(upbeat music) >> Good afternoon and welcome back to Las Vegas. You're watching theCUBE's coverage of AWS 2021. My name is Dave Vellante. theCUBE goes out to the events. We extract the signal from the noise. Very few physical events this year doing a lot of hybrid stuff. It's great to be back in hybrid event... Physical event land, 25,000 people here. Probably a little few more registered than that. And then on the periphery, got to be another at least 10,000 people that came in, flew in and out, see what's happening. A bunch of VCs, checking things out, a few parties last night and so forth. A lot of action here. It's like re:Invent is back. Matt Coulter is here. He's a technical architect at Liberty Mutual. Matt, thanks for flying in from Belfast. Good to see ya. >> Dave, and thanks for having me today. >> Pleasure. So what's your role as a technical architect? Maybe describe that, we'll get into a little bit. >> Yeah so I am here to empower and enable our developers across the globe to rapidly deliver business value and solve problems for our customers in a well-architected way that doesn't introduce problems or risks, you know, later down the line. So instead of thinking of me as someone who directly every day, build software, I try to create the environment where other people can rapidly build software. >> That's, you know, it's interesting. because you're a developer, right? You can use like, "Hey I code." That's what normally you would say but you're actually creating frameworks and business model so that others can learn, teach them how to fish, so we speak. >> Yeah because I can only scale, there's a certain amount. Whereas if I can teach, there's 5,000 people in Liberty Mutual's tech organization. So if I can teach the 5,000 to be 5% better, it's way more than me even if I 10Xed >> When did you first touch the Cloud? >> Personally, it would have been four/five years ago. That's when I started in the Cloud. >> What was that experience like for you? >> Oh, it was hard. It was very different to anything that we'd done in the past. So it's because you... Traditionally, you would have just written your small piece of code. You would have had a big application that was out there, it had been out there maybe 20 years, it was deployed, and you were just adding a couple of lines. Whereas when you start putting stuff into the Cloud, it's out there. It's on the internet for anyone there to try and hack or try to get into. It was a bit overwhelming the amount that you needed to learn. So it was- >> Was it worth it? >> Oh yeah. Completely. (laughing) So that's the thing, that I would never go back to the way we did things before. And that's why I'm so passionate, enthusiastic about the stuff I've been doing. Because to me, the amount of benefits you can get, like now we can deliver thing. We have teams going out there and doing discovery and framing with the business. And they're pushing well-architected products three days later into production. That was unheard of before, you know, this year. >> Yeah. So you were part of Werner's keynote this morning. Of course that's always one of the keynotes that's most anticipated at re:Invent. It's on the sort of last day. He's awesome. This is you know, 10th year of re:Invent. He sort of did a look back. He started out (chuckles) he's just a cool guy and very passionate. But talk about what your role was in the keynote. >> Yeah so I had a section towards the end of the keynote, and I was to talk about Liberty Mutual's serverless first journey. I actually went through from 2014 through to the current day of all the major Cloud milestones that we've hit. And I talked through some of the impact it's had on our business and the impact it's had on our developers. And yeah it's just been this incredible journey where as I said, it was hard at the start. So we had to spark this culture within our company that we were going to empower and enable our developers and we were going to get them excited about doing this. And that's why we needed to make it safe. So there was a lot of work went down at the start to make the Cloud safe for our developers to experiment. And then the past two years have been known that it's safe, okay? Let's see what it can do. Let's go. >> Yeah so Liberty Mutual has been around many many years, Boston-based, you know, East Coast-based, my home city. I don't live in Boston but I consider it my city. And so talk about your business a little bit because you're an established company. I don't know, probably a hundred years old, right? Any all other newbies nipping at your business, right? Coming in with low-cost products. Maybe not bringing as much protection as you dig into it. But regardless, you've got to compete with them technically. So what are some of the drivers in your business and how are you using the Cloud to sort of defend your turf and grow? >> Yeah so first of all, we're 109 years old. (laughing) Yeah. So absolutely, there's an entire insurtech market of people here gunning for the big Liberty Mutual because we've been here for so long. And our whole thing is we're focused on our customers. So we want to be there for people in their time of need. Because at a point in time whenever you need insurance, typically something is going wrong. And that's why we're building innovative solutions like a serverless call center we built, that after natural disaster, it can automatically process claims in less than four minutes. So instead of having to wait on hold for maybe an hour, you can just text or pick up the phone, and four minutes later your claims are through. And that's we're using technology always focused on the customer. >> That's unbelievable. Think about that experience, to me. I mean I've filed claims before and it's, it's kind of time consuming. And you're saying you've compressed that to minutes? Days, weeks, you know, and now you've compressed that to minutes? >> Yeah. >> Tell us more about how you did that. >> And that's because it's a fully serverless solution that was built. So it doesn't require like people to scale. It can scale to whatever number of our customers need to make a claim at that point because that would typically be the bottleneck if there's some kind of natural disaster. So that means that if something happens we can just switch it on. And customers can choose not to use it. You can always choose to say I want to speak to a person. But now with this technology, we can just make it easy and just go. Everything, all the information we know in the back end, we just use it and actually make things better for you. >> You're talking about the impact that it had on your business and developers. So how do you quantify that? Maybe start with the business. Maybe share some ways in which you look at that measure. >> Yeah, so I mean, in terms of how we measure the impact of the Cloud on our business, we're always looking at our profitability and we're always looking, as I say, at our customers. And ideally, I want our Cloud bill to go down as our number of customers goes up because that's why we're using the serverless fast mindset, we call it. We don't want to build anything we don't have to build. We want to take the best that's out there and just piece it together and produce these products for our customers. So yeah, that's having an impact on our business because now developers aren't spending weeks, months, years doing all this configuration. And they can actually sit down with the business and understand how we write insurance. So now we can start being innovative with our products and talking about the real business instead of everything else. >> When you say you want your Cloud bill to go down, you know, it reminds me like in the old days of IT budgeting, right? It was always slash, do more with less cut, cut, cut, right? And it was kind of going in cycles. But with the Cloud a lot of customers that I talk to, they were like, might be going down as a percentage of revenues but actually it might be going up as you launch more projects because they're driving revenue. There's a tighter tie between revenue and Cloud bill. How do you look at that? >> Yeah. So I mean, with every project, you have to look at the worth-based development often and whether or not it's going to hold this away in the market. And the key thing is with the serverless products that are being released now, they cost pennies if they're low scale. So you can actually launch a new product into the market and it maybe only cost you $20 to see if that thing would fit in the market. So by the time you're getting into the big bills you know whether or not you've got a market fit and you can decide whether you want to pivot. >> Oh wow. So you you've compressed, that's another business metric. You've compressed the time to get certainty around product market fit, right? Which is huge because you really can't go to market until you have product market fit (laughing) >> Exactly. You have to be. Thoroughly understand if it's going to work. >> Right because if you go to the market and you've got 50% churn. (laughing) Well, you don't want to be worried about the go-to market. You got to get back to the product so you can test that and you can generate. >> So that's why, yeah, As I said, we have developers who can go out and do discovery and framing on a potential product and deliver it three days later which (chuckles) >> How has the Cloud effected developer satisfaction or passion? I guess it's... I mean we're in AWS Cloud. Our developers, we tell them "Okay, you got to go back on-prem." They would say, "I quit." (laughing) How has it affected their lives? >> Yeah it's completely there for them, it's way better. So now we have way more ownership over any, you know, of everything we ever did. So it feels like you're truly a part of Liberty Mutual and you're solving Liberty's problems now. Because it's not a case of like, "Okay, let's put in a request to stand up a server, it's going to take six months. And then let's do some big long acquisition." It's a case of like, "Let's actually get done into the nitty gritty of what we going to build." And that's- >> How do you use the Cloud developer kit? Maybe you could talk about that. I mean, explain what it is. It's a framework. But explain from your perspective. >> Yeah so the Cloud typically, it started off, and lot of it was done by Cloud infrastructure engineers who created these big YAML files. That's how they defined all the stuff that's going to be deployed. But that's not typically the development language that most developers use. The CDK is in like Java, TypeScript, .NET, Python. The language is developers ready known love. And it means that they can use everything they already know from all of their previous development experience and bring it to the Cloud. And you see some benefits like, you get, I talked about this morning, a 1500 line YAML file was reduced to 14 lines of TypeScript. And that's what we're talking about with the cognitive difference for a developer using CDK versus anything else. >> Cognitive abstraction, >> Right? >> Yeah. And so it just simplifies your living and you spend more time doing cool stuff. >> Yeah we can write an abstraction for our specific needs once. And then everybody can use that abstraction. And if we want to make a change and make it better, everyone benefits instead of everybody doing the same thing all the time. >> So for people who are unfamiliar, what do you need? You need an AWS account, obviously. You got to get a command-line interface, I would imagine. maybe some Node.js often running, or is it- >> Yeah. So that's it. You need an AWS account, and then you need to install CDK, which is from Node Package Manager. And then from there, it depends on which way you want to start. You could use my project CDK patterns, has a whole ray of working patterns that you can clone among commands. You just have to type, like one command you've got a pattern, and then CDK deploy. And you'll have something working. >> Okay so what do you do day-to-day? You sort of, you evangelize folks to come in and get trained? Is there just like a backlog of people that want your time? How do you manage that? >> So I try to be the place that I'm needed the most based on impact of the business. And that's why I try to go in. Liberty split up into different areas and I try to go into those areas, understand where they are versus where they need to be. And then if I can do that across everywhere, you can see the common thesis. And then I can see where I can have the most impact across the board instead of focusing on one micro place. So there's a variety of tools and techniques that I would do, you know, to go through that but that's the crux of it. >> So you look at your business across the portfolio, so you have portfolio view. And then you do a gap analysis essentially, say "Okay, where can I approach this framework and technology from a developer standpoint, add value? >> Yeah like I could go into every single team with every single project, draw it all out and like, what we call Wardley map, and then you can draw a line and then say "Everything blue in this line is undifferentiated, heavy-lifted. I want you to migrate that. And here's how you're going to do it I've already built the tools for that." And that's how we can drive those conversations. >> So, you know, it's funny, I spent a lot of time in the insurance business not in the business but consulting with heads of application development and looking at portfolios. And you know, they did their thing. But you know, a lot of people sort of question, "Can developers in an insurance company actually become cool Cloud native developers?" You're doing it, right? So that's going to be an amazing transformation for your colleagues and your industry. And it's happening as we look around here (indistinct) >> And that's the thing, in Liberty I'm not the only one. So there's Tommy Gloklin, he's an AWS hero, and there's Diali Mikan, who's an AWS hero. And Diali is in Workgrid but we're still all the same family. >> So what does it mean to be an AWS hero? >> Yeah so this is something that AWS has to offer you to join. So basically, it's about impacting the community. It's not... There's not like a checklist of items you can go through and you're hero. It's you have to be nominated internally through AWS, and then you have to have the right intentions. And yeah, just follow through. >> Dave: That's awesome. Yeah so our producer, Lynette, is looking for an Irish limerick. You know, every, say I'm half Irish is through my marriage. Dad, you didn't know that, did you? And every year we have a St Patrick's Day party and my daughter comes up with limericks. So I don't know, if you have one that you want to share. If you don't, that's fine. >> I have no limericks for now. I'm so sorry. (laughing) >> There once was a producer from, where are you from? (laughing) So where do you want to take this, Matt? What's your future look like with this program? >> So right now, today, I actually launched a book called the CDK book. >> Dave: Really? Awesome. >> Yeah So me and three other heroes got together and put everything we know about CDK and distilled it into one book. But the... I mean there's two sides, there's inside Liberty. The goal as I've mentioned is to get our developers to the point that they're talking about real insurance problems rather than tech. And then outside Liberty in the community the goal is things like CDK Day, which is a global conference that I created and run. And I want to just grow those farther and farther throughout the world so that eventually we can start learning you know, cross business, cross market, cross the main instead of just internally one company. >> It's impressive how tuned in you are to the business. Do you feel like the Cloud almost forces that alignment? >> It does. It definitely does. Because when you move quickly, you need to understand what you're doing. You can't bluff almost, you know. Like everything you're building you're demonstrating that every two weeks or faster. So you need to know the business to do it. >> Well, Matt, congratulations on all the great work that you've done and the keynote this morning. You know, true tech hero. We really appreciate your time coming in theCUBE. >> Thank you, Dave, for having me. >> Our pleasure. And thank you for watching. This is Dave Vellante for theCUBE at AWS re:Invent. We are the leader global tech coverage. We'll be right back. (light upbeat music)

>> From theCUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is theCUBE conversation. >> Hi, I'm Stu Miniman, and welcome to a CUBE conversation. Always love when we can dig into practitioner discussions, and one of the editorial themes I've been really looking into in 2020 has been discussion of server lists. So really excited to welcome to the program, Dave Anderson, he is director of technology at Liberty Mutual, coming to me from Ireland. Dave, thanks so much for joining us. >> Thank you Stu, delighted to be here. >> All right, so I think most of our audience is probably familiar with Liberty Mutual. You work in the software group, Liberty IT, as part of Liberty Mutual. If you could just start us off, give us a little bit about your background, and your group's role inside the organization. >> Sure, Liberty IT started 20 years ago as really sort of an internal software host. Part of the Liberty Mutual group, we're part of Liberty Mutual Technologies. So we kind of work across all the markets in Liberty Mutual and all the kind of global locations. My role as director of technology is really think about what's the technical direction of Liberty IT? I can lead the architects with my group and really thinking about global architecture of Liberty Mutual and how can we provide business value in the mission going forward. >> Excellent, so Dave I guess what is the just kind of overall business and IT relationship? When I think of companies like yours, usually MNA comes in their growth expansions and digital transformation's been one of those buzzword discussions. But absolutely you need to be close to your customers there's lots of services that you need to provide online. How are some of those overall dynamic impacting how IT is supporting the business? >> That's a great question Stu. I mean technology has always been a key differentiator in Liberty Mutual. Even as my group was setup, like I said 20 years ago. It was always seen as a differentiator as something that we can be very good at. We've always been quite close to be in the cutting edge of technology. Many companies would say, "We're not an insurance company, we're a technology company that sells insurance." We are an insurance company, that's very important but we also need to understand that using the latest technology i.e. the cloud providers, really helps us deliver value to our business partners and customers. It is critical that we have a very tight partnership with our business partner. >> Excellent so yeah 20 years, a lot has changed in that time. Give us a little bit if you can, share a snapshot of where you are kind of in the cloud discussion. And what are the relationships between kind of the infrastructure side of the team and the development side of the team? And excepting that'll lead us forward to the server discussion. >> Sure I mean I joined Liberty about 12 years ago, 13 years ago and I actually started in one of the digital channels, that existence of digital channels. And probably almost 10 years ago our CEO James McGlannan quite a visionary, started kind of pressing the public cloud agenda and we started discussing public cloud as a potential future. It was a really exciting time. Cause I think the infrastructure development we all are in, gosh what's the possibilities of public cloud. And as you know the cloud itself it probably changes every year, it's redefined, there's new capabilities. I'm not sure we could envisage where we are today back when we started that conversation. Like every large enterprise, the initial conversation's around how do we enable this? How do we make this safe? How do we protect our data? All the usual kind of questions you would have. But in a way we kind of really joined together the very different departments. We thought, well how do we move the enterprise forward? And as well I mean we want to get a global capability for cloud was very important. And bringing up the velocity that we can deliver value quickly to our business partners. We didn't do it for technology's sake we did it to contribute real value for the business. And one of the really interesting things that we talked about is we shied away from counting how many virtual machines do we have in the cloud. That wasn't really a good metric for us. How are we delivering value to your business partners? That was kind of the metric that we chased and continue to chase. >> Well that's excellent how you kind of laid that out. I'm wondering if you could help extend that and bring us into where serverless fit into that discussion. I loved how you say it's not about number of VM's or the new shiny thing. So, what was it that led to your first use of serverless? And bring us a little bit along that journey that you've been going through. >> Sure, well one of the things that I've always found critical working in technology is that curiosity. But in a search for what's next. So, within micro IOS charts my people will say, "Where do we need to get to? What is 3 to 5 years out?" And we've a lot of really fantastic peers right across Liberty Mutual. Bright, open minded, they can think ahead. So one of my team was at I think it was re:Invent in I think it was 2013, where the launched Lambda for 2014. And each my crew were excited. They can build their first small application. It was actually a document generation. I think they were using some propriety systems. So they built a document generation solution. I couldn't believe the amount of ROM cost that was saved. It probably knocked something like 97% off the cost. Couldn't believe it. And we started saying, "Wow this is potential." But back then, again 5 or 6 years ago the stack was very immature. There was a lot of things you needed to figure out. Like the observability, the developer environment. There's a whole bunch of stuff that wasn't quite right. So it's something that we shared to our peers across the organization. We talked about it. We really started to kind of think, "Well this is interesting, this idea of serverless or manage servers." It started to really change how we thought and it really started to make the concept of a cloud native application very real. Cause we started to think of cloud native architecture loaded into application architecture. And that started to really flip how we thought. So it's just been a real journey these past couple of years. And a big thing for me is we started with engineers thinking of cloud as a mindset not necessarily as a platform. That opened the door to a lot of possibilities. >> Yeah, that's really interesting that you said that. Often times we say cloud is an operational model not a physical location. Are you using multiple clouds today? >> Yes, we probably tend to have a multi cloud strategy. And really to be very clear, serverless for us it's not just functions of service. Its not saying, "We're just using kind of something like Lambda." It's really about that idea using managed service. Thinking about evolution of architecture. How can we kind of try and cut out anything that is actually not differentiating? There's a great term which I always like is the stack policy is sometimes a technology companies we get obsessed by the stack. We think that the piece near the customer is quite easy. But think from the technology perspective we need to think about, we can deliver the most value by making the customer experience kind of best. And it can be even ramp the stack from whoever we need. >> Yeah, no, its a fascinating discussion. I've seen even today. You say serverless functions as a service. A lot of it is I don't want the developer to have to think about those underlying layer. Which reminds me of the discussion we've been having about platform as a service for more than a decade but PaaS was supposed to be platform independent. So I could have my code where ever it goes. Serverless today, right now we've talked about Lambda, Amazon there's certain things that I could only do on Amazon. There are discussions and working groups and the cloud data computing foundation. Working on how we can do serverless functions as a service that could expand between multiple clouds or use the same sort of code. So how do you look at that space? You talk about cloud native. How do you make sure that you're leveraging the technologies of the specific cloud but I guess I'll throw out not being locked into any one provider? >> I think about it for me it starts with the empowerment of the engineering team. We talk about a serverless first strategy that means that we've got the capability to build anything you need to. But to rent where you can. We had a fascinating story one of our best stories is a company called Workgrid. Workgrid Software is one of the companies that we spun out of Liberty Mutual. That was a project that we had an internal digital assistant that we built with some of our teams, it'd be back 4, 5 years ago. And our CEO James McGlannan decided to fund that as a kind of a startup. They broke off around 3 years ago and that initial team had 4 people in that engineering team. So they kind of decided that they would be serverless first in their approach. They didn't have time to think about operability or rights for portability. They had to realize business value really quickly. So they took a evolutionary architectural approach which meant they kept incrementing and iterating delivering value where possible. What's the next best thing that they can build to deliver value to the customer? So when you think in that regard, if you ever come to an Amazon of a grid, no one way doors, keep the two way doors. Don't lock yourself into anything. Make decisions that you can always build upon. So with that kind of constant iterative work our teams and that's serverless first strategy. It means that when you do rent the service if you need to change to another service it's just a matter of if you've your boundaries set up practically, it's very easy to get out of that. You dig yourself in deep to something, that's the difference. So I think there's an engineering mindset and culture that we certainly have proudness in our teams. But they kind of go fast, focus on business value and try and be sort cloud native in their outlook. >> Excellent, yeah, I just heard Andy Jassy in the AWS Summit online talking about those one way door. So sounds like from your standpoint, serverless is a two-way door for architecting in your mindset? >> Absolutely, I mean I think really for me it brings architecture back into the team. It's one of the really nice things is if your team use managed services that focus is on business value. If our infrastructure is set up to support that type of team then you have minimal hand offs within the team. Through the single team, its their job to create value, engineer the solution, make sure the security is good enough, build the operation, the visibility it's all contained within one team. We get a huge responsibility from that one team. As an engineer that is super powerful, super huge autonomy. So we can talk with the serverless engineer and for me it's been absolutely fascinating to see teams come into this environment and once they understand that event driven way of creating their systems. And I use the words systems rather than applications to create event driven systems they're constantly building upon. It's just fascinating to see where they go. You start to see the creativity and innovation of the engineers. So its truly unbelievable to watch. They're really very cool. >> Dave, I'm curious when you look at the application portfolio that your team manages, how do you decide what goes serverless? Is it new development all goes serverless? Has there been a migration? How do you look at the overall application portfolio that you have? >> It kind of depends I suppose on, I'm not going to sit here and say that we're going to refactor everything to serverless. I think when you do a migration there's usually six or seven paths you can go down and you do what's best for the business. But for new development, it's definitely interesting we haven't found many used cases that are really a bad fit. It's a spectrum we may decide what different servers to use. We built a system last year which was absolutely fascinating to see. It's like a a financial aggregation system where we do a lot of our accounting. So it was kind of serverless ETL, we're trying to do like an end of month batch system to detect a lot accounts from different countries and kind of pipe them into a kind of general ledger. Not something I would've thought about for serverless, to be honest. But then when you think about it and some of our engineering leads they have put this together. They can design this fantastic system using serverless workflows. Cause you're taking lots of various different types of data orchestrated in a single destination. And we put live in that this year and I think one of the monthly ends that they recently ran I think they ran something like 100 million transactions. Relatively low cost and of course being a month end system the rest of the months there's zero cost. You don't pay for idle. We only actually pay for wireless roaming in that month end process for maybe like FDRs or something. >> Dave, you talked about the early days 2014 when Lambda was announced, re:Invent, when you first started using it in the first year or so. There's the maturity of that ecosystem solutions set. Where do you see things now? What's working well? What's on your wishlist? Kind of mature or increase overall functionality to help? >> I think that the developer environment and developer experience is a big part. One of the key messages in trying to kind of get into our culture is code is a liability. It's not an asset. If you have a bunch of engineers writing lots of code that in fact is a liability. There's no business asset in that. The asset is in the system that you create. Trying to get engineers into the mindset to write less code and they actually engineer systems. So one of the things we've been trying to do is maybe using patterns as building blocks. People became kind of like a Lego building block way of creating their systems. Piecing somethings like CDK code development kit patterns. Using the world architect process to make sure that teams are looking after their cost, their security, their performance, their liability, and their kind of optimizations. Some of those things are really important in that whole ownership of an operational view of their systems. And also even things like observability. When you create a system with a lot of events laying around it starts getting complex. But then if you do it correctly you can start to layer on well, what better insights can we build on top of the system? So it's really opening up teams a different way of working. And then of course there's lots of operational challenges when you get into more complex environment. So as we often say, it's not easier, different, built difficulty building systems, but it's different, that's what's definitely easier but better. >> All right, how about anything that you're looking out towards the future? You talked about the early days when you look at these and while you're not necessarily throwing the latest shiny thing into production, there's that curiosity. So what's exciting you now? Anything else kind of looking forward that you prepare? >> I think one of the fantastic success stories we've had is with a project we call Virtual Assistant. And really to answer your question, its about how teams can properly work at MVP. So, one of the things that we really find fascinating is when you put a good engineering team. And I mean a team who you're really solid engineers you then layer on the cloud and security best practices and verification. We then put them in a coded serverless environment with real business problem. They then create a MVP. You're virtual assistant in, raises an MVP. So if you call into a call center and you have a fairly straightforward request, like if you have an auto claim you might say, "Well when can I pick up my ramp bill?" If you already done your claim. We have an NLP a natural language assistant that can help you with that conversation. So when you start with an MVP system like that you can start them off at a fairly small traffic, until you actually tune that until it's kind of perfect. And then you gradually scale up and add on other data driven potential AI services, integrations to that. So I think when you start to take the MVP approach, and have a very, very novel solution see what that's like in the wild and then start to scale out. We scale that system for taking maybe 30 calls maybe taking about a quarter on your calls. It's fantastic how you can start to scale these system up. Well I think what I'm really looking for is more kind of support to see how we can you know, it's the art of the possible. How can we use this skillset and this serverless mindset to create really fascinating business applications. Because when you get under that kind of creative conversation with business partners, I mean they don't want to hear about Lambda or events or observability. They want to say, "Well, what can I do with AI? What can I do with Voice, what can I do with Vision?" So we start to open up really fantastic conversations like that. So I'd like to see more of that, but in a creative product development. >> Excellent, well yeah Dave, so important that you brought back as to how IT in the business. Working together, it's not about the technical widget or knobs or anything. But the services and the value that ultimately you can provide for the business and the impact that has on your ultimate end customer. All right, Dave, thanks so much. Real pleasure having a chat with you. >> Thanks Stu really appreciate it, thank you. >> All right, be sure to check out theCUBE.net. Lots of backgrounds, if you go hit the search, you can actually type serverless, find out more about what we've been covering as well as what events we will be at in the future. I'm Stu Miniman and thank you for watching theCube. (gentle music)

>> live from Boston, Massachusetts. It's the Cube covering A W s reinforce 2019 brought to you by Amazon Web service is and its ecosystem partners. >> Welcome back to the cubes. Live coverage here in Boston, Massachusetts, for AWS reinforce Amazon web services. First inaugural conference around Cloud Security. I'm John for your Michael's Day. Volante, our next Katie Jenkins s V P. C. Vice President. See? So, Chief Information Security officer with Liberty Mutual Big Company, Lot of activity insurance. Lot of probably a lot of action on your side. Welcome to the Cube. Thanks. Thanks for coming on. So you've been in this job for about a year. Tell us about what's going on in Libya. Means you guys have a large company. 100 plus years old. You're see. So you're in charge. You're running everything. We're gonna security conference. Tell us the reality. What's going on in the real world? >> Yeah, well, this is super exciting. That reinforce, of course, is in Boston. This is Liberty Mutual's hometown assed. You mentioned 107 year old security, not security company >> insurance company. But we're >> doing really cool things in technology and security. Specifically, um, I would say to kind of bring this gathering together. We have a really rich pool of security talent of security and innovators. It really matches up with what what we're doing. So Liberty Mutual has made a very significant commitment to moving to the public cloud for our technology and computing needs. We're in about your three of that journey, maybe 25% of our workload in the public cloud. It's really been a catalyst for not just transforming our technology organisation but transforming the way security does its work in the way security engages with our development community. >> While you're the head honchos, they say there's a C so but you had 20 plus years in cyber security. This is now kind of a new category with reinforced being a branded show over AWS. I see this deserves its own conversation, and industry is a lot of action going on. What is cloud security mean to you? Because this is the focus of this show. It's not just pure clouds, a lot on premise and on cloud interactions with hybrid etcetera. You guys have been doing tons of I t over the generations with Liberty Mutual, but cloud security is the focus. What does that mean? Thio to? You guys have a cyber security standpoint? >> Yeah, um, in a word. Enablement, um, I think that the public cloud offers us, um, really interesting opportunity to reinvent security. Right? So if you think about all of the technologies and processes and many of which were manual over the years, I think we have an opportunity to leverage automation to make our work easier in some ways to to, um, avoid the situation where we have air oversight. Gosh, we encrypted everything, but you know, this set of assets over here, So through using automation and enforcement, it's a new, exciting opportunity to further develop our security capabilities. But also, you know, cloud security at cloud in general has bred a transformation of the way that are practitioners do work through agile. And it means that security has toe no work with our technologists in a different way. >> So you've had a really interesting background. Um you work for a company that does audits. I can infer from that. You've worked for service is company. You work for a technology vendor. You worked as a practitioner. So you've seen it all sides and you know Amazon. It made some comments yesterday that said, Look, the narrative in the security industry has always been fear, fear, fear. And we'd like to put forth forth the narrative. That is about Listen, the state of security is really good and strong. The union is strong and we're gonna work together in a positive message. So my question is, are you an optimist? >> Ah, a reluctant activist. Um, I think the days of having security be something that's fearful, uh are just not not doing us any any any justice in that area. I mean, security is an area of partnership. There's very little of what we do. Insecurity. It's just done by security practitioners. We need asset managers. We need compliance people. We need the privacy team. We need our auditors way. Need procurement. I mean, there's just so many different parties involved in security that if we're just instilling fear and everyone, I think it'll be difficult for us tow. Get that partnership and we need Thio. Empower people, right. We need Thio. Both empower our developers to do their work in a secure manner and we have to empower our whole workforce and our trusted third parties to make good decisions. We're educating them on how to prevent phishing attacks were doing all sorts of kind of culture based initiatives, recognizing that if it's just the security folks doing security, we're gonna have a big gap. >> One of the things that we were discussing a lot of other C. So So we've been talking privately. Off the record in the hallways and private briefings is the common theme of integration as a big part of dealing with ecosystem, either suppliers and or different teams within their different pillars of how they're organized internally and externally, and then also reducing the number of security vendors that they've been buying products from to get some also in house coding, teams working more closely on the use cases that matter. So this has become kind of ah, see, So a conversation where what? What is that criteria? How do you figure out who to have a suppliers who's gonna be around for the long haul? We're gonna be that a partnership for the enablement. So rather than having hundreds of vendors, we want to get him down to a handful. Is that something that you think about or is it a trend that you see it's happening now? >> Uh, it is a trend. I think it starts at how we even procure in select our suppliers. I mean, we're really giving a lot of thought to the area of third party risk management. And do we understand not just the elements of cyber risk and engaging with 1/3 party? But but privacy and continuity kind of risk, too. So it starts there. I don't have a sort of fabricated number in terms of I'm trying to go from X number of vendors down toe Why? But I think that there's a very purposeful thought process that we're undergoing to say, Yeah, we recognize and for certain technologies, we want to have different providers to provide some of that redundancy. Let's be smart about them. Let's make sure we really understand where those overlapping capabilities are because we don't want to be wasteful either. Right >> on the span, the question comes up to around Devil's because what we're seeing is the devil ops and security paradigms kind of coming together in terms of the concepts agility. You could do some prototyping, a hackathon do some things and then ultimately trying to get into production or two different animals. So that enablement of doing innovative things, his agility, that that's been a key theme, a positive theme. And the question is, is there a funding model? Doesn't automatically get security funding. And where's the spin that you're spending going up? So all the monetary spend questions come up. >> How do you >> deal with that ballistically? And how do you think about, you know, spend conversation? >> Yeah, um, >> it's a really interesting one, because, of course, expense >> pressures. I'm not immune to those. But I >> also think that we're in a position where, um, our executive leadership team understands the value of the work that we're doing understands the important to our policy holders. So it's less often a need to justify why we need more spend. It's a demonstration of using that spend responsibly and understanding where we might have an uplift from something that we automated to say. Well, now we have these resource is that could be doing something else. >> There's >> always something else and security, right? So if we're committed to re Skilling and making sure that people are evolving the work that they do in the talents that they have to adjust a different kind of >> no rule of thumb per se. It's more of your management recognizes the criticality of it. Therefore, you could make those calls on your own building built in building, >> project tough questions and making >> responsible decisions. But I think it comes down and knowing your technology, >> so the skills gap, obviously a huge challenge in your industry would talk to somebody else, they said. We just can't find people, so we have to bring him in and train them ourselves. We have the homegrown and take the long view. Amazon talks about the shared responsibility model, and a lot of small companies don't really understand that things misunderstood. Obviously, Liberty Mutual gets it. My question is, as you see Amazon focusing on compute in the storage and data base layer, and you guys have the opportunity to focus on other areas that are your responsibility that shared responsibility model. Have you been able to shift? Resource is how have you handled that you retrain people? Has it freed up, not freed up time to do some of those more strategic things that you want to do maybe respond more quickly. Prioritized, better automate, etcetera, etcetera. Can you talk about that from your perspective? >> Yeah. So the shared responsibility model is, uh, you know, I think that's video unimportant speaking point of this whole ecosystem. At the end of the day, Liberty Mutual. Our duty is to protect policyholder data. It doesn't matter. It's in the cloud. If it's in our data, Southers, we have that duty. It's >> on you. >> So I think a lot about the skills that we will need in the future. So I've referenced sort of vaguely that yet. Compliance area is a particularly interesting area where we have opportunities to able to more easily Bingley produced artifacts on our auditors need to really bring automation to a process that just has a very steep history and being manual in nature. So, yeah, I understand that tomorrow we're not gonna ask everyone to make a big switch and I'll become developers. But way do you know plenty of people to this conference and they are participating in the tracks on how to bring of automation to compliance. And I think that's pretty heavily in training opportunities for people. >> How do you look about the vendor lock in conversation because of cloud. The value proposition certainly shifts in the old model was, Oh, you by event supplier and you're in, You're locked in with database or whatever with Cloud. There's a lot of switching costs, opportunities to move around. But people generally settling in on one main cloud and having this may be a hybrid backup cloud or the cloud is the secondary is the focus of the team's How do you view, um, lock And when you deal with suppliers because you don't want to be stuck with once a fire? If you have the need to be agile, you want to have options. How do you guys think about that? Because being in agility is key for you guys to be successful. Not someone's just dealing with the vendors. >> Um, >> it does come down to balance. We do leverage multiple cloud providers, right? I think that, um, if we're too focused on making sure that we have that portability, and we could quickly move from one to another than we miss an opportunity to kind of deeply leverage. Some of the service is, for example, that the eight of us provides, but we also, you know, you've been around the block of >> your first rodeo. Exactly. >> And I think that it's important to have that perspective and prepare for the future. >> Do you, um, attend board meetings regularly? >> I do. I do for sent out to our board of directors. >> Is that a sort of frequent thing? And once a year, once 1/4 of interested in what the board conversation is like with >> it happens in a couple different context, whether it's specific to sort of an audit readout or sort of a general state of State of Security type A report out. But yeah, we have a really engaged board that asked great questions about our partners, right about things that are more culture base in terms of how we're doing with our anti phishing protection. And we talk about technology architectures, too, in the work that we're doing to make sure that we're being more fine grain in the way that we're authenticating users and devices, no matter where they work in a more secure way. They're they're interested in that. So I feel pretty lucky. Thio both have the opportunity and get deeply. Would >> you say the conversation is more of a strategic nature with the board. Is it more tactic? You just mentioned some tactical items. Is it more metrics driven or a sort of a combination of all three? >> It's a It's a combination right? I think they want to see demonstrated progress against areas that we have self identified Azarias that we'd like to prove improve. But they're also looking to see that I have a vision for where we're going to fully cognizant of the work that we've done in the public cloud and want to understand that the level of trust and they had in their security programme on premise will perpetuate and advance into the cloud. So >> when you look at clouds, security and now security, you guys have you had a perspective on full sides and clouds certainly accelerating involving fast when you find a legacy app that you're working with. We've heard other seasons. We've talked us who have had frank conversations, that look, we're deciding whether we lift and shifted more rebuild on. So there's been some visibility into when it's great to have lifted shifts and when it's great to rebuild. So that's been a conversation that I don't think been fully baked out yet. In the full narrative in the industry, it's one people are talking about. What's your view on when you have a legacy app, you want a lift and shifted or rebuild it? What goes through your mind? What's a conversation like? >> It's a conversation that we have. We have legacy. I won't hide behind behind that. But it's not a conversation in a decision that's just made by technologists, right? I think we have to articulate what the options are, and that has to be a joint decision with our business partners. I think generally I'm not preferring a lift and shift because I think that we are may be overlooking some of the opportunities to make similar security improvements that I see. But when we can get an application that's using our software development pipelines that we have embedded security controls, we have better visibility. We have better enforcement, ensuring what we know that we know what's going into. The cloud has met, you know, a number of our security standards, so to speak, that's a much better position. >> So the destruction of multiple clouds I'm interested in how you handle that you take separate teams is the same team, sort of handling everything, and it's sort of a follow up on that is I'm interested in your relationship with AWS and how that's affected your business. >> Yeah, so the security team does not. Oh, the cloud environment, so to speak. That's that's, Ah Secure Dev Ops team within our infrastructure organization. And they're very close partner of ours, right? So, yes, I do have a resource. Is that our specialist in AWS versus other clouds and others that are identity and access management specialists are able to work on the development of those patterns across different cloud environments. Right. You know, I there's nothing bad that I could say about the relationship with our AWS partners that we felt very supported and understanding what we're trying to do introduce us to new service is and introduced it probably most importantly, introducing us to other customers that have but you know, are a little bit ahead of us in their journey. So weaken, hopefully not repeat, >> not helping you with security pieces. Well, I'm that's something that they with shared responsibility there are there working with you on this securing those workloads as you move. Glad >> be Definitely leverage their expertise. >> And you mentioned that you guys kind of made a decision a few years ago. Toe go all in on the cloud. How has that affected your business? What kind of results have you seen? A zit met expectations. Is it exceeded? You know, I >> mean, is I mentioned we do still have, Ah, a lot of a lot of our technology on premise, but for the use cases that have really seen that rapid acceleration of agile practices allowed teams to develop code so much more quickly. I think the business is generally delighted that their needs are being far more quickly met. Then >> I could ask you, there's a perpetual line in the men's room. It's quite long. So what's it like to be long? And the lady I was going to say? I don't think it is because I would say the proportion of women here is actually lower than even the industry and most conferences that we attend. So what's it like being a woman in this male dominated security business? >> I been in it so on, but I certainly have. You're in a little bit of custom toe, but not so accustomed that I'm not motivated on a daily basis to bring more women in. I think that security just has tremendous opportunities and, you know, certainly the marketing of security professionals is hoody wearing white male kind of persona. Just >> their opportunity. What some of those opportunities for women who are stem science, they might your daughters all stem love public policy, the sociology impact side. The impact that's here is a lot of range of skills. What are some of those that you would inspire someone >> I studied? Math is an undergrad. We didn't have security >> back then and since got a Masters >> degree in cyber security. So that's cool. But, you know, I think a great security professional is a great communicator, a great collaborator. I need technologists. I need developers. I need process experts. I need people that think you know very deeply about assurance type control so way have tried to attract people out of other technology round. >> And it's just not just math and computer science is creativity involved. There's a lot of things that that blend sells all kinds of diversity. >> There is, you know, you think about human psychology, right? We just totally transformed one of the systems that we use for approving for managers to approve the access of their people. Right Past system was ugly. People didn't know how to interact with it. I mean, that user experience expertise that over laid and how we developed our new platform just makes all the difference to make sure that it's actually invaluable process. Now, like I'm so frustrated. I'm just gonna sign off on this because I I give up >> really interesting because you spend a lot of time and effort and money on things that drive revenue. But this drives so much productivity in business value that, you know he's not maybe direct dollars, but clearly there. I have a question. When you recruit people, presumably you tap your network. And it's not just the good old boys network your women. Are you able to successfully find women or young women in particular that you can attract and recruit into your business as security practitioners? They had much success there. >> Yeah, so we definitely are outpacing industry numbers in terms of women and security. We have a long way to go, you know, historically excluded people right? Not just women people of color. I mean, we just have a long ways to go, right. And I think it takes more than sitting back and waiting for a recruiter to bring recruiter to bring me a slate of candidates to say no. I know people. I know people that know people. And I really have toe invest myself and make sure that my leaders know that that's my expectation of them, right? I mean, I think that way feel that diversity of thought, no matter how that diversity is expressed, is really important doing the work. >> Let us know how we could help in Silicon Valley days here in Boston as well. Love help get the word out. So anything you need for muscle now. Okay. Thanks so much for his great insights. Love to have you on the cube again sometime. Thanks. Coming on S V p. C. So at Liberty Mutual here in the cube, extracting the signal, sharing the reality of what's going on in the security equation for cloud security. I'm John for Dave. A lot. Right back after this short break

>> Announcer: Live from Santa Clara, in the heart of Silicon Valley, it's theCUBE, covering Cloud Foundry Summit 2017. Brought to you by the Cloud Foundry Foundation and Pivotal. >> Welcome back. I'm Stu Miniman joined by my host, John Troyer. Really excited to welcome to the program one of the keynote speakers from this morning, Mojgan Lefebvre who is the SVP and chief information officer. We always love CIOs, from Liberty Mutual Insurance Global Specialty. Thank you for your keynote this morning and thank you so much for joining us on theCUBE. >> Thank you, thanks for having me. >> So you went through a lot of data and a lot of information in your keynote. Liberty Mutual, you say spent a billion dollars in tech yearly. There's certain technology companies that spend that much. As the CIO, what are some of the biggest things on your plate and we'll get in the discussion of Cloud Foundry and cloud and everything as we go from there. >> Sure so I'd say probably the priorities differ by the business unit you're in. The specialty business has generally been a bit more manual and we have over 200 or so insurance products. So really automating it is very different from automating consumer insurance which is really focused on home and auto. So really right now, our focus is increasing the productivity and the risk assessment for a lot of our underwriters. And then I say probably analytics, pricing. Making sure that we're assessing risks correctly is definitely another point of focus for us. >> Okay with so many products, we understand the rate of change must be difficult. In your keynote you spoke about embracing cloud and agile methodology. Maybe take us back to what some of the pain points were and led to yourself and management to embrace this big change. >> Yeah, absolutely so several things are going on. One is that we see a lot of new players entering the world of insurance, and it both about new capital coming into the world of insurance. Just 'cause there's not enough investments that capital can be put towards so insurance is one place to come to and the other is technology players that are coming into our world. Companies like Metromile, Lemonade, the list goes on and on and so really our world is changing. Technology is driving a lot of that change and so we know that we've got to be a big player in that area as well. And as I said really, we've got to become one of those software companies that can actually sell insurance as opposed to the other way around. I'd say some of the other things that are happening is the fact that our employees. Our consumers now have all these other software companies that they have experience with and so their expectations are very different. They've got one experience when they're at home and then they come into the workplace and it looks like they've gone back 100 years. So that paradigm needs to change. So those are some of the things that have really made us think we have no choice but to truly change the way that deliver software. We've got to get out of this mode where everything takes multiple years and multiple millions of dollars and really at the end of the day. The people that you started the work with are no longer even there to appreciate what you've delivered to them. And usually it's not what they ask for anyway. >> As you adopted the Cloud Foundry platform. One of the things about Cloud Foundry, even very early in it's life cycle was that it was associated with digital transformation, and cloud native. And especially once it was joined up with Pivotal Labs. So how much of, as you all embark on this journey. The great thing about here at Summit, there is a lot of talk about visual transformation. A lot of talk about agile. That's what we were just talking about. Some shows you go to it's a lot about features and a lot about speeds and feeds. And a lot about the latest, greatest. So how much apart of it as you all were adopting this platform? Was that culture of digital transformation surrounding the actual tech. How important was that? >> I think that was very important because again, as I said we know that, that's what the consumers expect. They no longer want things to be manual. They want things to be at the tips of their fingers and so really transforming us from being a company that's very paper intensive to really being more and more digital was critical to us. The very first application that we actually put in the cloud which was in my business unit was for document management in our Al Fresco. And actually what we named it was we're going paperless. As something that we started about three years ago, and today I can say that yep, we are paperless and so the great thing about Al Fresco was that it was indeed cloud native, and that was very important to us. We started out looking at some of the other solutions that are out there. I won't necessarily name them but they did not lend themselves to the cloud. And so really going with a cloud native solution that would enable us to become much more digital and paperless was very critical to us. >> You talked a lot about developer adoption now in your journey. Was that a tough sell at the very beginning or did developers go wait a minute, This is going to save me a lot of time. I'm on board. >> So you mean with Cloud Foundry in general? >> John: With Cloud Foundry, in general. >> So if anything I'd it was probably the developer community that really sorted this out and so by the time that the leadership and management started to pay attention. There were pockets of developers who were just very, very bought into it, and so I would say that went a long way. And then made it easier to sell it to other developers. I say they're much more listening to what their peers are saying than what we have to say. And then really meeting with the Pivotal Labs guys. I'd say those folks have truly a magical way of selling their story and they've truly helped us. Not only sell it to our developers but also sell the story to our business. I'd say that the mindset shift from thinking I'm going to have everything in one go versus no, I'm going to get it in iterations and I'm actually going to trust the fact that the next releases are going to come is a big mind shift and Pivotal was instrumental in helping sell that to us. >> One of the benefits of Cloud Foundry is to give you flexibility as to where your applications and data live. That being said, a majority of customers that have deployed Cloud Foundry are doing it on premises. How do you manage what goes, stays in your own environment. What handles the public cloud. My understanding you're doing quite a bit of AWS today. What's your viewpoint for you and management on public cloud? >> We certainly see public cloud as the future. I know Chip mentioned something about, well it's not going to be cheaper. We're actually counting on that in the end from a total cost of ownership perspective. That it will be cheaper and we truly mean it when we say we want 75% of the people writing code. And by that I mean the staff within the IT group of course. And we don't want them to have to worry about the infrastructure and so while we've started with AWS, we absolutely have a relationship with Microsoft as well. We definitely want to be independent on this cloud and I would say something like Cloud Foundry definitely allows you to do that. >> When you're looking at that total. That full TCO, you don't have fully burden, I have gear and I have people managing that gear and all the operations there. If you can shift that piece of it. You're not differentiated on the infrastructure or at those needs. You want to focus on those thousands of products that you have and your people coding to create those next opportunities. >> Exactly. We want to focus on the value add. That's where we want our people to really be focusing and we want to let the cloud players who do it extremely well to be doing that for us. >> You put forth in your keynotes some pretty audacious metrics. I think it was 60% of the work load public cloud. More than 50% of apps to release code on daily basis and you wanted 75% of the IT staff to write code. How did you come up with those numbers. How are doing against those? >> About a year ago, once we decided that the imperative for change was so critical. The IT leadership team got together. We spent a couple of days off site and we said let's come up with what we're calling today our IT manifesto. And so we said we just have to change and there are multiple things that we're going to change. And we said we're going to put some, what we call bold, audacious moves or BAMS as they've come to be known together. And so those were just some, we knew they were out of right to some extent, but we said if we don't really put some goals that are really hard to reach, we're never going to get there. >> What are some of the head winds there? What have slowed you from meeting those and any lessons learned that you share to your peers on what you've learned going through this. >> Certainly deciding on what goes to the clouds first is one of those areas that we're learning as we're doing. We know that it's easy when you're working in a greenfield and it's something new. So yeah, you can very easily say I'll build in the cloud. When you're looking at what you're existing environment is and what you move to the cloud. One of the questions as well, if we move all of our development environment. How's that going to interact with the production environment. If you have them in different clouds. Other things are how it interacts with active directory and held app and some of those things. And I say finally would be kind of the global applications always make it much more difficult as you think. How do you replicate among different clouds in different geographies. Those are some of the blockers that we've got to tackle and make sure that we get around. >> One of the interesting parts of any management strategy in any company is skills, up skilling. So how have you been approaching that in terms of this new cloud native world. Both for the devs, is this year at Cloud Foundry Summit. Are people here learning? There's new certifications. >> I say it's a multi prong approach. We definitely have partnered with several companies to put some training together to make sure that we're training our staff. We started a program that we call go for code and so we've asked volunteers. For people who are not coding today and who want to get there that actually they go to these coding schools and they're going to spend the next two to three months actually learning how to code. It's very rigorous. >> So they might have been technical in an infrastructure way before and they want to learn how to code? >> Yeah, it may be that or they may have just been business analysts who are just doing requirements gathering or project management, and they want to learn how to code. So we've tried to be as transparent as possible because when you say I want 75% of my IT staff to be coding. Like you've got 50% who are not coding today. There's a message in that and so of course it's up to us to make sure that we're providing the tools and what's needed for that to happen. Our goal is to get anyone on our staff who really wants to get there and is willing to put the sweat in to be able to do it. 'Cause we also know it's not like software engineers are just lying out there on the streets. There is a shortage of software engineers and that's going to become more and more of a problem. So really getting our own employees that we value greatly to be able to do that transformation, I think is critical for us. >> Another great one line, you had your keynote was out with the annual, in with the weekly. I think you said it was 16 releases in five months. The counter to that and I'm curious how you deal with it and talk to your peers is how do people keep up with just all the changes that are happening? I talk to the companies that create code on just regular occasions and they can't keep up. And how do you make sure your staff doesn't get burned out? >> So great, great question again. We're at the very beginnings of our transformation. The one thing I will say is looking at the team that did this and did the 16 releases in five months versus teams that are working on annual releases. The energy, the enthusiasm, the excitement and hopefully some of it came through in the video that you saw is just phenomenal. So I'd say, I'm much less worried about them burning out than hey can we keep the others as excited. I will tell you automation and things like Cloud Foundry that actually help you automate your pipeline are critical. You can not do multiple releases or daily releases if you don't have those tools. If you truly get to the point where you do have the automated pipeline. I think a lot of that is done for you so that's what we're gearing towards and driving towards. >> One of the things that people always love to pontificate is in the future, what is the role of the CIO? We'd love to see you embracing things like cloud because it was like well, when I had gear, and I had capital budget I understood it. But I'm changing the role. I'm doing that. What have you been seeing as the changing role? Anything down the line you see and how that changes? >> You're right, so a lot of people say, well there is no need for a CIO in the future. I'd say there's probably more and more need for very business oriented, strategic CIOs who also understands technology really well and they're the epitome of someone who understands technology and is the head of engineering so to speak. But also making sure that they can work very well with the business and understands the impact of technology on the business. I'll be waiting for the day where the need for someone like that goes away. I don't see it coming too soon. >> Final question I have for you is what brings you to an event like this? Spend the time, give the keynote. What do you get out of it personally and for your company? >> One is really learning 'cause again, if you're a doctor in medicine. If you want to keep up with what's going on around you you've got to educate yourself. So certainly that aspect of go out there, see what's going on. Making sure that you're keeping up with new technology that's one thing. The other was my experience with Pivotal has been phenomenal, and so I thought it was critical to actually take the opportunity to share that. Hopefully others will learn. A lot of the tweets that I saw was well, if a big 100 year old insurance company can do this. Then nobody has an excuse and I'll say yeah of course. So it's really both to give back and to continue to learn and then to reconnect with colleagues. Cornelia and I actually worked together over 10 years ago. So just coming to here and being able to have dinner with her tonight is going to be very enjoyable. >> Absolutely a tight knit community. Really appreciate you coming on the program. We welcome you to theCUBE alumni list now, our community, >> Thank you. Of the thousands that we had on the program. From John and myself, we'll be back with lots more coverage here from the Cloud Foundry Summit. Thanks for watching theCUBE. (uptempo techno music)

(upbeat music) >> Welcome back, everyone to CUBE Supercloud 22. I'm John Furrier, your host. Got a great influencer, Cloud Cloud RRT segment with Sarbjeet Johal, Cloud influencer, Cloud economist, Cloud consultant, Cloud advisor. Sarbjeet, welcome back, CUBE alumni. Good to see you. >> Thanks John and nice to be here. >> Now, what's your title? Cloud consultant? Analyst? >> Consultant, actually. Yeah, I'm launching my own business right now formally, soon. It's in stealth mode right now, we'll be (inaudible) >> Well, I'll just call you a Cloud guru, Cloud influencer. You've been great, friend of theCUBE. Really powerful on social. You share a lot of content. You're digging into all the trends. Supercloud is a thing, it's getting a lot of traction. We introduced that concept last reinvent. We were riffing before that. As we kind of were seeing the structural change that is now Supercloud, it really is kind of the destination or outcome of what we're seeing with hybrid cloud as a steady state into the what's now, they call multicloud, which is kind of awkward. It feels like it's default. Like multicloud, multi-vendor, but Supercloud has much more of a comprehensive abstraction around it. What's your thoughts? >> As you said, as Dave says that too, the Supercloud has that abstraction built into it. It's built on top of cloud, right? So it's being built on top of the CapEx which is being spent by likes of AWS and Azure and Google Cloud, and many others, right? So it's leveraging that infrastructure and building software stack on top of that, which is a platform. I see that as a platform being built on top of infrastructure as code. It's another platform which is not native to the cloud providers. So it's like a kind of cross-Cloud platform. That's what I said. >> Yeah, VMware calls it that cloud-cross cloud. I'm not a big fan of the name but I get what you're saying. We had a segment on earlier with Adrian Cockcroft, Laurie McVety and Chris Wolf, all part of the Cloud RRT like ourselves, and you've involved in Cloud from day one. Remember the OpenStack days Early Cloud, AWS, when they started we saw the trajectory and we saw the change. And I think the OpenStack in those early days were tell signs because you saw the movement of API first but Amazon just grew so fast. And then Azure now is catching up, their CapEx is so large that companies like Snowflake's like, "Why should I build my own? "I just sit on top of AWS, "move fast on one native cloud, then figure it out." Seems to be one of the playbooks of the Supercloud. >> Yeah, that is true. And there are reasons behind that. And I think number one reason is the skills gravity. What I call it, the developers and/or operators are trained on one set of APIs. And I've said that many times, to out compete your competition you have to out educate the market. And we know which cloud has done that. We know what traditional vendor has done that, in '90s it was Microsoft, they had VBS number one language and they were winning. So in the cloud era, it's AWS, their marketing efforts, their go-to market strategy, the micro nature of the releasing the micro sort of features, if you will, almost every week there's a new feature. So they have got it. And other two are trying to mimic that and they're having low trouble light. >> Yeah and I think GCP has been struggling compared to the three and native cloud on native as you're right, completely successful. As you're caught up and you see the Microsoft, I think is a a great selling point around multiple clouds. And the question that's on the table here is do you stay with the native cloud or you jump right to multicloud? Now multicloud by default is kind of what I see happening. We've been debating this, I'd love to get your thoughts because, Microsoft has a huge install base. They've converted to Office 365. They even throw SQL databases in there to kind of give it a little extra bump on the earnings but I've been super critical on their numbers. I think their shares are, there's clearly overstating their share, in my opinion, compared to AWS is a need of cloud, Azure though is catching up. So you have customers that are happy with Microsoft, that are going to run their apps on Azure. So if a customer has Azure and Microsoft that's technically multiple clouds. >> Yeah, true. >> And it's not a strategy, it's just an outcome. >> Yeah, I see Microsoft cloud as friendly to the internal developers. Internal developers of enterprises. but AWS is a lot more ISV friendly which is the software shops friendly. So that's what they do. They just build software and give it to somebody else. But if you're in-house developer and you have been a Microsoft shop for a long time, which enterprise haven't been that, right? So Microsoft is well entrenched into the enterprise. We know that, right? >> Yeah. >> For a long time. >> Yeah and the old joke was developers love code and just go with a lock in and then ops people don't want lock in because they want choice. So you have the DevOps movement that's been successful and they get DevSecOps. The real focus to me, I think, is the operating teams because the ops side is really with the pressure vis-a-vis. I want to get your reaction because we're seeing kind of the script flip. DevOps worked, infrastructure's code has worked. We don't yet see security as code yet. And you have things like cloud native services which is all developer, goodness. So I think the developers are doing fine. Give 'em a thumbs up and open source's booming. So they're shifting left, CI/CD pipeline. You have some issues around repo, monolithic repos, but devs are doing fine. It's the ops that are now have to level up because that seems to be a hotspot. What's your take? What's your reaction to that? Do you agree? And if you say you agree, why? >> Yeah, I think devs are doing fine because some of the devs are going into ops. Like the whole movement behind DevOps culture is that devs and ops is one team. The people who are building that application they're also operating that as well. But that's very foreign and few in enterprise space. We know that, right? Big companies like Google, Microsoft, Amazon, Twitter, those guys can do that. They're very tech savvy shops. But when it comes to, if you go down from there to the second tier of enterprises, they are having hard time with that. Once you create software, I've said that, I sound like a broken record here. So once you create piece of software, you want to operate it. You're not always creating it. Especially when it's inhouse software development. It's not your core sort of competency to. You're not giving that software to somebody else or they're not multiple tenants of that software. You are the only user of that software as a company, or maybe maximum to your employees and partners. But that's where it stops. So there are those differences and when it comes to ops, we have to still differentiate the ops of the big companies, which are tech companies, pure tech companies and ops of the traditional enterprise. And you are right, the ops of the traditional enterprise are having tough time to cope up with the changing nature of things. And because they have to run the old traditional stacks whatever they happen to have, SAP, Oracle, financial, whatnot, right? Thousands of applications, they have to run that. And they have to learn on top of that, new scripting languages to operate the new stack, if you will. >> So for ops teams do they have to spin up operating teams for every cloud specialized tooling, there's consequences to that. >> Yeah. There's economics involved, the process, if you are learning three cloud APIs and most probably you will end up spending a lot more time and money on that. Number one, number two, there are a lot more problems which can arise from that, because of the differences in how the APIs work. The rule says if you pick one primary cloud and then you're focused on that, and most of your workloads are there, and then you go to the secondary cloud number two or three on as need basis. I think that's the right approach. >> Well, I want to get your take on something that I'm observing. And again, maybe it's because I'm old school, been around the IT block for a while. I'm observing the multi-vendors kind of as Dave calls the calisthenics, they're out in the market, trying to push their wears and convincing everyone to run their workloads on their infrastructure. multicloud to me sounds like multi-vendor. And I think there might not be a problem yet today so I want to get your reaction to my thoughts. I see the vendors pushing hard on multicloud because they don't have a native cloud. I mean, IBM ultimately will probably end up being a SaaS application on top of one of the CapEx hyperscale, some say, but I think the playbook today for customers is to stay on one native cloud, run cloud native hybrid go in on OneCloud and go fast. Then get success and then go multiple clouds. versus having a multicloud set of services out of the gate. Because if you're VMware you'd love to have cross cloud abstraction layer but that's lock in too. So what's your lock in? Success in the marketplace or vendor access? >> It's tricky actually. I've said that many times, that you don't wake up in the morning and say like, we're going to do multicloud. Nobody does that by choice. So it falls into your lab because of mostly because of what MNA is. And sometimes because of the price to performance ratio is better somewhere else for certain kind of workloads. That's like foreign few, to be honest with you. That's part of my read is, that being a developer an operator of many sort of systems, if you will. And the third tier which we talked about during the VMworld, I think 2019 that you want vendor diversity, just in case one vendor goes down or it's broken up by feds or something, and you want another vendor, maybe for price negotiation tactics, or- >> That's an op mentality. >> Yeah, yeah. >> And that's true, they want choice. They want to get locked in. >> You want choice because, and also like things can go wrong with the provider. We know that, we focus on top three cloud providers and we sort of assume that they'll be there for next 10 years or so at least. >> And what's also true is not everyone can do everything. >> Yeah, exactly. So you have to pick the provider based on all these sort of three sets of high level criteria, if you will. And I think the multicloud should be your last choice. Like you should not be gearing up for that by default but it should be by design, as Chuck said. >> Okay, so I need to ask you what does Supercloud in my opinion, look like five, 10 years out? What's the outcome of a good Supercloud structure? What's it look like? Where did it come from? How did it get there? What's your take? >> I think Supercloud is getting born in the absence of having standards around cloud. That's what it is. Because we don't have standards, we long, or we want the services at different cloud providers, Which have same APIs and there's less learning curve or almost zero learning curve for our developers and operators to learn that stuff. Snowflake is one example and VMware Stack is available at different cloud providers. That's sort of infrastructure as a service example if you will. And snowflake is a sort of data warehouse example and they're going down the stack. Well, they're trying to expand. So there are many examples like that. What was the question again? >> Is Supercloud 10 years out? What does it look like? What's the components? >> Yeah, I think the Supercloud 10 years out will expand because we will expand the software stack faster than the hardware stack and hardware stack will be expanding of course, with the custom chips and all that. There was the huge event yesterday was happening from AWS. >> Yeah, the Silicon. >> Silicon Day. And that's an eyeopening sort of movement and the whole technology consumption, if you will. >> And yeah, the differentiation with the chips with supply chain kind of herding right now, we think it's going to be a forcing function for more cloud adoption. Because if you can't buy networking gear you going to go to the cloud. >> Yeah, so Supercloud to me in 10 years, it will be bigger, better in the likes of HashiCorp. Actually, I think we need likes of HashiCorp on the infrastructure as a service side. I think they will be part of the Supercloud. They are kind of sitting on the side right now kind of a good vendor lost in transition kind of thing. That sort of thing. >> It's like Kubernetes, we'll just close out here. We'll make a statement. Is Kubernetes a developer thing or an infrastructure thing? It's an ops thing. I mean, people are coming out and saying Kubernetes is not a developer issue. >> It's ops thing. >> It's an ops thing. It's in operation, it's under the hood. So you, again, this infrastructure's a service integrating this super pass layer as Dave Vellante and Wikibon call it. >> Yeah, it's ops thing, actually, which enables developers to get that the Azure service, like you can deploy your software in sort of different format containers, and then you don't care like what VMs are those? And, but Serverless is the sort of arising as well. It was hard for a while now it's like the lull state, but I think Serverless will be better in next three to five years on. >> Well, certainly the hyperscale is like AWS and Azure and others have had great CapEx and investments. They need to stay ahead, in your opinion, final question, how do they stay ahead? 'Cause, AWS is not going to stand still nor will Azure, they're pedaling as fast as they can. Google's trying to figure out where they fit in. Are they going to be a real cloud or a software stack? Same with Oracle. To me, it's really, the big race is now with AWS and Azure's nipping at their heels. Hyperscale, what do they need to do to differentiate going forward? >> I think they are in a limbo. They, on one side, they don't want to compete with their customers who are sitting on top of them, likes of Snowflake and others, right? And VMware as well. But at the same time, they have to keep expanding and keep innovating. And they're debating within their themselves. Like, should we compete with these guys? Should we launch similar sort of features and functionality? Or should we keep it open? And what I have heard as of now that internally at AWS, especially, they're thinking about keeping it open and letting people sort of (inaudible)- >> And you see them buying some the Cerner with Oracle that bought Cerner, Amazon bought a healthcare company. I think the likes of MongoDB, Snowflake, Databricks, are perfect examples of what we'll see I think on the AWS side. Azure, I'm not so sure, they like to have a little bit more control at the top of the stack with the SaaS, but I think Databricks has been so successful open source, Snowflake, a little bit more proprietary and closed than Databricks. They're doing well is on top of data, and MongoDB has got great success. All of these things compete with AWS higher level services. So, that advantage of those companies not having the CapEx investment and then going multiple clouds on other ecosystems that's a path of customers. Stay one, go fast, get traction, then go. >> That's huge. Actually the last sort comment I want to make is that, Also, that you guys include this in the definition of Supercloud, the likes of Capital One and Soner sort of vendors, right? So they are verticals, Capital One is in this financial vertical, and then Soner which Oracle bar they are in this healthcare vertical. And remember in the beginning of the cloud and when the cloud was just getting born. We used to say that we will have the community clouds which will be serving different verticals. >> Specialty clouds. >> Specialty clouds, community clouds. And actually that is happening now at very sort of small level. But I think it will start happening at a bigger level. The Goldman Sachs and others are trying to build these services on the financial front risk management and whatnot. I think that will be- >> Well, what's interesting, which you're bringing up a great discussion. We were having discussions around these vertical clouds like Goldman Sachs Capital One, Liberty Mutual. They're going all in on one native cloud then going into multiple clouds after, but then there's also the specialty clouds around functionality, app identity, data security. So you have multiple 3D dimensional clouds here. You can have a specialty cloud just on identity. I mean, identity on Amazon is different than Azure. Huge issue. >> Yeah, I think at some point we have to distinguish these things, which are being built on top of these infrastructure as a service, in past with a platform, a service, which is very close to infrastructure service, like the lines are blurred, we have to distinguish these two things from these Superclouds. Actually, what we are calling Supercloud maybe there'll be better term, better name, but we are all industry path actually, including myself and you or everybody else. Like we tend to mix these things up. I think we have to separate these things a little bit to make things (inaudible) >> Yeah, I think that's what the super path thing's about because you think about the next generation SaaS has to be solved by innovations of the infrastructure services, to your point about HashiCorp and others. So it's not as clear as infrastructure platform, SaaS. There's going to be a lot of interplay between this levels of services. >> Yeah, we are in this flasker situation a lot of developers are lost. A lot of operators are lost in this transition and it's just like our economies right now. Like I was reading at CNBC today, and here's sort of headline that people are having hard time understanding what state the economy is in. And so same is true with our technology economy. Like we don't know what state we are in. It's kind of it's in the transition phase right now. >> Well we're definitely in a bad economy relative to the consumer market. I've said on theCUBE publicly, Dave has as well, not as aggressive. I think the tech is still in a boom. I don't think there's tech bubble at all that's bursting, I think, the digital transformation from post COVID is going to continue. And this is the first recession downturn where the hyperscalers have been in market, delivering the economic value, almost like they're pumping on all cylinders and going to the next level. Go back to 2008, Amazon web services, where were they? They were just emerging out. So the cloud economic impact has not been factored into the global GDP relationship. I think all the firms that are looking at GDP growth and tech spend as a correlation, are completely missing the boat on the fact that cloud economics and digital transformation is a big part of the new economics. So refactoring business models this is continuing and it's just the early days. >> Yeah, I have said that many times that cloud works good in the bad economy and cloud works great in the good economy. Do you know why? Because there are different type of workloads in the good economy. A lot of experimentation, innovative solutions go into the cloud. You can do experimentation that you have extra money now, but in the bad economy you don't want to spend the CapEx because don't have money. Money is expensive at that point. And then you want to keep working and you don't need (inaudible) >> I think inflation's a big factor too right now. Well, Sarbjeet, great to see you. Thanks for coming into our studio for our stage performance for Supercloud 22, this is a pilot episode that we're going to get a consortium of experts Cloud RRT like yourselves, in the conversation to discuss what the architecture is. What is a taxonomy? What are the key building blocks and what things need to be in place for Supercloud capability? Because it's clear that if without standards, without defacto standards, we're at this tipping point where if it all comes together, not all one company can do everything. Customers want choice, but they also want to go fast too. So DevOps is working. It's going the next level. We see this as Supercloud. So thank you so much for your participation. >> Thanks for having me. And I'm looking forward to listen to the other sessions (inaudible) >> We're going to take it on A stickers. We'll take it on the internet. I'm John Furrier, stay tuned for more Supercloud 22 coverage, here at the Palo Alto studios in one minute. (bright music)

(light music) >> Welcome back to Supercloud 22. I'm John Furrier, host of theCUBE. We're here Palo Alto for a big event. Supercloud 22, we've got a great ecosystem conversation here. Ramesh Prabagaran, who's the co-founder and CEO, Prosimo. Ramesh, great to see you. Thanks for coming on. >> Thanks for having me, John. >> So, I wanted to bring you in because we've had previous CUBE conversations around cloud networking, latency, you also have some, some pedigree, Viptela. The folks in the industry know that's been a deep tech company. >> Yep. >> You have been around the block. You've seen the movie before. You've seen the tech trends. You've seen the hype. You've seen the fluff. Where's the meat on the bone with Supercloud in your opinion? >> So it, it starts with what enterprises are struggling with, right? And if you take a very simple example, it's actually quite fresh in my mind because I was just having this conversation this morning. A large bank has an application sitting in AWS, right? And they have to provide the application access to the treasury, to their suppliers, to ticker feeds, to all their downstream partners, and so on and so forth. Guess what? They don't control, where all those things are. They're in very different regions and very different clouds. And so you, whether you like it or not, you have a problem here, right? And so it starts with, for the particular bank, what are the capabilities that they need, right? And so AWS provides a whole host of native capabilities, but they still need to build a few more things on top. So going by, essentially the definition of Supercloud, even within a single cloud you need to build a few more capabilities on top. That gets worsened by the fact that now you need to provide access to various other clouds, various other regions and, and so forth. So, whether we like it or not, this movie is here to stay. >> What's the difference between Supercloud and multi-cloud? Because multi-cloud, I've been saying, is not necessarily a market yet. >> Correct, yes. So, Supercloud is essentially the cloud native capabilities provided by the hyperscalers, get you probably 30, 40% of the way, right? But then, in order to deliver on a care about, right? In our case, from a cloud networking standpoint, that is experience, that's performance, reliability, zero trust access, and then so forth. You have to take that a little bit further, and so we have vendors, like us, that actually build capabilities on top of the hyperscalers, right? Now, even if you think of a single cloud, how you build that is different on AWS than it's on Azure, than on GCP. But do the customers care? No, they want to be able to consume it in exactly the same way across all of them. So, whether it's multi-cloud or a single cloud, you have a problem that is white space on top of the hyperscalers capabilities that you just need to build. >> And what problems is it solving today? Because again, I, again, multi-cloud, I've yet seen the problem. I kind of get what's happening. Multiple clouds do exist. Use cases matter, maybe best debri, but they're standalone. They're not really interoperating, so to speak. So people have been successful on, on public cloud. >> That's correct, yes. >> For use cases? >> Absolutely. So even if you take a single cloud, for example, right? You have multiple problems to, to address. So let's take the example of, I have users coming from various different regions, around the globe, and I have apps that are spread, maybe not across like all clouds, but single cloud, maybe multiple regions, right? Now, I have a reach problem, which is, I need to go from where the user is to where the application is sitting. I have an experience problem because if my spinning wheel shows up, I'm going to go crazy. I have a security problem because I want to make sure it's only me that have access to it, right? But does the cloud provider solve for this entirely? No, they give you the nuts, the bolts, or what we call ours essentially, what you need is a, is a latte. They give you really nice coffee beans, not just one flavor, 20 flavors of those. They give you raw sugar and a few other things. They give you five different flavors of milk, but you got to make your own latte. So, that's what we do. >> And this is where the infrastructure transformation's happening. >> Exactly. >> And the super paz layer, as Dave Vellante and I have talked about in cloud, is you have to integrate a native cloud. >> Correct. >> Which is beautiful. It's integrated, everything works together, there's a lot of lattes to be made or espressos. >> Exactly. >> I mean, tons of great things there. So, big check marks, double check, gold star for AWS. >> Correct. >> All good. Now, on premises, we've found that hybrid is a steady state. >> Exactly. >> Okay, that's cloud operations. Now, you got the edge. Where does the Supercloud strategy come in? For the folks watching there, it's like, "Hey, okay, I get that." "But I don't want to just buy into another vendor's hype." >> Absolutely. >> "I got to build my own cloud," to your point about the lattes. >> Correct. >> They have to make their own infrastructure an application environment to power the developer. >> Exactly. And, and hybrid is here to stay as, as you pointed out, right, John? So, I have my data center and let's say when most folks start out they start to like a single region of a single cloud, right? And what are you most concerned about there? Hey, can I migrate? Can I start to build applications in the public cloud, right? And all you care about is can you talk back into my data center? Like, as long as some basic hygiene is there that's all they care about, right? The problem happens when you go from, kind of, the first five EC2 instances to 50 to a hundred, then you have a few other things that you need to care about, right? That's really kind of where the, the Supercloud capabilities start to come in, right? Because you have the cloud native things you can make that work for the first few days, but then after that you need augmented capabilities. >> So Ramesh, some people will say, "Hey, John, Supercloud okay, it's funny, ha ha ha." But isn't it just SAS? >> No, SAS is a delivery mechanism, right? And so, so there is the capability and that is how do you want to consume, right? And so capabilities or cloud native capabilities or piece of software capabilities or (unintelligible) cluster form factor and so forth. How do you want to consume? Maybe it's a package form factor, it is a size, it could even be passive if it's sitting in the, in the element, and then so forth, right? And so you really want to distinguish those two. And, and, and that's how we see the, the industry evolve. >> Can Superclouds be specialty clouds? Like is Snowflake a Supercloud? Is Goldman Sachs financial cloud a Supercloud? >> Absolutely, right. So Supercloud is not like a, a conglomeration of multiple capabilities, right? It can be for a specific use case, it can be for a specific functionality. So we, we consider our capabilities by the definition as a Supercloud in, in networking, right? In cloud networking, in Prosimo. So, does that solve the entirety of what I want to do in the cloud? No, absolutely not. There's data, there's computers, a whole bunch of other things, but for a specialty you do have some Supercloud. >> Yeah, in fact, I had a note here. I was going to ask you will, when will there be specialty clouds, apps, identity, data, security, nteworking, we will see those? >> Absolutely, yeah. And, and those are slowly starting to brew, right? So you have, you have identity as one, you have networking as one, you have the zero trust piece as, as another one, you have data as a, as another one. So when all these things come together, absolutely. That's what, that's what enterprise customers care about. >> So I love infrastructure as code, that drove a lot of the evolution and revolution of DevOps. When are we going to see security as code and network as code? Or is it there? >> No networkers code, for sure. It's already, it's already there. It's probably in its early innings, I would say, but we are starting to see that already. The reason for that is really simple. Enough CIOs have yelled at their networking teams to say, "my app guys can get this done three," "four times a day, you get this done once a week." Right? And so, that has actually driven quite a bit of innovation, >> It's slow, >> It's slow, right? And so that's driven quite a bit of innovation. It all starts with, hey, can I build a Terraform provider and then just integrate into Terraform? But it doesn't, it doesn't stop there, right? There's a whole bunch of additional capabilities, a day in troubleshooting, a whole bunch of things that need to come together. But I would say networkers code has already started to, to, to take ship. >> Which, that's a great point about specialty clouds. What about vertical clouds too? 'Cause you got insurance, oil and gas, FinTech. Both sides of the stack can have specialty clouds. >> Absolutely, yeah. So, it, what's driving specialty clouds, right? Some of it is compliance, mainly because you just have to shard the data, and when you shard the data, the entirety gets, gets sharded, right? Some of it driven by use case, because some are a little more serverless, service mesh and intelligence focused, some are a little more infrastructure focused. So you do see that taking off. I would say we've seen a whole lot more, kind of, on the horizontal side, less on the vertical side, but that's really happening, right? >> Yeah, I think that, to me, indicates a Supercloud. The fact that the diversity of the application on the clouds themselves, someone could be spending, say, Liberty Mutual or Goldman Sachs. They were once spending that as CapEx. >> Exactly. >> Now it's OPEX, so they become a service provider. So, if you have scale with data and expertise, you become a Supercloud by default. And you don't have to pay for the CapEx, >> Yeah. You're already paying in. >> Exactly, yeah. >> And that's what snowflake basically did with data warehouse. >> That's right, yeah. >> I mean they're basically a data warehouse. Refactored on the cloud and then go, "whoa, let's go to Azure." >> Yeah. And, and where does that data decide do you ask that question? No, right? You just assume that, hey, retrospective of it's a single cloud, multiple regions, it's there. If it's stretched to multiple clouds, yes, it's just there, but you, you talk about like that. >> In our cloud already panel earlier, we talked about how companies are going fast on one native cloud, 'cause they don't want to have multiple development teams and different ops teams. They go all in say, hey, mostly AWS wins this, unless it's specially Azure productivity software or SQL database, go hard in on Amazon, get speed and velocity, get that flywheel, win, get scale, get value. Then go to Azure, provide that same value to that marketplace and other clouds. Then the next dot to connect is, can the customer have the same experience across the clouds? That's where it gets interesting. What's your thoughts on that? >> Actually, it gets interesting even when they go from a single cloud in a single region to multiple regions, right? And the, the more spread out the regions are, you have requirements around application performance, application experience and so forth. So, suddenly the networking conversation starts to become an experience and a performance conversation. The security conversation starts to become a zero trust conversation and so forth. And so you, you do see that, that interesting shift that's happening. >> Of course. >> Exactly. And then that gets worsened by the fact that now you have multiple clouds, multiple regions, and then... >> So you got regions, clouds, >> and then you have edge locations now. >> And edge. >> You mentioned edge. >> This, this is why I think multi-cloud is BS, because this is all coming so fast. You got to get your Supercloud first. >> Exactly. >> Then you extend into, what it looks like a multi-vendor or multifaceted environment that should be automated by that time. >> Exactly. >> So it's evolutionary, we're not there yet. >> Exactly. >> So you agree, no market yet? >> That's right, yes. So unless it's like the super large enterprises where we have seen a really good mix of multiple different clouds or super large enterprises where each business unit is free to choose the cloud of their choice for the application developers because they just like a certain cloud, right? >> Or negotiations. >> Or negotiations, right? Exactly, so there you find yourself in a healthy mix. It's not like you're 80, 10, 10. It's, it's a healthy mix of three different clouds, right? But vast majority of the enterprises, they have a concerted strategy, I have a primary cloud 'cause that's where two, two big CEOs shake hands and assign multi billion dollar deals, right? >> It's just a song with Howie Shute, who's now a Zscaler, former VMware. Probably know Howie, he's a legend in the community as well. We were talking about the old days of the data center and you remember that? We'll go back to our, into our, you know, historical views of experience. Back when the data center became popular this was the glass house. Mainframes to mini computers. It became a complex environment. You had to have pretty much a PhD or serious networking or some sort of technical background. And then IT was born, the local area networks, the mini computers, and the PCs change that dynamic. IT was born. Okay, and let's just say it, most IT guys aren't PhDs. >> Exactly. >> So what's happened there is democratization and the operations side of that wave. We're kind of going th&rough it now, don't ya think, with cloud? Like, you got to be super smart to wrangle the data. I mean, some of the data pipelining stuff is super complex, after Snowflake and data bricks. >> Absolutely. And largely depends on the maturity, right? Like, so once you pass a certain scale in the cloud the care abouts start to be very different. The care abouts are, how can I operate this at scale? Because I might have started off with a relatively inefficient infrastructure, right? But now if I start to operate that at scale with like thousands of VPCs and so forth, somebody is looking at an AWS bill there and going, "ah, no, no, no, we're not going to do that." >> We're getting to the good part now. So, so here's where I wanted to get to, 'Cause we're kind of getting there, The proof points of Supercloud is IT like operations, >> Correct. >> Easy. >> Yep. >> Not overstaffed and maybe an SRE model one too many. >> Yeah, exactly. >> What are the proof points do you see that would be evidence that Supercloud is working? >> So in a well functional model where we have seen enterprises take the applications that they care about and then move that into the public cloud or build it organically. If they have staffed their team, I think a good leading indicator is that they have staffed the team so that there are a bunch of guys who understand what it means for cloud native capabilities. There are a bunch of guys who then put it together and then you look at the care abouts, right? Ultimately at the end of the day, the goal, if you go higher up in the layers, is it about application experience? Is it about kind of reducing the blast radius of my security? Is it about my data cleanliness and, and hygiene? You don't care about kind of how the pipelining works underneath the covers or how do I put a transit gateway and this and that together? No, that's not what you care about. You care about kind of the outcomes and, and- >> Palmer (unintelligible) that VMware, when he was there. You just say the hardened top, no one talks about what's in an Intel processor. I mean it's just works. >> Exactly, yeah. And it's what applications you build on top of that Intel processor that actually makes it more powerful, right? And so the first evidence I would say is kind of how is the team structured? The second evidence would be kind of what, what are the care abouts for the guys that are building these applications, right? Because even the application developers more than the application, they care about kind of, is it helping? Is it delivering on the experience? Is it being used the way it's supposed to? >> Is it value? >> Exactly, right? And those are not areas that the cloud providers are solely focused on, right? Like you don't see an AWS or an Azure dashboard show that particular thing for the entirety of the application, they'll tell you for the ATR services that you, that you use, here's the SLA for each one of these services. >> And that's where the customer has to build it. >> Exactly right. Now, does that give you the full picture? No, it doesn't. Somebody has to pull this together. Somebody has to aggregate this together and then make sense as to whether this is working or not, right? So whether you call it Supercloud, or whether you call it kind of the care abouts on top of the cloud native stuff, they're all the same. I'm glad you guys came up with a, with a name for this. And I think it's going to be here to stay. >> Well, thank you for sharing your expertise. You got a great background in this area and you got, I think you guys are right on the front wave of this new change. I think a little bit early, but that's good, but don't be too early. >> Yeah, exactly. No, and, and, and that's really important, right, John? So, you don't want to be too early. You certainly don't want to be too late, but at the same time, the pace at which things are evolving are fast enough that you, you will see. I think when, if we have this conversation even three months from now, it might be a very different conversation. >> Yeah, people want to go fast and they don't want to get stuck with a vendor. They made a bad choice that slows 'em down 'cause they got problems to solve, things to build. >> Yeah, exactly. >> Ramesh, thanks for coming on, Supercloud 22, we're breaking it all down. We're exposing it out to everyone. We're discussing it. We're going to challenge it. But ultimately it is a thing. Supercloud 22. Thanks for watching. >> Wonderful, thanks John. (light music)

(bright upbeat music) >> Welcome back, everyone, to the "Supercloud 22." I'm John Furrier, host of "The Cube." This is the Cloud-erati panel, the distinguished experts who have been there from day one, watching the cloud grow, from building clouds, and all open source stuff as well. Just great stuff. Good friends of "The Cube," and great to introduce back on "The Cube," Adrian Cockcroft, formerly with Netflix, formerly AWS, retired, now commentating here in "The Cube," as well as other events. Great to see you back out there, Adrian. Lori MacVittie, Cloud Evangelist with F5, also wrote a great blog post on supercloud, as well as Dave Vellante as well, setting up the supercloud conversation, which we're going to get into, and Chris Hoff, who's the CTO and CSO of LastPass who's been building clouds, and we know him from "The Cube" before with security and cloud commentary. Welcome, all, back to "The Cube" and supercloud. >> Thanks, John. >> Hi. >> All right, Lori, we'll start with you to get things going. I want to try to sit back, as you guys are awesome experts, and involved from building, and in the trenches, on the front lines, and Adrian's coming out of retirement, but Lori, you wrote the post setting the table on supercloud. Let's start with you. What is supercloud? What is it evolving into? What is the north star, from your perspective? >> Well, I don't think there's a north star yet. I think that's one of the reasons I wrote it, because I had a clear picture of this in my mind, but over the past, I don't know, three, four years, I keep seeing, in research, my own and others', complexity, multi-cloud. "We can't manage it. They're all different. "We have trouble. What's going on? "We can't do anything right." And so digging into it, you start looking into, "Well, what do you mean by complexity?" Well, security. Migration, visibility, performance. The same old problems we've always had. And so, supercloud is a concept that is supposed to overlay all of the clouds and normalize it. That's really what we're talking about, is yet another abstraction layer that would provide some consistency that would allow you to do the same security and monitor things correctly. Cornell University actually put out a definition way back in 2016. And they said, "It's an architecture that enables migration "across different zones or providers," and I think that's important, "and provides interfaces to everything, "makes it consistent, and normalizes the network," basically brings it all together, but it also extends to private clouds. Sometimes we forget about that piece of it, and I think that's important in this, so that all your clouds look the same. So supercloud, big layer on top, makes everything wonderful. It's unicorns again. >> It's interesting. We had multiple perspectives. (mumbles) was like Snowflake, who built on top of AWS. Jerry Chan, who we heard from earlier today, Greylock Penn's "Castles in the Cloud" saying, "Hey, you can have a moat, "you can build an advantage and have differentiation," so startups are starting to build on clouds, that's the native cloud view, and then, of course, they get success and they go to all the other clouds 'cause they got customers in the ecosystem, but it seems that all the cloud players, Chris, you commented before we came on today, is that they're all fighting for the customer's workloads on their infrastructure. "Come bring your stuff over to here, "and we'll make it run better." And all your developers are going to be good. Is there a problem? I mean, or is this something else happening here? Is there a real problem? >> Well, I think the north star's over there, by the way, Lori. (laughing) >> Oh, there it is. >> Right there. The supercloud north star. So indeed I think there are opportunities. Whether you call them problems or not, John, I think is to be determined. Most companies have, especially if they're a large enterprise, whether or not they've got an investment in private cloud or not, have spent time really trying to optimize their engineering and workload placement on a single cloud. And that, regardless of your choice, as we take the big three, whether it's Amazon, Google, or Microsoft, each of them have their pros and cons for various types of workloads. And so you'll see a lot of folks optimizing for a particular cloud, and it takes a huge effort up and down the stack to just get a single cloud right. That doesn't take into consideration integrations with software as a service, instantiated, oftentimes, on top of infrastructure of the service that you need to supplement where the obstruction layer ends in infrastructure of the service. You've seen most IS players starting to now move up-chain, as we predicted years ago, to platform as a service, but platforms of various types. So I definitely see it as an opportunity. Previous employers have had multiple clouds, but they were very specifically optimized for the types of workloads, for example, in, let's say, AWS versus GCP, based on the need for different types and optimized compute platforms that each of those providers ran. We never, in that particular case, thought about necessarily running the same workloads across both clouds, because they had different pricing models, different security models, et cetera. And so the challenge is really coming down to the fact that, what is the cost benefit analysis of thinking about multi-cloud when you can potentially engineer the resiliency or redundancy, all the in-season "ilities" that you might need to factor into your deployments on a single cloud, if they are investing at the pace in which they are? So I think it's an opportunity, and it's one that continues to evolve, but this just reminds me, your comments remind me, of when we were talking about OpenStack versus AWS. "Oh, if there were only APIs that existed "that everybody could use," and you saw how that went. So I think that the challenge there is, what is the impetus for a singular cloud provider, any of the big three, deciding that they're going to abstract to a single abstraction layer and not be able to differentiate from the competitors? >> Yeah, and that differentiation's going to be big. I mean, assume that the clouds aren't going to stay still like AWS and just not stop innovating. We see the devs are doing great, Adrian, open source is bigger and better than ever, but now that's been commercialized into enterprise. It's an ops problem. So to Chris's point, the cost benefit analysis is interesting, because do companies have to spin up multiple operations teams, each with specialized training and tooling for the clouds that they're using, and does that open up a can of worms, or is that a good thing? I mean, can you design for this? I mean, is there an architecture or taxonomy that makes it work, or is it just the cart before the horse, the solution before the problem? >> Yeah, well, I think that if you look at any large vendor... Sorry, large customer, they've got a bit of everything already. If you're big enough, you've bought something from everybody at some point. So then you're trying to rationalize that, and trying to make it make sense. And I think there's two ways of looking at multi-cloud or supercloud, and one is that the... And practically, people go best of breed. They say, "Okay, I'm going to get my email "from Google or Microsoft. "I'm going to run my applications on AWS. "Maybe I'm going to do some AI machine learning on Google, "'cause those are the strengths of the platforms." So people tend to go where the strength is. So that's multi-cloud, 'cause you're using multiple clouds, and you still have to move data and make sure they're all working together. But then what Lori's talking about is trying to make them all look the same and trying to get all the security architectures to be the same and put this magical layer, this unicorn magical layer that, "Let's make them all look the same." And this is something that the CIOs have wanted for years, and they keep trying to buy it, and you can sell it, but the trouble is it's really hard to deliver. And I think, when I go back to some old friends of ours at Enstratius who had... And back in the early days of cloud, said, "Well, we'll just do an API that abstracts "all the cloud APIs into one layer." Enstratius ended up being sold to Dell a few years ago, and the problem they had was that... They didn't have any problem selling it. The problem they had was, a year later, when it came up for renewal, the developers all done end runs around it were ignoring it, and the CIOs weren't seeing usage. So you can sell it, but can you actually implement it and make it work well enough that it actually becomes part of your core architecture without, from an operations point of view, without having the developers going directly to their favorite APIs around them? And I'm not sure that you can really lock an organization down enough to get them onto a layer like that. So that's the way I see it. >> You just defined- >> You just defined shadow shadow IT. (laughing) That's pretty- (crosstalk) >> Shadow shadow IT, yeah. >> Yeah, shadow shadow it. >> Yeah. >> Yeah. >> I mean, this brings up the question, I mean, is there really a problem? I mean, I guess we'll just jump to it. What is supercloud? If you can have the magic outcome, what is it? Enstratius rendered in with automation? The security issues? Kubernetes is hot. What is the supercloud dream? I guess that's the question. >> I think it's got easier than it was five, 10 years ago. Kubernetes gives you a bunch of APIs that are common across lots of different areas, things like Snowflake or MongoDB Atlas. There are SaaS-based services, which are across multiple clouds from vendors that you've picked. So it's easier to build things which are more portable, but I still don't think it's easy to build this magic API that makes them all look the same. And I think that you're going to have leaky abstractions and security being... Getting the security right's going to be really much more complex than people think. >> What about specialty superclouds, Chris? What's your view on that? >> Yeah, I think what Adrian is alluding to, those leaky abstractions, are interesting, especially from the security perspective, 'cause I think what you see is if you were to happen to be able to thin slice across a set of specific types of workloads, there is a high probability given today that, at least on two of the three major clouds, you could get SaaS providers that sit on those same infrastructure of the service clouds for you, string them together, and have a service that technically is abstracted enough from the things you care about to work on one, two, or three, maybe not all of them, but most SaaS providers in the security space, or identity space, data space, for example, coexist on at least Microsoft and AWS, if not all three, with Google. And so you could technically abstract a service to the point that you let that level of abstract... Like Lori said, no computer science problem could not be... So, no computer science problem can't be solved with more layers of abstraction or misdirection... Or redirection. And in that particular case, if you happen to pick the right vendors that run on all three clouds, you could possibly get close. But then what that really talks about is then, if you built your seven-layer dip model, then you really have specialty superclouds spanning across infrastructure of the service clouds. One for your identity apps, one for data and data layers, to normalize that, one for security, but at what cost? Because you're going to be charged not for that service as a whole, but based on compute resources, based on how these vendors charge across each cloud. So again, that cost-benefit ratio might start being something that is rather imposing from a budgetary perspective. >> Lori, weigh in on this, because the enterprise people love to solve complexity with more complexity. Here, we need to go the other way. It's a commodity. So there has to be a better way. >> I think I'm hearing two fundamental assumptions. One, that a supercloud would force the existing big three to implement some sort of equal API. Don't agree with that. There's no business case for that. There's no reason that could compel them to do that. Otherwise, we would've convinced them to do that, what? 10, 15 years ago when we said we need to be interoperable. So it's not going to happen there. They don't have a good reason to do that. There's no business justification for that. The other presumption, I think, is that we would... That it's more about the services, the differentiated services, that are offered by all of these particular providers, as opposed to treating the core IaaS as the commodity it is. It's compute, it's some storage, it's some networking. Look at that piece. Now, pull those together by... And it's not OpenStack. That's not the answer, it wasn't the answer, it's not the answer now, but something that can actually pull those together and abstract it at a different layer. So cloud providers don't have to change, 'cause they're not going to change, but if someone else were to build that architecture to say, "all right, I'm going to treat all of this compute "so you can run your workloads," as Chris pointed out, "in the best place possible. "And we'll help you do that "by being able to provide those cost benefit analysis, "'What's the best performance, what are you doing,' "And then provide that as a layer." So I think that's really where supercloud is going, 'cause I think that's what a lot of the market actually wants in terms of where they want to run their workloads, because we're seeing that they want to run workloads at the edge, "a lot closer to me," which is yet another factor that we have to consider, and how are you going to be moving individual workloads around? That's the holy grail. Let's move individual workloads to where they're the best performance, the security, cost optimized, and then one layer up. >> Yeah, I think so- >> John Considine, who ultimately ran CloudSwitch, that sold to Verizon, as well as Tom Gillis, who built Bracket, are both rolling in their graves, 'cause what you just described was exactly that. (Lori laughing) Well, they're not even dead yet, so I can't say they're rolling in their graves. Sorry, Tom. Sorry, John. >> Well, how do hyperscalers keep their advantage with all this? I mean, to that point. >> Native services and managed services on top of it. Look how many flavors of managed Kubernetes you have. So you have a choice. Roll your own, or go with a managed service, and then differentiate based on the ability to take away and simplify some of that complexity. Doesn't mean it's more secure necessarily, but I do think we're seeing opportunities where those guys are fighting tooth and nail to keep you on a singular cloud, even though, to Lori's point, I agree, I don't think it's about standardized APIs, 'cause I think that's never going to happen. I do think, though, that SaaS-y supercloud model that we were talking about, layering SaaS that happens to span all the three infrastructure of the service are probably more in line with what Lori was talking about. But I do think that portability of workload is given to you today within lots of ways. But again, how much do you manage, and how much performance do you give up by running additional abstraction layers? And how much security do you give up by having to roll your own and manage that? Because the whole point was, in many cases... Cloud is using other people's computers, so in many cases, I want to manage as little of it as I possibly can. >> I like this whole SaaS angle, because if you had the old days, you're on Amazon Web Services, hey, if you build a SaaS application that runs on Amazon, you're all great, you're born in the cloud, just like that generations of startups. Great. Now when you have this super pass layer, as Dave Vellante was riffing on his analysis, and Lori, you were getting into this pass layer that's kind of like SaaS-y, what's the SaaS equation look like? Because that, to me, sounds like a supercloud version of saying, "I have a workload that runs on all the clouds equally." I just don't think that's ever going to happen. I agree with you, Chris, on that one. But I do see that you can have an abstraction that says, "Hey, I don't really want to get in the weeds. "I don't want to spend a lot of ops time on this. "I just want it to run effectively, and magic happens," or, as you said, some layer there. How does that work? How do you see this super pass layer, if anything, enabling a different SaaS game? >> I think you hit on it there. The last like 10 or so years, we've been all focused on developers and developer productivity, and it's all about the developer experience, and it's got to be good for them, 'cause they're the kings. And I think the next 10 years are going to be very focused on operations, because once you start scaling out, it's not about developers. They can deliver fast or slow, it doesn't matter, but if you can't scale it out, then you've got a real problem. So I think that's an important part of it, is really, what is the ops experience, and what is the best way to get those costs down? And this would serve that purpose if it was done right, which, we can argue about whether that's possible or not, but I don't have to implement it, so I can say it's possible. >> Well, are we going to be getting into infrastructure as code moves into "everything is code," security, data, (laughs) applications is code? I mean, "blank" is code, fill in the blank. (Lori laughing) >> Yeah, we're seeing more of that with things like CDK and Pulumi, where you are actually coding up using a real language rather than the death by YAML or whatever. How much YAML can you take? But actually having a real language so you're not trying to do things in parsing languages. So I think that's an interesting trend. You're getting some interesting templates, and I like what... I mean, the counterexample is that if you just go deep on one vendor, then maybe you can go faster and it is simpler. And one of my favorite vendor... Favorite customers right now that I've been talking to is Liberty Mutual. Went very deep and serverless first on AWS. They're just doing everything there, and they're using CDK Patterns to do it, and they're going extremely fast. There's a book coming out called "The Value Flywheel" by Dave Anderson, it's coming out in a few months, to just detail what they're doing, but that's the counterargument. If you could pick one vendor, you can go faster, you can get that vendor to do more for you, and maybe get a bigger discount so you're not splitting your discounts across vendors. So that's one aspect of it. But I think, fundamentally, you're going to find the CIOs and the ops people generally don't like sitting on one vendor. And if that single vendor is a horizontal platform that's trying to make all the clouds look the same, now you're locked into whatever that platform was. You've still got a platform there. There's still something. So I think that's always going to be something that the CIOs want, but the developers are always going to just pick whatever the best tool for building the thing is. And a analogy here is that the developers are dating and getting married, and then the operations people are running the family and getting divorced. And all the bad parts of that cycle are in the divorce end of it. You're trying to get out of a vendor, there's lawyers, it's just a big mess. >> Who's the lawyer in this example? (crosstalk) >> Well... (laughing) >> Great example. (crosstalk) >> That's why ops people don't like lock-in, because they're the ones trying to unlock. They aren't the ones doing the lock-in. They're the ones unlocking, when developers, if you separate the two, are the ones who are going, picking, having the fun part of it, going, trying a new thing. So they're chasing a shiny object, and then the ops people are trying to untangle themselves from the remains of that shiny object a few years later. So- >> Aren't we- >> One way of fixing that is to push it all together and make it more DevOps-y. >> Yeah, that's right. >> But that's trying to put all the responsibilities in one place, like more continuous improvement, but... >> Chris, what's your reaction to that? Because you're- >> No, that's exactly what I was going to bring up, yeah, John. And 'cause we keep saying "devs," "dev," and "ops" and I've heard somewhere you can glue those two things together. Heck, you could even include "sec" in the middle of it, and "DevSecOps." So what's interesting about what Adrian's saying though, too, is I think this has a lot to do with how you structure your engineering teams and how you think about development versus operations and security. So I'm building out a team now that very much makes use of, thanks to my brilliant VP of Engineering, a "Team Topologies" approach, which is a very streamlined and product oriented way of thinking about, for example, in engineering, if you think about team structures, you might have people that build the front end, build the middle tier, and the back end, and then you have a product that needs to make use of all three components in some form. So just from getting stuff done, their ability then has to tie to three different groups, versus building a team that's streamlined that ends up having front end, middleware, and backend folks that understand and share standards but are able to uncork the velocity that's required to do that. So if you think about that, and not just from an engineering development perspective, but then you couple in operations as a foundational layer that services them with embedded capabilities, we're putting engineers and operations teams embedded in those streamlined teams so that they can run at the velocity that they need to, they can do continuous integration, they can do continuous deployment. And then we added CS, which is continuously secure, continuous security. So instead of having giant, centralized teams, we're thinking there's a core team, for example, a foundational team, that services platform, makes sure all the trains are running on time, that we're doing what we need to do foundationally to make the environments fully dev and operator and security people functional. But then ultimately, we don't have these big, monolithic teams that get into turf wars. So, to Adrian's point about, the operators don't like to be paned in, well, they actually have a say, ultimately, in how they architect, deploy, manage, plan, build, and operate those systems. But at the same point in time, we're all looking at that problem across those teams and go... Like if one streamline team says, "I really want to go run on Azure, "because I like their services better," the reality is the foundational team has a larger vote versus opinion on whether or not, functionally, we can satisfy all of the requirements of the other team. Now, they may make a fantastic business case and we play rock, paper, scissors, and we do that. Right now, that hasn't really happened. We look at the balance of AWS, we are picking SaaS-y, supercloud vendors that will, by the way, happen to run on three platforms, if we so choose to expand there. So we have a similar interface, similar capability, similar processes, but we've made the choice at LastPass to go all in on AWS currently, with respect to how we deliver our products, for all the reasons we just talked about. But I do think that operations model and how you build your teams is extremely important. >> Yeah, and to that point- >> And has the- (crosstalk) >> The vendors themselves need optionality to the customer, what you're saying. So, "I'm going to go fast, "but I need to have that optionality." I guess the question I have for you guys is, what is today's trade-off? So if the decision point today is... First of all, I love the go-fast model on one cloud. I think that's my favorite when I look at all this, and then with the option, knowing that I'm going to have the option to go to multiple clouds. But everybody wants lock-in on the vendor side. Is that scale, is that data advantage? I mean, so the lock-in's a good question, and then also the trade-offs. What do people have to do today to go on a supercloud journey to have an ideal architecture and taxonomy, and what's the right trade-offs today? >> I think that the- Sorry, just put a comment and then let Lori get a word in, but there's a lot of... A lot of the market here is you're building a product, and that product is a SaaS product, and it needs to run somewhere. And the customers that you're going to... To get the full market, you need to go across multiple suppliers, most people doing AWS and Azure, and then with Google occasionally for some people. But that, I think, has become the pattern that most of the large SaaS platforms that you'd want to build out of, 'cause that's the fast way of getting something that's going to be stable at scale, it's got functionality, you'd have to go invest in building it and running it. Those platforms are just multi-cloud platforms, they're running across them. So Snowflake, for example, has to figure out how to make their stuff work on more than one cloud. I mean, they started on one, but they're going across clouds. And I think that that is just the way it's going to be, because you're not going to get a broad enough view into the market, because there isn't a single... AWS doesn't have 100% of the market. It's maybe a bit more than them, but Azure has got a pretty solid set of markets where it is strong, and it's market by market. So in some areas, different people in some places in the world, and different vertical markets, you'll find different preferences. And if you want to be across all of them with your data product, or whatever your SaaS product is, you're just going to have to figure this out. So in some sense, the supercloud story plays best with those SaaS providers like the Snowflakes of this world, I think. >> Lori? >> Yeah, I think the SaaS product... Identity, whatever, you're going to have specialized. SaaS, superclouds. We already see that emerging. Identity is becoming like this big SaaS play that crosses all clouds. It's not just for one. So you get an evolution going on where, yes, I mean, every vendor who provides some kind of specific functionality is going to have to build out and be multi-cloud, as it were. It's got to work equally across them. And the challenge, then, for them is to make it simple for both operators and, if required, dev. And maybe that's the other lesson moving forward. You can build something that is heaven for ops, but if the developers won't use it, well, then you're not going to get it adopted. But if you make it heaven for the developers, the ops team may not be able to keep it secure, keep everything. So maybe we have to start focusing on both, make it friendly for both, at least. Maybe it won't be the perfect experience, but gee, at least make it usable for both sides of the equation so that everyone can actually work in concert, like Chris was saying. A more comprehensive, cohesive approach to delivery and deployment. >> All right, well, wrapping up here, I want to just get one final comment from you guys, if you don't mind. What does supercloud look like in five years? What's the Nirvana, what's the steady state of supercloud in five to 10 years? Or say 10 years, make it easier. (crosstalk) Five to 10 years. Chris, we'll start with you. >> Wow. >> Supercloud, what's it look like? >> Geez. A magic pane, a single pane of glass. (laughs) >> Yeah, I think- >> Single glass of pain. >> Yeah, a single glass of pain. Thank you. You stole my line. Well, not mine, but that's the one I was going to use. Yeah, I think what is really fascinating is ultimately, to answer that question, I would reflect on market consolidation and market dynamics that happens even in the SaaS space. So we will see SaaS companies combining in focal areas to be able to leverage the positions, let's say, in the identity space that somebody has built to provide a set of compelling services that help abstract that identity problem or that security problem or that instrumentation and observability problem. So take your favorite vendors today. I think what we'll end up seeing is more consolidation in SaaS offerings that run on top of infrastructure of the service offerings to where a supercloud might look like something I described before. You have the combination of your favorite interoperable identity, observability, security, orchestration platforms run across them. They're sold as a stack, whether it be co-branded by an enterprise vendor that sells all of that and manages it for you or not. But I do think that... You talked about, I think you said, "Is this an innovator's dilemma?" No, I think it's an integrator's dilemma, as it has always ultimately been. As soon as you get from Genesis to Bespoke Build to product to then commoditization, the cycle starts anew. And I think we've gotten past commoditization, and we're looking at niche areas. So I see just the evolution, not necessarily a revolution, of what we're dealing with today as we see more consolidation in the marketplace. >> Lori, what's your take? Five years, 10 years, what does supercloud look like? >> Part of me wants to take the pie in the sky unicorn approach. "No, it will be beautiful. "One button, and things will happen," but I've seen this cycle many times before, and that's not going to happen. And I think Chris has got it pretty close to what I see already evolving. Those different kinds of super services, basically. And that's really what we're talking about. We call them SaaS, but they're... X is a service. Everything is a service, and it's really a supercloud that can run anywhere, but it presents a different interface, because, well, it's easier. And I think that's where we're going to go, and that's just going to get more refined. And yes, a lot of consolidation, especially on the observability side, but that's also starting to consume the security side, which is really interesting to watch. So that could be a little different supercloud coming on there that's really focused on specific types of security, at least, that we'll layer across, and then we'll just hook them all together. It's an API first world, and it seems like that's going to be our standard for the next while of how we integrate everything. So superclouds or APIs. >> Awesome. Adrian... Adrian, take us home. >> Yeah, sure. >> What's your- I think, and just picking up on Lori's point that these are web services, meaning that you can just call them from anywhere, they don't have to run everything in one place, they can stitch it together, and that's really meant... It's somewhat composable. So in practice, people are going to be composable. Can they compose their applications on multiple platforms? But I think the interesting thing here is what the vendors do, and what I'm seeing is vendors running software on other vendors. So you have Google building platforms that, then, they will support on AWS and Azure and vice versa. You've got AWS's distro of Kubernetes, which they now give you as a distro so you can run it on another platform. So I think that trend's going to continue, and it's going to be, possibly, you pick, say, an AWS or a Google software stack, but you don't run it all on AWS, you run it in multiple places. Yeah, and then the other thing is the third tier, second, third tier vendors, like, I mean, what's IBM doing? I think in five years time, IBM is going to be a SaaS vendor running on the other clouds. I mean, they're already halfway there. To be a bit more controversial, I guess it's always fun to... Like I don't work for a corporate entity now. No one tells me what I can say. >> Bring it on. >> How long can Google keep losing a billion dollars a quarter? They've either got to figure out how to make money out of this thing, or they'll end up basically being a software stack on another cloud platform as their, likely, actual way they can make money on it. Because you've got to... And maybe Oracle, is that a viable cloud platform that... You've got to get to some level of viability. And I think the second, third tier of vendors in five, 10 years are going to be running on the primary platform. And I think, just the other final thing that's really driving this right now. If you try and place an order right now for a piece of equipment for your data center, key pieces of equipment are a year out. It's like trying to buy a new fridge from like Sub-Zero or something like that. And it's like, it's a year. You got to wait for these things. Any high quality piece of equipment. So you go to deploy in your data center, and it's like, "I can't get stuff in my data center. "Like, the key pieces I need, I can't deploy a whole system. "We didn't get bits and pieces of it." So people are going to be cobbling together, or they're going, "No, this is going to cloud, because the cloud vendors "have a much stronger supply chain to just be able "to give you the system you need. "They've got the capacity." So I think we're going to see some pandemic and supply chain induced forced cloud migrations, just because you can't build stuff anymore outside the- >> We got to accelerate supercloud, 'cause they have the supply. They are the chain. >> That's super smart. That's the benefit of going last. So I'm going to scoop in real quick. I can't believe we can call this "Web3 Supercloud," because none of us said "Web3." Don't forget DAO. (crosstalk) (indistinct) You have blockchain, blockchain superclouds. I mean, there's some very interesting distributed computing stuff there, but we'll have to do- >> (crosstalk) We're going to call that the "Cubeverse." The "Cubeverse" is coming. >> Oh, the "Cubeverse." All right. >> We will be... >> That's very meta. >> In the metaverse, Cubeverse soon. >> "Stupor cloud," perhaps. But anyway, great points, Adrian and Lori. Loved it. >> Chris, great to see you. Adrian, Lori, thanks for coming on. We've known each other for a long time. You guys are part of the cloud-erati, the group that has been in there from day one, and watched it evolve, and you get the scar tissue to prove it, and the experience. So thank you so much for sharing your commentary. We'll roll this up and make it open to everybody as additional content. We'll call this the "outtakes," the longer version. But really appreciate your time, thank you. >> Thank you. >> Thanks so much. >> Okay, we'll be back with more "Supercloud 22" right after this. (bright upbeat music)

>> Announcer: theCube presents HPE Discover 2022, brought to you by HPE. >> Hey, everyone. Welcome back to Las Vegas. This is Lisa Martin with Dave Vellante live at HPE Discover '22. Dave, it's great to be here. This is the first Discover in three years and we're here with about 7,000 of our closest friends. >> Yeah. You know, I tweeted out this, I think I've been to 14 Discovers between the U.S. and Europe, and I've never seen a Discover with so much energy. People are not only psyched to get back together, that's for sure, but I think HPE's got a little spring in its step and it's feeling more confident than maybe some of the past Discovers that I've been to. >> I think so, too. I think there's definitely a spring in the step and we're going to be unpacking some of that spring next with one of our alumni who joins us, Keith White's here, the executive vice president and general manager of GreenLake Cloud Services. Welcome back. >> Great. You all thanks for having me. It's fantastic that you're here and you're right, the energy is crazy at this show. It's been a lot of pent up demand, but I think what you heard from Antonio today is our strategy's changing dramatically and it's really embracing our customers and our partners. So it's great. >> Embracing the customers and the partners, the ecosystem expansion is so critical, especially the last couple of years with the acceleration of digital transformation. So much challenge in every industry, but lots of momentum on the GreenLake side, I was looking at the Q2 numbers, triple digit growth in orders, 65,000 customers over 70 services, eight new services announced just this morning. Talk to us about the momentum of GreenLake. >> The momentum's been fantastic. I mean, I'll tell you, the fact that customers are really now reaccelerating their digital transformation, you probably heard a lot, but there was a delay as we went through the pandemic. So now it's reaccelerating, but everyone's going to a hybrid, multi-cloud environment. Data is the new currency. And obviously, everyone's trying to push out to the Edge and GreenLake is that edge to cloud platform. So we're just seeing tons of momentum, not just from the customers, but partners, we've enabled the platform so partners can plug into it and offer their solutions to our customers as well. So it's exciting and it's been fun to see the momentum from an order standpoint, but one of the big numbers that you may not be aware of is we have over a 96% retention rate. So once a customer's on GreenLake, they stay on it because they're seeing the value, which has been fantastic. >> The value is absolutely critically important. We saw three great big name customers. The Home Depot was on stage this morning, Oak Ridge National Laboratory was as well, Evil Geniuses. So the momentum in the enterprise is clearly present. >> Yeah. It is. And we're hearing it from a lot of customers. And I think you guys talk a lot about, hey, there's the cloud, data and Edge, these big mega trends that are happening out there. And you look at a company like Barclays, they're actually reinventing their entire private cloud infrastructure, running over a hundred thousand workloads on HPE GreenLake. Or you look at a company like Zenseact, who's basically they do autonomous driving software. So they're doing massive parallel computing capabilities. They're pulling in hundreds of petabytes of data to then make driving safer and so you're seeing it on the data front. And then on the Edge, you look at anyone like a Patrick Terminal, for example. They run a whole terminal shipyard. They're getting data in from exporters, importers, regulators, the works and they have to real-time, analyze that data and say, where should this thing go? Especially with today's supply chain challenges, they have to be so efficient, that it's just fantastic. >> It was interesting to hear Fidelma, Keith, this morning on stage. It was the first time I'd really seen real clarity on the platform itself and that it's obviously her job is, okay, here's the platform, now, you guys got to go build on top of it. Both inside of HPE, but also externally, so your ecosystem partners. So, you mentioned the financial services companies like Barclays. We see those companies moving into the digital world by offering some of their services in building their own clouds. >> Keith: That's right. >> What's your vision for GreenLake in terms of being that platform, to assist them in doing that and the data component there? >> I think that was one of the most exciting things about not just showcasing the platform, but also the announcement of our private cloud enterprise, Cloud Service. Because in essence, what you're doing is you're creating that framework for what most companies are doing, which is they're becoming cloud service providers for their internal business units. And they're having to do showback type scenarios, chargeback type scenarios, deliver cloud services and solutions inside the organization so that open platform, you're spot on. For our ecosystem, it's fantastic, but for our customers, they get to leverage it as well for their own internal IT work that's happening. >> So you talk about hybrid cloud, you talk about private cloud, what's your vision? You know, we use this term Supercloud. This in a layer that goes across clouds. What's your thought about that? Because you have an advantage at the Edge with Aruba. Everybody talks about the Edge, but they talk about it more in the context of near Edge. >> That's right. >> We talked to Verizon and they're going far Edge, you guys are participating in that, as well as some of your partners in Red Hat and others. What's your vision for that? What I call Supercloud, is that part of the strategy? Is that more longer term or you think that's pipe dream by Dave? >> No, I think it's really thoughtful, Dave, 'cause it has to be part of the strategy. What I hear, so for example, Ford's a great example. They run Azure, AWS, and then they made a big deal with Google cloud for their internal cars and they run HPE GreenLake. So they're saying, hey, we got four clouds. How do we sort of disaggregate the usage of that? And Chris Lund, who is the VP of information technology at Liberty Mutual Insurance, he talked about it today, where he said, hey, I can deliver these services to my business unit. And they don't know, am I running on the public cloud? Am I running on our HPE GreenLake cloud? Like it doesn't matter to the end user, we've simplified that so much. So I think your Supercloud idea is super thoughtful, not to use the super term too much, that I'm super excited about because it's really clear of what our customers are trying to accomplish, which it's not about the cloud, it's about the solution and the business outcome that gets to work. >> Well, and I think it is different. I mean, it's not like the last 10 years where it was like, hey, I got my stuff to work on the different clouds and I'm replicating as much as I can, the cloud experience on-prem. I think you guys are there now and then to us, the next layer is that ecosystem enablement. So how do you see the ecosystem evolving and what role does Green Lake play there? >> Yeah. This has been really exciting. We had Tarkan Maner who runs Nutanix and Karl Strohmeyer from Equinix on stage with us as well. And what's happening with the ecosystem is, I used to say, one plus one has to equal three for our customers. So when you bring these together, it has to be that scenario, but we are joking that one plus one plus one equals five now because everything has a partner component to it. It's not about the platform, it's not about the specific cloud service, it's actually about the solution that gets delivered. And that's done with an ISV, it's done with a Colo, it's done even with the Hyperscalers. We have Azure Stack HCI as a fully integrated solution. It happens with managed service providers, delivering managed services out to their folks as well. So that platform being fully partner enabled and that ecosystem being able to take advantage of that, and so we have to jointly go to market to our customers for their business needs, their business outcomes. >> Some of the expansion of the ecosystem. we just had Red Hat on in the last hour talking about- >> We're so excited to partner with them. >> Right, what's going on there with OpenShift and Ansible and Rel, but talk about the customer influence in terms of the expansion of the ecosystem. We know we've got to meet customers where they are, they're driving it, but we know that HPE has a big presence in the enterprise and some pretty big customer names. How are they from a demand perspective? >> Well, this is where I think the uniqueness of GreenLake has really changed HPE's approach with our customers. Like in all fairness, we used to be a vendor that provided hardware components for, and we talked a lot about hardware costs and blah, blah, blah. Now, we're actually a partner with those customers. What's the business outcome you're requiring? What's the SLA that we offer you for what you're trying to accomplish? And to do that, we have to have it done with partners. And so even on the storage front, Qumulo or Cohesity. On the backup and recovery disaster recovery, yes, we have our own products, but we also partner with great companies like Veeam because it's customer choice, it's an open platform. And the Red Hat announcement is just fantastic. Because, hey, from a container platform standpoint, OpenShift provides 5,000 plus customers, 90% of the fortune 500 that they engage with, with that opportunity to take GreenLake with OpenShift and implement that container capabilities on-prem. So it's fantastic. >> We were talking after the keynote, Keith Townsend came on, myself and Lisa. And he was like, okay, what about startups? 'Cause that's kind of a hallmark of cloud. And we felt like, okay, startups are not the ideal customer profile necessarily for HPE. Although we saw Evil Geniuses up on stage, but I threw out and I'd love to get your thoughts on this that within companies, incumbents, you have entrepreneurs, they're trying to build their own clouds or Superclouds as I use the term, is that really the target for the developer audience? We've talked a lot about OpenShift with their other platforms, who says as a partner- >> We just announced another extension with Rancher and- >> Yeah. I saw that. And you have to have optionality for developers. Is that the way we should think about the target audience from a developer standpoint? >> I think it will be as we go forward. And so what Fidelma presented on stage was the new developer platform, because we have come to realize, we have to engage with the developers. They're the ones building the apps. They're the ones that are delivering the solutions for the most part. So yeah, I think at the enterprise space, we have a really strong capability. I think when you get into the sort of mid-market SMB standpoint, what we're doing is we're going directly to the managed service and cloud service providers and directly to our Disty and VARS to have them build solutions on top of GreenLake, powered by GreenLake, to then deliver to their customers because that's what the customer wants. I think on the developer side of the house, we have to speak their language, we have to provide their capabilities because they're going to start articulating apps that are going to use both the public cloud and our on-prem capabilities with GreenLake. And so that's got to work very well. And so you've heard us talk about API based and all of that sort of scenario. So it's an exciting time for us, again, moving HPE strategy into something very different than where we were before. >> Well, Keith, that speaks to ecosystem. So I don't know if you were at Microsoft, when the sweaty Steve Ballmer was working with the developers, developers. That's about ecosystem, ecosystem, ecosystem. I don't expect we're going to see Antonio replicating that. But that really is the sort of what you just described is the ecosystem developing on top of GreenLake. That's critical. >> Yeah. And this is one of the things I learned. So, being at Microsoft for as long as I was and leading the Azure business from a commercial standpoint, it was all about the partner and I mean, in all fairness, almost every solution that gets delivered has some sort of partner component to it. Might be an ISV app, might be a managed service, might be in a Colo, might be with our hybrid cloud, with our Hyperscalers, but everything has a partner component to it. And so one of the things I learned with Azure is, you have to sell through and with your ecosystem and go to that customer with a joint solution. And that's where it becomes so impactful and so powerful for what our customers are trying to accomplish. >> When we think about the data gravity and the value of data that put massive potential that it has, even Antonio talked about it this morning, being data rich but insights poor for a long time. >> Yeah. >> Every company in today's day and age has to be a data company to be competitive, there's no more option for that. How does GreenLake empower companies? GreenLake and its ecosystem empower companies to really live being data companies so that they can meet their customers where they are. >> I think it's a really great point because like we said, data's the new currency. Data's the new gold that's out there and people have to get their arms around their data estate. So then they can make these business decisions, these business insights and garner that. And Dave, you mentioned earlier, the Edge is bringing a ton of new data in, and my Zenseact example is a good one. But with GreenLake, you now have a platform that can do data and data management and really sort of establish and secure the data for you. There's no data latency, there's no data egress charges. And which is what we typically run into with the public cloud. But we also support a wide range of databases, open source, as well as the commercial ones, the sequels and those types of scenarios. But what really comes to life is when you have to do analytics on that and you're doing AI and machine learning. And this is one of the benefits I think that people don't realize with HPE is, the investments we've made with Cray, for example, we have and you saw on stage today, the largest supercomputer in the world. That depth that we have as a company, that then comes down into AI and analytics for what we can do with high performance compute, data simulations, data modeling, analytics, like that is something that we, as a company, have really deep, deep capabilities on. So it's exciting to see what we can bring to customers all for that spectrum of data. >> I was excited to see Frontier, they actually achieve, we hosted an event, co-produced event with HPE during the pandemic, Exascale day. >> Yeah. >> But we weren't quite at Exascale, we were like right on the cusp. So to see it actually break through was awesome. So HPC is clearly a differentiator for Hewlett Packard Enterprise. And you talk about the egress. What are some of the other differentiators? Why should people choose GreenLake? >> Well, I think the biggest thing is, that it's truly is a edge to cloud platform. And so you talk about Aruba and our capabilities with a network attached and network as a service capabilities, like that's fairly unique. You don't see that with the other companies. You mentioned earlier to me that compute capabilities that we've had as a company and the storage capabilities. But what's interesting now is that we're sort of taking all of that expertise and we're actually starting to deliver these cloud services that you saw on stage, private cloud, AI and machine learning, high performance computing, VDI, SAP. And now we're actually getting into these industry solutions. So we talked last year about electronic medical records, this year, we've talked about 5g. Now, we're talking about customer loyalty applications. So we're really trying to move from these sort of baseline capabilities and yes, containers and VMs and bare metal, all that stuff is important, but what's really important is the services that you run on top of that, 'cause that's the outcomes that our customers are looking at. >> Should we expect you to be accelerating? I mean, look at what you did with Azure. You look at what AWS does in terms of the feature acceleration. Should we expect HPE to replicate? Maybe not to that scale, but in a similar cadence, we're starting to see that. Should we expect that actually to go faster? >> I think you couched it really well because it's not as much about the quantity, but the quality and the uses. And so what we've been trying to do is say, hey, what is our swim lane? What is our sweet spot? Where do we have a superpower? And where are the areas that we have that superpower and how can we bring those solutions to our customers? 'Cause I think, sometimes, you get over your skis a bit, trying to do too much, or people get caught up in the big numbers, versus the, hey, what's the real meat behind it. What's the tangible outcome that we can deliver to customers? And we see just a massive TAM. I want to say my last analysis was around $42 billion in the next three years, TAM and the Azure service on-prem space. And so we think that there's nothing but upside with the core set of workloads, the core set of solutions and the cloud services that we bring. So yeah, we'll continue to innovate, absolutely, amen, but we're not in a, hey we got to get to 250 this and 300 that, we want to keep it as focused as we can. >> Well, the vast majority of the revenue in the public cloud is still compute. I mean, not withstanding, Microsoft obviously does a lot in SaaS, but I'm talking about the infrastructure and service. Still, well, I would say over 50%. And so there's a lot of the services that don't make any revenue and there's that long tail, if I hear your strategy, you're not necessarily going after that. You're focusing on the quality of those high value services and let the ecosystem sort of bring in the rest. >> This is where I think the, I mean, I love that you guys are asking me about the ecosystem because this is where their sweet spot is. They're the experts on hyper-converged or databases, a service or VDI, or even with SAP, like they're the experts on that piece of it. So we're enabling that together to our customers. And so I don't want to give you the impression that we're not going to innovate. Amen. We absolutely are, but we want to keep it within that, that again, our swim lane, where we can really add true value based on our expertise and our capabilities so that we can confidently go to customers and say, hey, this is a solution that's going to deliver this business value or this capability for you. >> The partners might be more comfortable with that than, we only have one eye sleep with one eye open in the public cloud, like, okay, what are they going to, which value of mine are they grab next? >> You're spot on. And again, this is where I think, the power of what an Edge to cloud platform like HPE GreenLake can do for our customers, because it is that sort of, I mentioned it, one plus one equals three kind of scenario for our customers so. >> So we can leave your customers, last question, Keith. I know we're only on day one of the main summit, the partner growth summit was yesterday. What's the feedback been from the customers and the ecosystem in terms of validating the direction that HPE is going? >> Well, I think the fantastic thing has been to hear from our customers. So I mentioned in my keynote recently, we had Liberty Mutual and we had Texas Children's Hospital, and they're implementing HPE GreenLake in a variety of different ways, from a private cloud standpoint to a data center consolidation. They're seeing sustainability goals happen on top of that. They're seeing us take on management for them so they can take their limited resources and go focus them on innovation and value added scenarios. So the flexibility and cost that we're providing, and it's just fantastic to hear this come to life in a real customer scenario because what Texas Children is trying to do is improve patient care for women and children like who can argue with that. >> Nobody. >> So, yeah. It's great. >> Awesome. Keith, thank you so much for joining Dave and me on the program, talking about all of the momentum with HPE Greenlake. >> Always. >> You can't walk in here without feeling the momentum. We appreciate your insights and your time. >> Always. Thank you you for the time. Yeah. Great to see you as well. >> Likewise. >> Thanks. >> For Keith White and Dave Vellante, I'm Lisa Martin. You're watching theCube live, day one coverage from the show floor at HPE Discover '22. We'll be right back with our next guest. (gentle music)

(upbeat music) >> Hello, and welcome to The Great Cloud Debate. I'm your moderator Rachel Dines. I'm joined by two debaters today Corey Quinn, Cloud Economist at the Duckbill Group and Stu Miniman, Senior Analyst and Host of theCube. Welcome Corey and Stu, this when you can say hello. >> Hey Rachel, great to talk to you. >> And it's better to talk to me. It's always a pleasure to talk to the fine folks over at CloudHealth at by VMware and less of the pleasure to talk to Stu. >> Smack talk is scheduled for later in the agenda gentlemen, so please keep it to a minimum now to keep us on schedule. So here's how today is going to work. I'm going to introduce a debate topic and assign Corey and Stu each to a side. Remember, their assignments are what I decide and they might not actually match their true feelings about a topic, and it definitely does not represent the feelings of their employer or my employer, importantly. Each debater is going to have two minutes to state their opening arguments, then we'll have rebuttals. And each round you the audience gets to vote of who you think is winning. And at the end of the debate, I'll announce the winner. The prize is bragging rights of course, but then also we're having each debater play to win lunch for their local hospital, which is really exciting. So Stu, which hospital are you playing for? >> Yeah, so Rachel, I'm choosing Brigham Women's Hospital. I get a little bit of a home vote for the Boston audience here and was actually my wife's first job out of school. >> Great hospital. Very, very good. All right, Corey, what about you? >> My neighbor winds up being as specialist in infectious diseases as a doctor, and that was always one of those weird things you learn over a cocktail party until this year became incredibly relevant. So I will absolutely be sending the lunch to his department. >> Wonderful! All right. Well, is everyone ready? Any last words? This is your moment for smack talk. >> I think I'll say that for once we can apply it to a specific technology area. Otherwise, it was insulting his appearance and that's too easy. >> All right, let's get going. The first topic is multicloud. Corey, you'll be arguing that companies are better off standardizing on a single cloud. While Stu, you're going to argue the companies are better off with a multicloud strategy. Corey, you're up first, two minutes on the clock and go. >> All right. As a general rule, picking a single provider and going all in leads to the better outcome. Otherwise, you're trying to build every workload to run seamlessly on other providers on a moment's notice. You don't ever actually do it and all you're giving up in return is the ability to leverage whatever your primary cloud provider is letting you build. Now you're suddenly trying to make two differently behaving load balancers work together in the same way, you're using terraform or as I like to call it multicloud formation in the worst of all possible ways. Because now you're having to only really build on one provider, but all the work you're putting in to make that scale to other providers, you might theoretically want to go to at some point, it slows you down, you're never going to be able to move as quickly trying to build for everyone as you are for one particular provider. And I don't care which provider you pick, you probably care which one you pick, I don't care which one. The point is, you've got to pick what's right for your business. And in almost every case, that means start on a single platform. And if you need to migrate down the road years from now, great, that means A you've survived that long, and B you now have the longevity as a business to understand what migrating looks like. Otherwise you're not able to take care of any of the higher level offerings these providers offer that are even slightly differentiated from each other. And even managed database services behave differently. You've got to become a master of all the different ways these things can fail and unfortunate and displeasing ways. It just leaves you in a position where you're not able to specialize, and of course, makes hiring that much harder. Stu, fight me! >> Tough words there. All right, Stu, your turn. Why are companies better off if they go with a multicloud strategy? Got two minutes? >> Yeah, well first of all Corey, I'm really glad that I didn't have to whip out the AWS guidelines, you were not sticking strictly to it and saying that you could not use the words multicloud, cross-cloud, any cloud or every cloud so thank you for saving me that argument. But I want you to kind of come into the real world a little bit. We want access to innovation, we want flexibility, and well, we used to say I would have loved to have a single provider, in the real world we understand that people end up using multiple solutions. If you look at the AI world today, there's not a provider that is a clear leader in every environment that I have. So there's a reason why I might want to use a lot of clouds. Most companies I talked to, Corey, they still have some of their own servers. They're working in a data center, we've seen huge explosion in the service provider world connecting to multiple clouds. So well, a couple of years ago, multicloud was a complete mess. Now, it's only a little bit of a mess, Corey. So absolutely, there's work that we need to do as an industry to make these solutions better. I've been pining for a couple years to say that multicloud needs to be stronger than the sum of its pieces. And we might not yet be there but limiting yourself to a single cloud is reducing your access to innovation, it's reducing your flexibility. And when you start looking at things like edge computing and AI, I'm going to need to access services from multiple providers. So single cloud is a lovely ideal, but in the real world, we understand that teams come with certain skill sets. We end up in many industries, we have mergers and acquisitions. And it's not as easy to just rip out all of your cloud, like you would have 20 years ago, if you said, "Oh, well, they have a phone system or a router "that didn't match what our corporate guidelines is." Cloud is what we're doing. There's lots of solutions out there. And therefore, multicloud is the reality today, and will be the reality going forward for many years to come. >> Strong words from you, Stu. Corey, you've got 60 seconds for rebuttal. I mostly agree with what you just said. I think that having different workloads in different clouds makes an awful lot of sense. Data gravity becomes a bit of a bear. But if you acquire a company that's running on a different cloud than the one that you've picked, you'd be ridiculous to view migrating as anything approaching a strategic priority. Now, this also gets into the question of what is cloud? Our G Suite stuff counts as cloud, but no one really views it in that way. Similarly, when you have an AI specific workload, that's great. As long as it isn't you seriously expensive to move data between providers. That workload doesn't need to live in the same place as your marketing website does. I think that the idea of having a specific cloud provider that you go all in on for every use case, well, at some point that leads to ridiculous things like pretending that Amazon WorkDocs has customers, it does not. But for things that matter to your business and looking at specific workloads, I think that you're going to find a primary provider with secondary workloads here and they're scattered elsewhere to be the strategy that people are getting at when they use the word multicloud badly. >> Time's up for you Corey, Stu we've got time for rebuttal and remember, for those of you in the audience, you can vote at any time and who you think is winning this round. Stu, 60 seconds for a rebuttal. >> Yeah, absolutely Corey. Look, you just gave the Andy Jassy of what multicloud should be 70 to 80% goes to a single provider. And it does make sense we know nobody ever said multicloud equals the same amount in multiple environments but you made a clear case as to why multicloud leveraging multi providers is likely what most companies are going to do. So thank you so much for making a clear case as to why multicloud not equal cloud, across multiple providers is the way to go. So thank you for conceding the victory. >> Last Words, Corey. >> If that's what you took from it Stu, I can't get any closer to it than you have. >> All right, let's move on to the next topic then. The next topic is serverless versus containers which technology is going to be used in, let's say, five to 10 years time? And as a reminder, I'm going to assign each of the debaters these topics, their assignments may or may not match their true feelings about this topic, and they definitely don't represent the topics of my employer, CloudHealth by VMware. Stu, you're going to argue for containers. Corey you're going to argue for start serverless. Stu, you're up first. Two minutes on the clock and go. >> All right, so with all respect to my friends in the serverless community, We need to have a reality check as to how things work. We all know that serverless is a ridiculous name because underneath we do need to worry about all of the infrastructure underneath. So containers today are the de facto building block for cloud native architectures, just as the VM defined the ecosystem for an entire generation of solutions. Containers are the way we build things today. It is the way Google has architected their entire solution and underneath it is often something that's used with serverless. So yes, if you're, building an Alexa service, serverless make what's good for you. But for the vast majority of solutions, I need to have flexibility, I need to understand how things work underneath it. We know in IT that it's great when things work, but we need to understand how to fix them when they break. So containerization gets us to that atomic level, really close to having the same thing as the application. And therefore, we saw the millions of users that deploy Docker, we saw the huge wave of container orchestration led by Kubernetes. And the entire ecosystem and millions of customers are now on board with this way of designing and architecting and breaking down the silos between the infrastructure world and the application developer world. So containers, here to stay growing fast. >> All right, Corey, what do you think? Why is serverless the future? >> I think that you're right in that containers are the way you get from where you were to something that runs effectively in a cloud environment. That is why Google is so strongly behind Kubernetes it helps get the entire industry to write code the way that Google might write code. And that's great. But if you're looking at effectively rewriting something from scratch, or building something that new, the idea of not having to think about infrastructure in the traditional sense of being able to just here, take this code and run it in a given provider that takes whatever it is that you need to do and could loose all these other services together, saves an awful lot of time. As that continues to move up the stack towards the idea of no code or low code. And suddenly, you're now able to build these applications in ways that require just a little bit of code that tie together everything else. We're closer than ever to that old trope of the only code you write is business logic. Serverless gives a much clearer shot of getting there, if you can divorce yourself from the past of legacy workloads. Legacy, of course meaning older than 18 months and makes money. >> Stu, do you have a rebuttal, 60 seconds? >> Yeah. So Corey, we've been talking about this Nirvana in many ways. It's the discussion that we had for paths for over a decade now. I want to be able to write my code once not worry about where it lives, and do all this. But sometimes, there's a reason why we keep trying the same thing over and over again, but never reaching it. So serverless is great for some application If you talked about, okay, if you're some brand new webby thing there and I don't want to have to do this team, that's awesome. I've talked to some wonderful people that don't know anything about coding that have built some cool stuff with serverless. But cool stuff isn't what most business runs on, and therefore containerization is, as you said, it's a bridge to where I need to go, it lives in these cloud environments, and it is the present and it is the future. >> Corey, your response. >> I agree that it's the present, I doubt that it's the future in quite the same way. Right now Kubernetes is really scratching a major itch, which is how all of these companies who are moving to public cloud still I can have their infrastructure teams be able to cosplay as cloud providers themselves. And over time, that becomes simpler and I think on some level, you might even see a convergence of things that are container workloads begin to look a lot more like serverless workloads. Remember, we're aiming at something that is five years away in the context of this question. I think that the serverless and container landscape will look very different. The serverless landscape will be bright and exciting and new, whereas unfortunately the container landscape is going to be represented by people like you Stu. >> Hoarse words from Corey. Stu, any last words or rebuttals? >> Yeah, and look Corey absolutely just like we don't really think about the underlying server or VM, we won't think about the containers you won't think about Kubernetes in the future, but, the question is, which technology will be used in five to 10 years, it'll still be there. It will be the fabric of our lives underneath there for containerization. So, that is what we were talking about. Serverless I think will be useful in pockets of places but will not be the predominant technology, five years from now. >> All right, tough to say who won that one? I'm glad I don't have to decide. I hope everyone out there is voting, last chance to vote on this question before we move on to the next. Next topic is cloud wars. I'm going to give a statement and then I'm going to assign each of you a pro or a con, Google will never be an actual contender in the cloud wars always a far third, we're going to have Corey arguing that Google is never going to be an actual contender. And Stu, you're going to argue that Google is eventually going to overtake the top two AWS and Azure. As a constant reminder, I'm assigning these topics, it's my decision and also they don't match the opinions of me, my employer, or likely Stu or Corey. This is all just for fun and games. But I really want to hear what everyone has to say. So Corey, you're up first two minutes. Why is Google never going to be an actual contender and go. >> The biggest problem Google has in the time of cloud is their ability to forecast longer term on anything that isn't their advertising business, and their ability to talk to human beings long enough to meet people where they are. We're replacing their entire culture is what it's going to take to succeed in the time of cloud and with respect, Thomas Kurian is a spectacular leader internally but look at where he's come from. He spent 22 years at Oracle and now has been transplanted into Google. If we take a look at Satya Nadella's cloud transformation at Microsoft, he was able to pull that off as an insider, after having known intimately every aspect of that company, and he grew organically with it and was perfectly positioned to make that change. You can't instill that kind of culture change by dropping someone externally, on top of an organization and expecting anything to go with this magic one day wake up and everything's going to work out super well. Google has a tremendous amount of strengths, and I don't see that providing common denominator cloud computing services to a number of workloads that from a Google perspective are horrifying, is necessarily in their wheelhouse. It feels like their entire focus on this is well, there's money over there. We should go get some of that too. It comes down to the traditional Google lack of focus. >> Stu, rebuttal? Why do you think Google has a shaft? >> Yeah, so first of all, Corey, I think we'd agree Google is a powerhouse in the world today. My background is networking, when they first came out with with Google Cloud, I said, Google has the best network, second to none in the world. They are ubiquitous today. If you talk about the impact they have on the world, Android phones, you mentioned Kubernetes, everybody uses G Suite maps, YouTube, and the like. That does not mean that they are necessarily going to become the clear leader in cloud but, Corey, they've got really, really smart people. If you're not familiar with that talk to them. They'll tell you how smart they are. And they have built phenomenal solutions, who's going to be able to solve, the challenge every day of, true distributed systems, that a global database that can handle the clock down to the atomic level, Google's the one that does that we've all read the white papers on that. They've set the tone for Hadoop, and various solutions that are all over the place, and their secret weapon is not the advertising, of course, that is a big concern for them, but is that if you talk about, the consumer adoption, everyone uses Google. My kids have all had Chromebooks growing up. It isn't their favorite thing, but they get, indoctrinated with Google technology. And as they go out and leverage technologies in the world, Google is one that is known. Google has the strength of technology and a lot of positioning and partnerships to move them forward. Everybody wants a strong ecosystem in cloud, we don't want a single provider. We already discussed this before, but just from a competitive nature standpoint, if there is a clear counterbalance to AWS, I would say that it is Google, not Microsoft, that is positioned to be that clear and opportune. >> Interesting, very interesting Stu. So your argument is the Gen Zers will of ultimately when they come of age become the big Google proponents. Some strong words that as well but they're the better foil to AWS, Corey rebuttal? >> I think that Stu is one t-shirt change away from a pitch perfect reenactment of Charlie Brown. In this case with Google playing the part of Lucy yanking the football away every time. We've seen it with inbox, Google Reader, Google Maps, API pricing, GKE's pricing for control plane. And when your argument comes down to a suddenly Google is going to change their entire nature and become something that it is as proven as constitutionally incapable of being, namely supporting something that its customers want that it doesn't itself enjoy working on. And to the exclusion of being able to get distracted and focused on other things. Even their own conferences called Next because Google is more interested in what they're shipping than what they're building, than what they're currently shipping. I think that it is a fantasy to pretend that that is somehow going to change without a complete cultural transformation, which again, I don't see the seeds being planted for. >> Some sick burns in there Stu, rebuttal? >> Yeah. So the final word that I'll give you on this is, one of the most important pieces of what we need today. And we need to tomorrow is our data. Now, there are some concerns when we talk about Google and data, but Google also has strong strength in data, understanding data, helping customers leverage data. So while I agree to your points about the cultural shift, they have the opportunity to take the services that they have, and enable customers to be able to take their data to move forward to the wonderful world of AI, cloud, edge computing, and all of those pieces and solve the solution with data. >> Strong words there. All right, that's a tough one. Again, I hope you're all out there voting for who you think won that round. Let's move on to the last round before we start hitting the lightning questions. I put a call out on several channels and social media for people to have questions that they want you to debate. And this one comes from Og-AWS Slack member, Angelo. Angelo asks, "What about IBM Cloud?" Stu you're pro, Corey you're con. Let's have Stu you're up first. The question is, what about IBM Cloud? >> All right, so great question, Angelo. I think when you look at the cloud providers, first of all, you have to understand that they're not all playing the same game. We talked about AWS and they are the elephant in the room that moves nimbly as a cheetah. Every other provider plays a little bit of a different game. Google has strength in data. Microsoft, of course, has their, business productivity applications. IBM has a strong legacy. Now, Corey is going to say that they are just legacy and you need to think about them but IBM has strong innovation. They are a player in really what we call chapter two of the cloud. So when we start talking about multicloud, when we start talking about living in many environments, IBM was the first one to partner with VMware for VMware cloud before the mega VMware AWS announcement, there was IBM up on stage and if I remember right, they actually have more VMware customers on IBM Cloud than they do in the AWS cloud. So over my shoulder here, there's of course, the Red Hat $34 billion to bet on that multicloud solution. So as we talk about containerization, and Kubernetes, Red Hat is strongly positioned in open-source, and flexibility. So you really need a company that understands both the infrastructure side and the application side. IBM has database, IBM has infrastructure, IBM has long been the leader in middleware, and therefore IBM has a real chance to be a strong player in this next generation of platforms. Doesn't mean that they're necessarily going to go attack Amazon, they're partnering across the board. So I think you will see a kinder, gentler IBM and they are leveraging open source and Red Hat and I think we've let the dogs out on the IBM solution. >> Indeed. >> So before Corey goes, I feel the need to remind everyone that the views expressed here are not the views of my employer nor myself, nor necessarily of Corey or Stu. I have Corey. >> I haven't even said anything yet. And you're disclaiming what I'm about to say. >> I'm just warning the audience, 'cause I can't wait to hear what you're going to say next. >> Sounds like I have to go for the high score. All right. IBM's best days are behind it. And that is pretty clear. They like to get angry when people talk about how making the jokes about a homogenous looking group of guys in blue suits as being all IBM has to offer. They say that hasn't been true since the '80s. But that was the last time people cared about IBM in any meaningful sense and no one has bothered to update the relevance since then. Now, credit where due, I am seeing an awful lot of promoted tweets from IBM into my timeline, all talking about how amazing their IBM blockchain technology is. And yes, that is absolutely the phrasing of someone who's about to turn it all around and win the game. I don't see it happening. >> Stu, rebuttal? >> Look, Corey, IBM was the company that brought us the UPC code. They understand Mac manufacturing and blockchain actually shows strong presence in supply chain management. So maybe you're not quite aware of some of the industries that IBM is an expert in. So that is one of the big strengths of IBM, they really understand verticals quite well. And, at the IBM things show, I saw a lot in the healthcare world, had very large customers that were leveraging those solutions. So while you might dismiss things when they say, Oh, well, one of the largest telecom providers in India are leveraging OpenStack and you kind of go with them, well, they've got 300 million customers, and they're thrilled with the solution that they're doing with IBM, so it is easy to scoff at them, but IBM is a reliable, trusted provider out there and still very strong financially and by the way, really excited with the new leadership in place there, Arvind Krishna knows product, Jim Whitehurst came from the Red Hat side. So don't be sleeping on IBM. >> Corey, any last words? >> I think that they're subject to massive disruption as soon as they release the AWS 400 mainframe in the cloud. And I think that before we, it's easy to forget this, but before Google was turning off Reader, IBM stopped making the model M buckling spring keyboards. Those things were masterpieces and that was one of the original disappointments that we learned that we can't fall in love with companies, because companies in turn will not love us back. IBM has demonstrated that. Lastly, I think I'm thrilled to be working with IBM is exactly the kind of statement one makes only at gunpoint. >> Hey, Corey, by the way, I think you're spending too much time looking at all titles of AWS services, 'cause you don't know the difference between your mainframe Z series and the AS/400 which of course is heavily pending. >> Also the i series. Oh yes. >> The i series. So you're conflating your system, which still do billions of dollars a year, by the way. >> Oh, absolutely. But that's not we're not seeing new banks launching and then building on top of IBM mainframe technology. I'm not disputing that mainframes were phenomenal. They were, I just don't see them as the future and I don't see a cloud story. >> Only a cloud live your mainframe related smack talk. That's the important thing that we're getting to here. All right, we move-- >> I'm hoping there's an announcement from CloudHealth by VMware that they also will now support mainframe analytics as well as traditional cloud. >> I'll look into that. >> Excellent. >> We're moving on to the lightning rounds. Each debater in this round is only going to get 60 seconds for their opening argument and then 30 seconds for a rebuttal. We're going to hit some really, really big important questions here like this first one, which is who deserves to sit on the Iron Throne at the end of "Game of Thrones?" I've been told that Corey has never seen this TV show so I'm very interested to hear him argue for Sansa. But let's Sansa Stark, let's hear Stu go first with his argument for Jon Snow. Stu one minute on the clock, go. >> All right audience let's hear it from the king of the north first of all. Nothing better than Jon Snow. He made the ultimate sacrifice. He killed his love to save Westeros from clear destruction because Khaleesi had gone mad. So Corey is going to say something like it's time for the women to do this but it was a woman she went mad. She started burning the place down and Jon Snow saved it so it only makes sense that he should have done it. Everyone knows it was a travesty that he was sent back to the Wall, and to just wander the wild. So absolutely Jon Snow vote for King of the North. >> Compelling arguments. Corey, why should Sansa Stark sit on the throne? Never having seen the show I've just heard bits and pieces about it and all involves things like bloody slaughters, for example, the AWS partner Expo right before the keynote is best known as AWS red wedding. We take a look at that across the board and not having seen it, I don't know the answer to this question, but how many of the folks who are in positions of power we're in fact mediocre white dudes and here we have Stu advocating for yet another one. Sure, this is a lightning round of a fun event but yes, we should continue to wind up selecting this mediocre white person has many parallels in terms of power, et cetera, politics, current tech industry as a whole. I think she's right we absolutely should give someone with a look like this a potential opportunity to see what they can do instead. >> Ouch, Stu 30 seconds rebuttal. >> Look, I would just give a call out to the women in the audience and say, don't you want Jon Snow to be king? >> I also think it's quite bold of Corey to say that he looks like Kit Harington. Corey, any last words? >> I think that it sad you think Stu was running for office at this point because he's become everyone's least favorite animal, a panda bear. >> Fire. All right, so on to the next question. This one also very important near and dear to my heart personally, is a hot dog a sandwich. Corey you'll be arguing no, Stu will be arguing yes. I must also add this important disclaimer that these assignments are made by me and might not reflect the actual views of the debaters here so Corey, you're up first. Why is a hot dog not a sandwich? >> Because you'll get punched in the face if you go to a deli of any renown and order a hot dog. That is not what they serve there. They wind up having these famous delicatessen in New York they have different sandwiches named after different celebrities. I shudder to think of the deadly insult that naming a hot dog after a celebrity would be to that not only celebrity in some cases also the hot dog too. If you take a look and you want to get sandwiches for lunch? Sure. What are we having catered for this event? Sandwiches. You show up and you see a hot dog, you're looking around the hot dog to find the rest of the sandwich. Now while it may check all of the boxes for a technical definition of what a sandwich is, as I'm sure Stu will boringly get into, it's not what people expect, there's a matter of checking the actual boxes, and then delivering what customers actually want. It's why you can let your product roadmap be guided by cart by customers or by Gartner but rarely both. >> Wow, that one hurts. Stu, why is the hot dog a sandwich? >> Yeah so like Corey, I'm sorry that you must not have done some decent traveling 'cause I'm glad you brought up the definition because I'm not going to bore you with yes, there's bread and there's meat and there's toppings and everything else like that but there are some phenomenal hot dogs out there. I traveled to Iceland a few years ago, and there's a little hot dog stand out there that's been there for over 40 or 50 years. And it's one of the top 10 culinary experience I put in. And I've been to Michelin star restaurants. You go to Chicago and any local will be absolutely have to try our creation. There are regional hot dogs. There are lots of solutions there and so yeah, of course you don't go to a deli. Of course if you're going to the deli for takeout and you're buying meats, they do sell hot dogs, Corey, it's just not the first thing that you're going to order on the menu. So I think you're underselling the hot dog. Whether you are a child and grew up and like eating nothing more than the mustard or ketchup, wherever you ate on it, or if you're a world traveler, and have tried some of the worst options out there. There are a lot of options for hot dogs so hot dog, sandwich, culinary delight. >> Stu, don't think we didn't hear that pun. I'm not sure if that counts for or against you, but Corey 30 seconds rebuttal. >> In the last question, you were agitating for putting a white guy back in power. Now you're sitting here arguing that, "Oh some of my best friend slash meals or hot dogs." Yeah, I think we see what you're putting down Stu and it's not pretty, it's really not pretty and I think people are just going to start having to ask some very pointed, delicate questions. >> Tough words to hear Stu. Close this out or rebuttal. >> I'm going to take the high road, Rachel and leave that where it stands. >> I think that is smart. All right, next question. Tabs versus spaces. Stu, you're going to argue for tabs, Corey, you're going to argue for spaces just to make this fun. Stu, 60 seconds on the clock, you're up first. Why are tabs the correct approach? >> First of all, my competitor here really isn't into pop culture. So he's probably not familiar with the epic Silicon Valley argument over this discussion. So, Corey, if you could explain the middle of algorithm, we will be quite impressed but since you don't, we'll just have to go with some of the technology first. Looks, developers, we want to make things simple on you. Tabs, they're faster to do they take up less memory. Yes, they aren't quite as particular as using spaces but absolutely, they get the job done and it is important to just, focus on productivity, I believe that the conversation as always, the less code you can write, the better and therefore, if you don't have to focus on exactly how many spaces and you can just simplify with the tabs, you're gona get close enough for most of the job. And it is easier to move forward and focus on the real work rather than some pedantic discussion as to whether one thing is slightly more efficient than the other. >> Great points Stu. Corey, why is your pedantic approach better? >> No one is suggesting you sit there and whack the spacebar four times or eight times you hit the Tab key, but your editor should be reasonably intelligent enough to expand that. At that point, you have now set up a precedent where in other cases, other parts of your codebase you're using spaces because everyone always does. And that winds up in turn, causing a weird dissonance you'll see a bunch of linters throwing issues if you use tabs as a direct result. Now the wrong answer is, of course, and I think Steve will agree with me both in the same line. No one is ever in favor of that. But I also want to argue with Stu over his argument about "Oh, it saves a little bit of space "is the reason one should go with tabs instead." Sorry, that argument said bye bye a long time ago, and that time was the introduction of JavaScript, where it takes many hundreds of Meg's of data to wind up building hello world. Yeah, at that point optimization around small character changes are completely irrelevant. >> Stu, rebuttal? >> Yeah, I didn't know that Corey did not try to defend that he had any idea what Silicon Valley was, or any of the references in there. So Rachel, we might have to avoid any other pop culture references. We know Corey just looks at very specific cloud services and can't have fun with some of the broader themes there. >> You're right my mistake Stu. Corey, any last words? >> It's been suggested that whole middle out seen on the whiteboard was came from a number of conversations I used to have with my co-workers as in people who were sitting in the room with me watching that episode said, Oh my God, I've been in the room while you had this debate with your friend and I will not name here because they at least still strive to remain employable. Yeah, it's, I understand the value in the picking these fights, we could have gone just as easily with vi versus Emacs, AWS versus Azure, or anything else that you really care to pick a fight with. But yeah, this is exactly the kind of pedantic fight that everyone loves to get involved with, which is why I walked a different path and pick other ridiculous arguments. >> Speaking of those ridiculous arguments that brings us to our last debate topic of the day, Corey you are probably best known for your strong feelings about the pronunciation of the acronym for Amazon Machine Image. I will not be saying how I think it is pronounced. We're going to have you argue each. Stu, you're going to argue that the acronym Amazon Machine Image should be pronounced to rhyme with butterfly. Corey, you'll be arguing that it rhymes with mommy. Stu, rhymes with butterfly. Let's hear it, 60 seconds on the clock. >> All right, well, Rachel, first of all, I wish I could go to the videotape because I have clear video evidence from a certain Corey Quinn many times arguing why AMI is the proper way to pronounce this, but it is one of these pedantic arguments, is it GIF or GIF? Sometimes you go back and you say, Okay, well, there's the way that the community did it. And the way that oh wait, the founder said it was a certain way. So the only argument against AMI, Jeff Barr, when he wrote about the history of all of the blogging that he's done from AWS said, I wish when I had launched the service that I pointed out the correct pronunciation, which I won't even deem to talk it because the community has agreed by and large that AMI is the proper way to pronounce it. And boy, the tech industry is rific on this kind of thing. Is it SQL and no SQL and you there's various ways that we butcher these constantly. So AMI, almost everyone agrees and the lead champion for this argument, of course is none other than Corey Quinn. >> Well, unfortunately today Corey needs to argue the opposite. So Corey, why does Amazon Machine Image when pronounce as an acronym rhyme with mommy? >> Because the people who built it at Amazon say that it is and an appeal to authorities generally correct when the folks built this. AWS has said repeatedly that they're willing to be misunderstood for long periods of time. And this is one of those areas in which they have been misunderstood by virtually the entire industry, but they are sticking to their guns and continuing to wind up advocating for AMI as the correct pronunciation. But I'll take it a step further. Let's take a look at the ecosystem companies. Whenever Erica Brescia, who is now the COO and GitHub, but before she wound up there, she was the founder of Bitnami. And whenever I call it Bitn AMI she looks like she is barely successfully restraining herself from punching me right in the mouth for that pronunciation of the company. Clearly, it's Bitnami named after the original source AMI, which is what the proper term pronunciation of the three letter acronym becomes. Fight me Stu. >> Interesting. Interesting argument, Stu 30 seconds, rebuttal. >> Oh, the only thing he can come up with is that, you take the word Bitnami and because it has that we know that things sound very different if you put a prefix or a suffix, if you talk to the Kubernetes founders, Kubernetes should be coop con but the people that run the conference, say it cube con so there are lots of debates between the people that create it and the community. I in general, I'm going to vote with the community most of the time. Corey, last words on this topic 'cause I know you have very strong feelings about it. >> I'm sorry, did Stu just say Kubernetes and its community as bastions of truth when it comes to pronouncing anything correctly? Half of that entire conference is correcting people's pronunciation of Kubernetes, Kubernetes, Kubernetes, Kubernetes and 15 other mispronunciations that they will of course yell at you for but somehow they're right on this one. All right. >> All right, everyone, I hope you've been voting all along for who you think is winning each round, 'cause this has been a tough call. But I would like to say that's a wrap for today. big thank you to our debaters. You've been very good sports, even when I've made you argue for against things that clearly are hurting you deep down inside, we're going to take a quick break and tally all the votes. And we're going to announce a winner up on the Zoom Q and A. So go to the top of your screen, Click on Zoom Q and A to join us and hear the winner announced and also get a couple minutes to chat live with Corey and Stu. Thanks again for attending this session. And thank you again, Corey and Stu. It's been The Great Cloud Debate. All right, so each round I will announce the winner and then we're going to announce the overall winner. Remember that Corey and Stu are playing not just for bragging rights and ownership of all of the internet for the next 24 hours, but also for lunch to be donated to their local hospital. Corey is having lunch donated to the California Pacific Medical Centre. And Stu is having lunch donated to Boston Medical Centre. All right, first up round one multicloud versus monocloud. Stu, you were arguing for multicloud, Corey, you were arguing for one cloud. Stu won that one by 64% of the vote. >> The vendor fix was in. >> Yeah, well, look, CloudHealth started all in AWS by supporting customers across those environments. So and Corey you basically conceded it because we said multicloud does not mean we evenly split things up. So you got to work on those two skills, buddy, 'cause, absolutely you just handed the victory my way. So thank you so much and thank you to the audience for understanding multicloud is where we are today, and unfortunately, it's where we're gonnao be in the future. So as a whole, we're going to try to make it better 'cause it is, as Corey and I both agree, a bit of a mess right now. >> Don't get too cocky. >> One of those days the world is going to catch up with me and realize that ad hominem is not a logical fallacy so much as it is an excellent debating skill. >> Well, yeah, I was going to say, Stu, don't get too cocky because round two serverless versus containers. Stu you argued for containers, Corey you argued for serverless. Corey you won that one with 65, 66 or most percent of the vote. >> You can't fight the future. >> Yeah, and as you know Rachel I'm a big fan of serverless. I've been to the serverless comp, I actually just published an excellent interview with Liberty Mutual and what they're doing with serverless. So love the future, it's got a lot of maturity to deliver on the promise that it has today but containers isn't going anyway or either so. >> So, you're not sad that you lost that one. Got it, good concession speech. Next one up was cloud wars specifically Google. is Google a real contender in the clouds? Stu, you were arguing yes they are. Corey, you were arguing no they aren't. Corey also won this round was 72% of the votes. >> Yeah, it's one of those things where at some point, it's sort of embarrassing if you miss a six inch pot. So it's nice that that didn't happen in this case. >> Yeah, so Corey, is this the last week that we have any competitors to AWS? Is that what we're saying? And we all accept our new overlords. Thank you so much, Corey. >> Well I hope not, my God, I don't know what to be an Amazonian monoculture anymore than I do anyone else. Competition makes all of us better. But again, we're seeing a lot of anti competitive behaviour. For example, took until this year for Microsoft to finally make calculator uninstallable and I trust concerned took a long time to work its way of course. >> Yeah, and Corey, I think everyone is listening to what you've been saying about what Google's doing with Google Meet and forcing that us when we make our pieces there. So definitely there's some things that Google culture, we'd love them to clean up. And that's one of the things that's really held back Google's enterprise budget is that advertised advertising driven culture. So we will see. We are working hand-- >> That was already opted out of Hangouts, how do we fix it? We call it something else that they haven't opted out of yet. >> Hey, but Corey, I know you're looking forward to at least two months of weekly Google live stuff starting this summer. So we'll have a lot of time to talk about google. >> Let's not kid ourselves they're going to cancel it halfway through. (Stu laughs) >> Boys, I thought we didn't have any more smack talk left in you but clearly you do. So, all right, moving on. Next slide. This is the last question that we did in the main part of the debate. IBM Cloud. What about IBM Cloud was the question, Stu, you were pro, Corey you were con. Corey, you won this one again with 62% of the vote and for the main. >> It wasn't just me, IBM Cloud also won. The problem is that competition was oxymoron of the day. >> I don't know Rachel, I thought this one had a real shot as to putting where IBM fits. I thought we had a good discussion there. It seemed like some of the early voting was going my way but it just went otherwise. >> It did. We had some last minute swings in these polls. They were going one direction they rapidly swung another it's a fickle crowd today. So right now we've got Corey with three points Stu with one but really the lightning round anyone's game. They got very close here. The next question, lightning round question one, was "Game of Thrones" who deserves to sit on the Iron Throne? Stu was arguing for Jon Snow, Corey was arguing for Sansa Stark also Corey has never seen Game of Thrones. This was shockingly close with Stu at 51.5% of the vote took the crown on this King of the North Stu. >> Well, I'm thrilled and excited that King of the North pulled things out because it would have been just a complete embarrassment if I lost to Corey on this question. >> It would. >> It was the right answer, and as you said, he had no idea what he's talking about, which, unfortunately is how he is on most of the rest of it. You just don't realize that he doesn't know what he's talking about. 'Cause he uses all those fast words and discussion points. >> Well, thank you for saying the quiet part out loud. Now, I am completely crestfallen as to the results of this question about a thing I've never seen and could not possibly care less about not going in my favor. I will someday managed to get over this. >> I'm glad you can really pull yourself together and keep on going with life, Corey it's inspiring. All right, next question. Was the lightning round question two is a hot dog a sandwich? Stu, you were arguing yes. Corey, you were arguing no. Corey landslide, you won this 75% of the vote. >> It all comes down to customer expectations. >> Yeah. >> Just disappointment. Disappointment. >> All right, next question tabs versus spaces. Another very close one. Stu, what were you arguing for Stu? >> I was voting tabs. >> Tabs, yeah. And Corey, you were arguing spaces. This did not turn out the way I expected. So Stu you lost this by slim margin Corey 53% of the vote. You won with spaces. >> Yep. And I use spaces in my day to day life. So that's a position I can actually believe in. >> See, I thought I was giving you the opposite point of view there. I mistook you for the correct answer, in my opinion, which is tabs. >> Well, it is funnier to stalk me on Twitter and look what I have to there than on GitHub where I just completely commit different kinds of atrocities. So I don't blame you. >> Caught that pun there. All right, the last rounds. Speaking of atrocities, AMI, Amazon Machine Image is it pronounced AMI or AMI? >> I better not have won this one. >> So Stu you were arguing that this is pronounced AMI rhymes with butterfly. Corey, you were arguing that it's pronounced AMI like mommy. Any guesses under who won this? >> It better be Stu. >> It was a 50, 50 split complete tie. So no points to anyone. >> For your complete and utterly failed on this because I should have won in a landslide. My entire argument was based on every discussion you've had on this. So, Corey I think they're just voting for you. So I'm really surprised-- >> I think at this point it shows I'm such a skilled debater that I could have also probably brought you to a standstill taking the position that gravity doesn't exist. >> You're a master of few things, Corey. Usually it's when you were dressed up nicely and I think they like the t-shirt. It's a nice t-shirt but not how we're usually hiding behind the attire. >> Truly >> Well. >> Clothes don't always make a demand. >> Gentlemen, I would like to say overall our winner today with five points is Corey. Congratulations, Corey. >> Thank you very much. It's always a pleasure to mop the floor with you Stu. >> Actually I was going to ask Stu to give the acceptance speech for you, Corey and, Corey, if you could give a few words of concession, >> Oh, that's a different direction. Stu, we'll start with you, I suppose. >> Yeah, well, thank you to the audience. Obviously, you voted for me without really understanding that I don't know what I'm talking about. I'm a loudmouth on Twitter. I just create a bunch of arguments out there. I'm influential for reasons I don't really understand. But once again, thank you for your votes so much. >> Yeah, it's always unfortunate to wind up losing a discussion with someone and you wouldn't consider it losing 'cause most of the time, my entire shtick is that I sit around and talk to people who know what they're talking about. And I look smart just by osmosis sitting next to them. Video has been rough on me. So I was sort of hoping that I'd be able to parlay that into something approaching a victory. But sadly, that hasn't worked out quite so well. This is just yet another production brought to you by theCube which shut down my original idea of calling it a bunch of squares. (Rachael laughs) >> All right, well, on that note, I would like to say thank you both Stu and Corey. I think we can close out officially the debate, but we can all stick around for a couple more minutes in case any fans have questions for either of them or want to get them-- >> Find us a real life? Yeah. >> Yeah, have a quick Zoom fight. So thanks, everyone, for attending. And thank you Stu, thank you Corey. This has been The Great Cloud Debate.

>>live from Las Vegas. It's the Q covering AWS executive. Something >>brought to you by Accenture. >>Welcome back, everyone. We are kicking off day two of the cubes. Live coverage of the ex center Executive Summit here at AWS. Reinvent, I'm your host, Rebecca Knight. We have three guests for this panel. We have some bad meta. He is the chief information officer at Putnam based in Boston. Where? Boston People together. Thank you so much for coming on the show. Nitin Gupta. He's the partner and solutions lead. Financial service is at AWS Welcomed and Shale Jane back again for more. Who leads the data business group in North America. Thanks >>so much the last time. >>Yes. We can't get enough of each other. So thank you so much for coming on the show. We're talking about the data data journey and financial service is so I'm gonna start with you, Sam. It tell us. Tell our viewers a little bit about Putnam. That your assets under management. Your employees? >>Sure. So you know, problem is a global firm. We are a leader in mutual funds in the mutual fund business. We're in 84 year old organization. We based in Boston on, and we are known for innovation. We've done a lot of firsts in our industry on our focus has always bean looking after the needs of our shareholders. So even as we launch digital transformation, we launch it with the lens off, making sure we're covering the needs of our shareholders. >>So what was the impetus? What was the driving force to it? To embark on this cloud journey? >>Sure, So you look recovered. The financial markets recover industries. We look at our own industry as well. Things are changing rather rapidly, right, if I may just turn it around a little bit. Last year's letter from our CEO Bob Reynolds, said That problem now has Maur increasingly Maur four and five star funds, according to Morningstar, then we've had it as a percent of total funds ever. Before we had inflows, when the rest of the industry were having outflows, we built a digital platform and we said digital technology at problem is how we gonna view the internal technology department who will help enable our company to go and provide the investment insights directly to our advisors and to our shareholders so that they can benefit from the performance that we're we're delivering, right? We can only do that through a change. What's really going on in our industry is that there's more choice that's now available to shareholders than ever before. So while we talk about where there's outflows in in in our world, there's actually a lot of flow happening, right, So So it's for us to figure out how. How are the tastes changing right? What are people buying would do advisors need? When do they need them and can reposition ourselves to service them at scale, and so that those are the things that are driving our business? For us to continue to serve the shareholders needs. We really need to be in tune with where the market is. So we're helping do that at Putnam through technology, >>so shale in it. And I mean, what he's just described is thin. This enormously changing landscape and financial service is disrupted by a lot of new entrance. A lot of financial text in tak, a lot of different kinds of technologies. A lot of industries are experiencing this rapid pace of change. How do u ex ensure in AWS work with Putnam amidst this tremendous change, and how do you sit down with the client and sort of work out? Where do we go from here? >>So you know, I want to touch upon a couple of things that made you said And Rebecca You said, So no one is the cloud of their journey. It's It's not a destination that you're trying to get to, And then the other thing that you talked about, it's change. So we had in the cycle right now. But there's a lot of change happening at an industry we had in the cycle Where you nothing, that $38 trillion or something, which is a generator, you know, they're just getting transferred from one generation to the other. I'm not getting any off it. Unfortunately, you know >>all of >>this change that is happening in the industry. What is really required is you need something up in terms of technology, a platform that allows you to move quickly on adapt really quickly to this change. And I think that's where cloud comes in when we talk about all the new generation technologies like data machine learning, artificial intelligence, how >>do you >>leverage all of those. How do you fail quickly? How do you test experiment? Run thousands of not millions of experiments and see what will work in what will not work and do that in a very cost effective way and cloud of a very easy. It's an effective way to do it. And the weight of Louis is helping our customers. Obviously. You know, we we announced a bunch of service is yes, today way have the widest and the deepest tack that is dead in the industry today. You know the strength of our partners. Accenture. So you know, Accenture has Bean one of our longest standing partners altar and financial firm on, you know, working with them, working with our partners to enable our customers. But then we're also investing very heavily in building our industry capabilities. Are accounting solution architects? Professional service is security professionals helping our customers answer all the questions that they would need to answer as they go in this journey with us. So it's, you know, we are in this with them for for the long haul on dhe, you know, super excited about parking trip. >>So from our perspective, I think where we view the world as at a point where we're post digital, where digital was to put a front end that made your engagement with the customers much better. But now we're talking about intelligent enterprise, which is to really digitize the company from the inside out. So not only you need cloud for agility and all the other benefits that cloud offers, but you also need to look at data is the vehicle that would actually not only transform the culture of the company but also be able to integrate with your partners. For example, Cement talked about, you know, getting mind share from the advisers. But if you can exchange data, integrate data much better, faster with them and serve data to them in shapes and speeds that they need, they'll be more amenable to put you on their roster as well. So I think we're seeing a change that's mostly driven by the fintech industry disruption. That's that's happening as well. And it is no better time than now with the cloud and data to really help transform companies like >>the's tons of innovation, right, it's We heard Andy Jassy talk about the Let's roll Sweet the Sweets that are available to us. Our job is to learn what they are and how does it apply to our business because at the end of the game you said it's about our shareholders. It's about the value that we can bring. But we want to harness the power off all of the innovation, and we can't even though we've Bean an innovator, we're not going to innovate alone, all right, so it's really helpful to have to surround yourself with partners who have done this before, to be learning from others and bringing in the right tools at the right time, so so we can turn things around quickly, right? This is way are obviously very conservative and risk averse when it comes to managing other people's money. So we have to be very, very careful. Having said that, you know, we want to learn about all the guardrails we can put in place so we can go faster. >>I want to actually do something about what Shayla brought up, and that is the cultural change within the organization, because change is hard and so many people are resistant, particularly when things are going relatively well and they say Why mess that up with the new technology? So how is hard? Maybe >>is the understatement of the week very hard, and as you guys know, you know where it's not. It's not hard because people don't just want changes. They are experts in things that they've been doing for the last 15 years. 20 years. They've bean at our firm for a really long time. They really know how everything works from front to back. What happens, though? Now, when we get a changing need from the market and people want to buy things differently and we want to sell different products and maybe wanna introduce new products to the market, we can create bottlenecks that slow things down if we're not careful. So this is where we want to learn about the two pizza teams and how you can do things faster. How can we apply that to our world? Which means business partners working with technology, co located in small teams, being completely empowered to deliver solutions, right, working with our risk and compliance people, making sure that everyone's doing things that there were supposed to be doing right? How do we put that to work in the financial service is industry. So where we're learning as we go, we're learning to break down the sidles in the organization, and it's hot all the way around because we're experts in our areas. We know what we've done really well. But fortunately we have a leader in our CEO who's basically said that Let's transform problem so that we become leaders in the digital era for financial service is so with his support waken. Get the executive team align, and as the executive team aligns, then you find that people in the organization they want to work in this model, right but way don't know yet what we don't know, right? It's so we know how to do things from yesterday. Now we're learning and working together. So you guys have come in and this is where we've said, Bring in the people who have done this before and let's hold a session with 40 50 people that Putnam and let's just learn about what that transformation looked like at other places, so we don't make the same mistakes. >>Well, that's what Andy Jassy said in his fireside chat this morning. He was talking about how he had surgery recently in the question you need to ask your surgeon is how many times have you done this surgery? Because that is the critical thing. And so having a trusted partner is so important. So how how does it work that we're working together, collaborating on this relationship? How are you ensuring that Putnam doesn't make mistakes and does do the right tool for the right job shell? >>So, um, earlier this year, we actually launched an offering. A devious lighthouse with eight of us and what it is is a is a collection off. All of our assets are thought, leadership and architectures that we have garnered over the years, having worked with plants like Putnam and have them through the journey. So we put them all together and we bring Bring that Fourth Putnam is one of the first clients actually take advantage of it Abuse Data Lighthouse and, for example, we have a methodology that is specially customized for doing data on on eight of us. So things like that is what we bring to the table to help eliminate the risk that they may encounter. >>And data is critical to us, right? It's we manage a set of data assets, and that's the engine off the organization. So when we look at cloud migration way, look at what's our data strategy? How are rebuilding the so called you guys introduce the terminology for confirmed data sets? And then can we gallon eyes the rest of the organization around it, from investment professionals to operational professionals who used that data every day. Manager governent Make sure that it is what it's supposed to be. And to do that in a cloud environment where their user experience becomes a lot simpler, a lot easier almost takes I t a little away from the day to day. We don't have to be in the report writing business because we can make them more self service right that will create efficiencies in our organization. Our clients are asking us to do things at a lower cost than ever before and introduce more products and more tools and more service is right, so >>I would just tie with Samantha, just said with your question about culture. So if you can make it easy for people, for example, making things self service and data that's discovered through a catalog, so you have a place where you can go and find all the data sets it available. What is the quality? What is the veracity of data and then be able to take a piece of that and try some experiments with it? I think that would enable the cultural change much faster >>because they are able to basically do their jobs better. >>Yes, yes, >>it is. A is a more productive implement. Will highly >>engaged employees, right? We don't want to be in a situation where we find a lot of those disengagement moving employees and the mission for company. We want high engagement. We own people committed to what they're doing. We want to remove hurdles, and technology is they can produce great efficiencies, but it's not done right. It can also be a big hurdle. So we want to learn how to deliver the right tools, the right products to make it easier for way like to say, bring delightful experiences for our clients and our employees. >>Delightful. Another were another Jeff Bezos favorite word of his Obviously Putnam is, is a real innovator and really on the vanguard of this new technology. What are you seeing in the greater financial service is landscape. I mean, how how what are the what is the corporate mind set when it comes to this kind of change? >>So you know, when we look across our financial service is customer base across banking, capital markets, insurance pretty much every customer today. The question is not, you know if we should move to the cloud or when should we move to the cloud? But I think every every CEO and see io is asking the question, How do I move too loud? And what applications do I move over? How do I start on this journey of transformation? Whether it's a digital or it's reducing costs are improving my risk. Posher whatever that end goal is on dhe, you know, when we look at use cases across the industry, risk and data is with one of the easiest use cases to get started with, say, on Ben Field. They were looking at Solvent E to calculations for 25 million other policy holders, and they reduce that time from 10 days to 10 minutes. That is a, you know, really good use case off getting moving to the cloud. You know, if Indra is a great example. They're very public customer analyzing 38 building over market records in the stock market and looking in on alive in all of the data. On it up with data and risk is one of the core use cases that companies start with but then >>has to >>get more as they learn more about the cloud. As they get more get a deeper understanding, they start looking at other things, like Transforming Corp core applications. Today we have core creating applications, scored insurance application score, banking applications that are running running on the cloud. And then they start looking and innovation. You know, how do we look at artificial intelligence? How do we look at machine learning? How do we look at the new technologies to really transform our business and one of the great use case? And we thought so. You know, a lot off insurance companies Liberty Mutual using Lexx as part of their there was a conversational agent for their customers. But one of the interesting examples I have is it's ah, it's a reinsurer in Denmark, Italy insurer in Denmark, and what they're doing is they're using image recognition from from Amazon to look at on accident in the field and then analyzing that, using the using our recognition service to see what that that actual damages and what the cost is and feeding that information to the underwriter really compressing the time that it takes two from a clean filing to processing and payment to a matter of a few few few hours on getting that payment to the to the customer. So really creating a very positive customer experience. >>So it speaking of customer experiences, what have you know? You said you thought you were in service to your shareholders. What have been some of the results that you've seen? >>So you have to look across the organization, right? So our advisers served the need on the retail side, so we were like a bee to be business, right? So we have to be cognizant of what's going on in their world. They're sitting down with clients and talking through the choices, and they have certain needs what they need to fulfill their obligations. They need to explain why they're doing what they're doing. If Putnam knows where each of the advisers are at in their journey with their clients, we can be more helpful to them in explaining why our funds are behaving the way they are right, that information can be had at the right time at the right moment when they need it. Need it, And that brings advisers closer to our our teams are retail distribution teams are marketing teams are investment teams are investment professionals, are using data and analytics to get information to. We're using technology to get information to them faster, so companies are doing releases. There's a ton of information out there these days. We're using technology to dig deeper into the press releases as well as the SEC filings, looking at the footnotes, really trying to understand what they're trying to say, what they said before and what are analysts should be focused on. And we can take a 70 page document, condense it to seven pages and pinpoint what the technology tools say's are really insights. And the analysts will take the time and read the whole thing. But they'll also look at the insides and they'll add it into their process. So technology's additive to the investment process and really making a change help and then that's helping Dr performance. So at the end of the day, we're living good performance on our funds through data analytics technology, you know, give you another example. Some off the were were very strong in the in the mortgage analytics business and on the fixed income side. Our team's very well known. They've been together for many, many years now. They're starting to use data at scale, and we found that being able to go to the cloud to do these analytics right in hours instead of days has really made a material difference in the number of iterations we can run. So now the questions are, when we do risk management, can we do that a little differently and run more reiterations and get more accuracy? So we're seeing all of that benefit. That's direct user experience, that people are seeing people seeing how technology is helping them do a better job with their thesis. >>Excellent. Thank you so much for coming on. The Cube seem ed knitting and shale. A pleasure having you on. >>Thank you for being here. >>I'm Rebecca night. Stay tuned for more of the cubes. Live coverage of the Ex Center Executive Summit coming up in just a little bit

>> From the SiliconANGLE Media office in Boston, Massachusetts, it's theCUBE. Now, here's your host, Dave Vellante. >> Hello, everyone, and welcome to this week's Cube Insights, powered by ETR. Today is November 8, 2019 and I'd like to address one of the most important topics in the minds of a lot of executives. I'm talking about CEOs, CIOs, Chief Information Security Officers, Boards of Directors, governments and virtually every business around the world. And that's the topic of cyber security. The state of cyber security has changed really dramatically over the last 10 years. I mean, as a cyber security observer I've always been obsessed with Stuxnet, which the broader community discovered the same year that theCUBE started in 2010. It was that milestone that opened my eyes. Think about this. It's estimated that Stuxnet cost a million dollars to create. That's it. Compare that to an F-35 fighter jet. It costs about $85-$100 million to build one. And that's on top of many billions of dollars in R&D. So Stuxnet, I mean, it hit me like a ton of bricks. That the future of war was all about cyber, not about tanks. And the barriers to entry were very, very low. Here's my point. We've gone from an era where thwarting hacktivists was our biggest cyber challenge to one where we're now fighting nation states and highly skilled organized criminals. And of course, cyber crime and monetary theft is the number one objective behind most of these security breaches that we see in the press everyday. It's estimated that by 2021 cyber crime is going to cost society $6 trillion in theft, lost productivity, recovery costs. I mean, that's just a staggeringly large number. It's even hard to fathom. Now, the other C-change is how organizations have had to respond to the bad guys. It used to be pretty simple. I got a castle and the queen is inside. We need to protect her, so what do we do? We built a mote, put it around the perimeter. Now, think of the queen as data. Well, what's happened? The queen has cloned herself a zillion times. She's left the castle. She's gone up to the sky with the clouds. She's gone to the edge of the kingdom and beyond. She's also making visits to machines and the factories and hanging out with the commoners. She's totally exposed. Listen, by 2020, there's going to be hundreds of billions of IP addresses. These are going to be endpoints and phones, TVs, cameras, tablets, automobiles, factory machines, and all these represent opportunities for the bad guys to infiltrate. This explosion of endpoints that I'm talking about is created massive exposures, and we're seeing it manifest itself in the form of phishing, malware, and of course the weaponization of social media. You know, if you think that 2016 was nuts, wait 'til you see how the 2020 presidential election plays out. And of course, there's always the threat of ransomware. It's on everybody's minds these days. So I want to try to put some of this in context and share with you some insights that we've learned from the experts on theCUBE. And then let's drill into some of the ETR data and assess the state of security, the spending patterns. We're going to try to identify some of those companies with momentum and maybe some of those that are a little bit exposed. Let me start with the macro and the challenged faced by organization and that's complexity. Here's Robert Herjavec on theCUBE. Now, you know him from the Shark Tank, but he's also a security industry executive. Herjavec told me in 2017 at the Splunk.com Conference that he thought the industry was overly complex. Let's take a look and listen. >> I think that the industry continues to be extremely complicated. There's a lot of vendors. There's a lot of products. The average Fortune 500 company has 72 security products. There's a stat that RSA this year, that there's 1500 new security start-ups every year. Every single year. How are they going to survive? And which ones do you have to buy because they're critical and provide valuable insights? And which ones are going to be around for a year or two and you're never going to hear about again? So it's a extremely challenging complex environment. >> So it's that complexity that had led people like Pat Gelsinger to say security is a do-over, and that cyber security is broken. He told me this years ago on theCUBE. And this past VM World we talked to Pat Gelsinger and remember, VMware bought Carbon Black, which is an endpoint security specialist, for $2.1 billion. And he said that he's basically creating a cloud security division to be run by Patrick Morley, who is the Carbon Black CEO. Now, many have sort of questioned and been skeptical about VMware's entrance into the space. But here's a clip that Pat Gelsinger shared with us on theCUBE this past VM World. Let's listen and we'll come back and talk about it. >> And this move in security, I am just passionate about this, and as I've said to my team, if this is the last I do in my career is I want to change security. We just not are satisfying our customers. They shouldn't put more stuff on our platforms. >> National defense issues, huge problems. >> It's just terrible. And I said, if it kills me, right, I'm going to get this done. And they says, "It might kill you, Pat." >> So this brings forth an interesting dynamic in the industry today. Specifically, Steven Smith, the CISO of AWS, at this year's Reinforce, which is their security conference, Amazon's big cloud security conference, said that this narrative that security is broken, it's just not true, he said. It's destructive and it's counterproductive. His and AWS's perspective is that the state of cloud security is actually strong. Kind of reminded me of a heavily messaged State of the Union address by the President of the United States. At the same time, in many ways, AWS is doing security over. It's coming at it from the standpoint of a clean slate called cloud and infrastructure as a surface. Here's my take. The state of security in this union is not good. Every year we spend more, we lose more, and we feel less safe. So why does AWS, the security czar, see if differently? Well, Amazon uses this notion of a shared responsibility security model. In other words, they secure the S3 buckets, maybe the EC2 infrastructure, not maybe, the EC2 infrastructure. But it's up to the customer to make sure that she is enforcing the policies and configuring systems that adhere to the EDIX of the corporation. So I think the shared security model is a bit misunderstood by a lot of people. What do I mean by that? I think sometimes people feel like well, my data's in the cloud, and AWS has better security than I do. Here I go, I'm good. Well, AWS probably does have better security than you do. Here's the problem with that. You still have all these endpoints and databases and file servers that you're managing, and that you have to make sure comply with your security policies. Even if you're all on the cloud, ultimately, you are responsible for securing your data. Let's take a listen to Katie Jenkins, the CISO of Liberty Mutual, on this topic and we'll come back. >> Yeah, so the shared responsibility model is, I think that's an important speaking point to this whole ecosystem. At the end of the day, Liberty Mutual, our duty is to protect policyholder data. It doesn't matter if it's in the cloud, if it's in our data centers, we have that duty to protect. >> It's on you. >> All right, so there you have it from a leading security practitioner. The cloud is not a silver bullet. Bad user behavior is going to trump good security every time. So unfortunately the battle goes on. And here's where it gets tricky. Security practitioners are drowning in a sea of incidents. They have to prioritize and respond to, and as you heard Robert Herjavec say, the average large company has 75 security products installed. Now, we recently talked to another CISO, Brian Lozada, and asked him what's the number one challenge for security pros. Here's what he said. >> Lack of talent. I mean, we're starving for talent. Cyber security's the only field in the world with negative unemployment. We just don't have the actual bodies to actually fill the gaps that we have. And in that lack of talent CISOs are starving. We're looking for the right things or tools to actually patch these holes and we just don't have it. Again, we have to force the industry to patch all of those resource gaps with innovation and automation. I think CISOs really need to start asking for more automation and innovation within their programs. >> So bottom line is we can't keep throwing humans at the problem. Can't keep throwing tools at the problem. Automation is the only way in which we're going to be able to keep up. All right, so let's pivot and dig in to some of the ETR data. First, I want to share with you what ETR is saying overall, what their narrative looks like around spending. So in the overall security space, it's pretty interesting what ETR says, and it dovetails into some of the macro trends that I've just shared with you. Let's talk about CIOs and CISOs. ETR is right on when they tell me that these executives no longer have a blank check to spend on security. They realize they can't keep throwing tools and people at the problem. They don't have the bodies, and as we heard from Brian Lozada. And so what you're seeing is a slowdown in the growth, somewhat of a slowdown, in security spending. It's still a priority. But there's less redundancy. In other words, less experimentation with new vendors and less running systems in parallel with legacy products. So there's a slowdown adoption of new tools and more replacement of legacy stuff is what we're seeing. As a result, ETR has identified this bifurcation between those vendors that are very well positioned and those that are losing wallet share. Let me just mention a few that have the momentum, and we're going to dig into this data in more detail. Palo Alto Networks, CrowdStrike, Okta, which does identity management, Cisco, who's coming at the problem from its networking strength. Microsoft, which recently announced Sentinel for Azure. These are the players, and some of them that are best positioned, I'll mention some others, from the standpoint spending momentum in the ETR dataset. Now, here's a few of those that are losing momentum. Checkpoint, SonicWall, ArcSight, Dell EMC, which is RSA, is kind of mixed. We'll talk about that a little bit. IBM, Symantec, even FireEye is seeing somewhat higher citations of decreased spending in the ETR surveys and dataset. So there's a little bit of a cause for concern. Now, let's remember the methodology here. Every quarter ETR asks are you green, meaning adopting this vendor as new or spending more? Are you neutral, which is gray, are you spending the same? Or are you red, meaning that you're spending less or retiring? You subtract the red from the green and you get what's called a net score. The higher the net score, the better. So here's a chart that shows a ranking of security players and their net scores. The bars show survey data from October '18, July '19, and October '19. In here, you see strength from CrowdStrike, Okta, Twistlock, which was acquired by Palo Alto Networks. You see Elastic, Microsoft, Illumio, the core, Palo Alto Classic, Splunk looking strong, Cisco, Fortinet, Zscaler is starting to show somewhat slowing net score momentum. Look at Carbon Black. Carbon Black is showing a meaningful drop in net score. So VMware has some work to do. But generally, the companies to the left are showing spending momentum in the ETR dataset. And I'll show another view on net score in a moment. But I want to show a chart here that shows replacement spending and decreased spending citations. Notice the yellow. That's the ETR October '19 survey of spending intentions. And the bigger the yellow bar, the more negative. So Sagar, the director of research at ETR, pointed this out to me, that, look at this. There are about a dozen companies where 20%, a fifth of the customer base is decreasing spend or ripping them out heading into the year end. So you can see SonicWall, CA, ArcSight, Symantec, Carbon Black, again, a big negative jump. IBM, same thing. Dell EMC, which is RSA, slight uptick. That's a bit of a concern. So you can see this bifurcation that ETR has been talking about for awhile. Now, here's a really interesting kind of net score. What I'm showing here is the ETR data sorted by net score, again, higher is better, and shared N, which is the number of shared accounts in the survey, essentially the number of mentions in that October survey with 1,336 IT buyers responded. So how many of that 1,300 identified these companies? So essentially it's a proxy for the size of the install base. So showing up on both charts is really good. So look, CrowdStrike has a 62% net score with a 133 shared account. So a fairly sizable install base and a very high net score. Okta, similar. Palo Alto Networks and Splunk, both large, continue to show strength. They got net scores of 44% and 313 shared N. Fortinet shows up in both. Proofpoint. Look at Microsoft and Cisco. With 521 and 385 respectively on the right hand side. So big install bases with very solid net scores. Now look at the flip side. Go down to the bottom right to IBM. 132 shared accounts with a 14.4% net score. That's very low. Check Point similarly. Same with Symantec. Again, bifurcation that ETR has been citing. Really stark in this chart. All right, so I want to wrap. In some respects from a practitioner perspective, the sky erectus is falling. You got increased attack surface. You've got exploding number of IP addresses. You got data distributed all over the place, tool creep. You got sloppy user behavior, overwork security op staff, and a scarcity of skills. And oh, by the way, we're all turning into a digital business, which is all about data. So it's a very, very dangerous time for companies. And it's somewhat chaotic. Now, chaos, of course, can mean cash for cyber security companies and investors. This is still a very vibrant space. So just by the way of comparison and looking at some of the ETR data, check this out. What I'm showing is companies in two sectors, security and storage, which I've said in previous episodes of breaking analysis, storage, and especially traditional storage disk arrays are on the back burner spending wise for many, many shops. This chart shows the number of companies in the ETR dataset with a net score greater than a specific target. So look, security has seven companies with a 49% net score or higher. Storage has one. Security has 18 above 39%. Storage has five. Security has 31 companies in the ETR dataset with a net score higher than 30%. Storage only has nine. And I like to think of 30% as kind of that the point at which you want to be above that 30%. So as you can see, relatively speaking, security is an extremely vibrant space. But in many ways it is broken. Pat Gelsinger called it a do-over and is affecting a strategy to fix it. Personally, I don't think one company can solve this problem. Certainly not VMware, or even AWS, or even Microsoft. It's too complicated, it's moving too fast. It's so lucrative for the bad guys with very low barriers to entry, as I mentioned, and as the saying goes, the good guys have to win every single day. The bad guys, they only have to win once. And those are just impossible odds. So in my view, Brian Lozada, the CISO that we interviewed, nailed it. The focus really has to be on automation. You know, we can't just keep using brute force and throwing tools at the problem. Machine intelligence and analytics are definitely going to be part of the answer. But the reality is AI is still really complicated too. How do you operationalize AI? Talk to companies trying to do that. It's very, very tricky. Talk about lack of skills, that's one area that is a real challenge. So I predict the more things change the more you're going to see this industry remain a game of perpetual whack a mole. There's certainly going to be continued consolidation, and unquestionably M&A is going to be robust in this space. So I would expect to see continued storage in the trade press of breaches. And you're going to hear scare tactics by the vendor community that want to take advantage of the train wrecks. Now, I wish I had better news for practitioners. But frankly, this is great news for investors if they can follow the trends and find the right opportunities. This is Dave Vellante for Cube Insights powered by ETR. Connect with me at David.Vellante@siliconangle.com, or @dvellante on Twitter, or please comment on what you're seeing in the marketplace in my LinkedIn post. Thanks for watching. Thank you for watching this breaking analysis. We'll see you next time. (energetic music)

>> Announcer: From Boston, Massachusetts it's The Cube. Covering AWS re:Inforce 2019. Brought to you by Amazon Web Services and it's ecosystem partners. >> Hey, welcome back everyone. This is The Cube's live coverage of AWS re:Inforce in Boston, Massachusetts. I'm John Furrier with Dave Vallante. This is re:Inforce. This is the inaugural conference for AWS on the security and Cloud security market. A new category being formed from an events standpoint around Cloud security. Our next guest is Cube alumni guest analyst Corey Quinn, and Cloud Economist with the Duckbill Group. Good to see you again. Great to have you on. Love to have you come back, because you're out in the hallways. You're out getting all the data and bringing it back and reporting. But this event, unlike the other ones, you had great commentary and analysis on. You were mentioned onstage during the Keynote from Stephen Smith. Congratulations. >> Thank you. I'm still not quite sure who is getting fired over that one, but somehow it happened, and I didn't know it was coming. It was incredibly flattering to have that happen, but it was first "Huh, awesome, he knows who I am." Followed quickly by "Oh dear, he knows who I am." And it, at this point, I'm not quite sure what to make of that. We'll see. >> It's good news, it's good business. All press is good press as they say, but let's get down to it. Obviously, it's a security conference. This is the inaugural event. We always love to go to inaugural events because, in case there's no second event, we were there - >> Corey: Oh yes >> for one event. So, that's always the case. >> Corey: Been there since the beginning is often great bragging rights. And if there isn't a second one, well, you don't need to bring it up ever again. So, they've already announced there's another one coming to Houston next year. So that'll be entertaining. >> So a lot of people were saying to us re:Inforce security event, some skepticism, some bullish on the sector. obviously, Cloud is hot. But the commentary was, oh, no one's really going to be there. It's going to be more of an educational event. So, yeah, it's more of an educational event for sure. That they're talking about stuff that they can't have time to do and reinvent. But there's a lot of investment going on there. There are players here from the companies. McAfee, you name the big name companies here, they're sending real people. A lot of biz dev folks trying to understand how to build up the sector. A lot of technical technologists here, as well. Digging in to some of the deep conversations. Do you agree? What's your thoughts of the event? >> I'm surprised, I was expecting this to be a whole bunch of people trying to sell things to other people, who were trying to sell them things in return, and it's not. There are, there are people who are using the Cloud for interesting things walking around. And that's fantastic. One thing that's always struck me as being sort of strange, and why I guess I feel sort of spiritually aligned here if nothing else. Is cost and security are always going to be trailing functions. No company is excited to invest in those things, until immediately after they really should have been investing in those things and weren't. So with time to market, velocity are always going to be something much valuable and important to any company strategically. But, we're seeing people start to get ahead of the curve in some ways. And that's, it's refreshing and frankly surprising. >> What is the top story in your mind? Top three stories coming out of re:Inforce. From industry standpoint, or from a product standpoint, that you think need to be told or amplified, or not being told, be told? >> Well there's been the stuff that we've seen on the stage and that's terrific. And, I think that you've probably rehashed those a fair bit with other guests. For me, what I'm seeing, the story that resonates as I walk around the Expo Hall here. Is we're seeing a bunch of companies that have deep roots in data centered environments. And now they're trying to come up with stories that resonate with Cloud. And if they don't, this is a transformational moment. They're going to effectively, likely find themselves in decline. But, they're not differentiating themselves from one another particularly well. There are a few very key things that we're seeing people operate within. Such as, with the new port mirroring stuff coming out of NVPC Traffics. You're right. You have a bunch of companies that are able to consume those, or flow logs. If you want to go back in time a little bit, and spit out analysis on this. But you're not seeing a lot of differentiation around this. Or, Hey we'll take all your security events and spit out the useful things. Okay, that is valuable, and you need to be able to do that. How many vendors do you need in one company doing the exact same thing? >> You know, we had a lot of sites CSO's on here and practitioners. And one of the comments on that point is Yeah, he's like, "Look I don't need more alerts." "I need things fixed." "Don't just tell me what's going on, fix it." So the automation story is also a pretty big one. The VCP traffic mirror, I think, is going to be just great for analytics. Great for just for getting that data out. But what does it actually impact In the automation piece? And the, okay there's an alert. Pay attention to it or ignore it. Or fix it. Seems to be kind of the next level conversation. Your thoughts around that piece. >> I think that as we take a look at the space and we see companies continuing to look at things like auto remediation. Automation's terrific, until the first time it does something you didn't want it to do and takes something down. At which point no one trusts it ever again. And that becomes something hard to tend to. I also think we're starting to see a bit of a new chapter as alliance with this from AWS and it's relationship with partners. I mean historically you would look at re:Invent, and you're sitting in the Expo Hall and watching the keynote. And it feels like it's AWS Red Wedding. Where, you're trying to see who's about to get killed by a feature that just comes out. And now were seeing that they've largely left aspects of the security space alone. They've had VPC flow logs for a long time, but sorting through those yourself was always like straining raw sewage with your teeth. You had to find a partner solution or build something yourself out of open source tooling from spit and duct tape. There's never been a great tool there. And it almost feels like they're leaving that area, for example, alone. And leaving that as an area rife for partners. Now how do you partner with something like AWS? That's a hard question to answer. >> So one of the other things we've heard from practitioners is they don't want incrementalism. They're kind of sick of that. They want step functions, that do as John said, remediate. >> Corey: Yeah. So, like you say, you called it the Red Wedding at the main stage. What does a partner have to do to stay viable in this ecosystem? >> Historically, the answer to that has always been to continue innovating ahead of the bow wave of AWS's own innovation. The problem is you see that slide that they put on in every event, that everyone who doesn't work at AWS sees. That shows the geometric increase in number of feature and service releases. And we all feel this sinking sensation of not even the partner side. But, they're releasing so much that I know some of that is going to fix things for my company, but I'll never hear it. Because it's drowned in the sheer volume of what they're releasing. AWS is rapidly increasing their pace of innovation to the point where companies that are not able to at least match that are going to be in for a bad time. As they find themselves outpaced by the vendor they're partnering with. >> And you heard Liberty Mutual say their number one challenge was actually the pace of Cloud. Being able to absorb all these new features >> Yes. >> And so, you mentioned the partner ecosystem. I mean, so it's not just the partners. It's the customers as well. That bow is coming faster than they can move. >> Absolutely. I can sit here now and talk very convincingly about services that don't exist. And not get called out on them by an AWS employee who happens to be sitting here. Because no one person can have all of this in their head anymore. It's outpaced most people's ability to wrap their heads around that and contextualize it. So people specialize, people focus. And, I think, to some extent that might be an aspect of why we're seeing re:Inforce as its own conference. >> So we talked a lot of CSO's this trip. >> Yeah. >> John: A lot of one on ones. We had some interviews. Some private meetings. I'm going to read you a list of key areas that they brought up as concern. I want to get you're reaction to. >> Sure. >> You pick the ones out you think are very relevant. >> Sure. >> Speedily, very fast. Vendor lock in. Spend. >> Not concerned. Yep. Security Native. >> Yeah. >> Service provider supplier relationship. Metrics, cloud securities, different integration, identity, automation, work force talent, coding security, and the human equation. There were all kind of key areas that seemed to glob and be categorically formed. Your thoughts to those. Which ones do you think jump out as criticalities on the market? >> Sure. I think right now people talking about lock in are basically wasting their time and spinning their wheels. If you, for example, you go with two cloud providers because you don't want to be locked into one. Well now there's a rife partner ecosystem. Because translating things like IAM into another provider's environment is completely foreign. You have to build an entire new security model on top of things in order to do that effectively. That's great. In security we're seeing less of an aversion to lock in than we are in other aspects of the business. And I think that is probably the right answer. Again, I'm not partisan in this battle. If someone wants to go with a different Cloud provider than AWS, great! Awesome! Make them pick the one that makes sense for your business. I don't think that it necessarily matters. But pick one. And go all in on that. >> Well this came up to in a couple of ways. One was, the general consensus was, who doesn't like multi Cloud? If you can seamlessly move stuff between Clouds. Without having to do the modification on all this code that has to be developed. >> Who wouldn't love that? But the reality is, doesn't exist. >> Corey : Well. To your point, this came up again, is that workplace, workforce talent is on CSO said "I'm with AWS." "I have a little bit of Google. I could probably go Azure." "Maybe I bought a company with dealing some stuff over there." "But for the most part all of my talent is peaked on AWS." "Why would I want to have three separate security teams peaking on different things? When I want everyone on our stack." They're building their own stacks. Then outsourcing or using suppliers where it supports it. >> Sure. >> But the focus of building their own stacks. Their own security. Coding up was critical. And having a split competency on code bases just to make it multi, was a non starter. >> And I think multi Cloud has been a symptom. I mean, it's more than a strategy. I think it's in a large part a somewhat desperate attempt by a number of vendors who don't have their own Cloud. To say Hey, you need to have a multi Cloud strategy. But, multi Cloud has been really an outcome of multiple projects. As you say, MNA. Horses for courses. Lines of business. So my question is, I think you just answered it. Multi Cloud is more complex, less secure, and probably more costly. But is it a viable strategy for things other than lock in? >> To a point. There are stories about durability. There's business reasons. If you have a customer who does not want their data living one one particular Cloud provider. Those are strategic reasons to get away from it. And to be clear, I would love the exact same thing that you just mentioned. Where I could take what I've built and run that seamlessly on other providers. But I don't just want that to be a pile of VM's and maybe some disc. I want those to be the higher level services that take care of massive amounts of my business for me. And I want to flow those seamlessly between providers. And there's just no story around that for anything reasonable or modern. >> And history would say there won't really ever be. Without some kind of open source movement to - >> Oh yes. A more honest reading of some of the other cloud providers that are talking about multi cloud extensively translates that through a slight filter. To, we believe you should look into Multi Cloud. Because if you're going all in on a single provider there is no way in the world it's going to be us. And that's sort of a challenge. If you take a look at a number of companies out here. If someone goes all in on one provider they will not have much, if anything, to sell them of differentiated value. And that becomes the larger fixture challenge for an awful lot of companies. And I empathize with that, I really do. >> Amazon started to do a lot of channel development. Obviously their emphasis on helping people make some cash. Obviously their vendors are, ecosystems a fray. Always a fray. So sheer responsibility at one level is, well we only have one security model. We do stuff and you do stuff. So obviously it's inherently shared. So I think that's really not a surprise for me. The issue is how to get successful monetization in the ecosystem. Clearly defining lines of, rules of engagement, around where the white spaces are. And where the differentiation can occur. Your thoughts on how that plays out. >> Yeah. And that's a great question. Because I don't think you're ever going to get someone from Amazon sitting in a room. And saying Okay, if you build a tool that does this, we're never, ever, ever going to build a thing that does that. They just launched a service at re:Invent that talks to satellites in orbit. If they're going to build that, I don't, there's nothing that I will say they're never going to get involved with. Their product strategy, from the outside, feels like it's a post it note that says Yes on it. And how do you wind up successfully building and scaling a business around that? I don't have a clue. >> Eddie Jafse's on the record here in The Cube and privately with me on my reporting. Saying never say never. >> Never say never. >> We'll never say never. So that is actually an explicit >> Take him at his word on that one. >> Right. And I'm an independent consultant. Where my first language is sarcasm. So, I basically make fun of AWS in the newsletter and podcast. And that seems to go reasonably well. But, I'm never going to say that they're not going to move into self deprecation as a business model. Look at some of their service names. They're clearly starting to make inroads in that space. So, I have to keep innovating ahead of that bow wave. And for now, okay. I can't fathom trying to build a business model with a 300 person company and being able to continue to innovate at that pace. And avoid the rapid shifts as AWS explores on new offers. >> And I what I like about why, well, we were always kind of goofing on AWS. But we're fanboys as well, as you know. But what I love about AWS is that they give the opportunity for their partners. They give them plenty of head's up. It's pretty much the rules of engagement is never say never. But if they're not differentiating, that's their job. >> Corey: Yeah. >> Their job is to be better. Now one thing Amazon does say is Hey we might have a competing service, but we're always going to favor the customer. So, the partner. If a customer wants an Amazon Cloud trail. They want Cloud trail for a great example. There's been requests for that. So why wouldn't they do it? But they also recognize it's bus - people in the ecosystem that do similar things. >> Corey: Yeah. >> And they are not going to actively try to put them out of business, per se. >> Oh yeah! One company that's done fantastically well partnering with everyone is PagerDuty. And even if AWS were to announce a service that wakes you up in the middle of the night when something breaks. It's great. Awesome. How about you update your status page in a timely fashion first? Then talk about me depending on the infrastructure that you run to tell me when the infrastructure that you run is now degraded? The idea of being able to take some function like that and outsource worked well enough for them to go public. >> So where are the safe points in the ecosystem? So obviously a partner that has a strong on-prem presence that Amazon wants to get access to. >> That's a short term, or maybe even a mid term strategy. Okay. Professional services. If you're Accenture, and Ernie Young, and Deloitte, PWC, you're probably okay. Because that's not a business that Amazon really wants to be in. Now they might want to, they might want to automate as much to that as possible. But the world's going to do that anyway. But, what's your take where it's safe? >> I would also add cost optimization to that. Not from a basis of technical capability. And I think that their current tooling is disappointing. I'd argue that cost explorer and the rest of their billing situation is the asterisk next to customer obsession if we're being perfectly honest. But there's always going to be some value in an external party coming in from that space. And what form that takes is going to change. But, it is not very defensible internally to say our Cloud spend is optimized, because the vendor we're writing those large checks to tells us it is. There's always going to be a need for some third-party validation. And whether that can come through software? >> How big is that business? >> It's a great question. Right now, we're seeing that people are spending over 30 billion dollars a year on AWS and climbing. One thing we can say with a certainty in almost every case is that people's Cloud bills are not getting smaller month over month. >> Yep. >> So, it's a growing market. It's one that people feel incredibly acutely. And when you get a few drinks into people and they start complaining about various aspects of Cloud, one of the first most common points that comes up is the bill. Not that it's too high, but that it is inscrutable. >> And so, just to do a back of napkin tam, how much optimization potential is there? Is it a ten percent factor? More? >> It depends on the level of effort you're willing to invest. I mean, there's a story for almost environments where you can save 70% on your Cloud bill. All you have to do is spend 18 months of rewriting everything to use serverless primitives. Six of those months you'll be hard down across the board. And then, wait where did everyone go? Because no one's going to do that. >> Dave: You might be out of business. So it's always a question of effort spent doing optimization, versus improving features, speeding time to market and delivering something that will generate for more revenue. The theoretical upside of cost optimization is 100% of your Cloud bill. Launching the right service or product can bring in multiples of that in revenue. >> I think my theory on differentiation, Dave, is that I think Amazon is basically saying in so many words, not directly. But it's my interpretation. Hold on to the rocket ship of AWS as long as you can. And if you can get stable, hold on. If you fall off that's just your fault, right? So, what that means is, to me, move up the stack. So Amazon is clearly going to continue to grow and create scale. So the benefits to the companies create a value proposition that can extract rents out of the marketplace from value that they create on the Amazon growth. Which means, they got to lock step with Amazon on growth. And cost leap, pivot up to where there's space. And Amazon is just a steam roller that will come in. The rocket ship that's going so fast. Whatever metaphor. And so people who just say We made a deal with Amazon, we're in. And then kind of sit idle. Will probably end up getting spun off. I mean, cause it's like they fall off and Amazon will be like All right so we did that. You differentiate enough, you didn't innovate enough. But, they're going to give everyone the opportunity to take a place with the growth. So the strategy, management wise, is just constantly push the envelope. >> So that's implicit in the Amazon posture. What's explicit in Amazon's posture is build applications on our platform. And you should be okay. You know? For a while. >> Yeah. And again, I think that a lot of engineers get stuck in a trap of building something and spending all their time making their code quality as best as possible. But, that's not going to lead to a business outcome one way or another. We see stories of companies hitting success with a tire fire of an infrastructure all the time. Twitter used to display massive downtime until they were large enough to justify the time and expense of a massive rewrite. And now Twitter is effectively up all the time. Whether that's good or not is a separate argument. But, they're there. So there's always going to be time to fix things. >> Well the Twitter example is a great example. Because they built it on rails. >> Yes. >> And they put it on Amazon Cloud. It was just kind of a hack, and then all of the sudden Boom, people loved it. And then, that's to me, the benefit of Cloud. One you get the scape velocity, the investment to start Twitter was fairly low, given what the success was. And then they had to rewrite, because the scale was bursting up. That's called prototyping. >> Oh yeah. >> That's what enterprises have to do. This is the theme of, agile. Get started as a theme, just dig in. Do a hack up font. But don't get confuse that with scale. That's where the rubber meets the road. >> Right and the, Oh Cloud isn't for us because we're an exception case. There are very few companies for whom that statement is true in the modern era. And, do an honest analysis first, before deciding we're going to build our own data centers because we can do it for cheaper. If you're Dropbox, putting storage in, great. Otherwise you're going to end up in this story where Oh, well, we have 20 instances now, so we can do this cheaper in Iraq somewhere. I will bet you a house you're wrong. But okay. >> Yeah. People are telling me that. Okay final question for you. As you've wandered around and been in the sessions, been in the analyst thing. What are some slice of life commentary stories you've bumped into that you found either funny, clever, insulting, or humorous? What's out on the floor? What are some of the conversations? >> One of the best ones was a company I'm not going to name, but the story they told was fantastic. They have, they're primarily on Azure. But they also have a strong secondary presence with AWS, and that's fascinating to me. How does that work internally? It turns out their cloud of choice is Azure. And they have to mandate that with guardrails in place. Because if you give developers a choice they will all go and build on AWS instead. Which is fascinating. And there are business reasons behind why they're doing what they're doing. But that story was just very humorous. I can't confirm or deny whether it was true or not. Because it was someone with way too much to drink telling an awesome story. But the idea of having to forcibly drag your developers away from a thing in a favor of another thing? >> That's like being at a bad party. It's like Oh, the better party is over there. All my friends are over there. >> But they have a commitment to Microsoft software estate. So, that's likely why they're. >> They just deal with Microsoft. >> And I'm not saying this is necessarily the wrong approach. I just find it funny. >> Might be the right business decision, but when you ask the developers, we see that all the time, John. >> All the time. I mean I had a developer one time come to me and start, he like "Look, we thought it would be great to build on Azure. We were actually being paid. They were writing checks to incent us. And I had a revolt. Engineers were revolting. Because the reverse proxies as there was cobbled together services. And they weren't clean native services and primitives. So the engineers were revolting. So they, we had to turn down the cash from Microsoft and go back to Amazon." >> Azure is much better now, but they have to outrun that legacy shadow of at first, it wasn't great. And people try something once, "That was terrible!" Well would you like to try it again now? "Why would I do that? It was terrible!" And it takes time to overcome that knee-jerk reaction. >> Well, but to your point about the business decision. It might make business sense to do that with Microsoft. It's maybe a little bit more predictable than Amazon is as a partner. >> Oh the way to optimize your bill on another Cloud provider that isn't AWS these days is to call up your account rep and yell at them. They're willing to buy business in most cases. That's not specific to any one provider. That's most of them. It's challenging to optimize free, so we don't see the same level of expensive bill problems in most companies there as well. >> Well the good news is on Microsoft, and I was a really big critic of Azure going back a few years ago. Is that they absolutely have changed their philosophy going back, I'd say two, three years ago. In the past two years, particular 24 months, they really have been cranking. They've been pedaling as fast as they can. They're serious. There's commitment from the top. And then they tell us, so there's no doubt. They're doing it also with the Kubernetes. What they're seeing, as they're doing is phenomenal. So... >> Great developer jobs at Microsoft. >> They're in for the long game. They're not going to be a fad. No doubt about it. >> No. And we're not going to see for example the Verizon public Cloud the HP public Cloud. Both of which were turned off. The ones that we're seeing today are largely going to be to stay of the big three. Big four if we include Alibaba. And it's, I'm not worried about the long term viability of any of them. It's just finding their niche, finding their market. >> Yeah, finding their lanes. Cory. Great to have you on. Good to hear some of those stories. Thanks for the commentary. >> Thank you. >> As always great guest analyst Cube alumni, friend, analyst, Cory Quinn here in the Cube. Bringing all the top action from AWS re:Inforce. Their first inaugural security conference around Cloud security. And Cube's initiation of security coverage continues, after this break. (upbeat electronic music)

>> Live from Boston, Massachusetts, it's the Cube. Covering AWS re:Inforce 2019. Brought to you by Amazon Web services and its ecosystem partners. >> Okay, welcome back everyone. It's the Cube's live coverage in Boston, Massachusetts for Amazon Webster's AWS re:Inforce: their first inaugural conference around security, cloud security. I'm John Furrier with my host Dave Vellante. If you're talking about security, you can not talk about cybersecurity, how it impacts government, society and commercial. We've got two great guests here from Telos, leader in cyber out of D.C. AJ Turcot, business development, and Tom Ryder, VP of commercial sales at Telos. Great to see you guys. Welcome to the Cube. >> Thank you, John- (A.J. talks over) >> Thanks, John, great to be here. >> I've been intrigued by Telos over the years. One, great company you guys, so congratulations. John Wood is phenomenal CEO. He's been hanging around for a long, long time. He's seen many cyber waves in security. You guys have a lot of experience. Now, we're talking about modernization of government. A week and a half ago we were at AWS Public Sector Summit which is this show in DC with Theresa Carlson's team. That's all about modernizing government, public sector, procurement, modernization in technology cloud. Here, the security conference feels the same kind of vibe for security. Not so much modernization but kind of level up, get faster, get better, get stronger. You know, everything's great, now lets go do it. So, similar kind of experience. You guys are in the middle of both those worlds. >> Yes. >> What's your impression? Are these coming together? Are they two separate? What's your impression of the show? >> Uh. It's, security is job zero. People have been saying that for a long time. The rubber's meeting the road now. You can see, this is, this wouldn't have been this big years ago. So, we're happy to be here and be part of this. Our company has been focused on cybersecurity since the word 'go'. And we're definitely seeing you can't do modernization without baking security in. Everybody gets it. It's not a bow tie any more. Wouldn't you say? >> Absolutely and it goes from the software development of the life cycle all the way up the stack. Little anecdote, John has been around for a long time. He's actually in the, and he'll hate me for saying this, but he's the longest standing CEO of a company in Virginia right now at 25 years. (laughter) We've been around for a long time. We understand cyber security and we've seen it morph as the various platforms have evolved. But, definitely a great show. A lot of vendors: some new, some old. We meet some friends that were with one that are now with another. And asking them why they changed and they say, "Well, the old school and the new school, different methodologies, different ways to approach it." But the problem fundamentally stays the same. >> Everyone else uses the old guard, uses the term 'old guard, new guard.' That's Jazzy and Theresa's word. But it really is about the transformation of that all companies are becoming security companies. They say that about media. All companies are becoming media companies. You inherently have in this horizontal impact of security. It used to be that this firms does security. You hire them and they come in, they do the job. But now, to where you got to bake it in, you start to see the brands: Microsoft, all these brands that were once software companies in general purpose areas really getting deeper into security. And then companies themselves like Capital One, Liberty Mutual, they're building out. >> Right. >> And potentially now turning it from a cost center to a revenue center. So, the model's upside down right now in a good way. What's that doing to the industry? And do you believe that it's happening then too? What do you see happening? >> The challenge in front of us right now is security has to keep up the pace and the scale of the cloud and the modern world. I know that we've had to change our tunes in our product suite to be able to, you know, test and demonstrate compliance at pace and at scale. Otherwise, you're just slowing down development. I mean, the real beauty of the cloud is, uh, the speed at which you can fail, recover, get the feedback loop, move forward and security's now at that pace and I think you'll see around here the companies that are offering that, not just a new coat of paint on a traditional offering are going to excel in this space. >> Well, this is why I like what you guys do because you talk to practitioners. They say their number one challenge is how to keep up with that pace. I mean, you could talk to one person at Amazon and no one person knows all the services or they think 'Oh, Amazon doesn't have that or oh, yes they do have that." So, having a partner like you guys to help navigate that pace of change is critical. So, how have you made that, you know, a tailwind for you guys. And what are customers telling you that they need help with? >> Uh, what we, our end of it, the piece of the elephant we touch, >> Yeah. is, um, the customers are allowed to use the cloud. They're encouraged to use the cloud. They're going to school to get trained and certified. But you can't go at this pace unless you are authorized. Right? You need permission. Nobody's allowed to put in the plug without their permission. And that's where our end of it is. And we've had to really retool to go at this cloud pace. I've been at Telos for over nineteen years and it's exciting now. And when we had the opportunity to go into the commercial side of things, I really lept at that because we're now building, you know, as I said, tooling out to keep at this pace of 'how do I test? Don't be a detractor. Don't be a slower-downer.' and, you know, it's the way we got to be. >> Take a minute to explain your product offerings for the commercial sector. What are you guys offering? What's the value proposition? >> Sure, um, our product suite is called Exacta. It's a mature product in the fed space. It's been around for nineteen years. And it's in very wide use in the fed space to operationalize their assessment and authorization: the NIST risk management framework. We're now seeing NIST cybersecurity standards are getting a lot of traction in spaces outside the fed. If you're a software company like we see around here, you want to business in the fed, you got to get a fed ramp authorization. Exacta's tooled to do that now. We're seeing state and local government embracing NIST cybersecurity standards. The defense industrial base has NIST 800-171. It's built into the defense acquisition regulations. You need to corporately meet these security controls. So, you know, it's not just for an agency on its own anymore. Everyone's getting in the game. >> So those standards are moving to commercial? >> Yes. >> You guys were baked out, bulletproof hardened product you're bringing that into commercial? >> And I would say if you take spreadsheets off the table, Exacta is the number one NIST cybersecurity automation and management platform. >> Yes. >> Spreadsheets will always be number one. It's like- >> Spread sheets are dead sheets >> Other than the pie chart. (mumbling) >> Right, right. >> So, you know, it used to be, and I'm wondering if it still is, the public sector would look to the commercial for sort of best practice, they might be a little slower to adopt things, and there's certainly examples of that today. You see Theresa at public sector announces something that maybe Amazon announced a year ago and now it's available public sector. But the cloud feels a little bit different. You've had cloud first mandates, things like Jedi. Is that trend changing? You just sort of gave us an example where certification's bringing that up to commercial, Is there still a wide gap between commercial adoption and public sector adoption? >> Well, I think one thing that we see is a lot of commercial or government entities built data centers because they had to. Right? Now, you see entities that have, you know, big robust data center infrastructure, they like what they do in there but not necessarily keeping up that data center. So, they're looking, they're all going to the cloud in varying degrees of speed. But nobody wants to be in the data center business like they used to. >> Charles Phillips from Infor says, 'friends don't let friends build data centers." >> Data centers, right. (laughter) >> That's right. AJ, how about some customer use cases and examples where you guys are helping them? What's their challenge? Give us some real-world experiences. >> Sure, sure. So, one of the industries that's highly regulated is financial industry. And, you know, we talk about healthcare with HIPAA, and different regulations. But in financials, they're really hit from regulatory bodies throughout the country. And they can change from state to state and a lot of times it just piles on top. So, one of the main issues that these companies face is audit fatigue. Internal audit teams to make sure they're compliant, external audit requests that come in, and they're really looking for a way to reduce this audit fatigue. One of the ways of doing it is to operationalize as we do with out tool, the systems internally to make sure that you can be compliant and, I'll throw out a phrase here, we believe strongly that you apply good cybersecurity hygiene, a byproduct of that will be compliance. So if foundationally things are good and you're taken care of cybersecurity from the get go, you know, you might have to tweak a few things to demonstrate compliance but you will be able to comply to many different regulatory products. >> So being built in from the beginning. >> Being baked in, right. So, what this particular organization, they've been around for a hundred years, they're in the financial sector, they've got a lot of regulations and state to state, as I mentioned, are different, they were really looking, and they use all the tools, they've got them all. They have data centers. They have one of the largest networks outside of the defense in the country. So they're quite big. And they were really feeling this audit fatigue. Eight hundred auditors working day in and day out to get, to meet these requirements are thrown at them. We're able to help them take the process from months to weeks. So, just there, there's an economy of time as well. So, the resources can really go off and do what their mission is without having to, you know, daily deal with the grind of going through spreadsheets, for example. >> Yeah. >> And the different systems. >> Do you, do you discern any patterns in terms of can you get more specific on what they're doing with that freed up budget or the digital transformation. Are they developing apps? Are they retraining people? How, how are they dealing with that? >> Sure. In this particular case, a lot of training internally. And it's like moving a cruise ship, you know? >> Yeah. >> It doesn't turn on a dime so you have direction on the top. They take primary focus might change and they have study groups. Interesting about them is they don't make, they make group decisions. So, they do, they're very big on data analytics. They're all actuaries I guess and they're used to that. And they want to look at the value. And I think that's something that we see. That's a tendency we see throughout all the different industries we work with. The demonstration of value. So, it might be neat. It might be fun. It might be more secure, less secure. Do we accept the risk? What value does that bring to the organization? And what they've done through training, through trying to change the old guard, you know, it's also reorganizing their systems internally and how they do things. Not just tools. >> So you guys got to love the fact that Amazon decided to have a security focused show. I mean, every show Amazon does is security focused but dedicated. (mumbles) You were mentioning the other day that, you know, a lot of partners here, a lot of vendors, but actually it's very attendee heavy event. >> Yes. >> Yeah. >> This is now like a huge COMDEX show floor. A lot of practitioners, sec ops guys, >> Yes. >> You know, developers. What are your thoughts on why Amazon did this? And your reaction to this. >> Well, Amazon has, you know, like we said, security is job zero for everyone at Amazon. They put their money where their mouth is. This was not an experiment. This was an eventuality. And, you know, there's zero doubt they're going continue to do this year on, year round. It's going to get bigger. >> Houston next year. >> Houston. >> Kind of an interesting choice: Houston. >> Yeah. >> It's going to be hot in June. >> Stay in the air conditioning. (lauging) >> I wish they'd stay in Boston. >> Yeah. >> I like Boston. >> I like Boston, too. >> Better than Houston. >> Yes. >> But the show is to your point, some dev ops and sec ops. So, again, there's bus dev folks here. >> Yep. >> You got geeks here. Not a lot of CEOs of big companies because it's not a glam converse. There's no big fanfare announcements. The announcements are pretty meaty: VPC traffic mirroring huge announcement, security you have general ability, not a surprise, but just smaller announcements. >> A lot of CSOs obviously. >> A lot of CSOs. >> Yeah, I'd say CSO in that vertical down. >> Yeah. >> The CSO, this is CSOs cloud security show. A lot of things getting invested in. Seems to be heavy activity. >> So, going into this when it was announced, you know, AJ and I had our hands up right away saing, "Let's do this." And then we get here and we're like 'okay, is this going to be a direct hit for us?' and I wouldn't say that everyone we talk to's a direct hit, but everyone that comes by the booth has some understanding of what we do. And there's been no wasted time. We're having a lot of good conversations. >> They're right where you guys are. They know what you do, the value to them. >> Right. >> All right, so here's a question for you on the show, given that you guys have this perspective so many years at Telos and cyber, shipping a great product, now commercial's changing cloud scale, cloud security, what do you think the most important stories are that should be told? That the media should be telling? Or maybe they are telling and need to be amplified. Or isn't being told that should be told. What are the top stories coming out of this event and this industry right now that should be told? >> I think that the two trends I'm seeing is that, like we said before, um, building and maintaining data centers is not, it's not cool anymore. And you see the trends of all these entities getting out from under that and they might be making a big commitment to the cloud or phasing out their data centers over time, but that is happening. And I want to read more about it because that helps us, you know, target who's going to be most receptive to our message. And then the other thing, like we said before, the security at scale and at pace. I know we've had to retool for it. The other companies here that are built for that are going to succeed. >> Yeah. >> There's an appetite for that. >> AJ, anything to add on that? >> Good point. No, very good point. At scale and to be able to pivot quickly and someone mentioned before to be able to fail, retool, start again. >> Yep. >> But to have, it's really essential to have security baked in. That confidentiality, integrity, availability of data, you know, the basics. >> You guys have partnered well with Amazon in the public sector now you're in commercial. Not a lot has changed. Amazon is still Amazon. Question for you is what are you guys think about what the opportunity is to differentiate is? You guys have your solution: speed and scale. Totally agree? (agreement) Size, speed, scale. You guys take the benefits of that by partnering with Amazon. But as it gets bigger and bigger, you guys still have to differentiate help customers. >> Yeah. >> How, how, what is the formula for success? You don't just do things, do a relationship saying "we're done" now collect the business. They're moving so fast that if you don't iterate on top of it you die seems to be the playbook. What do you guys think the value for ecosystem partners, the formula to be successful, what does that, what does that formula for, with an eighth of this cloud scale? >> Well, you know, everyone would just love to hitch your partner wagon to a, you know, something that's rising and not do a lot of work. But, that's not the way we roll. I think we get in a great partnership with Amazon because we have a lot of similarities, especially the customer obsession. You know, we want the customer to be successful and we ride along on that train. That's how we're successful. >> Great. Well, guys, congratulations, great to see you here. >> Likewise. >> It'll be a good journey. Cube's kicking off their security coverage at this event. Obviously cloud security changing the game. >> Yep. >> And it's got to level up with dev ops, agility. You guys have been doing. Thanks for sharing your insights. Appreciate it. >> Thank you. Thanks for having us. >> It was terrific. >> Cube coverage continues here in Boston for AWS: reInforce. I'm John Furrier with Dave Vellante. Stay tuned for more coverage after this short break. (digital music)

>> Live, from Boston, Massachusetts, it's theCUBE. Covering AWS re:Inforce 2019. Brought to you by Amazon Web Services and its ecosystem partners. >> Hello everyone, welcome back to theCUBE's live coverage in Boston, Massachusetts, here for two days, AWS Amazon Web Services re:Inforce, their inaugural conference around security. I'm John Furrier, Dave Vellante, our next guest Andy Miller. Senior director, global public cloud at Sophos. Based out of the UK and here in Burlington, Massachusetts. Welcome to theCUBE. >> Thank you. >> Looking good, love that jacket, nice color on you! (all laughing) >> I got the memo. >> You got the memo! >> Blue jacket! >> Thanks for having me, it's great to be here. It's great to be a part of AWS's first security event, security focused event, not by coincidence, happening right here where our US headquarters is. We're very excited to be a part of it. Wanted to share with you guys, I brought you a little gift. Socks are definitely a part of our-- >> Thank you, love the socks. >> Okay, I'm wearing them tomorrow. So we'll do a little close up on that. >> They're mostly clean. >> Thank you very much. Stu Miniman will love this, he loves socks. He'll replace his Star Wars socks with those. >> Thank you, Andy. >> Andy, thanks, so I want to get your impression of the show, obviously, inaugural event. And it's interesting, you look at Amazon, we've been covering Amazon for eight years with theCUBE, prior to that, just as a company, love the company, obviously, the success of cloud is a no-brainer. But re:Invent is their name of their global conference on the commercial side, for all their customers. And everything else they call summits. This is not a summit, this is not an Amazon Web Services summit, this is a branded event with the word re, not invent, but re:Inforce so gives that call out. Good call on their front? Is it needed? Why is this show so important, what's your opinion on that? >> I think it absolutely is, it's very helpful to customers to help them to understand their responsibilities when it comes to security in the cloud. And just like re:Invent was essentially reinventing the network into a digital environment, this is reinforcing their environment and understanding what their responsibilities are, where the cloud provider's very secure infrastructure ends and where their responsibilities with applications and data that resides in the cloud starts. >> What does your data show in terms of the evolving threat landscape? I mean, there's one school of thought that says okay, security in the cloud, actually, well it was a concern early on, people say oh it's better. That maybe raises the bar and lowers the ROI for the bad guys, but what are you seeing? But at the same time it's more global and distributed which opens up holes. What are your guys seeing? >> So, what we're seeing is that, the cloud's interesting in that there's not necessarily anything that is new or unique from an attack perspective. It's more of an attack surface perspective. And what I mean by that is is that, with an on premise environment, sometimes controls are very easy to place around new instances, new workloads being stood up, a change control process that is very controlled, key carded data centers and so forth. Cloud accounts operate very differently and one of the things that makes the cloud great is the speed at which you can go to market and stand up new resources, that also creates challenges for customers when it comes to visibility and securing those assets. >> Yeah, I mean the guy from Liberty Mutual today in the keynote, said his number one challenge is just keeping up with Amazon, the pace of change, you're seeing that in your client base? And how are they dealing with it? >> Absolutely, one of the conversations that I frequently have with customers when it comes to the visibility and keeping up with angle is, I frequently will say to customers, pull out your cloud bill, if you are aware of and know everything that is on that bill and where it came from, frankly I'd be very surprised. A lot of them struggle with that, with being able to keep up with that. And it's again a double edged sword, it's great as far as a business standpoint and being able to extend your business globally within minutes, but it's also a challenge for them from a security standpoint. >> And you talk about the challenges that businesses are up against when it comes to cloud security because on premises has decades of experiences dealing with security, the old days of perimeter based security, some still do that. Now the perimeter's pretty much gone away with cloud, cloud native has a different approach. So there seems to be a lot of questions around what to do, what are those challenges in cloud security specifically, that businesses face? >> So, you hit the first one, right? The first one is this concept of I build a castle and put a big wall around it and a moat around it, no longer exists, right? The perimeter is a memory. Another one is, as I mentioned before, the speed at which resources are added to the cloud, that's difficult for customers 'cause you can't see it, you can't secure it, right? If you don't know it exists. And then the third thing is really being able to understand how you make security happen within the cloud because those tools that you used on premise and in your own perimeter, don't necessarily exactly translate to the cloud. And it's important to have solutions that are designed for that and that not only work and operate well within the cloud but also don't take away the benefits of the cloud. If you have a solution that's going to slow you down or make it where you can't innovate at the speed of the cloud, you might as well keep it on prem, you're taking away all the benefit of the cloud. >> So, are you finding, a lot of times, the early cloud days with a lot of so called crapplications, just going to the cloud, okay. So maybe not as much credit card information, so maybe it's not as valuable, but are you seeing, people hitting the cloud more today than, say, certain on prem environments? Is it escalating, what does your data show? >> So, there was a study done not too long ago that showed past and projected cloud growth from 2017 to 2022. And what was interesting was the cloud services revenue growth was expected to grow by double, the cloud security spending was expected to grow by more than three times. And we think that was in large part of customers understanding their responsibilities in the shared security model, but also a product of exactly what you say, crapplications, right? One of our first customers that I think of was a convenience store chain, the very first things they moved, store locator and nutritional information applications. If something went wrong with those, yes, it's not great for your business if they can't find your store, but it's not credit card data, it's not personal information so on and so forth. As businesses start moving really key to the business applications, ERP systems, things like that, with real data that's at risk, that's where their focus on security is real strong. >> So there's a lot of confusion out there. And as I walk around the show floor here, I see, we secure the cloud, we the secure the cloud, no we secure the cloud! And I hear from Amazon we have a shared responsibility model, we secure the infrastructure, a lot of customers think, hey, Amazon has great security, so does Google, so does Microsoft, I'll put it in the cloud, I'll be good to go. Help us clear up some of that confusion, what's your point of view on that? >> Yeah, I think that when you look at it, customers were at one point extremely afraid of the cloud. And the cloud providers themselves did a great job of talking about why you could trust their infrastructure. In the process, I think customers have a difficult time understanding where their responsibility begins. And what we always like to say is, the cloud provider's responsible for the security of the cloud, you, Mr. Customer, are responsible for the security in the cloud. And the reason that's important is, the fact is the cloud providers could potentially provide the security in the cloud, but the measure of control that they would have over the applications that you build, the applications that you deploy, who you give access to and what you allow them to do would be so great, I don't think it would be a really positive experience for customers. >> Too many permutations. Just 'cause, criticism early on in cloud security wasn't that the security was bad, it was that, I couldn't enforce the edicts of my organization, there weren't enough features and now today, it's like you're drinking from this fire hose of features. So is that really the issue? It's up to you to figure out what works for your organization and then apply it. We heard today, you've got to opt in for things like encryption. Make sure you opt in to each availability zone. So that's a individual customer choice. Amazon provides the tools, okay, but then where do you pick up? Where does Sophos pick up? >> So, that's a great segue, so, as an example, our new Sophos Cloud Optics product does a great job with that, for instance uses the AWS CIS benchmarks. And that is a heavy heavy document that may be difficult for a customer to ingest, but we can run it against all of your workloads, your S3 buckets and see that you're in compliance with that CIS benchmark policy. That's a great place to start. Maybe you have some compliance regulations that you have to follow that have a security component to it such as BCI for example. And they would lead you towards things like identity and access management, they would lead you towards, am I following a good password policy? A good updating policy, am I sure that my S3 buckets are encrypted and not accessible to the internet without some sort of protection in place? All those things. >> The evolving cloud security landscape's changing on the threats side. You've got now detection, alerts, all these things are going on. You guys have some data on the cyber criminal activity. Up, down, is it more complex, harder to crack? Is there people cracking it? Certainly we know people are always trying, you can attack anything, we've seen foreign states enabling these groups out there, you've seen all kinds of cyber criminals, what's the data showing? >> So, the data shows, I think the most compelling thing. We did a study that we commissioned earlier this year where we placed workloads in 10 of AWS's most popular data centers around the world. And what we saw was, the first attempt to compromise one of those assets took all of 52 seconds. 52 seconds after we launched it there was an attempt to compromise it. More compelling was the fact that, on average it took a sum total of 40 minutes was the average time before an attempt to compromise took place. And, on top of that, once the asset was discovered, on average every 13 times every single minute of every single hour of every single day over a 30 day period, someone was attempting to compromise this. We ended up totalling over five million attempted compromises in a 30 day period on 10 assets. So, I think the biggest thing is not so much the techniques, but the level of automation that the bad guys have going on, they know that there are assets out there, that are not in a state that they necessarily should be and they are doing their level best to find them as absolutely quick as possible. >> What makes the cloud so attractive to the cyber criminals? >> I think the biggest thing is that as customers go from the crapplication into some real applications, they know that there is a lot of data there. They also know that customers are, well this is a newer platform for them, and they may be struggling with understanding exactly what they need to do differently than they did on prem in order to secure it. >> So follow up on that, how do you approach cloud security and how is different than on prem? >> So, the biggest difference is can it work within the fabric of the cloud? Is there tight integration with the things that the cloud providers offer? And do you not in any way hamper the great things about the cloud, scalability, the option to be available in a matter of seconds? If you are hampering that, then that's not security that's really going to work well, it's the whole benefit of the cloud in the first place, right? >> So sum up your cloud solution, what's the big problem that you guys solve? >> So, we have several different solutions that are available from a next generation firewall to our host protection. Our newest offering Sophos Cloud Optics, is really about helping them to gain that visibility, to understand exactly what they have running in the cloud, present a topology map that shows them how it connects, how it communicates, both internally and to the outside world. And then to constantly and continuously evaluate where they are in a security posture. >> So that's visibility into threats? >> Yep and for posture as well. >> Help look for quality alerts. >> Yep. >> Okay, so what's the customer orientation right now? Red, yellow, green? (he laughs) It seems to me it's always red. We asked someone earlier, what's a good day in security? And it's like, when we're still in business. There's a lot of pressure, again, hacking just shows you, it's easy to attack, certainly seconds to minutes, things are being compromised. It's going to happen on premise as well. What's the state of the union in your view? >> I think for customers there is a feeling sometimes and I think we as security vendors need to be careful about this, of not presenting the world as impossible to secure because I believe that it is absolutely possible to secure the world. I think there are some things that customers need to do, I think it's difficult for them sometimes to cut through some of the misinformation, the marketing spin and so on and so forth that's out there, but it's really incumbent upon them to look and read through the materials that are provided by the cloud providers to understand where their responsibilities begin and end. And then find the solutions that they've always used on prem and been successful with, that are ported to the cloud. And if they're not ported to the cloud to look for a different vendor. >> So why Sophos? >> So, Sophos has been around for 30 years. We have along history, we've been a security company, always a security company. And we have frankly what is a rather long track record in the cloud, we first ported our firewall to the cloud six years ago, we've continued to innovate in the cloud. We are able to do things that other vendors are not to support things that customers want to do, autoscaling, outbound gateway, things like that. And we continue to innovate that platform as well as add key pieces to our platform such as our Cloud Optics, which interestingly enough, came to us as we were shopping for it as a customer to support our own central infrastructure that runs in AWS. Our security guys thought, hey we need a product that will help us with visibility and posture management. And then they turned to the organization and said, hey this is great product, we ought to look at buying this company and that's how that acquisition came about. >> And so what's new with the company? What's going on, what are you guys doing? Got a lot here at Amazon, what other things you working on that's important to tell? >> Yeah, we're basically at this point, with that acquisition of Optics happened, it was a company called Avid Secure. That just went down in January this year, we released in the first week of April. Our own skinned Sophos version of the product. And we're really looking to continue that innovation. Our theme this year for our company was evolve. We feel that as the world evolves, security evolves and we have to evolve as well. And so there's a real focus on constantly evolving our products, innovating and trying to stay one step ahead of the bad guys, unfortunately. >> Andy, you've been around, we've been around, we've seen all waves come and go. Client server mainframe all the way back into those days to now. What do you think the most important story in the security industry is these days? What needs to be told that either is being told or needs to be amplified or isn't being told, what do you think's the high order bid in terms of the most important story? >> I think there's two fronts to that. One is as I mentioned, evolve was a big point of discussion in our internal meetings as well as our partner conferences. And helping customers to understand that their world has to evolve as well. The idea of a perimeter for instance, there are lot of companies that still try to stick to that idea of I can build a wall around my business. And the reality is is between mobile devices, between every employee practically has a laptop now, the idea of keeping that castle wall around your business is just unrealistic and so, customers have to understand that. They also have to understand that a migration to the cloud is inevitable and the sooner that they embrace that, the sooner they'll get the benefits of it and the sooner that they can begin the journey to the cloud. We feel it's inevitable. >> Andy, great insight, the evolving security threat landscape here on theCUBE. Live coverage covering AWS re:Inforce. Be right back with more after a short break, I'm John Furrier with Dave Vellante, we'll be right back.

(techno pop music)- [Announcer] Live from Boston, Massachusetts, it's theCUBE. Covering AWS re:Inforce 2019. Brought to you by Amazon Web Services and its ecosystem partners. >> Hello everyone, welcome to theCUBE here in Boston. We're live at Amazon Web Services, AWS' first inaugural security conference. It's called the re:Inforce. They have re:Invent, which is the annual Amazon Web Services, AWS customer event. This is kind of like an Amazon Web Services summit meets with re:Invent. They're calling it re:Inforce. This is an event that looks like it's going to be a lot like re:Invent for the security sector. I'm John Furrier your host, with my co-host, David Vellante. Dave, re:Inforce inaugural show for Amazon Web Services, AWS but it's got a feel for summit, a little education but big keynotes. This is about security. This is a stake in the ground for AWS to have a dedicated conference and customer event around security, reinforces the name. Kind of like re:Invent, kind of get the vibe there. They're tryin' to go kind of independent, kind of new swim lane for a conference. Certainly there's demand. >> Yeah well two years ago, when you and I were at the DC public sector, you just came off of that show recently. The head of IT at the CIA said, "Security of the cloud on our worst day is better than "our clients' server systems on their best day." So this narrative of the sky is falling that you always hear from security vendors, is not what Amazon is projecting. Amazon is projecting that the state of the Cloud Union is strong. Kind of (laughs) like the president, every time he gives a State of the Union Address. So it comes down to me John as how do you secure massively distributed systems in the Cloud? Huge challenge for people. We heard from customers today, Liberty Mutual and Capital One, their number one challenge is how to keep pace with AWS? How to keep pace with the changes? So what you're seeing is this shared security model. Amazon takes care of the infrastructure, the database, the storage, and the customer still has to worry about endpoints, their own network, the operating system, the applications. So, they always talk about undifferentiated heavy lifting. You're seeing a shift toward that customer side of focus and on response. So putting more resources on response versus securing that core infrastructure. >> And security's changing. This is also a show about CISOs, the chief information security officer, also known as a CISO. The CISO and CIO kind of have similar roles. They have to look out over massive change in the enterprise these days, digital transformations, On-premise versus Cloud. Two different modes of operation. People love the On-premise in the old days, but now moving to the Cloud creates a different challenge and opportunity for security. I have some thoughts. I'd love to get your thoughts on what you see as Cloud security because there's a difference. Lift and shift is easy when you're talking about infrastructure. But when you start getting into coding and having something be security Native, there's a difference between Cloud security and On-premise's security. How are you seeing that play out? >> Well I think the whole notion of infrastructure as a code emanated 'cause of the Cloud. So I see it playing out as you got to have security as code. So it's sort of the intersection of DevOps and SecOps. And then to your other point, is what's the right regime? Who's responsible for it? Is it the CIO, is it the CISO? Should the CISO report to the CIO, all that other stuff. And personally I've always felt like it should be a separate reporting structure because otherwise you've got the sort of the fox guarding the henhouse. So I think that's key point number one. The other point is, bad security practices by end users will trump good security by IT. So it is really, it's a cliche, but it is truly a team sport. I think the big challenge again that people have is how do they keep pace with AWS? They're moving so fast. And it's not only just for customers, John. I think it's for the ecosystem as well. I can see Amazon eating away (laughs) at the value created by a lot of their partners. >> I mean, Amazon clearly is showing their cards here. They're continuing to push the agility, raising the bar kind of philosophy. And really what's happening with AWS is that, it's a continuation of their subscription model. You've got Dave McCann, he's going to be coming on theCUBE, he runs the Marketplace. You're seeing now hundreds and hundreds of subscriptions in the marketplace, thousands of subscriptions coming out, huge buying philosophy there. But this notion of foundational security built-in from day one. Is a philosophy Amazon is believing that and they can secure their environment. And they want customers as you pointed out, saying "Look it, we'll cover our AWS, we'll be highly secure." "You focus on what you do better." "You can use Security Hub, Control Tower." Which was announced as general availability. And they're saying to their ecosystems, "Look it, build on top of AWS, "because we have the best security." "We are a bit more secure." "But we won't try to compete with you if you use our stuff." So this has been a very interesting dynamic. And the security industry is responding well to it because they want to rely on Amazon. Why recreate the wheel? Use the Amazon, but they have to be free to compete on their own. That's what Amazon is saying in the private conversations I've had. Is that they're saying, "We're not going to compete with you, if you build on AWS." >> Yeah, and you move fast. (laughs) >> (laughs) And you move fast, and you make more money. >> But this is why I think everybody's going after Multi-Cloud. 'Cause if you hear that story, you're like, Wow, I don't think I could move as fast as AWS. I can't just build on AWS. I have to have a hedge strategy. So therein lies the Multi-Cloud. But John you I think, nailed it several years ago. It's Cloud, right? It's data. The Security fits in there and it weaves in availability, certainly privacy. You don't hear Amazon talking tons about privacy, but that's another side of the coin. These things are all intertwined, and it comes back to the data. >> We're going to see, for the folks watching, we're going to be seeing a lot of security cut on theCUBE. Security's a natural fit for what we've been covering. Starting out with the infrastructure, with Cloud, Big data, AI, Security, IoT are all kind of in the center there, because Security's looking a lot more like Cloud, than Cloud looking like Security. So Security has to become more agile, shared responsibility. Things like automation, reasoning, these are terms that are coming up. AI and Cloud are a perfect mixture to come in and actually reshape the security landscape. 'Cause the fact of the matter is there are way too many vendors and suppliers and service providers for customers that want to get down the (laughs) lower numbers, suppliers and more functionality. So you're seeing the conversations from the CISO's that I've had here. In the hallways and meetings I've had privately they all tell me Dave, that "We want want to reduce our suppliers down to, "big number down to single digits." "Ya know double digits not three digits." "Hundreds to a handful." The second thing that they're telling me is Multi-Cloud is B.S. to them. And that shocked me to hear top regime leaders saying "Multi-Cloud is not something we're interested in." Because this flies in the face of what we've been reporting, what we've been hearing, around Multi-Cloud. And I asked, "Why is that an issue?" "Won't there be multiple Clouds?" And this person said, "Yeah we use multiple Clouds "but I can't split my talents up multi-talents." So it's a talent game in Security. And the risk for the organization is to have multiple Clouds, multiple stacks, too many code bases. They're forking their talent base and that is not consistent with the security direction that they're taking from a coding Native standpoint. They want to have Security built-in and everything. So the devs can be agile and start and build stuff on top of Security. So Multi-Cloud great messaging and concept. You might have a few Clouds but the fact of the matter is, when they start splitin' the talent out like that, you dilute the overall power. >> But you actually, >> That was surprising. >> You actually did report on this. And when you tie back to your JEDI coverage, I mean the DOD basically said that Multi-Cloud is more complex, more costly and less secure. Now for that team that's doing JEDI they want a single (laughs) environment. The other thing I heard today, which I think is interesting, huge challenge is IoT. 75 billion connected endpoints by 2025. Okay we always hear those big numbers. But somethin' I didn't know. 90% of IoT data is plain text in the form of HTTP. Plain text. So it's not encrypted. So Amazon is going hard after that. And so they're going to bring tooling to that problem. I like Amazon strategy and ya everybody says, "Oh you can't bring the Cloud." It's about building applications securely at the edge. And that's what Amazon wants to enable. I like that strategy better than what you see from companies like Dell and HP. Is like, hey here's a box. We're going to top-down, throw it over and secure the edge. I don't think that top-down approach is going to be as effective as a bottom-up application developer approach. To your point, building security in. >> Yeah I mean, we're back to the classic digital transformation and people process technology equation. Where you have the organizational structures. A big conversation here as well. You mentioned which regime runs it. Because if you want to do DevOps, you got to develop and then put it in production. So you have two kind of splits there. You want to have more agility, you need more DevOps and you want to have that Native stack built-in, a firm Security stack, but then when you ship it to production you've got governance. So most organizations here that other big players in Security have kind of pillars. Right? Governance and risk management, operations and intelligence, data, and then full-blown engineering teams and then information security groups. That are just peaked on those. And the numbers are becoming much more significant. Security is IT now. It's not some sanctioned off group. It's becoming the way. And a lot of cutting-edge technologies are coming out of the Security market. So to me, I think the Security industry and the idea of having a conference dedicated to Security is a good one. Because the canary in the coal mine in this industry, is coming out of Security. And this is where the action is. So I see a lot of innovation and I think there's going to be a tsunami of apps that are going to be bought, like services. So I think ya know, this notion of shared services with Amazon and the Marketplace could be a great consumption model for enterprises. So ya know, you're going to see that dynamic. Enablement for channel and ecosystem. Marketplace for customers to buy software and services. >> And it's really again, a strong bottoms-up message from Amazon. It's kind of CISO on down. You know it's not the corner sweep that Amazon is messaging to. Although there's some messaging in there. They're basically positioning themselves as by far the fastest innovator, most features, most compliance, GRC, all that stuff. But really it's hardcore deep dives on Security. They're talkin' to Security pros. It's like when you go to reinvent strong developer crowd. Hardcore security SecOps, really detailed, serious technical people. That's their bottoms-up approach. >> Well Dave let me give you my thoughts on the Keynote. Then I want to get yours. And I want to give you a list of things that I was reporting on last night and getting in today, getting all the data on kind of the key topics that are going to be covered here in this show and beyond. So first the Keynote. Loved the encrypt anywhere message. >> Everywhere yeah. >> Assume everyone's watching. Security is everyone's job. Very big theme around you know, that notion of encryption. And that, you got to take care of it. The shared responsibility model. I loved that kind of message. And then automated remediation. This came up in my CISO conversations I've had this week where remediation can be automated so they can focus the talent on threat detection and notification alerting. So threat detection's moving to notifications and alerts. And they want to use automation like Lambda to automate known tech problems that can just take away and not have their people work on it. So that's a huge, huge topic on the Keynote. I love that. And using Lambda is great one. Building security measures into APIs. And then mathing the Cloud. I love that concept. Nerded on that. So overall typical Amazon Keynote. Meat and potatoes being served up in terms of the course of content and that was an awesome, awesome piece of it. So that' my take. What's your take on the Keynote. >> So my number one takeaway is again the customer saying, "Our number one biggest challenge is keeping up with the pace of change and the pace of innovation." And to your point, the answer to that challenge is automation. Amazon is forcing it's customers to automate so they can move faster. And Amazon knows that that's its key competitive weapon. It can rollout features faster than anybody else. Create that fly-wheel effect. If it can get its customers, you know most vendors move at the speed of the fat-middle of IT. Which is really slow. Amazon, interestingly, is pushing its customers faster than they're used to going. >> So Dave I had a chance to have a sit down and poll a bunch of CISOs and CIOs. So sometimes they have a CISO sometimes it's a CIO. >> Right. >> The role seems to be blending in as kind of one big, kind of overseer of the action. And here's what I've found terms of the key themes that were on their mind. And again this is part of our ongoing CISO interviews we've been doing and paneling the top CISOs of the top companies. Key topics that's on their mind. Vendor lock-in. Spend. They're spendin' a lot of cash. Being Security Native and kind of having that cultural philosophy of Security built-in so developers don't have to do it. That's very DevOpsy. Your point about Security as code. Big topic. That was a big one. And then kind of in the management side. Service providers slash suppliers. Dealing with the legacy (laughs) of the inherited supplier base that's calling on them and people who want to sell them things. The value creation process that's wants to be tied into suppliers. So that's kind of a procurement thing. Metrics. Which KPI should they be paying attention to? What's really going on? As I mentioned the threat detection versus alerts. Threat detection is not, kind of seems to be moving more towards alerts so threat detections can be managed. These are kind of things they want to measure. If you just measure one thing then might be have a blind spot. So metrics is I think what keeps them up at night. In terms of the topic. The Cloud Security model's different On-Premise and Cloud. Integration. Integration from third parties 'cause that's going to be a reality. Ecosystems like Amazon has a ton of suppliers that they can be buying services from, so it better integrate into a security stack. Identity management, obviously big. Automation. Workforce and talent. The Multi-Cloud comment came out of this. Talent is the number one game. This is a really critical piece. They coming up with strategies to recruit and to retain and have the best people working on the tech stacks, not working on just general architecture. And then finally, coding security. These are the top topics on the minds of the top CISOs and CIOs in the enterprise. And this is the key areas we're going to be covering. >> So that says to me you know, the concern about lock-in and the concern about spend, so they probably will have exit strategies in hedge. So (laughs) probably will be Multi-Cloud, which is interesting. The Multi-Cloud at one said Multi-Cloud's B.S. But at the same time their top-of-mind issues suggest that Multi-Cloud is going to be a key. On metrics. You know there's a metric out there that after you get infiltrated it takes 256 days to identify that. >> Yep. >> I'd like to see in the Cloud what that metric looks like. >> Yeah, yeah. >> Does that go down? So that's something that's really interesting. As opposed to, okay, how many threats did we count? Right? Or thwart. You know like you mentioned ID management. Identity management. Automation. And I agree talent. There's a big war. Capital One said they just opened a big technical presence in Boston. A lot of talent here. A lot of talent, around the world >> Well just for the record. I'm not anti Multi-cloud. I was just pointing out, the comments that, >> Right, no right. I understand that ya. >> the CISOs said I think Multi-Cloud is realistic. But what he was pointing out is that right now Multi-Cloud isn't attainable in the way that they want it. They have to spend too much of their talent on code bases and stacks that aren't compatible. >> And integration. >> I personally think that you'll have Multi-Cloud environments for all companies but they're going to pick one. For example, and the workload should define the Cloud you're working on so why would you want to just split a workload between two Clouds. Makes no sense. Unless it's completely automated, and frictionless and there's (laughs) value. >> Well Multi-Cloud is a symptom of multi-vendor. You've got different teams doing different projects, different parts of the organization and that's what it is. It's less of strategy then it is a symptom, at least at this point in time. >> Okay that's the kickoff for the inaugural AWS show here in Boston. This is the live Cube coverage here for two days. I'm John Furrier, Dave Vellante. Stay with us for two days of coverage. We'll be right back. (techno pop music)