files. But what customers love about us is our simplicity. And our file services on FlashArray is just as simple as our block services on FlashArray. And I think what customers are going to find is a very performant product that requires very little maintenance, very little tuning to meet their needs. And I think they're just going to appreciate the fact that it's a true fully capable block product with a fully capable set of file services. And that they'll be able to consolidate more and more of their use cases onto smaller and smaller footprint. So I think that's what they're going to appreciate about what we do. >> That's ironic, outsimplifying NetApp, which of course made its name, taken on guys like ASPEX for those of you remember that or even even the early day. So that's good. And I'd be remiss if I didn't ask you about cloud. Thinking on cloud, I know it's early days and I know most of your subscriptions of course are still with on-prem, but you made an interesting announcement last year to accelerate with Cloud Block Store running on AWS. How's the uptake been there? What can you tell us about that? >> Yeah, we're seeing a good uptake there. I'd say more of it is in the DevOps environment than in the actual NDR, disaster recovery, more than it is in transition of primary workloads into the cloud. And we're just seeing a bit less of that than one would expect given all the press around it. I don't think it's us. I think customers are just taking a while. They're focusing their new activities in the cloud and much less about transitioning existing environments. But we are seeing work done there. What we are seeing is a huge uptake in what we call our unified subscription, which is a Pure as-a-Service on-prem where we deliver to our customers, basically cloud, the equivalent from their point of view of cloud storage on-prem, where we manage the entire environment plus the unified subscription is that plus Cloud Block Store. So regardless of where our customers want to place their data, either on-prem or in the cloud, it's the same price and the same contract, same interface, same management to them. So we've seen a huge, I mean, literally an incredible spike in uptake in that. >> Great, thank you for that. And then I got to end with, I asked you last time about networking. You have a, a very wide observation space and a lot of expertise in a lot of different areas. So I want to ask you about, we've seen the spate of IPOs this week. Snowflake came , Palantir, UniFi, JFrog, number of others. Very interesting to see that in the Valley, you're in the Valley. Of course you shot in the Valley like everybody else these days, but what do you make of that? Is it kind of everybody trying to get in before the election? Or is it just a really good time? What's your take on that? >> I think a lot of it is getting in before the election, but a lot of stock market movements as you well know, has to do with cash flows more than it has to do with the prospects of individual companies and just given the amount of stimulus that's taking place, not just in US but worldwide. There's a lot of money floating around, which is boiling stock market prices. And so it's a great, an old colleague of mine had a saying, "When Monday's on sale, take it." And that seems to be the case right now, at least as far as the stock market is concerned. And I've stood there for a good time for IPOs. >> Well, the Palantir IPO took a swipe at Silicon Valley broadly, really targeting, I think Facebook and Google. It really doesn't have anything to do with your business, but I mean, I think as an executive in Silicon Valley, you see the innovation and the software development that's going into so many good things. I was struck by that though. I thought it was a little bit of a cheap shot at Silicon Valley. It really was aimed at Google and Facebook because there's so many companies from you guys, Cisco, Palo Alto Networks, it'll work on and on and on. They are just doing some great software work. And we're seeing that with COVID, where would we be without Big Tech? >> Well, thank you, Dave. I think the press tends to focus on the consumer companies. And we all have maybe our own individual opinions about the way they operate, but you're correct. I mean, I think the good foundational work that many companies in Silicon Valley are doing to make our lives easier every day, just continues to really impress. >> Well, Charles Giancarlo it's always a pleasure. Thanks so much. You're generous with your time. I really appreciate you coming on theCUBE. >> Thank you, Dave. Again, as you said, always a pleasure to speak with you and look forward to doing it next quarter. >> All right, us as well. And thank you for watching everybody. This is Dave Vellante for theCUBE. We'll see you next time, we're out. (bright upbeat music)

(bright symphony music) >> Hello, I'm John Furrier, the founder of SiliconANGLE Media and co-host of theCUBE. We're here in Paulo Alto at our studio here. I'm joining with Joseph Jacks, the founder and general partner of OSS Capital. Open Source Software Capital, is what OSS stands for. He's also the founder of KubeCon which now is part of the CNCF. It's a huge conference around Kubernetes. He's a cloud guy. He knows open source. Very well respected in the industry and also a great guest and friend of theCUBE, CUBE alumni. Joseph, great to see you. Also known as JJ. JJ, good to see you. >> Thank you for having me on again, John. >> Hey, great to have you come on. I know we've talked many times on theCUBE, but you've got some exciting news. You got a new firm, OSS Capital. Open Source Software, not operational support like a telco, but this is an investment opportunity where you're making investments. Congratulations. >> Thank you. >> So I know you can't talk about some of the specifics on the funds size, but you are actually going to go out, talk to entrepreneurs, make some equity investments. Around open source software. What's the thesis? How did you get here, why did you do it? What's motivating you, and what's the thesis? >> A lot of questions in there. Yeah, I mean this is a really profoundly huge year for open source software. On a bunch of different levels. I think the biggest kind of thing everyone anchors towards is GitHub being acquired by Microsoft. Just a couple of weeks ago, we had the two huge hadoop vendors join forces. That, I think, surprised a lot of people. MuleSoft, which is a big opensource middleware company, getting acquired by Salesforce just a year after going public. Just a huge outcome. I think one observation, just to sort of like summarize the year 2018, is actually, starting in January, almost on sort of like a monthly basis, we've observed a major sort of opensource software company outcome. And sort of kicking off the year, we had CoreOS getting acquired by Red Hat. Brandon and Alex, the founders over there, built a really interesting company in the Kubernetes ecosystem. And I think in February, Al Fresco, which is an open source content portal taking privatization outcome from a private equity firm, I believe in March we had Magento getting acquired by Adobe, which an open source based CMS. PHP CMS. So just a lot of activity for significant outcomes. Multibillion dollar outcomes of commercial open source companies. And open source software is something like 20 years old. 20 years in the making. And this year in particular, I've just seen just a huge amount of large scale outcomes that have been many years in the making from companies that have taken lots of venture funding. And in a lot of cases, sort of partially focused funding from different investors that have an affinity for open source software and sort of understand the uniqueness of the open source model when it's applied to business, when it's applied to company building. But more sort of opportunistic and sort of affinity oriented, as opposed to a pure focus. So that's kind of been part of the motivation. I'd say the more authentically compelling motivation for doing this is that it just needs to exist. This is sort of a model that is happening by necessity. We're seeing more and more software companies be open source software companies. So open source first. They're built in a distributed way. They're leveraging engineers and talent around the world. They're just part of this open source kind of philosophy. And they are fundamentally kind of commercial open source software companies. We felt that if you had a firm basically designed in a way to exclusively focus on those kind of companies, and where the firmware actually backed and supported by the founders of the largest commercial open source companies in the world before sort of the last decade. That could actually deliver a lot of value. So we've been sort of blogging a little bit about this. >> And you wrote a great post on it. I read about open source monetization. But I think one of the things I'm seeing as well that supports your thesis, and I like to get your reaction to it because I think this is something that's not really talked about, but open source is still young. I mean, you go back. I remember the days when we used to have to hide in the shadows to get licenses and pirate stuff and do all those crazy stuff. But now, it's only a couple decades away. The leaders that were investing were usually entrepreneurs that've been successful. The Rob Bearns, the Amar Wadhwa, the guy that did Spring. All these different open source. Linux, obviously, great success story. But there hasn't any been any institutional. Yeah, you got benchmark, other things, done some investments. A discipline around open source. Where open source is now table stakes in all software development. Cloud is scaling, scaling out globally. There's no real foc- There's never been a firm that's been focused on- Just open source from a commercial, while maintaining the purity and ethos of open source. I mean, is that. >> You agree? >> That's true. >> 100%, yeah. That's been the big part of creating the firm is aligning and solving for a pure focused structure. And I think what I'll say abstractly is this sort of venture capital, venture style approach to funding enterprise technology companies, software companies in general, has been to kind of find great entrepreneurs and in an abstract way that can build great technology companies. Can bring them to market, can sell them, and can scale them, and so on. And either create categories, or dominate existing categories, and disrupt incumbents, and so on. And I think while that has worked for quite a while, in the venture industry overall, in the 50, 60 years of the venture industry, lots of successful firms, I think what we're starting to see is a necessary shift toward accounting for the fundamental differences of opensource software as it relates to new technology getting created and going, and new software companies kind of coming into market. So we actually fundamentally believe that commercial open source software companies are fundamentally different. Functionally in almost every way, as compared to proprietary closed source software companies of the last 30 years. And the way we've sort of designed our firm and we'll about ten people pretty soon. We're just about a month in. We're growing the team quickly, but we're sort of a small, focused team. >> A ten's not focused small, I mean, I know venture firms that have two billion in management that don't have more than 20 people. >> Well, we have portfolio partners that are focused in different functional areas where commercial open source software companies have really fundamental differences. If you were to sort of stack rank, by function, where commercial open source software companies are really fundamentally different, sort of top to bottom. Legal would be, probably, the very top of the list. Right, in terms of license compliance management, structuring all the sort of protections and provisions around how intellectual property is actually shipped to and sold to customers. The legal licensing aspects. The commercial software licensing. This is quite a polarizing hot topic these days. The second big functional area where we have a portfolio partner focused on this is finance. Finance is another area where commercial open source software companies have to sort of behaviorally orient and apply that function very, very differently as compared to proprietary software companies. So we're crazy honored and excited to have world experts and very respected leaders in those different areas sort of helping to provide sort of different pillars of wisdom to our portfolio companies, our portfolio founders, in those different functional areas. And we provide a really focused kind of structure for them. >> Well I want to ask you the kind of question that kind of bridges the old way and new way, 'cause I definitely see you guys definitely being new and different, which is good. Or as Andy Jassy would say, you can be misunderstood for a while, but as you become successful, people will start understanding what you do. And that's a great example of Amazon. The pattern with success is traditionally the same. If we kind of encapsulate the difference between open source old and new, and that is you have something of value, and you're disrupting the market and collecting rents from it. Or revenue, or profit. So that's commercial, that's how businesses run. How are you guys going to disrupt with open source software the next generation value creation? We know how value's created, certainly in software that opensource has shown a path on how to create value in writing software if code is value and functionality's value. But to commercialize and create revenue, which is people paying something for something. That's a little bit different kind of value extraction from the value creation. So open source software can create value in functionality and value product. Now you bring it to the market, you get paid for it, you have to disrupt somebody, you have to create something. How are you looking at that? What's the vision of the creation, the extraction of value, who's disrupted, is it greenfield new opportunities? What's your vision? >> A lot of nuance and complexity in that question. What I would say is- >> Well, open source is creating products. >> Well, open source is the basis for creating products in a different kind of way. I'll go back to your question around let's just sort of maybe simplify it as the value creation and the value capture dynamics, right? We've sort of written a few posts about this, and it's subtle, but it's easy to understand if you look at it from a fundamental kind of perspective. We actually believe, and we'll be publishing research on this, and maybe even sort of more principled scientific, perhaps, even ways of looking at it. And then blog posts and research. We believe that open source software will always generate or create orders of magnitude more value than any constituent can capture. Right, and that's a fundamental way of looking at it. So if you see how cloud providers are capturing value that open source creates, whether it's Elasticsearch, or Postgres, or MySQL or Hadoop. And then commercial open source software companies that capture value that open source software creates, whether it's companies like Confluent around Kafka, or Cloudera around Hadoop, or Databricks around Apache Spark. Or whether it's the creators of those projects. The creators of Spark and Hadoop and Elasticsearch, sometimes many of them are the founders of those companies I mentioned, and sometimes they're not. We just believe regardless of how that sort of value is captured by the cloud providers, the commercial vendors, or the creators, the value created relative to the value captured will always be orders and orders of magnitude greater. And this is expressed in another way, which this may be easier to understand, it's a sort of reinforcing this kind of assertion that there's orders of magnitude value created far greater than what can be captured. If you were to do a survey, which we're currently in the process of doing, and I'm happy to sort of say that publicly for the first time here, of all the commercial open source software companies that have projects with large significant adoption, whether, say for example, it's Docker, with millions of users, or Apache Hadoop. How many Hadoop deployments there are. How many customers' companies are there running Hadoop deployments. Or it may be even MySQL. How many MySQL installations are there. And then you were to sort of survey those companies and see how many end users are there relative to how many customers are paying for the usage of the project. It would probably be something like if there were a million users of a given project, the company behind that project or the cloud provider, or say the end user, the developer behind the project, is unlikely to capture more than, say, 1% or a couple percent of those end users to companies, to paying companies, to paying customers. And many times, that's high. Many times, 1% to 2% is very high. Often, what we've seen actually anecdotally, and we're doing principled research around this, and we'll have data here across a large number of companies, many times it's a fraction of 1%. Which is just sort of maybe sometimes 10% of 1%, or even smaller. >> So the practitioners will be making more money than the actual vendors? >> Absolutely right. End users and practitioners always stand to benefit far greater because of the fundamental nature of open source. It's permissionless, it's disaggregated, the value creation dynamics are untethered, and it is fundamentally freely available to use, freely available to contribute to, with different constraints based on the license. However, all those things are sort of like disaggregating the creating of technology into sort of an unbounded network. And that's really, really incredible. >> Okay, so first of all, I agree with your premise 100%. We've seen it with CUBE, where videos are free. >> And that's a good thing. All those things are good. >> And Dave Vellante says this all the time on theCUBE. And we actually pointed this out and called this in the Hadoop ecosystem in 2012. In fact, we actually said that on theCUBE, and it turned out to be true, 'cause look at Hortonworks and Cloudera had to merge because, again, the market changed very quickly >> Value Creation. >> Because value >> Was created around them in the immediate cloud, etc. So the question is, that changes the valuation mechanisms. So if this true, which we believe it is. Just say it is. Then the traditional net present value cash flow metric of the value of the firm, not your firm, but, like, if I'm an open source firm, I'm only one portion of the extraction. I'm a supplier, and I'm an enabler, the valuation on cash flow might not be as great as the real impact. So the question I have for you, have you thought about the valuation? 'Cause now you're thinking about bigger construct community network effects. These are new dynamics. I don't think anyone's actually crunched a valuation model around this. So if someone knew that, say for example, an open source project created all this value, and they weren't necessarily harvesting it from a cash flow perspective, there might be other ways to monetize it. Have you though about that, and what's your reaction to that concept? 'Cause capitalism would kind of shake down the system. 'Cause why would someone be motivated to participate if they're not capturing any value? So if the value shifts, are they still going to be able to participate? You follow the logic I'm trying to- >> I definitely do. I think what I would say to that is we expect and we encourage and we will absolutely heavily invest in more business model innovation in the area of open source. So what I mean by that is, and it's important to sort of qualify a few things there. There's a huge amount of polarization and lack of consensus, lack of industry consensus on what it actually means to have or implement an open source based business model. In fact there's a lot of people who just sort of point blankedly assert that an opensource business model does not exist. We believe that many business models for monetizing and commercializing open source exist. We've blogged and written about a few of them. Their services and training and support. There's open core, which is very effective in sort of a spectrum of ways to implement open core. Around the core, you can have a thin crust or a thick crust. There's SAS. There are hardware based distribution models, things like Sourcefire, and Cumulus Networks. And there are also network based approaches. For example, project called Storj or Stor-J. Being developed and run now by Ben Golub, who's the former CEO of Docker. >> CUBE alumni. >> Ben's really great open source veteran. This is a network, kind of decentralized network based approach of sort of right sizing the production and consumption of the resource of a storage based open source project in a decentralized network. So those are sort of four or five ways to commercializing value, however, four or five ways of commercializing value, however what we believe is that there will be more business model innovation. There will be more developments around how you can better capture more, or in different ways, the value that open source creates. However, what I will say though, is it is unrealistic to expect two things. It is unrealistic and, in fact, unfair to expect that any of those constituents will contribute back to open source proportional to the value that they received from it, or the benefit, and I'm actually paraphrasing Doug Cutting there, who tweeted this a couple of years ago. Very profoundly deep, wise tweet, which I very strongly agree with. And it is also unrealistic to expect a second thing, which is that any of those constituents can capture a material portion of the value that open source creates, which I would assert is many trillions of dollars, perhaps tens of trillions of dollars. It's really hard to quantify that. And it's not just dollars in economic sense, it's dollars in productivity time saved, new markets, new areas, and so on. >> Yeah, I think this is interesting, and I think that we'll be an open book at that. But I will say that what I've observed in looking through all these CUBE interviews, I think that business model innovation absolutely is something that is an IP. >> We need it. Well, it's now intellectual property, the business model isn't, hey I went to business school, learned this at Babson or Harvard, I learned this business model. We're going to do SAS premium. Okay, I get that. There's going to be very interesting new innovations coming, and I think that's the new IP. 'Cause open source, if it's community based, there's going to be formulas. So that's going to be really inter- Okay, so now let's get back to actual funding itself. You guys are doing early stage. Can you take us through the approach? >> We're very focused on early stage, investing, and backing teams that are, just sort of welcoming the idea of a commercial entity around their open source project. Or building a business fundamentally dependent on an open source project or maybe even more than one. The reason for that is this is really where there's a lot of structural inefficiency in supporting and backing those types of founders. >> I think one of the things with ... is with that acquisition. They were pure on the open source side, doing a great job, didn't want to push the business model too hard because the open source, let's face it, you got people like, eh, I don't want to get caught on the business side, and get revenue, perverse incentives might come up, or fear of incentives that might be different or not aligned. Was a great a value. >> I think so. >> So Red Hat got a steal on that one. But as you go forward, there's going to be certainly a lot more stuff. We're seeing a lot of it now in CNCF, for instance. I want to get your thoughts on this because, being the co founder of KubeCon, and donating it to the CNCF, Kubernetes is the hottest thing on the planet, as we talked about many years ago. What's your take on that, now? I see exciting things happening. What is the impact of Kubernetes, in your opinion, to the world, and where do you see that evolving rapidly, and where is the focus here as the people should be paying attention to? >> I think that Kubernetes replaces EC2. Kubernetes is a disaggregated API for distributed computing anywhere. And it happens to be portable and able to run on any kind of computer infrastructure, which sort of makes it like a liquid disaggregated EC2-like API. Which a lot of people have been sort of chasing and trying to implement for many years with things like OpenStack or Eucalyptus. But interestingly, Kubernetes is sort of the right abstraction for distributed computing, because it meets people where they are architecturally. It's sort of aligned with this current movement around distributed systems first designs. Microservices, packaging things in small compartmentalized units. >> Good for integrating of existing stuff. >> Absolutely, and it's very composable, un-opinionated architecturally. So you can sort of take an application and structure it in any given way, and as long as it has this sort of isolation boundary of a container, you can run it on Kubernetes without needing to sort of retrofit the architecture, which is really awesome. I think Kubernetes is a foundational part of the next kind of computing paradigm in the same way that Linux was foundational to the computing paradigm that gave rise to the internet. We had commodity hardware meeting open source based sort of cost reduction and efficiency, which really Linux enabled, and the movement toward scale out data center infrastructure that supported the Internet's sort of maturity and infrastructure. I think we're starting to see the same type of repeat effect thanks to Kubernetes basically being really well received by engineers, by the cloud providers. It's now the universal sort of standard for running container based applications on the different cloud providers. >> And think having the non-technical opinion posture, as you said, architectural posture, allows it to be compatible with a new kind of heterogeneous. >> Heterogeneity is critical. >> Heterogeneity is key, 'cause it's not just within the environment, it's also within each vendor, or customer has more heterogeneity. So, okay, now that's key. So multi cloud, I want to get your thoughts on multi cloud, because now this goes into some of things that might build on top of if Kubernetes continues to go down the road that you say it does. Then the next question is, stateful applications, service meshes. >> A lot of buzz words. A lot of buzz words in there. Stateful application's real because at a certain point in time, you have a maturity curve with critical infrastructure that starts to become appealing for stateful mission critical storage systems, which is typically where you have all the crown jewels of a given company's infrastructure, whether it's a transactional system, or reading and writing core customer, or financial service information, or whatever it is. So Kubernetes' starting to hit this maturity curve where people are migrating really serious mission critical storage workloads onto that platform. And obviously we're going to start to see even more critical work loads. We're starting to see Edge workloads because Kubernetes is a pretty low footprint system, so you can run it on Edge devices, you can even run it on microcontrollers. We're sort of past the experimental, you know, fun and games was Raspberry Pi, sort of towers, and people actually legitimately doing real world Edge kind of deployments with Kubernetes. We're absolutely starting to see multi-geo, multi-replication, multi-cloud sort of style architectures becoming real, as well. Because Kubernetes is this API that the industry's agreeing upon sufficiently. We actually have agreement around this sort of surface area for distributed system style computing that if cloud providers can actually standardize on in a way that lets application specific vendors or new types of application deployment models innovate further, then we can really unlock this sort of tight coupling of proprietary services inside cloud providers and disaggregate it. Which is really exciting, and I forget the Netscape, Jim Barksdale. Bundling, un-bundling. We're starting to see the un-bundling of proprietary cloud computing service API's. Things like Kinesis, and ALB and ELB and proprietary storage services, and these other sticky services get un-bundled because of two big things. Open source, obviously, we have open source alternative data paths. And then we have Kubernetes which allows us to sort of disaggregate things out pretty easily. >> I want to hear your thoughts, one final concept, before we break, 'cause I was having a private conversation with three people besides myself. A big time CIO of a company that if I said the name everyone would go, oh my god, that guy is huge, he's seen it all going back many, many ways. Currently done a lot of innovation. A hardcore network chip guy who knows networking, old school infrastructure. And then a cloud native application founder who knows a lot about software development and is state-of-the-art cloud native. So cloud native, all experienced, old-school, kind of about my age, a cloud native app developer, a big time CIO, and a chip networking kind of infrastructure guy. And we're talking, and one thing that came out, I want to get you thoughts on this, he says, so what's going on with DevOps, how do you see this service mesh, is a stay for (mumbles) on top of the stack, no stacks, horizontally scalable. And the comment that came out was storage and networking have had this relationship with everything since day one. Network moves a packet from point A to point B, and nothing happens in between, maybe some inspection. And storage goes from here now to the then, because you store it. He goes, that premise moves up the stacks, so then the cloud native guy goes, well that's what's happening up at the top, there's a lot of moving things around, workloads and or services, provisioning services, and then from now to then state. In real time. And what dawned on the next conversation the CIO goes, well this is exactly our challenge. We have under the hood infrastructure being programmable, >> We're having some trouble with the connection. Please try again. >> My phone's calling me. >> Programmable connections. >> So you got the programmable on the top of the stack too, so the CIO said, that's exactly the problem we're trying to solve. We're trying to solve some of these network storage concepts now at an application level. Your thoughts to that. >> Well, I think if I could tease apart everything you just said, which is profound synthesis of a lot of different things, I think we've started to see application logic leak out of application code itself into dedicated layers that are really good at doing one specific thing. So traditionally we had some crud style kind of behavioral semantics implemented around business logic. And then, inside of that, you also had libraries for doing connectivity and lookups and service discovery and locking and key management and encryption and coordination with other types of applications. And all that stuff was sort of shoved into the single big application binary. And now, we're starting to see all those language runtime specific parts of application code sort of crack or leak out into these dedicated, highly scalable, Unix philosophy oriented sort of like layers. So things like Envoy are really just built for the sort of nervous system layer of application communication fabric up and down the layer two through layer seven sort of protocol transport stack, which is really profound. We're seeing things like Vault from Hashicorp handle secure key storage persistence of application dedication, authorization, metadata and information to sort of access different systems and end points. And that's a dedicated sort of stateful layer that you can sort of fragment out and delegate sort of application specific functionality to, which is really great for scalability reasons. And on, and on, and on. So we've started to see that, and I think one way of looking at that is it's a cycle. It's the sort of bundling and un-bundling aspect. >> One of the granny level services are getting a really low level- >> Yeah, it's a sort of like bundling and un-bundling and so we've got all this un-bundling happening out of application code to these dedicated layers. The bundling back may happen. I've actually seen a few Bay Area companies go like, we're going back to the monolith 'cause it actually gives us lots of efficiencies in things that we though were trade offs before. We're actually comfortable with a big monorepo, and one or two core languages, and we're going to build everything into these big binaries, and everyone's going to sort of live in the same source code repository and break things out through folders or whatever. There's a lot of really interesting things. I don't want to say we're sort of clear on where this bundling, un-bundling is happening, but I do think that there's a lot of un-bundling happening right now. And there's a lot of opportunity there. >> And the open source, obviously, driving it. So final question for you, how many deals have you done? Can you talk a little bit about the firm? And exciting things and plans that you have going forward. >> Yeah, we're going to be making a lot of announcements over the next few months, and we're, I guess, extremely thrilled. I don't want to say overwhelmed, 'cause we're able to handle all of the volume and inquiries and inbound interest. We're really honored and thrilled by the reception over the last couple weeks from announcing the firm on the first of October, sort of before the Hortonworks Cloudera merger. The JFrog funding announcement that week. The Elastic IPO. Just a lot of really awesome things happened that week. This is obviously before Microsoft open sourced all their patents. We'll be announcing more investments that we've made. We announced our first one on the first of October as well with the announcement of the firm. We've made a good number of investments. We're not able to talk to much about our first initiative, but you'll hear more about that in the near future. >> Well, we're excited. I think it's the timing's perfect. I know you've been working on this kind of vision for a while, and I think it's really great timing. Congratulations, JJ >> Thank you so much. Thanks for having me on. >> Joesph Jacks, also known as JJ, founder and general partner of OSS Capital, Open Source Software Capital, co founder of KubeCon, which is now part of the CNCF. A real great player in the community and the ecosystem, great to have him on theCUBE, thanks for coming in. I'm John Furrier, thanks for watching. >> Thanks, John. (bright symphony music)

>> Announcer: Live, from Las Vegas, it's theCUBE. Covering NetApp Insight 2017. Brought to you by, NetApp. >> Hey welcome back everyone, live here in Las Vegas. This is theCUBE's exclusive coverage of NetApp Insight 2017, here at the Mandalay Bay in Las Vegas. I'm John Furrier, the co-founder of SiliconeANGLE Media, and co-host of theCUBE. My co-host this week is Keith Townsend, @CTOAdvisor, and our next guests are Josh Atwell, who's a developer advocate at NetApp, and Jason Benedicic, who's with, Principal Consultant ANS Group Cloud Service Provider in the UK, great topic, talking DevOps. Guys, welcome to theCUBE, good to see you again. >> Good to see you as well, thank you. >> Boy, DevOps has gone mainstream. >> It's a thing. >> Okay, it's absolutely gone mainstream, we've been saying it for years, I remember going back a few years ago, you say, DevOps, huh? Infrastructure as Code? Everyone loves it, it's now the new model, people are moving fast to. What's goin on with NetApp and tell all of us your story. Go ahead. >> So within NetApp, we look at DevOps as a unique opportunity for us to level up. Everybody that's doing infrastructure and going from saying, you just going out and developing an application to saying, we can actually help deliver you the best experience. We look at where applications are being developed and supported, everybody likes to say it's straight out to the public cloud, that's where all the innovation happens, but, it's also happening on premises as well. The reason that we see most frequently is that reduced friction. You know, going to the public cloud, that has become a model that people can go out, they can get what they need and do what they need, and it's been something that's significantly easier than what their local IT organization has had. DevOps is forcing infrastructure and IT to understand that availability and reliability, which is what we've always been measured on, is no longer the core measure that we have to focus on. It's agility and availability and delivering unique services. >> Well I would just say to your point, Wikibon analysts research have validated your point, and they actually show the data that the on premise, they call it true private cloud, numbers, are growing actually, not declining. What is declining is about $1.5 billion in non-differentiated labor, but that's shifting to SAS models. So what it means is, the on premise action, in a cloud operational way, is growing. Which is not saying that's declining, it's just saying, people are getting their house in order. They're doing DevOps on prem. Prep to do cloud. >> Yeah. >> Cloud's got native stuff, you do versioning, you can put some stuff in the cloud, test/dev, sure, there's great use cases, but most enterprises are on prem, getting ready to take advantage of it. >> It's an absolute and conversation, and that's also somethin' that we are working really hard with our customers, in our field and the entire company as a whole. To understand, it's not an or conversation. Most companies are looking at how do we solve a variety of different challenges, how do we accommodate for a variety of different workloads that are being developed, and how do we modernize the mode one operational workloads that we've had and bring them into the future with new services. So, it's an absolute and conversation. It's a pretty exciting time to be dealing with IT. >> So Jason, as we think about DevOps, we give, we have plenty of examples for private cloud and inside of our own datacenters, but you help run a public cloud. >> So we run services within a public cloud. >> Right. >> And a hybrid model. So we run a number of services to man assessments, so we help in the UK, I think we're a little bit further behind than the US is currently, so some of the biggest services that we do is helping people to assess their applications, assess their data, and understand what they can move. Using things like the Gartner TIME Analysis, where we can take best leverage of on premises private cloud, where you've got hybrid approach, where you've got native. We got the expertise around retooling and assessment services to move legacy applications into a cloud model, and then we provide management services on top, and those sorts of things. That's where we use, utilize the DevOps, around taking what would be our managed services ITIL processes, things that people would traditionally do manually. We take a lot of that, and we prepackage that up into workflows and data automation operations for our customers so they can provision where they like, across a multitude of on premises and in the public cloud. So we take that work which would traditionally be done by a analyst on a desk or that sort of thing, package that up, using a lot of NAVs, APIs, and Solufy tooling. So, we're saving enterprises time so they can work on what's really important to them, and that's their line of business applications. >> So from an assessment perspective, I love to get feedback, what are customers learning? Is it, that they thought they could just lift and shift, or that they have to go through some type of DevOps transformation -- >> Yeah, so -- >> What's been the balance of the results? >> Yeah, so a lot of people don't necessarily understand where they are. There are a lot of misconceptions around being able to lift and shift things to the crowd, but that's not really a great cost model. I find in the public sector in the UK a lot, is you've got a lot of legacy applications that potentially people don't have any knowledge of, 'cause the people that ran them and installed them in the first place have long gone. They need to understand what those applications do for their business, what the business processes around them are, and how they can take that forward into a new model. A lot of retooling. Actually, a lot of time we see the application should probably be ditched and let's look for something that we can just build cloud native. >> So, that requires a new set of skills to operate at that higher level of the stack as we call it in the industry, however, that leaves a lot of low level work that still needs to be done, so automation has kind of walked hand-in-hand with DevOps. What is the NetApp story around automation and helping to remediate some of this low level activity that needs to be done repeatedly? >> Big focus for us as a company is not trying to dictate tooling to people. If you are using Docker, we offer a native Docker volume plugin that allows you to plug right into Docker and be able to provision and manage storage as an application owner or developer, to get what you need, and to handle the services that are available there. When we look at configuration management, or helping code and artifact management, cloud, with Openstack, or VMware vRealize Suite, our initiative is to make the NetApp products seamless and invisible into your processes. How do we remove and eliminate handoffs, and how do we make all of those processes effortless, so that as you identify those tasks, and those high effort but low value tasks that has to be -- taken advantage of. >> And automation -- and automation's critical there. >> Yeah, yeah. Being able to automate those things, remove people from that process, and using their skills and talents for things like auditing, and understanding proper behavior, checking that people are delivering what they are supposed to, and consuming from a policy framework. >> I'd like to get back to the automation, but I just want to shift to Josh, so hold the thought on automation. Josh, I want to get your thoughts on, as we get to automation we start talking about hybrid cloud. You're doing hybrid cloud. That's your -- >> Yeah. >> You're on the front line, you're doing it. Also, hybrid cloud also means things differently, so when you think about hybrid cloud, a customer's got to get their act together. We heard earlier from the NetApp folks, the VP of Engineering, we're doing three things: modernizing the infrastructure, that's just like, okay go clean house, fix things, making sure we're solid, rock solid, build the next generation data center, be ready for the cloud. >> Yep. >> Okay. So, there's some things that need to get done there. What's your view on the table stakes to get there, because you got orchestration capabilities, cloud orchestration demo is hot, we saw that, at the show here. What is NetApp doing to make hybrid cloud easier? >> Across all the products that we utilize run NetApp, you've got APIs on everything. They got a lot of really good tools there, and they're moving away from the traditional hardware. I've been working with NetApp for like 16 years on. It was a hardware company, a software company, and now it's just moved on even further. There's a further evolution there, a management company. It's not just, you're managing your data, the data flow, the fabric around it, and the tools that are on offer there are just game changers. Especially the Cloud Automation option this morning. Yeah, that was great. >> As people know NetApp, eight years ago, they were -- I was scratching my head saying, wait a minute, why are you going to Amazon? So, early in cloud, so clearly they know what DevOps is, so it's not just lip service, we know that, that's just my personal observation and experience with NetApp, but Josh, I want you to talk to the audience that is either a NetApp customer or looking at NetApp, what's different now, what should they know about the new NetApp now, obviously you're on the A-Team, I see the shirt there, but, NetApp has changed and they're changing. I mean, SolidFire came in, you're seeing a lot more action on the DevOps cloud with the flash, some good stuff there, but NetApp has been an innovative company, what's the new story for NetApp in your words? >> For me, it's the speed that they're able to react to the market, moving the ONTAP to a cadence model, six month releases, moving products away from tin, into software, it's all about the value of what we can provide. We've got standalone products now from NetApp that can just do Office 365 backup. That's something that's completely moved forward. You've got a level of innovation and speed coming out of NetApp that's just unrivaled. >> Josh, I'd like to get your thoughts back to automation now, I'm CSO, the cost thing I hear all the time is the following narrative, I don't want the shiny new toy, I got to lot of stuff on my plate. I got an application development team I need to scale up and make modern, which is DevOps, not just take the old guys and put 'em in, I got to recruit, retrain, replatform, I have cybersecurity going on, I got to unbolt that from IT and make that essentially a top line, top reporting to the board, do all the cyber stuff, and I got the data governance stuff to deal with, and by the way, I got IoT over the top coming in. If it's not clear as day on the cloud, it doesn't meet my conversation. How do you guys engage in a dialog like that? One, do you agree with that, that makes that statement, but, that's a lot of stuff going on. Bombs are dropping inside the customer's environment, they're like, this is Hell right now, I got to lot of stuff to do. How do you guys help that environment? >> I think one thing that we have to be mindful of is that we've moved beyond being able to define a very static and rigid infrastructure architecture. In the past, we would define what our storage, what our compute, what our networking is, and that's going to -- what it's going to be. It's very easy to say I know how to support 10,000 Exchange users. That's always been something that we've been comfortable talking about. What you outlined, is the new reality for IT in that, we are getting a diverse set of requirements where we'll come in and say we need to deliver this new application so that we can get to market and capture -- I was actually talking to someone in the military. I said, what if the military was to develop a new recruiting tool, and they go in and say, we need to build this recruiting tool, but we actually don't know how much data is going to be required for it. IT is not comfortable with that conversation. But NetApp has developed, our portfolio, and the integrations and tool sets that we've integrated with, to make that conversation a little bit easier. >> They're not comfortable because they can't forecast it, or it's a blank check in their mind, or they don't know what the -- how to architect it, what's the -- >> It's because we're not accustomed to architecting for those types of scenarios. We generally have focused on what is going to be your use case, when do you need it delivered by, how much do you need? We're still having that same conversation, but the answer now is, I don't know, but we have to ready for whichever direction it goes. >> That creates a good point, at VMWorld we noticed that there's a convergence, not a lot of people are talking about this yet, but I can see the canary in the coal mine chirping away, is that the convergence between hardware and software stacks are coming together. There are untested use cases coming down the pike. >> Yeah. >> That just -- I need this, but, we haven't tested it. Or we don't know the capacity, so you have to have a serverless mindset, you got to have DevOps mindset, you really got to be prepared. >> Well there's certainly a lot of maturity that we're working through. We are definitely from a DevOps perspective, in that juvenile phase, where we're learning who we are, the changes that are happening to us as we go, and we're getting a much more responsible view of what we're trying to deliver against. It's really uncomfortable for a lot of people to have a conversation where there's so many unknowns, but fortunately, the technologies we're able to bring to market and deliver, are providing that, as I describe it, a foothold to make you feel stable in that process to at least know that your data's getting where it needs to be and protected. >> Keith, I know you got to question, but my final point of that is that, that kind of, we see that evolve in the customer mindset too, where you start to see the word trusted relationship become real. It became a cliche, we're a trusted partner, but reality now with all this uncertainty, they need the headroom, they got to cross the bridge with the future with proven people. So that's why I kind of like, I don't mean to dis on the startups, but the shiny new toy's not going to win the day. You got to really hit the scenario today, and prepare to cross that bridge to the future with partners, and I think that's what you're saying. >> Yeah, that is a big part, and the partnerships that we have with folks like Red Hat and Jfrog, where we're trying to improve that experience of implementing these environments and supporting these new workloads, is absolutely a big part of what we're doing. >> So I'd like to talk a little about the necessity of requirements coming from the business, and tying it into something I heard from the stage yesterday. I'm not a storage guy. >> Me neither. >> I'm a data guy. And you've said that before, but one of the things that has interested me is this concept of the data fabric. >> Yes. >> Can you tie in the vision of data fabric to kind of this model of DevOps and being able to adjust to the changing needs of the business? >> I think what's really important and to be mindful of is that as we are seeing IT getting these requirements, as the businesses are identifying what is really impactful and the innovation that we need to deliver on, the data fabric is providing choice. It's allowing you to look at being able to deliver these enterprise class protection and replication, and capabilities, and allowing you to develop, innovate, and run your workloads wherever is most important to you, without having to completely reshift your thinking and what your skillsets are. We are able to level up everyone that has been involved with NetApp, and has invested their career, and invested their energy and becoming knowledgeable in that space, now allowing them to extend out into new areas in the cloud, hybrid cloud frameworks, but also providing these capabilities to the people consuming those resources without them having to care about the infrastructure. They know it is there, they know they can reach out to it and define snapshotting and take advantage of clones, and deliver a good developer experience, without having to understand exactly what's happening in the infrastructure. >> Guys, thanks so much for coming on, I see having seamless infrastructure is what everyone wants, but it's hard. >> Yeah. (laughing) >> Final comments, as you go into the future now with DevOps, it's become now operationalized, a lot more work to do, it's not that easy, what's the hardest thing about DevOps, final comment, you guys each weigh in and get the last word. What's the hardest thing about DevOps that people may not understand, 'cause it sounds so easy, it's magic. >> I think the hardest thing for most people is having a critical eye, and being pragmatic about where the challenges really are. If you look at the methodologies that DevOps promotes, it is really identifying the constraints in the work flow process. Regardless of what you're developing and what you're doing, being very pragmatic and realistic about where those constraints are, and focusing energy on solving for those constraints. I think with we deliver out to market, we are providing people some stability, so that as they're going through this process and things feel really shaky as they accelerate their pace of development and release of software, they have some stability so they, when they focus, they don't feel like the wheels are coming off the cart, if you will. >> I think what I find is that you need to -- people need to understand DevOps isn't something that you can buy, you need to build. You need to get the right people, you need to get the right processes, the right mindset, and embrace it. A lot of people think it's just -- You see job adverts these days, I want a full stack DevOps engineer, it's just not that simple. You've got to take the time, take the effort, and move with it, and learn as much as you can. >> And it's a talent issue too, and I just -- I guess one final final question 'cause this just popped in my head, at Big Data NYC last week in New York, what became very clear to us was, certainly in big data applications analytics, a lot of things are being automated. But, question for you is, when should you automate, one comment on Big Dat NYC a guy said, if you do it more than twice manually, automate it. Not that easy in storage and networks and data, but is there -- most DevOps guys have an eye for automate that. They see it, they automate it. What are some of the things you see being automated away? Is there like a ethos, is there like a saying? If you automate twice, what's your thoughts on automation? What should you automate, what's the order of operations, what's the low hanging fruit? >> With respect to DevOps in particular, it is truly finding the constraint. Identifying areas where people are becoming a bottleneck in processes, or the process itself is a bottleneck to success. Focus on that area first. Now, it's also easy to just try to pick the low hanging fruit, and do various things, but there needs to be a discipline in looking at, where are your actual bottlenecks and how can I remove those bottlenecks? >> So you read in a blog post, you got to know your environment, see the pressure point, constraints -- >> Yeah. >> Get some direction, advice, but -- >> Correct. >> You're saying, look at your environment. >> Yeah, we're now moving away from a world where virtualization allowed us to just thrown everything into a big resource pool and we just didn't pay attention to it any longer. We are now actually having to start having conversations -- >> It's engineering involved. >> again, yep. >> It's engineering involved. >> It is. >> Not just writin' some code. Josh, thoughts on automation? What ya automate first? >> I share a lot of those things. You need to look at your processes. You need to look at where you've got your bottlenecks, like he said, things that we would traditionally do in the past as a service provider where you got teams of analysts and engineers working on things. If you can speed that up and allow them to provide a better service to your customers, then yeah, certainly, work on that automation. Deploying out new models, even internal stuff that we need to deploy out, if you need to do that more than once or twice, for test environments, all those sorts of things, then yeah, certainly, automate that out. Because the more time you get out of your people, the more value you are delivering to the business. >> Thanks Josh, A-Team, love the shirt, quick soundbite, what's the A-Team, is there a certification, is there a bar to get over? >> It's a pretty high bar. It's an advocacy program, it's quite a small tight knit group of partners and customers of NetApp. We work in a 360 feedback loop between the NetApp Product Management Teams and other developers, and just give feedback and then rave about them when we feel is necessary. >> Have a beer, or coffee and tea, and say, I love when a plan comes together. (laughing) I couldn't resist. >> That's what John had also mentioned, NetApp has also delivered a developer and opensource community, called The Pub. So at netapp.io, it's a location, we actually have the code on bar behind me, we've got people that are coming in who have interest in containers, interest in Openstack, DevOps, and these new models. We have a large community, over 900 people participating. >> It's called The Pub? >> The Pub. >> John: Is there a URL? >> Yep, netapp.io. >> Netapp.io, and just -- you know we're data driven, seven years been monitoring the community's data, just anecdotally, the favorite drinks of developers in our community, beer and tea. >> Makes sense. >> Pretty makes sense. Beer obviously, tea no coffee? >> Slow release caffeine, I think that probably works better. (laughing) >> Thanks guys so much Josh and Jason, data from the field from the front lines on cutting edge DevOps is going mainstream. This is the cloud native, native cloud, on premise infrastructure innovation here at NetApp. I'm John Furrier, Keith Townsend, we'll be back with more, after this short break.