>>Ly from San Diego, California at the cube covering to clock in cloud native con brought to you by red hat, the cloud native computing foundation and its ecosystem Marsh. >>Welcome back. This is the cube live coverage three days wall to wall coverage of CubeCon cloud native con in San Diego. I'm Stu Miniman. My cohost for these three days is John Troyer. And welcome to the program. First of all, from the keynote stage, Heather Kirksey, who is the vice president of community and ecosystem development with the Linux foundation for CNCF part of Linux foundation and from some of the technology behind the scenes joining her, Sandy Pennys are the SVP of strategic engagement at attorney. Thank you so much for joining us. Right. So Heather, this was a really cool demo with a lot of things going beyond the scene. Uh, if people actually go watch an interview we did yesterday, uh, with, uh, the people at red hat talk about, uh, it's a good thing. It was cloud native because there was a brownout cower was lost, had to rebuild the entire thing. Um, and everybody up on stage, you know, the next day, didn't know anything the wiser. So, uh, you know, really cool pot on stage. Uh, you know, talking about 5g global engagement, China mobile, uh, other banks. I like, um, I'm sorry, other mobile providers, uh, like from Canada and from Europe involved in this. Um, give us a little bit of the, the, the foundation view as to, you know, how something like this comes together and how you get participation from, you know, the technology providers, the telco providers. Uh, you know, it takes, it takes a village. >>First of all, you have to be slightly mad. Um, but I mean that's, that's really kind of the premise of open source, right? Is that people come together and they build things together. And so we done some demos in the past, um, where we looked at sort of, you know, the, the modernization of the central office. And so we had had some, you know, some tea, you know, some tapes of folks that had been building things. And then we, you know, we sent out a call basically to the community and said, yeah, we'd like to do another one. And what we're going to try to do is full five G full called native, if you're interested in joining, yo come on. And so it just ended up that basically 15 organizations said, yes, that sounds like something that we would like to prove out. And 80 volunteers across those organizations ended up working on it. >>My understanding was about four months, uh, to, to put all the pieces together, bring us, bring us through kinda, you know, how the stack gets built and. >>Yeah, well I mean, so amongst some of the issues where you have five G itself is fairly new. So we, we started with sort of the complexities of getting equipment, you know, and getting five G radio. You know, we had a partner in China who had a 5g handset that then wanted us to indemnify, you know, all of these things. Uh, to the extent that like we as a nonprofit didn't feel comfortable signing the agreement. So it was, you know, it started actually just, I mean, this was so cutting edge with in terms of the five G aspect that getting equipment was challenging. Um, yeah. And that's before you even get to sort of the challenges of building the stack. So, um, so, you know, it started kind of figuring out what pieces started building things, um, you know, found some yo gaps in Coobernetti's around supporting the, the, the sophistication of networking that we have to do. Um, so we figured out how to work around it for the demo, but what we want to do is start upstreaming some, um, some changes into, into some of the projects there. >>All right, so San Deepa, your company's one of the providers inside here. So tell us what, what drew you into it and how it is living on that bleeding edge was something like five. >>Well, it's, it's absolutely thrilling living on that leading edge. It's exciting, you know, lots of risks. But the payoff yesterday was fantastic. Be able to complete that call on stage. You know, from our perspective, we were invited in fairly early on into the project. Uh, and we're, we're thrilled to be part of it. And as once we understood the scope and what everyone's trying to do, we realized like we're providing the, the SD wan for this project, connecting the public cloud, the private cloud, and we're deploying, uh, using containers, Kubernetes. And we are able to bring the entire thing together by creating one virtual network so that it's seamless and all the underlying infrastructure, that layer, layer two, layer one, the underlay is just completely invisible to be able to transport that call, to do the signaling, to do everything that needs to be done. >>So for us to become part of this project was really powerful for one, for us to just, uh, just work with some of the companies that were there, like the Linux foundation and tell the Nobel all the other big name players that were out there. And so that was, that was amazing. An amazing experience. But then the community itself that came together, like the people that we met, we met them all at the show. It's all phone calls, we met them all at the show and it really is a community filled with love and a real drive and desire, uh, to build something new and different. Right. Sprinkled with a bit of crazy. >>Yeah. >>Well, so I mean this is a, is a great example of how the Linux foundation can be a catalyst here. I mean one of the Linux foundation is so broad, the CNCF is so broad and you're operating in many domains in this being, you know, bringing the telecom world together, being one of them. But I don't know, can you maybe just talk a little bit about the ecosystem and the unique challenges of, I mean there are some times open source approaches that are a little more strongly opinionated. Like this is going to be our, this is, this is what we're working on. This is going to be our stack. This is the projects in our stack. CNCF has a obviously a, a well documented and open, uh, process around bringing projects in and projects graduating. How does that make your >>life harder? >> Yeah. Well, I mostly focus on our networking projects and working with the telecom industry. And yeah, I mean Telekom definitely likes to be opinionated, you know, I mean that's, that's kind of, and our soul. Um, and so that is also is useful because really at the end of the day, interoperability for the type of scale that telecom operators has is very important. Right? It's um, yeah, some of the cloud providers, right? It's up to the people who want to run on them to like work with their API APIs. But the, the telecom operators, they're using all these applications to provide services to their customers so they have a business need to make sure everything really works end to end. And so there's actually an initiative right now between, um, the LF networking projects and the GSM, uh, where we're really trying to, not to prescriptively, because we do also understand that that doesn't know, you're not going to get the exact same pieces of software that worked for every single operator's network or business, but with a lot more sort of UPenn opinion around, you know, what should the cloud platforms, whether they are VM based or container based, what do they look like and how can we start doing things like compliance and verification programs around commercial implementations, whether it is the underlying platform or whether it's the applications on top. >>And so that's the thing that, you know, we're, we're working on right now because at the end of the day, we're really needing to help them accelerate their, their deployments and, um, get that agility. That's the promise of. >>So, Heather, I want to go back to something you mentioned earlier that there were some gaps in Coobernetti's speak to how fast the community rallied around to, you know, allow this, uh, solution to go forward. >>Yeah. So, um, I'll, I mean basically this is what happens when you get a bunch of engineers together, you know, for the demo itself, we weren't going to fork or make our own sort of changes Kubernetes. So we, we did some things to, to tie things together. Probably you've seen SD when I see Rampart. But yeah, one of the, one of the big issues is just being able to expose multiple interfaces. Um, which, you know, in a service writer network you have multiple interfaces, right? Um, fi six support is another big issue. And so being able to expose those natively in Kubernetes or natively just using cloud native, it's something that we're still working on. Um, there, there are a couple of projects that are looking at that um, network service mesh. Uh, you know, maybe there's some different CNI who are beginning to think through that problem. Um, none of them were quite there. So yeah, we didn't want to start forking and writing pseudo Kubernetes code. Um, so we kinda just use some of the tools and the players in place to work around that. But we, what we would love is to upstream that code and to main line. Sure. >>Yeah. So Sandy would love to hear a little bit more about how SD wind fits in the entire multicloud discussion. Um, we were, we had a pop here in San Diego. There's a lab in Montreal and then there is a, a lab in France and we use public, uh, a combination of, uh, the Alibaba cloud in North America and in Europe. And what we had to do is we had to create a way for the phones to reach each other. So we had to do this initial signaling where you do the request and you have to get to all of the different pods to make the, to make the request. So what we did is we put our, um, containers and all the, in all the cloud providers and also in the labs and we were able to create that private network. And that was what allowed for the call signaling to happen. >>And for the actual call to actually be completed from one to handset to the other. Cindy, you're uh, uh, you talked about community, you know, you're an engineer, a stye in our eyes, a word is SDN when a word, I suppose they usually hear more on an enterprise side of the show. Right. And, uh, you know, talk with lots of folks who provide, you know, in, in that space. This is a little bit different, right? As you, I don't know if you've had a chance to wander either in the sessions or on the floor, kind of curious. There is some, a little bit of networking out there, a little bit networking, security and a couple of other, certainly some service mesh stuff. Right. I don't know. What are your thoughts about how this is growing up on the, in this open source world? It's, listen, it's growing up very fast, right? >>That's, that's 100% sure. I mean, the show is, is, is growing like leaps and bounds every year. It's insane. And that, that, that debt, that performance yesterday was in front of, I don't know how many thousands of people, but I mean that was huge and it was amazing. Um, and you're right, you know, normally when you're thinking about this kind of stuff, you're not necessarily thinking about the networking, but at the end of the day, you know, Kubernetes is a platform or a tool. SD wan is a tool. Um, and if you take all of these tools and put them together, you can actually build something wonderful, right? And that's what we did in this project here. We were able to deliver a 5g call and you know, run it everywhere. So I think what's important in the community, even though this is really primarily a developer event and developer show, you are seeing some edge people here, you are seeing some networking people here and people are the awareness of, Oh wait, you know, we need edge and we need networking to actually build, you know, commercializable platforms or products, right. Is, it's that awareness that's just, I think this year at least is really starting to come out. And I think next year it's going to be even more prevalent and you're going to the show me evolve, you know? And that's why where I kind of see it going. >>Yeah. I mean, I think application developers and general tend to think networking is amazing. It just happens to be, they're sort of like plumbing and power. Um, but to actually deliver it is a fairly complicated challenge and it's part of the reason we want to do the demo yesterday was actually to kind of show some of the challenges and to kind of show what it takes to set up a mobile network. So the F we're going to use Kubernetes to do that. They, you know, the developers here would have a little bit more understanding so that when we were like, we need, you know, we need multiple interfaces or we need to be able to address things in a certain way. They, they, they have a better understanding of why so they can help us from the telecom industry, uh, design and build it out. >>Yeah. I guess the last thing is we've had the cube of the open source summit. We've been to the open networking summit. Uh, you know, when you get off the stage, you put, you know, there's so many different open source projects that Dan just give us a view as to how they span across all of these communities to make sure that we don't end up with a lot of fragmented things. How does everything kind of pull together in the networking? All right, so, so many projects across so many sources, how does, how does Linux foundation make sure that we don't just end up with, you know, siloed, uh, you know, places? >>Well, yeah, to be, to be honest, it's a little bit of a challenge because sometimes the reason that we end up with multiple projects serving what looks like similar needs is because there are different technical approaches. And so might be one will work better than the other. I mean, that's kind of the idea of open source that people can try different things. Um, and, uh, we just try to help people have more, less of a not invented here sort of mindset that if there's a good reason, uh, to try a different approach, go for it. And let's see what, what takes root and what flowers. Um, but you know, also other people are doing things, so just because you're not aware of them. So we, you know, there's a lot of stuff around education and, um, sharing of information that we try to do that, that helps with that. But I mean, yeah. >>Heather, Cindy, thank you so much for joining us regulations on, on the demo. A lot of hard work. >>Thank you. I just have to tell you, I feel as though a thousand pound weight has been lifted off my shoulders out, but it was extraordinarily fun to do actually. >>It was fun. Thank you for John Troyer. I'm Stu Miniman getting towards the end of our three days wall-to-wall coverage. They're running for the tee shirts that are left, but we've got a couple more interviews. Thank you for watching the queue.

>> From our studios, in the heart of Silicon Valley, Palo Alto, California, this is a CUBE Conversation. >> Welcome to this CUBE Conversation here in Palo Alto, California. I'm John Furrier, host of theCUBE. We are here with Arpit Joshipura, GM of Networking, Edge, IoT for the Linux Foundation. Arpit, great to see you again, welcome back to theCUBE, thanks for joining us. >> Thank you, thank you. Happy to be here. >> So obviously, we love the Linux Foundation. We've been following all the events; we've chatted in the past about networking. Computer storage and networking just doesn't seem to go away with cloud and on-premise hybrid cloud, multicloud, but open-source software continues to surpass expectations, growth, geographies outside the United States and North America, just overall, just greatness in software. Everything's an abstraction layer now; you've got Kubernetes, Cloud Native- so many good things going on with software, so congratulations. >> Well thank you. No, I think we're excited too. >> So you guys got a big event coming up in China: OSS, Open Source Summit, plus KubeCon. >> Yep. >> A lot of exciting things, I want to talk about that in a second. But I want to get your take on a couple key things. Edge and IoT, deep learning and AI, and networking. I want to kind of drill down with you. Tell us what's the updates on the projects around Linux Foundation. >> Okay. >> The exciting ones. I mean, we know Cloud Native CNCF is going to take up more logos, more members, keeps growing. >> Yep. >> Cloud Native clearly has a lot of opportunity. But the classic in the set, certainly, networking and computer storage is still kicking butt. >> Yeah. So, let me start off by Edge. And the fundamental assumption here is that what happened in the cloud and core is going to move to the Edge. And it's going to be 50, 100, 200 times larger in terms of opportunity, applications, spending, et cetera. And so what LF did was we announced a very exciting project called Linux Foundation Edge, as an umbrella, earlier in January. And it was announced with over 60 founding members, right. It's the largest founding member announcement we've had in quite some time. And the reason for that is very simple- the project aims at unifying the fragmented edge in IoT markets. So today, edge is completely fragmented. If you talk to clouds, they have a view of edge. Azure, Amazon, Baidu, Tencent, you name it. If you talk to the enterprise, they have a view of what edge needs to be. If you talk to the telcos, they are bringing the telecom stack close to the edge. And then if you talk to the IoT vendors, they have a perception of edge. So each of them are solving the edge problems differently. What LF Edge is doing, is it is unifying a framework and set of frameworks, that allow you to create a common life cycle management framework for edge computing. >> Yeah. >> Now the best part of it is, it's built on five exciting technologies. So people ask, "You know, why now?" So, there are five technologies that are converging at the same time. 5G, low latency. NFV, network function virtualization, so on demand. AI, so predictive analytics for machine learning. Container and microservices app development, so you can really write apps really fast. And then, hardware development: TPU, GPU, NPU. Lots of exciting different size and shapes. All five converging; put it close to the apps, and you have a whole new market. >> This is, first of all, complicated in the sense of... cluttered, fragmented, shifting grounds, so it's an opportunity. >> It's an opportunity. >> So, I get that- fragmented, you've got the clouds, you've got the enterprises, and you've got the telcos all doing their own thing. >> Yep. >> So, multiple technologies exploding. 5G, Wi-Fi 6, a bunch of other things you laid out, >> Mhmm. >> all happening. But also, you have all those suppliers, right? >> Yes. >> And, so you have different manufacturers-- >> And different layers. >> So it's multiple dimensions to the complexity. >> Correct, correct. >> What are you guys seeing, in terms of, as a solution, what's motivating the founding members; when you say unifying, what specifically does that mean? >> What that means is, the entire ecosystem from those markets are coming together to solve common problems. And I always sort of joke around, but it's true- the common problems are really the plumbing, right? It's the common life cycle management, how do you start, stop, boot, load, log, you know, things like that. How do you abstract? Now in the Edge, you've 400, 500 interfaces that comes into an IoT or an edge device. You know, Zigbee, Bluetooth, you've got protocols like M2T; things that are legacy and new. Then you have connectivity to the clouds. Devices of various forms and shapes. So there's a lot of end by end problems, as we call it. So, the cloud players. So for LF Edge for example, Tencent and Baidu and the cloud leaders are coming together and saying, "Let's solve it once." The industrial IoT player, like Dynamic, OSIsoft, they're coming in saying, "Let's solve it once." The telcos- AT&T, NTT, they're saying "Let's solve it once. And let's solve this problem in open-source. Because we all don't need to do it, and we'll differentiate on top." And then of course, the classic system vendors that support these markets are all joining hands. >> Talk about the business pressure real quick. I know, you look at, say, Alibaba for instance, and the folks you mentioned, Tencent, in China. They're perfecting the edge. You've got videos at the edge; all kinds of edge devices; people. >> Correct. >> So there's business pressures, as well. >> The business pressure is very simple. The innovation has to speed up. The cost has to go down. And new apps are coming up, so extra revenue, right? So because of these five technologies I mentioned, you've got the top killer apps in edge are anything that is, kind of, video but not YouTube. So, anything that the video comes from 360 venues, or drones, things like that. Plus, anything that moves, but that's not a phone. So things like connected cars, vehicles. All of those are edge applications. So in LF Edge, we are defining edge as an application that requires 20 milliseconds or less latency. >> I can't wait for someone to define- software define- "edge". Or, it probably is defined. A great example- I interviewed an R&D engineer at VMware yesterday in San Francisco, it was at the RADIO event- and we were just riffing on 5G, and talking about software at the edge. And one of the advances >> Yes. >> that's coming is splicing the frequency so that you can put software in the radios at the antennas, >> Correct. Yeah. >> so you can essentially provision, in real time. >> Correct, and that's a telco use case, >> Yeah. >> so our projects at the LF Edge are EdgeX Foundry, Akraino, Edge Virtualization Engine, Open Glossary, Home Edge. There's five and growing. And all of these software projects can allow you to put edge blueprints. And blueprints are really reference solutions for smart cities, manufacturing, telcos, industrial gateways, et cetera et cetera. So, lots of-- >> It's kind of your fertile ground for entrepreneurship, too, if you think about it, >> Correct; startups are huge. >> because, just the radio software that splices the radio spectrum is going to potentially maybe enable a service provider market, and towers, right? >> Correct, correct. >> Own my own land, I can own the tower and rent it out, one radio. >> Yep. >> So, business model innovations also an opportunity, >> It's a huge-- >> not just the business pressure to have an edge, but-- >> Correct. So technology, business, and market pressures. All three are colliding. >> Yeah, perfect storm. >> So edge is very exciting for us, and we had some new announcements come out in May, and more exciting news to come out in June, as well. >> And so, going back to Linux Foundation. If I want to learn more. >> LFEdge.org. >> That's kind of the CNCF of edge, if you will, right? Kind of thing. >> Yeah. It's an umbrella with all the projects, and that's equivalent to the CNCF, right. >> Yeah. >> And of course it's a huge group. >> So it's kind of momentum. 64 founding members-- >> Huge momentum. Yeah, now we are at 70 founding members, and growing. >> And how long has it been around? >> The umbrella has been around for about five months; some of the projects have been around for a couple of years, as they incubate. >> Well let us know when the events start kicking in. We'll get theCUBE down there to cover it. >> Absolutely. >> Super exciting. Again, multiple dimensions of innovation. Alright, next topic, one of my favorites, is AI and deep learning. AI's great. If you don't have data you can't really make AI work; deep learning requires data. So this is a data conversation. What's going on in the Linux Foundation around AI and deep learning? >> Yeah. So we have a foundation called LF Deep Learning, as you know. It was launched last year, and since then we have significantly moved it forward by adding more members, and obviously the key here is adding more projects, right. So our goal in the LF Deep Learning Foundation is to bring the community of data scientists, researchers, entrepreneurs, academia, and users to collaborate. And create frameworks and platforms that don't require a PhD to use. >> So a lot of data ingestion, managing data, so not a lot of coding, >> Platforms. >> more data analyst, and/or applications? >> It's more, I would say, platforms for use, right? >> Yeah. >> So frameworks that you can actually use to get business outcomes. So projects include Acumos, which is a machine learning framework and a marketplace which allows you to, sort of, use a lot of use cases that can be commonly put. And this is across all verticals. But I'll give you a telecom example. For example, there is a use case, which is drones inspecting base stations-- >> Yeah. >> And doing analytics for maintenance. That can be fed into a marketplace, used by other operators worldwide. You don't have to repeat that. And you don't need to understand the details of machine learning algorithms. >> Yeah. >> So we are trying to do that. There are projects that have been contributed from Tencent, Baidu, Uber, et cetera. Angel, Elastic Deep Learning, Pyro. >> Yeah. >> It's a huge investment for us. >> And everybody wins when there's contribution, because data's one of those things where if there's available, it just gets smarter. >> Correct. And if you look at deep learning, and machine learning, right. I mean obviously there's the classic definition; I won't go into that. But from our perspective, we look at data and how you can share the data, and so from an LF perspective, we have something called a CDLA license. So, think of an Apache for data. How do you share data? Because it's a big issue. >> Big deal. >> And we have solved that problem. Then you can say, "Hey, there's all these machine learning algorithms," you know, TensorFlow, and others, right. How can you use it? And have plugins to this framework? Then there's the infrastructure. Where do you run these machine learning? Like if you run it on edge, you can run predictive maintenance before a machine breaks down. If you run it in the core, you can do a lot more, right? So we've done that level of integration. >> So you're treating data like code. You can bring data to the table-- >> And then-- >> Apply some licensing best practices like Apache. >> Yes, and then integrate it with the machine learning, deep learning models, and create platforms and frameworks. Whether it's for cloud services, for sharing across clouds, elastic searching-- >> And Amazon does that in terms of they vertically integrate SageMaker, for instance. >> That's exactly right. >> So it's a similar-- >> And this is the open-source version of it. >> Got it- oh, that's awesome. So, how does someone get involved here, obviously developers are going to love this, but-- >> LF Deep Learning is the place to go, under Linux Foundation, similar to LF Edge, and CNCF. >> So it's not just developers. It's also people who have data, who might want to expose it in. >> Data scientists, databases, algorithmists, machine learning, and obviously, a whole bunch of startups. >> A new kind of developer, data developer. >> Right. Exactly. And a lot of verticals, like the security vertical, telecom vertical, enterprise verticals, finance, et cetera. >> You know, I've always said- you and I talked about this before, and I always rant on theCUBE about this- I believe that there's going to be a data development environment where data is code, kind of like what DevOps did with-- >> It's the new currency, yeah. >> It's the new currency. >> Yeah. Alright, so final area I want to chat with you before we get into the OSS China thing: networking. >> Yeah. >> Near and dear to your heart. >> Near and dear to my-- >> Networking's hot now, because if you bring IoT, edge, AI, networking, you've got to move things around-- >> Move things around, (laughs) right, so-- >> And you still need networking. >> So we're in the second year of the LF Networking journey, and we are really excited at the progress that has happened. So, projects like ONAP, OpenDaylight, Tungsten Fabric, OPNFV, FDio, I mean these are now, I wouldn't say household names, but business enterprise names. And if you've seen, pretty much all the telecom providers- almost 70% of the subscribers covered, enabled by the service providers, are now participating. Vendors are completely behind it. So we are moving into a phase which is really the deployment phase. And we are starting to see, not just PoCs [Proofs of Concept], but real deployments happening, some of the major carriers now. Very excited, you know, Dublin, ONAP's Dublin release is coming up, OPNFV just released the Hunter release. Lots of exciting work in Fido, to sort of connect-- >> Yeah. >> multiple projects together. So, we're looking at it, the big news there is the launch of what's called OVP. It's a compliance and verification program that cuts down the deployment time of a VNF by half. >> You know, it's interesting, Stu and I always talk about this- Stu Miniman, CUBE cohost with me- about networking, you know, virtualization came out and it was like, "Oh networking is going to change." It's actually helped networking. >> It helped networking. >> Now you're seeing programmable networks come out, you see Cisco >> And it's helped. >> doing a lot of things, Juniper as well, and you've got containers in Kubernetes right around the corner, so again, this is not going to change the need, it's going to- It's not going to change >> It's just a-- >> the desire and need of networking, it's going to change what networking is. How do you describe that to people? Someone saying, "Yeah, but tell me what's going on in networking? Virtualization, we got through that wave, now I've got the container, Kubernetes, service mesh wave, how does networking change? >> Yeah, so it's a four step process, right? The first step, as you rightly said, virtualization, moved into VMs. Then came disaggregation, which was enabled by the technology SDN, as we all know. Then came orchestration, which was last year. And that was enabled by projects like ONAP and automation. So now, all of the networks are automated, fully running, self healing, feedback closed control, all that stuff. And networks have to be automated before 5G and IoT and all of these things hit, because you're no longer talking about phones. You're talking about things that get connected, right. So that's where we are today. And that journey continues for another two years, and beyond. But very heavy focused on deployment. And while that's happening, we're looking at the hybrid version of VMs and containers running in the network. How do you make that happen? How do you translate one from the other? So, you know, VNFs, CNFs, everything going at the same time in your network. >> You know what's exciting is with the software abstractions emerging, the hard problems are starting to emerge because as it gets more complicated, end by end problems, as you said, there's a lot of new costs and complexities, for instance, the big conversation at the Edge is, you don't want to move data around. >> No, no. >> So you want to move compute to the edge, >> You can, yeah-- >> But it's still a networking problem, you've still got edge, so edge, AI, deep learning, networking all tied together-- >> They're all tied together, right, and this is where Linux Foundation, by developing these projects, in umbrellas, but then allowing working groups to collaborate between these projects, is a very simple governance mechanism we use. So for example, we have edge working groups in Kubernetes that work with LF Edge. We have Hyperledger syncs that work for telecoms. So LFN and Hyperledger, right? Then we have automotive-grade Linux, that have connected cars working on the edge. Massive collaboration. But, that's how it is. >> Yeah, you connect the dots but you don't, kind of, force any kind of semantic, or syntax >> No. >> into what people can build. >> Each project is autonomous, >> Yeah. >> and independent, but related. >> Yeah, it's smart. You guys have a good view, I'm a big fan of what you guys are doing. Okay, let's talk about the Open Source Summit and KubeCon, happening in China, the week of the 24th of June. >> Correct. >> What's going on, there's a lot of stuff going on beyond Cloud Native and Linux, what are some of the hot areas in China that you guys are going to be talking about? I know you're going over. >> Yeah, so, we're really excited to be there, and this is, again, life beyond Linux and Cloud Native; there's a whole dimension of projects there. Everything from the edge, and the excitement of Iot, cloud edge. We have keynotes from Tencent, and VMware, and all the Chinese- China Mobile and others, that are all focusing on the explosive growth of open-source in China, right. >> Yeah, and they have a lot of use cases; they've been very aggressive on mobility, Netdata, >> Very aggressive on mobility, data, right, and they have been a big contributor to open-source. >> Yeah. >> So all of that is going to happen there. A lot of tracks on AI and deep learning, as a lot more algorithms come out of the Tencents and the Baidus and the Alibabas of the world. So we have tracks there. We have huge tracks on networking, because 5G and implementation of ONAP and network automation is all part of the umbrella. So we're looking at a cross-section of projects in Open Source Summit and KubeCon, all integrated in Shanghai. >> And a lot of use cases are developing, certainly on the edge, in China. >> Correct. >> A lot of cross pollination-- >> Cross pollination. >> A lot of fragmentation has been addressed in China, so they've kind of solved some of those problems. >> Yeah, and I think the good news is, as a global community, which is open-source, whether it's Europe, Asia, China, India, Japan, the developers are coming together very nicely, through a common governance which crosses boundaries. >> Yeah. >> And building on use cases that are relevant to their community. >> And what's great about what you guys have done with Linux Foundation is that you're not taking positions on geographies, because let the clouds do that, because clouds have-- >> Clouds have geographies, >> Clouds, yeah they have agents-- >> Edge may have geography, they have regions. >> But software's software. (laughs) >> Software's software, yeah. (laughs) >> Arpit, thanks for coming in. Great insight, loved talking about networking, the deep learning- congratulations- and obviously the IoT Edge is hot, and-- >> Thank you very much, excited to be here. >> Have a good trip to China. Thanks for coming in. >> Thank you, thank you. >> I'm John Furrier here for CUBE Conversation with the Linux Foundation; big event in China, Open Source Summit, and KubeCon in Shanghai, week of June 24th. It's a CUBE Conversation, thanks for watching.

>> Announcer: Live from Los Angeles it's The Cube covering Open Source Summit North America 2017. Brought to you by the Linux Foundation and Red Hat. >> Hey, welcome back everyone. We're here live in L.A. for the Linux Foundation Open Source Summit North America. I'm John Furrier, your host, with Stu Miniman, my co-host. Our next guest Jim Zemlin, Executive Director of the Linux Foundation, runs the whole show. Welcome back to The Cube, great to see you. >> Thank you, thank you. Runs the whole show is a little bit of an overstatement. >> Well, certainly great keynote up there, I mean, a lot of things coming together. Just some structural things. Let's get the update on what's going on structurally with the Linux Foundation, one, and then two, the keynote today, this morning, really kind of laid out the state of the union, if you will, and all cylinders are pumping, no doubt, on open source. So give the quick update on kind of what's going on with the Linux Foundation and then let's get in some of the trends inside the open source movement. >> Yeah, I mean, our organization has grown quite a bit in the last few years as evident by all the people who are here at this event. But our focus is really on the projects that are important to, you know, the stability, security, and growth of the global internet and of large-scale systems. And when you look at Linux or Node.js or things like our networking projects which are powering the production networks for 3 1/2 billion people, what we're really focused on is making sure those projects are healthy, making sure that they have great developers who write incredible code, that it's used to power things like China Mobile's network or AT&T's production network. And then, those firms are employing the developers who then write more code, you get more solutions, products, services based on Linux or whatever. More reinvestment, lather, rinse, repeat. It's that cycle we're trying to promote. >> So before we get into some of the stats, structurally, I know this show, we've Cube comments out there, clarify the structure. How the shows are rolling out, how are you guys putting together the big-tent events, and how developers can get involved in the specific events across, but now there's a ton of projects. But just at a high level, what's the structure? >> Yeah, so, you know, and I'll throw out a few stats. We have about 25,000 developers that attend all of our events which are all over the world. But we have our Open Source Summit which is really sort of a summit to come together and talk about these big-picture issues around sustainability to allow for cross-project collaboration. We have project-specific events so the CloudNativeCon, KubeCon event which is coming up in Austin which is going to be blow-out, you know, I'm expecting thousands of people. I think probably three, 4,000 people. >> And even more platinum sponsors than I've ever seen on any project before so huge demand. >> It's crazy, yeah. Yeah, you know, get it while it's good, right? All these things kind of go up and down but they're on the upswing. So we have project-specific and then in the networking sector, we have have the Open Networking Summit which is sort of similar to the Open Source Summit but much more focused on networking technology, SDN, and NFD, and that is going to be in L.A. next year and we'll have a U.S. event and then a European and an Asian. >> And this show's purpose is what? How would you position the Open Source Summit? >> The Open Source Summit is where all the projects come together and do cross-pollination. I mean, the idea here is that if you're just always in your silo, you can't actually appreciate what someone else is doing that may improve your project. >> And Jim, there's a couple of events that came together to make this 'cause it was LinuxCon, ContainerCon, and MesosCon is also co-resident so. >> Exactly, so we just decided after a while that all these events could come together and again, this cross-pollination of ideas. >> And they kind of did, they're just different hotels in Seattle last time. >> Yeah, exactly. That's enough, it's just going to be Open Source-- >> It's a big-tent event. >> It's a big-tent event and it really reflects how open source has gone mainstream in a way that I don't think any of us would've predicted even maybe five, six years ago. >> It's pretty massive. Just to quote some stats. 23 million plus open source developers, what you shared onstage there, want to get to your keynote. 41 billion lines of code. 1,000 plus new projects a day. 10,000 new versions pushed per day. 64 million repos on GitHub. Just amazing growth so this kind of points to obviously the rising tide is floating all boats. I made a comment, I tweeted, in the spirit of the joke of standing on the shoulders of giants before you, it's like, what shoulders are we standing on now? Because there's so many projects. Is there going to be like a legacy like the dual-star, badge values, been around for a while? You mentioned old news and you bring up Linus onstage. I mean, some projects are older, more mature, Bruce Wayne, Tier One, meat and potatoes, some got a little bit more flair and fashion to it, if you will. So you got new dynamics going on. Share your thoughts on this. >> Yeah, I mean, it's like the shoulders you're standing on are almost like stage-diving, right? Where it's just lots of people's shoulders that you're really bouncing around on. But the idea here, and what we really focus on, is what are the most important projects in the world and how do we make sure we sustain those projects. So those are the ones that you're going to generally see focused on here. Like, you know, if you've got two people contributing to one small repo for a very small project, that's probably not something that's going to be super high-profile here. But what we're trying to do is bring together sort of the big projects and also the key contributors. You know, if you look at the distribution of contribution, and this is the thing, I think, if you're a developer listening to something like this, someone who gives just one commit to a project to solve some kind of problem they might have, that's the vast majority of people. Somebody who does maybe five to 10 commits, you know, a little bit less, quite a bit less. The vast majority of code, people who give 25 or more commits to a project, small group of folks, they're here. >> I know Stu wants to ask a question, one final question on the growth 'cause this kind of reminds me of sports as we're like the ESPN of tech here for the community. If you look at the growth, you put a slide in there by SourceClear that show the projection, by 2026, at 400 million libraries, putting it today around, I think, 64 million. This is going to be like an owners meeting. It's kind of like they get together, this event because you are going to have so many projects 'cause this is kind of the vibe you got going on in here. The scale is massive, this is going to be almost like the owners meeting, the teams. Expansion's going to be coming, you have to deal with that, that's challenging. >> We're ready to grow, I mean, we've been working on systems and staffing and processes to help scale with that. You know, we take seriously that that code runs modern society. It keeps us private or doesn't as we saw with the Equifax hack which was a CVE in an open source project and we want to be ready to up our game. Let's say we could have secure coding class at this very event for the greatest developers who are working on our most important projects in the world. Would that make all of our lives better? Yes, absolutely. >> Yes, absolutely would. Yeah and you want to enable that, that's where you're going. >> That's exactly where we're going. >> Jim, the quote that jumped out at me that you gave in the keynote was, projects with sustainable ecosystems are the ones that matter. How do we balance all this? I heard in, you know, Linus's Q and A it was, look, individual's important but companies are important. You put up a slide and said, there's thousands and thousands of projects, sometimes we're going to get some really awesome stuff from three people contributing code versus the massive ecosystem with all the platinum providers so, it's always in technology, it's an and and it's very nuanced but how do we get our arms around this? How do we know where to focus? >> It's worth going back in time to understand where the future is going and study innovation theory, you know, Eric von Hippel at MIT, or Karim Lakhani at Harvard Business School. And you look at the framework, which is, you have corporations who underwrite a lot of development by hiring developers who have an equal importance in this and then users of that software. So those are your main constituents and sometimes they're the same people, right, or the same things. They're not mutually exclusive, they're actually self-reinforcing if you get the formula right and you make sure that the project is in good shape so that it gives confidence to industry or society that, hey, we can count on that. I think Heartbleed and OpenSSL maybe rattled people's cages like, hey, can we count on, not just this project, but can we count on open source period? So we spent a ton of time working with that project to provide them millions in resources, audited their code, expanded their testing, and we learned a hell of a lot about how to support these communities in the most important developer projects in the world and create that positive feedback loop, that's what we're doing. >> Yeah and Jim, it's, as an analyst, one of the things we're always asked is, right, how do I choose the right technology? Whereas companies now are contributing here so it's not just I'm putting dollars in, I'm putting manpower into this. And the foundations sometimes get a lot of lung from people, saying it's like, oh well, people throw money and what do they get out of it? I liked what I heard today, you talking about this cycle, and maybe talk to our audience a little bit about CHAOSS which I though was a nice, tongue-in-cheek acronym to say how you're actually going to bring order to the chaos that we see in the open source world. >> I'm going to come to this but I want to answer one quick question about the roles of organizations like ours. We are the roadies, the supporting cast, and the plumbers and the janitors of the system that keep things going but the real rock stars are the developers. If you think about it, Linux is worth $10 billion. An average kernel developer makes probably, let's say $150,000 a year, by the way, they make more than your average developer because they're in such high demand. The role of organizations like ours is such a tiny fraction financially of what is really fueling this model but it's an important one. What we ask ourselves all the time is, why do you need us? Who cares, right? Like, throw your code up on GitHub, you don't need the Linux Foundation, right? Why do we even exist? And the answer is to do things like this Community Health Analytics for Open Source Software, to provide the infrastructure for sustainability. Sustainability is something that we need to measure, right? How many developers are contributing to a project? Are they from a diverse community so that if one group goes away, there'll be somebody else there to do that work? How much test coverage do they have? Are there code quality metrics that we could look at? Do they have security practices like a responsible disclosure policy, a security mailing list? Have they recently fuzzed their code? Are they a community that's welcoming for people of different backgrounds? And so on and so forth. If you don't have a healthy project, you kind of don't want to bet your company on this project by using it in a production system, right? But here's the interesting thing, how many people are using that code in production also is a metric for health, right? Because that's where the reinvestment is going to come in the form of developers who are working on it. >> There's a difference between being proactive and jamming something down someone's throat. So you're taking an approach, if I get this right, to be kind of the same open source ethos, use some KPIs, key performance indicators, to give them a sense of success. But it's not an edict saying-- >> No, no, it can't be an edict. What you want to do is preserve the organic innovation that goes on in open source and get projects to go, and you'll notice that curve of sort of value to volume goes up and to the left, we could've written it to the right but, you know, the whole copyleft thing we love. How do you get that organic innovation to kind of go from this small project up and to the left? How do you capture that? Well, give tools to everyone so that they can better self-analyze. >> John: You get exponential growth with that. >> Exactly. >> If you try to control, it's linear but you bring it to the community, you get exponential growth. >> Exactly, so we studied a ton of innovation theory, we looked at how we could build frameworks to facilitate this kind of form of mass innovation and so that's where tools like CHAOSS which is being worked on by Red Hat and a lot of companies who want to figure out which project should I work on? How can I spot that one earlier? And we're excited about it. >> You know, I always joke, being the old guy that I am, in the late '80s, early '90s, '80s particularly when I was coding. We did everything, we wrote all the code. You bring up an interesting stat and you put the finger on, at least for me, and I think this is where a lot of us old timers who had to do all the libraries from scratch. You mentioned the code sandwich, the code club, the club sandwich, how code's being made and the interesting thing, as you point out, 90% of most great software is done with open source where the 10% innovation is done with original code or original content, if you will, and that that is the norm. So open source is now called the code sandwich because you can put your differentiation and that's a good use of time. >> That's the meat, right. >> That's the meat, it's not a wish sandwich to use the old Blues Brothers example but I mean look, the thing is is that that's dynamic is real, the code is leverageable, and that this is the dynamic so where'd the number come from? Because that seems really high to me but I love it. >> So that number came from a combination of Sonatype, SourceClear, and other organizations that monitor commercial reuse of software on a global basis. So these are the folks who are actually working with commercial industry to look at the makeup of their code, basically. You don't have to go far to look at a Node.js developer, they're using Node.js, they're taking packages out of NPM, and they're writing, they're cut and paste masters, but they write this critical component that's the meat of their application, it's what they do. >> But that's the innovation fabric that's happening. >> It also is a requirement because let's look at a modern, luxury vehicle today. It has 100 million lines of code in it. That's more than an F-35, like, fighter jet. That's an unbelievable amount of code. Toyota, who we work with, and you know, our AGL, our Automotive Grade Linux, is in their Camry. They couldn't write that code on their own. It's just too much. And this is how we get to autonomous vehicle control and things like that. >> I know you got a tight schedule, I want to make one more comment, get your reaction to it. I made a tweet and said, it's open bar in open source and with a reference to all the goodness being donated by companies, Google TensorFlow, there's a lot of other things coming in, these libraries. A lot of people are bringing really, really big IP to the table, IoT, and I kind of made an open remark 'cause a lot of the young kids, they think this is normal, like, well it's going to get better. Keep on drinking that open source. Is this normal? Is it going to be more like this in the future? Because you have essentially real intellectual property, like say from Google, being given to the open source communities as a gift for innovation. I mean, that is just unprecedented greatness. >> The reason for that is they're not doing it necessarily altruistically although I think you can take it that way, they're doing it in a way that betters themselves and others at the same time. I mean, it is a form of collective capitalism where they've realized, my value's over here, it is better for me to collaborate on underlying infrastructure software that my customers don't care about that's not critical to my system but I absolutely have to have and I'm going to focus on data or I'm going to focus on much higher-level innovation. And what that's doing is creating this hockey stick of innovation where, as we share more and more and more infrastructure software, and as that keeps moving up and up the stack, we all benefit. >> So in the theory of the management, bring up management theory, their theory, I'd love to get your thoughts on, is that they're betting on scale rather than trying to go for profits in the short-term, they'd much rather share intellectual property on the back-end value of scale and scale's the new competitive advantage. >> Exactly, take Kubernetes as an example. The fact that, today, and just even a couple years ago this wasn't known, we didn't quite know where this was going to be, but today you can take Node.js, build a container, you know, take an application, throw it into a container, and use Kubernetes to run it on Azure, Amazon, Google, or in a private cloud. That definition, the ability to do that, unlocks this massive developer productivity which creates more value which is more business opportunity for all these guys. You know, they're not doing it 'cause they're nice people, they're doing it 'cause they're unlocking market potential. >> And they're the real rock stars. Jim you're doing a great job. Congratulations on your success. You got a lot of growth in front of you, a lot of challenges and opportunities certainly with that and of course, the tech athletes out there doing the coding, they're the real rock stars, they're the real athletes. Of course, we get more on The Cube, thanks for your support with The Cube as well, appreciate that. >> Jim: Thank you, thanks for everything. >> Alright, this is live coverage from Open Source Summit North America in Los Angeles, California. I'm John Furrier, Stu Miniman, we'll be back with more live coverage after this short break.

(cheerful music) >> Voiceover: Live, from Los Angeles, it's theCUBE covering Open Source Summit North America 2017, brought to you by the Linux Foundation and Red Hat. >> Okay, welcome back here when we're here live with theCUBE coverage of Linux Foundation Open Source Summit North America in Los Angeles, I'm John Furrier, Stu Miniman, our next guest is Arpit Joshipura, General Manager of Networking the Linux Foundation. Welcome back to theCUBE, great to see you. >> Thank you, nice to be here again. >> Always good to talk networking, as Stu and I always say networking is probably the most active audience in our community, because at the end of the day, everything rolls downhill to networking when the people complain. It's like "where the hell's my WiFi, "where's the patent latency," networking SDN was supposed to solve all that. Stu, we're still talking about networking. When are we going to fix the network? It's always in the network, but important. In all seriousness, a lot of action continues and innovation to networking. >> Absolutely. >> What's the update? >> Update is very exciting. So first of all, I can confidently say that open source networking, not just networking, but open source networking is now mainstream. And it's mainstream in the telcos, in the carriers, service providers, it's getting there in the enterprise. And Linux Foundation is really proud to host eight of the top 10 projects that are in open source networking. ONAP, ODL, OPNFV, Fido, you know, the list goes on. And we're really excited about each of these projects, so good momentum. >> We've been seeing and talking about it too, we all, joking aside, the intro there, but in all seriousness we've been saying, we get better the network, it's finally happening. Has it been a maturization of the network itself, has it been industry force and what have been the forces of innovations been? OpenStack has done some great work, they're not getting a lot of love these days with some people, but still we've seen a lot of production workflows at OpenStack, OpenStack's still there, rocking and rolling. New projects are onboarding, you see the telcos getting business models around digital. What's the drivers? Why is network mainstream now? >> I think it's a very simple answer to that, and that is before 5G and IoT hit the market, network better be automated. It's a very simple requirement. And the reason is very self-explanatory, right? You can't have an IoT device on the call on hold while you get your service up (laughs). So, it's IoT, right? And it is the same thing on 5G, a lot of new use cases around cars or around low latency apps. You need automation, and in order to have automation, a carrier or a solution provider goes through a simple journey. Am I virtualized? Yes or no? Am I using the building blocks of SDN and NFV? Yes or no? And the third, which is now reality, which is, am I using open source to do it? Yes, and I'm going to do it. And that's the driver right? I mean it's all- >> Automation, when you started throwing out a lot of TLAs, you talk about SDN and NFV, we've got a four-letter acronym that we need to talk about. The Open Network Automation Platform. Why don't you bring your audience up to speed, what that is, the news that you have this week. >> Absolutely, so ONAP was launched earlier in 2017. It's a combination of two open source projects, ECOMP and Open-O, and we wanted to bring the community together versus sort of fragmented, and because our end users are asking for a harmonized solution. So we brought it together. It was launched earlier this year as we talked about, but the most significant thing is it has received tremendous support from the member community. So at OSS today, we just announced that Vodafone has joined as a platinum member. They will be on our board, and as you know Vodafone is one of the top providers. So if you add up all the subscribers that are being influenced by ONAP, they come to 55%. So out of the 4.5 billion subscribers that exist, more than 55% will be influenced by ONAP and the work that happens. That includes China Mobile, China Telecom, China Unicom, all of the China, Bell Canada, AT&T obviously who sort of was the founding member, Orange, Reliance Jio from India. So we've got, Comcast joined earlier in the quarter, so we've got cable companies, carriers, all joining. And to be very honest, I'll probably just give you the list of all the networking vendors that are participating here, and I've list Amdocs, Cisco, Ericsson, GigaSpaces, Hua Wei, IBM, Intel, Nokia, Tech Mahindra, VMware, ZTE, Juniper, you know, you name it. >> Arpit, I mean the long story short is-- >> Just cause they're involved does that mean they're actually working-- >> They're active. Active. >> we're not going to be critical on this. >> But come on, even Cisco's involved in the open source stuff, right? >> They've very active. >> We've had lots of guests on from Cisco, Lulu Tucker's been on many many times. We know the open source there, but it used to be, networking was very proprietary. Now, it wasn't SDNs going to totally change everything, it's lots of different pieces, lots of different projects. It kind of felt like the river slowly wearing down the mountain as to this transition from proprietary to open source. >> I think what happened is if you just look at four years back, it was proprietary. Not because people liked it, that was the only game in town. When the open source industry, especially in the networking, and this is a hundred year old industry, telecom right? When it came in in the desegregated manner, hardware and software separated, control plane separated from data plane, all of that happened, and what happened suddenly was each components started becoming mature. So they're production-ready components, and what ONAP and what Linux Foundation is intending to do this year is trying to bring all the components into a system solution. So that it's easy to deploy, and all you have to do is point, click a service, everything below it will all be automated and integrated. >> Well the telcos are under a lot of pressure. I mean this has been a decade run, over-the-top they've been struggling with that from years ago, decade ago or more. But now they're getting their act together. We're seeing some signs, even VMworld. Stu, Pat Gelsinger said 5G's the next big kahuna in networking the next 20 years, you can validate it. This is going to be a 20 year changeover, so as the Linux Foundation, which essentially is the organic growth engine for this community, what do you guys see in that 20 years? Cause I see 5G's going to create all these connection points. IoT is going to be massive. That's going to increase the surface area for potential attacks. We're seeing a networking paradigm that's moving from old guards Cisco, Juniper, and some of the names you mentioned. They got to make some changes. How are they adjusting? What's going on so the next 20 years we don't have more conflict and more identity politics. >> I'll tell you one thing, I come from a vendor community, right? So I really appreciate the work they're doing. Part of the reason you would have seen in the past a vendor dragging their feet is because of fragmentation in the community. You as a vendor do not know where to put your resources, people, and where you put your money. What we're doing at the Linux Foundation is starting to harmonize all that. And once you do that and you have enough of a scale and enough of a community, there is no shortage of people and developers that the vendors are contributing to. >> John: What's some of the proof points that you can share? >> Okay, so ONAP, from start to now, about 1100 Wiki members already. That means 1100 unique developers are joining the project. Over 50 members. We ran out of VMs, I mean it's like that has not happened in any project for over five years. We had to fire up people more. So you can see that... And this is not just, these are competitors, but if you step back and look at it, they're competitors from an end user perspective, but they're solving the common problem in which they don't get any money. They don't make any money. These are things that absolutely need to happen. The plumbing, the infrastructure, the orchestration, the control layer, the data plane layer, all of that need to just happen, it should just work. And let them differentiate on top. We are actively seeing almost everybody participating significantly. >> Stu, let's hear your thoughts on this. You guys are both, I view you guys both as experts and influencers in this networking ecosystem, so I got to ask you both a question. CNCF has gotten a lot of traction with funding, sponsorships are off the charts, you're seeing massive tractions, Stu, where you also see that KubeCon Cloud Native, but you have native clouds, I call them native clouds, in Amazon and then soon-to-be enterprises that want to run software-defined networking. So the question is do you see the same kind of support going for your group as CNCF's getting? Is it just fashionable at this point, CNCF? Why isn't the networking getting as much love at least from a sponsorship standpoint. >> Let's define love. So if you define love as the 2017 ONS, which is our largest networking summit, we grew that 10%, everything was off the charts. The feedback, the content-- >> John: The attendance growth or sponsorships? >> Attendance, sponsorships, CFPs were 5x oversubscribed. Call for papers, for submissions, 5x oversubscribed. So we had a hard time picking the best of the best. ONS 2018 is going to be here in LA, we've already started getting requests on, you know, so we're the same boat. >> So you feel good. >> We feel good. >> Not about this, like you're winning. >> No, but I tell you-- >> There'll be positive numbers we know from the hype scale horses, Stu, answer your question and then maybe you guys can comment. So is it a matter of that there's more buzz in positioning involved in the hype side of CNCF now, and there's just meat and potatoes being done in the networking world, Stu? Cause you and I both know, if no one has nothing to say, they've got to kind of market themselves. >> So John, think back to five years ago, how much hype and buzz there was around SDN. John, you and I interviewed like Martin Casado, he just bought for $1.4 billion, all these startups, lots of VC investment, so I think we're further down the maturity curve. Now networking's always-- >> John: People going to work, they're doing their job. >> It's real, it's in production-- >> It's funny-- >> It's not parb, I always say when you move from PowerPoint to production, real things happen. >> I always say, if there's going to be sizzle, I better see some steak on the grill, so what's happening is steak is cooking right now. >> And John, so one of the things we say, networking, no offense to all my friends in networking, networking is never sexy. >> Oh, come on Stu, networking is totally sexy. >> I always say it's cool again. >> Networking has never lost its edge. >> It absolutely is majorly important, but Arpit, take us in, you know, Kubernetes is hot, containers get a lot of buzz and everything. Networking, critical piece of making sure that this works, feels like, I think back to the virtualization days, it took us 10 years to kind of solve those things that that abstraction layer broke. It feels like networking is further ahead than it was, it's moving faster, we understand it's not something that's just kind of oh we'll let the networking guys get to it eventually. Networking and security, which often has that networking tie are front and center now. >> Very good point, and I think what you have to also sort of step back and look at is what are the problems that need to be solved from an end user perspective? So the hardest networking problems at the data plane control layers, check. Next big problem that remain to be solved was orchestration, data analytics, and things like that. Check, solve, with ONAP. Now the next problems that need to be solved are containerization of enterprise app, which is where Kubernetes and... and then how does containerization work with networking? That's all the C&I, the interfaces. I would say next year, you will start to see the interworking and the blend of these "hot projects" where they can all come together. >> Stu, you were there in 2010, I looked right in the camera and said to Dave Vellante, storage is not as sexy. And Dave called it snoreage, cause snoreage is boring. (Stu laughs) >> And at that time, the storage industry went on a run. And we well-documented that. Sexy is, networking is sexy. And I think that we-- >> I call it cool. >> And I just tweeted, 25g is a good indicator of a 20 year run, and networking is the big kahuna as Pat Gelsinger said in IoT, so I think, Stu, I think it's going to be very apparent, sexy. I just don't see a lot of amplifications, so you don't see a lot of people marketing the sizzle. I think, being done I would agree, but Stu, there's more buzz and hype on the CNCF side than networking. >> That's fair. I think it is always as you said, it's the initial phase of any project that gets a lot of clicks and a lot of interest, and people want to know about it. A lot of the buzz is around, just awareness. The classic marketing cycle, and I think we're past that. It was therefore ONAP in January, we're past that. >> Alright, so here's the question, final question. So the steak is coming off the grill in our metaphor here, what are people-- what is that product, what's happening, what is the big deliverable right now from a networking standpoint that people can bet on and know that they can cross the bridge into the future with it. >> You will see a visible difference, you as in an end user, an enterprise, or a residential consumer. You will see a significant difference in terms of how you get services. It's as simple as that. Why? Because it's all automated. Network on-demand, disaster recovery, video conference services. Why did over-the-top players, why were they so successful? If you need a Gmail ID, you go in, you get one. It's right there. Try getting a T1 line five years ago. That would be six weeks, six months. So with the automation in place, the models are converging. >> So provisionings are automatically happening-- >> Provisionings, service, and then the thing that you will not see but you will see in the services impact, is the closed loop automation that has all the analytics built in. Huge, huge. I mean, network is the richest source, and by the way, I'll come back next year and I'll tell you why we are cool again. Because all of a sudden, it's like oh my god look at that data and the analytics that the network is giving me. What can I do with it? You can do AI, you can do machine learning, you can do all these things. >> Well, we're looking forward to it, the eye of the storm is kind of happening now I think in networking, Stu and I always have debates about this, cause we see a lot of great action. Question is, let's see the proof points, you guys are doing some good work. Thanks for sharing, Arpit, really appreciate, General Manager of Networking at Linux Foundation. It's theCUBE, more live coverage from Los Angeles, the Open Source Summit North America. I'm John Furrier, Stu Miniman, be back with more live coverage after this short break. (techno music)

>> Announcer: Live from San Francisco, it's theCUBE covering DevNet Create 2017. Brought to you by Cisco. >> Okay, welcome back, everyone. Live in San Francisco. This is theCUBE's exclusive coverage of Cisco's new inaugural DevNet Create event targeting the DevOps open source community as they put their toe in the water, their foray into a community approach to build on top of their success of their classic developer program, DevNet, which is only three years old. Shouldn't call it classics. It's actually emerging still and growing. Arnesc is our pitch, Joshipura GM, Network and Orchestration at the Linux Foundation. I'm also joined with my cohost Peter Burris. Welcome to theCUBE. >> Thank you. >> Good to see you again, welcome back. Cube alumni. Obviously open networking. You guys are involved, you're having a great show, we cover it every year. Open Networking Summit, among other things. Huge demand for the technologies. An appetite for content in your area. Here at Cisco DevNet Create, you're seeing the emergence of Cisco taking their roots in networking and plumbing and operations, which, by the way, you know from the networking world. Sacred cows all over the place. Bringing it to the wild west, agile developer who wants infrastructure at Cisco is bringing that application meets infrastructure saying, we're going to bring programmable networking. That's music to the ears to the developers so we are getting infrastructure as code. That's your wheelhouse. What's going on in the Linux Foundation to continue this momentum? How do you guys look at this trend, give us the update on how the Linux Foundation is participating, supporting, getting involved with this programmable networking infrastructure as code trend. >> Sure. So first of all, let me baseline everybody. Linux Foundation is here to create the largest shared technology investment by building sustainable ecosystems. That's the mission in life. Within the Linux Foundation obviously the most successful open source project is Linux. But we're way beyond Linux. We host a whole set of open source projects starting from cloud native, CNCF, cloud foundry to blockchain projects like hyperledger, automotive grade Linux and a whole variety of Let's Encrypt, you name it. That we facilitate this shared technology investment. The area I own, which is networking, has several projects up and down the stack. All the way from data plane acceleration to orchestration, analytics and it's intended for carriers, enterprise, and cloud service providers including one of the most recent, highly successful and much in demand project called ONAP which is a full network automation stack. Open network automation platform. Which again, is an open source way to connect apps to infrastructure. This is the movement that you just mentioned and I'm really excited that the community's finally realizing the implications of the three letter acronym that started this whole thing called SDN. (laughing) >> SDN, SD when, a lot of stuff going on. Software defined, data center, obviously Cisco has a huge dominant preposition in the enterprise, data center in particular, but also they have a huge service provider business MSL. All that, they've been connecting networks on internet scale since the '90s. Really doing a great job. Now they got to really think about the future. What's your view there because I think Linux Foundation, you guys have been great stewards for sustainable ecosystems, but now Cisco has to put their toe into the new ecosystem. What's the meaning of that? What's the view, outlook? What's your take on where they're at? It looks good off the tee, middle of the fairway as we were saying earlier. Messaging's good, 90% of the content's community, agenda's relevant, looks good. >> I think our perspective is there's a major disruption happening. But it's not a technology disruption, it's an end user disruption. What I mean by that is the end users, whether it be carriers, whether it be enterprises whether it be cloud service providers, they are demanding that open source be part of the agenda. The reason for that is very simple. It's providing more agility, providing the access to the source code to allow for much faster feature development. They want to contribute, they want to develop the ecosystem to meet their requirements and everybody is unique as we all know. What is happening is, in this new environment, vendors, service providers, carriers, everybody is re-inventing themselves. They're re-inventing themselves with a new business model and the business model is essentially, how do I take a leadership role in developing this shared technology investment? It's not about a box. It's not about the fastest and the smallest and the largest switch routers, etc. It's about a software plan. >> It used to be about free software. Now, nothing's free because people are putting their company's name on the line. Their business models now are integrated to open source and they have people involved in other parts so technically it's free software but it's really, technically not free. But this is the new business model, this is what people are doing. >> I think you can-- >> It's tier one resource. >> If you look at the world's largest carriers today, whether it's in China, whether it's in US or in Europe, they have deployments that are built on open source. Open source networking specifically is becoming mainstream in terms of deployment. >> What's the hottest mainstream product right now? Is it SDN? What's the hottest in the-- >> SDN is a technology. SDN, NFV, network function virtualization. Those are technologies that enable the deployment of open source projects. We got projects like Open Daylight, ODL, OPNFV, ONAP, these are just names. Again as networking-- >> What's the hottest here, NFV or-- >> Right now ONAP is the hottest. As networking guys we always make these three or four letter acronyms so sorry to bug you. >> That's okay I don't mind. >> But that's how it is. >> So one of the observations at least we made at Wikibon and we made it here a couple times, is that open source has proven to be magnificently successful when the target is well defined. Other words, conventions of an operating system, there's no disagreement about what an operating system does. Hence open source could create a Linux that has just been wildly successful. Open source has not been as good at redefining the new use cases or where the technology might go. Therefore, a lot of times open source developers end up looking at each other and making each other's tools work. Which is, for example, in the big data universe, restricted the adoption of Aduke and the ability of Aduke for example. So getting value you out of it, but it's not as successful as it might be. That raises a question. I'm wondering what role you play in all this. Is there a need for a degree of open source leadership that can set the big picture, the longterm trends without undermining the innovative and inventive freedom of how developers have demonstrated they want to work together? What do you think? >> I think that's an excellent question. What happens is just by throwing software on say, Github, doesn't make you an open source project. I mean yeah, it does make you open source but that doesn't make you a successful open source project. You need a community behind it. You need a community of developers and a sustained ecosystem. One of the things we are championing, and I'm personally driving that agenda, which is thought leadership on how do these pieces fit together. As we are moving from components that were disagregated in networking to production ready software components, to production ready solutions, these all need to fit together and developed in its entirety. When you look at it holistically, from a solutions perspective, the most important thing that matters are use cases. So what we have done-- >> Totally agree. >> What we have done is for every project, strategically, when the requirements are laid down, I think of that as a requirements document. Or when the architecture is laid down. The end user use cases are explicitly defined for the community. The architecture is laid out. In that framework, the Linux Foundation facilitates the developments, the infrastructure the devOps, the agile model to come and co-create this technology in this area. >> So that's how you're doing the ideation. Are you then taking that and stepping up and also doing some of the design work? And it sounds like you are. >> We facilitate the community to do the design work, we give them architectural part leadership, we give them inter-project cross-leadership. For example, we have, in my group, in networking we have about 11 plus projects. There are multiple data plane acceleration projects. When you're putting a solution, you want portion of data plane acceleration to ride on a control plane, to ride on orchestration, to be tested end to end. Projects like OPNFV for example, they test all the pieces. They test things like FDIO, which is an acceleration project, they test open stack. Which again, it's not Linux Foundation but we do bring all the pieces together. Effectively the end user has it relatively easy to adopt and start installing. >> Congratulations, I saw that the Linux Foundation recently hired Sheryl Chamberlain as the Chief of Staff. Cube alumni been on many times, shout out for Cheryl. So you guys are growing. How are you guys handling the growth? I want to get your thoughts and you don't have to speak for the whole foundation but in general, for the folks not necessarily familiar with the inner workings of the Linux Foundation, like open source, you guys are always evolving and growing. How are you serving your stakeholders, your members and taking care and maintaining the sustainable ecosystems? >> The difference between a typical, throw the code up on GitHub versus actively managed, sustainable ecosystem is where Linux Foundation comes in. What we provide to projects in different capacity, is everything from IT as a service, marketing as a service, program management, thought leadership, executive directors, PR, media, and most importantly, events, global events to get the word out. All of that service, if you may, is what facilitates the community. Once the community is all coming together, things happen. I'll just give you an example, we just completed a developer summit on one of the projects called ONAP. Ran out of capacity, clearly. 200 people from world-wide, top-notch architects got in a room and they discussed how to merge almost 15 million lines of code. And they figured it out in four days. >> Over coffee. >> Not over coffee, it's like four days. >> I'm kidding (laughing). >> But they figured it out. I think that level of facilitation that we can provide, because you can't have it on a blank piece of paper. You need some framework, some governance, some model and some processes on how to do it. That's what Linux Foundation excels at. >> I want to move into the third area I want to discuss with you, us. You mentioned the three major customer and end users. Carriers, enterprises, cloud service providers. How do you guys relate and serve those customers when there's other stuff going on in the industry? We see Open Compute, Facebook's doing a lot of stuff, Google's throwing in a ton of open source. We have yet to see Amazon make their move with donating really good networking stuff. Certainly we've seen some machine learning out there, but, we're expecting to see an arm's race of presents coming in. It's like open bar at the hotel. More goodness is coming in from the big guys sponsoring great code. >> My mission is this year, at least, one of the things I've laid out at ONS this year was to harmonize the ecosystem. And harmonization doesn't mean merge it all so now we're one solution. Harmonization means understand where each other solutions interwork, inter-operate. If they overlap, we end up merging the projects, like what we did for ECOMP and OpenAL. That's one of the missions. Now in that process, we're looking, not just within the Linux Foundation and in my role, but also outside. That includes not just the software stacks, but also the hardware infrastructure layers. That would be OCP, that could be TIP, etc. And several others that are coming up. As well as harmonization with standards bodies. We believe that standards and open source coexist and there is a complimentary relationship there. We've been actively working with several of the standards. MEF, Team Forum, etc., etc. Trying to get a view. We just published a white paper on the Linux Foundation website on harmonizing standards on open source. There is a whole movement of ecosystem because at the end of the day, a carrier wants to solve a problem. They don't care how we solve it. I mean they do but not in a fragmented sense. And that problem is different from what an enterprise wants to solve and it's different from what a cloud. Now to your earlier question, the great news is cloud carriers and enterprises, they're looking and smelling the same as cloud native apps, cloud container networking and open source networking, they're all start combining, coming together. >> So I want to share with you a comment we had the other day. There's a story of the four wolves that were put into Yellowstone Park and changed the ecosystem cause Yellowstone had a river problem. So they injected four wolves into the ecosystem. Turns out, the deer went away, things started growing, and the whole ecosystem became so much more sustainable. Not that I'm trying to get at who's the wolves, but balancing and coexistence is the point here. You can live with wolves and not get eaten, unless you're their target. But there's a balancing act on ecosystems. And to have a good, sustainable ecosystem you need to have freshness, certainly standards and new blood, new ideas. What is your vision on coexistence because this is one of those things that we're seeing right now emerging, less about my project's better than your project. You're seeing a lot more collaboration going across communities. >> Correct. >> More than ever. >> A hundred percent agree. I think the fundamental problem has always been only the technical geeks understand the differences between the projects. And then the layer of abstraction in people, whether it's management or media, they start looking and feeling as if they are competing. I'll give you an example. In the data plane acceleration kit, we have projects like FDIO, DPDK, Iovisor, OVS, there's lots of projects there. And people like, oh my god, there's so many. Well, guess what? One of them is a kernel driven thing, other one is a set of libraries, third one builds on the libraries. So that level of understanding is missing. >> John: Interplay between all the projects. >> It's interplay. >> Peter Burris: And dependency. >> And dependencies. So that's one of the things that we want to highlight here, very significantly this year in terms of just sheer education. Because part of the coexistence is understanding each other. If we understand each other on what role each of the projects play, it's easy. Whether it's Linux Foundation or outside. So that's the first step. The second step is if they're complimentary, I want to take the next step and test them out for inter-operability. Because now you have put two pieces together. Remember, networking was a fully black box five years ago. >> Literally. >> We took it, blew it up, fragmented it, dis-segregated it, and now we got to pull... And we got tremendous innovation out of each of these layers. We were very successful on the whole disaggregation and SDN disruption. Not it's time to put it into a production ready solution. As we put those things in, we'll see that harmonization is going to play a big role. >> Arpit great to have you on here, sharing the insight. Always great to get the inner workings plus a great perspective on the industry trends and congratulations on your success and we'll continue to follow you and all your work in the networking area, all the projects Stu Miniman and team. We're going to continue to see you at the Open Networking Summit, among all the great shows. >> Thank you very much. >> Alright. >> Thank you. >> Thanks for coming on, live coverage here in San Francisco, as part of our exclusive two day coverage of the inaugural Cisco DevNet Create event. I'm John here with Peter Burris, we'll be back with more after this short break, stay with us. >> Hi I'm April Mitchell and I'm the Senior Director

(upbeat electronic music) >> Hello everyone, welcome to this CUBE conversation here from the studios in the CUBE in Palo Alto, California. I'm John Furrier, your host. We're featuring a startup, Astronomer. Astronomer.io is the URL, check it out. And we're going to have a great conversation around one of the most important topics hitting the industry, and that is the future of machine learning and AI, and the data that powers it underneath it. There's a lot of things that need to get done, and we're excited to have some of the co-founders of Astronomer here. Viraj Parekh, who is co-founder of Astronomer, and Paola Peraza Calderon, another co-founder, both with Astronomer. Thanks for coming on. First of all, how many co-founders do you guys have? >> You know, I think the answer's around six or seven. I forget the exact, but there's really been a lot of people around the table who've worked very hard to get this company to the point that it's at. We have long ways to go, right? But there's been a lot of people involved that have been absolutely necessary for the path we've been on so far. >> Thanks for that, Viraj, appreciate that. The first question I want to get out on the table, and then we'll get into some of the details, is take a minute to explain what you guys are doing. How did you guys get here? Obviously, multiple co-founders, sounds like a great project. The timing couldn't have been better. ChatGPT has essentially done so much public relations for the AI industry to kind of highlight this shift that's happening. It's real, we've been chronicalizing, take a minute to explain what you guys do. >> Yeah, sure, we can get started. So, yeah, when Viraj and I joined Astronomer in 2017, we really wanted to build a business around data, and we were using an open source project called Apache Airflow that we were just using sort of as customers ourselves. And over time, we realized that there was actually a market for companies who use Apache Airflow, which is a data pipeline management tool, which we'll get into, and that running Airflow is actually quite challenging, and that there's a big opportunity for us to create a set of commercial products and an opportunity to grow that open source community and actually build a company around that. So the crux of what we do is help companies run data pipelines with Apache Airflow. And certainly we've grown in our ambitions beyond that, but that's sort of the crux of what we do for folks. >> You know, data orchestration, data management has always been a big item in the old classic data infrastructure. But with AI, you're seeing a lot more emphasis on scale, tuning, training. Data orchestration is the center of the value proposition, when you're looking at coordinating resources, it's one of the most important things. Can you guys explain what data orchestration entails? What does it mean? Take us through the definition of what data orchestration entails. >> Yeah, for sure. I can take this one, and Viraj, feel free to jump in. So if you google data orchestration, here's what you're going to get. You're going to get something that says, "Data orchestration is the automated process" "for organizing silo data from numerous" "data storage points, standardizing it," "and making it accessible and prepared for data analysis." And you say, "Okay, but what does that actually mean," right, and so let's give sort of an an example. So let's say you're a business and you have sort of the following basic asks of your data team, right? Okay, give me a dashboard in Sigma, for example, for the number of customers or monthly active users, and then make sure that that gets updated on an hourly basis. And then number two, a consistent list of active customers that I have in HubSpot so that I can send them a monthly product newsletter, right? Two very basic asks for all sorts of companies and organizations. And when that data team, which has data engineers, data scientists, ML engineers, data analysts get that request, they're looking at an ecosystem of data sources that can help them get there, right? And that includes application databases, for example, that actually have in product user behavior and third party APIs from tools that the company uses that also has different attributes and qualities of those customers or users. And that data team needs to use tools like Fivetran to ingest data, a data warehouse, like Snowflake or Databricks to actually store that data and do analysis on top of it, a tool like DBT to do transformations and make sure that data is standardized in the way that it needs to be, a tool like Hightouch for reverse ETL. I mean, we could go on and on. There's so many partners of ours in this industry that are doing really, really exciting and critical things for those data movements. And the whole point here is that data teams have this plethora of tooling that they use to both ingest the right data and come up with the right interfaces to transform and interact with that data. And data orchestration, in our view, is really the heartbeat of all of those processes, right? And tangibly the unit of data orchestration is a data pipeline, a set of tasks or jobs that each do something with data over time and eventually run that on a schedule to make sure that those things are happening continuously as time moves on and the company advances. And so, for us, we're building a business around Apache Airflow, which is a workflow management tool that allows you to author, run, and monitor data pipelines. And so when we talk about data orchestration, we talk about sort of two things. One is that crux of data pipelines that, like I said, connect that large ecosystem of data tooling in your company. But number two, it's not just that data pipeline that needs to run every day, right? And Viraj will probably touch on this as we talk more about Astronomer and our value prop on top of Airflow. But then it's all the things that you need to actually run data and production and make sure that it's trustworthy, right? So it's actually not just that you're running things on a schedule, but it's also things like CICD tooling, secure secrets management, user permissions, monitoring, data lineage, documentation, things that enable other personas in your data team to actually use those tools. So long-winded way of saying that it's the heartbeat, we think, of of the data ecosystem, and certainly goes beyond scheduling, but again, data pipelines are really at the center of it. >> One of the things that jumped out, Viraj, if you can get into this, I'd like to hear more about how you guys look at all those little tools that are out. You mentioned a variety of things. You look at the data infrastructure, it's not just one stack. You've got an analytic stack, you've got a realtime stack, you've got a data lake stack, you got an AI stack potentially. I mean you have these stacks now emerging in the data world that are fundamental, that were once served by either a full package, old school software, and then a bunch of point solution. You mentioned Fivetran there, I would say in the analytics stack. Then you got S3, they're on the data lake stack. So all these things are kind of munged together. >> Yeah. >> How do you guys fit into that world? You make it easier, or like, what's the deal? >> Great question, right? And you know, I think that one of the biggest things we've found in working with customers over the last however many years is that if a data team is using a bunch of tools to get what they need done, and the number of tools they're using is growing exponentially and they're kind of roping things together here and there, that's actually a sign of a productive team, not a bad thing, right? It's because that team is moving fast. They have needs that are very specific to them, and they're trying to make something that's exactly tailored to their business. So a lot of times what we find is that customers have some sort of base layer, right? That's kind of like, it might be they're running most of the things in AWS, right? And then on top of that, they'll be using some of the things AWS offers, things like SageMaker, Redshift, whatever, but they also might need things that their cloud can't provide. Something like Fivetran, or Hightouch, those are other tools. And where data orchestration really shines, and something that we've had the pleasure of helping our customers build, is how do you take all those requirements, all those different tools and whip them together into something that fulfills a business need? So that somebody can read a dashboard and trust the number that it says, or somebody can make sure that the right emails go out to their customers. And Airflow serves as this amazing kind of glue between that data stack, right? It's to make it so that for any use case, be it ELT pipelines, or machine learning, or whatever, you need different things to do them, and Airflow helps tie them together in a way that's really specific for a individual business' needs. >> Take a step back and share the journey of what you guys went through as a company startup. So you mentioned Apache, open source. I was just having an interview with a VC, we were talking about foundational models. You got a lot of proprietary and open source development going on. It's almost the iPhone/Android moment in this whole generative space and foundational side. This is kind of important, the open source piece of it. Can you share how you guys started? And I can imagine your customers probably have their hair on fire and are probably building stuff on their own. Are you guys helping them? Take us through, 'cause you guys are on the front end of a big, big wave, and that is to make sense of the chaos, rain it in. Take us through your journey and why this is important. >> Yeah, Paola, I can take a crack at this, then I'll kind of hand it over to you to fill in whatever I miss in details. But you know, like Paola is saying, the heart of our company is open source, because we started using Airflow as an end user and started to say like, "Hey wait a second," "more and more people need this." Airflow, for background, started at Airbnb, and they were actually using that as a foundation for their whole data stack. Kind of how they made it so that they could give you recommendations, and predictions, and all of the processes that needed orchestrated. Airbnb created Airflow, gave it away to the public, and then fast forward a couple years and we're building a company around it, and we're really excited about that. >> That's a beautiful thing. That's exactly why open source is so great. >> Yeah, yeah. And for us, it's really been about watching the community and our customers take these problems, find a solution to those problems, standardize those solutions, and then building on top of that, right? So we're reaching to a point where a lot of our earlier customers who started to just using Airflow to get the base of their BI stack down and their reporting in their ELP infrastructure, they've solved that problem and now they're moving on to things like doing machine learning with their data, because now that they've built that foundation, all the connective tissue for their data arriving on time and being orchestrated correctly is happening, they can build a layer on top of that. And it's just been really, really exciting kind of watching what customers do once they're empowered to pick all the tools that they need, tie them together in the way they need to, and really deliver real value to their business. >> Can you share some of the use cases of these customers? Because I think that's where you're starting to see the innovation. What are some of the companies that you're working with, what are they doing? >> Viraj, I'll let you take that one too. (group laughs) >> So you know, a lot of it is... It goes across the gamut, right? Because it doesn't matter what you are, what you're doing with data, it needs to be orchestrated. So there's a lot of customers using us for their ETL and ELT reporting, right? Just getting data from other disparate sources into one place and then building on top of that. Be it building dashboards, answering questions for the business, building other data products and so on and so forth. From there, these use cases evolve a lot. You do see folks doing things like fraud detection, because Airflow's orchestrating how transactions go, transactions get analyzed. They do things like analyzing marketing spend to see where your highest ROI is. And then you kind of can't not talk about all of the machine learning that goes on, right? Where customers are taking data about their own customers, kind of analyze and aggregating that at scale, and trying to automate decision making processes. So it goes from your most basic, what we call data plumbing, right? Just to make sure data's moving as needed, all the ways to your more exciting expansive use cases around automated decision making and machine learning. >> And I'd say, I mean, I'd say that's one of the things that I think gets me most excited about our future, is how critical Airflow is to all of those processes, and I think when you know a tool is valuable is when something goes wrong and one of those critical processes doesn't work. And we know that our system is so mission critical to answering basic questions about your business and the growth of your company for so many organizations that we work with. So it's, I think, one of the things that gets Viraj and I and the rest of our company up every single morning is knowing how important the work that we do for all of those use cases across industries, across company sizes, and it's really quite energizing. >> It was such a big focus this year at AWS re:Invent, the role of data. And I think one of the things that's exciting about the open AI and all the movement towards large language models is that you can integrate data into these models from outside. So you're starting to see the integration easier to deal with. Still a lot of plumbing issues. So a lot of things happening. So I have to ask you guys, what is the state of the data orchestration area? Is it ready for disruption? Has it already been disrupted? Would you categorize it as a new first inning kind of opportunity, or what's the state of the data orchestration area right now? Both technically and from a business model standpoint. How would you guys describe that state of the market? >> Yeah, I mean, I think in a lot of ways, in some ways I think we're category creating. Schedulers have been around for a long time. I released a data presentation sort of on the evolution of going from something like Kron, which I think was built in like the 1970s out of Carnegie Mellon. And that's a long time ago, that's 50 years ago. So sort of like the basic need to schedule and do something with your data on a schedule is not a new concept. But to our point earlier, I think everything that you need around your ecosystem, first of all, the number of data tools and developer tooling that has come out industry has 5X'd over the last 10 years. And so obviously as that ecosystem grows, and grows, and grows, and grows, the need for orchestration only increases. And I think, as Astronomer, I think we... And we work with so many different types of companies, companies that have been around for 50 years, and companies that got started not even 12 months ago. And so I think for us it's trying to, in a ways, category create and adjust sort of what we sell and the value that we can provide for companies all across that journey. There are folks who are just getting started with orchestration, and then there's folks who have such advanced use case, 'cause they're hitting sort of a ceiling and only want to go up from there. And so I think we, as a company, care about both ends of that spectrum, and certainly want to build and continue building products for companies of all sorts, regardless of where they are on the maturity curve of data orchestration. >> That's a really good point, Paola. And I think the other thing to really take into account is it's the companies themselves, but also individuals who have to do their jobs. If you rewind the clock like 5 or 10 years ago, data engineers would be the ones responsible for orchestrating data through their org. But when we look at our customers today, it's not just data engineers anymore. There's data analysts who sit a lot closer to the business, and the data scientists who want to automate things around their models. So this idea that orchestration is this new category is right on the money. And what we're finding is the need for it is spreading to all parts of the data team, naturally where Airflow's emerged as an open source standard and we're hoping to take things to the next level. >> That's awesome. We've been up saying that the data market's kind of like the SRE with servers, right? You're going to need one person to deal with a lot of data, and that's data engineering, and then you're got to have the practitioners, the democratization. Clearly that's coming in what you're seeing. So I have to ask, how do you guys fit in from a value proposition standpoint? What's the pitch that you have to customers, or is it more inbound coming into you guys? Are you guys doing a lot of outreach, customer engagements? I'm sure they're getting a lot of great requirements from customers. What's the current value proposition? How do you guys engage? >> Yeah, I mean, there's so many... Sorry, Viraj, you can jump in. So there's so many companies using Airflow, right? So the baseline is that the open source project that is Airflow that came out of Airbnb, over five years ago at this point, has grown exponentially in users and continues to grow. And so the folks that we sell to primarily are folks who are already committed to using Apache Airflow, need data orchestration in their organization, and just want to do it better, want to do it more efficiently, want to do it without managing that infrastructure. And so our baseline proposition is for those organizations. Now to Viraj's point, obviously I think our ambitions go beyond that, both in terms of the personas that we addressed and going beyond that data engineer, but really it's to start at the baseline, as we continue to grow our our company, it's really making sure that we're adding value to folks using Airflow and help them do so in a better way, in a larger way, in a more efficient way, and that's really the crux of who we sell to. And so to answer your question on, we get a lot of inbound because they're... >> You have a built in audience. (laughs) >> The world that use it. Those are the folks who we talk to and come to our website and chat with us and get value from our content. I mean, the power of the opensource community is really just so, so big, and I think that's also one of the things that makes this job fun. >> And you guys are in a great position. Viraj, you can comment a little, get your reaction. There's been a big successful business model to starting a company around these big projects for a lot of reasons. One is open source is continuing to be great, but there's also supply chain challenges in there. There's also we want to continue more innovation and more code and keeping it free and and flowing. And then there's the commercialization of productizing it, operationalizing it. This is a huge new dynamic, I mean, in the past 5 or so years, 10 years, it's been happening all on CNCF from other areas like Apache, Linux Foundation, they're all implementing this. This is a huge opportunity for entrepreneurs to do this. >> Yeah, yeah. Open source is always going to be core to what we do, because we wouldn't exist without the open source community around us. They are huge in numbers. Oftentimes they're nameless people who are working on making something better in a way that everybody benefits from it. But open source is really hard, especially if you're a company whose core competency is running a business, right? Maybe you're running an e-commerce business, or maybe you're running, I don't know, some sort of like, any sort of business, especially if you're a company running a business, you don't really want to spend your time figuring out how to run open source software. You just want to use it, you want to use the best of it, you want to use the community around it, you want to be able to google something and get answers for it, you want the benefits of open source. You don't have the time or the resources to invest in becoming an expert in open source, right? And I think that dynamic is really what's given companies like us an ability to kind of form businesses around that in the sense that we'll make it so people get the best of both worlds. You'll get this vast open ecosystem that you can build on top of, that you can benefit from, that you can learn from. But you won't have to spend your time doing undifferentiated heavy lifting. You can do things that are just specific to your business. >> It's always been great to see that business model evolve. We used a debate 10 years ago, can there be another Red Hat? And we said, not really the same, but there'll be a lot of little ones that'll grow up to be big soon. Great stuff. Final question, can you guys share the history of the company? The milestones of Astromer's journey in data orchestration? >> Yeah, we could. So yeah, I mean, I think, so Viraj and I have obviously been at Astronomer along with our other founding team and leadership folks for over five years now. And it's been such an incredible journey of learning, of hiring really amazing people, solving, again, mission critical problems for so many types of organizations. We've had some funding that has allowed us to invest in the team that we have and in the software that we have, and that's been really phenomenal. And so that investment, I think, keeps us confident, even despite these sort of macroeconomic conditions that we're finding ourselves in. And so honestly, the milestones for us are focusing on our product, focusing on our customers over the next year, focusing on that market for us that we know can get valuable out of what we do, and making developers' lives better, and growing the open source community and making sure that everything that we're doing makes it easier for folks to get started, to contribute to the project and to feel a part of the community that we're cultivating here. >> You guys raised a little bit of money. How much have you guys raised? >> Don't know what the total is, but it's in the ballpark over $200 million. It feels good to... >> A little bit of capital. Got a little bit of cap to work with there. Great success. I know as a Series C Financing, you guys have been down. So you're up and running, what's next? What are you guys looking to do? What's the big horizon look like for you from a vision standpoint, more hiring, more product, what is some of the key things you're looking at doing? >> Yeah, it's really a little of all of the above, right? Kind of one of the best and worst things about working at earlier stage startups is there's always so much to do and you often have to just kind of figure out a way to get everything done. But really investing our product over the next, at least over the course of our company lifetime. And there's a lot of ways we want to make it more accessible to users, easier to get started with, easier to use, kind of on all areas there. And really, we really want to do more for the community, right, like I was saying, we wouldn't be anything without the large open source community around us. And we want to figure out ways to give back more in more creative ways, in more code driven ways, in more kind of events and everything else that we can keep those folks galvanized and just keep them happy using Airflow. >> Paola, any final words as we close out? >> No, I mean, I'm super excited. I think we'll keep growing the team this year. We've got a couple of offices in the the US, which we're excited about, and a fully global team that will only continue to grow. So Viraj and I are both here in New York, and we're excited to be engaging with our coworkers in person finally, after years of not doing so. We've got a bustling office in San Francisco as well. So growing those teams and continuing to hire all over the world, and really focusing on our product and the open source community is where our heads are at this year. So, excited. >> Congratulations. 200 million in funding, plus. Good runway, put that money in the bank, squirrel it away. It's a good time to kind of get some good interest on it, but still grow. Congratulations on all the work you guys do. We appreciate you and the open source community does, and good luck with the venture, continue to be successful, and we'll see you at the Startup Showcase. >> Thank you. >> Yeah, thanks so much, John. Appreciate it. >> Okay, that's the CUBE Conversation featuring astronomer.io, that's the website. Astronomer is doing well. Multiple rounds of funding, over 200 million in funding. Open source continues to lead the way in innovation. Great business model, good solution for the next gen cloud scale data operations, data stacks that are emerging. I'm John Furrier, your host, thanks for watching. (soft upbeat music)

(soft music) >> Hello everyone, welcome to this Cube conversation here from the studios of theCube in Palo Alto, California. John Furrier, your host. We're featuring a startup, Astronomer, astronomer.io is the url. Check it out. And we're going to have a great conversation around one of the most important topics hitting the industry, and that is the future of machine learning and AI and the data that powers it underneath it. There's a lot of things that need to get done, and we're excited to have some of the co-founders of Astronomer here. Viraj Parekh, who is co-founder and Paola Peraza Calderon, another co-founder, both with Astronomer. Thanks for coming on. First of all, how many co-founders do you guys have? >> You know, I think the answer's around six or seven. I forget the exact, but there's really been a lot of people around the table, who've worked very hard to get this company to the point that it's at. And we have long ways to go, right? But there's been a lot of people involved that are, have been absolutely necessary for the path we've been on so far. >> Thanks for that, Viraj, appreciate that. The first question I want to get out on the table, and then we'll get into some of the details, is take a minute to explain what you guys are doing. How did you guys get here? Obviously, multiple co-founders sounds like a great project. The timing couldn't have been better. ChatGPT has essentially done so much public relations for the AI industry. Kind of highlight this shift that's happening. It's real. We've been chronologicalizing, take a minute to explain what you guys do. >> Yeah, sure. We can get started. So yeah, when Astronomer, when Viraj and I joined Astronomer in 2017, we really wanted to build a business around data and we were using an open source project called Apache Airflow, that we were just using sort of as customers ourselves. And over time, we realized that there was actually a market for companies who use Apache Airflow, which is a data pipeline management tool, which we'll get into. And that running Airflow is actually quite challenging and that there's a lot of, a big opportunity for us to create a set of commercial products and opportunity to grow that open source community and actually build a company around that. So the crux of what we do is help companies run data pipelines with Apache Airflow. And certainly we've grown in our ambitions beyond that, but that's sort of the crux of what we do for folks. >> You know, data orchestration, data management has always been a big item, you know, in the old classic data infrastructure. But with AI you're seeing a lot more emphasis on scale, tuning, training. You know, data orchestration is the center of the value proposition when you're looking at coordinating resources, it's one of the most important things. Could you guys explain what data orchestration entails? What does it mean? Take us through the definition of what data orchestration entails. >> Yeah, for sure. I can take this one and Viraj feel free to jump in. So if you google data orchestration, you know, here's what you're going to get. You're going to get something that says, data orchestration is the automated process for organizing silo data from numerous data storage points to organizing it and making it accessible and prepared for data analysis. And you say, okay, but what does that actually mean, right? And so let's give sort of an example. So let's say you're a business and you have sort of the following basic asks of your data team, right? Hey, give me a dashboard in Sigma, for example, for the number of customers or monthly active users and then make sure that that gets updated on an hourly basis. And then number two, a consistent list of active customers that I have in HubSpot so that I can send them a monthly product newsletter, right? Two very basic asks for all sorts of companies and organizations. And when that data team, which has data engineers, data scientists, ML engineers, data analysts get that request, they're looking at an ecosystem of data sources that can help them get there, right? And that includes application databases, for example, that actually have end product user behavior and third party APIs from tools that the company uses that also has different attributes and qualities of those customers or users. And that data team needs to use tools like Fivetran, to ingest data, a data warehouse like Snowflake or Databricks to actually store that data and do analysis on top of it, a tool like DBT to do transformations and make sure that that data is standardized in the way that it needs to be, a tool like Hightouch for reverse ETL. I mean, we could go on and on. There's so many partners of ours in this industry that are doing really, really exciting and critical things for those data movements. And the whole point here is that, you know, data teams have this plethora of tooling that they use to both ingest the right data and come up with the right interfaces to transform and interact with that data. And data orchestration in our view is really the heartbeat of all of those processes, right? And tangibly the unit of data orchestration, you know, is a data pipeline, a set of tasks or jobs that each do something with data over time and eventually run that on a schedule to make sure that those things are happening continuously as time moves on. And, you know, the company advances. And so, you know, for us, we're building a business around Apache Airflow, which is a workflow management tool that allows you to author, run and monitor data pipelines. And so when we talk about data orchestration, we talk about sort of two things. One is that crux of data pipelines that, like I said, connect that large ecosystem of data tooling in your company. But number two, it's not just that data pipeline that needs to run every day, right? And Viraj will probably touch on this as we talk more about Astronomer and our value prop on top of Airflow. But then it's all the things that you need to actually run data and production and make sure that it's trustworthy, right? So it's actually not just that you're running things on a schedule, but it's also things like CI/CD tooling, right? Secure secrets management, user permissions, monitoring, data lineage, documentation, things that enable other personas in your data team to actually use those tools. So long-winded way of saying that, it's the heartbeat that we think of the data ecosystem and certainly goes beyond scheduling, but again, data pipelines are really at the center of it. >> You know, one of the things that jumped out Viraj, if you can get into this, I'd like to hear more about how you guys look at all those little tools that are out there. You mentioned a variety of things. You know, if you look at the data infrastructure, it's not just one stack. You've got an analytic stack, you've got a realtime stack, you've got a data lake stack, you got an AI stack potentially. I mean you have these stacks now emerging in the data world that are >> Yeah. - >> fundamental, but we're once served by either a full package, old school software, and then a bunch of point solution. You mentioned Fivetran there, I would say in the analytics stack. Then you got, you know, S3, they're on the data lake stack. So all these things are kind of munged together. >> Yeah. >> How do you guys fit into that world? You make it easier or like, what's the deal? >> Great question, right? And you know, I think that one of the biggest things we've found in working with customers over, you know, the last however many years, is that like if a data team is using a bunch of tools to get what they need done and the number of tools they're using is growing exponentially and they're kind of roping things together here and there, that's actually a sign of a productive team, not a bad thing, right? It's because that team is moving fast. They have needs that are very specific to them and they're trying to make something that's exactly tailored to their business. So a lot of times what we find is that customers have like some sort of base layer, right? That's kind of like, you know, it might be they're running most of the things in AWS, right? And then on top of that, they'll be using some of the things AWS offers, you know, things like SageMaker, Redshift, whatever. But they also might need things that their Cloud can't provide, you know, something like Fivetran or Hightouch or anything of those other tools and where data orchestration really shines, right? And something that we've had the pleasure of helping our customers build, is how do you take all those requirements, all those different tools and whip them together into something that fulfills a business need, right? Something that makes it so that somebody can read a dashboard and trust the number that it says or somebody can make sure that the right emails go out to their customers. And Airflow serves as this amazing kind of glue between that data stack, right? It's to make it so that for any use case, be it ELT pipelines or machine learning or whatever, you need different things to do them and Airflow helps tie them together in a way that's really specific for a individual business's needs. >> Take a step back and share the journey of what your guys went through as a company startup. So you mentioned Apache open source, you know, we were just, I was just having an interview with the VC, we were talking about foundational models. You got a lot of proprietary and open source development going on. It's almost the iPhone, Android moment in this whole generative space and foundational side. This is kind of important, the open source piece of it. Can you share how you guys started? And I can imagine your customers probably have their hair on fire and are probably building stuff on their own. How do you guys, are you guys helping them? Take us through, 'cuz you guys are on the front end of a big, big wave and that is to make sense of the chaos, reigning it in. Take us through your journey and why this is important. >> Yeah Paola, I can take a crack at this and then I'll kind of hand it over to you to fill in whatever I miss in details. But you know, like Paola is saying, the heart of our company is open source because we started using Airflow as an end user and started to say like, "Hey wait a second". Like more and more people need this. Airflow, for background, started at Airbnb and they were actually using that as the foundation for their whole data stack. Kind of how they made it so that they could give you recommendations and predictions and all of the processes that need to be or needed to be orchestrated. Airbnb created Airflow, gave it away to the public and then, you know, fast forward a couple years and you know, we're building a company around it and we're really excited about that. >> That's a beautiful thing. That's exactly why open source is so great. >> Yeah, yeah. And for us it's really been about like watching the community and our customers take these problems, find solution to those problems, build standardized solutions, and then building on top of that, right? So we're reaching to a point where a lot of our earlier customers who started to just using Airflow to get the base of their BI stack down and their reporting and their ELP infrastructure, you know, they've solved that problem and now they're moving onto things like doing machine learning with their data, right? Because now that they've built that foundation, all the connective tissue for their data arriving on time and being orchestrated correctly is happening, they can build the layer on top of that. And it's just been really, really exciting kind of watching what customers do once they're empowered to pick all the tools that they need, tie them together in the way they need to, and really deliver real value to their business. >> Can you share some of the use cases of these customers? Because I think that's where you're starting to see the innovation. What are some of the companies that you're working with, what are they doing? >> Raj, I'll let you take that one too. (all laughing) >> Yeah. (all laughing) So you know, a lot of it is, it goes across the gamut, right? Because all doesn't matter what you are, what you're doing with data, it needs to be orchestrated. So there's a lot of customers using us for their ETL and ELT reporting, right? Just getting data from all the disparate sources into one place and then building on top of that, be it building dashboards, answering questions for the business, building other data products and so on and so forth. From there, these use cases evolve a lot. You do see folks doing things like fraud detection because Airflow's orchestrating how transactions go. Transactions get analyzed, they do things like analyzing marketing spend to see where your highest ROI is. And then, you know, you kind of can't not talk about all of the machine learning that goes on, right? Where customers are taking data about their own customers kind of analyze and aggregating that at scale and trying to automate decision making processes. So it goes from your most basic, what we call like data plumbing, right? Just to make sure data's moving as needed. All the ways to your more exciting and sexy use cases around like automated decision making and machine learning. >> And I'd say, I mean, I'd say that's one of the things that I think gets me most excited about our future is how critical Airflow is to all of those processes, you know? And I think when, you know, you know a tool is valuable is when something goes wrong and one of those critical processes doesn't work. And we know that our system is so mission critical to answering basic, you know, questions about your business and the growth of your company for so many organizations that we work with. So it's, I think one of the things that gets Viraj and I, and the rest of our company up every single morning, is knowing how important the work that we do for all of those use cases across industries, across company sizes. And it's really quite energizing. >> It was such a big focus this year at AWS re:Invent, the role of data. And I think one of the things that's exciting about the open AI and all the movement towards large language models, is that you can integrate data into these models, right? From outside, right? So you're starting to see the integration easier to deal with, still a lot of plumbing issues. So a lot of things happening. So I have to ask you guys, what is the state of the data orchestration area? Is it ready for disruption? Is it already been disrupted? Would you categorize it as a new first inning kind of opportunity or what's the state of the data orchestration area right now? Both, you know, technically and from a business model standpoint, how would you guys describe that state of the market? >> Yeah, I mean I think, I think in a lot of ways we're, in some ways I think we're categoric rating, you know, schedulers have been around for a long time. I recently did a presentation sort of on the evolution of going from, you know, something like KRON, which I think was built in like the 1970s out of Carnegie Mellon. And you know, that's a long time ago. That's 50 years ago. So it's sort of like the basic need to schedule and do something with your data on a schedule is not a new concept. But to our point earlier, I think everything that you need around your ecosystem, first of all, the number of data tools and developer tooling that has come out the industry has, you know, has some 5X over the last 10 years. And so obviously as that ecosystem grows and grows and grows and grows, the need for orchestration only increases. And I think, you know, as Astronomer, I think we, and there's, we work with so many different types of companies, companies that have been around for 50 years and companies that got started, you know, not even 12 months ago. And so I think for us, it's trying to always category create and adjust sort of what we sell and the value that we can provide for companies all across that journey. There are folks who are just getting started with orchestration and then there's folks who have such advanced use case 'cuz they're hitting sort of a ceiling and only want to go up from there. And so I think we as a company, care about both ends of that spectrum and certainly have want to build and continue building products for companies of all sorts, regardless of where they are on the maturity curve of data orchestration. >> That's a really good point Paola. And I think the other thing to really take into account is it's the companies themselves, but also individuals who have to do their jobs. You know, if you rewind the clock like five or 10 years ago, data engineers would be the ones responsible for orchestrating data through their org. But when we look at our customers today, it's not just data engineers anymore. There's data analysts who sit a lot closer to the business and the data scientists who want to automate things around their models. So this idea that orchestration is this new category is spot on, is right on the money. And what we're finding is it's spreading, the need for it, is spreading to all parts of the data team naturally where Airflows have emerged as an open source standard and we're hoping to take things to the next level. >> That's awesome. You know, we've been up saying that the data market's kind of like the SRE with servers, right? You're going to need one person to deal with a lot of data and that's data engineering and then you're going to have the practitioners, the democratization. Clearly that's coming in what you're seeing. So I got to ask, how do you guys fit in from a value proposition standpoint? What's the pitch that you have to customers or is it more inbound coming into you guys? Are you guys doing a lot of outreach, customer engagements? I'm sure they're getting a lot of great requirements from customers. What's the current value proposition? How do you guys engage? >> Yeah, I mean we've, there's so many, there's so many. Sorry Raj, you can jump in. - >> It's okay. So there's so many companies using Airflow, right? So our, the baseline is that the open source project that is Airflow that was, that came out of Airbnb, you know, over five years ago at this point, has grown exponentially in users and continues to grow. And so the folks that we sell to primarily are folks who are already committed to using Apache Airflow, need data orchestration in the organization and just want to do it better, want to do it more efficiently, want to do it without managing that infrastructure. And so our baseline proposition is for those organizations. Now to Raj's point, obviously I think our ambitions go beyond that, both in terms of the personas that we addressed and going beyond that data engineer, but really it's for, to start at the baseline. You know, as we continue to grow our company, it's really making sure that we're adding value to folks using Airflow and help them do so in a better way, in a larger way and a more efficient way. And that's really the crux of who we sell to. And so to answer your question on, we actually, we get a lot of inbound because they're are so many - >> A built-in audience. >> In the world that use it, that those are the folks who we talk to and come to our website and chat with us and get value from our content. I mean the power of the open source community is really just so, so big. And I think that's also one of the things that makes this job fun, so. >> And you guys are in a great position, Viraj, you can comment, to get your reaction. There's been a big successful business model to starting a company around these big projects for a lot of reasons. One is open source is continuing to be great, but there's also supply chain challenges in there. There's also, you know, we want to continue more innovation and more code and keeping it free and and flowing. And then there's the commercialization of product-izing it, operationalizing it. This is a huge new dynamic. I mean, in the past, you know, five or so years, 10 years, it's been happening all on CNCF from other areas like Apache, Linux Foundation, they're all implementing this. This is a huge opportunity for entrepreneurs to do this. >> Yeah, yeah. Open source is always going to be core to what we do because, you know, we wouldn't exist without the open source community around us. They are huge in numbers. Oftentimes they're nameless people who are working on making something better in a way that everybody benefits from it. But open source is really hard, especially if you're a company whose core competency is running a business, right? Maybe you're running e-commerce business or maybe you're running, I don't know, some sort of like any sort of business, especially if you're a company running a business, you don't really want to spend your time figuring out how to run open source software. You just want to use it, you want to use the best of it, you want to use the community around it. You want to take, you want to be able to google something and get answers for it. You want the benefits of open source. You don't want to have, you don't have the time or the resources to invest in becoming an expert in open source, right? And I think that dynamic is really what's given companies like us an ability to kind of form businesses around that, in the sense that we'll make it so people get the best of both worlds. You'll get this vast open ecosystem that you can build on top of, you can benefit from, that you can learn from, but you won't have to spend your time doing undifferentiated heavy lifting. You can do things that are just specific to your business. >> It's always been great to see that business model evolved. We used to debate 10 years ago, can there be another red hat? And we said, not really the same, but there'll be a lot of little ones that'll grow up to be big soon. Great stuff. Final question, can you guys share the history of the company, the milestones of the Astronomer's journey in data orchestration? >> Yeah, we could. So yeah, I mean, I think, so Raj and I have obviously been at astronomer along with our other founding team and leadership folks, for over five years now. And it's been such an incredible journey of learning, of hiring really amazing people. Solving again, mission critical problems for so many types of organizations. You know, we've had some funding that has allowed us to invest in the team that we have and in the software that we have. And that's been really phenomenal. And so that investment, I think, keeps us confident even despite these sort of macroeconomic conditions that we're finding ourselves in. And so honestly, the milestones for us are focusing on our product, focusing on our customers over the next year, focusing on that market for us, that we know can get value out of what we do. And making developers' lives better and growing the open source community, you know, and making sure that everything that we're doing makes it easier for folks to get started to contribute to the project and to feel a part of the community that we're cultivating here. >> You guys raised a little bit of money. How much have you guys raised? >> I forget what the total is, but it's in the ballpark of 200, over $200 million. So it feels good - >> A little bit of capital. Got a little bit of cash to work with there. Great success. I know it's a Series C financing, you guys been down, so you're up and running. What's next? What are you guys looking to do? What's the big horizon look like for you? And from a vision standpoint, more hiring, more product, what is some of the key things you're looking at doing? >> Yeah, it's really a little of all of the above, right? Like, kind of one of the best and worst things about working at earlier stage startups is there's always so much to do and you often have to just kind of figure out a way to get everything done, but really invest in our product over the next, at least the next, over the course of our company lifetime. And there's a lot of ways we wanting to just make it more accessible to users, easier to get started with, easier to use all kind of on all areas there. And really, we really want to do more for the community, right? Like I was saying, we wouldn't be anything without the large open source community around us. And we want to figure out ways to give back more in more creative ways, in more code driven ways and more kind of events and everything else that we can do to keep those folks galvanized and just keeping them happy using Airflow. >> Paola, any final words as we close out? >> No, I mean, I'm super excited. You know, I think we'll keep growing the team this year. We've got a couple of offices in the US which we're excited about, and a fully global team that will only continue to grow. So Viraj and I are both here in New York and we're excited to be engaging with our coworkers in person. Finally, after years of not doing so, we've got a bustling office in San Francisco as well. So growing those teams and continuing to hire all over the world and really focusing on our product and the open source community is where our heads are at this year, so. >> Congratulations. - >> Excited. 200 million in funding plus good runway. Put that money in the bank, squirrel it away. You know, it's good to kind of get some good interest on it, but still grow. Congratulations on all the work you guys do. We appreciate you and the open sourced community does and good luck with the venture. Continue to be successful and we'll see you at the Startup Showcase. >> Thank you. - >> Yeah, thanks so much, John. Appreciate it. - >> It's theCube conversation, featuring astronomer.io, that's the website. Astronomer is doing well. Multiple rounds of funding, over 200 million in funding. Open source continues to lead the way in innovation. Great business model. Good solution for the next gen, Cloud, scale, data operations, data stacks that are emerging. I'm John Furrier, your host. Thanks for watching. (soft music)

(upbeat music) >> Hello and welcome back to theCUBE's coverage of Cloud Native SecurityCon North America 2023. Its first inaugural event. It's theCUBE's coverage. We were there at the first event for a KubeCon before CNCF kind of took it over. It was in Seattle. And so in Seattle this week is Cloud Native SecurityCon. Of course, theCUBE is there covering via our Palo Alto Studios and our experts around the world who are bringing in Bassam Tabbara who's the CEO and founder of upbound.io. That's the URL, but Upbound is the company. The creators of Crossplane. Really kind of looking at the Crossplane, across the abstraction layer, across clouds. A big part of, as we call supercloud trend. Bassam, great to see you. You've been legend in the open source community. Great to have you on. >> Thanks, John. Always good to be on theCUBE. >> I really wanted to bring you in 'cause I want to get your perspective. You've seen the movie, you've seen open source software grow, it continues to grow. Now you're starting to see the Linux Foundation, which has CNCF really expanding their realm. They got the CloudNativeCon, KubeCon, which is Kubernetes event. That's gotten so massive and so successful. We've been to every single one as you know. I've seen you there and all of them as well. So that's going great. Now they got this new event that's spins out dedicated to security. Everybody wants to know why the new event? What's the focus? Is it needed? What will they do? What's different from KubeCon? Where do I play? And so there's a little bit of a question mark in the ecosystem around this event. And so we've been reporting on it. Looking good so far. People are buzzing, again, they're keeping it small. So that kind of managing expectations like any good event would do. But I think it's been successful, which I wanted like to get your take on how you see it. Is this good? Are you indifferent? Are you excited by this? What's your take? >> I mean, look, it's super exciting to see all the momentum around cloud native. Obviously there are different dimensions of cloud native securities, an important piece. Networking, storage, compute, like all those things I think tie back together and in some ways you can look at this event as a focused event on the security aspect as it relates to cloud native. And there are lots of vendors in this space. There's lots of interesting projects in the space, but the unifying theme is that they come together and probably around the Kubernetes API and the momentum around cloud native and with Kubernetes at the center of it. >> On the focus on Kubernetes, it seems this event is kind of classic security where you want to have deep dives. Again, I call it the event operating system 'cause you decouple, make things highly cohesive, and you link them together. I don't see a problem with it. I kind of like this. I gave it good reviews if they stay focused because security is super critical. There was references to bind and DNS. There's a lot of things in the infrastructure plumbing that need to be looked at or managed or figured out or just refactored for modernization needs. And I know you've done a lot with storage, for instance, storage, networking, kernel. There's a lot of things in the old tech or tech in the cloud that needs to be kind, I won't say rebooted, but maybe reset or jump. Do you see it that way? Are there things that need to get done or is it just that there's so much complexity in the different cloud cluster code thing going on? >> It's obviously security is a very, very big space and there are so many different aspects of it that people you can go into. I think the thing that's interesting around the cloud native community is that there is a unifying theme. Like forget the word cloud native for a second, but the unifying theme is that people are building around what looks like a standardized play around Kubernetes and the Kubernetes API. And as a result you can recast a lot of the technologies that we are used to in the past in a traditional security sense. You can recast them on top of this new standardized approach or on Kubernetes, whether it's policy or protecting a supply chain or scanning, or like a lot of the access control authorization, et cetera. All of those things can be either revived to apply to this cloud native play and the Kubernetes play or creating new opportunities for companies to actually build new and interesting projects and companies around a standardized play. >> Do you think this also will help the KubeCon be more focused around the developer areas there and just touching on security versus figuring out how to take something so important in KubeCon, which the stakeholders in KubeCon have have grown so big, I can see security sucking a lot of oxygen out of the room there. So here you move it over, you keep it over here. Will anything change on the KubeCon site? We'll be there in in Amsterdam in April. What do you think the impact will be? Good? Is it good for the community? Just good swim lanes? What's your take? >> Yeah, I still think KubeCon will be an umbrella event for the whole cloud native community. I suspect that you'll see some of the same vendors and projects and everything else represented in KubeCon. The way I think about all the branched cloud native events are essentially a way to have a more focused discussion, get people together to talk about security topics or networking topics or things that are more focused way. But I don't think it changes the the effect of KubeCon being the umbrella around all of it. So I think you'll see the same presence and maybe larger presence going forward at Amsterdam. We're planning to be there obviously and I'm excited to be there and I think it'll be a big event and having a smaller event is not going to diminish the effect of KubeCon. >> And if you look at the developer community they've all been online for a long time, from IRC chat to now Slack and now new technologies and stuff like Discord out there. The event world has changed post-pandemic. So it makes sense. And we're seeing this with all vendors, by the way, and projects. The digital community angle is huge because if you have a big tent event like KubeCon you can make that a rallying moment in the industry and then have similar smaller events that are highly focused that build off that that are just connective tissue or subnets, if you will, or communities targeted for really deeper conversations. And they could be smaller events. They don't have to be monster events, but they're connected and traverse into the main event. This might be the event format for the future for all companies, whether it's AWS or a company that has a community where you create this network effect, if you will, around the people. >> That's right. And if you look at things like AWS re:Invent, et cetera, I mean, that's a massive events. And in some ways it, if it was a set of smaller sub events, maybe it actually will flourish more. I don't know, I'm not sure. >> They just killed the San Francisco event. >> That's right. >> But they have re:Inforce, all right, so they just established that their big events are re:Invent and re:Inforce as their big. >> Oh, I didn't hear about re:Inforce. That's news to me. >> re:Inforce is their third event. So they're doing something similar as CloudNativeCon, which is you have to have an event and then they're going to create a lot of sub events underneath. So I think they are trying to do that. Very interesting. >> Very interesting for sure. >> So let's talk about what you guys are up to. I know from your standpoint, you had a lot of security conversations. How is Crossplane doing? Obviously, you saw our Supercloud coverage. You guys fit right into that model where clients, customers, enterprises are going to want to have multiple cloud operating environments for whatever the use case, whether you're using ChatGPT, you got to get an Azure instance up and running for that. Now with APIs, we're hearing a lot of developers doing that. So you're going to start to see this cross cloud as VMware calls, what we call it supercloud. There's more need for Crossplane like thinking. What's the update? >> For sure, and we see this very clearly as well. So the fact that there is a standardization layer, there is a layer that lets you converge the different vendors that you have, the different clouds that you have, the different hype models that you have, whether it's hybrid or private, public, et cetera. The unifying theme is that you're literally bringing all those things under one control plane that enables you to actually centralize and standardize on security, access control, helps you standardize on cost control, quota policy, as well as create a self-service experience for your developers. And so from a security standpoint, the beauty of this is like, you could use really popular projects like open policy agent or Kyverno or others if you want to do policy and do so uniformly across your entire stack, your entire footprint of tooling, vendors, services and across deployment models. Those things are possible because you're standardizing and consolidating on a control plane on top of all. And that's the thing that gets our customers excited. That we're seeing in the community that they could actually now normalize standardize on small number of projects and tools to manage everything. >> We were talking about that in our summary of the keynote yesterday. Dave Vellante and I were talking about the idea of clients want to have a redo of their security. They've been, just the tooling has been building up. They got zero trust in place, maybe with some big vendor, but now got the cloud native opportunity to refactor and reset and reinvent their security paradigm. And so that's the positive thing we're hearing. Now we're seeing enterprises want this cross cloud capabilities or Crossplane like thinking that you guys are talking about. What are your customers telling you? Can you share from an enterprise perspective where they're at in this journey? Because part of the security problems that we've been reporting on has been because clients are moving from IT to cloud native and not everyone's moved over yet. So they're highly vulnerable to ransomware and all kinds of other crap. So another attacks, so they're wide open, But people who are moving into cloud native, are they stepping up their game on this Crossplane opportunity? Where are they at? Can you share data on that? >> Yeah, we're grateful to be talking to a lot of customers these days. And the interesting thing is even if you talked about large financial institutions, banks, et cetera, the common theme that we hear is that they bought tools for each of the different departments and however they're organized. Sometimes you see the folks that are running databases, networking, being separated from say, the computer app developers or they're all these different departments within an organization. And for each one of those, they've made localized decisions for tooling and services that they bought. What we're seeing now consistently is that they're all together, getting together, and trying to figure out how to standardize on a smaller one set of tooling and services that goes across all the different departments and all different aspects of the business that they're running. And this is where this discussion gets a lot very interesting. If instead of buying a different policy tool for each department, or once that fits it you could actually standardize on policy or the entire footprint of services that they're managing. And you get that by standardizing on a control plane or standardizing on effectively one point of control for everything that they're doing. And that theme is like literally, it gets all our customers excited. This is why they're engaging in all of this. It's almost the holy grail. The thing that I've been trying to do for a long time. >> I know. >> And it's finally happening. >> I know you and I have talked about this many times, but I got to ask you the one thing that jumps into everybody's head when you hear control plane is lock-in. So how do you discuss that lock-in, perception from the reality of the situation? How do you unpack that for the customer? 'Cause they want choice at the end of the day. There's the preferred vendors for sure on the hyperscale side and app side and open source, but what's the lock-in? What does the lock-in conversation look like? Or do they even have that conversation? >> Yeah. To be honest, I mean, so their lock-in could be a two dimensions here. Most of our customers and people are using Crossplane or using app on product around it. Most of our do, concentrated in, say a one cloud vendor and have others. So I don't think this is necessarily about multicloud per se or being locked into one vendor. But they do manage many different services and they have legacy tooling and they have different systems that they bought at different stages and they want to bring them all together. And by bringing them all together that helps them make choices about consulting or even replacing some of them. But right now everything is siloed, everything is separate, both organizationally as well as the code bases or investments and tooling or contracts. Everything is just completely separated and it requires humans to put them together. And organizations actually try to gather around and put them together. I don't know if lock-in is the driving goal for this, but it is standardization consolidation. That's the driving initiative. >> And so unification and building is the big driver. They're building out >> Correct, and you can ask why are they doing that? What does standardization help with? It helps them to become more productive. They can move faster, they can innovate faster. Not as a ton of, like literally revenue written all over. So it's super important to them that they achieved this, increase their pace of innovation around this and they do that by standardizing. >> The great point in all this and your success at Upbound and now CNCF success with KubeCon + CloudNativeCon and now with the inaugural event of Cloud Native SecurityCon is that the customers are involved, a lot of end users are involved. There's a big driver not only from the industry and the developers and getting architecture right and having choice. The customers want this to happen. They're leaning in, they're part of it. So that's a big driver. Where does this go? If you had to throw a dart at the board five years from now Cloud Native SecurityCon, what does it look like if you had to predict the trajectory of this event and community? >> Yeah, I mean, look, I think the trajectory one is that we have what looks like a standardization layer emerging that is all encompassing. And as a result, there is a ton of opportunity for vendors, projects, communities to build around within on top of this layer. And essentially create, I think you talked about an operating system earlier and decentralized aspect of this, but it's an opportunity to actually, what it looks like for the first time we have a convergence happening industry-wide and through open source and open source foundations. And I think that means that there'll be new opportunity and lots of new projects and things that are created in the space. And it also means that if you don't attach this space, you'll likely be left out. >> Awesome. Bassam, great to have you on, great expert commentary, obviously multi CUBE alumni and supporter of theCUBE and as you become successful we really appreciate your support for helping us get the content out there. And best of luck to your team and thanks for weighing in on Cloud Native SecurityCon. >> Awesome. It's always good talking to you, John. Thank you. >> Great stuff. This is more CUBE coverage from Palo Alto, getting folks on the ground on location, getting us the stories in Seattle. Of course, Cloud Native SecurityCon, the inaugural event, which looks like will be the beginning of a series of multi-year journey for the CNCF, focusing on security. Of course, theCUBE's here to cover it, every angle of it, and extract the signal from the noise. I'm John Furrier, thanks for watching. (upbeat music)

(energetic music plays) >> Lisa: Hey everyone, we're so glad you're here with us. theCUBE is covering Cloud Native Security Con 23. Lisa Martin here with John Furrier. This is our second day of coverage of the event. We've had some great conversations with a lot of intellectual, exciting folks, as you know cuz you've been watching. John and I are very pleased to welcome back one of our alumni to theCUBE Taylor Dolezal joins us the head of ecosystem at CNCF. Taylor, welcome back to theCUBE. Great to see you. >> Taylor: Hey everybody, great to see you again. >> Lisa: So you are on the ground in Seattle. We're jealous. We've got fomo as John would say. Talk to us about, this is a inaugural event. We were watching Priyanka keynote yesterday. Seemed like a lot of folks there, 72 sessions a lot of content, a lot of discussions. What's the buzz, what's the reception of this inaugural event from your perspective? >> Taylor: So it's been really fantastic. I think the number one thing that has come out of this conference so far is that it's a wonderful chance to come together and for people to see one another. It's, it's been a long time that we've kind of had that opportunity to be able to interact with folks or you know, it's just a couple months since last Cube Con. But this is truly a different vibe and it's nice to have that focus on security. We're seeing a lot of folks within different organizations work through different problems and then finally have a vendor neutral space in which to talk about all of those contexts and really raise everybody up with all this new knowledge and new talking points, topics, and different facets of knowledge. >> John: Taylor, we were joking on our yesterday's summary of the keynotes, Dave Vellante and I, and the guests, Lisa and I, about the CNCF having an event operating system, you know, very decoupled highly cohesive events, strung together beautifully through the Linux Foundation, you know, kind of tongue in cheek but it was kind of fun to play on words because it's a very technical community. But the business model of, of hackers is booming. The reality of businesses booming and Cloud Native is the preferred developer environment for the future application. So the emphasis, it's very clear that this is a good move to do and targeting the community around security's a solid move. Amazon's done it with reinforce and reinvent. We see that Nice segmentation. What's the goal? Because this is really where it connects to Cube Con and Cloud Native Con as well because this shift left there too. But here it's very much about hardcore Cloud Native security. What's your positioning on this? Am I getting it right or is there is that how you guys see it? >> Taylor: Yeah, so, so that's what we've see that's what we were talking about as well as we were thinking on breaking this event out. So originally this event was a co-located event during the Cube Con windows in both Europe and North America. And then it just was so consistently popular clearly a topic that people wanted to talk, which is good that people want to talk of security. And so when we saw this massive continued kind of engagement, we wanted to break this off into its own conference. When we were going through that process internally, like you had mentioned the events team is just phenomenal to work with and they, I love how easy that they make it for us to be able to do these kinds of events too though we wanted to talk through how we differentiate this event from others and really what's changed for us and kind of how we see this space is that we didn't really see any developer-centric open source kinds of conferences. Ones that were really favoring of the developer and focus on APIs and ways in which to implement these things across all of your workloads within your organization. So that's truly what we're looking to go for here during these, all of these sessions. And that's how it's been playing out so far which has been really great to see. >> John: Taylor, I want to ask you on the ecosystem obviously the built-in ecosystem at CNCF.IO with Cube Cons Cloud Cons there, this is a new ecosystem opportunity to add more people that are security focused. Is their new entrance coming into the fold and what's been the reaction? >> Taylor: So short answer is yes we've seen a huge uptick across our vendor members and those are people that are creating Cloud offerings and selling those and working with others to implement them as well as our end users. So people consuming Cloud Native projects and using them to power core parts of their business. We have gotten a lot of data from groups like IBM and security, IBM security and put 'em on institute. They gave us a cost of data breach report that Priyanka mentioned and talked about 43% of those organizations haven't started or in the early stages of updating security practices of their cloud environments and then here on the ground, you know, talking through some best practices and really sharing those out as well. So it's, I've gotten to hear pieces and parts of different conversations and and I'm certain we'll hear more about those soon but it's just really been great to, to hear everybody with that main focus of, hey, there's more that we can do within the security space and you know, let's let's help one another out on that front just because it is such a vast landscape especially in the security space. >> Lisa: It's a huge landscape. And to your point earlier, Taylor it's everyone has the feeling that it's just so great to be back together again getting folks out of the silos that they've been operating in for such a long time. But I'd love to get some of your, whatever you can share in terms of some of the Cloud Native security projects that you've heard about over the last day or so. Anything exciting that you think is really demonstrating the value already and this inaugural event? >> Taylor: Yes, so I I've been really excited to hear a lot of, personally I've really liked the talks around EBPF. There are a whole bunch of projects utilizing that as far as runtime security goes and actually getting visibility into your workloads and being able to see things that you do expect and things that you don't expect and how to remediate those. And then I keep hearing a lot of talks about open policy agents and projects like Caverno around you know, how do we actually automate different policies or within regulated industries, how do we actually start to solve those problems? So I've heard even more around CNCF projects and other contexts that have come up but truly most of them have been around the telemetry space EBPF and, and quite a few others. So really great to, to see all those projects choosing something to bind to and making it that much more accessible for folks to implement or build on top of as well. >> John: I love the reference you guys had just the ChatGPT that was mentioned in the keynote yesterday and also the reference to Dan Kaminsky who was mentioned on the reference to DNS and Bind, lot of root level security going on. It seems like this is like a Tiger team event where all the top alpha security gurus come together, Priyanka said, experts bottoms up, developer first practitioners, that's the vibe. Is that kind of how you guys want it to be more practitioners hardcore? >> Taylor: Absolutely, absolutely. I think that when it comes to security, we really want to help. It's definitely a grassroots movement. It's great to have the people that have such a deep understanding of certain security, just bits of knowledge really when it comes to EBPF. You know, we have high surveillance here that we're talking things through. Falco is here with Sysdig and so it it's great to have all of these people here, though I have seen a good spread of folks that are, you know, most people have started their security journey but they're not where they want to be. And so people that are starting at a 2 0 1, 3 0 1, 4 0 1 level of understanding definitely seeing a good spread of knowledge on that front. But it's really, it's been great to have folks from all varying experiences, but then to have the expertise of the folks that are writing these specifications and pushing the boundaries of what's possible with security to to ensure that we're all okay and updated on that front too, I think was most notable yesterday. Like you had said >> Lisa: Sorry Taylor, when we think of security, again this is an issue that, that organizations in every industry face, nobody is immune to this. We can talk about the value in it for the hackers in terms of ransomware alone for example. But you mentioned a stat that there's a good amount of organizations that are really either early in their security journeys or haven't started yet which kind of sounds a bit scary given the landscape and how much has changed in the last couple of years. But it sounds like on the good news front it isn't too late for organizations. Talk a little bit about some of the recommendations and best practices for those organizations who are behind the curve knowing that the next attack is going to happen. >> Taylor: Absolutely. So fantastic question. I think that when it comes to understanding the fact that people need to implement security and abide by best practices, it's like I I'm sure that many of us can agree on that front, you know, hopefully all of us. But when it comes to actually implementing that, that's I agree with you completely. That's where it's really difficult to find where where do I start, where do I actually look at? And there are a couple of answers on that front. So within the CNTF ecosystem we have a technical action group security, so tag security and they have a whole bunch of working groups that cover different facets of the Cloud Native experience. So if you, for example, are concerned about runtime security or application delivery concerns within there, those are some really good places to find people knowledgeable about, that even when the conference isn't going on to get a sense of what's going on. And then TAG security has also published recently version two of their security report which is free accessible online. They can actually look through that, see what some of the recent topics are and points of focus and of interest are within our community. There are also other organizations like Open SSF which is taking a deeper dive into security. You know, initially kind of having a little bit more of an academic focus on that space and then now getting further into things around software bill materials or SBOMs supply chain security and other topics as well. >> John: Well we love you guys doing this. We think it's very big deal. We think it's important. We're starting to see events post COVID take a certain formation, you know joking aside about the event operating systems smaller events are happening, but they're tied together. And so this is key. And of course the critical need is our businesses are under siege with threats, ransomware, security challenges, that's IT moves to Cloud Native, not everyone's moved over yet. So that's in progress. So there's a huge business imperative and the hackers have a business model. So this isn't like pie in the sky, this is urgent. So, that being said, how do you see this developing from who should attend the next one or who are you looking for to be involved to get input from you guys are open arms and very diverse and great great culture there, but who are you looking for? What's the makeup persona that you hope to attract and nurture and grow? >> Taylor: Absolutely. I, think that when it comes to trying the folks that we're looking for the correct answer is it varies you know, from, you know, you're asking Priyanka or our executive director or Chris Aniszczyk our CTO, I work mostly with the end users, so for me personally I really want to see folks that are operating within our ecosystem and actually pulling these down, these projects down and using them and sharing those stories. Because there are people creating these projects and contributing to them might not always have an idea of how they're used or how they can be exploited too. A lot of these groups that I work with like Mercedes or Intuit for example, they're out there in the world using these, these projects and getting a sense for, you know, what can come up. And by sharing that knowledge I think that's what's most important across the board. So really looking for those stories to be told and novel ways in which people are trying to exploit security and attacking the supply chain, or building applications, or just things we haven't thought about. So truly that that developer archetype is really helpful to have the consumers, the end users, the folks that are actually using these. And then, yeah, and I'm truly anywhere knowledgeable about security or that wants to learn more >> John: Super important, we're here to help you scale those stories up whatever you need, send them our way. We're looking forward to getting those. This is a super important movement getting the end users who are on the front lines bringing it back into the open, building, more software, making it secure and verified, all super important. We really appreciate the mission you guys are on and again we're here to help. So send those stories our way. >> Taylor: Cool, cool. We couldn't do it without you. Yeah, just everyone contributing, everyone sharing the news. This is it's people, people is the is the true operating system of our ecosystem. So really great to, really great to share. >> Lisa: That's such a great point Taylor. It is all about people. You talked about this event having a different vibe. I wanted to learn a little bit more about that as we, as we wrap up because there's so much cultural change that's required for organizations to evolve their security practices. And so people of course are at the center of culture. Talk a little bit about why that vibe is different and do you think that yeah, it's finally time. Everyone's getting on the same page here we're understanding, we're learning from each other. >> Taylor: Yes. So, so to kind of answer that, I think it's really a focus on, there's this term shift left and shift right. And talking about where do we actually put security in the mix as it comes to people adopting this and and figuring out where things go. And if you keep shifting at left, that meaning that the developers should care more deeply about this and a deeper understanding of all of these, you know, even if it's, even if they don't understand how to put it together, maybe understand a little bit about it or how these topics and, and facets of knowledge work. But you know, like with anything, if you shift everything off to one side or the other that's also not going to be efficient. You know, you want a steady stream of knowledge flowing throughout your whole organization. So I think that that's been something that has been a really interesting topic and, and hearing people kind of navigate and try to get through, especially groups that have had, you know, deployed an app and it's going to be around for 40 years as well. So I think that those are some really interesting and unique areas of focus that I've come up on the floor and then in a couple of the sessions here >> Lisa: There's got to be that, that balance there. Last question as we wrap the last 30 seconds or so what are you excited about given the success and the momentum of day one? What excites you about what's ahead for us on day two? >> Taylor: So on day two, I'm really, it's, there's just so many sessions. I think that it was very difficult for me to, you know pick which one I was actually going to go see. There are a lot of favorites that I had kind of doubled up at each of the time so I'm honestly going to be in a lot of the sessions today. So really excited about that. Supply chain security is definitely one that's close to my heart as well but I'm really curious to see what new topics, concepts or novel ideas people have to kind of exploit things. Like one for example is a package is out there it's called Browser Test but somebody came up with one called Bowser Test. Just a very simple misname and then when you go and run that it does a fake kind of like, hey you've been exploited and just even these incorrect name attacks. That's something that is really close and dear to me as well. Kind of hearing about all these wild things people wouldn't think about in terms of exploitation. So really, really excited to hear more stories on that front and better protect myself both at home and within the Cloud Community as I stand these things up. >> Lisa: Absolutely you need to clone yourself so that you can, there's so many different sessions. There needs to be multiple versions of Taylor that you can attend and then you can all get together and talk about and learn. But that's actually a really good problem to have as we mentioned when we started 72 sessions yesterday and today. Lots of great content. Taylor, we thank you for your participation. We thank you for bringing the vibe and the buzz of the event to us and we look forward as well to hearing and seeing what day two brings us today. Thank you so much for your time Taylor. >> Taylor: Thank you for having me. >> John: All right >> Lisa: Right, for our guest and John Furrier, I'm Lisa Martin. You're watching theCube's Day two coverage of Cloud Native Security Con 23. (energetic music plays)

(upbeat music) >> Hey, everyone. Welcome back to theCUBE's day one coverage of Cloud Native SecurityCon 2023. This has been a great conversation that we've been able to be a part of today. Lisa Martin with John Furrier and Dave Vellante. Dave and John, I want to get your take on the conversations that we had today, starting with the keynote that we were able to see. What are your thoughts? We talked a lot about technology. We also talked a lot about people and culture. John, starting with you, what's the story here with this inaugural event? >> Well, first of all, there's two major threads. One is the breakout of a new event from CloudNativeCon/KubeCon, which is a very successful community and events that they do international and in North America. And that's not stopping. So that's going to be continuing to go great. This event is a breakout with an extreme focus on security and all things security around that ecosystem. And with extensions into the Linux Foundation. We heard Brian Behlendorf was on there from the Linux Foundation. So he was involved in Hyperledger. So not just Cloud Native, all things containers, Kubernetes, all things Linux Foundation as an open source. So, little bit more of a focus. So I like that piece of it. The other big thread on this story is what Dave and Yves were talking about on our panel we had earlier, which was the business model of security is real and that is absolutely happening. It's impacting business today. So you got this, let's build as fast as possible, let's retool, let's replatform, refactor and then the reality of the business imperative. To me, those are the two big high-order bits that are going on and that's the reality of this current situation. >> Dave, what are your top takeaways from today's day one inaugural coverage? >> Yeah, I would add a third leg of the stool to what John said and that's what we were talking about several times today about the security is a do-over. The Pat Gelsinger quote, from what was that, John, 2011, 2012? And that's right around the time that the cloud was hitting this steep part of the S-curve and do-over really has meant in looking back, leveraging cloud native tooling, and cloud native technologies, which are different than traditional security approaches because it has to take into account the unique characteristics of the cloud whether that's dynamic resource allocation, unlimited resources, microservices, containers. And while that has helped solve some problems it also brings new challenges. All these cloud native tools, securing this decentralized infrastructure that people are dealing with and really trying to relearn the security culture. And that's kind of where we are today. >> I think the other thing too that I had Dave is that was we get other guests on with a diverse opinion around foundational models with AI and machine learning. You're going to see a lot more things come in to accelerate the scale and automation piece of it. It is one thing that CloudNativeCon and KubeCon has shown us what the growth of cloud computing is is that containers Kubernetes and these new services are powering scale. And scale you're going to need to have automation and machine learning and AI will be a big part of that. So you start to see the new formation of stacks emerging. So foundational stacks is the machine learning and data apps are coming out. It's going to start to see more apps coming. So I think there's going to be so many new applications and services are going to emerge, and if you don't get your act together on the infrastructure side those apps will not be fully baked. >> And obviously that's a huge risk. Sorry, Dave, go ahead. >> No, that's okay. So there has to be hardware somewhere. You can't get away with no hardware. But increasingly the security architecture like everything else is, is software-defined and makes it a lot more flexible. And to the extent that practitioners and organizations can consolidate this myriad of tools that they have, that means they're going to have less trouble learning new skills, they're going to be able to spend more time focused and become more proficient on the tooling that is being applied. And you're seeing the same thing on the vendor side. You're seeing some of these large vendors, Palo Alto, certainly CrowdStrike and fundamental to their strategy is to pick off more and more and more of these areas in security and begin to consolidate them. And right now, that's a big theme amongst organizations. We know from the survey data that consolidating redundant vendors is the number one cost saving priority today. Along with, at a distant second, optimizing cloud costs, but consolidating redundant vendors there's nowhere where that's more prominent than in security. >> Dave, talk a little bit about that, you mentioned the practitioners and obviously this event bottoms up focused on the practitioners. It seems like they're really in the driver's seat now. With this being the inaugural Cloud Native SecurityCon, first time it's been pulled out of an elevated out of KubeCon as a focus, do you think this is about time that the practitioners are in the driver's seat? >> Well, they're certainly, I mean, we hear about all the tech layoffs. You're not laying off your top security pros and if you are, they're getting picked up very quickly. So I think from that standpoint, anybody who has deep security expertise is in the driver's seat. The problem is that driver's seat is pretty hairy and you got to have the stomach for it. I mean, these are technical heroes, if you will, on the front lines, literally saving the world from criminals and nation-states. And so yes, I think Lisa they have been in the driver's seat for a while, but it it takes a unique person to drive at those speeds. >> I mean, the thing too is that the cloud native world that we are living in comes from cloud computing. And if you look at this, what is a practitioner? There's multiple stakeholders that are being impacted and are vulnerable in the security front at many levels. You have application developers, you got IT market, you got security, infrastructure, and network and whatever. So all that old to new is happening. So if you look at IT, that market is massive. That's still not transformed yet to cloud. So you have companies out there literally fully exposed to ransomware. IT teams that are having practices that are antiquated and outdated. So security patching, I mean the blocking and tackling of the old securities, it's hard to even support that old environment. So in this transition from IT to cloud is changing everything. And so practitioners are impacted from the devs and the ones that get there faster and adopt the ways to make their business better, whether you call it modern technology and architectures, will be alive and hopefully thriving. So that's the challenge. And I think this security focus hits at the heart of the reality of business because like I said, they're under threats. >> I wanted to pick up too on, I thought Brian Behlendorf, he did a forward looking what could become the next problem that we really haven't addressed. He talked about generative AI, automating spearphishing and he flat out said the (indistinct) is not fixed. And so identity access management, again, a lot of different toolings. There's Microsoft, there's Okta, there's dozens of companies with different identity platforms that practitioners have to deal with. And then what he called free riders. So these are folks that go into the repos. They're open source repos, and they find vulnerabilities that developers aren't hopping on quickly. It's like, you remember Patch Tuesday. We still have Patch Tuesday. That meant Hacker Wednesday. It's kind of the same theme there going into these repos and finding areas where the practitioners, the developers aren't responding quickly enough. They just don't necessarily have the resources. And then regulations, public policy being out of alignment with what's really needed, saying, "Oh, you can't ship that fix outside of Germany." Or I'm just making this up, but outside of this region because of a law. And you could be as a developer personally liable for it. So again, while these practitioners are in the driver's seat, it's a hairy place to be. >> Dave, we didn't get the word supercloud in much on this event, did we? >> Well, I'm glad you brought that up because I think security is the big single, biggest challenge for supercloud, securing the supercloud with all the diversity of tooling across clouds and I think you brought something up in the first supercloud, John. You said, "Look, ultimately the cloud, the hyperscalers have to lean in. They are going to be the enablers of supercloud. They already are from an infrastructure standpoint, but they can solve this problem by working together. And I think there needs to be more industry collaboration. >> And I think the point there is that with security the trend will be, in my opinion, you'll see security being reborn in the cloud, around zero trust as structure, and move from an on-premise paradigm to fully cloud native. And you're seeing that in the network side, Dave, where people are going to each cloud and building stacks inside the clouds, hyperscaler clouds that are completely compatible end-to-end with on-premises. Not trying to force the cloud to be working with on-prem. They're completely refactoring as cloud native first. And again, that's developer first, that's data first, that's security first. So to me that's the tell sign. To me is if when you see that, that's good. >> And Lisa, I think the cultural conversation that you've brought into these discussions is super important because I've said many times, bad user behavior is going to trump good security every time. So that idea that the entire organization is responsible for security. You hear that all the time. Well, what does that mean? It doesn't mean I have to be a security expert, it just means I have to be smart. How many people actually use a VPN? >> So I think one of the things that I'm seeing with the cultural change is face-to-face problem solving is one, having remote teams is another. The skillset is big. And I think the culture of having these teams, Dave mentioned something about intramural sports, having the best people on the teams, from putting captains on the jersey of security folks is going to happen. I think you're going to see a lot more of that going on because there's so many areas to work on. You're going to start to see security embedded in all processes. >> Well, it needs to be and that level of shared responsibility is not trivial. That's across the organization. But they're also begs the question of the people problem. People are one of the biggest challenges with respect to security. Everyone has to be on board with this. It has to be coming from the top down, but also the bottom up at the same time. It's challenging to coordinate. >> Well, the training thing I think is going to solve itself in good time. And I think in the fullness of time, if I had to predict, you're going to see managed services being a big driver on the front end, and then as companies realize where their IP will be you'll see those managed service either be a core competency of their business and then still leverage. So I'm a big believer in managed services. So you're seeing Kubernetes, for instance, a lot of managed services. You'll start to see more, get the ball going, get that rolling, then build. So Dave mentioned bottoms up, middle out, that's how transformation happens. So I think managed services will win from here, but ultimately the business model stuff is so critical. >> I'm glad you brought up managed services and I want to add to that managed security service providers, because I saw a stat last year, 50% of organizations in the US don't even have a security operations team. So managed security service providers MSSPs are going to fill the gap, especially for small and midsize companies and for those larger companies that just need to augment and compliment their existing staff. And so those practitioners that we've been talking about, those really hardcore pros, they're going to go into these companies, some large, the big four, all have them. Smaller companies like Arctic Wolf are going to, I think, really play a key role in this decade. >> I want to get your opinion Dave on what you're hoping to see from this event as we've talked about the first inaugural standalone big focus here on security as a standalone. Obviously, it's a huge challenge. What are you hoping for this event to get groundswell from the community? What are you hoping to hear and see as we wrap up day one and go into day two? >> I always say events like this they're about educating, aspiring to action. And so the practitioners that are at this event I think, I used to say they're the technical heroes. So we know there's going to be another Log4j or a another SolarWinds. It's coming. And my hope is that when that happens, it's not an if, it's a when, that the industry, these practitioners are able to respond in a way that's safe and fast and agile and they're able to keep us protected, number one and number two, that they can actually figure out what happened in the long tail of still trying to clean it up is compressed. That's my hope or maybe it's a dream. >> I think day two tomorrow you're going to hear more supply chain, security. You're going to start to see them focus on sessions that target areas if within the CNCF KubeCon + CloudNativeCon area that need support around containers, clusters, around Kubernetes cluster. You're going to start to see them laser focus on cleaning up the house, if you will, if you can call it cleaning up or fixing what needs to get fixed or solved what needs to get solved on the cloud native front. That's going to be urgent. And again, supply chain software as Dave mentioned, free riders too, just using open source. So I think you'll see open source continue to grow, but there'll be an emphasis on verification and certification. And Docker has done a great job with that. You've seen what they've done with their business model over hundreds of millions of dollars in revenue from a pivot. Catch a few years earlier because they verify. So I think we're going to be in this verification blue check mark of code era, of code and software. Super important bill of materials. They call SBOMs, software bill of materials. People want to know what's in their software and that's going to be, again, another opportunity for machine learning and other things. So I'm optimistic that this is going to be a good focus. >> Good. I like that. I think that's one of the things thematically that we've heard today is optimism about what this community can generate in terms of today's point. The next Log4j is coming. We know it's not if, it's when, and all organizations need to be ready to Dave's point to act quickly with agility to dial down and not become the next headline. Nobody wants to be that. Guys, it's been fun working with you on this day one event. Looking forward to day two. Lisa Martin for Dave Vellante and John Furrier. You're watching theCUBE's day one coverage of Cloud Native SecurityCon '23. We'll see you tomorrow. (upbeat music)

(rousing music) >> Hello everyone. Welcome back to "theCUBE's" day one coverage of Cloud Native Security Con 23. This is going to be an exciting panel. I've got three great guests. I'm Lisa Martin, you know our esteemed analysts, John Furrier, and Dave Vellante well. And we're excited to welcome to "theCUBE" for the first time, Yves Sandfort, the CEO of Comdivision Group, who's coming to us from Germany. As you know, Cloud Native Security Con is a global event. Everyone welcome Yves, great to have you in particular. Welcome to "theCUBE." >> Great to be here. >> Thank you for inviting me. >> Yves, tell us a little bit, before we dig into really wanting to understand your perspectives on the event and get Dave and John's feedback as well, tell us a little bit about you. >> So yeah, talking about me, or talking about Comdivision real quick. We are in the business for over 27 years already. We started as a SaaS company, then became more like an architecture and, and Cloud Native company over the last few years. But what's interesting is, and I think that's, that's, that's really interesting when we look at our industry. It hasn't really, the requirements haven't really changed over the years. It's still security. We still have to figure out how we deal with security. We still have to figure out how we deal with compliance and everything else. And I think therefore, it's more and more important that we take these items more seriously. Also, based on the fact that when we look at it, how development and other things happen nowadays, it's, it's, everybody says it's like open source. It's great because everybody can look into the code. We, I think the last few years have shown us enough example that that's not necessarily solving all the issues, but it's also code and development has changed rapidly when we look at the Cloud Native approach, where it's far more about gluing the pieces together, versus the development pieces. When I was actually doing software development 25 years ago, and had to basically build my code because I didn't have that much internet access for it. So it has evolved, but even back then we had to deal with security and everything. >> Right. The focus on security is, is incredibly important, and the focus keeps growing as you mentioned. This is, guys, and I want to get your perspectives on this. We're going to start with John. This is the first time Cloud Native Security Con is its own event being extracted from, and amplified from KubeCon. John, I want to understand from your perspective, break down the event, what you see, what you've heard, and Cloud Native Security in general. What does this mean to companies? What does it mean to customers? Is this a reality? >> Well, I think that's the topic we want to discuss, and I think Yves background, you see the VMware certification, I love that. Because what VMware did with virtualization, was abstract that from server virtualization, kind of really changed the game on things, and you start to see Cloud Native kind of go that next level of how companies will be operating their business, not just digital transformation, as digital transformation goes to completion, it's total business transformation where IT is everywhere. And so you're starting to see the trends where, "Okay, that's happening." Now you're starting to see, that's Cloud Native Con, or KubeCon, AWS re:Invent, or whatever show, or whatever way you want to look at it. But in, in the past decade, past five years, security has always been front and center as almost a separate thing, and, in and of itself, but the same thing. So you're starting to see the breakout of security conversations around how to make things work. So a lot of operational conversations around what used to be DevOps makes infrastructure as code, and that was great, that fueled that. Then DevSecOps came. So the Cloud Native next level, is more application development at scale, developers driving the standards with developer first thinking, shifting left, I get all that. But down in the lower ends of the stack, you got real operational issues. DNS we've heard in the keynote, we heard about the Colonel, the Lennox Colonel. Things that need to be managed and taken care of at a security level. These are like, seem like in the weeds, but you're starting to see that happen. And the other thing that I think's real about Cloud Native Security Con that's going to be interesting to watch, is Amazon has pretty much canceled all their re:Invent like shows except for two; Re:Invent, which is their annual conference, and Re:Inforce, which is dedicated to securities. So Cloud Native, Linux, the Linux Foundation has now breaking out Cloud Native Con and KubeCon, and now Cloud Native Security Con. They can't call it KubeCon because it's not Kubernetes, but it's like security focus. I think this is the beginning of starting to see this new developer driving, developers driving the standards, and it has it implications, what used to be called IT ops, and that's like the VMwares of the world. You saw all the stuff that was not at developer focus, but more ops, becoming much more in the application. So I think, I think it's real. The question is where does it go? How fast does it develop? So to me, I think it's a real trend, and it's worthy of a breakout, but it's not yet clear of where the landing zone is for people to start doing it, how they get started, what are the best practices. Machine learning's going to be a big part of this. So to me it's totally cool, but I'm not yet seeing the beachhead. So that's kind of my take. >> Dave, our inventor and host of breaking analysis, what's your take? >> So when you, I think when you zoom out, there's some, there's a big macro change that's been going on. I think when you look back, let's say 10, 12 years ago, the, the need for speed far trumped the, the, the security aspect, the governance, the data privacy. It was like, "Yeah, the risks, they're not that great compared to our opportunity." That has completely changed because the risks are now so much higher. And so what's happening, I think there's a, there's a major effort amongst CIOs and CISOs to try to make security not a blocker because it use to be, it still is. "Okay, I got this great initiative." Eh, give it to the SecOps pros, and let them take it for a while before we can go to market. And so a huge challenge now is to simplify, automate, AI comes in, the whole supply chain security, so the, so the companies can not be facing so much friction. And that is non-trivial. I don't think we're anywhere close there, but I think the goal is by, within the next several years, we're going to be in a position, that security, we heard today, is, wasn't designed in to the initial internet protocols. It was bolted on. And so increasingly, the fundamental architecture of the internet, the Cloud, et cetera, is, is seeing designed in security, and, and that is an imperative, or else business is going to come to a grinding halt. >> Right. It's no longer, the bolt no longer works. Yves, what's your perspective on Cloud Native Security, where it stands today? What's in it for customers, whether we're talking about banks, or hospitals, or retailers, what do you think? >> I think when we, when we look at security in the, in the modern world, is we need to as, as Dave mentioned, we need to rethink how we apply it. Very often, security in the past has been always bolted on in the end. If we continue to do that, it'll become more and more difficult, because as companies evolve, and as companies want to bring products and software to market in a much faster and faster way, it's getting more and more difficult if we bolt on the security process at the end. It's like, developers build something and then someone checks security. That's not going to work any longer. Especially if we also consider now the changes in the industry. We had Stack Overflow over the last 10 years. If I would've had Stack Overflow 15, 20, what, 25 years ago when I was a developer, it would've changed a hell lot. Looking at it now, and looking at it what we had in the last few weeks, it's like where nearly all of my team members say is like finally I don't need any script kiddies anymore because I can't go to (indistinct) who writes the code for me. Which is on one end great, because it enables us to solve certain problems in a much higher pace. But the challenge with that is, if the people who just copy and past that code, don't understand the implications of that code, we have a much higher risk continuously. And what people thought was, is challenging with Stack Overflow. Imagine that something in one of these AI engines, is actually going ballistic, and it creates holes in nearly every one of these applications. And trust me, there will be enough developers who are going to use these tools to develop codes, the same as students in university are going to take this to write their essays and everything else. And so it's really important that every developer team basically has a security person within their team, and not a security at the end. So we build something, we check it, go through QA, and then it goes to security. Security needs to be at the forefront. And I think that's where we see Cloud Native Security Con, where we see AWS. I saw it during re:Invent already where they said is like, we have reinforced next year. I think this becomes more and more of a topic, and I think companies, as much as it is become a norm that you have a firewall and everything else, it needs to become a norm that when you are doing software development, and every development team needs to have a security person on that needs to be trained. >> I love that chat comment Dave, 'cause you and I were talking about this. And I think that is going to be the issue. Do we need security chat for the chat bot? And there's like a, like a recursive model there. The biases are built in. I think, and I think our interview with the Palo Alto Network's co-founder, Dave, when he talked about zero trust as a structured way to start things, but he was referencing that with Cloud, there's a chance to rethink or do a do-over in security. So, I think this is kind of to me, where this is all going. And I think you asked Pat Gelsinger what, year 2013, 2014, can, is security a do over? I think we're in that do over time. >> He said yes. >> He said yes. (laughing) He was right. But yeah, eight years later... But this is, how do you, zero trust gives you some structure, but how do you organize and redo security? Because to me, I think that's what's happening here. >> And John you heard, Zuk at Palo Alto Network said, "Yeah, the, the words security and architecture, they don't go together historically." And so it is a total, total retake. >> Well is that because there's too many tools out there and- >> Yeah. For sure. >> Yeah, well, first of all, a lot of hardware. And then yeah, a lot of tools. You even see IIOT and industry 40, you see IOT security coming up as another stove pipe, and that's not the right approach. And, and so- >> Well let me, let me ask you a question Dave, and Yves, if you don't mind. 'Cause I was just riffing on this yesterday about this. In the ML space, you're seeing the ML models, you're seeing proprietary models versus open source. Is security going to go down this proprietary security methods and open source? Because that's interesting, because the CNCF is run by the the Linux Foundation. So you can almost maybe see a model where there's more proprietary security methods than open source. Or is it, is that a non-issue? >> I would, I would, let me, if I, if I jump in here first, I think the last, especially last five or 10 years have clearly shown the, the whole and, and I invested early on in the, in the end 90s in several open source startups in the Bay area. So, I'm well behind the whole open source idea and, and mid (indistinct) and others back then several times. But the point is, I think what we have seen is open source is not in general, more secure or less secure, because code is too complex nowadays. You have millions of lines of code, and it's not that either one way or the other is going to solve it. The ways I think we are going to look at it is more is what's the role to market, because only because something is open source doesn't necessarily mean it's going to be available for everyone. And the same for proprietary source from that perspective, even though everybody mixes licensing and payments and all that all the time, but it doesn't necessarily have anything to do with it. But I think as we are going through it, and when we also look at the industry, security industry over the last 10 plus years has been primarily hardware focused. And a lot of these vendors have done a good business out of selling hardware boxes, putting software on top of it. Whereas in reality, those were still X86 standard boxes in the end. So it was not that we had specific security ethics or anything like that in there anymore. And so overall, the question of the market is going to change. And as we are looking into Cloud Native, think about someone like an AWS, do you really envision them to have a hardware box of every supplier in their data center, and that in every availability zone in every region? Same for Microsoft, same for Google, etc? So we need to have new ways on how we can apply security. And that applies both on the backend services, but also on the front end side. >> And if I, and if I could chime in, I think the, the good, I think the answer is, is, is no and yes. And what I mean by that is if you take, antivirus and known malware, I mean pretty much anybody today can, can solve that problem, it's the unknown malware. So I think the yes part of the answer is yes, it's, it's going to be proprietary, but in the sense we're going to use open source tooling, and then apply that in a proprietary way with, with specific algorithms and unique architectures that are going to solve problems. For example, XDR with, with unknown malware. So, and that's the, that's the hard part. As somebody said, I think this morning at the keynote, it's, it's all the stuff that, that the SecOps team couldn't find. That's the really hard part. >> (laughs) Well the question will be will, is the new IP, the ability to feed ChatGPT some magical spelled insertion query string that does the job, that's unique, that might be the new IP, the the question to ask. >> Well, that's what the hackers are going to do. And I, they're on offense. (John laughs) And the offense knows what play is coming. So, they're going to start. >> So guys, let's take this conversation up a level. I want to get your perspectives on what's in this for me as a customer? We know security is a board level conversation. We talk about this all the time. We also know that they're based on, I think David, was the conversations that you and I had, with Palo Alto Networks at Ignite in December. There's a, there's a lack of alignment between the executives and the board from a security perspective. When we talk about Cloud Native Security, we all talked about the value in that, what's in it for customers? I want to get your perspectives on should this be a board level conversation, and if so, how do you advise organizations, whether it is a hospital, or a bank, or an organization that is really affected by things like ransomware? How should they be thinking about this from an organizational perspective? >> Well, I'll start first, because we had this conversation during our Super Cloud event last month, and this comes up a lot. And this is, the CEO board level. Yes it is a board level conversation for security, as is application development as in terms of transforming their business to be competitive, not to be on the wrong side of history with this wave coming. So I think that's more of a management. But the issue is, they tell their people, "Go do it." And they're like, 'cause they get sold on the idea of, "Hey, won't you transform your business, and everything's going to be data driven, and machine learning's going to power your apps, get new customers, be profitable." "Oh, sign me up for that." When you have to implement this, it's really hard. And I think the core issue is, where are companies in their life cycle of the ability to execute and architect this thing properly as Dave said, Nick Zuk said, "You can't have architecture and security, you need platforms." So, I think the re-platforming, and the re-factoring of business is a big factor, and that's got to get down into the, the organizational shifts and the people to do it. So are there skills? Do I do a managed service? How do I architect it? Are there more services? Are there developers doing applications that are going to be more agile? So, this is not an easy thing. And to move a business from IT operations that is proven, to be positioned for this enablement, is just really difficult. And it's expensive. And if you screw it up, you could be, could be on the wrong side of things. So, to me, that's the big issue is, you sell the dream and then you got to implement it. And that's really difficult. >> Yves, give us your perspective on, based on John's comments, how do organizations shift so dramatically? There's a cultural element there as well, but there's also organizations that are, have competitive competitors in the rear view mirror, and there's time to waste. What are your thoughts on that? >> I think that's exactly the point. It's like, as an organization, you need to take the decision between the time, the risk, and all the other elements we have into this game. Because you can try to achieve 100% security, but that's exactly the same as trying to, to protect gold or anything else 100%. It's most likely not going to be from a risk perspective anyway sensible. And that's the same from a corporational perspective. When you look at building new internet services, or IOT services, or any kind of new shopping experience or whatever else, you need to balance out between the risks and the advantages out of it. And you also need to be accepting that you potentially on the way make mistakes, but then it's more important than ever that you are able to quickly fix any mistakes, and to adjust to anything what's happening in the market. Because as we are building all these new Cloud Native applications, and build up all these skill sets, one of the big scenarios is we are far more depending on individual building blocks. These building blocks come out of open source communities, which have a much different way. When we look back in software development, back then we had application servers from Oracle, Web Logic, whatsoever, they had a release cycles of every three to six months. As now we have to deal with open source, where sometimes release cycles are on a four week schedule, in between security patches. So you need to be much faster in adopting that, checking that, implementing that, getting things to work. So there is a security stretch from that perspective. There is a speech stretch on the other thing companies have to deal with, and on the other side it's always a measurement between the risk, and the security you can afford. Because reality is, you will not be 100% protected no matter what you do. So, you need to balance out what you as an organization can actually build on. But I think, coming back also to the point, it's on the bot level nowadays. It's like nearly every discussion we have with companies nowadays as they move into the Cloud, especially also here in Europe where for the last five years, it was always, it's like "It's data privacy." Data privacy is no longer, I mean, yes, for certain people, it's still the point, but for many more people it's like, "How protected is my data?" "What do we do in case of ransomware attack?" "What do we do in case of a denial of service?" All of these things become more vulnerable, where in the past you were discussing these things with a becking page, or, or like a stock exchange. They were, it's like, "What the hell is going to happen if we have a denial of service?" Now all of the sudden, this now affects nearly everyone in their storefronts and everything else, because everything is depending on it. >> Yeah, I think you're right on. You think about how cultural change occurs, it's bottom ups or, bottom up, top down or middle out. And what, what's happened with security is the people in the security team cared about it, they were the, everybody said, "Oh, it's their problem." And then it just did an end run to the board, kind of mid, early last decade. And then the board sort of pushed that down. And the line of business is realizing, "Holy cow. My business, my EBIT can be dramatically affected by this, so I care." Now it's this whole house, cultural team sport. I know it's sort of a, a cliche, but it, it's true. Everybody actually is beginning to care about security because the risks are now so high, and it's going to affect not only the bottom line of the company, the bottom line of the business, their job, it's, it's, it's virtually everywhere. It's a huge cultural shift that we're seeing. >> And that's a big challenge for organizations in any industry. And Yves, you talked about ransomware service. Every industry across the globe is vulnerable to this. But how can, maybe John, we'll start with you. How can Cloud Native Security help organizations if they're able to embrace it, operationally, culturally, dial down some of the vulnerabilities that just seem to keep growing? >> Well, I mean that's the big question. The breaches are, are critical. The governances also could be a way that anchors down growth. So I think the balance between the governance compliance piece of it is key, but making the developers faster and more productive is the key to me. And I think having the security paradigm where they're not blockers, as Dave said, is critical. So I love the whole shift left, but now that we have more data focused initiatives around how that, you can use data to understand the security issues, I think data and security are together, and I think there's a going to be a data operating system model emerging, where data and security will be almost one thing. And that will be set up by the security teams, and the data teams together. And that will feed guardrails into the developer environment. So the developer should feel no pain at all in doing this. So I think the best practice will end up being what we're seeing with supply chain, security, with making sure code's verified. And you're going to see the container, security side completely address has been, and KubeCon, we just, I asked Scott Johnson, the CEO of Docker, and I asked him directly, "Are you guys all tight on container security?" He said, yes, but other people are suggesting that's not true. There's a lot of issues with the container security. So, there's all kinds of areas where there's holes. So Cloud Native is cool on one hand, and very relevant, but if it's not shored up, it's going to be a problem. But I, so I think that's where the action will be, at the developer pipeline, in the containers, and the data. So, that will be very relevant, and if companies nail that, they'll be faster, they'll have better apps, and that'll be the differentiator. And again, if they don't on this next wave, they're going to be driftwood. >> Dave, how do they prevent becoming driftwood? >> Well, I think Cloud has had a huge impact. And a Cloud's by no means a panacea, but let's face it, it's dramatically improved a lot of companies security posture. Now there's still that shared responsibility. Even though an S3 bucket is encrypted, it's still your responsibility to make sure that it doesn't get decrypted by somebody who has access to it. So there are things like that, but to Yve's earlier point, that can be, that's done through software now, it's done through best practices. Those best practices can be shared. So the way you, you don't become driftwood, is you start to, you step back, rethink that security architecture as we were talking about earlier, take advantage of the Cloud, take advantage of Cloud Native, and all the, the rapid pace of innovation that's occurring there, and you don't use, it's called before, The audit is the last line of defense. That's no longer a check box item. "Oh yeah, we're in compliance." It's, this is a business imperative, and because we're going to reduce our expected loss and reduce our business risk. That's part of the business case today. >> Yeah. >> It's a huge, critically important part of the business case. Yves, question for you. If you're in an elevator with a CEO, a CFO, and a CISO, and they're talking about security and Cloud Native Security, what's your value proposition to them on a, on a say a 32nd elevator ride? >> Difficult story. I think at the moment, the most important part is, we need to get people to work together, and we need to train people to work more much better together. I think that's the overall most important part for all of these solutions, because in the end, security is always a person issue. If, we can have the best tools in the industry, as long as we don't get all of these teams to work together, then we have a problem. If the security team is always seen as the end of the solution to fix everything, that's not going to work because they always are the bad guys in the game. And so we need to bring the teams together. And once we have the teams work together, I think we have a far better track on, on maintaining security. >> John and Dave, I want to get your perspectives on what Yves just said. In all the experience that the two of you have as industry analysts here on "theCUBE," Wikibon, Siliconangle Media. How do you advise organizations to get those teams together? As Eve said, that alignment is critical, but John, we'll start with you, then Dave go to you. What's your advice for organizations that need to align those teams and really don't have a lot of time to wait to do it? >> (chuckling) That's a great question. I think, I think that's everyone pays hundreds of thousands of millions of dollars to get that advice from these consultants, organizations out there doing the transformations. But I think it comes down to personnel and commitment. I think if there's a C-level commitment to the effort, you'll see the institutional structure change. So you can see really getting behind it with their, with their wallet and their, and their support of either getting more personnel to support and assist, or manage services, or giving the power to the teams to execute and doing it in a way that, that's, that's well known and best practices. Start small, build out the pilots, build the platform, and then start getting it right. And I think that's the key. Not the magic wand, the old model of rolling out stuff in, in six month cycles. It's really, get the proof points, double down and change the culture, but also execute and have real metrics. And changing the architecture, like having more penetration tests as a service. Doing pen tests is like a joke now. So that doesn't make any sense. You got to have that built in almost every day, and every minute. So, these kinds of new techniques have to be implemented and have to be tried. So that's why these communities are growing. That's why I like what open source has been doing, and I like the open source as the place to have these conversations, because that's where the action will be for new stuff. And I think people will implement open source like they did before, but with different ways, better testing, better supply chain on the software side, verifying code. So, I see open source actually getting a tailwind from this, not a headwind. So, I'm bullish on the open source piece here on, on all levels, machine learning- >> Lisa, my answer is intramural sports. And it's 'cause I think it's cultural. And what I mean by that, is you take your your best and brightest security, and this is what frankly, a lot of CISOs do, an examples is Lena Smart, MongoDB. Take your best and brightest security pros, make them captains of the intramural teams, and pair them up with pods of individuals across the organization, which is most people who don't know anything about security, and put them together, so that they can, they, so that the folks that understand security can, can realize how little people know, what, what, what, how, what the worst practices that are out there in the reverse, how they can cross pollinate. And they do that on a regular basis, I know at Mongo and other companies. And that kind of cultural assimilation is a starting point for how you get security awareness up to your question around making it a team sport. >> Absolutely critical. Yves, I want to kind of wrap things with you. We've got a couple of minutes left. When you're really looking at the Cloud Native community, the growth of it, we talked about earlier in the program, Cloud Native Security Con being now extracted and elevated out of KubeCon, what are your thoughts on the groundswell that this community is generating around Cloud Native Security, the benefits that organizations will achieve from it? >> I think overall, when we have these securities conferences, or these security arms a bit spread out and separated out of the main conference, it helps to a certain degree, because especially in the security space, when you look at at other like black hat or white hat conferences and things like that in the past, although they were not focused on Cloud Native, a lot of these security folks didn't feel well taken care of in any of the other conferences because they were always these, it's like they are always blocking us, they're always making us problems, and all these kinds of things. Now that we really take the Cloud Native piece and the security piece together, or like AWS does it with re:Inforce, I think we will see more and more that people understand is that security is a permanent topic we need to cover, but we need to bring different people together, because security also has compliance and a lot of other components in there. So we will see at these conferences moving forward, also a different audience. It's not going to be only the Cloud Native developers. And if I see some of these security audiences, I can't really imagine them to really be at KubeCon because there is too much other things going on. And you couldn't really see much of that at re:Invent because re:Invent by itself has become a complete monster of a conference. It covers too many topics. And so having this very, very important security piece separated, also gives the opportunity, I think, that we can bring in the security people, but also have the type of board level discussions potentially, between the leaders of the industry, to also discuss on how we can evolve, how we can make things better, and how, how we can actually, yeah, evolve our industry for it. Because let's face it, that threat is not going to go away. It's, it's a business. And one of the last security conferences I was on, on the ransomware part, it was one of the topics someone said is like, "Look, currently on average, it takes a hacker group roughly around they said 15 to 20 K to break into a company, and they on average make 100K. It's a business, let's face it. And it's a business we don't like. And ethically, it's no discussion that this is not good, but that's something which is happening. People are making money with it. And as long as that's going to go on, and we have enough countries where these people can hide, it's going to stay and survive. And so, with that being said, it's important for us to really build an industry around this. But I also think it's good that we have separate conferences. In the past we had more the RSA conference, which tried to cover all of these areas. But that is not really fitting Cloud Native and everything else. So I think it's good that we have these new opportunities, the Cloud Native one, but also what AWS brings up for someone. >> Yves, you just nailed it. It just comes down to simple math. It's a fraction. Revenue over cost. And if you could increase the hacker's cost, increase the denominator, their ROI will go down. And that is the game. >> Great point, Dave. What I'm hearing guys, and we can talk about technology for days and days. I know all of you. But there's, there's a big component that, that the elevation of Cloud Native Security, on its own as standalone is critical, as is the people component. You guys all talked about that. We talked about the cultural change necessary for that. Hopefully what we're seeing with Cloud Native Security Con 23, this first event is going to give us more insight over the next couple of days, and the next months or so, as to how this elevation, and how the people can come together to really help organizations from a math perspective as, as Dave talked about, really dial down the risks there, understand more of the vulnerabilities so that ransomware as a service is not as lucrative as it is today. Guys, so much appreciate your time, really breaking down Cloud Native Security, the value in it from different perspectives, and what your thoughts are on where it's going. Thanks so much for your time. >> All right. Thanks. >> Thanks, Lisa. >> Thank you. >> Thanks, Yves. >> All right. For my guests, I'm Lisa Martin. You're watching theCUBE's day one coverage of Cloud Native Security Con 23. Thanks for watching. (rousing music)

(upbeat music) >> Hey everyone and welcome to theCUBE's coverage day one of CloudNativeSecurityCon '23. Lisa Martin here with John Furrier and Dave Vellante. Dave and John, great to have you guys on the program. This is interesting. This is the first inaugural CloudNativeSecurityCon. Formally part of KubeCon, now a separate event here happening in Seattle over the next couple of days. John, I wanted to get your take on, your thoughts on this being a standalone event, the community, the impact. >> Well, this inaugural event, which is great, we love it, we want to cover all inaugural events because you never know, there might not be one next year. So we were here if it happens, we're here at creation. But I think this is a good move for the CNCF and the Linux Foundation as security becomes so important and there's so many issues to resolve that will influence many other things. Developers, machine learning, data as code, supply chain codes. So I think KubeCon, Kubernetes conference and CloudNativeCon, is all about cloud native developers. And it's a huge event and there's so much there. There's containers, there's microservices, all that infrastructure's code, the DevSecOps on that side, there's enough there and it's a huge ecosystem. Pulling it as a separate event is a first move for them. And I think there's a toe in the water kind of vibe here. Testing the waters a little bit on, does this have legs? How is it organized? Looks like they took their time, thought it out extremely well about how to craft it. And so I think this is the beginning of what will probably be a seminal event for the open source community. So let's listen to the clip from Priyanka Sharma who's a CUBE alumni and executive director of the CNCF. This is kind of a teaser- >> We will tackle issues of security together here and further on. We'll share our experiences, successes, perhaps more importantly, failures, and help with the collecting of understanding. We'll create solutions. That's right. The practitioners are leading the way. Having conversations that you need to have. That's all of you. This conference today and tomorrow is packed with 72 sessions for all levels of technologists to reflect the bottoms up, developer first nature of the conference. The co-chairs have selected these sessions and they are true blue practitioners. >> And that's a great clip right there. If you read between the lines, what she's saying there, let's unpack this. Solutions, we're going to fail, we're going to get better. Linux, the culture of iterating. But practitioners, the mention of practitioners, that was very key. Global community, 72 sessions, co-chairs, Liz Rice and experts that are crafting this program. It seems like very similar to what AWS has done with re:Invent as their core show. And then they have re:Inforce which is their cloud native security, Amazon security show. There's enough there, so to me, practitioners, that speaks to the urgency of cloud native security. So to me, I think this is the first move, and again, testing the water. I like the vibe. I think the practitioner angle is relevant. It's very nerdy, so I think this is going to have some legs. >> Yeah, the other key phrase Priyanka mentioned is bottoms up. And John, at our predictions breaking analysis, I asked you to make a prediction about events. And I think you've nailed it. You said, "Look, we're going to have many more events, but they're going to be smaller." Most large events are going to get smaller. AWS is obviously the exception, but a lot of events like this, 500, 700, 1,000 people, that is really targeted. So instead of you take a big giant event and there's events within the event, this is going to be really targeted, really intimate and focused. And that's exactly what this is. I think your prediction nailed it. >> Well, Dave, we'll call to see the event operating system really cohesive events connected together, decoupled, and I think the Linux Foundation does an amazing job of stringing these events together to have community as the focus. And I think the key to these events in the future is having, again, targeted content to distinct user groups in these communities so they can be highly cohesive because they got to be productive. And again, if you try to have a broad, big event, no one's happy. Everyone's underserved. So I think there's an industry concept and then there's pieces tied together. And I think this is going to be a very focused event, but I think it's going to grow very fast. >> 72 sessions, that's a lot of content for this small event that the practitioners are going to have a lot of opportunity to learn from. Do you guys, John, start with you and then Dave, do you think it's about time? You mentioned John, they're dipping their toe in the water. We'll see how this goes. Do you think it's about time that we have this dedicated focus out of this community on cloud native security? >> Well, I think it's definitely time, and I'll tell you there's many reasons why. On the front lines of business, there's a business model for security hackers and breaches. The economics are in favor of the hackers. That's a real reality from ransomware to any kind of breach attacks. There's corporate governance issues that's structural challenges for companies. These are real issues operationally for companies in the enterprise. And at the same time, on the tech stack side, it's been very slow movement, like glaciers in terms of security. Things like DNS, Linux kernel, there are a lot of things in the weeds in the details of the bowels of the tech world, protocol levels that just need to be refactored. And I think you're seeing a lot of that here. It was mentioned from Brian from the Linux Foundation, mentioned Dan Kaminsky who recently passed away who found that vulnerability in BIND which is a DNS construct. That was a critical linchpin. They got to fix these things and Liz Rice is talking about the Linux kernel with the extended Berkeley Packet Filtering thing. And so this is where they're going. This is stuff that needs to be paid attention to because if they don't do it, the train of automation and machine learning is going to run wild with all kinds of automation that the infrastructure just won't be set up for. So I think there's going to be root level changes, and I think ultimately a new security stack will probably be very driven by data will be emerging. So to me, I think this is definitely worth being targeted. And I think you're seeing Amazon doing the same thing. I think this is a playbook out of AWS's event focus and I think that's right. >> Dave, what are you thoughts? >> There was a lot of talk in, again, I go back to the progression here in the last decade about what's the right regime for security? Should the CISO report to the CIO or the board, et cetera, et cetera? We're way beyond that now. I think DevSecOps is being asked to do a lot, particularly DevOps. So we hear a lot about shift left, we're hearing about protecting the runtime and the ops getting much more involved and helping them do their jobs because the cloud itself has brought a lot to the table. It's like the first line of defense, but then you've really got a lot to worry about from a software defined perspective. And it's a complicated situation. Yes, there's less hardware, yes, we can rely on the cloud, but culturally you've got a lot more people that have to work together, have to share data. And you want to remove the blockers, to use an Amazon term. And the way you do that is you really, if we talked about it many times on theCUBE. Do over, you got to really rethink the way in which you approach security and it starts with culture and team. >> Well the thing, I would call it the five C's of security. Culture, you mentioned that's a good C. You got cloud, tons of issues involved in cloud. You've got access issues, identity. you've got clusters, you got Kubernetes clusters. And then you've got containers, the fourth C. And then finally is the code itself, supply chain. So all areas of cloud native, if you take out culture, it's cloud, cluster, container, and code all have levels of security risks and new things in there that need to be addressed. So there's plenty of work to get done for sure. And again, this is developer first, bottoms up, but that's where the change comes in, Dave, from a security standpoint, you always point this out. Bottoms up and then middle out for change. But absolutely, the imperative is today the business impact is real and it's urgent and you got to pedal as fast as you can here, so I think this is going to have legs. We'll see how it goes. >> Really curious to understand the cultural impact that we see being made at this event with the focus on it. John, you mentioned the four C's, five with culture. I often think that culture is probably the leading factor. Without that, without getting those teams aligned, is the rest of it set up to be as successful as possible? I think that's a question that's- >> Well to me, Dave asked Pat Gelsinger in 2014, can security be a do-over at VMWorld when he was the CEO of VMware? He said, "Yes, it has to be." And I think you're seeing that now. And Nick from the co-founder of Palo Alto Networks was quoted on theCUBE by saying, "Zero Trust is some structure to give to security, but cloud allows for the ability to do it over and get some scale going on security." So I think the best people are going to come together in this security world and they're going to work on this. So you're going to start to see more focus around these security events and initiatives. >> So I think that when you go to the, you mentioned re:Inforce a couple times. When you go to re:Inforce, there's a lot of great stuff that Amazon puts forth there. Very positive, it's not that negative. Oh, the world is falling, the sky is falling. And so I like that. However, you don't walk away with an understanding of how they're making the CISOs and the DevOps lives easier once they get beyond the cloud. Of course, it's not Amazon's responsibility. And that's where I think the CNCF really comes in and open source, that's where they pick up. Obviously the cloud's involved, but there's a real opportunity to simplify the lives of the DevSecOps teams and that's what's critical in terms of being able to solve, or at least keep up with this never ending problem. >> Yeah, there's a lot of issues involved. I took some notes here from some of the keynote you heard. Security and education, training and team structure. Detection, incidents that are happening, and how do you respond to that architecture. Identity, isolation, supply chain, and governance and compliance. These are all real things. This is not like hand-waving issues. They're mainstream and they're urgent. Literally the houses are on fire here with the enterprise, so this is going to be very, very important. >> Lisa: That's a great point. >> Some of the other things Priyanka mentioned, exposed edges and nodes. So just when you think we're starting to solve the problem, you got IOT, security's not a one and done task. We've been talking about culture. No person is an island. It's $188 billion business. Cloud native is growing at 27% a year, which just underscores the challenges, and bottom line, practitioners are leading the way. >> Last question for you guys. What are you hoping those practitioners get out of this event, this inaugural event, John? >> Well first of all, I think this inaugural event's going to be for them, but also we at theCUBE are going to be doing a lot more security events. RSA's coming up, we're going to be at re:Inforce, we're obviously going to be covering this event. We've got Black Hat, a variety of other events. We'll probably have our own security events really focused on some key areas. So I think the thing that people are going to walk away from this event is that paying attention to these security events are going to be more than just an industry thing. I think you're going to start to see group gatherings or groups convening virtually and physically around core issues. And I think you're going to start to see a community accelerate around cloud native and open source specifically to help teams get faster and better at what they do. So I think the big walkaway for the customers and the practitioners here is that there's a call to arms happening and this is, again, another signal that it's worth breaking out from the core event, but being tied to it, I think that's a good call and I think it's a well good architecture from a CNCF standpoint and a worthy effort, so I give it a thumbs up. We still don't know what it's going to look like. We'll see what day two looks like, but it seems to be experts, practitioners, deep tech, enabling technologies. These are things that tend to be good things to hear when you're at an event. I'll say the business imperative is obvious. >> The purpose of an event like this, and it aligns with theCUBE's mission, is to educate and inspire business technology pros to action. We do it in theCUBE with free content. Obviously this event is a for-pay event, but they are delivering some real value to the community that they can take back to their organizations to make change. And that's what it's all about. >> Yep, that is what it's all about. I'm looking forward to seeing over as the months unfold, the impact that this event has on the community and the impact the community has on this event going forward, and really the adoption of cloud native security. Guys, great to have you during this keynote analysis. Looking forward to hearing the conversations that we have on theCUBE today. Thanks so much for joining. And for my guests, for my co-hosts, John Furrier and Dave Vellante. I'm Lisa Martin. You're watching theCUBE's day one coverage of CloudNativeSecurityCon '23. Stick around, we got great content on theCUBE coming up. (upbeat music)

(intro music) >> Good afternoon guys and gals. Welcome back to The Strip, Las Vegas. It's "theCUBE" live day four of our coverage of "AWS re:Invent". Lisa Martin, Dave Vellante. Dave, we've had some awesome conversations the last four days. I can't believe how many people are still here. The AWS ecosystem seems stronger than ever. >> Yeah, last year we really noted the ecosystem, you know, coming out of the isolation economy 'cause everybody had this old pent up demand to get together and the ecosystem, even last year, we were like, "Wow." This year's like 10x wow. >> It really is 10x wow, it feels that way. We're going to have a 10x wow conversation next. We're bringing back DataStax to "theCUBE". Please welcome Thomas Bean, it's CMO. Thomas welcome to "theCUBE". >> Thanks, thanks a lot, thanks for having me. >> Great to have you, talk to us about what's going on at DataStax, it's been a little while since we talked to you guys. >> Indeed, so DataStax, we are the realtime data company and we've always been involved in technology such as "Apache Cassandra". We actually created to support and take this, this great technology to the market. And now we're taking it, combining it with other technologies such as "Apache Pulse" for streaming to provide a realtime data cloud. Which helps our users, our customers build applications faster and help them scale without limits. So it's all about mobilizing all of this information that is going to drive the application going to create the awesome experience, when you have a customer waiting behind their mobile phone, when you need a decision to take place immediately to, that's the kind of data that we, that we provide in the cloud on any cloud, but especially with, with AWS and providing the performance that technologies like "Apache Cassandra" are known for but also with market leading unit economics. So really empowering customers to operate at speed and scale. >> Speaking of customers, nobody wants less data slower. And one of the things I think we learned in the in the pan, during the pandemic was that access to realtime data isn't nice to have anymore for any business. It is table stakes, it's competitive advantage. There's somebody right behind in the rear view mirror ready to take over. How has the business model of DataStax maybe evolved in the last couple of years with the fact that realtime data is so critical? >> Realtime data has been around for some time but it used to be really niches. You needed a lot of, a lot of people a lot of funding actually to, to implement these, these applications. So we've adapted to really democratize it, made super easy to access. Not only to start developing but also scaling. So this is why we've taken these great technologies made them serverless cloud native on the cloud so that developers could really start easily and scale. So that be on project products could be taken to the, to the market. And in terms of customers, the patterns is we've seen enterprise customers, you were talking about the pandemic, the Home Depot as an example was able to deliver curbside pickup delivery in 30 days because they were already using DataStax and could adapt their business model with a real time application that combines you were just driving by and you would get the delivery of what exactly you ordered without having to go into the the store. So they shifted their whole business model. But we also see a real strong trend about customer experiences and increasingly a lot of tech companies coming because scale means success to them and building on, on our, on our stack to, to build our applications. >> So Lisa, it's interesting. DataStax and "theCUBE" were started the same year, 2010, and that's when it was the beginning of the ascendancy of the big data era. But of course back then there was, I mean very little cloud. I mean most of it was on-prem. And so data stacks had, you know, had obviously you mentioned a number of things that you had to do to become cloud friendly. >> Thomas: Yes. >> You know, a lot of companies didn't make it, make it through. You guys just raised a bunch of dough as well last summer. And so that's been quite a transformation both architecturally, you know, bringing the customers through. I presume part of that was because you had such a great open source community, but also you have a unique value problem. Maybe you could sort of describe that a little. >> Absolutely, so the, I'll start with the open source community where we see a lot of traction at the, at the moment. We were always very involved with, with the "Apache Cassandra". But what we're seeing right now with "Apache Cassandra" is, is a lot of traction, gaining momentum. We actually, we, the open source community just won an award, did an AMA, had a, a vote from their readers about the top open source projects and "Apache Cassandra" and "Apache Pulse" are part of the top three, which is, which is great. We also run a, in collaboration with the Apache Project, the, a series of events around the, around the globe called "Cassandra Days" where we had tremendous attendance. We, some of them, we had to change venue twice because there were more people coming. A lot of students, a lot of the big users of Cassandra like Apple, Netflix who spoke at these, at these events. So we see this momentum actually picking up and that's why we're also super excited that the Linux Foundation is running the Cassandra Summit in in March in San Jose. Super happy to bring that even back with the rest of the, of the community and we have big announcements to come. "Apache Cassandra" will, will see its next version with major advances such as the support of asset transactions, which is going to make it even more suitable to more use cases. So we're bringing that scale to more applications. So a lot of momentum in terms of, in terms of the, the open source projects. And to your point about the value proposition we take this great momentum to which we contribute a lot. It's not only about taking, it's about giving as well. >> Dave: Big committers, I mean... >> Exactly big contributors. And we also have a lot of expertise, we worked with all of the members of the community, many of them being our customers. So going to the cloud, indeed there was architectural work making Cassandra cloud native putting it on Kubernetes, having the right APIs for developers to, to easily develop on top of it. But also becoming a cloud company, building customer success, our own platform engineering. We, it's interesting because actually we became like our partners in a community. We now operate Cassandra in the cloud so that all of our customers can benefit from all the power of Cassandra but really efficiently, super rapidly, and also with a, the leading unit economies as I mentioned. >> How will the, the asset compliance affect your, you know, new markets, new use cases, you know, expand your TAM, can you explain that? >> I think it will, more applications will be able to tap into the power of, of "NoSQL". Today we see a lot on the customer experience as IOT, gaming platform, a lot of SaaS companies. But now with the ability to have transactions at the database level, we can, beyond providing information, we can go even deeper into the logic of the, of the application. So it makes Cassandra and therefore Astra which is our cloud service an even more suitable database we can address, address more even in terms of the transaction that the application itself will, will support. >> What are some of the business benefits that Cassandra delivers to customers in terms of business outcomes helping businesses really transform? >> So Cassandra brings skill when you have millions of customers, when you have million of data points to go through to serve each of the customers. One of my favorite example is Priceline, who runs entirely on our cloud service. You may see one offer, but it's actually everything they know about you and everything they have to offer matched while you are refreshing your page. This is the kind of power that Cassandra provide. But the thing to say about "Apache Cassandra", it used to be also a database that was a bit hard to manage and hard to develop with. This is why as part of the cloud, we wanted to change these aspects, provide developers the API they like and need and what the application need. Making it super simple to operate and, and, and super affordable, also cost effective to, to run. So the the value to your point, it's time to market. You go faster, you don't have to worry when you choose the right database you're not going to, going to have to change horse in the middle of the river, like sixth month down the line. And you know, you have the guarantee that you're going to get the performance and also the best, the best TCO which matters a lot. I think your previous person talking was addressing it. That's also important especially in the, in a current context. >> As a managed service, you're saying, that's the enabler there, right? >> Thomas: Exactly. >> Dave: That is the model today. I mean, you have to really provide that for customers. They don't want to mess with, you know, all the plumbing, right? I mean... >> Absolutely, I don't think people want to manage databases anymore, we do that very well. We take SLAs and such and even at the developer level what they want is an API so they get all the power. All of of this powered by Cassandra, but now they get it as a, and it's as simple as using as, as an API. >> How about the ecosystem? You mentioned the show in in San Jose in March and the Linux Foundation is, is hosting that, is that correct? >> Yes, absolutely. >> And what is it, Cassandra? >> Cassandra Summit. >> Dave: Cassandra Summit >> Yep. >> What's the ecosystem like today in Cassandra, can you just sort of describe that? >> Around Cassandra, you have actually the big hyperscalers. You have also a few other companies that are supporting Cassandra like technologies. And what's interesting, and that's been a, a something we've worked on but also the "Apache Project" has worked on. Working on a lot of the adjacent technologies, the data pipelines, all of the DevOps solutions to make sure that you can actually put Cassandra as part of your way to build these products and, and build these, these applications. So the, the ecosystem keeps on, keeps on growing and actually the, the Cassandra community keeps on opening the database so that it's, it's really easy to have it connect to the rest of the, the rest environment. And we benefit from all of this in our Astra cloud service. >> So things like machine learning, governance tools that's what you would expect in the ecosystem forming around it, right? So we'll see that in March. >> Machine learning is especially a very interesting use case. We see more and more of it. We recently did a, a nice video with one of our customers called Unifour who does exactly this using also our abstract cloud service. What they provide is they analyze videos of sales calls and they help actually the sellers telling them, "Okay here's what happened here was the customer sentiment". Because they have proof that the better the sentiment is, the shorter the sell cycle is going to be. So they teach the, the sellers on how to say the right things, how to control the thing. This is machine learning applied on video. Cassandra provides I think 200 data points per second that feeds this machine learning. And we see more and more of these use cases, realtime use cases. It happens on the fly when you are on your phone, when you have a, a fraud maybe to detect and to prevent. So it is going to be more and more and we see more and more of these integration at the open source level with technologies like even "Feast" project like "Apache Feast". But also in the, in, in the partners that we're working with integrating our Cassandra and our cloud service with. >> Where are customer conversations these days, given that every company has to be a data company. They have to be able to, to democratize data, allow access to it deep into the, into the organizations. Not just IT or the data organization anymore. But are you finding that the conversations are rising up the, up the stack? Is this, is this a a C-suite priority? Is this a board level conversation? >> So that's an excellent question. We actually ran a survey this summer called "The State of the Database" where we, we asked these tech leaders, okay what's top of mind for you? And real time actually was, was really one of the top priorities. And they explained for the one that who call themselves digital leaders that for 71% of them they could correlate directly the use of realtime data, the quality of their experience or their decision making with revenue. And that's really where the discussion is. And I think it's something we can relate to as users. We don't want the, I mean if the Starbucks apps take seconds to to respond there will be a riot over there. So that's, that's something we can feel. But it really, now it's tangible in, in business terms and now then they take a look at their data strategy, are we equipped? Very often they will see, yeah, we have pockets of realtime data, but we're not really able to leverage it. >> Lisa: Yeah. >> For ML use cases, et cetera. So that's a big trend that we're seeing on one end. On the other end, what we're seeing, and it's one of the things we discussed a lot at the event is that yeah cost is important. Growth at all, at all cost does not exist. So we see a lot of push on moving a lot of the workloads to the cloud to make them scale but at the best the best cost. And we also see some organizations where like, okay let's not let a good crisis go to waste and let's accelerate our innovation not at all costs. So that we see also a lot of new projects being being pushed but reasonable, starting small and, and growing and all of this fueled by, by realtime data, so interesting. >> The other big topic amongst the, the customer community is security. >> Yep. >> I presume it's coming up a lot. What's the conversation like with DataStax? >> That's a topic we've been working on intensely since the creation of Astra less than two years ago. And we keep on reinforcing as any, any cloud provider not only our own abilities in terms of making sure that customers can manage their own keys, et cetera. But also integrating to the rest of the, of the ecosystem when some, a lot of our customers are running on AWS, how do we integrate with PrivateLink and such? We fit exactly into their security environment on AWS and they use exactly the same management tool. Because this is also what used to cost a lot in the cloud services. How much do you have to do to wire them and, and manage. And there are indeed compliance and governance challenges. So that's why making sure that it's fully connected that they have full transparency on what's happening is, is a big part of the evolution. It's always, security is always something you're working on but it's, it's a major topic for us. >> Yep, we talk about that on pretty much every event. Security, which we could dive into, but we're out of time. Last question for you. >> Thomas: Yes. >> We're talking before we went live, we're both big Formula One fans. Say DataStax has the opportunity to sponsor a team and you get the whole side pod to, to put like a phrase about DataStax on the side pod of this F1 car. (laughter) Like a billboard, what does it say? >> Billboard, because an F1 car goes pretty fast, it will be hard to, be hard to read but, "Twice the performance at half the cost, try Astra a cloud service." >> Drop the mike. Awesome, Thomas, thanks so much for joining us. >> Thank for having me. >> Pleasure having you guys on the program. For our guest, Thomas Bean and Dave Vellante, I'm Lisa Martin and you're watching "theCUBE" live from day four of our coverage. "theCUBE", the leader in live tech coverage. (outro music)

>>Hello and welcome back to the Cube's coverage of AWS Reinvent 2022. I'm John Furrier, host of the Cube. We got a great conversation with Patrick Kauflin, vice president of Go to Market Strategy and specialization at Splunk. We're talking about the open cybersecurity scheme of framework, also known as the O C sf, a joint strategic collaboration between Splunk and aws. It's got a lot of traction momentum. Patrick, thanks for coming on the cube for reinvent coverage. >>John, great to be here. I'm excited for this. >>You know, I love this open source movement and open source and continues to add value, almost sets the standards. You know, we were talking at the CNCF Linux Foundation this past fall about how standards are coming outta open source. Not so much the the classic standards groups, but you start to see the developers voting with their code groups deciding what to adopt de facto standards and security is a real key part of that where data becomes key for resilience. And this has been the top conversation at reinvent and all around the industry, is how to make data a key part of building into cyber resilience. So I wanna get your thoughts about the problem that you see that's emerging that you guys are solving with this group kind of collaboration around the ocs f >>Yeah, well look, John, I I think, I think you, you've already, you've already hit the high notes there. Data is proliferating across the enterprise. The attack surface area is rapidly expanding. The threat landscape is ever changing. You know, we, we just had a, a lot of scares around open SSL before that we had vulnerabilities and, and Confluence and Atlassian, and you go back to log four J and SolarWinds before that and, and challenges with the supply chain. In this year in particular, we've had a, a huge acceleration in, in concerns and threat vectors around operational technology. In our customer base alone, we saw a huge uptake, you know, and double digit percentage of customers that we're concerned about the traditional vectors like, like ransomware, like business email compromise, phishing, but also from insider threat and others. So you've got this, this highly complex environment where data continues to proliferate and flow through new applications, new infrastructure, new services, driving different types of outcomes in the digitally transformed enterprise of today. >>And, and what happens there is, is our customers, particularly in security, are, are left with having to stitch all of this together. And they're trying to get visibility across multiple different services, infrastructure applications across a number of different point solutions that they've bought to help them protect, defend, detect, and respond better. And it's a massive challenge. And you know, when our, when our customers come to us, they are often looking for ways to drive more consolidation across a variety of different solutions. They're looking to drive better outcomes in terms of speed to detection. How do I detect faster? How do I bind the thing that when bang in the night faster? How do I then fix it quickly? And then how do I layer in some automation so hopefully I don't have to do it again? Now, the challenge there that really OCF Ocsf helps to, to solve is to do that effectively, to detect and to respond at the speed at which attackers are demanding. >>Today we have to have normalization of data across this entire landscape of tools, infrastructure, services. We have to have integration to have visibility, and these tools have to work together. But the biggest barrier to that is often data is stored in different structures and in different formats across different solution providers, across different tools that are, that are, that our customers are using. And that that lack of data, normalization, chokes the integration problem. And so, you know, several years ago, a number of very smart people, and this was, this was a initiative s started by Splunk and AWS came together and said, look, we as an industry have to solve this for our customers. We have to start to shoulder this burden for our customers. We can't, we can't make our customers have to be systems integrators. That's not their job. Our job is to help make this easier for them. And so OCS was born and over the last couple of years we've built out this, this collaboration to not just be AWS and Splunk, but over 50 different organizations, cloud service providers, solution providers in the cybersecurity space have come together and said, let's decide on a single unified schema for how we're gonna represent event data in this industry. And I'm very proud to be here today to say that we've launched it and, and I can't wait to see where we go next. >>Yeah, I mean, this is really compelling. I mean, it's so much packed in that, in that statement, I mean, data normalization, you mentioned chokes, this the, the solution and integration as you call it. But really also it's like data's not just stored in silos. It may not even be available, right? So if you don't have availability of data, that's an important point. Number two, you mentioned supply chain, there's physical supply chain that's coming up big time at reinvent this time as well as in open source, the software supply chain. So you now have the perimeter's been dead for multiple years. We've been talking with that for years, everybody knows that. But now combined with the supply chain problem, both physical and software, there's so much more to go on. And so, you know, the leaders in the industry, they're not sitting on their hands. They know this, but they're just overloaded. So, so how do leaders deal with this right now before we get into the ocs f I wanna just get your thoughts on what's the psychology of the, of the business leader who's facing this landscape? >>Yeah, well, I mean unfortunately too many leaders feel like they have to face these trade offs between, you know, how and where they are really focusing cyber resilience investments in the business. And, and often there is a siloed approach across security, IT developer operations or engineering rather than the ability to kind of drive visibility integration and, and connection of outcomes across those different functions. I mean, the truth is the telemetry that, that you get from an application for application performance monitoring or infrastructure monitoring is often incredibly valuable when there's a security incident and vice versa. Some of the security data that, that you may see in a security operation center can be incredibly valuable in trying to investigate a, a performance degradation in an application and understanding where that may come from. And so what we're seeing is this data layer is collapsing faster than the org charts are or the budget line items are in the enterprise. And so at Splunk here, you know, we believe security resilience is, is fundamentally a data problem. And one of the things that we do often is, is actually help connect the dots for our customers and bring our customers together across the silos they may have internally so that they can start to see a holistic picture of what resilience means for their enterprise and how they can drive faster detection outcomes and more automation coverage. >>You know, we recently had an event called Super Cloud, we're going into the next gen kind of a cloud, how data and security are all kind of part of this NextGen application. It's not just us. And we had a panel that was titled The Innovators Dilemma, kind of talk about you some of the challenges. And one of the panelists said, it's not the innovator's dilemma, it's the integrator's dilemma. And you mentioned that earlier, and I think this a key point right now into integration is so critical, not having the data and putting pieces together now open source is becoming a composability market. And I think having things snap together and work well, it's a platform system conversation, not a tool conversation. So I really wanna get into where the OCS f kind of intersects with this area people are working on. It's not just solution architects or cloud cloud native SREs, especially where DevSecOps is. So this that's right, this intersection is critical. How does Ocsf integrate into that integration of the data making that available to make machine learning and automation smarter and more relevant? >>Right, right. Well look, I mean, I I think that's a fantastic question because, you know, we talk about, we use Bud buzzwords like machine learning and, and AI all the time. And you know, I know they're all over the place here at Reinvent and, and the, there's so much promise and hope out there around these technologies and these innovations. However, machine learning AI is only as effective as the data is clean and normalized. And, and we will not realize the promise of these technologies for outcomes in resilience unless we have better ways to normalize data upstream and better ways to integrate that data to the downstream tools where detection and response is happening. And so Ocsf was really about the industry coming together and saying, this is no longer the job of our customers. We are going to create a unified schema that represents the, an event that we will all bite down on. >>Even some of us are competitors, you know, this is, this is that, that no longer matters because at the point, the point is how do we take this burden off of our customers and how do we make the industry safer together? And so 15 initial members came together along with AWS and Splunk to, to start to create that, that initial schema and standardize it. And if you've ever, you know, if you've ever worked with a bunch of technical grumpy security people, it's kind of hard to drive consensus about around just about anything. But, but I, I'm really happy to see how quickly this, this organization has come together, has open sourced the schema, and, and, and just as you said, like I think this, this unlocks the potential for real innovation that's gonna be required to keep up with the bad guys. But right now is getting stymied and held back by the lack of normalization and the lack of integration. >>I've always said Splunk was a, it eats data for breakfast, lunch, and dinner and turns it into insights. And I think you bring up the silo thing. What's interesting is the cross company sharing, I think this hits point on, so I see this as a valuable opportunity for the industry. What's the traction on that? Because, you know, to succeed it does take a village, it takes a community of security practitioners and, and, and architects and developers to kind of coalesce around this defacto movement has been, has been the uptake been good? How's traction? Can you share your thoughts on how this is translating across companies? >>Yeah, absolutely. I mean, look, I, I think cybersecurity has a, has a long track record of, of, of standards development. There's been some fantastic standards recently. Things like sticks and taxi for threat intelligence. There's been things like the, you know, the Mir attack framework coming outta mi mir and, and, and the adoption, the traction that we've seen with Attack in particular has been amazing to, to watch how that has kind of roared onto the scene in the last couple of years and has become table stakes for how you do security operations and incident response. And, you know, I think with ocs f we're gonna see something similar here, but, you know, we are in literally the first innings of, of this. So right now, you know, we're architecting this into our, into every part of our sort of backend systems here at Polan. I know our our collaborators at AWS and elsewhere are doing it too. >>And so I think it starts with bringing this standard now that the standard exists on a, you know, in schema format and there, there's, you know, confluence and Jira tickets around it, how do we then sort of build this into the code of, of the, the collaborators that have been leading the way on this? And you know, it's not gonna happen overnight, but I think in the coming quarters you'll start to see this schema be the standard across the leaders in this space. Companies like Splunk and AWS and others who are leading the way. And often that's what helps drive adoption of a standard is if you can get the, the big dogs, so to speak, to, to, to embrace it. And, and, you know, there's no bigger one than aws and I think there's no, no more important one than Splunk in the cybersecurity space. And so as we adopt this, we hope others will follow. And, and like I said, we've got over 50 organizations contributing to it today. And so I think we're off to a running >>Start. You know, it's interesting, choking innovation or having things kind of get, get slowed down has really been a problem. We've seen successes recently over the past few years. Like Kubernetes has really unlocked and accelerated the cloud native worlds of runtime with containers to, to kind of have the consensus of the community to say, Hey, if we just do this, it gets better. I think this is really compelling with the o the ocs F because if people can come together around this and get unified as well as all the other official standards, things can go highly accelerated. So I think, I think it looks really good and I think it's great initiative and I really appreciate your insight on that, on, on your relationship with Amazon. Okay. It's not just a partnership, it's a strategic collaboration. Could you share that relationship dynamic, how to start, how's it going, what's strategic about it? Share to the audience kind of the relationship between Splunk and a on this important OCS ocsf initiative. >>Look, I, I mean I think this, this year marks the, the 10th year anniversary that, that Splunk and AWS have been collaborating in a variety of different ways. I, I think our, our companies have a fantastic and, and long standing relationship and we've, we've partnered on a number of really important projects together that bring value obviously to our individual companies, but also to our shared customers. When I think about some of the most important customers at Splunk that I spend a significant amount of time with, I I I know how many of those are, are AWS customers as well, and I know how important AWS is to them. So I think it's, it's a, it's a collaboration that is rooted in, in a respect for each other's technologies and innovation, but also in a recognition that, that our shared customers want to see us work better together over time. And it's not, it's not two companies that have kind of decided in a back room that they should work together. It's actually our customers that are, that are pushing us. And I think we're, we're both very customer centric organizations and I think that has helped us actually be better collaborators and better partners together because we're, we're working back backwards from our customers >>As security becomes a physical and software approach. We've seen the trend where even Steven Schmidt at Amazon Web Services is, is the cso, he is not the CSO anymore. So, and I asked him why, he says, well, security's also physical stuff too. So, so he's that's right. Whole lens is now expanded. You mentioned supply chain, physical, digital, this is an important inflection point. Can you summarize in your mind why open cybersecurity schema for is important? I know the unification, but beyond that, what, why is this so important? Why should people pay attention to this? >>You know, I, if, if you'll let me be just a little abstract in meta for a second. I think what's, what's really meaningful at the highest level about the O C S F initiative, and that goes beyond, I think, the tactical value it will provide to, to organizations and to customers in terms of making them safer over the coming years and, and decades. I think what's more important than that is it's really the, one of the first times that you've seen the industry come together and say, we got a problem. We need to solve. That, you know, doesn't really have anything to do with, with our own economics. Our customers are, are hurt. And yeah, some of us may be competitors, you know, we got different cloud service providers that are participating in this along with aws. We got different cybersecurity solution providers participating in this along with Splunk. >>But, but folks who've come together and say, we can actually solve this problem if, if we're able to kind of put aside our competitive differences in the markets and approach this from the perspective of what's best for information security as a whole. And, and I think that's what I'm most proud of and, and what I hope we can do more of in other places in this industry, because I think that kind of collaboration from real market leaders can actually change markets. It can change the, the, the trend lines in terms of how we are keeping up with the bad guys. And, and I'd like to see a lot more of >>That. And we're seeing a lot more new kind of things emerging in the cloud next kind of this next generation architecture and outcomes are happening. I think it's interesting, you know, we always talk about sustainability, supply chain sustainability about making the earth a better place. But you're hitting on this, this meta point about businesses are under threat of going under. I mean, we want to keep businesses to businesses to be sustainable, not just, you know, the, the environment. So if a business goes outta business business, which they, their threats here are, can be catastrophic for companies. I mean, there is, there is a community responsibility to protect businesses so they can sustain and and stay Yeah. Stay producing. This is a real key point. >>Yeah. Yeah. I mean, look, I think, I think one of the things that, you know, we, we, we complain a lot of in, in cyber security about the lack of, of talent, the talent shortage in cyber security. And every year we kinda, we kind of whack ourselves over the head about how hard it is to bring people into this industry. And it's true. But one of the things that I think we forget, John, is, is how important mission is to so many people in what they do for a living and how they work. And I think one of the things that cybersecurity is strongest in information Security General and has been for decades is this sense of mission and people work in this industry be not because it's, it's, it's always the, the, the most lucrative, but because it, it really drives a sense of safety and security in the enterprises and the fabric of the economy that we use every day to go through our lives. And when I think about the spun customers and AWS customers, I think about the, the different products and tools that power my life and, and we need to secure them. And, and sometimes that means coming to work every day at that company and, and doing your job. And sometimes that means working with others better, faster, and stronger to help drive that level of, of, of maturity and security that this industry >>Needs. It's a human, is a human opportunity, human problem and, and challenge. That's a whole nother segment. The role of the talent and the human machines and with scale. Patrick, thanks so much for sharing the information and the insight on the Open cybersecurity schema frame and what it means and why it's important. Thanks for sharing on the Cube, really appreciate it. >>Thanks for having me, John. >>Okay, this is AWS Reinvent 2022 coverage here on the Cube. I'm John Furry, you're the host. Thanks for watching.