(dramatic music) >> Narrator: Live from Washington D.C., it's cube conversations with John Furrier. >> Hello everyone, welcome to this special cube conversation, I'm John Furrier, the host of The Cube, co-founder of SiliconANGLE media Inc. We are here in the Washington D.C. Beltway area. We're actually at Amazon web services' public sector headquarters in Arlington, Virginia. My next guest is John Wood, he's the CEO and chairman of the board at Telos, a big provider of some of the big contracts, certainly with Amazon CIA, among others, welcome. >> Thank you very much. >> Thanks for joining me. >> I'm glad to be here. >> So, you guys have been pretty instrumental and we were talking to Teresa Carlson earlier, with an exclusive interview with her, and we talked about the shot heard around the Cloud. That was the CIA, Amazon win, four years ago. >> Yes. >> Kind of infiltrated the government area. It's almost a gestation period and now you got DOD action, a ton of other opportunities, but it really is an architectural mindset changeover from the old way. >> Yes You're involved in this, with Telos. What's your take, how are you guys involved, what's going on? >> Yeah, so it was groundbreaking, when the CIA made the determination that they were going to move to the Cloud, for sure. It kind of made everybody stand up and take notice, if the most security conscience organization in the world was considering it, why aren't I? And here we are, four years later, so where is the CIA now? Well now, the CIA is able to provision a server in a couple minutes, whereas the past, it used to take them almost a year. Now, with the use of automation tools like we have with Telos and the Xacta suite, the CIA is able to get their authority to operate in less than a week, when it used to take 18 months. So, I basically think what's happening is, the Cloud is providing an access point to IT modernization and the agency is showing that there is a blueprint that the rest of the government can also follow if they want to. >> One of the things we're involved in a lot of Blockchain covers, as well as kind of kicking the tires on Blockchain. You're in the middle of a Cloud gain with identity. Identity is the secret to having good scalable systems, because when you have good identity, good things happen. In Blockchain, some people say a theory about those. In IT, it's what identity you're going to use. How does the authority to operate challenge, you mentioned, become so important, because you're talking about massive amounts of time, I mean time savings. >> Wood: Yeah, so-- >> Just tease out the nuances of why it's so important to have that identity solution. >> So, in the past, there was no common language within which our cyber security professionals could engage with each other. Now, with the signing of the President's executive order on cyber security, the White House really is mandating the adoption if the NIST framework. What's relevant there is that on the one hand it provides you with a common language, but on the other hand, it's 11 hundred controls. So, as a result, automation is going to be key, to making sure that people can work with each other and making sure that, actually, the adoption actually takes off. >> They're safe, they know the trusted party. Is trust a big part of this and how does that--? >> I think what's happening, because the intelligence community has been working so closely together, and when I say the intelligence community, it's not just the traditional CIA, NSA, NRO, et cetera, it's also the military component of the intelligence community. So, you've got almost 38 assessors that are assessing C2S and SC2S. You know, the secret, if you will, Cloud, and the top secret Cloud, and those assessors all have been working in the same community under this framework and I think that has given them the confidence that the data is protected and as a result, they're heading much closer to reciprocity than ever before. >> There's been observations certainly on the Cube, we've said this many times with the past few years in tracking IT over the years, IT transformation, digital transformation, whatever you want to call it, buzz word. The reality is you had some progressives that would move faster and kick the tires, certainly financial services, in some areas you see that. Really, no problem. Then you had the folks who have just been consolidated down, didn't have a lot of budget and were lagging, waiting to adopt. Now there's no excuses, with cyber security, top of mind, with hacking, malware, ransomware, cyber warfare from nation states, sponsored states, an open source it's out of control. >> It is. >> So the security equations is forcing IT to move. The action has to be taken. What are you guys seeing in this area, because this is a big story and it's really putting a fire under everyone to move. >> And it's long over due. I co-wrote and article with our chief security officer in 2011, talking about why the Cloud was the way to go for federal, state, local, and education customers and at the end of the day, I think what's happening from a top cover perspective, the legislative community understands that. Obviously the Executive branch understands that, and now with editions like C2S the rest of the environment, the rest of the government can see what's possible. So, I believe the leadership within the government is ready for this change. They're seeing the benefit as it relates to C2S and SC2S and ultimately, the key is, the guys who run the contracts themselves, you got to make sure that those guys want that, to embrace that change too. >> Furrier: Yeah, so you have the-- >> And right now, 80, if you look across the government, 80% IT span is going back into maintenance. If you look at all my commercial customers, it's somewhere between 20 and 25%. What does that mean? It basically means that the government has a lot of legacy systems, which means that there's a lot of threats, and, which means there's a real cyber security problem. I believe fundamentally that by moving work loads to the Cloud, you'll be eliminating a lot of those cyber security problems. >> Yeah, it just means security is going to be the driver. The other thing I wanted to bring up, especially here in D.C., in public sector, is transparency. Now everyone can see everything. We're in a data-driven world, you can't hide either. The light is on, it's right there on the table. No more hiding. How has transparency been impacted in the procurement process, in the sales motions, the overall engagements with gov and public sector customers? >> I think, truth be told, there have been a lot of ideas that were sort of short-term and not really thoughtful, but the good news, as I said, is that the policy makers are really thinking and considering, trying to figure out how to make changes. Take for example, LPTA, low price technically acceptable. When I went to the congress and talked to both the House and the Senate side, and talked about how if I have one customer whose gotten hacked and the other customer has the same hack, but one happens to be a government customer and one's a commercial customer, the resources that we have are really trained, highly skilled, highly sought-after resources. Well, my commercial customers are willing to pay three to four hundred percent more than my government customers are. So when you have scarce resources, where are you going to apply them? You're going to apply them where the people are who are going to pay you. So my point to the Congress was simply to say, hey man, you get what you pay for. So ultimately, the good news is that, both on the House and the Senate side, that they elimanted LTPA, as it relates to cyber security, goods and services. So I believe, again, that there's a lot of, not just transparency happening, but there's a lot of people realizing that there are things that we can do. Procurement is kind of the last frontier for me. I have seen recently, I saw one of our government customers, where we were subcontracted, they went with something called an OTA, which stands for an other transaction agreement. Big problem in the government these days is everybody protest everything and there's really no downside to the protesting. With an OTA it's not protest-able. So I am seeing our government customers beginning to think about other means of actually doing things like procurement, and so that you can actually acquire. >> Are they going to have instant replay? (laughter) It sounds like the NFL, that call's not reversible. I mean, this is kind of, we're getting into all these rules and regulations where you've got protest, it seems that policy injection is not healthy at some level, because that point about what cost more on the commercial side, because of demand there, they understand the consequences and resource availability. To the government you just eliminated a policy that wasn't really helping. >> Right. >> So policy is a real consideration in here. >> I think so. Again though, it's a different environment than it was five or six years ago and I do think that there are some real positive things that are happening. I agree with you that there's a ground-swell of support behind the Cloud and certainly, players like us see the benefit associated with that shared security model. >> One of the things we've been observing and tracking on Sillaconangle and the Cube is this notion of public-private collaberation. Sharing data is a huge deal. Certainly, in Cyber people realize that data is valuable. Certainly, at Scale, you see patterns you might not see, customers on workloads, here and there, need to be identified. You're not sharing the data you don't know. So data sharing is a big deal, but also, collaborations between the private and public sector. Can you comment on what's going on there, because we're seeing some movement where, you're seeing some security agencies saying, "We'll share some stuff." >> Yeah. >> Furrier: You share some stuff with me, so you're seeing a little bit of the community developing heavily around data-sharing, what's you're take on that? >> So, I think we have a ways to go to make it work right, because if it was working right, you wouldn't see the very published, publicized hacks that have gone on. One of the things that the Congress can do is to provide incentives for the private sector to share more information, more quickly. When the Yahoo hacks occurred, it wasn't discovered until two or three years later. As a result, like I said, there's really no incentive and there's a perceived amount of liability. One of the things I'm asking some of our Congress people to consider is if you do share information, maybe, there's a limitation on liability and that provides, if you will, a mechanism and that provides an incentive for the private organization to work with the public organizations. >> So not to bury it, like Yahoo tried to bury that thing. >> Exactly. There's no sense in burying it. There should be no reason to bury. >> Okay, take a minute to talk about Telos, what you guys are doing, the chief executive. What's going on with the company, talk about the successes, where you guys are winning, your challenges and opportunities. >> Sure, we're in the business of, we do cyber security, we do identity and we do secure mobility. In the area of cyber security, I'm very proud about the fact that we're the database of record for intelligence community, many department of defense agencies use us, homeland security, a whole, department of safe-- There's a whole bunch of organizations that tend to work with us. I think that the issue for me has always been around investing in things that make our customers more efficient. So whether it's cyber security, it's one thing to provide the authority to operate, but I like to provide that authority to operate on a continuous basis. When we talk about identity, it's one thing to say that I am who I say I am, but it's another thing to let you know that I'm actually somebody that's trust worthy. So, we have a special relationship with the FBI that allows us to do real-time data look-ups on their people. We're the integrator of record for the common access card, the military ID card, we have been for a long time. From that, we built a business relationship with the TSA and now we have about 70 airports around America that use our service to do identity as a service for all their employees. >> Can you get me to cut the line at Pre? (laughter) >> You know, if you want to cut the line at TSA pre-- >> Quality of service opportunity and people will pay more for that. >> Absolutely. And plus, I think TSA pre-check wants to have a lot more people in that ecosystem too. No different than when the Easy Pass came into play years and years ago. I remember just zooming through the Easy Pass and wondering why people would want to stand in line, why would you, right? And then if you think about it, we're also involved with secure mobility, so we have a capability called Telos ghost that allows you to basically hide on a network. You're familiar with the notion of signal hopping? In World War two that's how we avoided detection by the enemy, so this is what we invented here with something around IP hopping. So as a result of that, whether you're a server-facing thing or a client-facing thing or a mobile device, you can't be seen on the network and if you can't be seen on the network, you can't be hacked. >> Well, that's awesome stuff. Your relationship with Amazon Web Services, talk about that, some of the things you're involved in. >> Yeah. >> The deals, the momentum. What's the relationship look like between you guys? >> So we have an enormous relationship with Amazon, most important part that we have, it started with the agency and I was in a meeting with Teresa Carlson, one of the senior people in the agency, and we wondered whether or not we could do for, we Telos, can do for the Cloud that which we've been doing for the enterprise for the better part of 15 to 17 years now, which is basically providing that authority to operate in an automated way. So we invested together and we were able to prove that we could absolutely do that. Now, what we're doing is we're basically copying and pasting that model to our customers across the government. >> And you guys put a stake in the ground, 2011. You were early. I mean 2008 was the beginning of the DevOps movement, you were in the heart of it in 2011. >> Wood: Yep. What's the biggest thing you've learned or observed or experienced over those years, since 2011? >> The biggest thing? >> Or just the most important. >> Wood: That is an enormous question. >> It could be the most important, the most relevant, most surprising-- >> Well the most important thing was I got married in 2012. (laughter) I have a four year old and two year old and a 14-year old, those are the most important. >> Was it really you who got married, was it your identity? >> Wood: It was really me and it was my identity. I will say, I think that the government is embracing efficiency. The government is embracing change. I think it started around 2014 or 15, and now it's really moving out. I think there's a lot of top cover, both from a policy side and an executive side and I'm seeing a lot of leadership from within the government itself of people who want to make the change happen. >> And there's also the competitive fairness question we're hearing, just here in town, yesterday, rumblings of one-source Cloud, multi-Cloud. Amazon is technically a one-source Cloud, but they've got an ecosystem. Should they have multi-Cloud in their requirements? All these things almost feel like that protest model is going on, like there's a little fud going everywhere from the other vendors. Do we expect to see more of that in your mind or less of it? (laughter) >> I think at the end of the day-- >> The chips are taken off the table. >> The people who don't want change are the ones, who are, if you will, very invested in the legacy. If those people are paid, time, material or cost blessed, they're not paid to be efficient. So there's going to be push back. On the other hand we've seen by the gigantic growth of the adoption of the Cloud and by the Cloud infrastructure and the Cloud ecosystem itself, there are enomorous opportunities for organizations out there. So I think people should embrace the change, I really do. I think, fundamentally, it's going to be a really big positive to this industry and into this region. >> I always say to Dave Vellante and my co-hosts, it's like no brainer, you look at the main frame, that was the generation when I was growing in the industry. I was the young gun, like main frame co-ball, who the hell wants that? Mini computer, eh, I want the client server. It's pretty obvious when you're in it. So I got to ask you with that in mind, Cloud is pretty obvious. Folks will understand DevOps and automation and those efficiences. You mentioned authority to operate as an example. Some of these numbers are pretty significant. So let's go down the problems that are important, what are the consequences, how do you quantify it, right? So the problem that people are trying to solve is how do I get resources, computing, software, whatever. Pretty important, because now you've got security, you've got all kinds of stuff. What are some of the consequences and you mentioned some benchmarks that you've quantified. You mentioned provisioning a server in a year. Is that really true? >> Wood: That's true! >> So give me some data on some of consequences, kind of the old way and new way. >> Well the old way if you're using the traditional procurement, it's like I said, one of the big issues is whether it was the culture or it's procurement roles or just the process to get an approval, it would take a year to get a server provisioned. Now, it's literally, you push a button and one to two minutes later you have a server, a new server. So you get ultimate scale, you get ultimate throughput, you pay as you go, you pay what you use. What's not to like? So that's all good. From the standpoint of security, because it's the NIST framework we can automate about 90% of that. That's 11 hundred controls, right? So we automate about 90% of those 11 hundred controls. Now, you get a whole bunch of auto inheritance, a whole bunch of things that can be automated are, and as a result, when NIST goes from one version of NIST to another version, all that happens automatically, and more importantly, as a cyber security professional, and I've only been at it since 1994. (laughter) I've been in it for relatively a long time as a CEO. As a cyber security professional, what I see is, as long as I can show a continuous monitoring of your current status, that's very relevant to the operational security professional. That's really good. So for us, we know that our customers are going to be a combination of Cloud, hybrid, and on-prem. These large organizations are going to take years and years and years to move to the Cloud, but they got to start, because now is the time. >> So automation and having that nice stack where it automatically updates and auto-provisioning, auto scaling, but the operational provisioning piece is really where the rubber meets the road, right? Is that what you're getting at? >> Well it's that. It's also you're consolidating your data centers. You don't need lots of them anymore. You can just focus on one, that's another big area. Another big area is, you can lift and shift your legacy IT infrastructure into the Cloud and then put the big investment into the new application as it's siting in there in the Cloud. >> Awesome, John, thanks for joining us here in the cube conversation. Here at Amazon Web Services Headquarters, breaking down the trends in GovCloud public sector as Cloud computing really levels the playing field, opens up new doors, new solutions, faster time to operate, in vi of other things, here in Washington, D.C., in Arlington, Virginia, I'm John Furrier. Thanks for watching. (dramatic music)