>>In the early part of this century, we're talking about the 2005 to 2007 timeframe. There was a lot of talk about so-called green it. And at that time there was some organizational friction. Like for example, the line was that the CIO never saw the power bill, so he or she didn't care, or that the facilities folks, they rarely talked to the IT department. So it was kind of that split brain. And, and then the oh 7 0 8 financial crisis really created an inflection point in a couple of ways. First, it caused organizations to kind of pump the brakes on it spending, and then they took their eye off the sustainability ball. And the second big trend, of course, was the cloud model, you know, kind of became a benchmark for it. Simplicity and automation and efficiency, the ability to dial down and dial up capacity as needed. >>And the third was by the end of the first decade of the, the two thousands, the technology of virtualization was really hitting its best stride. And then you had innovations like flash storage, which largely eliminated the need for these massive farms of spinning mechanical devices that sucked up a lot of power. And so really these technologies began their march to mainstream adoption. And as we progressed through the 2020s, the effect of climate change really come into focus as a critical component of esg. Environmental, social, and governance. Shareholders have come to demand metrics around sustainability. Employees are often choosing employers based on their ESG posture. And most importantly, companies are finding that savings on power cooling and footprint, it has a bottom line impact on the income statement. Now you add to that the energy challenges around the world, particularly facing Europe right now, the effects of global inflation and even more advanced technologies like machine intelligence. >>And you've got a perfect storm where technology can really provide some relief to organizations. Hello and welcome to the Path to Sustainable It Made Possible by Pure Storage and Collaboration with the Cube. My name is Dave Valante and I'm one of the host of the program, along with my colleague Lisa Martin. Now, today we're gonna hear from three leaders on the sustainability topic. First up, Lisa will talk to Nicole Johnson. She's the head of Social Impact and Sustainability at Pure Storage. Nicole will talk about the results from a study of around a thousand sustainability leaders worldwide, and she'll share some metrics from that study. And then next, Lisa will speak to AJ Singh. He's the Chief Product Officer at Pure Storage. We've had had him on the cube before, and not only will he share some useful stats in the market, I'll also talk about some of the technology innovations that customers can tap to address their energy consumption, not the least of which is ai, which is is entering every aspect of our lives, including how we deal with energy consumption. And then we'll bring it back to our Boston studio and go north of Italy with Mattia Ballero of Elec Informatica, a services provider with deep expertise on the topic of sustainability. We hope you enjoyed the program today. Thanks for watching. Let's get started >>At Pure Storage, the opportunity for change and our commitment to a sustainable future are a direct reflection of the way we've always operated and the values we live by every day. We are making significant and immediate impact worldwide through our environmental sustainability efforts. The milestones of change can be seen everywhere in everything we do. Pure's Evergreen Storage architecture delivers two key environmental benefits to customers, the reduction of wasted energy and the reduction of e-waste. Additionally, Pure's implemented a series of product packaging redesigns, promoting recycled and reuse in order to reduce waste that will not only benefit our customers, but also the environment. Pure is committed to doing what is right and leading the way with innovation. That has always been the pure difference, making a difference by enabling our customers to drive out energy usage and their data storage systems by up to 80%. Today, more than 97% of pure arrays purchased six years ago are still in service. And tomorrow our goal for the future is to reduce Scope three. Emissions Pure is committing to further reducing our sold products emissions by 66% per petabyte by 2030. All of this means what we said at the beginning, change that is simple and that is what it has always been about. Pure has a vision for the future today, tomorrow, forever. >>Hi everyone, welcome to this special event, pure Storage, the Path to Sustainable it. I'm your host, Lisa Martin. Very pleased to be joined by Nicole Johnson, the head of Social Impact and Sustainability at Pure Storage. Nicole, welcome to the Cube. Thanks >>For having me, Lisa. >>Sustainability is such an important topic to talk about and I understand that Pure just announced a report today about sustainability. What can you tell me what nuggets are in this report? >>Well, actually quite a few really interesting nuggets, at least for us. And I, I think probably for you and your viewers as well. So we actually commissioned about a thousand sustainability leaders across the globe to understand, you know, what are their sustainability goals, what are they working on, and what are the impacts of buying decisions, particularly around infrastructure when it comes to sustainable goals. I think one of the things that was really interesting for us was the fact that around the world we did not see a significant variation in terms of sustainability being a top priority. You've, I'm sure you've heard about the energy crisis that's happening across Europe. And so, you know, there was some thought that perhaps that might play into AMEA being a larger, you know, having sustainability goals that were more significant. But we actually did not find that we found sustainability to be really important no matter where the respondents were located. >>So very interesting at Pure sustainability is really at the heart of what we do and has been since our founding. It's interesting because we set out to make storage really simple, but it turns out really simple is also really sustainable. And the products and services that we bring to our customers have really powerful outcomes when it comes to decreasing their, their own carbon footprints. And so, you know, we often hear from customers that we've actually really helped them to significantly improve their storage performance, but also allow them to save on space power and cooling costs and, and their footprint. So really significant findings. One example of that is a company called Cengage, which is a global education technology company. They recently shared with us that they have actually been able to reduce their overall storage footprint by 80% while doubling to tripling the performance of their storage systems. So it's really critical for, for companies who are thinking about their sustainability goals, to consider the dynamic between their sustainability program and their IT teams who are making these buying decisions, >>Right? Those two teams need to be really inextricably linked these days. You talked about the fact that there was really consistency across the regions in terms of sustainability being of high priority for organizations. You had a great customer story that you shared that showed significant impact can be made there by bringing the sustainability both together with it. But I'm wondering why are we seeing that so much of the vendor selection process still isn't revolving around sustainability or it's overlooked? What are some of the things that you received despite so many people saying sustainability, huge priority? >>Well, in this survey, the most commonly cited challenge was really around the fact that there was a lack of management buy-in. 40% of respondents told us this was the top roadblock. So getting, I think getting that out of the way. And then we also just heard that sustainability teams were not brought into tech purchasing processes until after it's already rolling, right? So they're not even looped in. And that being said, you know, we know that it has been identified as one of the key departments to supporting a company sustainability goals. So we, we really want to ensure that these two teams are talking more to each other. When we look even closer at the data from the respondents, we see some really positive correlations. We see that 65% of respondents reported that they're on track to meet their sustainability goals. And the IT of those 65%, it is significantly engaged with reporting data for those sustainability initiatives. We saw that, that for those who did report, the sustainability is a top priority for vendor selection. They were twice as likely to be on track with their goals and their sustainability directors said that they were getting involved at the beginning of the tech purchasing program. Our process, I'm sorry, rather than towards the end. And so, you know, we know that to curb the impact of climate crisis, we really need to embrace sustainability from a cross-functional viewpoint. >>Definitely has to be cross-functional. So, so strong correlations there in the report that organizations that had closer alignment between the sustainability folks and the IT folks were farther along in their sustainability program development, execution, et cetera, those co was correlations, were they a surprise? >>Not entirely. You know, when we look at some of the statistics that come from the, you know, places like the World Economic Forum, they say that digitization generated 4% of greenhouse gas emissions in 2020. So, and that, you know, that's now almost three years ago, digital data only accelerates, and by 2025, we expect that number could be almost double. And so we know that that communication and that correlation is gonna be really important because data centers are taking up such a huge footprint of when companies are looking at their emissions. And it's, I mean, quite frankly, a really interesting opportunity for it to be a trailblazer in the sustainability journey. And, you know, perhaps people that are in IT haven't thought about how they can make an impact in this area, but there really is some incredible ways to help us work on cutting carbon emissions, both from your company's perspective and from the world's perspective, right? >>Like we are, we're all doing this because it's something that we know we have to do to drive down climate change. So I think when you, when you think about how to be a trailblazer, how to do things differently, how to differentiate your own department, it's a really interesting connection that IT and sustainability work together. I would also say, you know, I'll just note that of the respondents to the survey we were discussing, we do over half of those respondents expect to see closer alignment between the organization's IT and sustainability teams as they move forward. >>And that's really a, a tip a hat to those organizations embracing cultural change. That's always hard to do, but for those two, for sustainability in IT to come together as part of really the overall ethos of an organization, that's huge. And it's great to see the data demonstrating that, that those, that alignment, that close alignment is really on its way to helping organizations across industries make a big impact. I wanna dig in a little bit to here's ESG goals. What can you share with us about >>That? Absolutely. So as I mentioned peers kind of at the beginning of our formal ESG journey, but really has been working on the, on the sustainability front for a long time. I would, it's funny as we're, as we're doing a lot of this work and, and kind of building our own profile around this, we're coming back to some of the things that we have done in the past that consumers weren't necessarily interested in then but are now because the world has changed, becoming more and more invested in. So that's exciting. So we did a baseline scope one, two, and three analysis and discovered, interestingly enough that 70% of our emissions comes from use of sold products. So our customers work running our products in their data centers. So we know that we, we've made some ambitious goals around our Scope one and two emissions, which is our own office, our utilities, you know, those, they only account for 6% of our emissions. So we know that to really address the issue of climate change, we need to work on the use of sold products. So we've also made a, a really ambitious commitment to decrease our carbon emissions by 66% per bed per petabyte by 2030 in our product. So decreasing our own carbon footprint, but also affecting our customers as well. And we've also committed to a science-based target initiative and our road mapping how to achieve the ambitious goals set out in the Paris agreement. >>That's fantastic. It sounds like you really dialed in on where is the biggest opportunity for us as Pure Storage to make the biggest impact across our organization, across our customers organizations. There lofty goals that pure set, but knowing what I know about Pure, you guys are probably well on track to, to accomplish those goals in record time, >>I hope So. >>Talk a little bit about advice that you would give to viewers who might be at the very beginning of their sustainability journey and really wondering what are the core elements besides it, sustainability, team alignment that I need to bring into this program to make it actually successful? >>Yeah, so I think, you know, understanding that you don't have to pick between really powerful technology and sustainable technology. There are opportunities to get both and not just in storage right in, in your entire IT portfolio. We know that, you know, we're in a place in the world where we have to look at things from the bigger picture. We have to solve new challenges and we have to approach business a little bit differently. So adopting solutions and services that are environmentally efficient can actually help to scale and deliver more effective and efficient IT solutions over time. So I think that that's something that we need to, to really remind ourselves, right? We have to go about business a little bit differently and that's okay. We also know that data centers utilize an incredible amount of, of energy and, and carbon. And so everything that we can do to drive that down is going to address the sustainability goals for us individually as well as, again, drive down that climate change. So we, we need to get out of the mindset that data centers are, are about reliability or cost, et cetera, and really think about efficiency and carbon footprint when you're making those business decisions. I'll also say that, you know, the earlier that we can get sustainability teams into the conversation, the more impactful your business decisions are going to be and helping you to guide sustainable decision making. >>So shifting sustainability and IT left almost together really shows that the correlation between those folks getting together in the beginning with intention, the report shows and the successes that peers had demonstrate that that's very impactful for organizations to actually be able to implement even the cultural change that's needed for sustainability programs to be successful. My last question for you goes back to that report. You mentioned in there that the data show a lot of organizations are hampered by management buy-in, where sustainability is concerned. How can pure help its customers navigate around those barriers so that they get that management buy-in and they understand that the value in it for >>Them? Yeah, so I mean, I think that for me, my advice is always to speak to hearts and minds, right? And help the management to understand, first of all, the impact right on climate change. So I think that's the kind of hearts piece on the mind piece. I think it's addressing the sustainability goals that these companies have set for themselves and helping management understand how to, you know, how their IT buying decisions can actually really help them to reach these goals. We also, you know, we always run kind of TCOs for customers to understand what is the actual cost of, of the equipment. And so, you know, especially if you're in a, in a location in which energy costs are rising, I mean, I think we're seeing that around the world right now with inflation. Better understanding your energy costs can really help your management to understand the, again, the bigger picture and what that total cost is gonna be. Often we see, you know, that maybe the I the person who's buying the IT equipment isn't the same person who's purchasing, who's paying the, the electricity bills, right? And so sometimes even those two teams aren't talking. And there's a great opportunity there, I think, to just to just, you know, look at it from a more high level lens to better understand what total cost of ownership is. >>That's a great point. Great advice. Nicole, thank you so much for joining me on the program today, talking about the new report that on sustainability that Pure put out some really compelling nuggets in there, but really also some great successes that you've already achieved internally on your own ESG goals and what you're helping customers to achieve in terms of driving down their carbon footprint and emissions. We so appreciate your insights and your thoughts. >>Thank you, Lisa. It's been great speaking with you. >>AJ Singh joins me, the Chief Product Officer at Peer Storage. Aj, it's great to have you back on the program. >>Great to be back on, Lisa, good morning. >>Good morning. And sustainability is such an important topic to talk about. So we're gonna really unpack what PEER is doing, we're gonna get your viewpoints on what you're seeing and you're gonna leave the audience with some recommendations on how they can get started on their ESG journey. First question, we've been hearing a lot from pure AJ about the role that technology plays in organizations achieving sustainability goals. What's been the biggest environmental impact associated with, with customers achieving that given the massive volumes of data that keep being generated? >>Absolutely, Lisa, you can imagine that the data is only growing and exploding and, and, and, and there's a good reason for it. You know, data is the new currency. Some people call it the new oil. And the opportunity to go process this data gain insights is really helping customers drive an edge in the digital transformation. It's gonna make a difference between them being on the leaderboard a decade from now when the digital transformation kind of pans out versus, you know, being kind of somebody that, you know, quite missed the boat. So data is super critical and and obviously as part of that we see all these big benefits, but it has to be stored and, and, and that means it's gonna consume a lot of resources and, and the, and therefore data center usage has only accelerated, right? You can imagine the amount of data being generated, you know, recent study pointed to roughly by twenty twenty five, a hundred and seventy five zetabytes, which where each zettabyte is a billion terabytes. So just think of that size and scale of data. That's huge. And, and they also say that, you know, pretty soon, today, in fact in the developed world, every person is having an interaction with the data center literally every 18 seconds. So whether it's on Facebook or Twitter or you know, your email, people are constantly interacting with data. So you can imagine this data is only exploding. It has to be stored and it consumes a lot of energy. In fact, >>It, oh, go ahead. Sorry. >>No, I was saying in fact, you know, there's some studies have shown that data center usage literally consumes one to 2% of global energy consumption. So if there's one place we could really help climate change and, and all those aspects, if you can kind of really, you know, tamp down the data center, energy consumption, sorry, you were saying, >>I was just gonna say, it's, it's an incredibly important topic and the, the, the stats on data that you provided and also I, I like how you talked about, you know, every 18 seconds we're interacting with a data center, whether we know it or not, we think about the long term implications, the fact that data is growing massively. As you shared with the stats that you mentioned. If we think about though the responsibility that companies have, every company in today's world needs to be a data company, right? And we consumers expect it. We expect that you are gonna deliver these relevant, personalized experiences whether we're doing a transaction in our personal lives or in business. But what is the, what requirements do technology companies have to really start billing down their carbon footprints? >>No, absolutely. If you can think about it, just to kind of finish up the data story a little bit, the explosion is to the point where, in fact, if you just recently was in the news that Ireland went up and said, sorry, we can't have any more data centers here. We just don't have the power to supply them. That was big in the news and you know, all the hyperscale that was crashing the head. I know they've come around that and figured out a way around it, but it's getting there. Some, some organizations and and areas jurisdictions are saying pretty much no data center the law, you know, we're, we just can't do it. And so as you said, so companies like Pure, I mean, our view is that it has an opportunity here to really do our bit for climate change and be able to, you know, drive a sustainable environment. >>And, and at Pure we believe that, you know, today's data success really ultimately hinges on energy efficiency, you know, so to to really be energy efficient means you are gonna be successful long term with data. Because if you think of classic data infrastructures, the legacy infrastructures, you know, we've got disk infrastructures, hybrid infrastructures, flash infrastructures, low end systems, medium end systems, high end systems. So a lot of silos, you know, a lot of inefficiency across the silos. Cause the data doesn't get used across that. In fact, you know, today a lot of data centers are not really built with kind of the efficiency and environmental mindset. So there's a big opportunity there. >>So aj, talk to me about some of the steps that Pure is implementing as its chief product officer. Would love to get your your thoughts, what steps is it implementing to help Pures customers become more sustainable? >>No, absolutely. So essentially we are all inherently motivated, like pure and, and, and, and everybody else to solve problems for customers and really forward the status quo, right? You know, innovation, you know, that's what we are all about. And while we are doing that, the challenge is to how do you make technology and the data we feed into it faster, smarter, scalable obviously, but more importantly sustainable. And you can do all of that, but if you miss the sustainability bit, you're kind of missing the boat. And I also feel from an ethical perspective, that's really important for us. Not only you do all the other things, but also kind of make it sustainable. In fact, today 80% of the companies, the companies are realizing this, 80% today are in fact report out on sustainability, which is great. In fact, 80% of leadership at companies, you know, CEOs and senior executives say they've been impacted by some climate change event, you know, where it's a fire in the place they had to evacuate or floods or storms or hurricanes, you, you name it, right? >>So mitigating the carbon impact can in fact today be a competitive advantage for companies because that's where the puck is going and everybody's, you know, it's skating, wanting to skate towards the, and it's good, it's good business too to be sustainable and, and, and meet these, you know, customer requirements. In fact, the the recent survey that we released today is saying that more and more organizations are kickstarting, their sustainability initiatives and many take are aiming to make a significant progress against that over the next decade. So that's, that's really, you know, part of the big, the really, so our view is that that IT infrastructure, you know, can really make a big push towards greener it and not just kind of greenwash it, but actually, you know, you know, make things more greener and, and, and really take the, the lead in, in esg. And so it's important that organizations can reach alignment with their IT teams and challenge their IT teams to continue to lead, you know, for the organization, the sustainability aspects. >>I'm curious, aj, when you're in customer conversations, are you seeing that it's really the C-suite plus it coming together and, and how does peer help facilitate that? To your point, it needs to be able to deliver this, but it's, it's a board level objective these days. >>Absolutely. We're seeing increasingly, especially in Europe with the, you know, the war in Ukraine and the energy crisis that, you know, that's, that's, you know, unleashed. We definitely see it's becoming a bigger and bigger board level objective for, for a lot of companies. And we definitely see customers in starting to do that. So, so in particular, I do want to touch briefly on what steps we are taking as a company, you know, to to to make it sustainable. And obviously customers are doing all the things we talked about and, and we're also helping them become smarter with data. But the key difference is, you know, we have a big focus on efficiency, which is really optimizing performance per wat with unmatched storage density. So you can reduce the footprint and dramatically lower the power required. And and how efficient is that? You know, compared to other old flash systems, we tend to be one fifth, we tend to take one fifth the power compared to other flash systems and substantially lower compared to spinning this. >>So you can imagine, you know, cutting your, if data center consumption is a 2% of global consumption, roughly 40% of that tends to be storage cause of all the spinning disc. So you add about, you know, 0.8% to global consumption and if you can cut that by four fifths, you know, you can already start to make an impact. So, so we feel we can do that. And also we're quite a bit more denser, 10 times more denser. So imagine one fifth the power, one 10th the density, but then we take it a step further because okay, you've got the storage system in the data center, but what about the end of life aspect? What about the waste and reclamation? So we also have something called non-disruptive upgrades. We, using our AI technology in pure one, we can start to sense when a particular part is going to fail and just before it goes to failure, we actually replace it in a non-disruptive fashion. So customer's data is not impacted and then we recycle that so you get a full end to end life cycle, you know, from all the way from the time you deploy much lower power, much lower density, but then also at the back end, you know, reduction in e-waste and those kind of things. >>That's a great point you, that you bring up in terms of the reclamation process. It sounds like Pure does that on its own, the customer doesn't have to be involved in that. >>That's right. And we do that, it's a part of our evergreen, you know, service that we offer. A lot of customers sign up for that service and in fact they don't even, we tell them, Hey, you know, that part's about to go, we're gonna come in, we're gonna swap it out and, and then we actually recycle that part, >>The power of ai. Love that. What are some of the, the things that companies can do if they're, if they're early in this journey on sustainability, what are some of the specific steps companies can take to get started and maybe accelerate that journey as it's becoming climate change and things are becoming just more and more of a, of a daily topic on the news? >>No, absolutely. There's a lot of things companies can do. In fact, the four four item that we're gonna highlight, the first one is, you know, they can just start by doing a materiality assessment and a materiality assessment essentially engages all the stakeholders to find out which specific issues are important for the business, right? So you identify your key priorities that intersect with what the stakeholders want, you know, your different groups from sales, customers, partners, you know, different departments in the organization. And for example, for us, when we conducted our materiality assessment, for us, our product we felt was the biggest area of focus that could contribute a lot towards, you know, making an impact in, in, in from a sustainability standpoint. That's number one. I think number two companies can also think about taking an Azure service approach. The beauty of the Azure service approach is that you are buying a, your customer, they're buying outcomes with SLAs and, and when you are starting to buy outcomes with SLAs, you can start small and then grow as you consume more. >>So that way you don't have systems sitting idle waiting for you to consume more, right? And that's the beauty of the as service approach. And so for example, for us, you know, we have something called Evergreen one, which is our as service offer, where essentially customers are able to only use and have systems turned onto as much as they're consuming. So, so that reduces the waste associated with underutilized systems, right? That's number two. Number three is also you can optimize your supply chains end to end, right? Basically by making sure you're moving, recycling, packaging and eliminating waste in that thing so you can recycle it back to your suppliers. And you can also choose a sustainable supplier network that following sort of good practices, you know, you know, across the globe and such supply chains that are responsive and diverse can really help you. Also, the big business benefit benefited. >>You can also handle surges and demand, for example, for us during the pandemic with this global supply chain shortages, you know, whereas most of our competitors, you know, lead times went to 40, 50 weeks, our lead times went from three to six weeks cuz you know, we had this sustainable, you know, supply chain. And so all of these things, you know, the three things important, but the fourth thing I say more cultural and, and the cultural thing is how do you actually begin to have sustainability become a core part of your ethos at the company, you know, across all the departments, you know, and we've at Pure, definitely it's big for us, you know, you know, around sustainability starting with a product design, but all of the areas as well, if you follow those four items, they'll do the great place to start. >>That's great advice, great recommendations. You talk about the, the, the supply chain, sustainable supply chain optimization. We've been having a lot of conversations with businesses and vendors alike about that and how important it is. You bring up a great point too on supplier diversity, if we could have a whole conversation on that. Yes. But I'm also glad that you brought up culture that's huge to, for organizations to adopt an ESG strategy and really drive sustainability in their business. It has to become, to your point, part of their ethos. Yes. It's challenging. Cultural change management is challenging. Although I think with climate change and the things that are so public, it's, it's more on, on the top mindset folks. But it's a great point that the organization really as a whole needs to embrace the sustainability mindset so that it as a, as an organization lives and breathes that. Yes. And last question for you is advice. So you, you outlined the Four Steps organizations can take. I look how you made that quite simple. What advice would you give organizations who are on that journey to adopting those, those actions, as you said, as they look to really build and deploy and execute an ESG strategy? >>No, absolutely. And so obviously, you know, the advice is gonna come from, you know, a company like Pure, you know, our background kind of being a supplier of products. And so, you know, our advice is for companies that have products, usually they tend to be the biggest generator, the products that you sell to your, your customers, especially if they've got hardware components in it. But, you know, the biggest generator of e-waste and, and and, and, and, and kind of from a sustainability standpoint. So it's really important to have an intentional design approach towards your products with sustainability in mind. So it's not something that's, that you can handle at the very back end. You design it front in the product and so that sustainable design becomes very intentional. So for us, for example, doing these non-disruptive upgrades had to be designed up front so that, you know, a, you know, one of our repair person could go into a customer shop and be able to pull out a card and put in a new card without any change in the customer system. >>That non-receptive approach, it has to be designed into the hardware software systems to be able to pull that on. And that intentional design enables you to recover pieces just when they're about to fail and then putting them through a recovery, you know, waste recovery process. So that, that's kind of the one thing I would say that philosophy, again, it comes down to if that is, you know, seeping into the culture, into your core ethos, you will start to do, you know, you know, that type of work. So, so I mean it's important thing, you know, look, this year, you know, with the spike in energy prices, you know, you know, gas prices going up, it's super important that all of us, you know, do our bit in there and start to drive products that are fundamentally sustainable, not just at the initial, you know, install point, but from an end to end full life cycle standpoint. >>Absolutely. And I love that you brought up intention that is everything that peers doing is with, with such thought and intention and really for organizations and any industry to become more sustainable, to develop an ESG strategy. To your point, it all needs to start with intention. And of course that that cultural adoption, aj, it's been so great to have you on the program talking about what PEER is doing to help organizations really navigate that path to sustainable it. We appreciate your insights on your time. >>Thank you, Lisa. Pleasure being on board >>At Pure Storage. The opportunity for change and our commitment to a sustainable future are a direct reflection of the way we've always operated and the values we live by every day. We are making significant and immediate impact worldwide through our environmental sustainability efforts. The milestones of change can be seen everywhere in everything we do. Pures Evergreen storage architecture delivers two key environmental benefits to customers, the reduction of wasted energy and the reduction of e-waste. Additionally, pures implemented a series of product packaging redesigns, promoting recycle and reuse in order to reduce waste that will not only benefit our customers, but also the environment. Pure is committed to doing what is right and leading the way with innovation. That has always been the pure difference, making a difference by enabling our customers to drive out energy usage and their data storage systems by up to 80% today, more than 97% of Pure Array purchased six years ago are still in service. And tomorrow our goal for the future is to reduce Scope three emissions Pure is committing to further reducing our sold products emissions by 66% per petabyte by 2030. All of this means what we said at the beginning, change that is simple and that is what it has always been about. Pure has a vision for the future today, tomorrow, forever. >>We're back talking about the path to sustainable it and now we're gonna get the perspective from Mattia Valerio, who is with Elec Informatica and IT services firm and the beautiful Lombardi region of Italy north of Milano. Mattia, welcome to the Cube. Thanks so much for coming on. >>Thank you very much, Dave. Thank you. >>All right, before we jump in, tell us a little bit more about Elec Informatica. What's your focus, talk about your unique value add to customers. >>Yeah, so basically Alma Informatica is middle company from the north part of Italy and is managed service provider in the IT area. Okay. So the, the main focus area of Al Meca is reach digital transformation innovation to our clients with focus on infrastructure services, workplace services, and also cybersecurity services. Okay. And we try to follow the path of our clients to the digital transformation and the innovation through technology and sustainability. >>Yeah. Obviously very hot topics right now. Sustainability, environmental impact, they're growing areas of focus among leaders across all industries. A particularly acute right now in, in Europe with the, you know, the energy challenges you've talked about things like sustainable business. What does that mean? What does that term Yeah. You know, speak to and, and what can others learn from it? >>Yeah. At at, at our approach to sustainability is grounded in science and, and values and also in customer territory, but also employee centered. I mean, we conduct regular assessments to understand the most significant environment and social issues for our business with, with the goal of prioritizing what we do for a sustainability future. Our service delivery methodology, employee care relationship with the local supplier and local area and institution are a major factor for us to, to build a such a responsibility strategy. Specifically during the past year, we have been particularly focused on define sustainability governance in the company based on stakeholder engagement, defining material issues, establishing quantitative indicators to monitor and setting medium to long-term goals. >>Okay, so you have a lot of data. You can go into a customer, you can do an assessment, you can set a baseline, and then you have other data by which you can compare that and, and understand what's achievable. So what's your vision for sustainable business? You know, that strategy, you know, how has it affected your business in terms of the evolution? Cuz this wasn't, hasn't always been as hot a topic as it is today. And and is it a competitive advantage for you? >>Yeah, yeah. For, for, for all intense and proposed sustainability is a competitive advantage for elec. I mean, it's so, because at the time of profound transformation in the work, in the world of work, CSR issues make a company more attractive when searching for new talent to enter in the workforce of our company. In addition, efforts to ensure people's proper work life balance are a strong retention factor. And regarding our business proposition, ELEX attempts is to meet high standard of sustainability and reliability. Our green data center, you said is a prime example of this approach as at the same time, is there a conditioning activity that is done to give a second life to technology devices that come from back from rental? I mean, our customer inquiries with respect to sustainability are increasingly frequent and in depth and which is why we monitor our performance and invest in certification such as EcoVadis or ISO 14,001. Okay, >>Got it. So in a previous life I actually did some work with, with, with power companies and there were two big factors in it that affected the power consumption. Obviously virtualization was a big one, if you could consolidate servers, you know, that was huge. But the other was the advent of flash storage and that was, we used to actually go in with the, the engineers and the power company put in alligator clips to measure of, of, of an all flash array versus, you know, the spinning disc and it was a big impact. So you, I wanna talk about your, your experience with Pure Storage. You use Flash Array and the Evergreen architecture. Can you talk about what your experience there, why did you make that decision to select Pure Storage? How does that help you meet sustainability and operational requirements? Do those benefits scale as your customers grow? What's your experience been? >>Yeah, it was basically an easy and easy answer to our, to our business needs. Okay. Because you said before that in Elec we, we manage a lot of data, okay? And in the past we, we, we see it, we see that the constraints of managing so many, many data was very, very difficult to manage in terms of power consumption or simply for the, the space of storing the data. And when, when Pure came to us and share our products, their vision to the data management journey for Element Informatica, it was very easy to choose pure why with values and numbers. We, we create a business case and we said that we, we see that our power consumption usage was much less, more than 90% of previous technology that we used in the past. Okay. And so of course you have to manage a grade oil deploy of flash technology storage, but it was a good target. >>So we have tried to monitoring the adoption of flash technology and monitor monitoring also the power consumption and the efficiency that the pure technology bring to our, to our IT systems and of course the IT systems of our clients. And so this is one, the first part, the first good part of our trip with, with Pure. And after that we approach also the sustainability in long term of choosing pure technology storage. You mentioned the Evergreen models of Pure, and of course this was, again, challenge for us because it allows, it allow us to extend the life cycle management of our data centers, but also the, IT allows us to improve the facility of the facilities of using technology from our technical side. Okay. So we are much more efficient than in the past with the choose of Pure storage technologies. Okay. Of course, this easy users, easy usage mode, let me say it, allow us to bring this value to our, to all our clients that put their data in our data centers. >>So you talked about how you've seen a 90% improvement relative to previous technologies. I always, I haven't put you in the spot. Yeah, because I, I, I was on Pure's website and I saw in their ESG report some com, you know, it was a comparison with a generic competitor presuming that competitor was not, you know, a 2010 spinning disc system. But, but, so I'm curious as to the results that you're seeing with Pure in terms of footprint and power usage. You, you're referencing some of that. We heard some metrics from Nicole and AJ earlier in the program. Do you think, again, I'm gonna put you in the spot, do you think that Pure's architecture and the way they've applied, whether it's machine intelligence or the Evergreen model, et cetera, is more competitive than other platforms that you've seen? >>Yeah, of course. Is more competitor improve competitive because basically it allows to service provider to do much more efficient value proposition and offer services that are more, that brings more values to, to the customers. Okay. So the customer is always at the center of a proposition of a service provider and trying to adopt the methodology and also the, the value that pure as inside by design in the technology is, is for us very, very, very important and very, very strategic because, because with like a glass, we can, our self transfer try to transfer the values of pure, pure technologies to our service provider client. >>Okay. Matta, let's wrap and talk about sort of near term 2023 and then longer term it looks like sustainability is a topic that's here to stay. Unlike when we were putting alligator clips on storage arrays, trying to help customers get rebates that just didn't have legs. It was too complicated. Now it's a, a topic that everybody's measuring. What's next for elec in its sustainability journey? What advice would you might have? Sustainability leaders that wanna make a meaningful impact on the environment, but also on the bottom line. >>Okay, so sustainability is fortunately a widely spread concept. And our role in, in this great game is to define a strategy, align with the common and fundamentals goals for the future of planet and capable of expressing our inclination and the, and the particularities and accessibility goals in the near future. I, I say, I can say that are will be basically free one define sustainability plan. Okay? It's fundamentals to define a sustainability plan. Then it's very important to monitor the its emissions and we will calculate our carbon footprint. Okay? And least button list produces certifiable and comprehensive sustainability report with respect to the demands of customers, suppliers, and also partners. Okay. So I can say that this three target will be our direction in the, in the future. Okay. >>Yeah. So I mean, pretty straightforward. Make a plan. You gotta monitor and measure, you can't improve what you can't measure. So you gonna set a baseline, you're gonna report on that. Yep. You're gonna analyze the data and you're gonna make continuous improvement. >>Yep. >>Matea, thanks so much for joining us today in sharing your perspectives from the, the northern part of Italy. Really appreciate it. >>Yeah, thank you for having aboard. Thank you very >>Much. It was really our pleasure. Okay, in a moment, I'm gonna be back to wrap up the program and share some resources that could be valuable in your sustainability journey. Keep it right there. >>Sustainability is becoming increasingly important and is hitting more RFPs than ever before as a critical decision point for customers. Environmental benefits are not the only impetus. Rather bottom line cost savings are proving that sustainability actually means better business. You can make a strong business case around sustainability and you should, many more organizations are setting mid and long-term goals for sustainability and putting forth published metrics for shareholders and customers. Whereas early green IT initiatives at the beginning of this century, were met with skepticism and somewhat disappointing results. Today, vendor r and d is driving innovation in system design, semiconductor advancements, automation in machine intelligence that's really beginning to show tangible results. Thankfully. Now remember, all these videos are available on demand@thecube.net. So check them out at your convenience and don't forget to go to silicon angle.com for all the enterprise tech news of the day. You also want to check out pure storage.com. >>There are a ton of resources there. As an aside, pure is the only company I can recall to allow you to access resources like a Gartner Magic Quadrant without forcing you to fill out a lead gen form. So thank you for that. Pure storage, I love that. There's no squeeze page on that. No friction. It's kind of on brand there for pure well done. But to the topic today, sustainability, there's some really good information on the site around esg, Pure's Environmental, social and Governance mission. So there's more in there than just sustainability. You'll see some transparent statistics on things like gender and ethnic diversity, and of course you'll see that Pure has some work to do there. But kudos for publishing those stats transparently and setting goals so we can track your progress. And there's plenty on the sustainability topic as well, including some competitive benchmarks, which are interesting to look at and may give you some other things to think about. We hope you've enjoyed the path to Sustainable it made possible by Pure Storage produced with the Cube, your leader in enterprise and emerging tech, tech coverage.

(calming music) >> Hello and welcome back to fabulous Las Vegas, Nevada. We're here at AWS re:Invent day three of our scintillating coverage here on theCUBE. I'm Savannah Peterson, joined by John Furrier. John Day three energy's high. How you feeling? >> I dunno, it's day two, day three, day four. It feels like day four, but again, we're back. >> Who's counting? >> Three pandemic levels in terms of 50,000 plus people? Hallways are packed. I got pictures. People don't believe it. It's actually happening. Then people are back. So, you know, and then the economy is a big question too and it's still, people are here, they're still building on the cloud and cost is a big thing. This next segment's going to be really important. I'm looking forward to this next segment. >> Yeah, me too. Without further ado let's welcome our guests for this segment. We have Brad from AMD and we have Rahul from you are, well you do a variety of different things. We'll start with CloudFix for this segment, but we could we could talk about your multiple hats all day long. Welcome to the show, gentlemen. How you doing? Brad how does it feel? We love seeing your logo above our stage here. >> Oh look, we love this. And talking about re:Invent last year, the energy this year compared to last year is so much bigger. We love it. We're excited to be here. >> Yeah, that's awesome. Rahul, how are you feeling? >> Excellent, I mean, I think this is my eighth or ninth re:Invent at this point and it's been fabulous. I think the, the crowd, the engagement, it's awesome. >> You wouldn't know there's a looming recession if you look at the activity but yet still the reality is here we had an analyst on yesterday, we were talking about spend more in the cloud, save more. So that you can still use the cloud and there's a lot of right sizing, I call you got to turn the lights off before you go to bed. Kind of be more efficient with your infrastructure as a theme. This re:Invent is a lot more about that now. Before it's about the glory days. Oh yeah, keep building, now with a little bit of pressure. This is the conversation. >> Exactly and I think most companies are looking to figure out how to innovate their way out of this uncertainty that's kind of on everyone's head. And the only way to do it is to be able to be more efficient with whatever your existing spend is, take those savings and then apply them to innovating on new stuff. And that's the way to go about it at this point. >> I think it's such a hot topic, for everyone that we're talking about. I mean, total cost optimization figuring out ways to be more efficient. I know that that's a big part of your mission at CloudFix. So just in case the audience isn't versed, give us the pitch. >> Okay, so a little bit of background on this. So the other hat I wear is CTO of ESW Capital. We have over 150 enterprise software companies within the portfolio. And one of my jobs is also to manage and run about 40 to 45,000 AWS accounts of our own. >> Casual number, just a few, just a couple pocket change, no big deal. >> And like everyone else here in the audience, yeah we had a problem with our costs, just going out of control and as we were looking at a lot of the tools to help us kind of get more efficient one of the biggest issues was that while people give you a lot of recommendations recommendations are way too far from realized savings. And we were running through the challenge of how do you take recommendation and turn them into real savings and multiple different hurdles. The short story being, we had to create CloudFix to actually realize those savings. So we took AWS recommendations around cost, filtered them down to the ones that are completely non-disruptive in nature, implemented those as simple automations that everyone could just run and realize those savings right away. We then took those savings and then started applying them to innovating and doing new interesting things with that money. >> Is there a best practice in your mind that you see merging in this time? People start more focused on it. Is there a method or a purpose kind of best practice of how to approach cost optimization? >> I think one of the things that most people don't realize is that cost optimization is not a one and done thing. It is literally nonstop. Which means that, on one hand AWS is constantly creating new services. There are over a hundred thousand API at this point of time How to use them right, how to use them efficiently You also have a problem of choice. Developers are constantly discovering new services discovering new ways to utilize them. And they are behaving in ways that you had not anticipated before. So you have to stay on top of things all the time. And really the only way to kind of stay on top is to have automation that helps you stay on top of all of these things. So yeah, finding efficiencies, standardizing your practices about how you leverage these AWS services and then automating the governance and hygiene around how you utilize them is really the key >> Brad tell me what this means for AMD and what working with CloudFix and Rahul does for your customers. >> Well, the idea of efficiency and cost optimization is near and dear to our heart. We have the leading. >> It's near and dear to everyone's heart, right now. (group laughs) >> But we are the leaders in x86 price performance and density and power efficiency. So this is something that's actually part of our core culture. We've been doing this a long time and what's interesting is most companies don't understand how much more efficiency they can get out of their applications aside from just the choices they make in cloud. but that's the one thing, the message we're giving to everybody is choice matters very much when it comes to your cloud solutions and just deciding what type of instance types you choose can have a massive impact on your bottom line. And so we are excited to partner with CloudFix, they've got a great model for this and they make it very easier for our customers to help identify those areas. And then AMD can come in as well and then help provide additional insight into those applications what else they can squeeze out of it. So it's a great relationship. >> If I hear you correctly, then there's more choice for the customers, faster selection, so no bad choices means bad performance if they have a workload or an app that needs to run, is that where you you kind of get into the, is that where it is or more? >> Well, I mean from the AMD side right now, one of the things they do very quickly is they identify where the low hanging fruit is. So it's the thing about x86 compatibility, you can shift instance types instantly in most cases without any change to your environment at all. And CloudFix has an automated tool to do that. And that's one thing you can immediately have an impact on your cost without having to do any work at all. And customers love that. >> What's the alternative if this doesn't exist they have to go manually figure it out or it gets them in the face or they see the numbers don't work or what's the, if you don't have the tool to automate what's the customer's experience >> The alternative is that you actually have people look at every single instance of usage of resources and try and figure out how to do this. At cloud scale, that just doesn't make sense. You just can't. >> It's too many different options. >> Correct The reality is that your resources your human resources are literally your most expensive part of your budget. You want to leverage all the amazing people you have to do the amazing work. This is not amazing work. This is mundane. >> So you free up all the people time. >> Correct, you free up wasting their time and resources on doing something that's mundane, simple and should be automated, because that's the only way you scale. >> I think of you is like a little helper in the background helping me save money while I'm not thinking about it. It's like a good financial planner making you money since we're talking about the economy >> Pretty much, the other analogy that I give to all the technologists is this is like garbage collection. Like for most languages when you are coding, you have these new languages that do garbage collection for you. You don't do memory management and stuff where developers back in the day used to do that. Why do that when you can have technology do that in an automated manner for you in an optimal way. So just kind of freeing up your developer's time from doing this stuff that's mundane and it's a standard best practice. One of the things that we leverage AMD for, is they've helped us define the process of seamlessly migrating folks over to AMD based instances without any major disruptions or trying to minimize every aspect of disruption. So all the best practices are kind of borrowed from them, borrowed from AWS in most other cases. And we basically put them in the automation so that you don't ever have to worry about that stuff. >> Well you're getting so much data you have the opportunity to really streamline, I mean I love this, because you can look across industry, across verticals and behavior of what other folks are doing. Learn from that and apply that in the background to all your different customers. >> So how big is the company? How big is the team? >> So we have people in about 130 different countries. So we've completely been remote and global and actually the cloud has been one of the big enablers of that. >> That's awesome, 130 countries. >> And that's the best part of it. I was just telling Brad a short while ago that's allowed us to hire the best talent from across the world and they spend their time building new amazing products and new solutions instead of doing all this other mundane stuff. So we are big believers in automation not only for our world. And once our customers started asking us about or telling us about the same problem that they were having that's when we actually took what we had internally for our own purpose. We packaged it up as CloudFix and launched it last year at re:Invent. >> If the customers aren't thinking about automation then they're going to probably have struggle. They're going to probably struggle. I mean with more data coming in you see the data story here more data's coming in, more automation. And this year Brad price performance, I've heard the word price performance more this year at re:Invent than any other year I've heard it before, but this year, price performance not performance, price performance. So you're starting to hear that dialogue of squeeze, understand the use cases use the right specialized processor instance starting to see that evolve. >> Yeah and and there's so much to it. I mean, AMD right out of the box is any instance is 10% less expensive than the equivalent in the market right now on AWS. They do a great job of maximizing those products. We've got our Zen four core general processor family just released in November and it's going to be a beast. Yeah, we're very excited about it and AWS announced support for it so we're excited to see what they deliver there too. But price performance is so critical and again it's going back to the complexity of these environments. Giving some of these enterprises some help, to help them understand where they can get additional value. It goes well beyond the retail price. There's a lot more money to be shaved off the top just by spending time thinking about those applications. >> Yeah, absolutely. I love that you talked about collaboration we've been talking about community. I want to acknowledge the AWS super fans here, standing behind the stage. Rahul, I know that you are an AWS super fan. Can you tell us about that community and the program? >> Yeah, so I have been involved with AWS and building products with AWS since 2007. So it's kind of 15 years back when literally there were just a handful of API for launching EC2 instances and S3. >> Not the a hundred thousand that you mentioned earlier, my goodness, the scale. >> So I think I feel very privileged and honored that I have been part of that journey and have had to learn or have had the opportunity to learn both from successes and failures. And it's just my way of contributing back to that community. So we are part of the FinOps foundation as well, contributing through that. I run a podcast called AWS Insiders and a livestream called AWS Made Easy. So we are trying to make sure that people out there are able to understand how to leverage AWS in the best possible way. And yeah, we are there to help and hold their hand through it. >> Talk about the community, take a minute to explain to the audience watching the community around this cost optimization area. It's evolving, you mentioned FinOps. There's a whole large community developing, of practitioners and technologists coming together to look at this. What does this all mean? Talk about this community. >> So cost management within organizations is has evolved so drastically that organizations haven't really coped with it. Historically, you've had finance teams basically buy a lot of infrastructure, which is CapEx and the engineering teams had kind of an upper bound on what they would spend and where they would spend. Suddenly with cloud, that's kind of enabled so much innovation all of a sudden, everyone's realized it, five years was spent figuring out whether people should be on the cloud or not. That's no longer a question, right. Everyone needs to be in the cloud and I think that's a no-brainer. The problem there is that suddenly your operating model has moved from CapEx to OpEx. And organizations haven't really figured out how to deal with it. Finance now no longer has the controls to control and manage and forecast costs. Engineering has never had to deal with it in the past and suddenly now they have to figure out how to do all this finance stuff. And procurement finds itself in a very awkward way position because they are no longer doing these negotiations like they were doing in the past where it was okay right up front before you engage, you do these negotiations. Now it's kind of an ongoing thing and it's constantly changing. Like every day is different. >> And you got marketplace >> And you got marketplace. So it's a very complex situation and I think what we are trying to do with the FinOps foundation is try and take a lot of the best practices across organizations that have been doing this at least for the last 10, 15 years. Take all the learnings and failures and turn them into hopefully opinionated approaches that people can take organizations can take to navigate through this faster rather than kind of falter and then decide that oh, this is not for us. >> Yeah. It's a great model, it's a great model. >> I know it's time John, go ahead. >> All right so, we got a little bumper sticker exercise we used to say what's the bumper sticker for the show? We used to say that, now we're modernizing, we're saying if you had to do an Instagram reel right now, short hot take of what's going on at re:Invent this year with AMD or CloudFix or just in general what would be the sizzle reel, that would be on Instagram or TikTok, go. >> Look, I think when you're at re:Invent right now and number one the energy is fantastic. 23 is going to be a building year. We've got a lot of difficult times ahead financially but it's the time, the ones that come out of 23 stronger and more efficient, and cost optimize are going to survive the long run. So now's the time to build. >> Well done, Rahul let's go for it. >> Yeah, so like Brad said, cost and efficiencies at the top of everyone's mind. Stuff that's the low hanging fruit, easy, use automation. Apply your sources to do most of the innovation. Take the easiest part to realizing savings and operate as efficiently as you possibly can. I think that's got to be key. >> I think they nailed it. They both nailed it. Wow, well it was really good. >> I put you on our talent list of >> And alright, so we repeat them. Are you part of our host team? I love this, I absolutely love this Rahul we wish you the best at CloudFix and your 17 other jobs. And I am genuinely impressed. Do you sleep actually? Last question. >> I do, I do. I have an amazing team that really helps me with all of this. So yeah, thanks to them and thank you for having us here. >> It's been fantastic. >> It's our pleasure. And Brad, I'm delighted we get you both now and again on our next segment. Thank you for being here with us. >> Thank you very much. >> And thank you all for tuning in to our live coverage here at AWS re:Invent, in fabulous Sin City with John Furrier, my name's Savannah Peterson. You're watching theCUBE, the leader in high tech coverage. (calm music)

>>The cybersecurity landscape continues to be one characterized by a series of point tools designed to do a very specific job, often pretty well, but the mosaic of tooling is grown over the years causing complexity in driving up costs and increasing exposures. So the game of Whackamole continues. Moreover, the way organizations approach security is changing quite dramatically. The cloud, while offering so many advantages, has also created new complexities. The shared responsibility model redefines what the cloud provider secures, for example, the S three bucket and what the customer is responsible for, eg properly configuring the bucket. You know, this is all well and good, but because virtually no organization of any size can go all in on a single cloud, that shared responsibility model now spans multiple clouds and with different protocols. Now, that of course includes on-prem and edge deployments, making things even more complex. Moreover, the DevOps team is being asked to be the point of execution to implement many aspects of an organization's security strategy. >>This extends to securing the runtime, the platform, and even now containers, which can end up anywhere. There's a real need for consolidation in the security industry, and that's part of the answer. We've seen this both in terms of mergers and acquisitions as well as platform plays that cover more and more ground. But the diversity of alternatives and infrastructure implementations continues to boggle the mind with more and more entry points for the attackers. This includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and how secure those components actually are. The number one challenge CISOs face in today's complex world is lack of talent to address these challenges, and I'm not saying that SecOps pros are now talented. They are. There just aren't enough of them to go around, and the adversary is also talented and very creative, and there are more and more of them every day. >>Now, one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of SEC off teams. Specifically, we're talking about shifting much of the heavy lifting around securing servers, storage, networking, and other infrastructure and their components onto the technology vendor via r and d and other best practices like supply chain management. And that's what we're here to talk about. Welcome to the second part in our series, A Blueprint for Trusted Infrastructure Made Possible by Dell Technologies and produced by the Cube. My name is Dave Ante, and I'm your host now. Previously, we looked at what trusted infrastructure means >>And the role that storage and data protection play in the equation. In this part two of the series, we explore the changing nature of technology infrastructure, how the industry generally in Dell specifically, are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams. Now today, we continue the discussion and look more deeply into servers networking and hyper-converged infrastructure to better understand the critical aspects of how one company Dell is securing these elements so that devs SEC op teams can focus on the myriad new attack vectors and challenges that they faced. First up is Deepak rang Garage Power Edge security product manager at Dell Technologies, and after that we're gonna bring on Mahesh Naar oim, who was a consultant in the networking product management area at Dell. And finally, we're closed with Jerome West, who is the product management security lead for HCI hyperconverged infrastructure and converged infrastructure at Dell. Thanks for joining us today. We're thrilled to have you here and hope you enjoy the program.

>>The cybersecurity landscape continues to be one characterized by a series of point tools designed to do a very specific job, often pretty well, but the mosaic of tooling is grown over the years causing complexity in driving up costs and increasing exposures. So the game of Whackamole continues. Moreover, the way organizations approach security is changing quite dramatically. The cloud, while offering so many advantages, has also created new complexities. The shared responsibility model redefines what the cloud provider secures, for example, the S three bucket and what the customer is responsible for eg properly configuring the bucket. You know, this is all well and good, but because virtually no organization of any size can go all in on a single cloud, that shared responsibility model now spans multiple clouds and with different protocols. Now that of course includes on-prem and edge deployments, making things even more complex. Moreover, the DevOps team is being asked to be the point of execution to implement many aspects of an organization's security strategy. >>This extends to securing the runtime, the platform, and even now containers which can end up anywhere. There's a real need for consolidation in the security industry, and that's part of the answer. We've seen this both in terms of mergers and acquisitions as well as platform plays that cover more and more ground. But the diversity of alternatives and infrastructure implementations continues to boggle the mind with more and more entry points for the attackers. This includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and how secure those components actually are. The number one challenge CISOs face in today's complex world is lack of talent to address these challenges. And I'm not saying that SecOps pros are not talented. They are. There just aren't enough of them to go around and the adversary is also talented and very creative and there are more and more of them every day. >>Now, one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of SEC off teams. Specifically we're talking about shifting much of the heavy lifting around securing servers, storage, networking, and other infrastructure and their components onto the technology vendor via r and d and other best practices like supply chain management. And that's what we're here to talk about. Welcome to the second part in our series, A Blueprint for Trusted Infrastructure Made Possible by Dell Technologies and produced by the Cube. My name is Dave Ante and I'm your host now. Previously we looked at what trusted infrastructure means and the role that storage and data protection play in the equation. In this part two of the series, we explore the changing nature of technology infrastructure, how the industry generally in Dell specifically, are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams. >>Now today, we continue the discussion and look more deeply into servers networking and hyper-converged infrastructure to better understand the critical aspects of how one company Dell is securing these elements so that dev sec op teams can focus on the myriad new attack vectors and challenges that they faced. First up is Deepak rang Garage Power Edge security product manager at Dell Technologies. And after that we're gonna bring on Mahesh Nagar oim, who was consultant in the networking product management area at Dell. And finally, we're close with Jerome West, who is the product management security lead for HCI hyperconverged infrastructure and converged infrastructure at Dell. Thanks for joining us today. We're thrilled to have you here and hope you enjoy the program. Deepak Arage shoes powered security product manager at Dell Technologies. Deepak, great to have you on the program. Thank you. >>Thank you for having me. >>So we're going through the infrastructure stack and in part one of this series we looked at the landscape overall and how cyber has changed and specifically how Dell thinks about data protection in, in security in a manner that both secures infrastructure and minimizes organizational friction. We also hit on the storage part of the portfolio. So now we want to dig into servers. So my first question is, what are the critical aspects of securing server infrastructure that our audience should be aware of? >>Sure. So if you look at compute in general, right, it has rapidly evolved over the past couple of years, especially with trends toward software defined data centers and with also organizations having to deal with hybrid environments where they have private clouds, public cloud locations, remote offices, and also remote workers. So on top of this, there's also an increase in the complexity of the supply chain itself, right? There are companies who are dealing with hundreds of suppliers as part of their supply chain. So all of this complexity provides a lot of opportunity for attackers because it's expanding the threat surface of what can be attacked, and attacks are becoming more frequent, more severe and more sophisticated. And this has also triggered around in the regulatory and mandates around the security needs. >>And these regulations are not just in the government sector, right? So it extends to critical infrastructure and eventually it also get into the private sector. In addition to this, organizations are also looking at their own internal compliance mandates. And this could be based on the industry in which they're operating in, or it could be their own security postures. And this is the landscape in which servers they're operating today. And given that servers are the foundational blocks of the data center, it becomes extremely important to protect them. And given how complex the modern server platforms are, it's also extremely difficult and it takes a lot of effort. And this means protecting everything from the supply chain to the manufacturing and then eventually the assuring the hardware and software integrity of the platforms and also the operations. And there are very few companies that go to the lens that Dell does in order to secure the server. We truly believe in the notion and the security mentality that, you know, security should enable our customers to go focus on their business and proactively innovate on their business and it should not be a burden to them. And we heavily invest to make that possible for our customers. >>So this is really important because the premise that I set up at the beginning of this was really that I, as of security pro, I'm not a security pro, but if I were, I wouldn't want to be doing all this infrastructure stuff because I now have all these new things I gotta deal with. I want a company like Dell who has the resources to build that security in to deal with the supply chain to ensure the providence, et cetera. So I'm glad you you, you hit on that, but so given what you just said, what does cybersecurity resilience mean from a server perspective? For example, are there specific principles that Dell adheres to that are non-negotiable? Let's say, how does Dell ensure that its customers can trust your server infrastructure? >>Yeah, like when, when it comes to security at Dell, right? It's ingrained in our product, so that's the best way to put it. And security is nonnegotiable, right? It's never an afterthought where we come up with a design and then later on figure out how to go make it secure, right? Our security development life cycle, the products are being designed to counter these threats right from the big. And in addition to that, we are also testing and evaluating these products continuously to identify vulnerabilities. We also have external third party audits which supplement this process. And in addition to this, Dell makes the commitment that we will rapidly respond to any mitigations and vulnerability, any vulnerabilities and exposures found out in the field and provide mitigations and patches for in attacking manner. So this security principle is also built into our server life cycle, right? Every phase of it. >>So we want our products to provide cutting edge capabilities when it comes to security. So as part of that, we are constantly evaluating what our security model is done. We are building on it and continuously improving it. So till a few years ago, our model was primarily based on the N framework of protect, detect and rigor. And it's still aligns really well to that framework, but over the past couple of years we have seen how computers evolved, how the threads have evolved, and we have also seen the regulatory trends and we recognize the fact that the best security strategy for the modern world is a zero trust approach. And so now when we are building our infrastructure and tools and offerings for customers, first and foremost, they're cyber resilient, right? What we mean by that is they're capable of anticipating threats, withstanding attacks and rapidly recurring from attacks and also adapting to the adverse conditions in which they're deployed. The process of designing these capabilities and identifying these capabilities however, is done through the zero press framework. And that's very important because now we are also anticipating how our customers will end up using these capabilities at there and to enable their own zero trust IT environments and IT zero trusts deployments. We have completely adapted our security approach to make it easier for customers to work with us no matter where they are in their journey towards zero trust option. >>So thank you for that. You mentioned the, this framework, you talked about zero trust. When I think about n I think as well about layered approaches. And when I think about zero trust, I think about if you, if you don't have access to it, you're not getting access, you've gotta earn that, that access and you've got layers and then you still assume that bad guys are gonna get in. So you've gotta detect that and you've gotta response. So server infrastructure security is so fundamental. So my question is, what is Dell providing specifically to, for example, detect anomalies and breaches from unauthorized activity? How do you enable fast and easy or facile recovery from malicious incidents? >>Right? What is that is exactly right, right? Breachers are bound to happen. And given how complex our current environment is, it's extremely distributed and extremely connected, right? Data and users are no longer contained with an offices where we can set up a perimeter firewall and say, Yeah, everything within that is good. We can trust everything within it. That's no longer true. The best approach to protect data and infrastructure in the current world is to use a zero trust approach, which uses the principles. Nothing is ever trusted, right? Nothing is trusted implicitly. You're constantly verifying every single user, every single device, and every single access in your system at every single level of your ID environment. And this is the principles that we use on power Edge, right? But with an increased focus on providing granular controls and checks based on the principles of these privileged access. >>So the idea is that service first and foremost need to make sure that the threats never enter and they're rejected at the point of entry. But we recognize breaches are going to occur and if they do, they need to be minimized such that the sphere of damage cost by attacker is minimized. So they're not able to move from one part of the network to something else laterally or escalate their privileges and cause more damage, right? So the impact radius for instance, has to be radius. And this is done through features like automated detection capabilities and automation, automated remediation capabilities. So some examples are as part of our end to end boot resilience process, we have what they call a system lockdown, right? We can lock down the configuration of the system and lock on the form versions and all changes to the system. And we have capabilities which automatically detect any drift from that lockdown configuration and we can figure out if the drift was caused to authorized changes or unauthorized changes. >>And if it is an unauthorize change can log it, generate security alerts, and we even have capabilities to automatically roll the firm where, and always versions back to a known good version and also the configurations, right? And this becomes extremely important because as part of zero trust, we need to respond to these things at machine speed and we cannot do it at a human speed. And having these automated capabilities is a big deal when achieving that zero trust strategy. And in addition to this, we also have chassis inclusion detection where if the chassis, the box, the several box is opened up, it logs alerts, and you can figure out even later if there's an AC power cycle, you can go look at the logs to see that the box is opened up and figure out if there was a, like a known authorized access or some malicious actor opening and chain something in your system. >>Great, thank you for that lot. Lot of detail and and appreciate that. I want to go somewhere else now cuz Dell has a renowned supply chain reputation. So what about securing the, the supply chain and the server bill of materials? What does Dell specifically do to track the providence of components it uses in its systems so that when the systems arrive, a customer can be a hundred percent certain that that system hasn't been compromised, >>Right? And we've talked about how complex the modern supply chain is, right? And that's no different for service. We have hundreds of confidence on the server and a lot of these form where in order to be configured and run and this former competence could be coming from third parties suppliers. So now the complexity that we are dealing with like was the end to end approach. And that's where Dell pays a lot of attention into assuring the security approach approaching. And it starts all the way from sourcing competence, right? And then through the design and then even the manufacturing process where we are wetting the personnel leather factories and wetting the factories itself. And the factories also have physical controls, physical security controls built into them and even shipping, right? We have GPS tagging of packages. So all of this is built to ensure supply chain security. >>But a critical aspect of this is also making sure that the systems which are built in the factories are delivered to the customers without any changes or any tapper. And we have a feature called the secure component verification, which is capable of doing this. What the feature does this, when the system gets built in a factory, it generates an inventory of all the competence in the system and it creates a cryptographic certificate based on the signatures presented to this by the competence. And this certificate is stored separately and sent to the customers separately from the system itself. So once the customers receive the system at their end, they can run out to, it generates an inventory of the competence on the system at their end and then compare it to the golden certificate to make sure nothing was changed. And if any changes are detected, we can figure out if there's an authorized change or unauthorize change. >>Again, authorized changes could be like, you know, upgrades to the drives or memory and ized changes could be any sort of temper. So that's the supply chain aspect of it. And bill of metal use is also an important aspect to galing security, right? And we provide a software bill of materials, which is basically a list of ingredients of all the software pieces in the platform. So what it allows our customers to do is quickly take a look at all the different pieces and compare it to the vulnerability database and see if any of the vulner, which have been discovered out in the wild affected platform. So that's a quick way of figuring out if the platform has any known vulnerabilities and it has not been patched. >>Excellent. That's really good. My last question is, I wonder if you, you know, give us the sort of summary from your perspective, what are the key strengths of Dell server portfolio from a security standpoint? I'm really interested in, you know, the uniqueness and the strong suit that Dell brings to the table, >>Right? Yeah. We have talked enough about the complexity of the environment and how zero risk is necessary for the modern ID environment, right? And this is integral to Dell powered service. And as part of that like you know, security starts with the supply chain. We already talked about the second component verification, which is a beneath feature that Dell platforms have. And on top of it we also have a silicon place platform mode of trust. So this is a key which is programmed into the silicon on the black service during manufacturing and can never be changed after. And this immutable key is what forms the anchor for creating the chain of trust that is used to verify everything in the platform from the hardware and software integrity to the boot, all pieces of it, right? In addition to that, we also have a host of data protection features. >>Whether it is protecting data at risk in news or inflight, we have self encrypting drives, which provides scalable and flexible encryption options. And this couple with external key management provides really good protection for your data address. External key management is important because you know, somebody could physically steam the server, walk away, but then the keys are not stored on the server, it stood separately. So that provides your action layer of security. And we also have dual layer encryption where you can compliment the hardware encryption on the secure encrypted drives with software level encryption. Inion to this we have identity and access management features like multifactor authentication, single sign on roles, scope and time based access controls, all of which are critical to enable that granular control and checks for zero trust approach. So I would say like, you know, if you look at the Dell feature set, it's pretty comprehensive and we also have the flexibility built in to meet the needs of all customers no matter where they fall in the spectrum of, you know, risk tolerance and security sensitivity. And we also have the capabilities to meet all the regulatory requirements and compliance requirements. So in a nutshell, I would say that, you know, Dell Power Service cyber resident infrastructure helps accelerate zero tested option for customers. >>Got it. So you've really thought this through all the various things that that you would do to sort of make sure that your server infrastructure is secure, not compromised, that your supply chain is secure so that your customers can focus on some of the other things that they have to worry about, which are numerous. Thanks Deepak, appreciate you coming on the cube and participating in the program. >>Thank you for having >>You're welcome. In a moment I'll be back to dig into the networking portion of the infrastructure. Stay with us for more coverage of a blueprint for trusted infrastructure and collaboration with Dell Technologies on the cube. Your leader in enterprise and emerging tech coverage.

>>The cybersecurity landscape continues to be one characterized by a series of point tools designed to do a very specific job, often pretty well, but the mosaic of tooling is grown over the years causing complexity in driving up costs and increasing exposures. So the game of Whackamole continues. Moreover, the way organizations approach security is changing quite dramatically. The cloud, while offering so many advantages, has also created new complexities. The shared responsibility model redefines what the cloud provider secures, for example, the S three bucket and what the customer is responsible for eg properly configuring the bucket. You know, this is all well and good, but because virtually no organization of any size can go all in on a single cloud, that shared responsibility model now spans multiple clouds and with different protocols. Now that of course includes on-prem and edge deployments, making things even more complex. Moreover, the DevOps team is being asked to be the point of execution to implement many aspects of an organization's security strategy. >>This extends to securing the runtime, the platform, and even now containers which can end up anywhere. There's a real need for consolidation in the security industry, and that's part of the answer. We've seen this both in terms of mergers and acquisitions as well as platform plays that cover more and more ground. But the diversity of alternatives and infrastructure implementations continues to boggle the mind with more and more entry points for the attackers. This includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and how secure those components actually are. The number one challenge CISOs face in today's complex world is lack of talent to address these challenges. And I'm not saying that SecOps pros are not talented, They are. There just aren't enough of them to go around and the adversary is also talented and very creative, and there are more and more of them every day. >>Now, one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of SEC off teams. Specifically we're talking about shifting much of the heavy lifting around securing servers, storage, networking, and other infrastructure and their components onto the technology vendor via r and d and other best practices like supply chain management. And that's what we're here to talk about. Welcome to the second part in our series, A Blueprint for Trusted Infrastructure Made Possible by Dell Technologies and produced by the Cube. My name is Dave Ante and I'm your host now. Previously we looked at what trusted infrastructure means and the role that storage and data protection play in the equation. In this part two of the series, we explore the changing nature of technology infrastructure, how the industry generally in Dell specifically, are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams. >>Now today, we continue the discussion and look more deeply into servers networking and hyper-converged infrastructure to better understand the critical aspects of how one company Dell is securing these elements so that dev sec op teams can focus on the myriad new attack vectors and challenges that they faced. First up is Deepak rang Garage Power Edge security product manager at Dell Technologies. And after that we're gonna bring on Mahesh Nagar oim, who was consultant in the networking product management area at Dell. And finally, we're close with Jerome West, who is the product management security lead for HCI hyperconverged infrastructure and converged infrastructure at Dell. Thanks for joining us today. We're thrilled to have you here and hope you enjoy the program. Deepak Arage shoes powered security product manager at Dell Technologies. Deepak, great to have you on the program. Thank you. >>Thank you for having me. >>So we're going through the infrastructure stack and in part one of this series we looked at the landscape overall and how cyber has changed and specifically how Dell thinks about data protection in, in security in a manner that both secures infrastructure and minimizes organizational friction. We also hit on the storage part of the portfolio. So now we want to dig into servers. So my first question is, what are the critical aspects of securing server infrastructure that our audience should be aware of? >>Sure. So if you look at compute in general, right, it has rapidly evolved over the past couple of years, especially with trends toward software defined data centers and with also organizations having to deal with hybrid environments where they have private clouds, public cloud locations, remote offices, and also remote workers. So on top of this, there's also an increase in the complexity of the supply chain itself, right? There are companies who are dealing with hundreds of suppliers as part of their supply chain. So all of this complexity provides a lot of opportunity for attackers because it's expanding the threat surface of what can be attacked, and attacks are becoming more frequent, more severe and more sophisticated. And this has also triggered around in the regulatory and mandates around the security needs. >>And these regulations are not just in the government sector, right? So it extends to critical infrastructure and eventually it also get into the private sector. In addition to this, organizations are also looking at their own internal compliance mandates. And this could be based on the industry in which they're operating in, or it could be their own security postures. And this is the landscape in which servers they're operating today. And given that servers are the foundational blocks of the data center, it becomes extremely important to protect them. And given how complex the modern server platforms are, it's also extremely difficult and it takes a lot of effort. And this means protecting everything from the supply chain to the manufacturing and then eventually the assuring the hardware and software integrity of the platforms and also the operations. And there are very few companies that go to the lens that Dell does in order to secure the server. We truly believe in the notion and the security mentality that, you know, security should enable our customers to go focus on their business and proactively innovate on their business and it should not be a burden to them. And we heavily invest to make that possible for our customers. >>So this is really important because the premise that I set up at the beginning of this was really that I, as of security pro, I'm not a security pro, but if I were, I wouldn't want to be doing all this infrastructure stuff because I now have all these new things I gotta deal with. I want a company like Dell who has the resources to build that security in to deal with the supply chain to ensure the providence, et cetera. So I'm glad you you, you hit on that, but so given what you just said, what does cybersecurity resilience mean from a server perspective? For example, are there specific principles that Dell adheres to that are non-negotiable? Let's say, how does Dell ensure that its customers can trust your server infrastructure? >>Yeah, like when, when it comes to security at Dell, right? It's ingrained in our product, so that's the best way to put it. And security is nonnegotiable, right? It's never an afterthought where we come up with a design and then later on figure out how to go make it secure, right? Our security development life cycle, the products are being designed to counter these threats right from the big. And in addition to that, we are also testing and evaluating these products continuously to identify vulnerabilities. We also have external third party audits which supplement this process. And in addition to this, Dell makes the commitment that we will rapidly respond to any mitigations and vulnerability, any vulnerabilities and exposures found out in the field and provide mitigations and patches for in attacking manner. So this security principle is also built into our server life cycle, right? Every phase of it. >>So we want our products to provide cutting edge capabilities when it comes to security. So as part of that, we are constantly evaluating what our security model is done. We are building on it and continuously improving it. So till a few years ago, our model was primarily based on the N framework of protect, detect and rigor. And it's still aligns really well to that framework, but over the past couple of years, we have seen how computers evolved, how the threads have evolved, and we have also seen the regulatory trends and we recognize the fact that the best security strategy for the modern world is a zero trust approach. And so now when we are building our infrastructure and tools and offerings for customers, first and foremost, they're cyber resilient, right? What we mean by that is they're capable of anticipating threats, withstanding attacks and rapidly recurring from attacks and also adapting to the adverse conditions in which they're deployed. The process of designing these capabilities and identifying these capabilities however, is done through the zero press framework. And that's very important because now we are also anticipating how our customers will end up using these capabilities at there and to enable their own zero trust IT environments and IT zero trusts deployments. We have completely adapted our security approach to make it easier for customers to work with us no matter where they are in their journey towards zero trust option. >>So thank you for that. You mentioned the, this framework, you talked about zero trust. When I think about n I think as well about layered approaches. And when I think about zero trust, I think about if you, if you don't have access to it, you're not getting access, you've gotta earn that, that access and you've got layers and then you still assume that bad guys are gonna get in. So you've gotta detect that and you've gotta response. So server infrastructure security is so fundamental. So my question is, what is Dell providing specifically to, for example, detect anomalies and breaches from unauthorized activity? How do you enable fast and easy or facile recovery from malicious incidents, >>Right? What is that is exactly right, right? Breachers are bound to happen and given how complex our current environment is, it's extremely distributed and extremely connected, right? Data and users are no longer contained with an offices where we can set up a perimeter firewall and say, Yeah, everything within that is good. We can trust everything within it. That's no longer true. The best approach to protect data and infrastructure in the current world is to use a zero trust approach, which uses the principles. Nothing is ever trusted, right? Nothing is trusted implicitly. You're constantly verifying every single user, every single device, and every single access in your system at every single level of your ID environment. And this is the principles that we use on power Edge, right? But with an increased focus on providing granular controls and checks based on the principles of these privileged access. >>So the idea is that service first and foremost need to make sure that the threats never enter and they're rejected at the point of entry, but we recognize breaches are going to occur and if they do, they need to be minimized such that the sphere of damage cost by attacker is minimized so they're not able to move from one part of the network to something else laterally or escalate their privileges and cause more damage, right? So the impact radius for instance, has to be radius. And this is done through features like automated detection capabilities and automation, automated remediation capabilities. So some examples are as part of our end to end boot resilience process, we have what they call a system lockdown, right? We can lock down the configuration of the system and lock on the form versions and all changes to the system. And we have capabilities which automatically detect any drift from that lockdown configuration and we can figure out if the drift was caused to authorized changes or unauthorized changes. >>And if it is an unauthorize change can log it, generate security alerts, and we even have capabilities to automatically roll the firm where, and always versions back to a known good version and also the configurations, right? And this becomes extremely important because as part of zero trust, we need to respond to these things at machine speed and we cannot do it at a human speed. And having these automated capabilities is a big deal when achieving that zero trust strategy. And in addition to this, we also have chassis inclusion detection where if the chassis, the box, the several box is opened up, it logs alerts, and you can figure out even later if there's an AC power cycle, you can go look at the logs to see that the box is opened up and figure out if there was a, like a known authorized access or some malicious actor opening and chain something in your system. >>Great, thank you for that lot. Lot of detail and and appreciate that. I want to go somewhere else now cuz Dell has a renowned supply chain reputation. So what about securing the, the supply chain and the server bill of materials? What does Dell specifically do to track the providence of components it uses in its systems so that when the systems arrive, a customer can be a hundred percent certain that that system hasn't been compromised, >>Right? And we've talked about how complex the modern supply chain is, right? And that's no different for service. We have hundreds of confidence on the server and a lot of these form where in order to be configured and run and this former competence could be coming from third parties suppliers. So now the complexity that we are dealing with like was the end to end approach and that's where Dell pays a lot of attention into assuring the security approach approaching and it starts all the way from sourcing competence, right? And then through the design and then even the manufacturing process where we are wetting the personnel leather factories and wetting the factories itself. And the factories also have physical controls, physical security controls built into them and even shipping, right? We have GPS tagging of packages. So all of this is built to ensure supply chain security. >>But a critical aspect of this is also making sure that the systems which are built in the factories are delivered to the customers without any changes or any tapper. And we have a feature called the secure component verification, which is capable of doing this. What the feature does this, when the system gets built in a factory, it generates an inventory of all the competence in the system and it creates a cryptographic certificate based on the signatures presented to this by the competence. And this certificate is stored separately and sent to the customers separately from the system itself. So once the customers receive the system at their end, they can run out to, it generates an inventory of the competence on the system at their end and then compare it to the golden certificate to make sure nothing was changed. And if any changes are detected, we can figure out if there's an authorized change or unauthorize change. >>Again, authorized changes could be like, you know, upgrades to the drives or memory and ized changes could be any sort of temper. So that's the supply chain aspect of it and bill of metal use is also an important aspect to galing security, right? And we provide a software bill of materials, which is basically a list of ingredients of all the software pieces in the platform. So what it allows our customers to do is quickly take a look at all the different pieces and compare it to the vulnerability database and see if any of the vulner which have been discovered out in the wild affected platform. So that's a quick way of figuring out if the platform has any known vulnerabilities and it has not been patched. >>Excellent. That's really good. My last question is, I wonder if you, you know, give us the sort of summary from your perspective, what are the key strengths of Dell server portfolio from a security standpoint? I'm really interested in, you know, the uniqueness and the strong suit that Dell brings to the table, >>Right? Yeah. We have talked enough about the complexity of the environment and how zero risk is necessary for the modern ID environment, right? And this is integral to Dell powered service. And as part of that like you know, security starts with the supply chain. We already talked about the second component verification, which is a beneath feature that Dell platforms have. And on top of it we also have a silicon place platform mode of trust. So this is a key which is programmed into the silicon on the black service during manufacturing and can never be changed after. And this immutable key is what forms the anchor for creating the chain of trust that is used to verify everything in the platform from the hardware and software integrity to the boot, all pieces of it, right? In addition to that, we also have a host of data protection features. >>Whether it is protecting data at risk in news or inflight, we have self encrypting drives which provides scalable and flexible encryption options. And this couple with external key management provides really good protection for your data address. External key management is important because you know, somebody could physically steam the server walk away, but then the keys are not stored on the server, it stood separately. So that provides your action layer of security. And we also have dual layer encryption where you can compliment the hardware encryption on the secure encrypted drives with software level encryption. Inion to this we have identity and access management features like multifactor authentication, single sign on roles, scope and time based access controls, all of which are critical to enable that granular control and checks for zero trust approach. So I would say like, you know, if you look at the Dell feature set, it's pretty comprehensive and we also have the flexibility built in to meet the needs of all customers no matter where they fall in the spectrum of, you know, risk tolerance and security sensitivity. And we also have the capabilities to meet all the regulatory requirements and compliance requirements. So in a nutshell, I would say that you know, Dell Power Service cyber resident infrastructure helps accelerate zero tested option for customers. >>Got it. So you've really thought this through all the various things that that you would do to sort of make sure that your server infrastructure is secure, not compromised, that your supply chain is secure so that your customers can focus on some of the other things that they have to worry about, which are numerous. Thanks Deepak, appreciate you coming on the cube and participating in the program. >>Thank you for having >>You're welcome. In a moment I'll be back to dig into the networking portion of the infrastructure. Stay with us for more coverage of a blueprint for trusted infrastructure and collaboration with Dell Technologies on the cube, your leader in enterprise and emerging tech coverage. We're back with a blueprint for trusted infrastructure and partnership with Dell Technologies in the cube. And we're here with Mahesh Nager, who is a consultant in the area of networking product management at Dell Technologies. Mahesh, welcome, good to see you. >>Hey, good morning Dell's, nice to meet, meet to you as well. >>Hey, so we've been digging into all the parts of the infrastructure stack and now we're gonna look at the all important networking components. Mahesh, when we think about networking in today's environment, we think about the core data center and we're connecting out to various locations including the cloud and both the near and the far edge. So the question is from Dell's perspective, what's unique and challenging about securing network infrastructure that we should know about? >>Yeah, so few years ago IT security and an enterprise was primarily putting a wrapper around data center out because it was constrained to an infrastructure owned and operated by the enterprise for the most part. So putting a rapid around it like a parameter or a firewall was a sufficient response because you could basically control the environment and data small enough control today with the distributed data, intelligent software, different systems, multi-cloud environment and asset service delivery, you know, the infrastructure for the modern era changes the way to secure the network infrastructure In today's, you know, data driven world, it operates everywhere and data has created and accessed everywhere so far from, you know, the centralized monolithic data centers of the past. The biggest challenge is how do we build the network infrastructure of the modern era that are intelligent with automation enabling maximum flexibility and business agility without any compromise on the security. We believe that in this data era, the security transformation must accompany digital transformation. >>Yeah, that's very good. You talked about a couple of things there. Data by its very nature is distributed. There is no perimeter anymore, so you can't just, as you say, put a rapper around it. I like the way you phrase that. So when you think about cyber security resilience from a networking perspective, how do you define that? In other words, what are the basic principles that you adhere to when thinking about securing network infrastructure for your customers? >>So our belief is that cybersecurity and cybersecurity resilience, they need to be holistic, they need to be integrated, scalable, one that span the entire enterprise and with a co and objective and policy implementation. So cybersecurity needs to span across all the devices and running across any application, whether the application resets on the cloud or anywhere else in the infrastructure. From a networking standpoint, what does it mean? It's again, the same principles, right? You know, in order to prevent the threat actors from accessing changing best destroy or stealing sensitive data, this definition holds good for networking as well. So if you look at it from a networking perspective, it's the ability to protect from and withstand attacks on the networking systems as we continue to evolve. This will also include the ability to adapt and recover from these attacks, which is what cyber resilience aspect is all about. So cybersecurity best practices, as you know, is continuously changing the landscape primarily because the cyber threats also continue to evolve. >>Yeah, got it. So I like that. So it's gotta be integrated, it's gotta be scalable, it's gotta be comprehensive, comprehensive and adaptable. You're saying it can't be static, >>Right? Right. So I think, you know, you had a second part of a question, you know, that says what do we, you know, what are the basic principles? You know, when you think about securing network infrastructure, when you're looking at securing the network infrastructure, it revolves around core security capability of the devices that form the network. And what are these security capabilities? These are access control, software integrity and vulnerability response. When you look at access control, it's to ensure that only the authenticated users are able to access the platform and they're able to access only the kind of the assets that they're authorized to based on their user level. Now accessing a network platform like a switch or a rotor for example, is typically used for say, configuration and management of the networking switch. So user access is based on say roles for that matter in a role based access control, whether you are a security admin or a network admin or a storage admin. >>And it's imperative that logging is enable because any of the change to the configuration is actually logged and monitored as that. Talking about software's integrity, it's the ability to ensure that the software that's running on the system has not been compromised. And, and you know, this is important because it could actually, you know, get hold of the system and you know, you could get UND desire results in terms of say validation of the images. It's, it needs to be done through say digital signature. So, so it's important that when you're talking about say, software integrity, a, you are ensuring that the platform is not compromised, you know, is not compromised and be that any upgrades, you know, that happens to the platform is happening through say validated signature. >>Okay. And now, now you've now, so there's access control, software integrity, and I think you, you've got a third element which is i I think response, but please continue. >>Yeah, so you know, the third one is about civil notability. So we follow the same process that's been followed by the rest of the products within the Dell product family. That's to report or identify, you know, any kind of a vulnerability that's being addressed by the Dell product security incident response team. So the networking portfolio is no different, you know, it follows the same process for identification for tri and for resolution of these vulnerabilities. And these are addressed either through patches or through new reasons via networking software. >>Yeah, got it. Okay. So I mean, you didn't say zero trust, but when you were talking about access control, you're really talking about access to only those assets that people are authorized to access. I know zero trust sometimes is a buzzword, but, but you I think gave it, you know, some clarity there. Software integrity, it's about assurance validation, your digital signature you mentioned and, and that there's been no compromise. And then how you respond to incidents in a standard way that can fit into a security framework. So outstanding description, thank you for that. But then the next question is, how does Dell networking fit into the construct of what we've been talking about Dell trusted infrastructure? >>Okay, so networking is the key element in the Dell trusted infrastructure. It provides the interconnect between the service and the storage world. And you know, it's part of any data center configuration for a trusted infrastructure. The network needs to have access control in place where only the authorized nels are able to make change to the network configuration and logging off any of those changes is also done through the logging capabilities. Additionally, we should also ensure that the configuration should provide network isolation between say the management network and the data traffic network because they need to be separate and distinct from each other. And furthermore, even if you look at the data traffic network and now you have things like segmentation isolated segments and via VRF or, or some micro segmentation via partners, this allows various level of security for each of those segments. So it's important you know, that, that the network infrastructure has the ability, you know, to provide all this, this services from a Dell networking security perspective, right? >>You know, there are multiple layer of defense, you know, both at the edge and in the network in this hardware and in the software and essentially, you know, a set of rules and a configuration that's designed to sort of protect the integrity, confidentiality, and accessibility of the network assets. So each network security layer, it implements policies and controls as I said, you know, including send network segmentation. We do have capabilities sources, centralized management automation and capability and scalability for that matter. Now you add all of these things, you know, with the open networking standards or software, different principles and you essentially, you know, reach to the point where you know, you're looking at zero trust network access, which is essentially sort of a building block for increased cloud adoption. If you look at say that you know the different pillars of a zero trust architecture, you know, if you look at the device aspect, you know, we do have support for security for example, we do have say trust platform in a trusted platform models tpms on certain offer products and you know, the physical security know plain, simple old one love port enable from a user trust perspective, we know it's all done via access control days via role based access control and say capability in order to provide say remote authentication or things like say sticky Mac or Mac learning limit and so on. >>If you look at say a transport and decision trust layer, these are essentially, you know, how do you access, you know, this switch, you know, is it by plain hotel net or is it like secure ssh, right? And you know, when a host communicates, you know, to the switch, we do have things like self-signed or is certificate authority based certification. And one of the important aspect is, you know, in terms of, you know, the routing protocol, the routing protocol, say for example BGP for example, we do have the capability to support MD five authentication between the b g peers so that there is no, you know, manages attack, you know, to the network where the routing table is compromised. And the other aspect is about second control plane is here, you know, you know, it's, it's typical that if you don't have a control plane here, you know, it could be flooded and you know, you know, the switch could be compromised by city denial service attacks. >>From an application test perspective, as I mentioned, you know, we do have, you know, the application specific security rules where you could actually define, you know, the specific security rules based on the specific applications, you know, that are running within the system. And I did talk about, say the digital signature and the cryptographic check that we do for authentication and for, I mean rather for the authenticity and the validation of, you know, of the image and the BS and so on and so forth. Finally, you know, the data trust, we are looking at, you know, the network separation, you know, the network separation could happen or VRF plain old wheel Ls, you know, which can bring about sales multi 10 aspects. We talk about some microsegmentation as it applies to nsx for example. The other aspect is, you know, we do have, with our own smart fabric services that's enabled in a fabric, we have a concept of c cluster security. So all of this, you know, the different pillars, they sort of make up for the zero trust infrastructure for the networking assets of an infrastructure. >>Yeah. So thank you for that. There's a, there's a lot to unpack there. You know, one of the premise, the premise really of this, this, this, this segment that we're setting up in this series is really that everything you just mentioned, or a lot of things you just mentioned used to be the responsibility of the security team. And, and the premise that we're putting forth is that because security teams are so stretched thin, you, you gotta shift the vendor community. Dell specifically is shifting a lot of those tasks to their own r and d and taking care of a lot of that. So, cuz scop teams got a lot of other stuff to, to worry about. So my question relates to things like automation, which can help and scalability, what about those topics as it relates to networking infrastructure? >>Okay, our >>Portfolio, it enables state of the automation software, you know, that enables simplifying of the design. So for example, we do have, you know, you know the fabric design center, you know, a tool that automates the design of the fabric and you know, from a deployment and you know, the management of the network infrastructure that are simplicities, you know, using like Ansible s for Sonic for example are, you know, for a better sit and tell story. You know, we do have smart fabric services that can automate the entire fabric, you know, for a storage solution or for, you know, for one of the workloads for example. Now we do help reduce the complexity by closely integrating the management of the physical and the virtual networking infrastructure. And again, you know, we have those capabilities using Sonic or Smart Traffic services. If you look at Sonic for example, right? >>It delivers automated intent based secure containerized network and it has the ability to provide some network visibility and Avan has and, and all of these things are actually valid, you know, for a modern networking infrastructure. So now if you look at Sonic, you know, it's, you know, the usage of those tools, you know, that are available, you know, within the Sonic no is not restricted, you know, just to the data center infrastructure is, it's a unified no, you know, that's well applicable beyond the data center, you know, right up to the edge. Now if you look at our north from a smart traffic OS 10 perspective, you know, as I mentioned, we do have smart traffic services which essentially, you know, simplifies the deployment day zero, I mean rather day one, day two deployment expansion plans and the lifecycle management of our conversion infrastructure and hyper and hyper conversion infrastructure solutions. And finally, in order to enable say, zero touch deployment, we do have, you know, a VP solution with our SD van capability. So these are, you know, ways by which we bring down the complexity by, you know, enhancing the automation capability using, you know, a singular loss that can expand from a data center now right to the edge. >>Great, thank you for that. Last question real quick, just pitch me, what can you summarize from your point of view, what's the strength of the Dell networking portfolio? >>Okay, so from a Dell networking portfolio, we support capabilities at multiple layers. As I mentioned, we're talking about the physical security for examples, say disabling of the unused interface. Sticky Mac and trusted platform modules are the things that to go after. And when you're talking about say secure boot for example, it delivers the authenticity and the integrity of the OS 10 images at the startup. And Secure Boot also protects the startup configuration so that, you know, the startup configuration file is not compromised. And Secure port also enables the workload of prediction, for example, that is at another aspect of software image integrity validation, you know, wherein the image is data for the digital signature, you know, prior to any upgrade process. And if you are looking at secure access control, we do have things like role based access control, SSH to the switches, control plane access control that pre do tags and say access control from multifactor authentication. >>We do have various tech ads for entry control to the network and things like CSE and PRV support, you know, from a federal perspective we do have say logging wherein, you know, any event, any auditing capabilities can be possible by say looking at the clog service, you know, which are pretty much in our transmitter from the devices overts for example, and last we talked about say network segment, you know, say network separation and you know, these, you know, separation, you know, ensures that are, that is, you know, a contained say segment, you know, for a specific purpose or for the specific zone and, you know, just can be implemented by a, a micro segmentation, you know, just a plain old wheel or using virtual route of framework VR for example. >>A lot there. I mean I think frankly, you know, my takeaway is you guys do the heavy lifting in a very complicated topic. So thank you so much for, for coming on the cube and explaining that in in quite some depth. Really appreciate it. >>Thank you indeed. >>Oh, you're very welcome. Okay, in a moment I'll be back to dig into the hyper-converged infrastructure part of the portfolio and look at how when you enter the world of software defined where you're controlling servers and storage and networks via software led system, you could be sure that your infrastructure is trusted and secure. You're watching a blueprint for trusted infrastructure made possible by Dell Technologies and collaboration with the cube, your leader in enterprise and emerging tech coverage, your own west product management security lead at for HCI at Dell Technologies hyper-converged infrastructure. Jerome, welcome. >>Thank you Dave. >>Hey Jerome, in this series of blueprint for trusted infrastructure, we've been digging into the different parts of the infrastructure stack, including storage servers and networking, and now we want to cover hyperconverged infrastructure. So my first question is, what's unique about HCI that presents specific security challenges? What do we need to know? >>So what's unique about hyper-converge infrastructure is the breadth of the security challenge. We can't simply focus on a single type of IT system. So like a server or storage system or a virtualization piece of software, software. I mean HCI is all of those things. So luckily we have excellent partners like VMware, Microsoft, and internal partners like the Dell Power Edge team, the Dell storage team, the Dell networking team, and on and on. These partnerships in these collaborations are what make us successful from a security standpoint. So let me give you an example to illustrate. In the recent past we're seeing growing scope and sophistication in supply chain attacks. This mean an attacker is going to attack your software supply chain upstream so that hopefully a piece of code, malicious code that wasn't identified early in the software supply chain is distributed like a large player, like a VMware or Microsoft or a Dell. So to confront this kind of sophisticated hard to defeat problem, we need short term solutions and we need long term solutions as well. >>So for the short term solution, the obvious thing to do is to patch the vulnerability. The complexity is for our HCI portfolio. We build our software on VMware, so we would have to consume a patch that VMware would produce and provide it to our customers in a timely manner. Luckily VX rail's engineering team has co engineered a release process with VMware that significantly shortens our development life cycle so that VMware would produce a patch and within 14 days we will integrate our own code with the VMware release we will have tested and validated the update and we will give an update to our customers within 14 days of that VMware release. That as a result of this kind of rapid development process, VHA had over 40 releases of software updates last year for a longer term solution. We're partnering with VMware and others to develop a software bill of materials. We work with VMware to consume their software manifest, including their upstream vendors and their open source providers to have a comprehensive list of software components. Then we aren't caught off guard by an unforeseen vulnerability and we're more able to easily detect where the software problem lies so that we can quickly address it. So these are the kind of relationships and solutions that we can co engineer with effective collaborations with our, with our partners. >>Great, thank you for that. That description. So if I had to define what cybersecurity resilience means to HCI or converged infrastructure, and to me my takeaway was you gotta have a short term instant patch solution and then you gotta do an integration in a very short time, you know, two weeks to then have that integration done. And then longer term you have to have a software bill of materials so that you can ensure the providence of all the components help us. Is that a right way to think about cybersecurity resilience? Do you have, you know, a additives to that definition? >>I do. I really think that's site cybersecurity and resilience for hci because like I said, it has sort of unprecedented breadth across our portfolio. It's not a single thing, it's a bit of everything. So really the strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer. So let me, let me give you an example. So hci, it's a, basically taking a software abstraction of hardware functionality and implementing it into something called the virtualized layer. It's basically the virtual virtualizing hardware functionality, like say a storage controller, you could implement it in hardware, but for hci, for example, in our VX rail portfolio, we, our Vxl product, we integrated it into a product called vsan, which is provided by our partner VMware. So that portfolio of strength is still, you know, through our, through our partnerships. >>So what we do, we integrate these, these security functionality and features in into our product. So our partnership grows to our ecosystem through products like VMware, products like nsx, Horizon, Carbon Black and vSphere. All of them integrate seamlessly with VMware and we also leverage VMware's software, part software partnerships on top of that. So for example, VX supports multifactor authentication through vSphere integration with something called Active Directory Federation services for adfs. So there's a lot of providers that support adfs including Microsoft Azure. So now we can support a wide array of identity providers such as Off Zero or I mentioned Azure or Active Directory through that partnership. So we can leverage all of our partners partnerships as well. So there's sort of a second layer. So being able to secure all of that, that provides a lot of options and flexibility for our customers. So basically to summarize my my answer, we consume all of the security advantages of our partners, but we also expand on them to make a product that is comprehensively secured at multiple layers from the hardware layer that's provided by Dell through Power Edge to the hyper-converged software that we build ourselves to the virtualization layer that we get through our partnerships with Microsoft and VMware. >>Great, I mean that's super helpful. You've mentioned nsx, Horizon, Carbon Black, all the, you know, the VMware component OTH zero, which the developers are gonna love. You got Azure identity, so it's really an ecosystem. So you may have actually answered my next question, but I'm gonna ask it anyway cuz you've got this software defined environment and you're managing servers and networking and storage with this software led approach, how do you ensure that the entire system is secure end to end? >>That's a really great question. So the, the answer is we do testing and validation as part of the engineering process. It's not just bolted on at the end. So when we do, for example, VxRail is the market's only co engineered solution with VMware, other vendors sell VMware as a hyper converged solution, but we actually include security as part of the co-engineering process with VMware. So it's considered when VMware builds their code and their process dovetails with ours because we have a secure development life cycle, which other products might talk about in their discussions with you that we integrate into our engineering life cycle. So because we follow the same framework, all of the, all of the codes should interoperate from a security standpoint. And so when we do our final validation testing when we do a software release, we're already halfway there in ensuring that all these features will give the customers what we promised. >>That's great. All right, let's, let's close pitch me, what would you say is the strong suit summarize the, the strengths of the Dell hyper-converged infrastructure and converged infrastructure portfolio specifically from a security perspective? Jerome? >>So I talked about how hyper hyper-converged infrastructure simplifies security management because basically you're gonna take all of these features that are abstracted in in hardware, they're now abstracted in the virtualization layer. Now you can manage them from a single point of view, whether it would be, say, you know, in for VX rail would be b be center, for example. So by abstracting all this, you make it very easy to manage security and highly flexible because now you don't have limitations around a single vendor. You have a multiple array of choices and partnerships to select. So I would say that is the, the key to making it to hci. Now, what makes Dell the market leader in HCI is not only do we have that functionality, but we also make it exceptionally useful to you because it's co engineered, it's not bolted on. So I gave the example of spo, I gave the example of how we, we modify our software release process with VMware to make it very responsive. >>A couple of other features that we have specific just to HCI are digitally signed LCM updates. This is an example of a feature that we have that's only exclusive to Dell that's not done through a partnership. So we digitally signed our software updates so the user can be sure that the, the update that they're installing into their system is an authentic and unmodified product. So we give it a Dell signature that's invalidated prior to installation. So not only do we consume the features that others develop in a seamless and fully validated way, but we also bolt on our own a specific HCI security features that work with all the other partnerships and give the user an exceptional security experience. So for, for example, the benefit to the customer is you don't have to create a complicated security framework that's hard for your users to use and it's hard for your system administrators to manage it all comes in a package. So it, it can be all managed through vCenter, for example, or, and then the specific hyper, hyper-converged functions can be managed through VxRail manager or through STDC manager. So there's very few pains of glass that the, the administrator or user ever has to worry about. It's all self contained and manageable. >>That makes a lot of sense. So you've got your own infrastructure, you're applying your best practices to that, like the digital signatures, you've got your ecosystem, you're doing co-engineering with the ecosystems, delivering security in a package, minimizing the complexity at the infrastructure level. The reason Jerome, this is so important is because SecOps teams, you know, they gotta deal with cloud security, they gotta deal with multiple clouds. Now they have their shared responsibility model going across multiple cl. They got all this other stuff that they have to worry, they gotta secure the containers and the run time and and, and, and, and the platform and so forth. So they're being asked to do other things. If they have to worry about all the things that you just mentioned, they'll never get, you know, the, the securities is gonna get worse. So what my takeaway is, you're removing that infrastructure piece and saying, Okay guys, you now can focus on those other things that is not necessarily Dell's, you know, domain, but you, you know, you can work with other partners to and your own teams to really nail that. Is that a fair summary? >>I think that is a fair summary because absolutely the worst thing you can do from a security perspective is provide a feature that's so unusable that the administrator disables it or other key security features. So when I work with my partners to define, to define and develop a new security feature, the thing I keep foremost in mind is, will this be something our users want to use and our administrators want to administer? Because if it's not, if it's something that's too difficult or onerous or complex, then I try to find ways to make it more user friendly and practical. And this is a challenge sometimes because we are, our products operate in highly regulated environments and sometimes they have to have certain rules and certain configurations that aren't the most user friendly or management friendly. So I, I put a lot of effort into thinking about how can we make this feature useful while still complying with all the regulations that we have to comply with. And by the way, we're very successful in a highly regulated space. We sell a lot of VxRail, for example, into the Department of Defense and banks and, and other highly regulated environments and we're very successful there. >>Excellent. Okay, Jerome, thanks. We're gonna leave it there for now. I'd love to have you back to talk about the progress that you're making down the road. Things always, you know, advance in the tech industry and so would appreciate that. >>I would look forward to it. Thank you very much, Dave. >>You're really welcome. In a moment I'll be back to summarize the program and offer some resources that can help you on your journey to secure your enterprise infrastructure. I wanna thank our guests for their contributions in helping us understand how investments by a company like Dell can both reduce the need for dev sec up teams to worry about some of the more fundamental security issues around infrastructure and have greater confidence in the quality providence and data protection designed in to core infrastructure like servers, storage, networking, and hyper-converged systems. You know, at the end of the day, whether your workloads are in the cloud, on prem or at the edge, you are responsible for your own security. But vendor r and d and vendor process must play an important role in easing the burden faced by security devs and operation teams. And on behalf of the cube production content and social teams as well as Dell Technologies, we want to thank you for watching a blueprint for trusted infrastructure. Remember part one of this series as well as all the videos associated with this program and of course today's program are available on demand@thecube.net with additional coverage@siliconangle.com. And you can go to dell.com/security solutions dell.com/security solutions to learn more about Dell's approach to securing infrastructure. And there's tons of additional resources that can help you on your journey. This is Dave Valante for the Cube, your leader in enterprise and emerging tech coverage. We'll see you next time.

>> Narrator: Live from Orlando, Florida. It's theCUBE... covering Accelerate '19. (electronic music) Brought to you by Fortinet. >> Welcome back to theCUBE. We are at Fortinet Accelerate 2019 in Orlando, Florida. I'm Lisa Martin with Peter Burris. We've been here all day talking with Fortinet executives, with partners, really understanding the evolution of cybersecurity and how they are helping customers to combat those challenges to be successful. We're pleased to welcome back to theCUBE alumni John Bove, the VP of North America's channel for Fortinet. John welcome back to the program. >> Thanks for having me, great to see you both again. >> Likewise, so, so much going on today, some news coming out. The keynote this morning started with a lot of electricity around Fortinet's industry leadership, product leadership, there was a lot of growth numbers shared >> John: Yup >> There's also a lot of people here about close to four thousand. >> John: Close to four thousand people, yup. >> And you saying that a good percentage of that is partners, forty countries represented. What are some of the things from your perspective, that you've observed today, in terms of the reaction from the channel to all of this news coming out. >> Yeah so first off, the heritage of this event really was a partner conference going back to its infancy and you know as Fortinet continues to grow and our customer profile continues to you know, move up market, we've now invited customers. So it's really great the synergy that we have. We've got a number of partners with their customers coming to meetings and meeting with executives, and so it's just really fantastic. You know relative to the announcements about the partner program, we've seen really positive feedback. I think the program was introduced about a decade ago and it really was time for a refresh, and so, what we've done is, we want to bring a program to our partner community that, allows them to engage with us in how they see fit, and then we want to build the go to market that's a little bit more in tune with the market that exists here, as we're moving into the year 2020 and beyond. So we're really assimilating a reseller, MMSP and Cloud as types of partner go to markets, and organizing that all underneath the Fortinet partner program umbrella. We'll also be introducing a consultancy track because we want to insure that the assets within the network security expert program are available to those consultants that are working with customers on their journey to the Cloud, for instance, or through this digital transformation. And then finally we're introducing what we're calling a competency focus. So as Fortinet continues to grow as a company there's a number of competencies that we feel if we enable partners appropriately they're going to be able to benefit from. They're going to build a stronger business around the Fortinet Security Fabric. So, we're going to focus on SD-WAN, we're going to focus on Fabric, we're going to focus on Data Center, operational technologies and then S.A.C., because we do think, you know, S.A.C. operations, is an area, that cybersecurity and the number of tool sets are introduced, it's an area that we need to grow into as a company as well. >> Lots going on. >> Lot's going on, yes. >> So as you consider some of the challenges that your partners face, we talked a little bit about this with Patrice, partners, throughout the industry are hurting as they try to transition from a more traditional hardware to whatever's going to be the steady state, >> John: That's right >> with the Cloud and the Edge having such an impact. Education is crucial. You not just get your customers educated about how cybersecurity works, but your partners need to be increasingly educated so they can find those opportunities, niches, stay in business, help you engage, how's that playing out? >> My number one initiative as the channel leader is to drive partner competency and preference. And so, going back to competency, if we can build partner competencies, they're going to build a healthier, more margin rich business around the Security Fabric, which then, selfishly, is going to lead them to delivering more preference around Fortinet. But there's no doubt, it's a changing dynamics. Business models are changing on the fly. We're seeing evolution of VAR to MSP, and MSP to MSSP, and we are laser focused on capitalizing that. Our FortiSIEM technology for instance is, I really view as a Beachhead technology for us to go capitalize that MSP market in the mid-market. I think that the evolution of consumption to more of a consumption model away from a transactional acquisition, also lends itself to new and innovative programs that need to be delivered. In fact with our North American distributors, in the past six months, we've introduced hardware as a service, to reduce, you know, to position things as an operational expense, which may be more in tune with how customers are purchasing today, and we've introduced FortiSIEM for MSSP. The evolution of VAR to a service provider can be very capital intensive, and so one of the things that we've done with our hardware as a service and FortiSIEM for MSSP, we've really tried to reduce the cost of the entry point, and drive more day one margin opportunity for those partners. >> Let me build on that if I may Lisa, so Ken and Mike have done a pretty phenomenal job of steering Fortinet into the future and anticipating some of the big changes that have occurred. You guys have therefore pretty decent visibility into how things are going to play out, and are now large enough that your actually participating in making the future that >> Right >> Everybody else is thinking about. When you introduce a product, I mean, it takes a period of time for your partners to get educated, to up-skill, to really set themselves up to succeed in this dynamic world. Are you introducing educational regimens, competency tests, providing advice and council about the new competencies they're going to need, in anticipation to some of these, some of the roadmap of the, to the future that you see? >> Yeah, so two things I'll touch on there is you know, the NSC program has been wildly successful program for ... >> Peter: No what does NSE stand for? >> Network Security Expert so it's a training course where for a partner and you've got new team members coming on board, the NSE113 really enables them of how to position, you know, Fortinet, and what the challenges are in a network in a cybersecurity environment today. With the elements four through eight being more technical. We've seen over 200,000 certifications being adopted globally, so, I think, part of the visionary capabilities that Michael and Ken have, is they've incorporated the education piece of it, and so carrying that along, and so as we do introduce new products, it's built into the NSE modules. I'll point to one of the most successful things we did in 2018 was called Fast Tracks, and so we've basically taken the NSE content and put it into consumable two hour, hands on, technical labs for our partners and customers. We had a goal in 2018 to hit about a thousand people going through the Fast Track program, we hit over eight thousand people. So, we know that there is a thirst for knowledge out there and the company's done a really good job, through the NSE program, the Network Security Expert Program, through out Network Security Academy Program, and through our Fast Tracks to drive that necessary enablement. >> Peter: That's very exciting. >> Yeah I know absolutely, I mean, it's a fantastic time to be at Fortinet, its a fantastic time to be a Fortinet partner, and I think with the announcements that we made today, we're really trying to set our partners up for success, and help them build a all encompassing business around the Security Fabric. It's a very noisy industry out there. There's a lot of point based solutions that, that lack the integration and really you need an integrated set of solutions in this, you know, expanding digital footprint that customers are faced with. >> So when we talk about education and I'm glad that you guys brought that up, that was a big topic, it was a pillar that Ken talked about, that Patrice talked about as well, it was one of the core pillars that was talked about at the World Economic Forum that was just a couple of months ago. So as we talk about education and educating your partners, I'd like to kind of flip that and ask how are your partners educating you on, these are the trends and concerns and the issues that we're seeing in the market today, to help influence the direction of Fortinet's technology? >> Yup, you know it's funny that you say that, I've been in partner meetings all day today, and it's great I get to spend, I don't think I've ever been this popular and definitely not in high school or college, but in spending time with partners and understanding their challenges it's good to see that our focus on the competency and preference and providing consumption modeling, fits to exactly the challenges that they're faced with, because VARS will tell you that the transition from being a reseller to an MSP can be very, very expensive. And so, with FortiSIEM for MSSP and the as of service offerings, we're reducing that. And so, there are , they're resonating to that. But the other thing is, for the mid-market customer, the Security Fabric alleviates the need for the Cyber skills gap, right? We can't hire fast enough, and so, by depending upon the broad integrated and automated posture that this Fortinet Security Fabric allows, it really allows partners and customers to overcome some of the challenges, just from a head count standpoint. And I think that the NSE program also does a very good job of filling that gap as well. >> So the partner used to mean, these are the, for that group of customers, who our direct sales organization can't make money on, we will give them to partners, or the very, very large, for a very, very large company that's owned by Accenture or owned by Dimension Data, or something like that, >> Yup >> We'll work with them and deliver it. And that kind of middle was kind of lost. But even today, that Loewen, that idea of segmenting purely on the basis of how big they are, is problematic because there's a lot of small companies happening because of this digital transformation they're going to very rapidly grow into some very, very big footprints. >> Absolutely >> So how is that line between what Fortinet does, what the partner does, what the customer does, to achieve these outcomes, starting to shift? >> We're going to be introducing an ecosystem based approach. It's called Partner to Partner Connect, and it is to actually do that very thing. For those partners that may be in the mid-market, that need those expertise, we're going to allow partners to create almost a marketplace of service offerings so they can fill their gaps and they can build meaningful practices, leveraging what Fortinet is doing, but also leveraging somewhat some of our other partners are doing. We're seeing this immediately done with our distribution partners, in North America, and we're going to be introducing the Partner to Partner Connect later this year, and accessible through our Partner Portal. >> And those competencies that are associated with the NSE and the education, then become part of those Partner to Partner brands >> John: Absolutely >> Which makes it easy for those partners to be more trustworthy of whatever accommodations they put together to serve customers. >> Yup, I'll give you an example. So, we're also going to be announcing tomorrow afternoon in our North America breakout session, a Cloud Channel Initiative, and so our goal with this Cloud Channel Initiative, is to allow partners to build meaningful security and networking businesses in the public Cloud. We're going to utilize blueprints for reference architectures, we're going to align with education and certification, and then we're going to guide them through enablement to go to market. That's one of the things also we released this week was the NSE7 for public and private Cloud. So again, as we introduce new technologies and we introduce new opportunities, we're also aligning that to education as well, so the partners can be self service, because the better job a partner does is developing that competency , then the more services rich they're going to be able to deliver to the end customer themselves. >> What are some of your expectations in terms of FY19, I know this is a 20% year on your growth that Fortinet as a company achieved last year, I imagine a good amount of that was driven and influenced by the channel, but as this momentum continues to grow, as we saw this morning, and we've heard throughout this show today, what are some of your expectations about growing the number of partners in the programs that you talked about, like by the end of this year? >> Yes, we recognize, you know, first of all we appreciate our partners so much, and we want to ensure that we are enabling their business we're absolute in active recruitment mode. You know, we're currently going through recruitment and reactivation campaigns with partners that we want or maybe have done business with us before. We see we're coming off of a quarter in which we set a record for the most deal registrations and so that's really the metric in which we look for partner impact. They bring us an opportunity, we give them additional margin and we protect them. So, Q1, fiscal Q1 for us, was our largest deal registration quarter we've ever had. And in 2018 we saw a 52% increase in closed opportunities through our deal registration program. So the impact of the North American Channel is absolutely being felt and we're really excited about the new partner program and what it's going to allow us to do as we expand more into the MSP market, more into the Cloud market, and then hopefully go enable that whole consultancy layer that's out there as well, to help customers on their journey. >> So in terms of your session tomorrow, 'Transforming Your Profitability with Fortinet's Tailor Made Programs,' you mentioned some of the new announcements, what are like the top three take aways that attendees from that session are going to walk away with? >> Well it's going to be, we want to drive partner initiated revenue, we want to do that through competency development, through Widespace account penetration, and through meaningful investments that allow our partners to scale their business. >> Lisa: Lot of momentum, John thank you so much for visiting with Peter and me on theCUBE this afternoon, we can't wait to hear what great news you have next year. >> I look forward to it, thank you both. >> Excellent, our pleasure. For Peter Burris, I'm Lisa Martin, you're watching theCUBE. (electronic music)

>> Live from San Francisco, it's theCUBE. Covering DockerCon '18. Brought to you by Docker and its ecosystem partners. >> Welcome back to theCUBE. We are live in San Francisco at DockerCon 2018. I'm Lisa Martin with John Troyer on a stunning day here in San Francisco. This event draws between 5,000 and 6,000 people in only its fifth year. They did a very good job during the general session this morning, John, of having some great female leaders on stage and we're very pleased to welcome another female leader to theCUBE for the first time. Alex Qin, you are the Director of Technology at Gakko. Welcome to theCUBE. >> Thank you, thank you. It's great to be here. >> So, you're speaking here at DockerCon 2018, I want to get to that in a second, but tell us a little bit about Gakko. What do you guys do? >> Um, yeah. So we're a global education design studio based in Tokyo and New York and what we do is we put on experimental education programs and build experimental education technology that aim to reclaim the magic of learning. So, we put on summer camps, we have coding classes, music classes and we build software for early learners. >> And by early learners what age group are you talking about? >> So ages three to five. What we build is beautiful story and art driven apps for kids ages three to five to be able to spend time more thoughtfully on tablets 'cause nowadays kids are always on tablets no matter what we do and so what we want to do is create a world that they can be in, in which parents feel like, this is a good place for my child to spend time. They're learning, it's artful, it's thoughtfully built. >> Great, well Alex you are also the founder of The Code Collective. >> The Code Cooperative, yes. >> The Code Cooperative, I'm sorry. How did you get started with that and can you tell us a little bit about that as well? >> Yes, so The Code Cooperative is my passion project and I started it in 2016, the day after the presidential elections actually, and it's an organization that teaches formerly incarcerated individuals computer literacy and coding, so that they can build websites and technical solutions to the problems they've identified in the criminal justice system. >> Some examples of that might be? >> A story I love to tell is from the pilot class. I had one student who was a 65 year old man and he'd been in prison for over 20 years and so at 65, he took our class and he learned HTML, CSS and JavaScript and built a website that aims to educate visitors about the legacy of slavery and Jim Crow in the criminal justice system today. Just like an interactive quiz. Yeah, that was really cool. It was called The Criminal Injustice System. >> Nice, nice. >> What were some of the drivers that really led you to go, you know what? We've got a huge opportunity here to take some of these people who have had made some different choices and really, sort of, rehabilitate them in a way that's gonna enable tech for good. What were some of those things that you just went, we've got to do this? >> That's a good question. Well, I read the book, The New Jim Crow, which you may have heard of. It's an incredible book that really details a lot of the problems that exist today within the U.S. criminal justice system and I thought to myself, I want to learn more about the justice system and contribute positively to justice system reform, but I don't know anything about it. So what I should do is work with people who have been through the system, learn from them and empower them to highlight the issues that they see within the justice system and that's something that I think is really important. When it comes to building technology, right now the gatekeepers of tech are kind of a homogenous group and we tend to build tech solutions for the entire world, but actually the people who are best equipped to solve problems are those who have experienced them and so that's why I decided to start The Code Cooperative. >> Nice. Alex, you're talking here, you've got an interesting titled session, I'll make sure I get it right, Shaving My Head Made Me a Better Programmer. If I can connect that to the rest of the DockerCon, maybe, I mean, Docker has been very good at their whole history about developer experience, making things easier for people and I think sometimes people don't realize not only when you make things easier, you actually can bring in new audiences. Kids, prisoners, right, are able to use today's technology where 30, 40 years ago they wouldn't have had access to it because it's easier, it's more powerful, it's more ubiquitous. But sometimes we get stuck in old tropes and so I'd love for you to kind of talk a little about your talk and kind of, what you're going to be talking about here at the show. >> Sure, yes. So, my talk is called Shaving My Head Made Me a Better Programmer and it's a little bit of a misleading title, but basically it's the story of my journey though the tech industry as a minority woman. So I studied computer science and I've been a software engineer for my entire career and yet, I've encountered a lot of challenges because of my gender, because of how I present to the world and when I shaved my head, a lot of those challenges kind of disappeared because I wasn't perceived as feminine anymore and so when I realized that tech isn't the meritocracy that I thought it was, I kind of started on this new quest to make tech as diverse and inclusive as possible so that people from all backgrounds, all genders can learn to code and write code happily and safely and it's just the story of how that happened and the lessons I've learned and some tips on how to make organizations more inclusive because that's the bulk of my work now. >> So you were a C.S. major in New York? >> Yes. >> So were you always interested in STEM as a kid or was it something that you got into when you were in college? What was that sort of age that you found it really exciting and said, no matter what, even if there's very few women here, I love this, I want to do this? >> That's a great question. So I am originally from France, actually. And when I was growing up there was really little computer science education in schools, but I really wanted to be an astronaut when I got to college so I joined the engineering program at my school and I'd never coded at that point, but one of the requirements was an intro to programming class in Python. So I took it and I fell in love with it immediately and I was like, I'm majoring in computer science, this is so cool, this is the coolest thing I've ever done and as I entered the computer science world I realized, oh, there's not that many women here and actually, I'm treated very differently. So, I fell in love with it and then because I love it so much I just kind of powered through. >> Your passion is very palpable, so at any point did you feel, sort of, out of place? Going, I'm one of the only females here, or did you say, I don't care, I like this. >> Yeah, it's both. I mean, you feel out of place when there's very few people who look like you in the room. Even if you don't want to feel out of place, even if you try to pretend that's not the case, you can't help but feel that and when I was starting out and throughout my career, people didn't necessarily want to work with me, didn't believe I was a good programmer, even though I was at the top of all my classes and so even though I tried to make the most out of my experience, I couldn't really escape the stigma attached to my gender in this field. >> Alex, we're at an interesting part of our culture now, I suppose, especially online. On one hand, social media has elevated a lot of folks' voices that would not have been heard otherwise because of gatekeepers. On the other hand, we have our current online discourse, which is kind of, not very pleasant sometimes. So I am interested both kind of how you're navigating that online and then maybe as a followup, then as you work with companies, how you're working with them and what you're telling them, but in terms of online, I love Twitter and yet it frustrates me. Facebook as well, et cetera. How do you navigate that online yourself? >> That's a great question. Honestly, I have been kind of retreating from social media. I haven't really experienced too many negative interactions on social media because I'm not really a big presence there. I did kind of have a really bad experience once during a Grace Hopper conference. I tweeted something during the Male Allied panel of like, 2015, or something and that got picked up by some GamerGate writers and then a lot of people started tweeting negative things at me, but that's kind of the extent of my negative experiences online. I do think that, as you say, social media has allowed for uplifting of voices that were previously unheard, has allowed for activism to organize. There's so many positive things that come from social media and also it has a really nefarious affect on people and I think that something needs to change in terms of how these companies build their software. It needs to be safer for all people and also needs to be built more ethically. Less trying to manipulate our psyches. >> That's, I think, super important. Luckily at least that's a conversation now, right Lisa? That at least Facebook, I think eventually as a society we'll, I hope, we'll get through this and figure this out, but I don't feel like we're particularly literate with social at this point. But I did want to ask about your work with companies. You said you do talk with some companies about diversity and things like that, is there any either signs that folks are getting it right or things that you start off with as you're working, if someone asks, how do we become a more diverse workforce? >> Yeah, that's a good question. I can't really point to any companies that, I say, are doing amazing. There are some companies where I know folks are very happy. Slack is one of them, thoughtbot is another one of them. I'll say Gakko, but a few tips I generally give organizations is that you need to work to understand the problem. Why is there a lack of diversity in tech? Why is your team not diverse? Then you need to measure your data. You can't make a positive change if you don't know how much you're changing, right? So gather diversity data on your team, not just in terms of who's there, but who's in a leadership role. Who gets promoted? Who gets fired? Who's a manager? And then you need to commit. That's, I think, the place where a lot of people struggle is there's a lot of candidates who fit this, kind of, homogenous image of what a programmer is and so it can be easy sometimes to be like, well we need to hire someone right now so let's just hire this person. But in order to actually make a change you need to commit and you need to say I'm not going to compromise on the goals that we've set. >> You're absolutely right, that commitment word is exactly what's needed to drive that accountability to hold organizations up to that. I was just at VMware a couple of weeks ago in Palo Alto at the Women Transforming Technology event and we had a whole day of all talking with females in tech, which I always loved to do and theCUBE is very passionate about supporting that. The cultural change is imperative. We talk about digital transformation at every event and there's the CIO that says, hey we have to change the culture here to transform digitally, but also to start moving those numbers from, what, less than 25% of tech roles are held by women. The culture has to change. It seems like you're in a position, potentially, to actually influence the culture at these companies that you talk to about opening their eyes to commit. Does that excite you from within? >> Yes, I do talk to a lot of organizations about this, but I think the work that I do that might actually tip the scale is, basically, the education programs that I run in New York. All of my classrooms reflect the diversity of New York, both in terms of student and teacher bodies. So all of my students learn in an environment that is extremely diverse. They learn from teachers who look like them and I wish I learned to code in that way. Another important thing we teach our students is how to code as an ethical endeavor. So we teach our students to measure the ethical ramifications of their decisions when they build software so that hopefully the technologists of tomorrow, the CTO's of tomorrow they build code in a way that is best for humanity. They build code with empathy. >> Goin' back to your day job. You're working with kids. We talked about getting through social media, cultural change. Its going to depend on the next generation. So Alex, are the kids alright? Are they gonna save us? >> The kids are pretty alright. I mean, so my classroom is basically coding meets social entrepreneurship so all of our kids build an app that solves a problem they've identified in their communities and these kids are just coming up with the most beautiful solutions, like, more brilliant than any adult that I've met. I feel good about the future. >> Well, it's key to get those different perspectives and when you were saying, they're having the opportunity to code and create apps that are relevant to them that's where you can really ignite that passion. >> Exactly, that's so important >> It is important because when you're passionate about something, and we saw that on stage today with a lot of the Docker folks and Microsoft and McKesson, when you're passionate about something and really making a change, you can feel it. So it's good to hear that we're going in the right direction. Also, we're in this age, you talked about ethics, where it's essential. Because technology, we see a lot of examples where tech is not used for good and there's world leaders getting some of the leaders of tech companies together saying, I'm challenging you, make tech for good because we're seeing too much of the negative right now. How does that influence, whether it's the breaches at Equifax, or, there was a breach recently at MyHeritage, the DNA testing companies, to Cambridge Analytica. How do you see the kids, the young kids respond to that, going, that's a really poor use of tech. Are they aware of that? >> I think some kids are and in our classroom we spend some time talking about, we have discussions about, ethics of software. So that's something that's very important to us. But largely, most classrooms in the United States, no, I mean computer science education is not a standard in most classrooms in the US. In New York state, only 1% of high schoolers actually have access to any kind of computer science education and so most kids, they might hear tid bits from the T.V. or social media or something, but they're not necessarily informed enough to make one, good decisions as consumers and two, good decisions as potential technologists. So that's something that we are trying to spread and I hope other folks are also trying to work on. >> Another thing that I think is shocking is when we were at the Women Transforming Technology event just a few weeks ago at VMware in Palo Alto, they just announced with Stanford, Stanford is investing 15 million dollars into their gender research. VMware and Stanford wanting to look at what are the barriers for women in tech and minorities in tech and starting to dissolve some of those barriers. One of the things they actually had in their press release announcing this big 15 million dollar investment from VMware and Stanford is a Mckinsey report that said 20%, sorry, enterprise organizations that have females in management positions, probably executive management positions, didn't specify positions, are 20% more profitable. You just think, the numbers are saying when you have more thought diversity, you're actually going to be a more profitable organization, but I think to your point earlier, Alex, there has to be a commitment and there has to be a group within an organization that stands accountable. >> Absolutely. >> So we are thankful for you. (Alex laughs) for donating some of your time today to tell us what you're doing, it's good to hear the next generation, John, I think they got our backs. >> Alright, that's good. >> And Alex, have a great time with your very provocative session this afternoon. >> Thank you. >> We thank you so much for your time and it's really cool to hear how you're using your passion for tech for good. >> Thank you so much, it was great to be here. >> We want to thank you for watching theCUBE. I'm Lisa Martin with John Troyer. From San Francisco at DockerCon 2018. Stick around, John and I will be right back with out next guest. (upbeat music)

>> Voiceover: Live from San Francisco, it's The Cube. Covering Samsung Developer Conference 2017. Brought to you by Samsung. >> Okay, welcome back, everyone. Live here in San Francisco, this is The Cube's exclusive coverage of Samsung Developer Conference, SDC 2017. I'm John Furrier, co-founder of SiliconANGLE Media, and co-host of The Cube. My next guest is Dominic Venuto, who is the General Manager of the consumer division of The Weather Channel, and Watson Advertising, which is part of The Weather Company. Welcome to The Cube. >> Thank you for having me. >> Finally, I got the consumer guy on. I've interviewed The Weather Company folks from the IBM side, two different brands. One's the data, big data science operation going on, the whole Weather Company. But Weather Channel, the consumer stuff, Weather Underground, that's your product. >> Yes, you saved the best for last. We touch the consumer. >> So, weather content is good. So obviously, the hurricanes have been in the news over the years. Out here in California, the fires. People are interested in whether the impact, it used to be a unique thing on cable, go to the Weather Channel, check the forecast, read the paper. Now with online apps, weather is constantly a utility for users. So it's not a long-tail editorial product. It's pretty fundamental. >> Yeah, we want to be where our consumers are. Fundamentally we want to help people make better decisions and propel the world. And since weather touches everything, we need to be where the consumers are. So now, with all the digital touchpoints, whether that's your phone, or its a watch, your television, desktop if you still have one and you're still using it, as some of us do. We want to be there, for that very reason. And in fact, what we're aiming for, is to move from a utility, because if we are going to help people make better decisions, a utility only goes so far, would be a platform to anticipate behavior and drive decisions. >> So tell me about the Weather Underground and the weather.com consumer product. They're all one in the same now? Obviously one was very successful, with user generated content. This is not going away. Explain the product side of The Weather Channel consumer division. >> Yeah, so we have two brands in our portfolio, Weather Underground, which is more of a challenger brand. It's very data rich, and visualizes data in a number of different ways, that a certain user group really loves. So if you're a weather geek, as we call them, an avid aficionado of weather, and you really want to really get in there and understand what's happening, and look at the data, then Weather Underground is a platform. >> So for users to tie into, to put up weather stations, and other things that might be relevant. >> Exactly so, we started out in 2001, originally the first IOT implementation at the consumer level, connected devices. Where you could connect a personal weather station, put one in your back yard, and connect it to our platform, and feed hyper-local data into our network. And then we feed that into our forecast, to improve that, and actually validate whether the forecast is right or not, based on what people have at home. And we've hit a recent milestone. We've got over 250,000 personal weather stations connected to the network, which we are super thrilled about. And now, what we are doing is, we are extending that network to other connected devices, and air quality is a big topic right now, in other parts of the world, especially in Asia, where air quality is not always where it should be, that's a big thing we think we can... >> That's a big innovation opportunity for you, I mean, you point out the underground product was part of maker-culture, people do-it-yourself weather stations, evolve now into really strong products. That same dynamic could be used for air control, not just micro-climates. >> Exactly, yeah. >> In California, we had a problem this week. >> Exactly, California is a good example, really topical, where cities may have had great air quality, and all of the sudden the environment changes, and you want to know, what is it like? What is the breathing quality like outside right now? And you can come to our network and see that. And we're growing the air quality sensors every month, it's only been up a few months right now, so that's expanding quite well. >> So for the folks that don't know, The Weather Channel back end, has a huge data-driven product. I don't want to get into that piece, because we've talked about it. Go to youtube.com/siliconangle, search Weather Company. You'll see all our great videos from the IBM events, that are out, if you want the detail. But I do want to ask you, what's really happening with you guys, there's two things. One is, it's an app and content for devices, like Samsung is using. And two, essentially you're an IOT network. Sensors are sensors, whether they're user-generated, or user-populated, you guys are deploying a serious IOT capability. >> Absolutely, it's one of the reasons that IBM acquired The Weather Company, which houses the brands of Weather Underground and The Weather Channel, is that we have this fantastic infrastructure, this IOT infrastructure, ingesting large amounts of data, processing it, and then serving it back out to consumers at scale globally. >> What are you guys doing there with Samsung? Anything just particular in the IOT side, or? >> We've got a couple of initiatives going on with Samsung, a few I can't mention right now, but stay tuned. Some really cool things in the connect-at-home, that we're excited about, that builds on some of the work... >> Nest competitor? >> Not exactly a Nest competitor. Think more kitchen. >> Kitchen, okay. >> Think more kitchen. >> We had the goods, cooking in the kitchen, from our previous guest. So the question is, IOT personal, I get that. What else is going on with IOT, with you guys, that you can share? Lifestyle, in the home is great, but... >> So again, going back to how do we help people make better decisions, now that we are collecting data from not just personal weather stations, but air quality monitors, we are collecting it from cars, we are collecting it from the cell phone. We are really able to ingest data at scale, and when you're doing that, we've got hundreds of thousands of data sets that we are feeding into our models, when you do that, we've solved the computing challenge, now we are applying machine-learning and artificial intelligence to process this and extract insights. To validate data sets, in our forecast, and then deliver that back to the end user. >> One of the tech geek themes we talk about all of the time is policy-based something. Programming, setting the policy. So, connecting the dots from what you're saying is, I'm driving my car, and I want to know if it's hot, or the road temperature. I might want to know if I'm running too fast, and my sensor device on me wants to impact the weather, for comfortable breathing for me, for instance. The lifestyle impacts, the content of data, is not just watching a video on The Weather Channel. >> No, it's not. >> So this is a new user experience. It's immersive, it's lifestyle-oriented, it's relevant. What are some of the products you're doing with Samsung, that can enable this new user expectation? >> One of the products that we have right now, we we're one of the initial partners for the Made for Samsung program, is, we've got calendar integration in our app. So now we know, if you've got a meeting coming up, and you need to travel to get there, maybe there's a car trip involved, we know, obviously, the forecast. We know what traffic might be, and we can give you heads up, an alert, that says, hey you might want to leave 15 minutes early for that meeting coming up. That's in the Samsung product right now, which is really, again, helping people make better decisions. So we've got a lot of examples like that. But again, the calendar integration in the Made for Samsung app is really exciting. We recently announced, in fact I think it was this morning, we announced integration with Trip Advisor. So similarly, if we see time on your calendar, and the weather is fine for the weekend, we might suggest outdoor activities for you to go and explore, using Trip Advisor's almost one-billion library of events that they have. >> What's the coolest thing you guys are working on right now? >> Oh, that's a very long list. I say that I'm probably the luckiest guy in IBM right now, because I get to work with millions of consumers, we reach 250 million consumers a month, and I'm also bringing Watson to consumers, and artificial intelligence, which is a unique challenge to solve. Introducing consumers to a new paradigm of user interaction and abilities. So, I think the most exciting thing is taking artificial intelligence and machine-learning, and bringing that to consumers at scale, and solving some of the challenges there. >> Well contratulations. I'm a big fan of IBM, what they're doing with weather data, The Weather Company, The Weather Channel. Bringing that data and immersing it into these new networks that are being created, new capabilities, really helps the consumer, so. Hope to see you at the Think conference coming up next year. >> Yes, we are excited about that, and stay tuned, we may have some more exciting stuff to unveil. >> Make sure our writers get ahold of it, break the stories. It's The Cube, bringing you the data. The weather's fine in San Francisco today. I'm John Farrier with The Cube. More live from San Francisco, from the SDC Samsung Developer Conference, after this short break. (electronic music)

>> Announcer: Live from Orlando, Florida. It's the Cube. Covering, Grace Hopper Celebration of Women in Computing brought to you by Silicon Angle Media. >> Welcome back to the Cube's coverage of the Grace Hopper Conference here in Orlando, Florida. I'm your host Rebecca Knight. We're joined by Jarvis Sam, he is the manager of global diversity issues at Snap Inc. Welcome. >> Thank you so much for having me. I'm really happy to be here. >> So, I've gotta--first of all, you're wearing a Rosie the Riveter shirt, we've got these tchotchkes here, can you explain to our viewers a little bit about them? We got to, we got to talk about these first. >> Of course, so, the shirt was actually inspired by our Lady Chilla, that's our local women employee resource group at Snap. The idea was take the ghost, a representative mascot of Snap Inc. and parlay that with the idea of Rosie the Riveter, of course powerful in her own right. >> Rebecca: Alright, I love it, and then these spectacles are...? >> Yeah, so spectacles are Snap Inc.'s first ever hardware product released earlier this year. They allow for you to take an in-the-moment Snap, to be featured on your phone, using Bluetooth technology for iPhones and then WiFi technology for Android. They allow individual users to record Snaps on their phone, while of course not distorting the experience of being able to use their hands in the moment. >> Rebecca: So, I love it, these are the recruiting tactics: your own products. >> Exactly >> Want to play with these toys? Come work for us? >> Yes! >> So, tell us a little bit about what you do, Jarvis. Before you were at Snap, you were at Google. You were interested in really engaging in these diversity issues. So what do you at Snap? >> Yeah, so, at Snap, I manage our global diversity effort. What that includes is analyzing the diversity framework across three key verticals; first on the pipeline layer. So, what are we doing by way of K-12 education to ensure communities of color as well as women-- >> Rebecca: K-12? Wow. >> Exactly. >> Have specific opportunities in the space to be impactful. We often create this framework or archetype for what we think is ineffective software engineer for example or account manager. Reframing that by providing access and opportunity is showcase to people that the image that we have is not always the image that we want to portray, is critical. Next then we focus heavily on the idea of the candidate, so candidate experience. Deep diving into understanding key talent acquisition measures as well as key HR practices that will allow for us to create the best experience, moves us forward in that regard. But then finally, and this is where we get to the whole global perspective. Is the idea of the employee. Creating a nurturing community where the idea of psychological safety is not only bolstered but ensuring that your community feels empowered to the idea of inclusion. Making sure inclusion is not just a seat at the table but rather a voice in the conversation that can be actioned upon. >> So I want to dig into that a little bit, this voice in the conversation. Before the cameras were rolling you were talking about these very difficult candid conversations that employees at same have. Tell our viewers a little bit more about that. >> Yeah, so I think one of the greatest challenges across the tech industry and at Snap as well is the idea of referral networks. The tech industry on its own right has grown so greatly out of referral networks. People that you have worked with perviously, people that have the same academic or pedagogical experience as you. The problem with that is, the traditional network analysis would seem to let us know that you often refer people who look like you, or come from a similar internal dimension background as yourself. In a community that's largely rooted in a dominated discourse by white or Asian males. That means that we're continuing to perpetuate that exact same type of rhetoric. >> Rebecca: That's who you're recruiting. >> Exactly. And so then idea of getting more women or communities of color involved in that space can often be distorted. So that remains a challenge that we as a company as well as the tech industry need to overcome is understanding; one, how do we encourage more diverse referrals over time. But then two, creating an ecosystem where this seems natural and not like an artificial standard. >> Okay, so how do you do it? I mean that we've pinpointed the problem and it absolutely is a problem, but what are the kinds of things that Snap is doing to improve the referral process? >> So it's the idea of being innovative by design. One thing that's unique about Snap in particular is that we are an LA-based company. >> So based out of Venice Beach and Santa Monica, California. We don't face a lot of the core challenges that we see in Silicon Valley. And as a result have the opportunity to be more innovative in our approach. As a result when we look to referral networks in particular. One thing that Snap has focused on is the idea of diversity recruiting as a core pillar or tenant of all of our employee research groups. Not only do they join us to attend conferences like Grace Hopper, like the National Society of Black Engineers. But we actually do sourcing jams. Where we sit down with them and mine their networks. Either on LinkedIn-- >> Rebecca: Sourcing jams? >> Yes >> Rebecca: I love it. >> Yes Either on LinkedIn or GitHub or any of the various professional networking sites that they work on. Or technical networking sites to find out who are great talents that they've worked with before. >> Who do you know? Who can join us? >> Exactly. And what's more significant than that, is creating a sense of empowerment where we actually having them reach out to their network as opposed to a recruiter. This creates more of a warm and welcoming environment for the candidate. Where the idea of being a simple passive candidate is further explored by activating them to showcase how your experience has been great. >> And how are you also ensuring that the experience at Snap is great, particularly for women and people of color? >> Yes, so one area is our employee resource group. So we have a couple, so Lady Chilla is of course what I am wearing today. But Snap Noir for the black community. Snap Pride for the LGTBQ plus community and Low Snaps for the Latin X community. >> Rebecca: How big is Snap, we should just-- >> Yeah, about 3,000 people globally. >> Okay, 3,000. Okay, wow. >> And so one of the exciting things that we do is ERG that. So it's where we bring all of our employee resource groups together and they hold massive events every single quarter. To encourage other communities that are either allies or individuals of the sociological out group to understand what they do. But this deploys in so many different ways. In June, for Pride for example, we held drag bingo. Where our LGTBQ plus community participated. In March, we did a whole series of events celebrating women in engineering, women in sales, and women in media that resulted in a large expanse of events allowing for people to come in and learn about, not only the female experience more broadly, but particularly at Snap and some of the great endeavors that they're working on. >> And I know you are also working with other organizations like Girls Who Code, Women Who Code, Made with Code. Can you tell the viewers a little bit more about Snap's involvement. >> 100% Made with Code is one of the most exciting projects that I've had the opportunity to work on. It was for me personally this great combination of working with my previous employer Google, and Snap. So Google's Made with Code project is an idea that started to empower teen girls to code, ages 13 to 18 primarily. What they found is was that's exactly the same demographic that primarily uses our product. And so about three months ago, we decided to come together to launch an imitative where we'd have teen girls make geofilters, one of Snap's core products. The project actually launched one week ago, and teen girls are using Blocky technology to actually go about creating their own geofilters. And then writing a 100 word personal statement defining what their vision for the future of technology is. I'm personally exciting to say after checking the numbers this morning, more than 22,000 girls have already submitted responses to participate. And they will culminate in an event, November 1 through 3. Where we will take the top five finalists to TED Women in New Orleans. To not only showcase women who have done incredible things in the past and present. But also showcase their work at participating in this competition, as the women of technology for the future. >> Rebecca: And the next generation. >> Exactly. >> So we're running out of time here, but I want to just talk finally about the headlines. It's very depressing, you know the Google Manifesto, the sexism that we've seen against women. The racism in the industry. These are are-- we don't want to talk about it at this celebration of computing because we want to focus on the positives. And yet, where do you feel, particularly because you have worked at large tech companies, on these issues for a while now? >> Not facing challenges head on is going to be the greatest threat to the tech industry. The idea of avoiding conversation and avoiding sheer communication of these challenging issues will continue to raise-- >> Rebecca: And ignoring the bad behavior. >> Exactly, and it results in negative rhetoric that inherently put these communities out of wanting to work in this specific industry. But arguably given that technology not only represents the face of the future but how every single product and entity is made for the future, we have to include individuals. Everyone often wants to highlight the McKinsey study from Diversity Matters. Highlighting all of these great ways of diversity impacting business, but we need to look at it in addition from an ethic standpoint. The idea that technology represents how we are building our future. Leaving entire communities out of that primarily focusing on people of color and women, will result in a space where these communities will never have access, opportunity and thus employment to exist in this space. Being able to attack these issues head on, address the bad behavior, highlight what the potential implication is step one. Step two though is being proactive in everything that we're doing, to attempt to ameliorate that from the beginning. You'll notice one thing that's very different about Snap's diversity strategy is we seek to build infrastructure first, then focus on talent acquisition. Once we can ensure that communities of color and women are entering a space that is psychologically safe, open, and inviting. Then we can focus on how we're bringing in talent effectively so that the idea of retention and advancement is not an afterthought but rather top of mind. >> Right, because you can't recruit them if they haven't had the opportunities to begin with. >> Exactly, and that's what Snap often upholds the value of the idea that diversity is our determination, while inclusion is our imperative. >> Jarvis, I love it. >> Thank you so much. >> This has been really fun talking to you. >> Thank you. >> We will have more from Orlando, Florida at the Grace Hopper Celebration of Women in Computing just after this. (upbeat music)