>>from around the globe. It's the Cube presenting Cuban cloud brought to you by silicon angle. Welcome to the cubes event. Virtual event. Cuban Cloud. I'm John for your host. We're here talking to all the thought leaders getting all the stories around Cloud What's going on this year and next today, Tomorrow and the future. We gotta featured startup here. Jonah Clipper, who is the CEO and founder of Stack Hawks. Developing security software for developers to have them put security baked in from the beginning. Johnny, thanks for coming on and being featured. Start up here is part of our Cuban cloud. Thanks for joining. >>Thanks so much for having me, John. >>So one of our themes this year is obviously Cloud natives gone mainstream. The pandemic has shown that. You know, a lot of things have to be modern. Modern applications, the emerald all they talked about modern applications. Infrastructure is code. Reinvent, um is here. They're talking about the next gen enterprise. Their public cloud. Now you've got hybrid cloud. Now you've got multi cloud. But for developers, you just wanna be building security baked in and they don't care where the infrastructure is. So this is the big trend. Like to get your thoughts on that. But before we jump in, tell us about Stack Hawk What you guys do your founded in 2019. Tell us about your company and what Your mission is >>Awesome. Yeah, our mission is to put application security in the hands of software developers so that they can find and fix upset books before they deployed a production. And we do that through a dynamic application scanning capability. Uh, that's deployable via docker, so engineers can run it locally. They can run it in C I C. D. On every single PR or merge and find bugs in the process of delivering software rather than after it's been production. >>So everyone's talking about shift left, shift left for >>security. What does >>that mean? Uh, these days. And what if some of the hurdles that people are struggling with because all I hear is shift left shift left from, like I mean, what does What does that actually mean? Now, Can you take us through your >>view? Yes, and we use the phrase a lot, and I and I know it can feel a little confusing or overused. Probably. Um, When I think of shift left, I think of that Mobius that we all look at all of the time, Um, and how we deliver and, like, plan, write code, deliver software and then manage it. Monitor it right like that entire Dev ops workflow. And today, when we think about where security lives, it either is a blocker to deploying production. Or most commonly, it lives long after code has been deployed to production. And there's a security team constantly playing catch up, trying to ensure that the development team whose job is to deliver value to their customers quickly, right, deploy as fast as we can, as many great customer facing features, um there, then, looking at it months after software has been deployed and then hurrying and trying to assess where the bugs are. And, um, trying to get that information back to software developers so that they can fix those issues. Shifting left to me means software engineers are finding those bugs as their writing code or in the CIA CD pipeline long before code has been deployed to production. >>And so you guys attack that problem right there so they don't have to ship the code and then come back and fix it again. Or where we forgot what the hell is going on. That point in time some Q 18 gets it. Is that the kind of problem that that's out there? Is that the main pain point? >>Yeah, absolutely. I mean a lot of the way software, specifically software like ours and dynamic applications scanning works is a security team or a pen tester. Maybe, is assessing applications for security vulnerability these, um, veteran prod that's normally where these tools are run and they throw them back over the wall, you know, interrupting sprints and interrupting the developer workflow. So there's a ton of context switching, which is super expensive, and it's very disruptive to the business to not know about those issues before they're in prod. And they're also higher risk issues because they're in fraud s. So you have to be able to see a >>wrong flywheel. Basically, it's like you have a penetration test is okay. I want to do ship this app. Pen test comes back, okay? We gotta fix the bug, interrupts the cycle. They're not coding there in fire drill mode. And then it's a chaotic death spiral at that point, >>right? Or nothing gets done. God, how did >>you What was the vision? How did you get here? What? How did you start? The company's woke up one morning. Seven started a security company. And how did what was the journey? What got you here? >>Sure. Thanks. I've been building software for software engineers since 2010. So the first startup I worked for was very much about making it easy for software engineers to deploy and manage applications super efficiently on any cloud provider. And we did programmatic updates to those applications and could even move them from cloud to cloud. And so that was sort of cutting my teeth and technology and really understanding the developer experience. Then I was a VP of product at a company called Victor Ops. We were purchased by spunk in 2018. But that product was really about empowering software engineers to manage their own code in production. So instead of having a network operations center right who sat in front of screens and was waiting for something to go wrong and would then just end up dialing there, you know, just this middle man trying to dial to find the person who wrote the software so that they can fix it. We made that way more efficient and could just route issues to software engineers. And so that was a very dev ops focused company in terms of, um, improving meantime to know and meantime to resolve by putting up time in the hands of software engineers where it didn't used to live there before it lived in a more traditional operations type of role. But we deploy software way too quickly and way too frequently to production to assume that another human can just sit there and know how to fix it, because the problems aren't repeatable, right? So So I've been living in the space for a long time, and I would go to conferences and people would say, Well, I love for, you know, we have these digital transformation initiatives and I'm in the security team and I don't feel like I'm part of this. I don't know. I don't know how to insert myself in this process. And so I started doing a lot of research about, um, how we can shift this left. And I was actually doing some research about penetration testing at the time, Um, and found just a ton of opportunity, a ton of problems, right that exist with security and how we do it today. So I really think of this company as a Dev Ops first Company, and it just so happens to be that we're taking security, and we're making it, um, just part of the the application testing framework, right? We're testing for security bugs, just like we would test for any other kind of bucks. >>That's an awesome vision of other great great history there. And thanks for sharing that. I think one of the things that I think this ties into that we have been reporting aggressively on is the movement to Dev Stack Up, Dev, Ops Dev SEC Ops. And you know, just doing an interview with the guy who stood up space force and big space conversation and were essentially riffing on the idea that they have to get modern. It's government, but they got to do more commercial. They're using open source. But the key thing was everything. Software defined. And so, as you move into suffer defined, then they say we want security baked in from the beginning and This is the big kind of like sea level conversation. Bake it in from the beginning, but it's not that easy. And this is where I think it's interesting where you start to think, uh, Dev ops for security because security is broken. So this is a huge trend. It sounds easy to say it baked security in whether it's an i o T edge or multi cloud. There's >>a lot >>of work there. What should people understand when they hear that kind of platitude of? I just baked security and it's really easy. It's not. It's not trivial. What's your thoughts on >>that? It isn't trivial. And in my opinion, there aren't a lot of tools on the market that actually make that very easy. You know, there are some you've had sneak on this program and they're doing an excellent job, really speaking to the developer and being part of that modern software delivery workflow. Um, but because a lot of tools were built to run in production, it makes it really difficult to bake them in from the beginning. And so, you know, I think there are several goals here. One is you make the tooling work so that it works for the software engineer and their workflow. And and there's some different values that we have to consider when its foreign engineer versus when it's for a security person, right? Limit the noise, make it as easy as possible. Um, make sure that we only show the most critical things that are worth an engineer. Stopping what they're doing in terms of building business value and going back and fixing that bugs and then create a way to discuss in triage other issues later outside of the development. Workflow. So you really have to have a lot of empathy and understanding for how software is built and how software engineers behave, I think, in order to get this right. So it's not easy. Um, but we're here and other tools air here. Thio support companies in doing that. >>What's the competitive strategy for you guys going forward? Because there's a big sea change. Now I see an inflection point. Obviously, Cove it highlights. It's not the main reason, but Cloud native has proven it's now gone mainstream kubernetes. You're seeing the big movement there. You're seeing scale be a huge issue. Software defined operations are now being discussed. So I think it's It's a simple moment for this kind of solution. How are you guys going to compete? What's what's the winning strategy? How are you guys gonna compete to win? >>Yeah, so there's two pieces to that one is getting the technology right and making sure that it is a product that developers love. And we put a ton of effort into that because when a software engineer says, Hey, I'd love to use the security product, right? CSOs around the world are going to be like, Yes, please. Did a software engineer just ask me, You have the security product. Thank you, Right. We're here to make it so easy for them and get the tech right. And then the other piece, in terms of being competitive, is the business model. There were something like, I don't You would know better than me, but I think the data point I last saw was like 1300 venture backed security companies since 2012 focused on selling to see SOS and Fortune 2000 companies. It is a mess. It's so noisy, nobody can figure out what anybody actually does. What we have done is said no, we're going to take a modern business model approach to security. So you know, it's a SAS platform that makes it super easy for a software engineer or anybody on the team to try and buy the software. So 14 day trial. You don't have to talk to anybody if you don't want Thio Awesome support to make sure that people can get on boarded and with our on boarding flow, we've seen that our customers go from signing up to first successful scan of their platform or whatever app they chose to scan in a knave ridge of about 10 minutes. The fastest is eight, right? So it's about delivering value to our customers really quickly. And there aren't many companies insecurity on the market today. That do that? >>You know, you mentioned pen test earlier. I I hear that word. Nice shit. And, like, pen test penetration test, as it's called, um, Sock reports. I mean, these are things that are kind of like I got to do that again. I know these people are doing things that are gonna be automated, but one of the things that cloud native has proven as be killer app is integrations because when you build a modern app, it has to integrate with someone else. So there you need these kind of pen tests. You gotta have this kind of code review. And as code, um, is part of, say, a purpose built device where it's an I o T. Edge updates have toe happen. So you need mawr automation. You need more scale around both updating software to, ah, purpose built device or for integration. What's your thoughts in reaction to that? Because this is a riel software challenge from a customer standpoint, because there are too many tools out there and every see so that I talk to says, I just want to get rid of half the tools consolidate down around my clouds that I'm working through my environment and b'more developer oriented, not just purchasing stuff. So you have all this going on? What's your reaction to that? You got the you know, the integration and you've got the software updates on purpose built devices. >>Yeah, I mean, we I make a joke a little bit. That security land is like, you know, acronyms. Dio there are so many types of security that you could choose to implement. And they all have a home and different use cases that are certainly valuable toe organizations. Um, what we like to focus on and what we think is interesting and dynamic application scanning is because it's been hard toe automate dynamic application for especially for modern applications. I think a lot of companies have ignored theon pertuan ity Thio really invest in this capability and what's cool about dynamic. And you were mentioning pen testing. Is that because it's actively attacking your app? It when you get a successful test, it's like a It's like a successful negative test. It's that the test executed, which means that bug is present in your code. And so there's a lot less false positives than in other types of scanning or assessment technologies. Not to say there isn't a home for them. There's a lot of we could we could spend a whole hour kind of breaking down all the different types of bugs that the different tools confined. Um, but we think that if you want to get started developer first, you know there's a lot of great technologies. Pick a couple or one right pick stack hawk pick, sneak and just get started and put it in your developer workflow. So integrations are super important. Um, we have integrations with every C I C. D provider, making it easy to scan your code on every merge or release. And then we also have workflow integrations for software engineers associated with where they want to be doing work and how they want to be interrupted or told about an issue. So, you know, we're very early to market, but right out of the gate, we made sure that we had a slack integration so that scans are running. Or as we're finding new things, it's populating in a specific slack channel for those engineers who work on that part of the app and you're a integration right. If we find issues, we can quickly make tickets and route them and make sure that the right people are working on those issues. Eso That's how I think about sort of the integration piece and just getting started. It's like you can't tackle the whole like every accurate, um, at once like pick something that helps you get started and then continue to build out your program, as you have success. >>A lot of these tools can they get in the hands of developers, and then you kind of win their trust by having functionality. Uh, certainly a winning strategy we've seen. You know, Splunk, you mentioned where you worked for Data Dog and very other tools out there just get started easily. If it's good, it will be used. So I love that strategy. Question. I wanna ask you mentioned Dr earlier. Um, they got a real popular environment, but that speaks to the open source area. How do you see the role of open source playing with you guys? Is that gonna be part of your community outreach? Does the feed into the product? Could you share your vision on how stack hawks engaging and playing an open source? >>Yeah, absolutely. Um So when we started this company, my co founders and I, we sat down and said here, What are the problems? Okay, the world doesn't need a better scanner, right? If you walk the floor of, ah, security, uh, conference. It's like our tool finds a million things and someone else is. My tool finds a million and five things. Right, And that's how they're competing on value. It's really about making it easy to use and put in the pipeline. So we decided not to roll. Our own scanner were based on an open source capability called Zap the Set Attack Proxy. Uh, it is the most the world's most downloaded application scanner. And, uh, actually we just hired the founder of Zap to join the Stack Hawk team, and we're really excited to continue to invest in the open source community. There is a ton of opportunity to grow and sort of galvanize that community. And then the work that we do with our customers and the feedback that we get about the bugs we find if there, ah, false positive or this one's commonly risk accepted, we can go back to the community, which were already doing and saying, Hey, ditch this rule, Nobody likes it or we need to improve this test. Um, so it's a really nice relationship that we have, and we are looking forward to continuing to grow that >>great stuff. You guys are hot. Start of love. The software on security angle again def sec. Cox is gonna be It's gonna be really popular. Can you talk about some of the customer success is What's the What's the feedback from customers? Can you share some of the use cases that you guys are participating in where you're winning? You mentioned developers love it and try It can just give us a couple of use cases and examples. >>Yeah. Ah, few things. Um ah, lot of our customers are already selling on the notion. Like before we even went to G A right. They told all of their customers that they scan for security bugs with every single release. So in really critical, uh, industry is like fintech, right. It's really important that their customers trust that they're taking security seriously, which everybody says they dio. But they show it to their customers by saying here, every single deploy I can show you if there were any new security bugs released with that deploy. So that's really awesome. Other things We've heard our, uh, people being able to deploy really quickly thio the Salesforce marketplace, right? Like if they have toe have a scan to prove that that they can sell on Salesforce, they do that really rapidly. Eso all of that's going really well with our customers. >>How would I wanna How would I be a customer if I was interested in, um, using Stack Hawks say we have some software we wanna stand up, and, uh, it's super grade. And so Amazon Microsoft Marketplace Stairs Force They'll have requirements or say I want to do a deal with an integration they don't want. They want to make sure there's no nothing wrong with the code. This seems to be a common use case. How doe I if I was a customer, get involved or just download software? Um, what's the What's the procurement? What's the consumption side of it looked like, >>Yeah, you just go to Stockholm dot com and you create an account. If you'd like to get started that way so you can have a 14 day free trial. We have extremely extensive documentation, so it's really easy to get set up that way. You should have some familiarity. Or grab a software engineer who has familiarity with a couple of things. So one is how to use Docker, right? So Docker is, ah, deployment mechanism for the scanner. We do that so you can run it anywhere that you would like to, and we don't have to do things like pierce firewalls or other protective measures that you've instrumented on your production environment. You just run it, um, wherever you like in your system. So locally, C I c d So docker is an important thing to understand the way we configure our scanner is through a, um, a file. So if you are getting a scan today, either your security team is doing it or you have a pen tester doing it. Um, the whole like getting ready for that engagement takes a lot of time because the people who are running the tests don't know how the software was built. So the way we think about this is, just ask them. So you just fill out a Yamil file with parameters that tell the scanner what to dio tell it how to authenticate and not log out. Um, feed us an A p. I speak if you want, so weaken super efficiently, scan your app and you can be up and running really quickly, and then that's it. You can work with our team at any time if you need help, and then we have a really efficient procurement process >>in my experience some of the pen tests of firms out there, is it? It's like the house keeping seal of approval. You get it once and then you gotta go back again. Software change, new things come in. And it's like, Wait a minute, what's the new pen test? And then you to write a check or engaged to have enough meeting? I mean, this is the problem. I mean, too many meetings. Do you >>guys solve that problem? Do >>you solve that problem? >>We solve a piece of that problem. So I think you know, part of how I talk about our company is this idea that we live in a world where we deploy software every single day. Yet it seems reasonable that once a year or twice a year, we go get a pen test where human runs readily available, open source software on our product and gives us a like, quite literal. Pdf of issues on. It's like this is so intellectually dishonest, like we deploy all of the time. So here's the thing. Pen tests are important and everybody should do them. But that should not be the introduction to these issues that are also easy to automate and find in your system. So the way we think about how we work with pen testers is, um, run, stack hawk or zapped right in an automated fashion on your system, and then give that, give the configuration and give the most recent results to your pen tester and say, Go find the hard stuff. You shouldn't be cutting checks for $30,000 to a pen tester or something that you could easily meet in your flare up. Klein. You could write the checks for finding finding the hard stuff that's much more difficult to automate. >>I totally agree. Final question. Business model Once I get in, is it a service software and services? A monthly fee? How do you guys make money? >>Yep, it is software as a service, it is. A monthly fee were early to market. So I'm not going to pretend that we have perfectly cracked the pricing. Um, but the way that we think about this is this is a team product for software engineers and for, you know, informed constituents, right? You want a product person in the product. You want a security person in the product? Um, and we also want to incent you to scan your APS And the most modern fashion, which is scanning the smallest amount of http that lives in your app, like in a micro services architecture because it makes a lot easier, is easy to isolate the problems where they live and to fix those issues really quickly. So we bundle team and for a UPS and then we scale within, uh, companies as they add more team. So pen users. 10 APS is 3 99 a month. And as you add software engineers and more applications, we scale within your company that way. >>Awesome. So if you're successful, you pay more, but doesn't matter. You already succeeded, and that's the benefit of by As you go Great stuff. Final question. One more thing. Your vision of the future. What are the biggest challenges you see in the next 24 months? Plus beyond, um, that you're trying to attack? That's a preferred future that you see evolving. What's the vision? >>Yeah, you've touched on this a couple of times in this interview with uh being remote, and the way that we need to build software already has been modernizing, and I feel like every company has a digital transformation initiative, but it has toe happen faster. And along with that, we have to figure out how Thio protect and secure these Moderna Gail. The most important thing that we do the hearts and minds of our support engineers and make it really easy for them to use security capabilities and then continue to growth in the organization. And that's not an easy thing tied off. It's easy change, a different way of being security. But I think we have to get their, uh, in order to prepare the security, uh, in these rapidly deployed and developed applications that our customers expect. >>Awesome. Jodi Clippers, CEO and founder of Stack Hawk. Thank you for coming on. I really appreciate it. Thanks for spending the time featured Startup is part of our Cuban cloud. I'm Sean for your host with silicon angle to Cube. Thanks for watching

>> Narrator: From theCUBE Studios in Palo Alto, in Boston bringing you data-driven insights from theCUBE and ETR. This is "Breaking Analysis" with Dave Vellante. >> The next 10 years of cloud, they're going to differ dramatically from the past decade. The early days of cloud, deployed virtualization of standard off-the-shelf components, X86 microprocessors, disk drives et cetera, to then scale out and build a large distributed system. The coming decade is going to see a much more data-centric, real-time, intelligent, call it even hyper-decentralized cloud that will comprise on-prem, hybrid, cross-cloud and edge workloads with a services layer that will obstruct the underlying complexity of the infrastructure which will also comprise much more custom and varied components. This was a key takeaway of the guests from theCUBE on Cloud, an event hosted by SiliconANGLE on theCUBE. Welcome to this week's Wikibon CUBE Insights Powered by ETR. In this episode, we'll summarize the findings of our recent event and extract the signal from our great guests with a couple of series and comments and clips from the show. CUBE on Cloud is our very first virtual editorial event. It was designed to bring together our community in an open forum. We ran the day on our 365 software platform and had a great lineup of CEOs, CIOs, data practitioners technologists. We had cloud experts, analysts and many opinion leaders all brought together in a day long series of sessions that we developed in order to unpack the future of cloud computing in the coming decade. Let me briefly frame up the conversation and then turn it over to some of our guests. First, we put forth our view of how modern cloud has evolved and where it's headed. This graphic that we're showing here, talks about the progression of cloud innovation over time. A cloud like many innovations, it started as a novelty. When AWS announced S3 in March of 2006, nobody in the vendor or user communities really even in the trade press really paid too much attention to it. Then later that year, Amazon announced EC2 and people started to think about a new model of computing. But it was largely tire kickers, bleeding-edge developers that took notice and really leaned in. Now the financial crisis of 2007 to 2009, really created what we call a cloud awakening and it put cloud on the radar of many CFOs. Shadow IT emerged within departments that wanted to take IT in bite-sized chunks and along with the CFO wanted to take it as OPEX versus CAPEX. And then I teach transformation that really took hold. We came out of the financial crisis and we've been on an 11-year cloud boom. And it doesn't look like it's going to stop anytime soon, cloud has really disrupted the on-prem model as we've reported and completely transformed IT. Ironically, the pandemic hit at the beginning of this decade, and created a mandate to go digital. And so it accelerated the industry transformation that we're highlighting here, which probably would have taken several more years to mature but overnight the forced March to digital happened. And it looks like it's here to stay. Now the next wave, we think we'll be much more about business or industry transformation. We're seeing the first glimpses of that. Holger Mueller of Constellation Research summed it up at our event very well I thought, he basically said the cloud is the big winner of COVID. Of course we know that now normally we talk about seven-year economic cycles. He said he was talking about for planning and investment cycles. Now we operate in seven-day cycles. The examples he gave where do we open or close the store? How do we pivot to support remote workers without the burden of CAPEX? And we think that the things listed on this chart are going to be front and center in the coming years, data AI, a fully digitized and intelligence stack that will support next gen disruptions in autos, manufacturing, finance, farming and virtually every industry where the system will expand to the edge. And the underlying infrastructure across physical locations will be hidden. Many issues remain, not the least of which is latency which we talked about at the event in quite some detail. So let's talk about how the Big 3 cloud players are going to participate in this next era. Well, in short, the consensus from the event was that the rich get richer. Let's take a look at some data. This chart shows our most recent estimates of IaaS and PaaS spending for the Big 3. And we're going to update this after earning season but there's a couple of points stand out. First, we want to make the point that combined the Big 3 now account for almost $80 billion of infrastructure spend last year. That $80 billion, was not all incremental (laughs) No it's caused consolidation and disruption in the on-prem data center business and within IT shops companies like Dell, HPE, IBM, Oracle many others have felt the heat and have had to respond with hybrid and cross cloud strategies. Second while it's true that Azure and GCP they appear to be growing faster than AWS. We don't know really the exact numbers, of course because only AWS provides a clean view of IaaS and passwords, Microsoft and Google. They kind of hide them all ball on their numbers which by the way, I don't blame them but they do leave breadcrumbs and clues on growth rates. And we have other means of estimating through surveys and the like, but it's undeniable Azure is closing the revenue gap on AWS. The third is that I like the fact that Azure and Google are growing faster than AWS. AWS is the only company by our estimates to grow its business sequentially last quarter. And in and of itself, that's not really enough important. What is significant is that because AWS is so large now at 45 billion, even at their slower growth rates it grows much more in absolute terms than its competitors. So we think AWS is going to keep its lead for some time. We think Microsoft and AWS will continue to lead the pack. You know, they might converge maybe it will be a 200 just race in terms of who's first who's second in terms of cloud revenue and how it's counted depending on what they count in their numbers. And Google look with its balance sheet and global network. It's going to play the long game and virtually everyone else with the exception of perhaps Alibaba is going to be secondary players on these platforms. Now this next graphic underscores that reality and kind of lays out the competitive landscape. What we're showing here is survey data from ETR of more than 1400 CIOs and IT buyers and on the vertical axis is Net Score which measures spending momentum on the horizontal axis is so-called Market Share which is a measure of pervasiveness in the data set. The key points are AWS and Microsoft look at it. They stand alone so far ahead of the pack. I mean, they really literally, it would have to fall down to lose their lead high spending velocity and large share of the market or the hallmarks of these two companies. And we don't think that's going to change anytime soon. Now, Google, even though it's far behind they have the financial strength to continue to position themselves as an alternative to AWS. And of course, an analytics specialist. So it will continue to grow, but it will be challenged. We think to catch up to the leaders. Now take a look at the hybrid zone where the field is playing. These are companies that have a large on-prem presence and have been forced to initiate a coherent cloud strategy. And of course, including multicloud. And we include Google in this so pack because they're behind and they have to take a differentiated approach relative to AWS, and maybe cozy up to some of these traditional enterprise vendors to help Google get to the enterprise. And you can see from the on-prem crowd, VMware Cloud on AWS is stands out as having some, some momentum as does Red Hat OpenShift, which is it's cloudy, but it's really sort of an ingredient it's not really broad IaaS specifically but it's a component of cloud VMware cloud which includes VCF or VMware Cloud Foundation. And even Dell's cloud. We would expect HPE with its GreenLake strategy. Its financials is shoring up, should be picking up momentum in the future in terms of what the customers of this survey consider cloud. And then of course you could see IBM and Oracle you're in the game, but they don't have the spending momentum and they don't have the CAPEX chops to compete with the hyperscalers IBM's cloud revenue actually dropped 7% last quarter. So that highlights the challenges that that company facing Oracle's cloud business is growing in the single digits. It's kind of up and down, but again underscores these two companies are really about migrating their software install basis to their captive clouds and as well for IBM, for example it's launched a financial cloud as a way to differentiate and not take AWS head-on an infrastructure as a service. The bottom line is that other than the Big 3 in Alibaba the rest of the pack will be plugging into hybridizing and cross-clouding those platforms. And there are definitely opportunities there specifically related to creating that abstraction layer that we talked about earlier and hiding that underlying complexity and importantly creating incremental value good examples, snowfallLike what snowflake is doing with its data cloud, what the data protection guys are doing. A company like Loomio is headed in that direction as are others. So, you keep an eye on that and think about where the white space is and where the value can be across-clouds. That's where the opportunity is. So let's see, what is this all going to look like? How does the cube community think it's going to unfold? Let's hear from theCUBE Guests and theCUBE on Cloud speakers and some of those highlights. Now, unfortunately we don't have time to show you clips from every speaker. We are like 10-plus hours of video content but we've tried to pull together some comments that summarize the sentiment from the community. So I'm going to have John Furrier briefly explain what theCUBE on Cloud is all about and then let the guests speak for themselves. After John, Pradeep Sindhu is going to give a nice technical overview of how the cloud was built out and what's changing in the future. I'll give you a hint it has to do with data. And then speaking of data, Mai-Lan Bukovec, who heads up AWS is storage portfolio. She'll explain how she views the coming changes in cloud and how they look at storage. Again, no surprise, it's all about data. Now, one of the themes that you'll hear from guests is the notion of a distributed cloud model. And Zhamak Deghani, he was a data architect. She'll explain her view of the future of data architectures. We also have thoughts from analysts like Zeus Karavalla and Maribel Lopez, and some comments from both Microsoft and Google to compliment AWS's view of the world. In fact, we asked JG Chirapurath from Microsoft to comment on the common narrative that Microsoft products are not best-to-breed. They put out a one dot O and then they get better, or sometimes people say, well, they're just good enough. So we'll see what his response is to that. And Paul Gillin asks, Amit Zavery of Google his thoughts on the cloud leaderboard and how Google thinks about their third-place position. Dheeraj Pandey gives his perspective on how technology has progressed and been miniaturized over time. And what's coming in the future. And then Simon Crosby gives us a framework to think about the edge as the most logical opportunity to process data not necessarily a physical place. And this was echoed by John Roese, and Chris Wolf to experience CTOs who went into some great depth on this topic. Unfortunately, I don't have the clips of those two but their comments can be found on the CTO power panel the technical edge it's called that's the segment at theCUBE on Cloud events site which we'll share the URL later. Now, the highlight reel ends with CEO Joni Klippert she talks about the changes in securing the cloud from a developer angle. And finally, we wrap up with a CIO perspective, Dan Sheehan. He provides some practical advice on building on his experience as a CIO, COO and CTO specifically how do you as a business technology leader deal with the rapid pace of change and still be able to drive business results? Okay, so let's now hear from the community please run the highlights. >> Well, I think one of the things we talked about COVID is the personal impact to me but other people as well one of the things that people are craving right now is information, factual information, truth, textures that we call it. But here this event for us Dave is our first inaugural editorial event. Rob, both Kristen Nicole the entire cube team, SiliconANGLE on theCUBE we're really trying to put together more of a cadence. We're going to do more of these events where we can put out and feature the best people in our community that have great fresh voices. You know, we do interview the big names Andy Jassy, Michael Dell, the billionaires of people making things happen, but it's often the people under them that are the real Newsmakers. >> If you look at the architecture of cloud data centers the single most important invention was scale-out. Scale-out of identical or near identical servers all connected to a standard IP ethernet network. That's the architecture. Now the building blocks of this architecture is ethernet switches which make up the network, IP ethernet switches. And then the server is all built using general purpose x86 CPU's with DRAM, with SSD, with hard drives all connected to inside the CPU. Now, the fact that you scale these server nodes as they're called out was very, very important in addressing the problem of how do you build very large scale infrastructure using general purpose compute but this architecture, Dave is a compute centric architecture. And the reason it's a compute centric architecture is if you open this, is server node. What you see is a connection to the network typically with a simple network interface card. And then you have CPU's which are in the middle of the action. Not only are the CPU's processing the application workload but they're processing all of the IO workload what we call data centric workload. And so when you connect SSDs and hard drives and GPU is everything to the CPU, as well as to the network you can now imagine that the CPU is doing two functions. It's running the applications but it's also playing traffic cop for the IO. So every IO has to go to the CPU and you're executing instructions typically in the operating system. And you're interrupting the CPU many many millions of times a second. Now general purpose CPU and the architecture of the CPU's was never designed to play traffic cop because the traffic cop function is a function that requires you to be interrupted very, very frequently. So it's critical that in this new architecture where does a lot of data, a lot of these stress traffic the percentage of workload, which is data centric has gone from maybe one to 2% to 30 to 40%. >> The path to innovation is paved by data. If you don't have data, you don't have machine learning you don't have the next generation of analytics applications that helps you chart a path forward into a world that seems to be changing every week. And so in order to have that insight in order to have that predictive forecasting that every company needs, regardless of what industry that you're in today, it all starts from data. And I think the key shift that I've seen is how customers are thinking about that data, about being instantly usable. Whereas in the past, it might've been a backup. Now it's part of a data Lake. And if you can bring that data into a data lake you can have not just analytics or machine learning or auditing applications it's really what does your application do for your business and how can it take advantage of that vast amount of shared data set in your business? >> We are actually moving towards decentralization if we think today, like if it let's move data aside if we said is the only way web would work the only way we get access to various applications on the web or pages to centralize it We would laugh at that idea. But for some reason we don't question that when it comes to data, right? So I think it's time to embrace the complexity that comes with the growth of number of sources, the proliferation of sources and consumptions models, embrace the distribution of sources of data that they're not just within one part of organization. They're not just within even bounds of organizations that are beyond the bounds of organization. And then look back and say, okay, if that's the trend of our industry in general, given the fabric of compensation and data that we put in, you know, globally in place then how the architecture and technology and organizational structure incentives need to move to embrace that complexity. And to me that requires a paradigm shift a full stack from how we organize our organizations how we organize our teams, how we put a technology in place to look at it from a decentralized angle. >> I actually think we're in the midst of the transition to what's called a distributed cloud, where if you look at modernized cloud apps today they're actually made up of services from different clouds. And also distributed edge locations. And that's going to have a pretty profound impact on the way we go vast. >> We wake up every day, worrying about our customer and worrying about the customer condition and to absolutely make sure we dealt with the best in the first attempt that we do. So when you take the plethora of products we've dealt with in Azure, be it Azure SQL be it Azure cosmos DB, Synapse, Azure Databricks, which we did in partnership with Databricks Azure machine learning. And recently when we sort of offered the world's first comprehensive data governance solution and Azure overview, I would, I would humbly submit to you that we are leading the way. >> How important are rankings within the Google cloud team or are you focused mainly more on growth and just consistency? >> No, I don't think again, I'm not worried about we are not focused on ranking or any of that stuff. Typically I think we are worried about making sure customers are satisfied and the adding more and more customers. So if you look at the volume of customers we are signing up a lot of the large deals we did doing. If you look at the announcement we've made over the last year has been tremendous momentum around that. >> The thing that is really interesting about where we have been versus where we're going is we spend a lot of time talking about virtualizing hardware and moving that around. And what does that look like? And creating that as more of a software paradigm. And the thing we're talking about now is what does cloud as an operating model look like? What is the manageability of that? What is the security of that? What, you know, we've talked a lot about containers and moving into different, DevSecOps and all those different trends that we've been talking about. Like now we're doing them. So we've only gotten to the first crank of that. And I think every technology vendor we talked to now has to address how are they are going to do a highly distributed management insecurity landscape? Like, what are they going to layer on top of that? Because it's not just about, oh, I've taken a rack of something, server storage, compute, and virtualized it. I know have to create a new operating model around it in a way we're almost redoing what the OSI stack looks like and what the software and solutions are for that. >> And the whole idea of we in every recession we make things smaller. You know, in 91 we said we're going to go away from mainframes into Unix servers. And we made the unit of compute smaller. Then in the year, 2000 windows the next bubble burst and the recession afterwards we moved from Unix servers to Wintel windows and Intel x86 and eventually Linux as well. Again, we made things smaller going from million dollar servers to $5,000 servers, shorter lib servers. And that's what we did in 2008, 2009. I said, look, we don't even need to buy servers. We can do things with virtual machines which are servers that are an incarnation in the digital world. There's nothing in the physical world that actually even lives but we made it even smaller. And now with cloud in the last three, four years and what will happen in this coming decade. They're going to make it even smaller not just in space, which is size, with functions and containers and virtual machines, but also in time. >> So I think the right way to think about edges where can you reasonably process the data? And it obviously makes sense to process data at the first opportunity you have but much data is encrypted between the original device say and the application. And so edge as a place doesn't make as much sense as edge as an opportunity to decrypt and analyze it in the care. >> When I think of Shift-left, I think of that Mobius that we all look at all of the time and how we deliver and like plan, write code, deliver software, and then manage it, monitor it, right like that entire DevOps workflow. And today, when we think about where security lives, it either is a blocker to deploying production or most commonly it lives long after code has been deployed to production. And there's a security team constantly playing catch up trying to ensure that the development team whose job is to deliver value to their customers quickly, right? Deploy as fast as we can as many great customer facing features. They're then looking at it months after software has been deployed and then hurrying and trying to assess where the bugs are and trying to get that information back to software developers so that they can fix those issues. Shifting left to me means software engineers are finding those bugs as they're writing code or in the CIC CD pipeline long before code has been deployed to production. >> During this for quite a while now, it still comes down to the people. I can get the technology to do what it needs to do as long as they have the right requirements. So that goes back to people making sure we have the partnership that goes back to leadership and the people and then the change management aspects right out of the gate, you should be worrying about how this change is going to be how it's going to affect, and then the adoption and an engagement, because adoption is critical because you can go create the best thing you think from a technology perspective. But if it doesn't get used correctly, it's not worth the investment. So I agree, what is a digital transformation or innovation? It still comes down to understand the business model and injecting and utilizing technology to grow our reduce costs, grow the business or reduce costs. >> Okay, so look, there's so much other content on theCUBE on Cloud events site we'll put the link in the description below. We have other CEOs like Kathy Southwick and Ellen Nance. We have the CIO of UI path. Daniel Dienes talks about automation in the cloud and Appenzell from Anaplan. And a plan is not her company. By the way, Dave Humphrey from Bain also talks about his $750 million investment in Nutanix. Interesting, Rachel Stevens from red monk talks about the future of software development in the cloud and CTO, Hillary Hunter talks about the cloud going vertical into financial services. And of course, John Furrier and I along with special guests like Sergeant Joe Hall share our take on key trends, data and perspectives. So right here, you see the coupon cloud. There's a URL, check it out again. We'll, we'll pop this URL in the description of the video. So there's some great content there. I want to thank everybody who participated and thank you for watching this special episode of theCUBE Insights Powered by ETR. This is Dave Vellante and I'd appreciate any feedback you might have on how we can deliver better event content for you in the future. We'll be doing a number of these and we look forward to your participation and feedback. Thank you, all right, take care, we'll see you next time. (upbeat music)