>> Welcome back to Los Angeles. The cube is live. It feels so good to say that. I'm going to say that again. The cube is alive in Los Angeles. We are a coop con cloud native con 21. Lisa Martin with Dave Nicholson. We're talking to storm forge next. Cool name, right? We're going to get to the bottom of that. Please welcome Matt Provo, the founder and CEO of storm forge and Tom Ellery, the SVP of revenue storm forge, guys, welcome to the program. Thanks for having us. So storm forge, you have to say it like that. Like I feel like do you guys wear Storm trooper outfits on Halloween. >> Sometimes Storm trooper? The colors are black. You know, we hit anvils from time to time. >> I thought I, I thought they, that I saw >> Or may not be a heavy metal band that might be infringing on our name. It's all good. That's where we come from. >> I see. So you, so you started the company in 2015. Talk to me about the Genesis of the company. What were some of the gaps in the market that you saw that said we got to come in here and solve this? >> Yeah, so I was fortunate to always know. I think when you start a company, sometimes you, you know exactly the set of problems that you want to go after and potentially why you might be uniquely set up to solve it. What we knew at the beginning was we had a number of really talented data scientists. I was frustrated by the buzzwords around AI and machine learning when under the hood, this really a lot of vaporware. And so at the outset, really the, the point was build something real at the core, connect that to a set of problems that could drive value. And when we looked at really the beginnings of Kubernetes and containerization five, six years ago at its Genesis, we saw just a bunch of opportunity for machine learning, to play the right kind of role if we could build it correctly. And so at the outset it was what's going on. Why are people are people moving content workloads over to containers in the first place? And, you know, because of the flexibility and the portability around Kubernetes, we then ran into quickly its complexity. And within that complexity was really the foundation to set up the company and the solution for prob a set of problems uniquely and most beneficially solved by using machine learning. And so when we sort of brought that together and designed out some ideas, we, we did what any, any founder with a product background would do. We went and talked to a bunch of potential users and kind of tried to validate the problems themselves and, and got a really positive response. So. >> So Tom, from a business perspective, what, what attracted you to this? >> Well, initially I wasn't attracted just, I'll say that just from a startup standpoint. So I've been in the industry for 30 years, I've done six or seven pre IPO companies. I was exiting a private company. I did not want to go do another startup company, but being in the largest enterprise companies for the last 20 years, you see Kubernetes like wildfire in these places. And you knew there was huge amount of complexity and sophistication when they deployed it. So I started talking to Matt early on. He explained what they were doing and how unique the offer was around machine learning. I already knew the problems that customers had at scale with Kubernetes. So it was for me, I said, all right, I'm going to take one more run at this with Matt. I think we're, we're in a great position to differentiate ourselves. So that was really the launch pad for me, was really the technology and the market space. Those, those two things in combination are very exciting for us as a business. >> And, you know, a couple of bottles of amazing wine and a number of dinners that. >> Helps as well. >> That definitely helped twist his arm? >> Now tell us, just really kind of get into the technology. What does it do? How does it help facilitate the Kubernetes environment? >> Yeah, absolutely. So when organizations start moving workloads over to Kubernetes and get their applications up and running, there's a number of amazing organizations, whether it's through cloud providers or otherwise that that sort of solved that day one problem, those challenges. And as I was mentioning, you know, they moved because of flexibility and so developers love it and it starts to create a great experience, but there's these set of expectations. >> Where, where typically are these moving from? What you, what, what are the, what are the top three environments these are, that these are moving out of? >> Yeah. I mean, of course, non containerized environments, more generally. They could be coming from, you know, bare metal environment and it could be coming from kind of a VM driven environment. >> Okay. >> So when you look back at kind of the, the growth and Genesis and of VMs, you see a lot of parallels to what we're seeing now with, with containerization. And so as you move, it's, it's exciting. And then you get smacked in the face with the complexity, for all of the knobs that are able to be turned within a Kubernetes environment. It gives developers a lot of flexibility. These knobs, as you turn them, you have no visibility into how into the impact on the application itself. And so often organizations are become, you know, becoming more agile shipping, you know, shipping code more quickly, but then all of a sudden the, the cloud bill comes and they've, over-provisioned by 80, 90%, the, they didn't need nearly as many resources. And so what we do is we help understand the unique goals and requirements for each of the applications that are running in Kubernetes. And we have machine learning capabilities that can predict very accurately what organizations will need from a resource standpoint, in order to meet their goals, not just from a cost standpoint, but also from a performance standpoint. And so we allow organizations to typically save usually between 40 and 60% off their cloud bill and usually increased performance between 30 and 50%. Historically developers had to choose between cost and performance and their worldview on the application environment was very limited to a small set of what we would call parameters or metrics that they could choose from. And machine learning allows that world to just be blown open and not many humans are, are sophisticated in the way we think about multidimensional math to be able to make those kinds of predictions. You're talking about billions and billions of combinations, not just in a static environment, but an ongoing basis. So our technology sits in the middle of all that chaos and, and allows it to allows organizations just to re reap a whole lot of benefits that they otherwise may not ever find. >> Those numbers that you mentioned were, were big from a cost savings perspective than a performance increased perspective, which is so critical these days is in the last 18 months, we've seen so much change. We've seen massive pivots from companies in every industry to survive first of all, and then to be able to thrive and be able to iterate quickly enough to develop new products and services and get them to market to be competitive. >> Yeah. >> Yeah. Sorry. I mean, the thing that's interesting, there was an article by Andreessen Horowitz. I don't know if you've taken to the cloud paradox. So we actually, if you start looking at that great example would be some of these cloud companies that are growing like astronomical rates, snowflakes, like phenomenal what they're doing, but go look at their cogs and what it's doing. Also, it's growing almost proportionately as the revenues growing. So you need to be able to solve that problem in a way that is sophisticated enough with machine learning algorithms, that people don't have to be in the loop to do it. And that the math can prove out the solution as you go out and scale your environments. And a lot of companies now are all transitioning over SAS based platforms, and they're going to start running into these problems that they go as they go to scale. And those are the areas that we're really focused and concentrating on as an organization. >> As the leader of sales, talk to me about the voice of the customer. What are some- you've been there six months or so we heard, we heard about the wine and the dinners is obvious. >> We haven't done a lot of that over the last 18 months. >> You'll have to make for lost time then >> As soon as he closes more business. >> Oh, oh there we go, we got that on camera! >> There's, there's been three, a market spaces that we've had some really good success in that. So we talked about a SAS marketplace. So there's a company that does Drupal and Matt knows very well up in Boston, Aquia. And they have every customer is a unique snowflake customer. So they need to optimize each of their customers in order to ensure the cost as well as performance for that customer on their site works appropriately. So that's one example of a SAS based company that where we can go in and help them optimize without humans doing the optimization and the math and the machine learning from storm forge doing that. So that's an area, the other area that we've seen some really good traction Cantonese with GSI. So part of our go to market model is with GSI. So if you think about what a GSI does, a lot of times customers are struggling either initially deploying Kubernetes or putting it in for 12, 18 months and realizing we're starting to scale, we got all kinds of performance issues. How do I solve it? A lot of these people go to the Accentures, the cognizance and other ones, and start flying their ninjas into kind of solve the problem. So we're getting a lot of traction with them because they're using our tool as a way to help solve the customer's problems. And they're in the largest enterprise customers as possible. >> So if I'm hearing what you're saying correctly, you're saying that when I deploy server less applications, I may in fact, get a bill for servers that are being used? Is it, is that what you're telling us? >> They're there in fact may be a bill for what was coined as server less. That is very difficult to understand, by the way, >> That's crazy talk, Matt. >> And connect back. >> Yeah. But absolutely we deal with that all the time. It's a, it's a painful process from time to time. >> Have you, have you, have you seen the statistics that's going on with how people, I mean, there was huge inertia from every CIO that you had have a cloud strategy in place. Everyone ran out and had a cloud strategy in place. And then they started deploying on Kubernetes. Now they're realizing, oh wow, we can run it, but it's costing us more than it ever costs us on prem and the operational complexity associated with that. So there's not enough people in the industry to help solve that problem, especially at the grass roots, that's where you need sophisticated solutions like storm forge and machine learning to help solve this at scale problem in a way that humans could never solve. >> And I would, I would just add to that, that the, the same humans managing the Kubernetes application environments today are likely the same humans that we're managing it in a, in a BM world. So there's a huge skills gap. I love what Castin announced at KU KU con this year around their learning environment where it's free. Come learn Kubernetes and this, and we need more of that. There's an enormous skills gap and, and the problems are complex enough in and of themselves. But when we have, when you add that to the skills gap, it it's, it presents a lot of challenges for organizations. >> What are some the ways in which you think that gap can start to be made smaller. >> Yeah. I mean, I think as more workloads get moved over, over, you know, over time, you see, you see more and more people becoming comfortable in an environment where scale is a part of what they have to manage and take care of. I love what the Linux foundation and the CNCF are doing around Kubernetes certifications, you know, more and more training. I think you're going to see training, you know, availability for more and more developers and practitioners be adopted more widely. You know, and I think that, you know, as the tool chain itself hardens within a CCD world in a containerized world, as that hardens, you're going to, you're going to start seeing more and more individuals who are comfortable across all these different tools. If you look at the CNCF landscape, I mean, today compared to four or five years ago, it's growing like crazy. And so, but, but there's also consolidation taking place within the tools. And people have an opportunity to, to learn and gain expertise within us. Which is very marketable by the way, >> Absolutely >> My employees often show me their LinkedIn profiles and remind me of how , how much they're getting recruited, but they've been loyal. So it's been a fantastic. >> Are there are so many parallels when you look at a VM in virtualization and what's happening with covers, obviously all the abstractions and stuff, but there was this whole concept of VM sprawl, you know, maybe 10 years in, if you think about the Kubernetes environment, that is exponentially bigger problem because of how many they're spitting up versus how, how many you spun up in VM. So those things ultimately need to be solved. It's not just going to be solved with people. It needs to be solved with sophisticated software. That's the only way you're going to solve a problem at scale like that. No matter how many people you have in the industry, it's just never going to solve the problem. >> So when you're in customer conversations, Tom, what are you say are like the top three differentiators that really set storm forage apart? >> Well, so the first one is we're very focused on Kubernetes only. So that's all we do is just Kubernetes environment. So we understand not just the applications that run in Kubernetes, but we understand the underlying architectures and techniques, which we think is really important. From a solution standpoint, >> So you're specialists? >> We are absolutely specialists. The other areas obviously are machine learning and the sophistication of our machine learning. And Matt said this really well, early on, I mean, the buzzwords are all out there. You can read them all up, all over the place for the last five to seven year AI and ML. And a lot of them are very hollow, but our whole foundation was based on machine learning and PhDs from Harvard. That's where we came out of from a technology background. So we were solving more, we weren't just solving the Kubernetes problems. We were solving machine learning problems. And so that's another really big area of differential for us. And I think the ability to actually scale and not just deal with small problems, but very large problems, because our focus is the fortune 2000 companies. And most of them have been deploying like financial services and stuff, Kubernetes for three, four or five years. And so they have had scale challenges that they're trying to solve. >> Yeah. It's Lisa and I talk about this concept of machine learning and looking under the covers and trying to find out is the machine really learning? Is it really learning or is it people are telling the machine, you need to do this. If you see that Where's the machine actually making those correlations and doing something intelligently. So can you give us an example of something that is actually happening that's intelligent? >> Well, so the, the, if this, then that problem is actually a huge source of my original frustration for starting the company, because you, you, you tag AI as a buzzword onto a lot of stuff. And we see that growing like crazy. And so I literally at the beginning said, if we can't actually build something real, that solves problems, like we're going to hang it up. And, you know, as Tom said, we came out of Harvard and, you know, there was a challenge initially of, are we just going to build like a really amazing algorithm? That's so heavy, it can never be productized or commercialized and it really should have just stayed in academia. And, you know, I the I, I will say a couple of things. One is I do not believe that that black box AI is a thing. We believe in what we would call human, augmented AI. So we want to empower practitioners and developers into the process instead of automate them out. We just want to give them the information and we want to save time for them and make their lives easier. But there's a kill switch on the technology. They can intervene at any point in time. They can direct the technology as they see fit. And what's really, really interesting is because their worldview of this application environment gets opened up by all the predictions and all of the learning that actually is taking place and, you know, give it because that worldview is open, they then get into a kind of a tinkering or experimental mindset with the technology. And they start thinking about all these other scenarios that they never were able to explore previously with the application. And, and so the machine learning itself is on an ongoing basis. Understanding changes in traffic, understanding and changes, changes in workloads for the application or demand. If you thought about like surge pricing for Uber, you know, because of a, a big game that took place. And you know, that, that change in peaks and valleys in demand, our, our technology not only understands those reactively, but it starts to build models and predict proactively in advance of the events that are going to take place on, on what ne- what kind of resources need to be allocated. And why that's the other piece around it is often solutions are giving you a little bit of a what, but they certainly are not giving you any explanation of the why. So the holy grail really like in our world is kind of truly explainable AI, which we're not there yet. Nobody's there yet. But human augmented AI with, with actual intelligence that's taking place that also is relevant to business outcomes is, is pretty exciting. So that's why where try to operate. >> Very exciting guys. Thanks for joining us, talking to us about storm forage, to feel like we need some store in forge. T-shirts what do you think? >> (unintelligible) >> See, I'm not even asking for the bottle of wine. I liked that idea. I thank Matt and Tom, thank you so much for joining us exciting company. Congratulations on your success. And we look forward to seeing what great things are to come from storm forage. >> Thanks so much for the time. >> Our pleasure. For Dave Nicholson. I'm Lisa Martin. We are alive in Los Angeles, the cube covering Kube con and cloud native con 21 stick around. Dave and I will be right back with our next guest.

>> Announcer: From around the Globe, it's theCUBE with coverage of Kube Con and Cloud Native Con Europe 2021 virtual brought to you by Red Hat, the cloud native computing foundation and ecosystem partners. >> Hello, and welcome back to theCUBE's coverage of Kube Con and Cloud Native Con 2021 virtual. I'm John Furrier, host of theCUBE, here with a great guest, I'm excited to talk to. His company, that he was part of founding CTO, was bought by Red Hat. Ali Golshan, Senior Director of Global Software Engineer at Red Hat, formerly CTO of StackRox. Ali thanks for coming on, I appreciate it. Thanks for joining us. >> Thanks for having me excited to be here. >> So big acquisition in January, where we covered it on SiliconANGLE, You guys, security company, venture backed amplify Sequoya and on and on. Big part of Red Hat story in their security as developers want to shift left as they say and as more and more modern applications are being developed. So congratulations. So real quick, just quick highlight of what you guys do as a company and inside Red Hat. >> Sure, so the company's premise was built around how do you bring security the entire application life cycle. So StackRox focuses on sort of three big areas that we talk about. One is, how do you secure the supply chain? The second part of it is, how do you secure infrastructure and foster management and then the third part is now, how do you protect the workload that run on top of that infrastructure. So this is the part that aligned really well with Red Hat which is, Red Hat had wanted to take a lot of what we do around infrastructure, foster management configuration management and developer tools integrated into a lot of the things they do and obviously the workload protection part was a very seamless part of integrating us into the OpenShift part because we were built around cloud native constructs and obviously Red Hat having some of the foremost experts around cloud native sort of created a really great asset. >> Yeah, you guys got a great story. Obviously cloud native applications are rocking and rolling. You guys were in early serverless emerges, Kubernetes and then security in what I call the real time developer workflow. Ones that are building really fast, pushing code. Now it's called day two operations. So cloud native did two operations kind of encapsulates this new environment. You guys were right in the sweet spot of that. So this became quite the big deal, Red Hat saw an opportunity to bring you in. What was the motivation when you guys did the deal Was it like, "wow" this is a good fit. How did you react? What was the vibe at the StackRox when this was all going down? >> Yeah, so I think there's really three areas you look for, anytime a company comes up and sort of starts knocking on your door. One is really, is the team going to be the right fit? Is the culture going to be the right environment for the people? For us, that was a big part of what we were taking into consideration. We found Red Hat's general culture, how they approach people and sort of the overall approach the community was very much aligned with what we were trying to do. The second part of it was really the product fit. So we had from very early on started to focus purely on the Kubernetes components and doing everything we could, we call it sort of our product approach built in versus bolted on and this is sort of a philosophy that Red Hat had adopted for a long time and it's a part of a lot of their developer tools, part of their shift left story as well as part of OpenShift. And then the third part of it was really the larger strategy of how do you go to market. So we were hitting that point where we were in triple digit customers and we were thinking about scalability and how to scale the company. And that was the part that also fit really well which was obviously, RedHat more and more hearing from their customers about the importance and the criticality of security. So that last part happened to be one part. We ended up spending a lot of time on it, ended up being sort of three out of three matches that made this acquisition happen. >> Well congratulations, always great to see startups in the right position. Good hustle, great product, great market. You guys did a great job, congratulations. >> Thank you. >> Now, the big news here at KubeCon as Linux foundation open-source, you guys are announcing that you're open-sourcing at StackRox, this is huge news, obviously, you now work for an open-source company and so that was probably a part of it. Take us through the news, this is the top story here for this segment tickets through open-source. Take us through the news. >> Yeah, so traditionally StackRox was a proprietary tool. We do have open-source tooling but the entire platform in itself was a proprietary tool. This has been a number of discussions that we've had with the Red Hat team from the very beginning. And it sort of aligns around a couple of core philosophies. One is obviously Red Hat at its core being an open-source company and being very much plugged into the community and working with users and developers and engineers to be able to sort of get feedback and build better products. But I think the other part of it is that, I think a lot of us from a historic standpoint have viewed security to be a proprietary thing as we've always viewed the sort of magic algorithms or black boxes or some magic under the hood that really moved the needle. And that happens not to be the case anymore also because StackRox's philosophy was really built around Kubernetes and Built-in, we feel like one of the really great messages around wide open-source of security product is to build that trust with the community being able to expose, here's how the product works, here's how it integrates here are the actions it takes here's the ramifications or repercussions of some of the decisions you may make in the product. Those all I feel make for very good stories of how you build connection, trust and communication with the community and actually get feedback on it. And obviously at its core, the company being very much focused on Kubernetes developer tools, service manage, these are all open-source toolings obviously. So, for us it was very important to sort of talk the talk and walk the walk and this is sort of an easy decision at the end of the day for us to take the platform open-source. And we're excited about it because I think most still want a productized supported commercial product. So while it's great to have some of the tip of the spear customers look at it and adopt the open-source and be able to drive it themselves. We're still hearing from a lot of the customers that what they do want is really that support and that continuous management, maintenance and improvement around the product. So we're actually pretty excited. We think it's only going to increase our velocity and momentum into the community. >> Well, I got some questions on how it's going to work but I do want to get your comment because I think this is a pretty big deal. I had a conversation about 10 years ago with Doug Cutting, who was the founder of Hadoop, And he was telling me a story about a company he worked for, you know all this coding, they went under and the IP was gone, the software was gone and it was a story to highlight that proprietary software sometimes can never see the light of day and it doesn't continue. Here, you guys are going to continue the story, continue the code. How does that feel? What's your expectations? How's that going to work? I'm assuming that's what you're going to open it up which means that anyone can download the code. Is that right? Take us through how to first of all, do you agree with that this is going to stay alive and how's it going to work? >> Yeah, I mean, I think as a founder one of the most fulfilling things to have is something you build that becomes sustainable and stands the test of time. And I think, especially in today's world open-source is a tool that is in demand and only in a market that's growing is really a great way to do that. Especially if you have a sort of an established user base and the customer base. And then to sort of back that on top of thousands of customers and users that come with Red Hat in itself, gives us a lot of confidence that that's going to continue and only grow further. So the decision wasn't a difficult one, although transparently, I feel like even if we had pushed back I think Red Hat was pretty determined about open-source and we get anyway, but it's to say that we actually were in agreement to be able to go down that path. I do think that there's a lot of details to be worked out because obviously there's sort of a lot of the nuances in how you build product and manage it and maintain it and then, how do you introduce community feedback and community collaboration as part of open-source projects is another big part of it. I think the part we're really excited about is, is that it's very important to have really good community engagement, maintenance and response. And for us, even though we actually discussed this particular strategy during StackRox, one of the hindering aspects of that was really the resources required to be able to manage and maintain such a massive open-source project. So having Red Hat behind us and having a lot of this experience was very relevant. I think, as a, as a startup to start proprietary and suddenly open it and try to change your entire business model or go to market strategy commercialization, changed the entire culture of the company can sometimes create a lot of headwind. And as a startup, like sort of I feel like every year just trying not to die until you create that escape velocity. So those were I think some of the risk items that Red Hat was able to remove for us and as a result made the decision that much easier. >> Yeah, and you got the mothership with Red Hat they've done it before, they've been doing it for generations. You guys, you're in the startup, things are going crazy. It's like whitewater rafting, it's like everything's happening so fast. And now you got the community behind you cause you're going to have the CNC if you get Kubecon. I mean, it's a pretty great community, the support is amazing. I think the only thing the engineers might want to worry about is go back into the code base and clean things up a bit, as you start to see the code I'm like, wait a minute, their names are on it. So, it's always always a fun time and all serious now this is a big story on the DevSecOps. And I want to get your thoughts on this because kubernetes is still emerging, and DevOps is awesome, we've been covering that in for all of the life of theCUBE for the 11 years now and the greatness of DevOps but now DevSecOps is critical and Kubernetes native security is what people are looking at. When you look at that trend only continuing, what's your focus? What do you see? Now that you're in Red Hat as the CTO, former CTO of StackRox and now part of the Red Hat it's going to get bigger and stronger Kubernetes native and shifting left-hand or DevSecOps. What's your focus? >> Yeah, so I would say our focus is really around two big buckets. One is, Kubernetes native, sort of a different way to think about it as we think about our roadmap planning and go-to-market strategy is it's mutually exclusive with being in infrastructure native, that's how we think about it and as a startup we really have to focus on an area and Kubernetes was a great place for us to focus on because it was becoming the dominant orchestration engine. Now that we have the resources and the power of Red Hat behind us, the way we're thinking about this is infrastructure native. So, thinking about cloud native infrastructure where you're using composable, reusable, constructs and objects, how do you build potential offerings or features or security components that don't rely on third party tools or components anymore? How do you leverage the existing infrastructure itself to be able to conduct some of these traditional use cases? And one example we use for this particular scenario is networking. Networking, the way firewalling in segmentation was typically done was, people would tweak IP tables or they would install, for example, a proxy or a container that would terminate MTLS or become inline and it would create all sorts of sort of operational and risk overhead for users and for customers. And one of the things we're really proud of as sort of the company that pioneered this notion of cloud native security is if you just leverage network policies in Kubernetes, you don't have to be inline you don't have to have additional privileges, you don't have to create additional risks or operational overhead for users. So we're taking those sort of core philosophies and extending them. The same way we did to Kubernetes all the way through service manager, we're doing the same sorts of things Istio being able to do a lot of the things people are traditionally doing through for example, proxies through layer six and seven, we want to do through Istio. And then the same way for example, we introduced a product called GoDBledger which was an open-source tool, which would basically look at a yaml on helm charts and give you best practices responses. And it's something you we want for example to your get repositories. We want to take those sort of principles, enabling developers, giving them feedback, allowing them not to break their existing workflows and leveraging components in existing infrastructure to be able to sort of push security into cloud native. And really the two pillars we look at are ensuring we can get users and customers up and running as quickly as possible and reduce as much as possible operational overhead for them over time. So we feel these two are really at the core of open-sourcing in building into the infrastructure, which has sort of given us momentum over the last six years and we feel pretty confident with Red Hat's help we can even expand that further. >> Yeah, I mean, you bring up a good point and it's certainly as you get more scale with Red Hat and then the customer base, not only in dealing with the threat detection around containers and cloud native applications, you got to kind of build into the life cycle and you've got to figure out, okay, it's not just Kubernetes anymore, it's something else. And you've got advanced cluster security with Red Hat they got OpenShift cloud platform, you're going to have managed services so this means you're going to have scale, right? So, how do you view that? Because now you're going to have, you guys at the center of the advanced cluster security paradigm for Red Hat. That's a big deal for them and they've got a lot of R and D and a lot of, I wouldn't say R and D, but they got emerging technologies developing around that. We covered that in depth. So when you start to get into advanced cluster, it's compliance too, it's not just threat detection. You got insights telemetry, data acquisition, so you have to kind of be part of that now. How do you guys feel about that? Are you up for the task? >> Yeah, I hope so it's early days but we feel pretty confident about it, we have a very good team. So as part of the advanced cluster security we work also very closely with the advanced cluster management team in Red Hat because it's not just about security, it's about, how do you operationalize it, how do you manage it and maintain it and to your point sort of run it longterm at scale. The compliance part of it is a very important part. I still feel like that's in its infancy and these are a lot of conversations we're having internally at Red Hat, which is, we all feel that compliance is going to sort of more from the standard benchmarks you have from CIS or particular compliance requirements like the power, of PCI or Nest into how do you create more flexible and composable policies through a unified language that allows you to be able to create more custom or more useful things specific to your business? So this is actually, an area we're doing a lot of collaboration with the advanced cluster management team which is in that, how do you sort of bring to light a really easy way for customers to be able to describe and sort of abstract policies and then at the same time be able to actually and enforce them. So we think that's really the next key point of what we have to accomplish to be able to sort of not only gain scale, but to be able to take this notion of, not only detection in response but be able to actually build in what we call declarative security into your infrastructure. And what that means is, is to be able to really dictate how you want your applications, your services, your infrastructure to be configured and run and then anything that is sort of conflicting with that is auto responded to and I think that's really the larger vision that with Red Hat, we're trying to accomplish. >> And that's a nice posture to have you build it in, get it built in, you have the declarative models then you kind of go from there and then let the automation kick in. You got insights coming in from Red Hat. So all these things are kind of evolving. It's still early days and I think it was a nice move by Red Hat, so congratulations. Final question for you is, as you prepare to go to the next generation KubeCon is also seeing a lot more end user participation, people, you know, cloud native is going mainstream, when I say mainstream, seeing beyond the hyperscalers in the early adopters, Kubernetes and other infrastructure control planes are coming in you start to see the platforms emerge. Nobody wants another security tool, they want platforms that enable applications handle tools. As it gets more complicated, what's going to be the easy button in security cloud native? What's the approach? What's your vision on what's next? >> Yeah so, I don't know if there is an easy button in security and I think part of it is that there's just such a fragmentation and use cases and sort of designs and infrastructure that doesn't exist, especially if you're dealing with such a complex stack. And not only just a complex stack but a potentially use cases that not only span runtime but they deal with you deployment annual development life cycle. So the way we think about it is more sort of this notion that has been around for a long time which is the shared responsibility model. Security is not security's job anymore. Especially, because security teams probably cannot really keep up with the learning curve. Like they have to understand containers then they have to understand Kubernetes and Istio and Envoy and cloud platforms and APIs. and there's just too much happening. So the way we think about it is if you deal with security a in a declarative version and if you can state things in a way where how infrastructure is ran is properly configured. So it's more about safety than security. Then what you can do is push a lot of these best practices back as part of your gift process. Involve developers, engineers, the right product security team that are responsible for day-to-day managing and maintaining this. And the example we think about is, is like CVEs. There are plenty of, for example, vulnerability tools but the CVEs are still an unsolved problem because, where are they, what is the impact? Are they actually running? Are they being exploited in the wild? And all these things have different ramifications as you span it across the life cycle. So for us, it's understanding context, understanding assets ensuring how the infrastructure has to handle that asset and then ensuring that the route for that response is sent to the right team, so they can address it properly. And I think that's really our larger vision is how can you automate this entire life cycle? So, the information is routed to the right teams, the right teams are appending it to the application and in the future, our goal is not to just pardon the workload or the compute environment, but use this information to action pardon application themselves and that creates that additional agility and scalability. >> Yeah it's in the lifecycle of that built in right from the beginning, more productivity, more security and then, letting everything take over on the automation side. Ali congratulations on the acquisition deal with Red Hat, buyout that was great for them and for you guys. Take a minute to just quickly answer final final question for the folks watching here. The big news is you're open-sourcing StackRox, so that's a big news here at KubeCon. What can people do to get involved? Well, just share a quick quick commercial for what people can do to get involved? What are you guys looking for? Take a pledge to the community? >> Yeah, I mean, what we're looking for is more involvement in direct feedback from our community, from our users, from our customers. So there's a number, obviously the StackRox platform itself being open-source, we have other open-source tools like the KubeLinter. What we're looking for is feedback from users as to what are the pain points that they're trying to solve for. And then give us feedback as to how we're not addressing those or how can we better design our systems? I mean, this is the sort of feedback we're looking for and naturally with more resources, we can be a lot faster in response. So send us feedback good or bad. We would love to hear it from our users and our customers and get a better sense of what they're looking for. >> Innovation out in the open love it, got to love open-source going next gen, Ali Golshan Senior Director of Global Software Engineering the new title at Red Hat former CTO and founder of StackRox which spread had acquired in January, 2021. Ali thanks for coming on congratulations. >> Thanks for having, >> Okay, so keeps coverage of Kube Con cloud native Con 2021. I'm John Furrie, your host. Thanks for watching. (soft music)

>> Announcer: From around the Globe, it's theCUBE with coverage of Kube Con and Cloud Native Con Europe 2021 virtual brought to you by Red Hat, the cloud native computing foundation and ecosystem partners. >> Hello, and welcome back to theCUBE's coverage of Kube Con and Cloud Native Con 2021 virtual. I'm John Furrier, host of theCUBE, here with a great guest, I'm excited to talk to. His company, that he was part of founding CTO, was bought by Red Hat. Ali Golshan, Senior Director of Global Software Engineer at Red Hat, formerly CTO of StackRox. Ali thanks for coming on, I appreciate it. Thanks for joining us. >> Thanks for having me excited to be here. >> So big acquisition in January, where we covered it on SiliconANGLE, You guys, security company, venture backed amplify Sequoya and on and on. Big part of Red Hat story in their security as developers want to shift left as they say and as more and more modern applications are being developed. So congratulations. So real quick, just quick highlight of what you guys do as a company and inside Red Hat. >> Sure, so the company's premise was built around how do you bring security the entire application life cycle. So StackRox focuses on sort of three big areas that we talk about. One is, how do you secure the supply chain? The second part of it is, how do you secure infrastructure and foster management and then the third part is now, how do you protect the workload that run on top of that infrastructure. So this is the part that aligned really well with Red Hat which is, Red Hat had wanted to take a lot of what we do around infrastructure, foster management configuration management and developer tools integrated into a lot of the things they do and obviously the workload protection part was a very seamless part of integrating us into the OpeShift part because we were built around cloud native constructs and obviously Red Hat having some of the foremost experts around cloud native sort of created a really great asset. >> Yeah, you guys got a great story. Obviously cloud native applications are rocking and rolling. You guys were in early serverless emerges, Kubernetes and then security in what I call the real time developer workflow. Ones that are building really fast, pushing code. Now it's called day two operations. So cloud native did two operations kind of encapsulates this new environment. You guys were right in the sweet spot of that. So this became quite the big deal, Red Hat saw an opportunity to bring you in. What was the motivation when you guys did the deal Was it like, "wow" this is a good fit. How did you react? What was the vibe at the StackRox when this was all going down? >> Yeah, so I think there's really three areas you look for, anytime a company comes up and sort of starts knocking on your door. One is really, is the team going to be the right fit? Is the culture going to be the right environment for the people? For us, that was a big part of what we were taking into consideration. We found Red Hat's general culture, how they approach people and sort of the overall approach the community was very much aligned with what we were trying to do. The second part of it was really the product fit. So we had from very early on started to focus purely on the Kubernetes components and doing everything we could, we call it sort of our product approach built in versus built it on and this is sort of a philosophy that Red Hat had adopted for a long time and it's a part of a lot of their developer tools, part of their shift left story as well as part of OpenShift. And then the third part of it was really the larger strategy of how do you go to market. So we were hitting that point where we were in triple digit customers and we were thinking about scalability and how to scale the company. And that was the part that also fit really well which was obviously, RedHat more and more hearing from their customers about the importance and the criticality of security. So that last part happened to be one part. We ended up spending a lot of time on it, ended up being sort of the outer three matches that made this acquisition happen. >> Well congratulations, always great to see startups in the right position. Good hustle, great product, great market. You guys did a great job, congratulations. >> Thank you. >> Now, the big news here at KubeCon as Linux foundation open-source, you guys are announcing that you're open-sourcing at StackRox, this is huge news, obviously, you now work for an open-source company and so that was probably a part of it. Take us through the news, this is the top story here for this segment tickets through open-source. Take us through the news. >> Yeah, so traditionally StackRox was a proprietary tool. We do have open-source tooling but the entire platform in itself was a proprietary tool. This has been a number of discussions that we've had with the Red Hat team from the very beginning. And it sort of aligns around a couple of core philosophies. One is obviously Red Hat at its core being an open-source company and being very much plugged into the community and working with users and developers and engineers to be able to sort of get feedback and build better products. But I think the other part of it is that, I think a lot of us from a historic standpoint have viewed security to be a proprietary thing as we've always viewed the sort of magic algorithms or black boxes or some magic under the hood that really moved the needle. And that happens not to be the case anymore also because StackRox's philosophy was really built around Kubernetes and Built-in, we feel like one of the really great messages around wide open-source of security product is to build that trust with the community being able to expose, here's how the product works, here's how it integrates here are the actions it takes here's the ramifications or repercussions of some of the decisions you may make in the product. Those all I feel make for very good stories of how you build connection, trust and communication with the community and actually get feedback on it. And obviously at its core, the company being very much focused on Kubernetes developer tools, service manage, these are all open-source toolings obviously. So, for us it was very important to sort of talk the talk and walk the walk and this is sort of an easy decision at the end of the day for us to take the platform open-source. And we're excited about it because I think most still want a productized supported commercial product. So while it's great to have some of the tip of the spear customers look at it and adopt the open-source and be able to drive it themselves. We're still hearing from a lot of the customers that what they do want is really that support and that continuous management, maintenance and improvement around the product. So we're actually pretty excited. We think it's only going to increase our velocity and momentum into the community. >> Well, I got some questions on how it's going to work but I do want to get your comment because I think this is a pretty big deal. I had a conversation about 10 years ago with Doug Cutting, who was the founder of Hadoop, And he was telling me a story about a company he worked for, you know all this coding, they went under and the IP was gone, the software was gone and it was a story to highlight that proprietary software sometimes can never see the light of day and it doesn't continue. Here, you guys are going to continue the story, continue the code. How does that feel? What's your expectations? How's that going to work? I'm assuming that's what you're going to open it up which means that anyone can download the code. Is that right? Take us through how to first of all, do you agree with that this is going to stay alive and how's it going to work? >> Yeah, I mean, I think as a founder one of the most fulfilling things to have is something you build that becomes sustainable and stands the test of time. And I think, especially in today's world open-source is a tool that is in demand and only in a market that's growing is really a great way to do that. Especially if you have a sort of an established user base and the customer base. And then to sort of back that on top of thousands of customers and users that come with Red Hat in itself, gives us a lot of confidence that that's going to continue and only grow further. So the decision wasn't a difficult one, although transparently, I feel like even if we had pushed back I think Red Hat was pretty determined about open-source and we get anyway, but it's to say that we actually were in agreement to be able to go down that path. I do think that there's a lot of details to be worked out because obviously there's sort of a lot of the nuances in how you build product and manage it and maintain it and then, how do you introduce community feedback and community collaboration as part of open-source projects is another big part of it. I think the part we're really excited about is, is that it's very important to have really good community engagement, maintenance and response. And for us, even though we actually discussed this particular strategy during StackRox, one of the hindering aspects of that was really the resources required to be able to manage and maintain such a massive open-source project. So having Red Hat behind us and having a lot of this experience was very relevant. I think, as a, as a startup to start proprietary and suddenly open it and try to change your entire business model or go to market strategy commercialization, changed the entire culture of the company can sometimes create a lot of headwind. And as a startup, like sort of I feel like every year just trying not to die until you create that escape velocity. So those were I think some of the risk items that Red Hat was able to remove for us and as a result made the decision that much easier. >> Yeah, and you got the mothership with Red Hat they've done it before, they've been doing it for generations. You guys, you're in the startup, things are going crazy. It's like whitewater rafting, it's like everything's happening so fast. And now you got the community behind you cause you're going to have the CNC if you get Kubecon. I mean, it's a pretty great community, the support is amazing. I think the only thing the engineers might want to worry about is go back into the code base and clean things up a bit, as you start to see the code I'm like, wait a minute, their names are on it. So, it's always always a fun time and all serious now this is a big story on the DevSecOps. And I want to get your thoughts on this because kubernetes is still emerging, and DevOps is awesome, we've been covering that in for all of the life of theCUBE for the 11 years now and the greatness of DevOps but now DevSecOps is critical and Kubernetes native security is what people are looking at. When you look at that trend only continuing, what's your focus? What do you see? Now that you're in Red Hat as the CTO, former CTO of StackRox and now part of the Red Hat it's going to get bigger and stronger Kubernetes native and shifting left-hand or DevSecOps. What's your focus? >> Yeah, so I would say our focus is really around two big buckets. One is, Kubernetes native, sort of a different way to think about it as we think about our roadmap planning and go-to-market strategy is it's mutually exclusive with being in infrastructure native, that's how we think about it and as a startup we really have to focus on an area and Kubernetes was a great place for us to focus on because it was becoming the dominant orchestration engine. Now that we have the resources and the power of Red Hat behind us, the way we're thinking about this is infrastructure native. So, thinking about cloud native infrastructure where you're using composable, reusable, constructs and objects, how do you build potential offerings or features or security components that don't rely on third party tools or components anymore? How do you leverage the existing infrastructure itself to be able to conduct some of these traditional use cases? And one example we use for this particular scenario is networking. Networking, the way firewalling in segmentation was typically done was, people would tweak IP tables or they would install, for example, a proxy or a container that would terminate MTLS or become inline and it would create all sorts of sort of operational and risk overhead for users and for customers. And one of the things we're really proud of as sort of the company that pioneered this notion of cloud native security is if you just leverage network policies in Kubernetes, you don't have to be inline you don't have to have additional privileges, you don't have to create additional risks or operational overhead for users. So we're taking those sort of core philosophies and extending them. The same way we did to Kubernetes all the way through service manager, we're doing the same sorts of things Istio being able to do a lot of the things people are traditionally doing through for example, proxies through layer six and seven, we want to do through Istio. And then the same way for example, we introduced a product called GoDBledger which was an open-source tool, which would basically look at a yaml on helm charts and give you best practices responses. And it's something you we want for example to your get repositories. We want to take those sort of principles, enabling developers, giving them feedback, allowing them not to break their existing workflows and leveraging components in existing infrastructure to be able to sort of push security into cloud native. And really the two pillars we look at are ensuring we can get users and customers up and running as quickly as possible and reduce as much as possible operational overhead for them over time. So we feel these two are really at the core of open-sourcing in building into the infrastructure, which has sort of given us momentum over the last six years and we feel pretty confident with Red Hat's help we can even expand that further. >> Yeah, I mean, you bring up a good point and it's certainly as you get more scale with Red Hat and then the customer base, not only in dealing with the threat detection around containers and cloud native applications, you got to kind of build into the life cycle and you've got to figure out, okay, it's not just Kubernetes anymore, it's something else. And you've got advanced cluster security with Red Hat they got OpenShift cloud platform, you're going to have managed services so this means you're going to have scale, right? So, how do you view that? Because now you're going to have, you guys at the center of the advanced cluster security paradigm for Red Hat. That's a big deal for them and they've got a lot of R and D and a lot of, I wouldn't say R and D, but they got emerging technologies developing around that. We covered that in depth. So when you start to get into advanced cluster, it's compliance too, it's not just threat detection. You got insights telemetry, data acquisition, so you have to kind of be part of that now. How do you guys feel about that? Are you up for the task? >> Yeah, I hope so it's early days but we feel pretty confident about it, we have a very good team. So as part of the advanced cluster security we work also very closely with the advanced cluster management team in Red Hat because it's not just about security, it's about, how do you operationalize it, how do you manage it and maintain it and to your point sort of run it longterm at scale. The compliance part of it is a very important part. I still feel like that's in its infancy and these are a lot of conversations we're having internally at Red Hat, which is, we all feel that compliance is going to sort of more from the standard benchmarks you have from CIS or particular compliance requirements like the power, of PCI or Nest into how do you create more flexible and composable policies through a unified language that allows you to be able to create more custom or more useful things specific to your business? So this is actually, an area we're doing a lot of collaboration with the advanced cluster management team which is in that, how do you sort of bring to light a really easy way for customers to be able to describe and sort of abstract policies and then at the same time be able to actually and enforce them. So we think that's really the next key point of what we have to accomplish to be able to sort of not only gain scale, but to be able to take this notion of, not only detection in response but be able to actually build in what we call declarative security into your infrastructure. And what that means is, is to be able to really dictate how you want your applications, your services, your infrastructure to be configured and run and then anything that is sort of conflicting with that is auto responded to and I think that's really the larger vision that with Red Hat, we're trying to accomplish. >> And that's a nice posture to have you build it in, get it built in, you have the declarative models then you kind of go from there and then let the automation kick in. You got insights coming in from Red Hat. So all these things are kind of evolving. It's still early days and I think it was a nice move by Red Hat, so congratulations. Final question for you is, as you prepare to go to the next generation KubeCon is also seeing a lot more end user participation, people, you know, cloud native is going mainstream, when I say mainstream, seeing beyond the hyperscalers in the early adopters, Kubernetes and other infrastructure control planes are coming in you start to see the platforms emerge. Nobody wants another security tool, they want platforms that enable applications handle tools. As it gets more complicated, what's going to be the easy button in security cloud native? What's the approach? What's your vision on what's next? >> Yeah so, I don't know if there is an easy button in security and I think part of it is that there's just such a fragmentation and use cases and sort of designs and infrastructure that doesn't exist, especially if you're dealing with such a complex stack. And not only just a complex stack but a potentially use cases that not only span runtime but they deal with you deployment annual development life cycle. So the way we think about it is more sort of this notion that has been around for a long time which is the shared responsibility model. Security is not security's job anymore. Especially, because security teams probably cannot really keep up with the learning curve. Like they have to understand containers then they have to understand Kubernetes and Istio and Envoy and cloud platforms and APIs. and there's just too much happening. So the way we think about it is if you deal with security a in a declarative version and if you can state things in a way where how infrastructure is ran is properly configured. So it's more about safety than security. Then what you can do is push a lot of these best practices back as part of your gift process. Involve developers, engineers, the right product security team that are responsible for day-to-day managing and maintaining this. And the example we think about is, is like CVEs. There are plenty of, for example, vulnerability tools but the CVEs are still an unsolved problem because, where are they, what is the impact? Are they actually running? Are they being exploited in the wild? And all these things have different ramifications as you span it across the life cycle. So for us, it's understanding context, understanding assets ensuring how the infrastructure has to handle that asset and then ensuring that the route for that response is sent to the right team, so they can address it properly. And I think that's really our larger vision is how can you automate this entire life cycle? So, the information is routed to the right teams, the right teams are appending it to the application and in the future, our goal is not to just pardon the workload or the compute environment, but use this information to action pardon application themselves and that creates that additional agility and scalability. >> Yeah it's in the lifecycle of that built in right from the beginning, more productivity, more security and then, letting everything take over on the automation side. Ali congratulations on the acquisition deal with Red Hat, buyout that was great for them and for you guys. Take a minute to just quickly answer final final question for the folks watching here. The big news is you're open-sourcing StackRox, so that's a big news here at KubeCon. What can people do to get involved? Well, just share a quick quick commercial for what people can do to get involved? What are you guys looking for? Take a pledge to the community? >> Yeah, I mean, what we're looking for is more involvement in direct feedback from our community, from our users, from our customers. So there's a number, obviously the StackRox platform itself being open-source, we have other open-source tools like the KubeLinter. What we're looking for is feedback from users as to what are the pain points that they're trying to solve for. And then give us feedback as to how we're not addressing those or how can we better design our systems? I mean, this is the sort of feedback we're looking for and naturally with more resources, we can be a lot faster in response. So send us feedback good or bad. We would love to hear it from our users and our customers and get a better sense of what they're looking for. >> Innovation out in the open love it, got to love open-source going next gen, Ali Golshan Senior Director of Global Software Engineering the new title at Red Hat former CTO and founder of StackRox which spread had acquired in January, 2021. Ali thanks for coming on congratulations. >> Thanks for having, >> Okay, so keeps coverage of Kube Con cloud native Con 2021. I'm John Furrie, your host. Thanks for watching. (soft music)

>> From the SiliconANGLE Media office in Boston, Massachusetts, it's "theCUBE." (intro music) Now, here's your host, Dave Vellante. >> Hello, everyone and welcome to this week's episode of Wikibon's CUBE Insights, Powered by ETR. In this Breaking Analysis, we're going to take a break from our traditional spending assessment and share with you our advice on how to deal with this crisis, specifically shifting your physical to digital in the age of Coronavirus. So, we're not going to be digging into the spending data. I talked to ETR this week, and they are obviously surveying on the impact of COVID-19, but those results won't be ready for a little bit. So, theCUBE team has been in discussions with over 20 companies that have events planned in the near term and the inbound call volume has been increasing very rapidly. Now, we've been doing digital for a decade, and we have a lot of experience, and are really excited to share our learnings, tools, and best practices with you as you try to plan through this crisis. So look, this is uncharted territory. We haven't ever seen a country quarantine 35 million people before, so of course everyone is panicked by this uncertainty but our message, like others, is don't panic but don't be complacent. You have to act and you have to make decisions. This will reduce uncertainty for your stakeholders, your employees, and of course, your community. Now as you well know, major physical events are dropping very fast as a risk mitigation measure. Mobile World Congress, HIMSS canceled, Kube-Con was postponed, IMB Think has gone digital, and so it goes. Look, if you have an event in the next three weeks, you have little choice but to cancel the physical attendee portion of that event. You really have three choices here. One is to cancel the event completely and wait until next year. Now the problem with that is, that type of capitulation doesn't really preserve any of the value related to why you were originally holding the physical event in the first place. Now you can do what Kube-Con did and postpone til the summer or kind of indefinitely. Okay, that's a near-term recision on the event, but now you're in limbo. But if you can sort out a venue down the road, that might work. The third option is to pivot to digital. It requires more thought but what it does is allow you to create an ongoing content ark that has benefits. The number-one complaint brands tell us about physical events is that after the event, they don't create a post-event halo effect. A digital strategy that expands time will enable that. This is important because when the market calms down, you're going to be able to better-leverage digital for your physical events. The key question you want to ask is, what are the most important aspects of that physical event that you want to preserve? And then start thinking about building a digital twin of those areas. But it's much more than that. And I'll address this opportunity that we think is unfolding for you a little later. Your challenge right now is to act decisively and turn lemons into lemonade with digital. Experiences are built around content, community, and the interaction of people. This is our philosophy. It's a virtuous cycle where data and machine intelligence are going to drive insights, discovery by users is going to bring navigation which leads to engagement and ultimately outcomes. Now, very importantly, this is not about which event software package to use. Do not start there. Start with the outcome that you want to achieve and work backwards. Identify the parts of that outcome that are achievable and then work from there. The technology decision will be easy and fall out of it if you take that path. So out of a high-level, you have two paths. One, which is the preferred path is to pivot to digital, on the right-hand side, especially if your event is in March or early April. Two is hold your physical event, but your general counsel is going to be all over you about the risks and precautions that you need to take. There are others better than I to advise you on those precautions. I've listed some here on the left-hand side and I'm going to publish this on Wikibon, but you know what to do there. But we are suggesting advising for the near-term events that you optimize for digital. That's the right side. Send out a crisp and clear communications, Adobe has a good example, that asks your loyal community to opt-in for updates and start the planning process. You want to identify the key objectives of your event and build a digital program that maximizes the value for your attendees and the maps to those objectives. We're going to share some examples that theCUBE participated in this week on what might look like the digital event, and we'll share that with you. Event software should come last. Don't even worry about that until you've envisioned your outcome. And I'll talk about software tools a little bit later. So new thinking is required, we believe. The old way was a big venue, big bang event, you get thousands of people. You're spending tons of money on a band. There's exhibitor halls. You're not going to preserve that, obviously. Rather, think about resetting the physical and optimizing for digital which really is about serving a community. Now let's talk about, again, what that might look like in the near-term and then we're going to close on how we see this evolving to a new era. The pattern emerging with our sponsors and our clients is, they want to preserve five key content areas from physical. Not necessarily all of them but in some combination. First is the keynotes. You bring together a captive audience, and you have your customers there, they want to hear from executives. Your customers have made a bet on you, and they want to feel good about it. So one is keynotes. Two is the breakout sessions, the deeper dives from subject matter experts. Third are technical sessions. A big reason customers attend these events is to get technical training. Four is to actually share news in a press conference-like format. And the fifth area that we've seen is, of course, theCUBE. Many of our customers have said, "We not only want you to turn to turnkey the digital event, we want to plug theCUBE into our digital production that we are running." Now these are not in stone, they're just examples of what some of the customers are doing, and they're blending keynotes into their press conference, and there's a lot of different news cases. I want to stress that, initially, everyone's mindset is to simply replicate physical to digital. It's fine to start there, but there's more to this story that we'll address later on. So let's have a look at what something like this might look like in the near-term. Here's an example of a digital event we did this week with a company called "Aviatrix." Small company but very nice look for their brand which is a priority for them. You can see the live audience vibe. This was live but it can be pre-recorded. All the speakers were together in one place. You can see the very high production value. Now, some of our clients have said, "Look, soon we want to do this completely remote with 100 percent of the speakers distributed." And our feeling is that's much more challenging for high-value events. Our strong recommendation is plan to get the speakers into a physical venue. And ideally, get a small VIP/influencer audience to be there. Make the audience feel important with a vibe of a VIP event. Yeah, you can wait a few weeks to see how this thing shakes out, and if travel loosens up, then you can pull this off. But for your Brand value, you really want to look as professional as possible. Same thing for keynotes. You can see how good this looks. Nice stage, lighting, the blue lights, and a live audience. This is a higher-end production with a venue, and food, and music for the intros and outros, very professional audio and visual. And this requires budget. You got to think about at least 200 to 300 thousand dollars and up for a full-blown event that you bring in influencers and the like. But you have options. You can scale it down. You can host the event at your facility. Host it off at our facility in Palo Alto. I'll talk about that a little later. Use your own people for the studio audience. Use your own production people and dial back the glam, which will lower the cost. Just depends on the brand that you want to convey, and of course, your budget. Now as well, you can run the event as a live or as a semi-live. You can pre-record some of all of the segments. You can have a portion, like the press conference and/or the keynotes, run live and then insert the breakouts into the stream as a semi-live, or as on-demand assets. You have options. Now before I talk about technical sessions, I want to share another best practice. theCUBE this week participated in a digital event at Stanford with the Women in Data Science organization, WiDS, and we plugged into their digital platform. WiDS is amazing. They created a hybrid physical/digital event, and again, had a small group of VIPs and speakers onsite at Stanford with keynotes and panels and breakouts, and then theCUBE interviews all were streaming. What was really cool is they connected to dozens and dozens of outposts around the globe, and these outposts hosted intimate meet-ups and participated in the live event. And, of course, all the content is hosted on-demand for a post-event halo effect. I want to talk a little bit about technical sessions. Where as with press conferences and keynotes, we're strongly recommending a higher scale and stronger brand production. With technical sessions, we see a different approach working. Technical people are fine with you earbuds and laptop speakers. Here's an example of a technical talk that Dan Hushon, who is the Senior VP and CTO at DXC, has run for years using the CrowdChat platform. He used the free community edition, along with Google Handouts, and has run dozens and dozens of these tech talks designed for learning and collaboration. Look, you can run these weekly as part of the pre-game, up to your digital event. You can run them day of the event, at the crescendo, and you can continue the cadence post-event for that halo effect that I've been talking about. Now let's spend the moment talking about software tooling. There are a lot of tools out there. Some, super functional. Some are monolithic and bloated. Some are just emerging. And you might have some of these, either licensed or you might be wed to one. Webinar software, like ON24 and Brightcove, and there's other platforms, that's great, awesome. From our standpoint, we plug right into any platform and are really agnostic to that. But the key is not to allow your software to dictate the outcome of your digital event. Technology should serve the outcome, not the reverse. Let me share with you theCUBE's approach to software. Now first thing I want to tell you is our software is free. We have a community editions that are very robust, they're not neutered. And we're making these available to our community. We've taken a CloudNative horizontally scalable angle bringing to bear the right tools for the right job. We don't think of software just to hold content. Rather, we think about members of the community and our goal is to allow teams to form and be successful. We see digital events creating new or evolving roles in organizations where the event may end, but the social organization and community aspect lives on. Think of theCUBE as providing a membrane to the conference team and a template for organizing and executing on digital events. Whether it's engaging in CrowdChats, curating video, telling stories post-event, hosting content, amplifying content, visualize your community as a whole and serve them. That's really the goal. Presence here is critical in a digital event, "Oh hey, I see you're here. "Great, let's talk." There are a number of news cases, and I encourage you to call us, contact us, and we'll focus on how to keep it simple. We have a really simple MVP use case that we're happy to share with you. All right, I got to wrap. The key point here is we see a permanent change. This is not a prediction about Coronavirus. Rather, we see a transformation created with new dynamics. Digital is about groups which are essentially a proxy for communities. Successful online communities require new thinking and we see new roles emerging. Think about the protocol stack for an event today and how that's going to change. Today is very structured. You have a captive audience, you got a big physical venue. In the future, it may evolve to multiple venues and many runs of shows. Remote pods rules around who is speaking. Self-forming schedules is not going to be the same as today. We think digital moves to a persistent commitment by the community where the group collectively catalyzes collaboration. Hosting an online event is cool, but a longterm digital strategy doesn't just move physical to digital. Rather, it reimagines events as an organic entity, not a mechanism or a piece of software. This is not about hosting content. Digital communities have an emotional impact that must be reflected through your brand. Now our mission at theCUBE has always been to serve communities with great content. And it's evolving to provide the tools, infrastructure, and data for communities, to both self-govern and succeed. Even though these times are uncertain and very difficult, we are really excited to serve you. We'll make the time to consult with you and are really thrilled to share what we've learned in the last 10 years and collaborate with you to create great outcomes for audiences. Okay, that's a wrap. As always, we really appreciate the comments that we get on our LinkedIn posts, and on Twitter, I'm @DVellante, so thanks for that. And thank you for watching, everyone. This is Dave Vellante for theCUBE Insights, Powered by ETR. And we'll see you next time. (outro music)

>> Narrator: Live from Orlando, Florida, it's theCUBE, covering Microsoft Ignite. Brought to you by, Cohesity. >> Good morning everyone and welcome back to theCUBE's live coverage of Microsoft Ignite. We are here in the Orange County Convention Center. I'm your host Rebecca Knight, along with Stu Miniman. Stu, this is Microsoft's Big Show. 26,000 people from around the globe, all descending on Orlando. This is the big infrastructure show. Thoughts, impressions, now that we're on day two of a three day show. >> Yeah, Rebecca. Last year I had this feeling that it was a little bit too much talking about the Windows 10 transition and the latest updates to Office 365. I could certainly want to make sure that we really dug in more to what's going on with Azure, what's happening in 6the developer space. Even though they do have a separate show for developers, it's Microsoft build. They actually have a huge partner show. And so, Microsoft has a lot of shows. So it's, what is this show that is decades old? And really it is the combination of Microsoft as a platform today. Satya Nadella yesterday talked about empowering the world. This morning, Scott Hanselman was in a smaller theater, talking about app devs. And he came out and he's like, "Hey, developers, isn't it a little bit early for you this morning?" Everybody's laughing. He said, "Even though we're kicking off at 9:00 a.m., Eastern." He said, "That's really early, especially for anybody coming from the West Coast." He was wearing his Will Code For Tacos shirt. And we're going to have Scott on later today, so we'll talk about that. But, where does Microsoft sit in this landscape? Is something we've had. I spent a lot of time looking at the cloud marketplace. Microsoft has put themselves as the clear number two behind AWS. But trying to figure out because SaaS is a big piece of what Microsoft does. And they have their software estate in their customer relationship. So how many of those that are what we used to call window shops. And you had Windows people are going to start, Will it be .NET? Will it be other operating systems? Will it come into Azure? Where do they play? And the answer is, Microsoft's going to play a lot of places. And what was really kind of put on with the point yesterday is, it's not just about the Microsoft solutions, it is about the ecosystem, they really haven't embraced their role, very supportive of open source. And trust is something that I know both you and I have been pointing in on because, in the big tech market, Microsoft wants to stand up and say, "We are the most trusted out there. And therefore, turn to us and we will help you through all of these journeys." >> So you're bringing up so many great points and I want to now go through each and every one of them. So, absolutely, we are hearing that this is the kinder, gentler Microsoft, we had Dave Totten on yesterday. And he was, as you just described, just talking about how much Microsoft is embracing and supporting customers who are using a little bit of Microsoft here, a little bit of other companies. I'm not going to name names, but they're seemingly demanding. I just want best to breed, and this is what I'm going to do. And Microsoft is supporting that, championing that. And, of course we're seeing this as a trend in the broader technology industry. However, it feels different, because it's Microsoft doing this. And they've been so proprietary in the past. >> Yeah, well, and Rebecca, it's our job on theCUBE actually, I'm going to name names. (laughs) And actually Microsoft is-- >> Okay. >> Embracing of this. So, the thing I'm most interested in at the show was Azure Arc. And I was trying to figure out, is this a management platform? And at the end of the day really, it is, there's Kubernetes in there, and it's specifically tied to applications. So they're going to start with databases specifically. My understanding, SQL is the first piece and saying, it sounds almost like the next incarnation of platform as a service to our past. And say, I can take this, I can put it on premises in Azure or on AWS. Any of those environments, manage all of them the same. Reminds me of what I hear from VMware with Hangzhou. Vmworld, Europe is going on right now in Barcelona. Big announcement is to the relationship with VMware on Azure. If I got it right, it's actually in beta now. So, Arc being announced and the next step of where Microsoft and VMware are going together, it is not a coincidence. They are not severing the ties with VMware. VMware, of course partners with all the cloud providers, most notably AWS. Dave Totten yesterday, talked about Red Hat. You want Kubernetes? If you want OpenShift, if you are a Red Hat customer and you've decided that, the way I'm going to leverage and use and have my applications run, are through OpenShift, Microsoft's is great. And the best, most secure place to run that environment is on Azure. So, that's great. So Microsoft, when you talk about choice, when you talk about flexibility, and you talk about agility cause, it is kinder and gentler, but Satya said they have that tech intensity. So all the latest and greatest, the new things that you want, you can get it from Microsoft, but they are also going to meet you where you are. That was Jeremiah Dooley, the Azure advocate, said that, "There's, lots of bridges we need to make, Microsoft has lots of teams. It's not just the DevOps, it's not just letting the old people do their own thing, from your virtualization through your containerization and everything in between microservices server list, and the like. Microsoft has teams, they have partners. Sure that you could buy everything in Microsoft, but they know that there are lots of partners and pieces. And between their partners, their ecosystem, their channel, and their go-to-market, they're going to pull this together to help you leverage what you need to move your business forward. >> So, next I want to talk about Scott Hanselman who was up on the main stage, we're going to have him on the show and he was as you said, adorned in coder dude, attire with a cool t-shirt and snappy kicks. But his talk was app development for everyone. And this is really Microsoft's big push, democratizing computing, hey, anyone can do this. And Satya Nadella, as we've talked about on the show. 61% of technologist's jobs are not in the technology industry. So this is something that Microsoft sees as a trend that's happening in the employment market. So they're saying, "Hey, we're going to help you out here." But Microsoft is not a hardware company. So how does this really change things for Microsoft in terms of the products and services-- >> Well right, >> It offers. >> So really what we're talking about here, we're talking about developers right? 61% of jobs openings for developers are outside the tech sector. And the high level message that Scott had is your tools, your language, your apps. And what we have is, just as we were talking about choice of clouds, it's choice of languages. Sure they'd love to say .NET is wonderful, but you want your Java, your PHP, all of these options. And chances are, not only are you going to use many of them, but even if you're working on a total solution, different groups inside your company might be using them and therefore you need tools that can spam them. The interesting example they use was Chipotle. And if there's a difference between when you're ordering and going through the delivery service, and some of the back-end pieces, and data needs to flow between them, and it can't be, "Oh wait, I've got silos of my data, I've got silos of all these other environments." So, developer tools are all about, having the company just work faster and work across environments. I was at AnsibleFest show earlier this year. And, Ansible is one of those tools that actually, different roles where you have to have the product owner, the developer, or the the operations person. They all have their way into that tool. And so, Microsoft's showing some very similar things as to, when I build something, it's not, "Oh, wait, we all chose this language." And so many of the tools was, " Okay, well, I had to standardize on something." But that didn't fit into what the organization needed. So I need to be able to get to what they all had. Just like eventually, when I'm picking my own taco, I can roll it, bowl it, soft or hard shell-- >> It was a cool analogy. >> And choose all my toppings in there. So it is Taco Tuesday here-- >> Yes. >> At Microsoft Ignite and the developers like their choices of tools, just like they like their tacos. >> And they like their extra guac. So going back to one of the other points you made at the very opening. And this is the competitive dynamic that we have here. We had David Davis and Scott Lowe on yesterday from a ActualTech Media. Scott was incredibly bullish about Microsoft. And saying it could really overtake AWS, not tomorrow, but within the next decade. Of course, the choice for JEDI certainly could accelerate that. What do you make of it? I mean, do you think that's still pie in the sky here? AWS is so far ahead. >> So look, first of all, when you look at the growth rates, first of all, just to take the actual number, we know what AWS's, revenue is. Last quarter, AWS did $9 billion. And they're still growing at about a 35% clip. When I look at Microsoft, they have their intelligent cloud bucket, which is Azure, Windows Server, SQL Server and GitHub. And that was 10.8 billion. And you say, "Oh, okay, that's really big." But last year, Azure did about $12 billion dollars. So, AWS is still two to three times larger when you look at infrastructure as a service. But SaaS hugely important piece of what's going on in the cloud opportunity. AWS really is more of the platform and infrastructure service, they absolutely have some of the PaaS pieces. Azure started out as PaaS and has this. So you're trying to count these buckets, and Azure is still growing at, last quarter was 64%. So if you look at the projection, is it possible for Azure to catch up in the next three years? Well, Azure's growth rate is also slowing down, so I don't think it matters that much. There is a number one and a number two, and they're both clear, valid choices for a customer. And, this morning at breakfast, I was talking to a customer and they are very heavily on Microsoft shop. But absolutely, they've got some AWS on the side. They're doing Azure, they've got a lot of Azure, being here at our Microsoft show. And when I go to AWS, even when I talked to the companies that are all in on AWS, " Oh, you got O 365?" "Of course we do." "Oh, if you're starting to do O 365, are there any other services that you might be using out of Azure?" "Yeah, that's possible." I know Google is in the mix. Ali Baba's in the mix. Oracle, well, we're not going to talk about Oracle Cloud, but we talked about Oracle, because they will allow their services to run on Azure specifically. We talked about that a lot yesterday, especially how that ties into JEDI. So, look, I think it is great when we have a healthy competitive marketplace. Today really, it is a two horse race. It is, AWS and Azure are the main choices for customers. Everyone else is really a niche player. Even a company like IBM, there's good solutions that they have, but they play in a multi cloud world. Google has some great data services, and absolutely a important player when you talk about multi cloud for all they've done with Kubernetes and Istio. I'm going to be at Kube Con in a couple of weeks and Google is front and center there. But if you talk about the general marketplace, Microsoft has a lot of customers, they had a lot of applications and therefore, can they continue to mature that market and grow their environment? Absolutely. AWS has so many customers, they have the marketplace is stronger. It's an area that I want to dig in a little bit more at this show is the Azure Marketplace, how much we talked about the ecosystem. But, can I just procure through the cloud and make it simpler? Big theme we've talked about is, cloud in the early days was supposed to be cheap and simple. And it is neither of those things. So, how do we make it easier, so that we can go from the 20% of applications in the public cloud, up to 50% or more? Because it is not about all everything goes to the public cloud, but making customers put the applications and their data in the right place at the right time with the right services. And then we haven't even talked about edge computing which Microsoft has a big push on, especially with their partners. We talked to HP, a little bit about that yesterday. But really the surface area that this show and Microsoft covers is immense and global. >> It is indeed, and we are going, this is our second day of three days of coverage and we're going to be getting into all of those things. We've got a lot of great guests. We have Cute Host, Keith Townsend, Dave Cahill, a former Wikibon guy, a lot of other fantastic people. So I'm excited to get it on with you today, Stu. >> Thank you, Rebecca. Great stuff. >> I'm Rebecca Knight, for Stu Miniman. Stay tuned for more of theCUBE's live coverage of Microsoft Ignite. (upbeat music`)