(light music) >> Welcome back to Supercloud 22. I'm John Furrier, host of theCUBE. We're here Palo Alto for a big event. Supercloud 22, we've got a great ecosystem conversation here. Ramesh Prabagaran, who's the co-founder and CEO, Prosimo. Ramesh, great to see you. Thanks for coming on. >> Thanks for having me, John. >> So, I wanted to bring you in because we've had previous CUBE conversations around cloud networking, latency, you also have some, some pedigree, Viptela. The folks in the industry know that's been a deep tech company. >> Yep. >> You have been around the block. You've seen the movie before. You've seen the tech trends. You've seen the hype. You've seen the fluff. Where's the meat on the bone with Supercloud in your opinion? >> So it, it starts with what enterprises are struggling with, right? And if you take a very simple example, it's actually quite fresh in my mind because I was just having this conversation this morning. A large bank has an application sitting in AWS, right? And they have to provide the application access to the treasury, to their suppliers, to ticker feeds, to all their downstream partners, and so on and so forth. Guess what? They don't control, where all those things are. They're in very different regions and very different clouds. And so you, whether you like it or not, you have a problem here, right? And so it starts with, for the particular bank, what are the capabilities that they need, right? And so AWS provides a whole host of native capabilities, but they still need to build a few more things on top. So going by, essentially the definition of Supercloud, even within a single cloud you need to build a few more capabilities on top. That gets worsened by the fact that now you need to provide access to various other clouds, various other regions and, and so forth. So, whether we like it or not, this movie is here to stay. >> What's the difference between Supercloud and multi-cloud? Because multi-cloud, I've been saying, is not necessarily a market yet. >> Correct, yes. So, Supercloud is essentially the cloud native capabilities provided by the hyperscalers, get you probably 30, 40% of the way, right? But then, in order to deliver on a care about, right? In our case, from a cloud networking standpoint, that is experience, that's performance, reliability, zero trust access, and then so forth. You have to take that a little bit further, and so we have vendors, like us, that actually build capabilities on top of the hyperscalers, right? Now, even if you think of a single cloud, how you build that is different on AWS than it's on Azure, than on GCP. But do the customers care? No, they want to be able to consume it in exactly the same way across all of them. So, whether it's multi-cloud or a single cloud, you have a problem that is white space on top of the hyperscalers capabilities that you just need to build. >> And what problems is it solving today? Because again, I, again, multi-cloud, I've yet seen the problem. I kind of get what's happening. Multiple clouds do exist. Use cases matter, maybe best debri, but they're standalone. They're not really interoperating, so to speak. So people have been successful on, on public cloud. >> That's correct, yes. >> For use cases? >> Absolutely. So even if you take a single cloud, for example, right? You have multiple problems to, to address. So let's take the example of, I have users coming from various different regions, around the globe, and I have apps that are spread, maybe not across like all clouds, but single cloud, maybe multiple regions, right? Now, I have a reach problem, which is, I need to go from where the user is to where the application is sitting. I have an experience problem because if my spinning wheel shows up, I'm going to go crazy. I have a security problem because I want to make sure it's only me that have access to it, right? But does the cloud provider solve for this entirely? No, they give you the nuts, the bolts, or what we call ours essentially, what you need is a, is a latte. They give you really nice coffee beans, not just one flavor, 20 flavors of those. They give you raw sugar and a few other things. They give you five different flavors of milk, but you got to make your own latte. So, that's what we do. >> And this is where the infrastructure transformation's happening. >> Exactly. >> And the super paz layer, as Dave Vellante and I have talked about in cloud, is you have to integrate a native cloud. >> Correct. >> Which is beautiful. It's integrated, everything works together, there's a lot of lattes to be made or espressos. >> Exactly. >> I mean, tons of great things there. So, big check marks, double check, gold star for AWS. >> Correct. >> All good. Now, on premises, we've found that hybrid is a steady state. >> Exactly. >> Okay, that's cloud operations. Now, you got the edge. Where does the Supercloud strategy come in? For the folks watching there, it's like, "Hey, okay, I get that." "But I don't want to just buy into another vendor's hype." >> Absolutely. >> "I got to build my own cloud," to your point about the lattes. >> Correct. >> They have to make their own infrastructure an application environment to power the developer. >> Exactly. And, and hybrid is here to stay as, as you pointed out, right, John? So, I have my data center and let's say when most folks start out they start to like a single region of a single cloud, right? And what are you most concerned about there? Hey, can I migrate? Can I start to build applications in the public cloud, right? And all you care about is can you talk back into my data center? Like, as long as some basic hygiene is there that's all they care about, right? The problem happens when you go from, kind of, the first five EC2 instances to 50 to a hundred, then you have a few other things that you need to care about, right? That's really kind of where the, the Supercloud capabilities start to come in, right? Because you have the cloud native things you can make that work for the first few days, but then after that you need augmented capabilities. >> So Ramesh, some people will say, "Hey, John, Supercloud okay, it's funny, ha ha ha." But isn't it just SAS? >> No, SAS is a delivery mechanism, right? And so, so there is the capability and that is how do you want to consume, right? And so capabilities or cloud native capabilities or piece of software capabilities or (unintelligible) cluster form factor and so forth. How do you want to consume? Maybe it's a package form factor, it is a size, it could even be passive if it's sitting in the, in the element, and then so forth, right? And so you really want to distinguish those two. And, and, and that's how we see the, the industry evolve. >> Can Superclouds be specialty clouds? Like is Snowflake a Supercloud? Is Goldman Sachs financial cloud a Supercloud? >> Absolutely, right. So Supercloud is not like a, a conglomeration of multiple capabilities, right? It can be for a specific use case, it can be for a specific functionality. So we, we consider our capabilities by the definition as a Supercloud in, in networking, right? In cloud networking, in Prosimo. So, does that solve the entirety of what I want to do in the cloud? No, absolutely not. There's data, there's computers, a whole bunch of other things, but for a specialty you do have some Supercloud. >> Yeah, in fact, I had a note here. I was going to ask you will, when will there be specialty clouds, apps, identity, data, security, nteworking, we will see those? >> Absolutely, yeah. And, and those are slowly starting to brew, right? So you have, you have identity as one, you have networking as one, you have the zero trust piece as, as another one, you have data as a, as another one. So when all these things come together, absolutely. That's what, that's what enterprise customers care about. >> So I love infrastructure as code, that drove a lot of the evolution and revolution of DevOps. When are we going to see security as code and network as code? Or is it there? >> No networkers code, for sure. It's already, it's already there. It's probably in its early innings, I would say, but we are starting to see that already. The reason for that is really simple. Enough CIOs have yelled at their networking teams to say, "my app guys can get this done three," "four times a day, you get this done once a week." Right? And so, that has actually driven quite a bit of innovation, >> It's slow, >> It's slow, right? And so that's driven quite a bit of innovation. It all starts with, hey, can I build a Terraform provider and then just integrate into Terraform? But it doesn't, it doesn't stop there, right? There's a whole bunch of additional capabilities, a day in troubleshooting, a whole bunch of things that need to come together. But I would say networkers code has already started to, to, to take ship. >> Which, that's a great point about specialty clouds. What about vertical clouds too? 'Cause you got insurance, oil and gas, FinTech. Both sides of the stack can have specialty clouds. >> Absolutely, yeah. So, it, what's driving specialty clouds, right? Some of it is compliance, mainly because you just have to shard the data, and when you shard the data, the entirety gets, gets sharded, right? Some of it driven by use case, because some are a little more serverless, service mesh and intelligence focused, some are a little more infrastructure focused. So you do see that taking off. I would say we've seen a whole lot more, kind of, on the horizontal side, less on the vertical side, but that's really happening, right? >> Yeah, I think that, to me, indicates a Supercloud. The fact that the diversity of the application on the clouds themselves, someone could be spending, say, Liberty Mutual or Goldman Sachs. They were once spending that as CapEx. >> Exactly. >> Now it's OPEX, so they become a service provider. So, if you have scale with data and expertise, you become a Supercloud by default. And you don't have to pay for the CapEx, >> Yeah. You're already paying in. >> Exactly, yeah. >> And that's what snowflake basically did with data warehouse. >> That's right, yeah. >> I mean they're basically a data warehouse. Refactored on the cloud and then go, "whoa, let's go to Azure." >> Yeah. And, and where does that data decide do you ask that question? No, right? You just assume that, hey, retrospective of it's a single cloud, multiple regions, it's there. If it's stretched to multiple clouds, yes, it's just there, but you, you talk about like that. >> In our cloud already panel earlier, we talked about how companies are going fast on one native cloud, 'cause they don't want to have multiple development teams and different ops teams. They go all in say, hey, mostly AWS wins this, unless it's specially Azure productivity software or SQL database, go hard in on Amazon, get speed and velocity, get that flywheel, win, get scale, get value. Then go to Azure, provide that same value to that marketplace and other clouds. Then the next dot to connect is, can the customer have the same experience across the clouds? That's where it gets interesting. What's your thoughts on that? >> Actually, it gets interesting even when they go from a single cloud in a single region to multiple regions, right? And the, the more spread out the regions are, you have requirements around application performance, application experience and so forth. So, suddenly the networking conversation starts to become an experience and a performance conversation. The security conversation starts to become a zero trust conversation and so forth. And so you, you do see that, that interesting shift that's happening. >> Of course. >> Exactly. And then that gets worsened by the fact that now you have multiple clouds, multiple regions, and then... >> So you got regions, clouds, >> and then you have edge locations now. >> And edge. >> You mentioned edge. >> This, this is why I think multi-cloud is BS, because this is all coming so fast. You got to get your Supercloud first. >> Exactly. >> Then you extend into, what it looks like a multi-vendor or multifaceted environment that should be automated by that time. >> Exactly. >> So it's evolutionary, we're not there yet. >> Exactly. >> So you agree, no market yet? >> That's right, yes. So unless it's like the super large enterprises where we have seen a really good mix of multiple different clouds or super large enterprises where each business unit is free to choose the cloud of their choice for the application developers because they just like a certain cloud, right? >> Or negotiations. >> Or negotiations, right? Exactly, so there you find yourself in a healthy mix. It's not like you're 80, 10, 10. It's, it's a healthy mix of three different clouds, right? But vast majority of the enterprises, they have a concerted strategy, I have a primary cloud 'cause that's where two, two big CEOs shake hands and assign multi billion dollar deals, right? >> It's just a song with Howie Shute, who's now a Zscaler, former VMware. Probably know Howie, he's a legend in the community as well. We were talking about the old days of the data center and you remember that? We'll go back to our, into our, you know, historical views of experience. Back when the data center became popular this was the glass house. Mainframes to mini computers. It became a complex environment. You had to have pretty much a PhD or serious networking or some sort of technical background. And then IT was born, the local area networks, the mini computers, and the PCs change that dynamic. IT was born. Okay, and let's just say it, most IT guys aren't PhDs. >> Exactly. >> So what's happened there is democratization and the operations side of that wave. We're kind of going th&rough it now, don't ya think, with cloud? Like, you got to be super smart to wrangle the data. I mean, some of the data pipelining stuff is super complex, after Snowflake and data bricks. >> Absolutely. And largely depends on the maturity, right? Like, so once you pass a certain scale in the cloud the care abouts start to be very different. The care abouts are, how can I operate this at scale? Because I might have started off with a relatively inefficient infrastructure, right? But now if I start to operate that at scale with like thousands of VPCs and so forth, somebody is looking at an AWS bill there and going, "ah, no, no, no, we're not going to do that." >> We're getting to the good part now. So, so here's where I wanted to get to, 'Cause we're kind of getting there, The proof points of Supercloud is IT like operations, >> Correct. >> Easy. >> Yep. >> Not overstaffed and maybe an SRE model one too many. >> Yeah, exactly. >> What are the proof points do you see that would be evidence that Supercloud is working? >> So in a well functional model where we have seen enterprises take the applications that they care about and then move that into the public cloud or build it organically. If they have staffed their team, I think a good leading indicator is that they have staffed the team so that there are a bunch of guys who understand what it means for cloud native capabilities. There are a bunch of guys who then put it together and then you look at the care abouts, right? Ultimately at the end of the day, the goal, if you go higher up in the layers, is it about application experience? Is it about kind of reducing the blast radius of my security? Is it about my data cleanliness and, and hygiene? You don't care about kind of how the pipelining works underneath the covers or how do I put a transit gateway and this and that together? No, that's not what you care about. You care about kind of the outcomes and, and- >> Palmer (unintelligible) that VMware, when he was there. You just say the hardened top, no one talks about what's in an Intel processor. I mean it's just works. >> Exactly, yeah. And it's what applications you build on top of that Intel processor that actually makes it more powerful, right? And so the first evidence I would say is kind of how is the team structured? The second evidence would be kind of what, what are the care abouts for the guys that are building these applications, right? Because even the application developers more than the application, they care about kind of, is it helping? Is it delivering on the experience? Is it being used the way it's supposed to? >> Is it value? >> Exactly, right? And those are not areas that the cloud providers are solely focused on, right? Like you don't see an AWS or an Azure dashboard show that particular thing for the entirety of the application, they'll tell you for the ATR services that you, that you use, here's the SLA for each one of these services. >> And that's where the customer has to build it. >> Exactly right. Now, does that give you the full picture? No, it doesn't. Somebody has to pull this together. Somebody has to aggregate this together and then make sense as to whether this is working or not, right? So whether you call it Supercloud, or whether you call it kind of the care abouts on top of the cloud native stuff, they're all the same. I'm glad you guys came up with a, with a name for this. And I think it's going to be here to stay. >> Well, thank you for sharing your expertise. You got a great background in this area and you got, I think you guys are right on the front wave of this new change. I think a little bit early, but that's good, but don't be too early. >> Yeah, exactly. No, and, and, and that's really important, right, John? So, you don't want to be too early. You certainly don't want to be too late, but at the same time, the pace at which things are evolving are fast enough that you, you will see. I think when, if we have this conversation even three months from now, it might be a very different conversation. >> Yeah, people want to go fast and they don't want to get stuck with a vendor. They made a bad choice that slows 'em down 'cause they got problems to solve, things to build. >> Yeah, exactly. >> Ramesh, thanks for coming on, Supercloud 22, we're breaking it all down. We're exposing it out to everyone. We're discussing it. We're going to challenge it. But ultimately it is a thing. Supercloud 22. Thanks for watching. >> Wonderful, thanks John. (light music)

>> Announcer: theCube presents HPE Discover 2022, brought to you by HPE. >> Hey, everyone. Welcome back to Las Vegas. This is Lisa Martin with Dave Vellante live at HPE Discover '22. Dave, it's great to be here. This is the first Discover in three years and we're here with about 7,000 of our closest friends. >> Yeah. You know, I tweeted out this, I think I've been to 14 Discovers between the U.S. and Europe, and I've never seen a Discover with so much energy. People are not only psyched to get back together, that's for sure, but I think HPE's got a little spring in its step and it's feeling more confident than maybe some of the past Discovers that I've been to. >> I think so, too. I think there's definitely a spring in the step and we're going to be unpacking some of that spring next with one of our alumni who joins us, Keith White's here, the executive vice president and general manager of GreenLake Cloud Services. Welcome back. >> Great. You all thanks for having me. It's fantastic that you're here and you're right, the energy is crazy at this show. It's been a lot of pent up demand, but I think what you heard from Antonio today is our strategy's changing dramatically and it's really embracing our customers and our partners. So it's great. >> Embracing the customers and the partners, the ecosystem expansion is so critical, especially the last couple of years with the acceleration of digital transformation. So much challenge in every industry, but lots of momentum on the GreenLake side, I was looking at the Q2 numbers, triple digit growth in orders, 65,000 customers over 70 services, eight new services announced just this morning. Talk to us about the momentum of GreenLake. >> The momentum's been fantastic. I mean, I'll tell you, the fact that customers are really now reaccelerating their digital transformation, you probably heard a lot, but there was a delay as we went through the pandemic. So now it's reaccelerating, but everyone's going to a hybrid, multi-cloud environment. Data is the new currency. And obviously, everyone's trying to push out to the Edge and GreenLake is that edge to cloud platform. So we're just seeing tons of momentum, not just from the customers, but partners, we've enabled the platform so partners can plug into it and offer their solutions to our customers as well. So it's exciting and it's been fun to see the momentum from an order standpoint, but one of the big numbers that you may not be aware of is we have over a 96% retention rate. So once a customer's on GreenLake, they stay on it because they're seeing the value, which has been fantastic. >> The value is absolutely critically important. We saw three great big name customers. The Home Depot was on stage this morning, Oak Ridge National Laboratory was as well, Evil Geniuses. So the momentum in the enterprise is clearly present. >> Yeah. It is. And we're hearing it from a lot of customers. And I think you guys talk a lot about, hey, there's the cloud, data and Edge, these big mega trends that are happening out there. And you look at a company like Barclays, they're actually reinventing their entire private cloud infrastructure, running over a hundred thousand workloads on HPE GreenLake. Or you look at a company like Zenseact, who's basically they do autonomous driving software. So they're doing massive parallel computing capabilities. They're pulling in hundreds of petabytes of data to then make driving safer and so you're seeing it on the data front. And then on the Edge, you look at anyone like a Patrick Terminal, for example. They run a whole terminal shipyard. They're getting data in from exporters, importers, regulators, the works and they have to real-time, analyze that data and say, where should this thing go? Especially with today's supply chain challenges, they have to be so efficient, that it's just fantastic. >> It was interesting to hear Fidelma, Keith, this morning on stage. It was the first time I'd really seen real clarity on the platform itself and that it's obviously her job is, okay, here's the platform, now, you guys got to go build on top of it. Both inside of HPE, but also externally, so your ecosystem partners. So, you mentioned the financial services companies like Barclays. We see those companies moving into the digital world by offering some of their services in building their own clouds. >> Keith: That's right. >> What's your vision for GreenLake in terms of being that platform, to assist them in doing that and the data component there? >> I think that was one of the most exciting things about not just showcasing the platform, but also the announcement of our private cloud enterprise, Cloud Service. Because in essence, what you're doing is you're creating that framework for what most companies are doing, which is they're becoming cloud service providers for their internal business units. And they're having to do showback type scenarios, chargeback type scenarios, deliver cloud services and solutions inside the organization so that open platform, you're spot on. For our ecosystem, it's fantastic, but for our customers, they get to leverage it as well for their own internal IT work that's happening. >> So you talk about hybrid cloud, you talk about private cloud, what's your vision? You know, we use this term Supercloud. This in a layer that goes across clouds. What's your thought about that? Because you have an advantage at the Edge with Aruba. Everybody talks about the Edge, but they talk about it more in the context of near Edge. >> That's right. >> We talked to Verizon and they're going far Edge, you guys are participating in that, as well as some of your partners in Red Hat and others. What's your vision for that? What I call Supercloud, is that part of the strategy? Is that more longer term or you think that's pipe dream by Dave? >> No, I think it's really thoughtful, Dave, 'cause it has to be part of the strategy. What I hear, so for example, Ford's a great example. They run Azure, AWS, and then they made a big deal with Google cloud for their internal cars and they run HPE GreenLake. So they're saying, hey, we got four clouds. How do we sort of disaggregate the usage of that? And Chris Lund, who is the VP of information technology at Liberty Mutual Insurance, he talked about it today, where he said, hey, I can deliver these services to my business unit. And they don't know, am I running on the public cloud? Am I running on our HPE GreenLake cloud? Like it doesn't matter to the end user, we've simplified that so much. So I think your Supercloud idea is super thoughtful, not to use the super term too much, that I'm super excited about because it's really clear of what our customers are trying to accomplish, which it's not about the cloud, it's about the solution and the business outcome that gets to work. >> Well, and I think it is different. I mean, it's not like the last 10 years where it was like, hey, I got my stuff to work on the different clouds and I'm replicating as much as I can, the cloud experience on-prem. I think you guys are there now and then to us, the next layer is that ecosystem enablement. So how do you see the ecosystem evolving and what role does Green Lake play there? >> Yeah. This has been really exciting. We had Tarkan Maner who runs Nutanix and Karl Strohmeyer from Equinix on stage with us as well. And what's happening with the ecosystem is, I used to say, one plus one has to equal three for our customers. So when you bring these together, it has to be that scenario, but we are joking that one plus one plus one equals five now because everything has a partner component to it. It's not about the platform, it's not about the specific cloud service, it's actually about the solution that gets delivered. And that's done with an ISV, it's done with a Colo, it's done even with the Hyperscalers. We have Azure Stack HCI as a fully integrated solution. It happens with managed service providers, delivering managed services out to their folks as well. So that platform being fully partner enabled and that ecosystem being able to take advantage of that, and so we have to jointly go to market to our customers for their business needs, their business outcomes. >> Some of the expansion of the ecosystem. we just had Red Hat on in the last hour talking about- >> We're so excited to partner with them. >> Right, what's going on there with OpenShift and Ansible and Rel, but talk about the customer influence in terms of the expansion of the ecosystem. We know we've got to meet customers where they are, they're driving it, but we know that HPE has a big presence in the enterprise and some pretty big customer names. How are they from a demand perspective? >> Well, this is where I think the uniqueness of GreenLake has really changed HPE's approach with our customers. Like in all fairness, we used to be a vendor that provided hardware components for, and we talked a lot about hardware costs and blah, blah, blah. Now, we're actually a partner with those customers. What's the business outcome you're requiring? What's the SLA that we offer you for what you're trying to accomplish? And to do that, we have to have it done with partners. And so even on the storage front, Qumulo or Cohesity. On the backup and recovery disaster recovery, yes, we have our own products, but we also partner with great companies like Veeam because it's customer choice, it's an open platform. And the Red Hat announcement is just fantastic. Because, hey, from a container platform standpoint, OpenShift provides 5,000 plus customers, 90% of the fortune 500 that they engage with, with that opportunity to take GreenLake with OpenShift and implement that container capabilities on-prem. So it's fantastic. >> We were talking after the keynote, Keith Townsend came on, myself and Lisa. And he was like, okay, what about startups? 'Cause that's kind of a hallmark of cloud. And we felt like, okay, startups are not the ideal customer profile necessarily for HPE. Although we saw Evil Geniuses up on stage, but I threw out and I'd love to get your thoughts on this that within companies, incumbents, you have entrepreneurs, they're trying to build their own clouds or Superclouds as I use the term, is that really the target for the developer audience? We've talked a lot about OpenShift with their other platforms, who says as a partner- >> We just announced another extension with Rancher and- >> Yeah. I saw that. And you have to have optionality for developers. Is that the way we should think about the target audience from a developer standpoint? >> I think it will be as we go forward. And so what Fidelma presented on stage was the new developer platform, because we have come to realize, we have to engage with the developers. They're the ones building the apps. They're the ones that are delivering the solutions for the most part. So yeah, I think at the enterprise space, we have a really strong capability. I think when you get into the sort of mid-market SMB standpoint, what we're doing is we're going directly to the managed service and cloud service providers and directly to our Disty and VARS to have them build solutions on top of GreenLake, powered by GreenLake, to then deliver to their customers because that's what the customer wants. I think on the developer side of the house, we have to speak their language, we have to provide their capabilities because they're going to start articulating apps that are going to use both the public cloud and our on-prem capabilities with GreenLake. And so that's got to work very well. And so you've heard us talk about API based and all of that sort of scenario. So it's an exciting time for us, again, moving HPE strategy into something very different than where we were before. >> Well, Keith, that speaks to ecosystem. So I don't know if you were at Microsoft, when the sweaty Steve Ballmer was working with the developers, developers. That's about ecosystem, ecosystem, ecosystem. I don't expect we're going to see Antonio replicating that. But that really is the sort of what you just described is the ecosystem developing on top of GreenLake. That's critical. >> Yeah. And this is one of the things I learned. So, being at Microsoft for as long as I was and leading the Azure business from a commercial standpoint, it was all about the partner and I mean, in all fairness, almost every solution that gets delivered has some sort of partner component to it. Might be an ISV app, might be a managed service, might be in a Colo, might be with our hybrid cloud, with our Hyperscalers, but everything has a partner component to it. And so one of the things I learned with Azure is, you have to sell through and with your ecosystem and go to that customer with a joint solution. And that's where it becomes so impactful and so powerful for what our customers are trying to accomplish. >> When we think about the data gravity and the value of data that put massive potential that it has, even Antonio talked about it this morning, being data rich but insights poor for a long time. >> Yeah. >> Every company in today's day and age has to be a data company to be competitive, there's no more option for that. How does GreenLake empower companies? GreenLake and its ecosystem empower companies to really live being data companies so that they can meet their customers where they are. >> I think it's a really great point because like we said, data's the new currency. Data's the new gold that's out there and people have to get their arms around their data estate. So then they can make these business decisions, these business insights and garner that. And Dave, you mentioned earlier, the Edge is bringing a ton of new data in, and my Zenseact example is a good one. But with GreenLake, you now have a platform that can do data and data management and really sort of establish and secure the data for you. There's no data latency, there's no data egress charges. And which is what we typically run into with the public cloud. But we also support a wide range of databases, open source, as well as the commercial ones, the sequels and those types of scenarios. But what really comes to life is when you have to do analytics on that and you're doing AI and machine learning. And this is one of the benefits I think that people don't realize with HPE is, the investments we've made with Cray, for example, we have and you saw on stage today, the largest supercomputer in the world. That depth that we have as a company, that then comes down into AI and analytics for what we can do with high performance compute, data simulations, data modeling, analytics, like that is something that we, as a company, have really deep, deep capabilities on. So it's exciting to see what we can bring to customers all for that spectrum of data. >> I was excited to see Frontier, they actually achieve, we hosted an event, co-produced event with HPE during the pandemic, Exascale day. >> Yeah. >> But we weren't quite at Exascale, we were like right on the cusp. So to see it actually break through was awesome. So HPC is clearly a differentiator for Hewlett Packard Enterprise. And you talk about the egress. What are some of the other differentiators? Why should people choose GreenLake? >> Well, I think the biggest thing is, that it's truly is a edge to cloud platform. And so you talk about Aruba and our capabilities with a network attached and network as a service capabilities, like that's fairly unique. You don't see that with the other companies. You mentioned earlier to me that compute capabilities that we've had as a company and the storage capabilities. But what's interesting now is that we're sort of taking all of that expertise and we're actually starting to deliver these cloud services that you saw on stage, private cloud, AI and machine learning, high performance computing, VDI, SAP. And now we're actually getting into these industry solutions. So we talked last year about electronic medical records, this year, we've talked about 5g. Now, we're talking about customer loyalty applications. So we're really trying to move from these sort of baseline capabilities and yes, containers and VMs and bare metal, all that stuff is important, but what's really important is the services that you run on top of that, 'cause that's the outcomes that our customers are looking at. >> Should we expect you to be accelerating? I mean, look at what you did with Azure. You look at what AWS does in terms of the feature acceleration. Should we expect HPE to replicate? Maybe not to that scale, but in a similar cadence, we're starting to see that. Should we expect that actually to go faster? >> I think you couched it really well because it's not as much about the quantity, but the quality and the uses. And so what we've been trying to do is say, hey, what is our swim lane? What is our sweet spot? Where do we have a superpower? And where are the areas that we have that superpower and how can we bring those solutions to our customers? 'Cause I think, sometimes, you get over your skis a bit, trying to do too much, or people get caught up in the big numbers, versus the, hey, what's the real meat behind it. What's the tangible outcome that we can deliver to customers? And we see just a massive TAM. I want to say my last analysis was around $42 billion in the next three years, TAM and the Azure service on-prem space. And so we think that there's nothing but upside with the core set of workloads, the core set of solutions and the cloud services that we bring. So yeah, we'll continue to innovate, absolutely, amen, but we're not in a, hey we got to get to 250 this and 300 that, we want to keep it as focused as we can. >> Well, the vast majority of the revenue in the public cloud is still compute. I mean, not withstanding, Microsoft obviously does a lot in SaaS, but I'm talking about the infrastructure and service. Still, well, I would say over 50%. And so there's a lot of the services that don't make any revenue and there's that long tail, if I hear your strategy, you're not necessarily going after that. You're focusing on the quality of those high value services and let the ecosystem sort of bring in the rest. >> This is where I think the, I mean, I love that you guys are asking me about the ecosystem because this is where their sweet spot is. They're the experts on hyper-converged or databases, a service or VDI, or even with SAP, like they're the experts on that piece of it. So we're enabling that together to our customers. And so I don't want to give you the impression that we're not going to innovate. Amen. We absolutely are, but we want to keep it within that, that again, our swim lane, where we can really add true value based on our expertise and our capabilities so that we can confidently go to customers and say, hey, this is a solution that's going to deliver this business value or this capability for you. >> The partners might be more comfortable with that than, we only have one eye sleep with one eye open in the public cloud, like, okay, what are they going to, which value of mine are they grab next? >> You're spot on. And again, this is where I think, the power of what an Edge to cloud platform like HPE GreenLake can do for our customers, because it is that sort of, I mentioned it, one plus one equals three kind of scenario for our customers so. >> So we can leave your customers, last question, Keith. I know we're only on day one of the main summit, the partner growth summit was yesterday. What's the feedback been from the customers and the ecosystem in terms of validating the direction that HPE is going? >> Well, I think the fantastic thing has been to hear from our customers. So I mentioned in my keynote recently, we had Liberty Mutual and we had Texas Children's Hospital, and they're implementing HPE GreenLake in a variety of different ways, from a private cloud standpoint to a data center consolidation. They're seeing sustainability goals happen on top of that. They're seeing us take on management for them so they can take their limited resources and go focus them on innovation and value added scenarios. So the flexibility and cost that we're providing, and it's just fantastic to hear this come to life in a real customer scenario because what Texas Children is trying to do is improve patient care for women and children like who can argue with that. >> Nobody. >> So, yeah. It's great. >> Awesome. Keith, thank you so much for joining Dave and me on the program, talking about all of the momentum with HPE Greenlake. >> Always. >> You can't walk in here without feeling the momentum. We appreciate your insights and your time. >> Always. Thank you you for the time. Yeah. Great to see you as well. >> Likewise. >> Thanks. >> For Keith White and Dave Vellante, I'm Lisa Martin. You're watching theCube live, day one coverage from the show floor at HPE Discover '22. We'll be right back with our next guest. (gentle music)

>> Announcer: From Boston, Massachusetts it's The Cube. Covering AWS re:Inforce 2019. Brought to you by Amazon Web Services and it's ecosystem partners. >> Hey, welcome back everyone. This is The Cube's live coverage of AWS re:Inforce in Boston, Massachusetts. I'm John Furrier with Dave Vallante. This is re:Inforce. This is the inaugural conference for AWS on the security and Cloud security market. A new category being formed from an events standpoint around Cloud security. Our next guest is Cube alumni guest analyst Corey Quinn, and Cloud Economist with the Duckbill Group. Good to see you again. Great to have you on. Love to have you come back, because you're out in the hallways. You're out getting all the data and bringing it back and reporting. But this event, unlike the other ones, you had great commentary and analysis on. You were mentioned onstage during the Keynote from Stephen Smith. Congratulations. >> Thank you. I'm still not quite sure who is getting fired over that one, but somehow it happened, and I didn't know it was coming. It was incredibly flattering to have that happen, but it was first "Huh, awesome, he knows who I am." Followed quickly by "Oh dear, he knows who I am." And it, at this point, I'm not quite sure what to make of that. We'll see. >> It's good news, it's good business. All press is good press as they say, but let's get down to it. Obviously, it's a security conference. This is the inaugural event. We always love to go to inaugural events because, in case there's no second event, we were there - >> Corey: Oh yes >> for one event. So, that's always the case. >> Corey: Been there since the beginning is often great bragging rights. And if there isn't a second one, well, you don't need to bring it up ever again. So, they've already announced there's another one coming to Houston next year. So that'll be entertaining. >> So a lot of people were saying to us re:Inforce security event, some skepticism, some bullish on the sector. obviously, Cloud is hot. But the commentary was, oh, no one's really going to be there. It's going to be more of an educational event. So, yeah, it's more of an educational event for sure. That they're talking about stuff that they can't have time to do and reinvent. But there's a lot of investment going on there. There are players here from the companies. McAfee, you name the big name companies here, they're sending real people. A lot of biz dev folks trying to understand how to build up the sector. A lot of technical technologists here, as well. Digging in to some of the deep conversations. Do you agree? What's your thoughts of the event? >> I'm surprised, I was expecting this to be a whole bunch of people trying to sell things to other people, who were trying to sell them things in return, and it's not. There are, there are people who are using the Cloud for interesting things walking around. And that's fantastic. One thing that's always struck me as being sort of strange, and why I guess I feel sort of spiritually aligned here if nothing else. Is cost and security are always going to be trailing functions. No company is excited to invest in those things, until immediately after they really should have been investing in those things and weren't. So with time to market, velocity are always going to be something much valuable and important to any company strategically. But, we're seeing people start to get ahead of the curve in some ways. And that's, it's refreshing and frankly surprising. >> What is the top story in your mind? Top three stories coming out of re:Inforce. From industry standpoint, or from a product standpoint, that you think need to be told or amplified, or not being told, be told? >> Well there's been the stuff that we've seen on the stage and that's terrific. And, I think that you've probably rehashed those a fair bit with other guests. For me, what I'm seeing, the story that resonates as I walk around the Expo Hall here. Is we're seeing a bunch of companies that have deep roots in data centered environments. And now they're trying to come up with stories that resonate with Cloud. And if they don't, this is a transformational moment. They're going to effectively, likely find themselves in decline. But, they're not differentiating themselves from one another particularly well. There are a few very key things that we're seeing people operate within. Such as, with the new port mirroring stuff coming out of NVPC Traffics. You're right. You have a bunch of companies that are able to consume those, or flow logs. If you want to go back in time a little bit, and spit out analysis on this. But you're not seeing a lot of differentiation around this. Or, Hey we'll take all your security events and spit out the useful things. Okay, that is valuable, and you need to be able to do that. How many vendors do you need in one company doing the exact same thing? >> You know, we had a lot of sites CSO's on here and practitioners. And one of the comments on that point is Yeah, he's like, "Look I don't need more alerts." "I need things fixed." "Don't just tell me what's going on, fix it." So the automation story is also a pretty big one. The VCP traffic mirror, I think, is going to be just great for analytics. Great for just for getting that data out. But what does it actually impact In the automation piece? And the, okay there's an alert. Pay attention to it or ignore it. Or fix it. Seems to be kind of the next level conversation. Your thoughts around that piece. >> I think that as we take a look at the space and we see companies continuing to look at things like auto remediation. Automation's terrific, until the first time it does something you didn't want it to do and takes something down. At which point no one trusts it ever again. And that becomes something hard to tend to. I also think we're starting to see a bit of a new chapter as alliance with this from AWS and it's relationship with partners. I mean historically you would look at re:Invent, and you're sitting in the Expo Hall and watching the keynote. And it feels like it's AWS Red Wedding. Where, you're trying to see who's about to get killed by a feature that just comes out. And now were seeing that they've largely left aspects of the security space alone. They've had VPC flow logs for a long time, but sorting through those yourself was always like straining raw sewage with your teeth. You had to find a partner solution or build something yourself out of open source tooling from spit and duct tape. There's never been a great tool there. And it almost feels like they're leaving that area, for example, alone. And leaving that as an area rife for partners. Now how do you partner with something like AWS? That's a hard question to answer. >> So one of the other things we've heard from practitioners is they don't want incrementalism. They're kind of sick of that. They want step functions, that do as John said, remediate. >> Corey: Yeah. So, like you say, you called it the Red Wedding at the main stage. What does a partner have to do to stay viable in this ecosystem? >> Historically, the answer to that has always been to continue innovating ahead of the bow wave of AWS's own innovation. The problem is you see that slide that they put on in every event, that everyone who doesn't work at AWS sees. That shows the geometric increase in number of feature and service releases. And we all feel this sinking sensation of not even the partner side. But, they're releasing so much that I know some of that is going to fix things for my company, but I'll never hear it. Because it's drowned in the sheer volume of what they're releasing. AWS is rapidly increasing their pace of innovation to the point where companies that are not able to at least match that are going to be in for a bad time. As they find themselves outpaced by the vendor they're partnering with. >> And you heard Liberty Mutual say their number one challenge was actually the pace of Cloud. Being able to absorb all these new features >> Yes. >> And so, you mentioned the partner ecosystem. I mean, so it's not just the partners. It's the customers as well. That bow is coming faster than they can move. >> Absolutely. I can sit here now and talk very convincingly about services that don't exist. And not get called out on them by an AWS employee who happens to be sitting here. Because no one person can have all of this in their head anymore. It's outpaced most people's ability to wrap their heads around that and contextualize it. So people specialize, people focus. And, I think, to some extent that might be an aspect of why we're seeing re:Inforce as its own conference. >> So we talked a lot of CSO's this trip. >> Yeah. >> John: A lot of one on ones. We had some interviews. Some private meetings. I'm going to read you a list of key areas that they brought up as concern. I want to get you're reaction to. >> Sure. >> You pick the ones out you think are very relevant. >> Sure. >> Speedily, very fast. Vendor lock in. Spend. >> Not concerned. Yep. Security Native. >> Yeah. >> Service provider supplier relationship. Metrics, cloud securities, different integration, identity, automation, work force talent, coding security, and the human equation. There were all kind of key areas that seemed to glob and be categorically formed. Your thoughts to those. Which ones do you think jump out as criticalities on the market? >> Sure. I think right now people talking about lock in are basically wasting their time and spinning their wheels. If you, for example, you go with two cloud providers because you don't want to be locked into one. Well now there's a rife partner ecosystem. Because translating things like IAM into another provider's environment is completely foreign. You have to build an entire new security model on top of things in order to do that effectively. That's great. In security we're seeing less of an aversion to lock in than we are in other aspects of the business. And I think that is probably the right answer. Again, I'm not partisan in this battle. If someone wants to go with a different Cloud provider than AWS, great! Awesome! Make them pick the one that makes sense for your business. I don't think that it necessarily matters. But pick one. And go all in on that. >> Well this came up to in a couple of ways. One was, the general consensus was, who doesn't like multi Cloud? If you can seamlessly move stuff between Clouds. Without having to do the modification on all this code that has to be developed. >> Who wouldn't love that? But the reality is, doesn't exist. >> Corey : Well. To your point, this came up again, is that workplace, workforce talent is on CSO said "I'm with AWS." "I have a little bit of Google. I could probably go Azure." "Maybe I bought a company with dealing some stuff over there." "But for the most part all of my talent is peaked on AWS." "Why would I want to have three separate security teams peaking on different things? When I want everyone on our stack." They're building their own stacks. Then outsourcing or using suppliers where it supports it. >> Sure. >> But the focus of building their own stacks. Their own security. Coding up was critical. And having a split competency on code bases just to make it multi, was a non starter. >> And I think multi Cloud has been a symptom. I mean, it's more than a strategy. I think it's in a large part a somewhat desperate attempt by a number of vendors who don't have their own Cloud. To say Hey, you need to have a multi Cloud strategy. But, multi Cloud has been really an outcome of multiple projects. As you say, MNA. Horses for courses. Lines of business. So my question is, I think you just answered it. Multi Cloud is more complex, less secure, and probably more costly. But is it a viable strategy for things other than lock in? >> To a point. There are stories about durability. There's business reasons. If you have a customer who does not want their data living one one particular Cloud provider. Those are strategic reasons to get away from it. And to be clear, I would love the exact same thing that you just mentioned. Where I could take what I've built and run that seamlessly on other providers. But I don't just want that to be a pile of VM's and maybe some disc. I want those to be the higher level services that take care of massive amounts of my business for me. And I want to flow those seamlessly between providers. And there's just no story around that for anything reasonable or modern. >> And history would say there won't really ever be. Without some kind of open source movement to - >> Oh yes. A more honest reading of some of the other cloud providers that are talking about multi cloud extensively translates that through a slight filter. To, we believe you should look into Multi Cloud. Because if you're going all in on a single provider there is no way in the world it's going to be us. And that's sort of a challenge. If you take a look at a number of companies out here. If someone goes all in on one provider they will not have much, if anything, to sell them of differentiated value. And that becomes the larger fixture challenge for an awful lot of companies. And I empathize with that, I really do. >> Amazon started to do a lot of channel development. Obviously their emphasis on helping people make some cash. Obviously their vendors are, ecosystems a fray. Always a fray. So sheer responsibility at one level is, well we only have one security model. We do stuff and you do stuff. So obviously it's inherently shared. So I think that's really not a surprise for me. The issue is how to get successful monetization in the ecosystem. Clearly defining lines of, rules of engagement, around where the white spaces are. And where the differentiation can occur. Your thoughts on how that plays out. >> Yeah. And that's a great question. Because I don't think you're ever going to get someone from Amazon sitting in a room. And saying Okay, if you build a tool that does this, we're never, ever, ever going to build a thing that does that. They just launched a service at re:Invent that talks to satellites in orbit. If they're going to build that, I don't, there's nothing that I will say they're never going to get involved with. Their product strategy, from the outside, feels like it's a post it note that says Yes on it. And how do you wind up successfully building and scaling a business around that? I don't have a clue. >> Eddie Jafse's on the record here in The Cube and privately with me on my reporting. Saying never say never. >> Never say never. >> We'll never say never. So that is actually an explicit >> Take him at his word on that one. >> Right. And I'm an independent consultant. Where my first language is sarcasm. So, I basically make fun of AWS in the newsletter and podcast. And that seems to go reasonably well. But, I'm never going to say that they're not going to move into self deprecation as a business model. Look at some of their service names. They're clearly starting to make inroads in that space. So, I have to keep innovating ahead of that bow wave. And for now, okay. I can't fathom trying to build a business model with a 300 person company and being able to continue to innovate at that pace. And avoid the rapid shifts as AWS explores on new offers. >> And I what I like about why, well, we were always kind of goofing on AWS. But we're fanboys as well, as you know. But what I love about AWS is that they give the opportunity for their partners. They give them plenty of head's up. It's pretty much the rules of engagement is never say never. But if they're not differentiating, that's their job. >> Corey: Yeah. >> Their job is to be better. Now one thing Amazon does say is Hey we might have a competing service, but we're always going to favor the customer. So, the partner. If a customer wants an Amazon Cloud trail. They want Cloud trail for a great example. There's been requests for that. So why wouldn't they do it? But they also recognize it's bus - people in the ecosystem that do similar things. >> Corey: Yeah. >> And they are not going to actively try to put them out of business, per se. >> Oh yeah! One company that's done fantastically well partnering with everyone is PagerDuty. And even if AWS were to announce a service that wakes you up in the middle of the night when something breaks. It's great. Awesome. How about you update your status page in a timely fashion first? Then talk about me depending on the infrastructure that you run to tell me when the infrastructure that you run is now degraded? The idea of being able to take some function like that and outsource worked well enough for them to go public. >> So where are the safe points in the ecosystem? So obviously a partner that has a strong on-prem presence that Amazon wants to get access to. >> That's a short term, or maybe even a mid term strategy. Okay. Professional services. If you're Accenture, and Ernie Young, and Deloitte, PWC, you're probably okay. Because that's not a business that Amazon really wants to be in. Now they might want to, they might want to automate as much to that as possible. But the world's going to do that anyway. But, what's your take where it's safe? >> I would also add cost optimization to that. Not from a basis of technical capability. And I think that their current tooling is disappointing. I'd argue that cost explorer and the rest of their billing situation is the asterisk next to customer obsession if we're being perfectly honest. But there's always going to be some value in an external party coming in from that space. And what form that takes is going to change. But, it is not very defensible internally to say our Cloud spend is optimized, because the vendor we're writing those large checks to tells us it is. There's always going to be a need for some third-party validation. And whether that can come through software? >> How big is that business? >> It's a great question. Right now, we're seeing that people are spending over 30 billion dollars a year on AWS and climbing. One thing we can say with a certainty in almost every case is that people's Cloud bills are not getting smaller month over month. >> Yep. >> So, it's a growing market. It's one that people feel incredibly acutely. And when you get a few drinks into people and they start complaining about various aspects of Cloud, one of the first most common points that comes up is the bill. Not that it's too high, but that it is inscrutable. >> And so, just to do a back of napkin tam, how much optimization potential is there? Is it a ten percent factor? More? >> It depends on the level of effort you're willing to invest. I mean, there's a story for almost environments where you can save 70% on your Cloud bill. All you have to do is spend 18 months of rewriting everything to use serverless primitives. Six of those months you'll be hard down across the board. And then, wait where did everyone go? Because no one's going to do that. >> Dave: You might be out of business. So it's always a question of effort spent doing optimization, versus improving features, speeding time to market and delivering something that will generate for more revenue. The theoretical upside of cost optimization is 100% of your Cloud bill. Launching the right service or product can bring in multiples of that in revenue. >> I think my theory on differentiation, Dave, is that I think Amazon is basically saying in so many words, not directly. But it's my interpretation. Hold on to the rocket ship of AWS as long as you can. And if you can get stable, hold on. If you fall off that's just your fault, right? So, what that means is, to me, move up the stack. So Amazon is clearly going to continue to grow and create scale. So the benefits to the companies create a value proposition that can extract rents out of the marketplace from value that they create on the Amazon growth. Which means, they got to lock step with Amazon on growth. And cost leap, pivot up to where there's space. And Amazon is just a steam roller that will come in. The rocket ship that's going so fast. Whatever metaphor. And so people who just say We made a deal with Amazon, we're in. And then kind of sit idle. Will probably end up getting spun off. I mean, cause it's like they fall off and Amazon will be like All right so we did that. You differentiate enough, you didn't innovate enough. But, they're going to give everyone the opportunity to take a place with the growth. So the strategy, management wise, is just constantly push the envelope. >> So that's implicit in the Amazon posture. What's explicit in Amazon's posture is build applications on our platform. And you should be okay. You know? For a while. >> Yeah. And again, I think that a lot of engineers get stuck in a trap of building something and spending all their time making their code quality as best as possible. But, that's not going to lead to a business outcome one way or another. We see stories of companies hitting success with a tire fire of an infrastructure all the time. Twitter used to display massive downtime until they were large enough to justify the time and expense of a massive rewrite. And now Twitter is effectively up all the time. Whether that's good or not is a separate argument. But, they're there. So there's always going to be time to fix things. >> Well the Twitter example is a great example. Because they built it on rails. >> Yes. >> And they put it on Amazon Cloud. It was just kind of a hack, and then all of the sudden Boom, people loved it. And then, that's to me, the benefit of Cloud. One you get the scape velocity, the investment to start Twitter was fairly low, given what the success was. And then they had to rewrite, because the scale was bursting up. That's called prototyping. >> Oh yeah. >> That's what enterprises have to do. This is the theme of, agile. Get started as a theme, just dig in. Do a hack up font. But don't get confuse that with scale. That's where the rubber meets the road. >> Right and the, Oh Cloud isn't for us because we're an exception case. There are very few companies for whom that statement is true in the modern era. And, do an honest analysis first, before deciding we're going to build our own data centers because we can do it for cheaper. If you're Dropbox, putting storage in, great. Otherwise you're going to end up in this story where Oh, well, we have 20 instances now, so we can do this cheaper in Iraq somewhere. I will bet you a house you're wrong. But okay. >> Yeah. People are telling me that. Okay final question for you. As you've wandered around and been in the sessions, been in the analyst thing. What are some slice of life commentary stories you've bumped into that you found either funny, clever, insulting, or humorous? What's out on the floor? What are some of the conversations? >> One of the best ones was a company I'm not going to name, but the story they told was fantastic. They have, they're primarily on Azure. But they also have a strong secondary presence with AWS, and that's fascinating to me. How does that work internally? It turns out their cloud of choice is Azure. And they have to mandate that with guardrails in place. Because if you give developers a choice they will all go and build on AWS instead. Which is fascinating. And there are business reasons behind why they're doing what they're doing. But that story was just very humorous. I can't confirm or deny whether it was true or not. Because it was someone with way too much to drink telling an awesome story. But the idea of having to forcibly drag your developers away from a thing in a favor of another thing? >> That's like being at a bad party. It's like Oh, the better party is over there. All my friends are over there. >> But they have a commitment to Microsoft software estate. So, that's likely why they're. >> They just deal with Microsoft. >> And I'm not saying this is necessarily the wrong approach. I just find it funny. >> Might be the right business decision, but when you ask the developers, we see that all the time, John. >> All the time. I mean I had a developer one time come to me and start, he like "Look, we thought it would be great to build on Azure. We were actually being paid. They were writing checks to incent us. And I had a revolt. Engineers were revolting. Because the reverse proxies as there was cobbled together services. And they weren't clean native services and primitives. So the engineers were revolting. So they, we had to turn down the cash from Microsoft and go back to Amazon." >> Azure is much better now, but they have to outrun that legacy shadow of at first, it wasn't great. And people try something once, "That was terrible!" Well would you like to try it again now? "Why would I do that? It was terrible!" And it takes time to overcome that knee-jerk reaction. >> Well, but to your point about the business decision. It might make business sense to do that with Microsoft. It's maybe a little bit more predictable than Amazon is as a partner. >> Oh the way to optimize your bill on another Cloud provider that isn't AWS these days is to call up your account rep and yell at them. They're willing to buy business in most cases. That's not specific to any one provider. That's most of them. It's challenging to optimize free, so we don't see the same level of expensive bill problems in most companies there as well. >> Well the good news is on Microsoft, and I was a really big critic of Azure going back a few years ago. Is that they absolutely have changed their philosophy going back, I'd say two, three years ago. In the past two years, particular 24 months, they really have been cranking. They've been pedaling as fast as they can. They're serious. There's commitment from the top. And then they tell us, so there's no doubt. They're doing it also with the Kubernetes. What they're seeing, as they're doing is phenomenal. So... >> Great developer jobs at Microsoft. >> They're in for the long game. They're not going to be a fad. No doubt about it. >> No. And we're not going to see for example the Verizon public Cloud the HP public Cloud. Both of which were turned off. The ones that we're seeing today are largely going to be to stay of the big three. Big four if we include Alibaba. And it's, I'm not worried about the long term viability of any of them. It's just finding their niche, finding their market. >> Yeah, finding their lanes. Cory. Great to have you on. Good to hear some of those stories. Thanks for the commentary. >> Thank you. >> As always great guest analyst Cube alumni, friend, analyst, Cory Quinn here in the Cube. Bringing all the top action from AWS re:Inforce. Their first inaugural security conference around Cloud security. And Cube's initiation of security coverage continues, after this break. (upbeat electronic music)

>> live from Boston, Massachusetts. It's the Cube covering A W s reinforce 2019 brought to you by Amazon Web service is and its ecosystem partners. >> Welcome back to the cubes. Live coverage here in Boston, Massachusetts, for AWS reinforce Amazon web services. First inaugural conference around Cloud Security. I'm John for your Michael's Day. Volante, our next Katie Jenkins s V P. C. Vice President. See? So, Chief Information Security officer with Liberty Mutual Big Company, Lot of activity insurance. Lot of probably a lot of action on your side. Welcome to the Cube. Thanks. Thanks for coming on. So you've been in this job for about a year. Tell us about what's going on in Libya. Means you guys have a large company. 100 plus years old. You're see. So you're in charge. You're running everything. We're gonna security conference. Tell us the reality. What's going on in the real world? >> Yeah, well, this is super exciting. That reinforce, of course, is in Boston. This is Liberty Mutual's hometown assed. You mentioned 107 year old security, not security company >> insurance company. But we're >> doing really cool things in technology and security. Specifically, um, I would say to kind of bring this gathering together. We have a really rich pool of security talent of security and innovators. It really matches up with what what we're doing. So Liberty Mutual has made a very significant commitment to moving to the public cloud for our technology and computing needs. We're in about your three of that journey, maybe 25% of our workload in the public cloud. It's really been a catalyst for not just transforming our technology organisation but transforming the way security does its work in the way security engages with our development community. >> While you're the head honchos, they say there's a C so but you had 20 plus years in cyber security. This is now kind of a new category with reinforced being a branded show over AWS. I see this deserves its own conversation, and industry is a lot of action going on. What is cloud security mean to you? Because this is the focus of this show. It's not just pure clouds, a lot on premise and on cloud interactions with hybrid etcetera. You guys have been doing tons of I t over the generations with Liberty Mutual, but cloud security is the focus. What does that mean? Thio to? You guys have a cyber security standpoint? >> Yeah, um, in a word. Enablement, um, I think that the public cloud offers us, um, really interesting opportunity to reinvent security. Right? So if you think about all of the technologies and processes and many of which were manual over the years, I think we have an opportunity to leverage automation to make our work easier in some ways to to, um, avoid the situation where we have air oversight. Gosh, we encrypted everything, but you know, this set of assets over here, So through using automation and enforcement, it's a new, exciting opportunity to further develop our security capabilities. But also, you know, cloud security at cloud in general has bred a transformation of the way that are practitioners do work through agile. And it means that security has toe no work with our technologists in a different way. >> So you've had a really interesting background. Um you work for a company that does audits. I can infer from that. You've worked for service is company. You work for a technology vendor. You worked as a practitioner. So you've seen it all sides and you know Amazon. It made some comments yesterday that said, Look, the narrative in the security industry has always been fear, fear, fear. And we'd like to put forth forth the narrative. That is about Listen, the state of security is really good and strong. The union is strong and we're gonna work together in a positive message. So my question is, are you an optimist? >> Ah, a reluctant activist. Um, I think the days of having security be something that's fearful, uh are just not not doing us any any any justice in that area. I mean, security is an area of partnership. There's very little of what we do. Insecurity. It's just done by security practitioners. We need asset managers. We need compliance people. We need the privacy team. We need our auditors way. Need procurement. I mean, there's just so many different parties involved in security that if we're just instilling fear and everyone, I think it'll be difficult for us tow. Get that partnership and we need Thio. Empower people, right. We need Thio. Both empower our developers to do their work in a secure manner and we have to empower our whole workforce and our trusted third parties to make good decisions. We're educating them on how to prevent phishing attacks were doing all sorts of kind of culture based initiatives, recognizing that if it's just the security folks doing security, we're gonna have a big gap. >> One of the things that we were discussing a lot of other C. So So we've been talking privately. Off the record in the hallways and private briefings is the common theme of integration as a big part of dealing with ecosystem, either suppliers and or different teams within their different pillars of how they're organized internally and externally, and then also reducing the number of security vendors that they've been buying products from to get some also in house coding, teams working more closely on the use cases that matter. So this has become kind of ah, see, So a conversation where what? What is that criteria? How do you figure out who to have a suppliers who's gonna be around for the long haul? We're gonna be that a partnership for the enablement. So rather than having hundreds of vendors, we want to get him down to a handful. Is that something that you think about or is it a trend that you see it's happening now? >> Uh, it is a trend. I think it starts at how we even procure in select our suppliers. I mean, we're really giving a lot of thought to the area of third party risk management. And do we understand not just the elements of cyber risk and engaging with 1/3 party? But but privacy and continuity kind of risk, too. So it starts there. I don't have a sort of fabricated number in terms of I'm trying to go from X number of vendors down toe Why? But I think that there's a very purposeful thought process that we're undergoing to say, Yeah, we recognize and for certain technologies, we want to have different providers to provide some of that redundancy. Let's be smart about them. Let's make sure we really understand where those overlapping capabilities are because we don't want to be wasteful either. Right >> on the span, the question comes up to around Devil's because what we're seeing is the devil ops and security paradigms kind of coming together in terms of the concepts agility. You could do some prototyping, a hackathon do some things and then ultimately trying to get into production or two different animals. So that enablement of doing innovative things, his agility, that that's been a key theme, a positive theme. And the question is, is there a funding model? Doesn't automatically get security funding. And where's the spin that you're spending going up? So all the monetary spend questions come up. >> How do you >> deal with that ballistically? And how do you think about, you know, spend conversation? >> Yeah, um, >> it's a really interesting one, because, of course, expense >> pressures. I'm not immune to those. But I >> also think that we're in a position where, um, our executive leadership team understands the value of the work that we're doing understands the important to our policy holders. So it's less often a need to justify why we need more spend. It's a demonstration of using that spend responsibly and understanding where we might have an uplift from something that we automated to say. Well, now we have these resource is that could be doing something else. >> There's >> always something else and security, right? So if we're committed to re Skilling and making sure that people are evolving the work that they do in the talents that they have to adjust a different kind of >> no rule of thumb per se. It's more of your management recognizes the criticality of it. Therefore, you could make those calls on your own building built in building, >> project tough questions and making >> responsible decisions. But I think it comes down and knowing your technology, >> so the skills gap, obviously a huge challenge in your industry would talk to somebody else, they said. We just can't find people, so we have to bring him in and train them ourselves. We have the homegrown and take the long view. Amazon talks about the shared responsibility model, and a lot of small companies don't really understand that things misunderstood. Obviously, Liberty Mutual gets it. My question is, as you see Amazon focusing on compute in the storage and data base layer, and you guys have the opportunity to focus on other areas that are your responsibility that shared responsibility model. Have you been able to shift? Resource is how have you handled that you retrain people? Has it freed up, not freed up time to do some of those more strategic things that you want to do maybe respond more quickly. Prioritized, better automate, etcetera, etcetera. Can you talk about that from your perspective? >> Yeah. So the shared responsibility model is, uh, you know, I think that's video unimportant speaking point of this whole ecosystem. At the end of the day, Liberty Mutual. Our duty is to protect policyholder data. It doesn't matter. It's in the cloud. If it's in our data, Southers, we have that duty. It's >> on you. >> So I think a lot about the skills that we will need in the future. So I've referenced sort of vaguely that yet. Compliance area is a particularly interesting area where we have opportunities to able to more easily Bingley produced artifacts on our auditors need to really bring automation to a process that just has a very steep history and being manual in nature. So, yeah, I understand that tomorrow we're not gonna ask everyone to make a big switch and I'll become developers. But way do you know plenty of people to this conference and they are participating in the tracks on how to bring of automation to compliance. And I think that's pretty heavily in training opportunities for people. >> How do you look about the vendor lock in conversation because of cloud. The value proposition certainly shifts in the old model was, Oh, you by event supplier and you're in, You're locked in with database or whatever with Cloud. There's a lot of switching costs, opportunities to move around. But people generally settling in on one main cloud and having this may be a hybrid backup cloud or the cloud is the secondary is the focus of the team's How do you view, um, lock And when you deal with suppliers because you don't want to be stuck with once a fire? If you have the need to be agile, you want to have options. How do you guys think about that? Because being in agility is key for you guys to be successful. Not someone's just dealing with the vendors. >> Um, >> it does come down to balance. We do leverage multiple cloud providers, right? I think that, um, if we're too focused on making sure that we have that portability, and we could quickly move from one to another than we miss an opportunity to kind of deeply leverage. Some of the service is, for example, that the eight of us provides, but we also, you know, you've been around the block of >> your first rodeo. Exactly. >> And I think that it's important to have that perspective and prepare for the future. >> Do you, um, attend board meetings regularly? >> I do. I do for sent out to our board of directors. >> Is that a sort of frequent thing? And once a year, once 1/4 of interested in what the board conversation is like with >> it happens in a couple different context, whether it's specific to sort of an audit readout or sort of a general state of State of Security type A report out. But yeah, we have a really engaged board that asked great questions about our partners, right about things that are more culture base in terms of how we're doing with our anti phishing protection. And we talk about technology architectures, too, in the work that we're doing to make sure that we're being more fine grain in the way that we're authenticating users and devices, no matter where they work in a more secure way. They're they're interested in that. So I feel pretty lucky. Thio both have the opportunity and get deeply. Would >> you say the conversation is more of a strategic nature with the board. Is it more tactic? You just mentioned some tactical items. Is it more metrics driven or a sort of a combination of all three? >> It's a It's a combination right? I think they want to see demonstrated progress against areas that we have self identified Azarias that we'd like to prove improve. But they're also looking to see that I have a vision for where we're going to fully cognizant of the work that we've done in the public cloud and want to understand that the level of trust and they had in their security programme on premise will perpetuate and advance into the cloud. So >> when you look at clouds, security and now security, you guys have you had a perspective on full sides and clouds certainly accelerating involving fast when you find a legacy app that you're working with. We've heard other seasons. We've talked us who have had frank conversations, that look, we're deciding whether we lift and shifted more rebuild on. So there's been some visibility into when it's great to have lifted shifts and when it's great to rebuild. So that's been a conversation that I don't think been fully baked out yet. In the full narrative in the industry, it's one people are talking about. What's your view on when you have a legacy app, you want a lift and shifted or rebuild it? What goes through your mind? What's a conversation like? >> It's a conversation that we have. We have legacy. I won't hide behind behind that. But it's not a conversation in a decision that's just made by technologists, right? I think we have to articulate what the options are, and that has to be a joint decision with our business partners. I think generally I'm not preferring a lift and shift because I think that we are may be overlooking some of the opportunities to make similar security improvements that I see. But when we can get an application that's using our software development pipelines that we have embedded security controls, we have better visibility. We have better enforcement, ensuring what we know that we know what's going into. The cloud has met, you know, a number of our security standards, so to speak, that's a much better position. >> So the destruction of multiple clouds I'm interested in how you handle that you take separate teams is the same team, sort of handling everything, and it's sort of a follow up on that is I'm interested in your relationship with AWS and how that's affected your business. >> Yeah, so the security team does not. Oh, the cloud environment, so to speak. That's that's, Ah Secure Dev Ops team within our infrastructure organization. And they're very close partner of ours, right? So, yes, I do have a resource. Is that our specialist in AWS versus other clouds and others that are identity and access management specialists are able to work on the development of those patterns across different cloud environments. Right. You know, I there's nothing bad that I could say about the relationship with our AWS partners that we felt very supported and understanding what we're trying to do introduce us to new service is and introduced it probably most importantly, introducing us to other customers that have but you know, are a little bit ahead of us in their journey. So weaken, hopefully not repeat, >> not helping you with security pieces. Well, I'm that's something that they with shared responsibility there are there working with you on this securing those workloads as you move. Glad >> be Definitely leverage their expertise. >> And you mentioned that you guys kind of made a decision a few years ago. Toe go all in on the cloud. How has that affected your business? What kind of results have you seen? A zit met expectations. Is it exceeded? You know, I >> mean, is I mentioned we do still have, Ah, a lot of a lot of our technology on premise, but for the use cases that have really seen that rapid acceleration of agile practices allowed teams to develop code so much more quickly. I think the business is generally delighted that their needs are being far more quickly met. Then >> I could ask you, there's a perpetual line in the men's room. It's quite long. So what's it like to be long? And the lady I was going to say? I don't think it is because I would say the proportion of women here is actually lower than even the industry and most conferences that we attend. So what's it like being a woman in this male dominated security business? >> I been in it so on, but I certainly have. You're in a little bit of custom toe, but not so accustomed that I'm not motivated on a daily basis to bring more women in. I think that security just has tremendous opportunities and, you know, certainly the marketing of security professionals is hoody wearing white male kind of persona. Just >> their opportunity. What some of those opportunities for women who are stem science, they might your daughters all stem love public policy, the sociology impact side. The impact that's here is a lot of range of skills. What are some of those that you would inspire someone >> I studied? Math is an undergrad. We didn't have security >> back then and since got a Masters >> degree in cyber security. So that's cool. But, you know, I think a great security professional is a great communicator, a great collaborator. I need technologists. I need developers. I need process experts. I need people that think you know very deeply about assurance type control so way have tried to attract people out of other technology round. >> And it's just not just math and computer science is creativity involved. There's a lot of things that that blend sells all kinds of diversity. >> There is, you know, you think about human psychology, right? We just totally transformed one of the systems that we use for approving for managers to approve the access of their people. Right Past system was ugly. People didn't know how to interact with it. I mean, that user experience expertise that over laid and how we developed our new platform just makes all the difference to make sure that it's actually invaluable process. Now, like I'm so frustrated. I'm just gonna sign off on this because I I give up >> really interesting because you spend a lot of time and effort and money on things that drive revenue. But this drives so much productivity in business value that, you know he's not maybe direct dollars, but clearly there. I have a question. When you recruit people, presumably you tap your network. And it's not just the good old boys network your women. Are you able to successfully find women or young women in particular that you can attract and recruit into your business as security practitioners? They had much success there. >> Yeah, so we definitely are outpacing industry numbers in terms of women and security. We have a long way to go, you know, historically excluded people right? Not just women people of color. I mean, we just have a long ways to go, right. And I think it takes more than sitting back and waiting for a recruiter to bring recruiter to bring me a slate of candidates to say no. I know people. I know people that know people. And I really have toe invest myself and make sure that my leaders know that that's my expectation of them, right? I mean, I think that way feel that diversity of thought, no matter how that diversity is expressed, is really important doing the work. >> Let us know how we could help in Silicon Valley days here in Boston as well. Love help get the word out. So anything you need for muscle now. Okay. Thanks so much for his great insights. Love to have you on the cube again sometime. Thanks. Coming on S V p. C. So at Liberty Mutual here in the cube, extracting the signal, sharing the reality of what's going on in the security equation for cloud security. I'm John for Dave. A lot. Right back after this short break