(ethereal music) >> Welcome to the special Cube Conversation. I'm John Furrier, your host of "The Cube" here in Palo Alto, California. We've got two great remote guests here having a conversation around security, security convergence with platforms around networking and security with cybersecurity at an all time high, the need for understanding how to manage the breaches how to understand them, prevent them, everything in between cybersecurity and data are the number one conversation happening in the world today. We got two great guests, we've got Nirav Shah, VP of products at Fortinet and Peter Newton's senior director of products at Fortinet. The product leaders in the hottest cybersecurity company. And guys, thanks for coming on this Cube Conversation. >> Thanks for having us. >> Thank you, John. >> So last month or so I talked to John Madison about the Fortinet new release, FortiOS 7.0, as well as highlighting the convergence that's going on between the platforms around companies trying to consolidate and or manage or grow and build, converting networking and security together. Seeing that happening in real time, still doesn't change the underpinnings of how the internet works, and how these companies are structured. But the need for security is at an all time high. Talk about the impact to the customer. Do you guys have the keys to the kingdom here, product group? What is the killer product? What are customers doing? Give us the overview of why there's such a big need for the security platforms right now. >> Yeah, absolutely John. So if you see today's environment, we have seen working from anywhere it's become normal. And as part of that, we have seen so many different network edges. At the same time, they have different devices that they're using from anywhere. So what's important is as users have different devices, different users and applications that they're consuming from Cloud, we have to make sure that we provide security across the endpoint, across all network edges, and going to the Cloud compute. And for that kind of approach, you cannot have point products provide the visibility control and management. You need to have a comprehensive cybersecurity platform, which gives you security from that endpoint, to the edge, to the user, so that you have a simple but effective management and have a solid security in place to get that working from anywhere in a much more better user experience way. And that's exactly Fortinet describes as the security fabric platform. >> It's interesting not to kind of go on a tangent here, but to illustrate the point is, if you look at all the cyber security challenges that we're facing globally, especially here in the United States, the public private partnerships are increasing. We're seeing more public sector, commercial integration, the role of data. We've covered this on SiliconANGLE and many other cube interviews, especially with you guys. And there's all this kind of new approaches. Everyone's trying everything. They're buying every product that's out there, but now there's like overload. There's too much product. And that the obvious thing that's becoming clear, as cloud-scale, the evolution of this new edge environment. And so with that becomes the importance two trends that you guys are participating in. I want to get your thoughts on this because that's called SASE and SD-WAN. We know SD-WAN, but SASE stands for Secure Access Service Edge. That's I think Gartner made that term up or someone made that term up, but that's a new technology. And you've got SD-WAN, these are traditionally had been like edge for like branch offices. Now evolve now as pure network edges than a distributed computing environment. What's so important about these two topics. Nirav take us through the changes that are happening and why it's important for enterprises to get a handle on this >> Yeah John. So, as you said, SASE, Secured Access Services Edge. Really the foundation of that topic is the convergence of networking and security. And as you mentioned, Fortinet has been doing a lot of innovation in this area, right? Six years back, we pioneered the convergence of security and networking with security SD-WAN but what's happening now with the SASE is, as that working from anywhere continues to remain the dominant trend, users are looking for a Cloud-Delivered Security. And that's what Fortinet recently announced, where we can provide the most comprehensive Cloud-Delivered Security for remote users. For thin edge. You can still, anytime access from any device. To give you an example, now, our remote users, they are still at home or they can be branch of one user, but still have that always on threat protection with the consistent security given in the Cloud. So they don't have to go anymore from the branch or data center, but have a direct connectivity to the Cloud Security before they access SaaS application. That's what one of the SASE trend is. Second thing, John we are observing is users are now, as they are going back to the hybrid workforce, they are looking for a thin edge right? To your point of an edge, edge is still intelligent and a very important but there is an interesting architectural shift of, can I just use an intelligent networking there move my CapEx to OPEX and have security in Cloud? That unified security, unified policy is again becoming important. That's what SASE-- >> Okay, so I like this Cloud-Delivered Security. This is a hybrid workforce you're addressing with this marketplace, that's clear. Hybrid is a everywhere, hybrid cloud, hybrid workforce, hybrid events are coming. I mean, we love covering events physically but also now virtual. Everything's impacted by the word hybrid and Cloud. But talk about this thin edge. What do you mean by that? I mean I think thin edge, I think thin clients, the old trend. What is thin edge mean? >> Yeah, so there're different organizations are looking at the architecture in a different way. Some organizations are thinking about having a very simple branch where it is used for modern networking technologies, while security has been shifted to the Cloud deliver. What happens with this model is, now they are relying more into technologies like SD-WAN on edge to provide that intelligence steering, while everything in the security is being done in a Cloud compute way for both remote users and thin edge environment. Now the good news here is, they don't have to worry about the security patching, or any of those security capabilities. It is all done by Fortinet as they go and use the SaaS applications performance >> I want to come back and drill down on that but I want to get Peter in here in the Zero Trust equation because one of the things that comes up all the time with this edge discussion is network access. I mean, you go back to the old days of computing, you had edge log in, you'd come in, radius servers, all these things were happening, pretty simple cut paradigm. It's gotten so complicated now, Peter. So Zero Trust is a hot area. It's not only one of the things but it's a super important, what is Zero Trust these days? >> Zero Trust is indeed a very hot term because I think part of it is just it sounds great from a security standpoint, Zero Trust, you don't trust anyone, but it really comes down to a philosophical approach of how do you address the user's data applications that you want to protect? And the idea of Zero Trust and really what's driving it is the fact that as we've been talking, people are working remotely. The perimeter of the organization has dissolved. And so you no longer can afford to have a trusted internal zone and an untrusted external zone. Everything has to be "Zero Trust." So this means that you need to be authenticating and verifying users and devices on a repeat and regular basis, and you want to when you're bringing them on and giving them access to assets and applications, you want to do that with as granular of control as possible. So the users and devices have access to what they need, but no more. And that's kind of the basic tenets of Zero Trust. And that's what, it's really about prioritizing the applications and data, as opposed to just looking at, am I bringing someone into my network. >> God, the concept of Zero Trust, obviously hot. What's the difference between Zero Trust Access and Zero Trust Network Access, or as people say ZTA versus ZTNA? I mean, is there a nuance there? I mean, what's the difference between the two? >> That's actually a really good question because they both have the Zero Trust in the name. ZTNA is actually a specific term that a Gardner created or other analyst I should say, created 10 years ago. And this refers specifically to controlling application to controlling access to applications. whereas Zero Trust, overall Zero Trust access deals with both users and devices coming on to networks, how are you connecting them on? What kind of access are you giving them on the network? ZTNA is specifically how are you bringing users and connecting them to applications? Whether those applications are on premise or in the Cloud. >> So what the NA is more like the traditional old VPN model connecting users from home or whatever. Just connecting across the network with user to app. Is that right? >> That's actually a really good insight, but ironically the VPN clinical benefits of this are actually an outgrowth of the ZTNA model because ZTA doesn't differentiate between when you're on network or off network. It creates a secure tunnel automatically no matter where the user is, but VPN is all just about creating a secure tunnel when you're remote. ZTNA just does that automatically. So it's a lot easier, a lot simpler. You get a hundred percent compliance and then you also have that same secure tunnel even when you're "on a safe network" because with Zero Trust, you don't trust anything. So yes it really is leading to the evolution of VPN connectivity. >> So Nirav I want to get back to you on tie that circle back to what we were talking about around hybrid. So everyone says everything's moving to the Cloud. That's what people think. And Cloud ops is essentially what hybrid is. So connect the dots here between the zero trust, zero trust A and NA with the move to the hybrid cloud model. How does that, how does it, what's the difference between the two? Where's the connection? What's the relevance for your customers and the marketplace? >> Yeah, I think that again goes back to that SASE framework where ZTNA plays a huge role because John, we talked about when users are working from anywhere in this hybrid workforce, one of the important thing is to not give them this implicit trust right? To the applications, enabling the explicit trust is very important. And that is what ZTNA does. And the interesting thing about Fortinet is we provide all of this part of FortiOS and users can deploy anywhere. So as they are going to the Cloud-Delivered Security, they can enable ZTNA there so that we make sure this user at what time, which application they're accessing and should we give them that access or not. So great way to have ZTNA, SASE, everything in one unified policy and provide that anytime access for any device with a trusting place. >> Okay, real quick question to you is, what's the difference between SASE, Secure Access Service Edge, and SD-WAN? Real quick. >> Yeah, so SD-WAN is one of the core foundation element of SASE, right? So far we talked about the Cloud-Delivered Security, which is all important part of the security of the service. SASE is another element, which is a networking and a service where SD-WAN plays a foundation role. And John that's where I was saying earlier that the intelligent edge modern technology that SD-WAN provides is absolutely necessary for a successful SASE deployment, right? If users who are sitting anywhere, if they can't get the right application steering, before they provide the Cloud-Delivered Security, then they are not going to get the user experience. So having the right SD-WAN foundation in that edge, working in tandem with the Cloud-Delivered Security makes a win-win situation for both networking and security teams. >> So Peter, I want to talk to you. Last night I was on a chat on the Clubhouse app with some cybersecurity folks and they don't talk in terms of "I got ZTNA and I got some SASE and SD-WEN, they're talking mostly about just holistically their environment. So could you just clarify the difference 'cause this can be confusing between Zero Trust Network Access ZTNA versus SASE because it's kind of the same thing, but I know it's nuance, but, is there a difference there? People get confused by this when I hear people talking 'cause like they just throw jargon around and they say, "Oh, with Zero Trust we're good. What does that even mean? >> Yeah, we get a lot of that when talking with customers because the two technologies are so complimentary and similar, they're both dealing with security for remote workers. However sassy is really dealing with that kind of firewall in the Cloud type service, where the remote user gets the experience and protection of being behind a firewall, ZTNA is about controlling the application and giving them that secure tunnel to the application. So they're different things one's kind of that firewall and service, security and service, even networking in a service. But ZTNA is really about, how do I have the policies no matter where our user is, to give them access to specific applications and then give them a secure tunnel to that application? So very complimentary, but again, they are separate things. >> What's the landscape out there with competitive because has there products, I mean you guys are product folks. You'll get the product question. Is it all kind of in one thing, is this bundled in? Do you guys have a unique solution? Some people have it, they don't. What's the marketplace look like from a product standpoint? >> Yeah. So John, that starts back to the platform that we talked about, right? Fortinet always believes in not to develop a point product, but doing organic development which is part of a broader platform. So when we look at the thing like SASE, which required a really enterprise grade networking and security stack, Fortinet has organically developed them SD-WAN, we are a leading vendor, for the Gartner magic quadrant leader there, network firewall, including whether they deployed on Cloud, on-prem or a segmentation. We are a leader there. So when you combine both of them and ZTNA is part of it, there is only handful of vendor you will see in the industry who can provide the consistent security, networking, and security together and have that better user experience for the single management. So clearly there's a lot of buzz John, about a lot of vendors talk about it. But when you go to the details and see this kind of unified policy of networking and security, Fortinet is emerging as a leader. >> Well I always like talking the experts like you guys on this topic. And we get into the conversations around the importance under the hood. SASE, SD-WEN, we've been covering that for a long time. And now with Zero Trust becoming such a prominent architectural feature in Cloud and hybrid, super important under the hood. At the end of the day though, I got to ask the customers question, which is, "what's in it for me? "I care about breaches. "I don't want to be breached. "The government's not helping me over the top. "I got to defend myself. "I have to put resources in place, it's expensive, "and nevermind if I get breached." The criticality of that alone, is a risk management discussion. These are huge table. These are huge stakes and the stakes are high. So what I care about is are you going to stop the breaches? I need the best security in town. What do you say to that? >> Yeah this goes back to the beginning. We talked about consistent certified security, right John. So yes a SASE model is interesting. Customers are going to move to Cloud, but it's going to be a journey. Customers are not going Cloud first day one. They are going to take a hybrid approach where security is required in a segment, in an edge and on the Cloud. And that's where having a solid security in place is a number one requirement. And when you look at the history of Fortinet, over the last 20 years, how we have done, with our FortiGuard Labs, our threat intelligence and ability for us to protect over 450,000 customers, that's a big achievement. And for us to continue to provide that security but more importantly, continue to go out, and do a third-party certification with many organization to make sure no matter where customers are deploying security, it is that same enterprise grade security deployment. And that's very important that we talk to our users to make sure they validate that. >> Peter would weigh in on this. Customers don't want any breaches. How do you help them with the best security? What's your take on that? >> Well, to kind of reiterate what Nirav said earlier, we really believe that security is a team sport. And you do need best in class products at each individual element, but more importantly you need those products we talking together. So the fact that we have industry leading firewalls, the fact that we have industry-leading SD-WAN, we've got industry leading products to cover the entire gamut of the end point all the way email application, Cloud, all these products while it's important that they're, third-party validated as Nirav was mentioning, it's more important that they actually talk together. They're integrated and provide automated actions. Today's cyber security moves so fast. You need that team approach to be able to protect and stop those breaches. >> Well, you guys have a great enterprise grade solution. I got to say, I've been covering you guys for many years now and you guys have been upfront, out front on the data aspect of it with FortiGuards. And I think people are starting to realize now that data is the key, value proposition is not a secret anymore. Used to be kind of known for the people inside the ropes. So congratulations. I do know that there's a lot action happening. I want to give you guys a chance to at the end of this conversation now to just put a plug in Fortinet because there's more people coming into the workforce now. Post pandemic, young people with computer science degrees and other degrees that want to go into career with cybersecurity, could you guys share both your perspective on for the young people watching or people re-skilling, what opportunities there are from a coding standpoint, and or from say an analyst perspective. What are some of the hot openings? 'cause there are thousands and thousands of jobs give a quick plug for Fortinet and what openings you guys might have. >> Well, certainly in the cyber industry, one of the major trends we have is a work place shortage. There are not enough trained professionals who know about cybersecurity. So for those who are interested in retooling or starting their career, cybersecurity is an ongoing field. It's going to be around for a long time. I highly encourage those interested, come take a look at Fortinet. We offer free training. So you can start from knowing nothing to becoming certified up to a security architect level, and all those, all that training is now available for free. So it's a great time to star, great time to come into the industry. The industry needs you >> Any particularly areas, Peter you see that's like really jumping off the page. >> Well, it's hybrid, knowing Cloud, knowing on-prem, knowing the traffic, knowing the data on the applications, there's just so much to do. >> You're the head of product, you've got all, probably a ton of openings but seriously young people trying to figure out where to jump in, what are the hot areas? Where can people dig in and get retrained and or find their career? >> Yeah, no, I think to reiterate what Peter said, right? The program that Fortinet has built, LSE one, two, three which is free available, is a great foundation. Because that actually goes into the detail of many topics we touched upon. Even though we are talking about SD-WAN, SASE, ZTNA, fundamentally these are the networking and security technologies to make sure users are able to do the right work in the user experience. And that will be really helpful to the young people who are looking to learn more and go into this area. So highly encouraged to take those training, reach out to us. We are there to provide any mentorship, anything that is required to help them in that journey. >> Anything jump off the page in terms of areas that you think are super hot, that are in need. >> Certainly there's convergence of networking and security. There is a growing need of how and what is Zero Trust is? and how the security is applied everywhere. Definitely that's a topic of mine for a lot of our customers, and that's an area, it's a good thing to gain more knowledge and utilize it. >> Nirav and Peter, thank you for coming on. You guys are both experts and the leaders at Fortinet, the product team. The need for security platform is an all time high consolidating tools into a platform. More tools are needed and there's new tools coming. So I'm expecting to have more great conversations as the world evolves. Certainly the edge is super important. Thanks for coming on, appreciate it. >> Thanks for having us. >> Okay, Cube Conversation on security here in the Palo Alto studios. I'm John furrier. Thanks for watching. (ethereal music)

>> Hello, everyone. I'm Khalil Ahmad, Senior Director, Architecture at S&P Global. I have been working with S&P Global for six years now. Previously, I worked for Citigroup and Prudential. Overall, I have been part of IT industry for 30 years, and most of my professional career has been within financial sector in New York City metro area. I live in New Jersey with my wife and son, Daniel Khalil. I have a Master degree in software engineering from the University of Scranton, and Master in mathematics University of Punjab, Lahore. And currently I am pursuing TRIUM global Executive MBA. A joint program from the NYU Stern, LSE and HEC Paris. So today, I'm going to talk about building multi-cluster scalable container platform, supporting on-prem hybrid and multicloud use cases, how we leverage that with an S&P Global and what was our best story. As far as the agenda is concerned, I will go over, quickly the problem statement. Then I will mention the work of our core requirements, how we get solutioning, how Docker Enterprise helped us. And at the end, I will go over the pilot deployment for a proof of concept which we leverage. So, as far as the problem statement is concerned. Containers, as you all know, in the enterprise are becoming mainstream but expertise remains limited and challenges are mounting as containers enter production. Some companies are building skills internally and someone looking for partners that can help catalyze success, and choosing more integrated solutions that accelerate deployments and simplify the container environment. To overcome the challenges, we at S&P Global started our journey a few years back, taking advantage of both options. So, first of all, we met with all the stakeholder, application team, Product Manager and we define our core requirements. What we want out of this container platform, which supports multicloud and hybrid supporting on-prem as well. So, as you see my core requirements, we decided that we need first of all a roadmap or container strategy, providing guidelines on standards and specification. Secondly, with an S&P Global, we decided to introduce Platform as a Service approach, where we bring the container platform and provide that as a service internally to our all application team and all the Product Managers. Hosting multiple application on-prem as well as in multicloud. Third requirement was that we need Linux and Windows container support. In addition to that, we would also require hosted secure image registry with role based access control and image security scanning. In addition to that, we also started DevOps journey, so we want to have a full support of CI/CD pipeline. Whatever the solution we recommend from the architecture group, it should be easily integrated to the developer workstation. And developer workstation could be Windows, Mac or Linux. Orchestration, performance and control were few other parameter which we'll want to keep in mind. And the most important, dynamic scaling of container clusters. That was something we were also want to achieve, when we introduce this Platform as a Service. So, as far as the standard specification are concerned, we turn to the Open Container Initiative, the OCI. OCI was established in June 2015 by Docker and other leaders in the technology industry. And OCI operates under Linux Foundation, and currently contains two specification, runtime specification and image specification. So, at that time, it was a no brainer, other than to just stick with OCI. So, we are following the industry standard and specifications. Now the next step was, okay, the container platform. But what would be our runtime engine? What would be orchestration? And how we support, in our on-prem as well as in the multicloud infrastructure? So, when it comes to runtime engine, we decided to go with the Docker. Which is by default, runtime engine and Kubernetes. And if I may mention, DataDog in one of their public report, they say Docker is probably the most talked about infrastructure technology for the past few years. So, sticking to Docker runtime engine was another win-win game and we saw in future not bringing any challenge or issues. When it comes to orchestration. We prefer Kubernetes but that time there was a challenge, Kubernetes did not support Windows container. So, we wanted something which worked with a Linux container, and also has the ability or to orchestrate Windows containers. So, even though long term we want to stick to Kubernetes, but we also wanted to have a Docker swarm. When it comes to on-prem and multicloud, technically you could only support as of now, technology may change in future, but as of now, you can only support if you bring your own orchestration too. So, in our case, if we have control over orchestration control and not locked in with one cloud provider, that was the ideal situation. So, with all that, research, R&D and finding, we found Docker Enterprise. Which is securely built, share and run modern applications anywhere. So, when we come across Docker Enterprise, we were pleased to see that it meets our most of the core requirements. Whether it is coming on the developer machine, to integrating their workstation, building the application. Whether it comes to sharing those application, in a secure way and collaborating with our pipeline. And the lastly, when it comes to the running. If we run in hybrid or multicloud or edge, in Kubernetes, Docker Enterprise have the support all the way. So, three area one I just call up all the Docker Enterprise, choice, flexibility and security. I'm sure there's a lot more features in Docker Enterprise as a suite. But, when we looked at these three words very quickly, simplified hybrid orchestration. Define application centric policies and boundaries. Once you define, you're all set. Then you just maintain those policies. Manage diverse application across mixed infrastructure, with secure segmentation. Then it comes to secure software supply chain. Provenance across the entire lifecycle of apps and infrastructure through enforceable policy. Consistently manage all apps and infrastructure. And lastly, when it comes to infrastructure independence. It was easily forever lift and shift, because same time, our cloud journey was in the flight. We were moving from on-prem to the cloud. So, support for lift and shift application was one of our wishlist. And Docker Enterprise did not disappoint us. It also supported both traditional and micro services apps on any infrastructure. So, here we are, Docker Enterprise. Why Docker Enterprise? Some of the items in previous slides I mentioned. But in addition to those industry-leading platform, simplifying the IT operations, for running modern application at scale, anywhere. Docker Enterprise also has developer tools. So, the integration, as I mentioned earlier was smooth. In addition to all these tools, the main two components, the Universal Control Plane and the Docker Trusted Registry, solve lot of our problems. When it comes to the orchestration, we have our own Universal Control Plane. Which under the hood, manages Kubernetes and Docker swarm both clusters. So, guess what? We have a Windows support, through Docker swarm and we have a Linux support through Kubernetes. Now that paradigm has changed, as of today, Kubernetes support Windows container. So, guess what? We are well after the UCP, because we have our own orchestration tool, and we start managing Kubernetes cluster in Linux and introduce now, Windows as well. Then comes to the Docker Trusted Registry. Integrated Security and role based access control, made a very smooth transition from our RT storage to DTR. In addition to that, binary level scanning was another good feature from the security point of view. So that, these all options and our R&D landed the Docker Enterprise is the way to go. And if we go over the Docker Enterprise, we can spin up multiple clusters on-prem and in the cloud. And we have a one centralized location to manage those clusters. >> Khalil: So, with all that, now let's talk about how what was our pilot deployment, for proof of concept. In this diagram, you can see we, on the left side is our on-prem Data Center, on the right side is AWS, US East Coast. We picked up one region three zones. And on-prem, we picked up our Data Center, one of the Data Center in the United States of America, and we started the POC. So, our Universal Control Plane had a five nodes cluster. Docker Trusted Registry, also has a five node cluster. And the both, but in our on-prem Data Center. When it comes to the worker nodes, we have started with 18 node cluster, on the Linux side and the four node cluster on the Windows side. Because the major footprint which we have was on the Linux side, and the Windows use cases were pretty small. Also, this is just a proof of concept. And in AWS, we mimic the same web worker nodes, virtual to what we have on-prem. We have a 13 nodes cluster on Linux. And we started with four node cluster of Windows container. And having the direct connect from our Data Center to AWS, which was previously existing, so we did not have any connectivity or latency issue. Now, if you see in this diagram, you have a centralized, Universal Control Plane and your trusted registry. And we were able to spin up a cluster, on-prem as well as in the cloud. And we made this happen, end to end in record time. So later, when we deploy this in production, we also added another cloud provider. So, what you see the box on the right side, we just duplicate test that box in another cloud platform. So, now other orchestration tool, managing on-prem and multicloud clusters. Now, in your use case, you may find this little, you know, more in favor of on-prem. But that fit in our use case. Later, we did have expanded the cluster of Universal Control Plane and DTR in the cloud as well. And the clusters have gone and hundreds and thousands of worker nodes span over two cloud providers, third being discussed. And this solution has been working so far, very good. We did not see any downtime, not a single instance. And we were able to provide multicloud platform, container Platform as a Service for our S&P Global. Thank you for your time. If any questions, I have put my LinkedIn and Twitter account holder, you're welcome to ask any question

>> Announcer: Live from London, England, it's theCUBE, covering AWS Summit London 2019, brought to you by Amazon Web Services. >> Today, we're here at the AWS Summit live at the ExCel Center in London. I'm Susannah Streeter, and this is my cohost Dave Vellente, here today. Now, we've talked a lot about the benefits of Cloud and the opportunities, and also the challenges sometimes, for startups and other businesses. But, also, there has been massive growth of the use of Cloud services by public sector organizations. And our next two guests here on theCUBE today, really, this is your area of business isn't it? So, we have Johnny Hugill, who's from Public, but also Max Peterson, VP of Worldwide Public Sector, AWS. Thank you very much for coming on to talk to us. >> Thank you. >> Now it's really interesting, during the keynote speeches, I was really taken by one of the speeches from the Chief Digital Information Officer at the Ministry of Justice, Tom Read, and he says, "We don't innovate for professional advantage, we do it to take care of people." And, Johnny, this is what your business is about, isn't it? Trying to link up startups and public sector organizations, to ensure that more people are taken care of. >> Yeah, I mean, that's exactly right. I think what we've seen in sort of almost every other sector you can think of, is this big proliferation of startups, of new market entrant's of completely new companies, really kind of coming to dominate those markets. And we haven't quite seen as much of that as I would like to see in the public sector. So, what we're trying to do is help tech startups, help innovative new companies, to come in and ultimately to deliver better services for everyone. >> There is real concern, though, among traditional companies about this. For example, your local pharmacy concerned that a really big player is going to move in and take away what they do. How do you kind of bring them along and say, well actually, if you work with a startup, it could improve the way you do business and keep you in business. >> Totally. I think pharmacy is a really interesting example. Because, in the UK, we've seen a bunch of new digital-first pharmacies come in and completely transform how people can access their pharmacy. So, Echo is one example of a UK startup that, now, you can get door-to-door prescriptions, instead of having to go to your pharmacy, make appointments, you know, waste loads of time queuing. My view is that these organizations really have to kind of get up to speed with how things work in the wider digital economy. So, people have certain expectations for how services should be delivered, for how quickly they should be accessed, to be able to access things. I think government services are no different. That's pharmacies, that's schools, that's teaching, that's everything. >> We're here in London. How big is the UK in terms of the growth of your business? >> Max: Well, the UK has been a leader for a long time, so from the time that they undertook the government digital services business through the G Cloud, 11 iterations, with big ministries, like the UK MOJ that you heard, with big nonprofits, like Comic Relief, and everything in between, educational institutions, startups. We're very proud we've partnered with Public to help continue to encourage that kind of innovation in government technology. >> I think, when we last talked Max, you, John and I, I think we were in DC. >> I think it was. >> And you were helping us understand, look, this public sector is not just about DC. And you've got a number of activities. We interviewed several of theCUBE yesterday At AWS headquarters. One of the things we talked about was GDPR. We were having a conversation with a privacy expert earlier today. He said, you know, the big players really haven't, really weren't ready for GDPR. You made a point in DC last year, you said, day-one you guys were ready, end-to-end encryption, a number of other services. so, I wanted to circle back to you. >> Max: Sure. >> I said, okay, we gotta peel the onion. I gotta ask Max, put him on the spot. You guys really anticipated this, it's not like you were scrambling at the last minute. Is that fair to say, and I wonder, if, Johnny, if you could confirm or deny that. >> Well, I would tell you that at Amazon, we think security is job-zero. If we are not making sure that we are continuously raising the bar to improve customer security, security for small businesses, then we need to do a better job. A couple of examples: GDPR was a good one, where, two months before GDPR came into a lawful requirement, Amazon announced that we were GDPR compliant. So people could confidently build on top of Amazon. In the UK, early on in 2016, we delivered one of our advanced security services called AWS Shield, which gives everybody using the AWS Cloud in the UK and, in fact, around the world, automatic protection against DDoS. No additional cost. You get it by using the Cloud. Those are the types of security services that Amazon delivers, and probably one of the most important these days, when you're working with sensitive workloads, is encryption. On Amazon, it's check-the-box easy to implement encryption for your data on the fly or when it's at rest. >> So, I hear that a lot, about encryption, and how simple it is. You guys using encryption? Do you guys got it as part of your... >> So, we work with technology companies who want to work with government, so many of the companies we back are using encryption. As I'd say, some of the, sort of, particularly in policing and defense, and some of the more sensitive areas of the public sector, this stuff is really, really crucial. And you simply can't, kind of, get into government without being GDPR compliant, and without having all of the SAP security essentials. A lot of the companies we've backed, are using AWS Cloud, have gone on to win public sector business, so, in that sense, I'm sure everything's E-checked. >> Are there any special considerations, with regard to encryption, things like, out-of-scope requirements that I should think about as a customer, or is it really as simple as Max is saying, click a button and check a box and don't even worry about it, it's all taken care of. What's your advice to people on encryption, is it just encrypt everything? >> Yeah. >> Are there performance considerations or...? >> I mean, again, it totally depends on the scale of the contract, of the requirements that your kind of going off of. For big major contracts with Ministry of Justice, Ministry of Defense, there are a number of different performance, kind of requirements, that you need to consider. But, in general, I think, yeah, it's pretty quite straightforward. >> Yes, kind of a no-brainer. >> I think the answer is encrypt everything, everywhere, all the time. And that also means on premise, it also means on your devices, right? I mean it needs to be just the standard approach that people take to data protection these days. And, unfortunately, for many organizations internally, it's hard, and so that's why people are moving to Amazon so that they get that security built in. It actually is the number one reason why people are moving to AWS today. They want the built-in security and then, after that, they want speed and innovation. And there was a really interesting statistic today at the keynote. Did you hear that LSE, London School of Economics, just completed a study and they showed that 95% of all startups that happen today would not happen if they had to depend on legacy infrastructure, because it was hard and expensive, and that's, candidly, why being a startup in today's Cloud-based world, is a much better value proposition. You can focus on the problem rather than all of these important but complicated factors like encryption. >> The other thing there, the London School of Economics study showed is the productivity gains for those companies that use Cloud. Now, there haven't been obvious productivity gains as a result of technology across the board. We're starting to finally see the uptick. Remember back in the PC days, you could see productivity, you could see upticks everywhere except in productivity, and then all of a sudden it shot up. And we've been predicting, for a couple of years now, you're going to start to see it, Cloud being one of the reasons, other new technologies, and so that was another key finding of that study that I found intersting. >> Well, Sainsbury was up on the stage today again, and what they have now found, right, was they have found a 60% to 70% improvement in productivity. That was their number up on the stage. >> Interesting, you're talking about kind of legacy companies. We've got Ministry of Justice, in fact there was a bit of a battle wasn't there? Yeah, well we've been balanced since 1170. (laughter) >> That was hilarious wasn't it? >> Sainsbury's only 150 years old. >> MOJ got up and said, "Well, in this battle of historical significance, our mission started in 1178. (laugher) >> But it's interesting to talk about those, but really, your bread and butter, Johnny Hugill, is the startups, isn't it, trying to spot talent out there and think, who could I partner these guys up with. >> Yeah, totally right. A really important thing to any organization that is trying to innovate today can do is to market horizon scanning, really understand what is out there, what the art of the possible looks like, what the new technologies that are going to change the game look like, what these companies are actually really capable of, where their sweet spot of innovation is. >> Susannah: And they might not know that themselves. >> But it's a really difficult thing to know, especially if you think about what the kind of day-to-day job of government is, which is really running the country, right? It's pretty difficult to ask them, by the way guys, you also need to really understand what the prospects of AI startups are looking like across the country, or across the world. You need to understand who the kind of BotChain innovators are. It's a big challenge, and it's something that we are really trying to help them along the way. As you said, a lot of that is partnering with bigger companies, and kind of forming the right ecosystems of smaller companies, large companies that can help them scale, and kind of taking government on that journey along with them. >> Well, and the pace of change is another challenge. Six months in this business now is an eternity it seems like. I remember crypto was so hot a year ago, I mean I'm a fan of a lot of the underlying technologies. It was interesting to see how Amazon dealt with that. You asked a lot of questions, like what do you really need to do this, you guys came up with a couple of solutions there, but, keeping up with the pace of change is one of the, I would think, one of the key values that you provide. >> It's really a challenge, and I think now, in infant tech, 15% of the financial revenue in the UK has come from startups founded in the last five years, right? So a big legacy market as important as financial services, has just been completely turned on its head, by Revolut, by Monzo, by all these new guys. And in government we are going to see the same thing at some point. >> Dave: I'd observe that in financial services those are good examples, but the industry still hasn't been disrupted yet. Healthcare still hasn't been disrupted. They're both ripe for disruptions and it's happening. >> Max: Yeah, but I think if you look at those, that's part of what Johnny was saying. Some of these early industries, like finance, have maybe been the initial disrupters, but I do believe that there is a wave of opportunity and disruption coming in this whole gov-tech space. One of them recently was at Zuna. Zuna came in and acquired a contract with UK government that completely upended an old way of doing job search. They had a better mousetrap. And, fortunately, in this case, government recognized it and they used them. >> [Johnny} Yeah, I mean, I would say that was a really momentous thing. The most used website in the entire UK Government, which is the kind of find-a-job search site. As Zuna came along, replaced an incumbent supplier who'd been doing it for years, probably quite badly, came along with their new AI-driven platform, using AWS Cloud and are now just delivering a service that everyone prefers. >> Dave: I saw NHS has announced, what, a half-billion pound almost, transformation project, modernization. And when you peel the onion, you see a lot of startups. Behind the startups, you see a lot of Cloud going on because the Cloud attracts startups, startups are where the innovation is, and if you're going to modernize and spend a half-billion pounds, you better look to the innovation engine. >> Yeah, one of the things about the Cloud computing and one of the things about government policy that's critical, is that it actually encourages that kind of innovation. Because a lot of small companies are the source of new ideas, but, procurement sometimes gets in the way. One of the things that we think, in fact, has worked well is the UK G Cloud contract, where on the UK G Cloud, over 90% of the suppliers on the G Cloud contract are in fact small and medium enterprises, and where 45% of the sales since inception on G Cloud have actually gone to SMEs. >> So it's really transformative. >> yeah. >> Well thank you very much for talking to us about this really fascinating space. I really appreciate it Max Peterson and Johnny Hugill. Thank you for joining us on theCUBE. >> Thank you. >> Thank you so much. >> Great talk. >> That's all from us for now from the Excel Center AWS Summit here in London.

>> Live from Miami Beach, Florida, it's theCUBE. Covering UiPathForward Americas. Brought to you by UiPath. >> Welcome back to Miami everybody. You're watching theCUBE, the leader in live tech coverage. We go out to events, we extract the signal from the noise. A lot of noise here but the signal's all around automation and robotic process automation. I'm Dave Vellante, he's Stu Miniman, my co-host. Guy Kirkwood's here he's the UiPath chief evangelist otherwise known as the chief injector of Kool-Aid. Welcome. (guests chuckling) And Craig LeClair, the Vice President at Forrester. Covers this market, wrote the seminal document on this space. Knows it inside out. Craig, great to see you again. >> Yeah, nice to see you again. It's great to be back at theCUBE. >> So let's start with the analyst perspective. Take us back to when you first discovered RPA, why you got excited about it, and what Forrester Research is all about in that space. >> Yeah, it's been a very a interesting ride. Most of these companies, at least that are the higher value ones in the category they've been around for a long time. They've been around for over a decade, and no one ever heard of them three years ago. So I had covered at Forrester, business process management and some of the business rules engines, and I've always been in process. I just got this sense that there was a way that companies could make progress and digital transformation and overcome the technical debt that they had. A lot of the progress has been tepid in digital transformation because it takes tremendous amount of time and tons of consultants to modernize that core system that really runs the company. So along comes this RPA technology that allows you to build human equivalence that patch up the inefficiencies without touching. I came in on American Airlines and the system that cut my ticket was designed in 1960. It's the same Sabre reservation system. That's the big obstacle that a lot of companies have been struggling to really take advantage of AI in general. A lot of the more moonshot and more sophisticated promises haven't been realized. RPA is a very practical form of automation that companies can get a handle on right now, and move the dial for digital transformation. >> So Guy we heard a vision set forth by Daniel this morning. Basically a chicken in every pot, I call it, a robot for every person. Now what Craig was just saying about essentially cutting the line on technical debt, do you have clear evidence of that in your customer base? Maybe you could give some examples. >> What we're really seeing is that as organizations have to deal with the stresses, what Leslie Wilcox professor at LSE describes as the stresses within organizations and particularly in environments where the demographics are changing. What we're seeing is that organizations have to automate. So the best example of that is in Japan where the Japanese population peaked in 2010. It's now falling as a whole, plus all the baby boomers, people of Craig's and my age are now retiring. So we're now in a position where they measure levels of dangerous overwork as being more that 106 hours a week. That isn't 106 hour a week in total, that's 106 hours a week in addition to the 60 hours a week the Japanese people normally work. And there is a word in Japanese, which is (speaking in foreign language), which means to work oneself to death. So there really is no choice. So what we're seeing happening in Japan will be replicated in Western Europe and certainly in the US over the next few years. So what's driving that is the rise of the ecosystems of technologies of which RPA and AI are part, and that's really what we're seeing within the market. >> Craig, sometimes these big waves particularly in infrastructure, you kind of saw it with virtualization and some other wonky techs, like data reduction. They could be a one-time step function, and not an ongoing business value creator. Where does RPA fit in there? How can organizations make sure that this is a continuous business value generator as opposed to a one time hit? >> Good question. >> Well, I like the concept of RPA as a platform that can lead to more intelligence and more integration with AI components. It allows companies to build an automation center or a center of excellence focused on automation. But the next thing they're going to do after building some simple robots that are doing repetitive tasks, is they're going to say "Oh well wouldn't it be better "if my employee could have a textual chat with a chatbot "that then was interacting with the digital worker "that I built with the bot." Or they're going to say "You know what? I really want to use that machine learning algorithm "for my underwriting process, but I can use these bots "to go out and collect all the data from the core systems "and elsewhere and from the web and feed the algorithms "so that I could make a better decision." So again it goes back to that backing off the moonshot approach that we've been talking about that AI has been taking because of the tremendous amount of money spent by the major players to lay out the promise of AI has really been a little dysfunctional in getting organizations' eye off the ball in terms of what could be done with slightly more intelligent automation. So RPA will be a flash in the pan unless it starts to embed these more learning-capable AI modules. But I think it has a very good chance of doing that particularly now with so much investment coming into the category right. >> Craig, it's really interesting. When I heard you describe that it reminds me of the home automation. The Cortanas and Alexas and consumer side where you're seeing this. You've got the consumer side where you can build skills yourself, you know teenagers people can do that. One of the challenges always on the business side is how do you get the momentum when you don't have the consumer side. How do those interact? >> It's the technical debt issue and it's just like the mobile peak in 2011. Consumers in their hands had much better mobility right away than businesses. It took businesses five, they're still not there in building a great mobile environment. So these Alexa in our kitchen snooping on our conversation and to some extent Netflix that observes our behavior. That's a light form of AI. There is a learning from that behavior that's updating an algorithm autonomously in Netflix to understand what you want to watch. There's no one with a spreadsheet back there right. So this has given us in a sense a false sense of progress with all of AI. The reality is business is just getting started. Business is nowhere with AI. RPA is an initial foray on that path. We're in Miami so I'll call it a gateway drug. >> In fact there's also an element that the Siris, the Cortanas, the Alexas, are very poor at understanding specific ontologies that are required for industry, and that's where the limitation is right now. We're working with an organization called Humly, they're focused on those ontologies for specific industries. So if the robot doesn't understand something, then you could say to the robot Okay sit that in the Wells account, if you're in a bank, and it understands that Wells in that case means Wells Fargo it doesn't mean a hole in the ground with water at the bottom or a town in Somerset in the UK, 'cause they're all wells. So it's getting that understanding correct. >> I wonder if you guys could comment on this. Stu and I were at Splunk earlier this week and they were talking up NLP and we were saying one of the problems is that NLP is sometimes not that great. And they made a comment that I thought was very interesting. They said frankly a lot of the stuff that we're ingesting is text and it's actually pretty good. I would imagine the same is true for RPA. Is that what you see? >> You were talking about that on stage. With regards to the text analytics. >> Yes. So RPA doesn't handle unstructured content the way that NLP does. So NLP can handle voice, it can handle text. For the bots to work in RPA today you have to have a layer of analytics that understands those documents, understands those emails and creates a nice clean file that the bots can then work with. But what's happening is the text analytics layer is slowly merging with the RPA bots platforms so it's going to be viewed as one solution. But it's more about categories of use cases that deal with forms and documents and emails rather than natural language, which is where it's at. >> So known business processes really is the starting point. >> Known business-- >> One example we've got live is an insurance company in South Africa called Hollard, and they've used a combination of Microsoft Cognitive Toolkit, plus IBM Watson and it's orchestrated doing NLP and orchestrated by UiPath. So that's dealing with utterly unstructured data. That's the 1.5 million emails that that organization gets in a year. They've managed to automate 98% of that, so it never sees a human. And their reduction in cost is 91% cost in reduction per transaction. And that's done by one of our implementation partners, a company called LarcAI down there. It's superb. >> Yeah, so text analytics is hard. Last several years we have that sentiment out of it, but if I understand it correctly Craig, you're saying if you apply it to a known process it actually could have outcomes that can save money. >> Yes, absolutely yes. >> As Guy was just saying. >> I think it's moving from that rules-based activity to more experience-based activity as more of these technologies become merged. >> Will the technology in your view advance to the point, because the known processes. okay, there's probably a lot of work to be done there, but today there's so many unknown processes. It's like this messy, unpredictable thing. Will machine intelligence combined with robotic process automation get to the point, and if so when, that we can actually be more flexible and adapt to some of these unknown processes or is that just decades off? >> No, no, I think we talk at Forrester about the concept of convergence. Meaning the convergence of the physical world and the digital world. So essentially digital's getting embedded in everything physical that we have right. Think of IoT applications and so forth. But essentially that data coming from those physical devices is unstructured data that the machine learning algorithms are going to make sense of, and make decisions about. So we're very close to seeing that in factory environments. We're seeing that in self-driving cars. The fleet managers that are now understanding where things are based on the signals coming from them. So there's a lot of opportunity that's right here on the horizon. >> Craig, a lot of the technologies you mentioned, we may have had a lot of the technical issues sorted out, but it's the people interactions some things like autonomous vehicles, there's government policies going to be one of the biggest inhibitors out there. When you look at the RPA space, what should workers how do they prepare for this? How do companies, make sure that they can embrace this and be better for it? >> That's a really tough and thoughtful question. The RPA category really attacks what we call the cubicle population. And there are we're estimating four million cubicles will be emptied out in five years by RPA technology specifically. That's how we built the market forecast 'cause each one of the digital workers replacing a cubicle worker will cost $11,000 or what. That's how we built up the market forecast. They're going to be automation deficits. It's not all going to be relocating people. We think that there's going to be a lot of disruption in the outsource community first. So companies are going to look at contractors. They're going to look at the BPO contract. Then they're going to look at their internal staff. Our numbers are pretty clear. We think they're going to be four million automation deficits in five years due to RPA technology specifically. Now there will be better jobs for those that are remaining. But I think it's a big change management issue. When you first talk about robots to employees you can tell them that their jobs are going to get better, they're going to be more human. They're going to have a much more exhilarating experience. And their response to you is, What they're thinking is, "Damn robot's going to take my job." That's what they're thinking. So you have to walk them up the mountain and really understand what their career path is and move them into this motion of adaptive and continual learning and what we call constructive ambition. Which is another whole subject. But there are employees that have a higher level of curiosity and are more willing to adapt to get on the other side of the digital divide. Yep. >> You mentioned the market. You guys did a market forecast. I've seen, read stats, a little over a billion today. I don't know if that's consistent with your numbers? >> Yeah that's about right. >> Is this a 10X market? When does it get to 10 billion? Is it five, seven, 10 years? >> So we go out five years and have it be close to three billion. I think the numbers I presented on stage were 3.2 billion in five years. Now that's just software licenses and it's not the services community that surround that. >> You'd probably triple it if you add in services. >> I think two to three times service license ratio. There's always an issue at this point in emerging markets. Some of the valuations that are there, that market three billion has to be a bit bigger than that in eight or nine years to justify those valuations. That's always the fascinating capital structure questions we create with these sorts of things. >> So you describe this sort of one for one replacement. I'm presuming there's other potential use cases, or maybe not, that you forecast. Is that right? >> Oh no for the cubicles? >> Yes, it's not just cubicle replacement in that three billion right? It's other uplifts. >> No there are use cases that help in factory automation, in supply chain, in guys carrying around clipboards in warehouses. There are a tremendous number of use cases, but the primary focus are back office workers that tend to be in cubicles and contact center employees who are always in cubicles. >> And then we'll see if the non-obvious ones emerge. >> I think ultimately what's going to happen is the number of people doing back office corporate functions, so that's both finance and accounting procurement, HR type roles and indeed the industry specific roles. So claims processing insurance will diminish over time. But I think what we're going to see is an increase in the number of people doing customer experience, because it's the customer intimacy that is really going to differentiate organizations going forward. >> The market's moving very fast. Reading your report, it's like you were saying yesterday's features are now table steaks. Everybody's watching everybody else. You heard Daniel today saying, "Hey our competitors are watching. "We're open they're going to steal from us so be it." The rising tide lifts all boats. What do you advise clients in terms of where they should start, how they should get started? Obviously pick some quick wins. But what do you tell people? >> I always same pretty much the same advice you give almost on any emerging technology. Start with a good solution provider that you trust. Focus on a proof of concept, POC and a pilot. Start small and grow incrementally, and walk people up the mountain as you do that. That's the solution. I also have this report I call The Rule of Fives, that there are certain tasks that are perfect for RPA and they should meet these three rules of five. A relatively small number of decisions, relatively small number of applications involved, and a relatively small number of clicks in the click stream. 500 clicks, five apps, five decisions. Look for those in high volume that have high transaction volume and you'll hit RPA goal. You'll be able to offset 2 1/2 to four FTE's for one bot. And if you follow those rules, follow the proof of concept, good solution partner everyone's winning. >> You have practical advice to get started and actually get to an outcome. Anything you'd add to that? >> In most organizations what they're now doing, is picking one, two, or three different technologies to actually play with to start. And that's a really good way. So we recommend that organizations pick three, four, five processes and do a hackathon and very quickly they work out which organizations they want to work with. It's not necessarily just the technology and in a lot of cases UiPath isn't the right answer. But that is a very good way for them to realize what they want to do and the speed with which they'll want to do it. >> Great, well guys thanks for coming on theCUBE, sharing your knowledge. >> Thank you. >> Pleasure. >> Appreciate your time. >> Thanks very much indeed. >> Alright keep it right there everybody. Stu and I will be back from UiPathForward Americas. This is theCUBE. Be right back. (upbeat music)