(upbeat music) >> Welcome back to Supercloud22. This is an open community event, and it's dedicated to tracking the future of cloud in the 2020s. Supercloud is a term that we use to describe an architectural abstraction layer that hides the underlying complexities of the individual cloud primitives and APIs and creates a common experience for developers and users irrespective of where data is physically stored or on which cloud platform it lives. We're now going to explore the nuances of going to market in a world where data architectures span on premises across multiple clouds and are increasingly stretching out to the edge. Paula Hansen is the President and Chief Revenue Officer at Alteryx. And the reason we asked her to join us for Supercloud22 is because first of all, Alteryx is a company that is building a form of Supercloud in our view. If you have data in a bunch of different places and you need to pull in different data sets together, you might want to filter it or blend it, cleanse it, shape it, enrich it with other data, analyze it, report it out to your colleagues. Alteryx allows you to do that and automate that life cycle. And in our view is working to break down the data silos across clouds, hence Supercloud. Now, the other reason we invited Paula to the program is because she's a rockstar female in tech, and since day one at theCube, we've celebrated great women in tech, and in this case, a woman of data, Paula Hansen, welcome to the program. >> Thank you, Dave. I am absolutely thrilled to be here. >> Okay, we're going to focus on customers, their challenges and going to market in this cross cloud, multi-cloud, Supercloud world. First, Paula, what's changing in your view in the way that customers are innovating with data in the 2020s? >> Well, I think we've all learned very clearly over these last two years that the global pandemic has altered life and business as we know it. And now we're in an interesting time from a macroeconomic perspective as well. And so what we've seen is that every company in every industry has had to pivot and think about how they meet redefined customer expectations and an ever evolving competitive landscape. There really isn't an industry that wasn't reshaped in some way over the last couple of years. And we've been fortunate to work with companies in all industries that have adapted to this ever changing environment by leveraging Alteryx to help accelerate their digital transformations. Companies know that they need to unlock the full potential of their data to be able to move quickly to pivot and to respond to their customer's needs, as well as manage their businesses most efficiently. So I think nothing tells that story better than sharing a customer example with you, Dave. We love to share stories of our very innovative customers. And so the one that I'll share with you today in regards to this is Delta Airlines, who we're all very familiar with. And of course Delta's goal is to always keep their airplanes in the air flying passengers and getting people to their destinations efficiently. So they focus on the maintenance of their aircraft as a necessary part of running their business and they need to manage their maintenance stops and the maintenance of their aircraft very efficiently and effectively. So we work with them. They leverage our platform to automate all the processes for their aircraft maintenance centers. And so they've built out a fully automated reporting system on our platform leveraging tons of data. And this gives their service managers and their aircraft technicians foresight into what's happening with their scheduling and their maintenance processes. So this ensures that they've got the right technicians in the service center when the aircrafts land and that everything across that process is fully in place. And previously because of data silos and just complexity of data, this process would've taken them many many hours in each independent service center, and now leveraging Alteryx and the power of analytics and bringing all the data together. Those centers can do this process in just minutes and get their planes back in the air efficiently and delivering on their promises to their customers. So that's just one of many examples that we have in terms of the way the Alteryx analytics automation helps customers in this new age and helping to really unlock the power of their data. >> You know, Paul, that's an interesting example. Because in a previous life I worked with some airlines and people maybe don't realize this but, aircraft maintenance is the mission critical application for carriers. It's not the booking system. Because we've been there before, we show you there's a problem when you're booking or sometimes it's unfortunate, but people they get de booked. But the aircraft maintenance is the one that matters the most and that keeps planes in the air. So we hear all the time, you just mention it. About data silos and how problematic they are. So, specifically how are you seeing customers thinking about busting the data silos? >> Yeah, that's right, it's a big topic right now. Because companies realize that business processes that they run their business with, is very cross-functional in nature and requires data across every department in the enterprise. And you can't keep data locked in one department. So if you think of business processes like pay to procure or quote to cash, these are business processes that companies in every industry run their business. And that requires them to get data from multiple departments and bring all of that data together seamlessly to make the best business decisions that they can make. So what our platform does is, and is really well known for, is being very easy for users number one, and then number two, being really great at getting access to data quickly and easily from all those data silos, really, regardless of where it is. We talk about being everywhere. And when we say that we mean, whether it's on-prem, in your legacy applications and databases, or whether it's in the cloud with of course, all the multiple cloud platforms and modern cloud data warehouses. Regardless of where it is, we have the ability to bring that data together across hundreds of different data sources, bring it together to help drive insights and ultimately help our customers make better decisions, take action, and deliver on the business outcomes that they all are trying to drive within their respective industries. And what's- >> You know- >> Go ahead. >> Please carry on. >> Well, I was just going to say that what I do think has really sort of a tipping point in the last six months in particular is that executives themselves are really demanding of their organizations, this democratization of data. And the breaking down of the silos and empowering all of the employees across their enterprise regardless of how sophisticated they are with analytics to participate in the analytic opportunity. So we've seen some really cool things of late where executives, CEOs, chief financial officers, chief data officers are sponsoring events within their organizations to break down these silos and encourage their employees to come together on this democratization opportunity of democratization of data and analytics. And there's a shortage of data scientists on top of this. So there's no way that you're going to be able to hire enough data scientists to make sense of all this data running around your enterprise. So we believe with our platform we empower people regardless of their skillset. And so we see executives sponsoring these hackathons within their environments to bring together people to brainstorm and ideate on use cases, to share examples of how they leverage our platform and leverage the data within their organization to make better decisions. And it's really quite cool. Companies like Stanley Black & Decker, Ingersoll Rand, Inchcape PLC, these are all companies that the executive team has sponsored these hackathon events and seen really powerful things come out of it. As an example Ingersoll Rand sponsored their Alteryx hackathon with all of their data workers across various different functions where the data exists. And they focused on both top line revenue use cases as well as bottom line efficiency cases. And one of the outcomes was a use case that helped with their distribution center in north America and bringing all the data together across their various applications to reduce the amount of over ordering and under ordering of parts and more effectively manage their inventory within that distribution center. So, really cool to see this is now an executive level board level conversation. >> Very cool, a hackathon bringing people together for collaboration. A couple things that you said I want to comment on. Again, one of the reasons why we invited you guys to come on is, when you think about on-prem data and anybody who follows theCube and my breaking analysis program, knows we're big fans of Zhamak Dehghani's concept of data mesh. And data mesh is supposed to be inclusive. It doesn't matter if it's an S3 bucket, Oracle data base, or data warehouse, or data lake, that's just a note on the data mesh. And so it should be inclusive and Supercloud should include on-prem data to the extent that you can make that experience consistent. We have a lot of technical sessions here at Supercloud22, we're focusing now and go to market and the ecosystem. And we live in a world of multiple partners exploding ecosystems. And a lot of times it's co-opetition. So Paula, when you joined Alteryx you brought a proven go to market discipline to the company. Alignment with the customer, playbooks, best practice of sales, et cetera. And we've seen the results. It's a big reason why Mark Anderson and the board promoted you to president just after 10 months. Summarize how you approached the situation at Alteryx when you joined last spring. >> Yeah, I think first we were really intentional about what part of the market, what type of enterprises get the most benefit from the innovation that we deliver? And it's really clear that it's large enterprises. That the more complex a company is, most likely the more data they have and oftentimes the more decentralized that data is. And they're also really all trying to figure out how to remain competitive by leveraging that data. So, the first thing we did was be very intentional that we're focused on the enterprise and building out all of the capability required to be able to serve the enterprise. Of course, essential to all of that is having a platform capability because enterprises require that. So, with Suresh Vittal our Chief Product Officer, he's been fantastic in building out an end to end analytic platform that serves a wide range of analytic capabilities to a wide range of users. And then of course has this flexibility to operate both on-prem and in the cloud which is very important. Because we see this hybrid environment in this multicloud environment being something that is important to our customers. The second thing that I was really focused on was understanding how do you have those conversations with customers when they all are in maybe different types of backgrounds? So the way that you work with a business analyst in the office of finance or supply chain or sales and marketing, is different than the way that you serve a data scientist or a data engineer in IT. The way that you talk to a business owner who wants not to really understand the workflow level of data but wants to understand the insights of data, that's a different conversation. When you want to have a conversation of analytics for all or democratization of analytics at the executive level with the chief data officer or a CIO, that's a whole different conversation. And so we've built very specific sales plays to be able to have those conversations bring the relevant information to the relevant person so that we're really making sure that we explain the value proposition of the platform. Fully understand their world, their language and can work with them to deliver the value to them. And then the third thing that we did, was really heavily invest in our partnerships and you referenced this day. It's a a broad ecosystem out there. And we know that we have to integrate into that broad data ecosystem. and be a good partner to serve our customers. So, we've invested both in technology integration as well as go to market strategies with cloud data warehouse companies like Snowflake and Databricks, or RPA companies like UiPath and Blue Prism, as well as a wide range of other application and all of the cloud platforms because that's what our customers expect from us. So that's been a really important sort of third pillar of our strategy in making sure that from a go to market perspective, we understand where we fit in the ecosystem and how we collectively deliver on value to our joint customers. >> So that's super helpful. What I'm taking away from this is you didn't come to it with a generic playbook. Frank Lyman always talks about situation leadership. You assess the situation and applied that and a great example of partners is Snowflake and Databricks, these sort of opposites, but trying to solve similar problems. So you've got to be inclusive of all that. So we're trying to sort of squint through this Paula and say, okay, are there nuances and best practices beyond some of the the things that you just described that are unique to what we call Supercloud? Are there observations you can make with respect to what's different in this post isolation economy? Specifically in managing remote employees and of course remote partners, working with these complex ecosystems and the rise of this multi-cloud world, is it different or is it same wine new bottle? >> Well, I think it's both common from the on-prem or pre-cloud world, but there's also some differences as well. So what's common is that companies still expect innovation from us and still want us to be able to serve a wide range of skill sets. So our belief is that regardless of the skill set that you have, you can participate in the analytics opportunity for your company and unlocking the potential of your data. So we've been very focused since our inception to build out a platform that really serves this wide range of capabilities across the enterprise space. What's perhaps changed more or continues to evolve in this cloud world is just the flexibility that's required. You have to be everywhere. You have to be able to serve users wherever they are and be able to live in a multi-cloud or super cloud world. So when I think of cloud, I think it just unlocks a whole bigger opportunity for Alteryx and for companies that want to become analytic leaders. Because now you have users all over the globe, many of them looking for web-based analytic solutions. And of course these enterprises are all in various places on their journey to cloud and they want a partner and a platform that operates in all of those environments, which is what we do at Alteryx. So, I think it's an exciting time. I think that it's still very early in the analytic market and what companies are going to do to leverage their data to drive their transformation. And we're really excited to be a part of it. >> So last question is, I said up front we always like to celebrate women in tech. How'd you get into tech.? You've got a background, you've got somewhat of a technical background of being technical sales. And then of course rose up throughout your career and now have a leadership position. I called you a woman of data. How'd you get into it? Where'd you find the love of data? Give us the background and help us inspire some of the young women out there. >> Oh, well, but I'm super passionate about inspiring young women and thinking about the future next generation of women that can participate in technology and in data specifically. I grew up loving math and science. I went to school and got an electrical engineering degree but my passion around technology hasn't been just around technology for technology's sake, my passion around technology is what can it enable? What can it do? What are the outcomes that technology makes possible? And that's why data is so attractive because data makes amazing things possible. I shared some of those examples with you earlier but it not only can we have effect with data in businesses and enterprise, but governments globally now are realizing the ability for data to really have broad societal impact. And so I think that that speaks to women many times. Is that what does technology enable? What are the outcomes? What are the stories and examples that we can all share and be inspired by and feel good and and inspired to be a part of a broader opportunity that technology and data specifically enables? So that's what drives me. And those are the conversations that I have with the women that I speak with in all ages all the way down to K through 12 to inspire them to have a career in technology. >> Awesome, the more people in STEM the better, and the more women in our industry the better. Paula Hansen, thanks so much for coming in the program. Appreciate it. >> Thank you, Dave. >> Okay, keep it right there for more coverage from Supercloud 22, you're watching theCube. (upbeat music)

(energetic music) >> Announcer: From our studios in the heart of Silicon Valley; Palo Alto, California. This is a CUBE Conversation. >> Hi everyone, welcome to this special CUBE Power Panel recorded here in Palo Alto, California. We've got remote guests from around the Internet. We have Evan Anderson, Mark Anderson, Phil Lohaus. Thanks for comin' on. Evan is with INVNT/IP, an organization with companies and individuals that fight nation-sponsored intellectual property theft and also author of the huge report Theft Nation Almost a 100 pages of really comprehensive analysis on it. Mark Anderson with the Future in Review CEO of Pattern, Computer and Strategic New Service Chairman of Future in Review Conference, and author of the book "The Pattern Future: "Find the World's Greatest Secrets "and Predicting the Future Using Discovery Patterns" and Phil Lohaus, American Enterprise Institute. Former intelligent analyst, researcher at the American Enterprise Institute, studying competitive strategy and emerging technologies. Guys, thanks for coming on. This topic is, is industrial IoT the new battleground? Mark, you cover the Future Review. Security is the battleground. It's not just a silo'd space. It's horizontally scalable across every single touch point of the Internet, individuals, national security, companies, global, what's your perspective on this new battleground? >> Well, thank you, I took some time and watched your last presentation on this, which I thought was excellent. And maybe I'll try to pick up from there. There's a lot of discussion there about the technical aspects of IoT, or IIoT, and some of the weaknesses, you know firewalls failing, assuming that someone's in your network. But I think that there's a deeper aspect to this. And the problem I think, John, is that yes, they are in your network already, but the deeper problem here is, who is it? Is it an individual? Is it a state? And whoever it is, I'm going to put something out that I think is going to be worth talking more deeply about, and that is, if people who can do the most damage are already in there, and are ready to do it, the question isn't "Can they?" It's "Why have they not?" And so literally, I think if you ask world leaders today, are they in the electric grid? Yes. Is Russia in ours, are we in theirs? Yes. If you said, is China in our most important areas of enterprise? Absolutely. Is Iran in our banks and so forth? They are. And you actually see states of war going on, that are nuisances, but are not what you might call Cybergeddon. And I really believe that the world leaders are truly afraid. Perhaps more afraid of that than of nuclear war. So the amount of death and destruction that could happen if everybody cut loose at the same time, is so horrifying, my guess is that there's a human restraint involved in this, but that technically, it's already game over. >> Phil, Cybergeddon, I love that term, because that's a part of our theme here, is apocalypse now or later? Industrial IoT, or IIoT, or the Internet, all these touch points are creating a surface area that for penetration's purposes, any packet can get in. Nation-states, malware, you name it. It's all problem. But this is the new war battleground. This is now digital Cybergeddon. Forget the wall on the southern border, physical wall. We're talking about a digital wall. We have major threats going on to our society in the United States, and global. This is new, rules of engagement, or no rules of engagement on how to compete in a digital war. This is something that the government's supposed to protect us for. I mean, if someone drops troops in California, physical people, the government's supposed to stop that. But if it's a digital war, it's packets. And the companies are responsible for all this. This doesn't make any sense to me. Break it down, what's the problem? And how do we solve this? >> Sure, well the problem is is that we're actually facing different kinds of threats than we were typically used to facing in the past. So in the past when we go to war, we may have a problem with a foreign country, or a conflict is coming up. We tend to, and by we I mean the United States, we tend to think of these things as we're going to send troops in, or we're going to actually have a physical fight, or we're going to have some other kind of decisive culmination of events, end of a conflict. What we're dealing with now is very different. And it's actually something that isn't entirely new. But the adversaries that we're facing now, so let's say China, Russia, and Iran, just to kind of throw them into some buckets, they think about war very differently. They think about the information space more broadly, and partially because they've been so used to having to kind of be catching up to America in terms of technology, they found other ways to compete with America, and ways that we really haven't been focusing on. And that really, I would argue, extends most prominently to the information space. And by the information space I'm speaking very broadly. I'm talking about, not just information in terms of social media, and emails, and things like that, but also things like what we're talking about today, like IIoT. And these are new threat landscapes, and ones where our competitors have a integrated way of approaching the conflict, one in which the state and private sectors kind of are molded or fused or at least are compelled to work together and we have a very different space here in the United States. And I'm happy to unpack that as we talk about that today, but what we're now facing, is not just about technical capabilities, it's about differences in governing systems, differences in governing paradigms. And so it's much bigger than just talking about the technical specifics. >> Evan, I want you to weigh in on this because one of the things that I feel strongly about, and this is pretty obvious from the commentary, and experts I talk to is, the United States has always been good at defending itself physically, you know war, in being places. Digitally, we've been really good at offense, but terrible on defense, has been the metaphor. I spoke with former four-star General Keith Alexander, who ran the NSA and was first commander of the cyber command, who is now the CEO of IronNet. He and I were talking on-camera and privately and he's saying, "Look it. "we suck at defense digitally. "We're great at offense, we can take someone out "on the offense." But we're talking about IoT, about monitoring. These are technical challenges. This is network nerds, and software engineers have to solve this problem with the prism of defense. This is a new paradigm. This is what we're kind of getting to. And Mark, you kind of addressed it. But this is the challenge. IoT is going to create more points that we have to defend that we suck now at defending, how are we going to get better. This is the paradox. >> Yeah, I think that's certainly accurate. And one of our problems here is that as a society we've always been open. And that was how the Internet was born. And so we have a real paradigm shift now from a world in which the U.S. was leading an open world, that was using the Internet for, I mean there have been problems with security since day one, but originally the Internet was an information-sharing exercise. And we reached a point in human history now where there are enough malicious hackers that have the capabilities we didn't want them to have, but we need to change that outlook. So, looking at things like Industrial IoT, what you're seeing is not so much that this is the battlefield in specific, it's that everything like it is now the battlefield. So in my work specifically we're focused more on economic problems. Economic conflicts and strategies. And if you look at the doctrines that have come out of our adversaries in the last decade, or really 20 years, they very much did what Phil said, and they looked at our weaknesses, and one of those biggest weaknesses that we've always had is that an open society is also unable necessarily to completely defend itself from those who would seek to exploit that openness. And so we have to figure out as a society, and I believe we are. We're running a fine line, we're negotiating this tightrope right now that involves defending the values and the foundational critical aspects of our society that require openness, while also making sure that all the doors aren't open for adversaries. And so we'll continue to deal with that as a society. Everything is now a battlefield and a much grayer area, and IoT certainly isn't helping. And that's why we have to work so hard on it. >> I want to talk about the economic piece on the next talk track of rounds. Theft, and intellectual property that you cover deeply. But Mark and Phil, this notion of Cybergeddon meets the fact that we have to be more defensive. Again, principles of openness are out there. I mean, we have open source. There is a potential path here. Open source software has been, I think, depending on who you talk to, fourth generation, or fifth, depending on how old you are, but it's now mainstream enough now. Are we ever going to get to a formula where we can actually be strong in defense as well as just offense with respect to protecting digitally? >> Phil, do you want that? >> Well, yeah, I would just say that I'm glad to hear that General Alexander is confident about our offensive capabilities. But one of the... To NSA that is conducting these offensive capabilities. When we talk about Russia, Iran, China, or even a smaller group, like let's say an extremist group or something like that, there's an integration between command and control, that we simply don't have here in the States. For example, the Panasonic and Sony examples always come to mind, as ones where there are attacks that can happen against American companies that then have larger implications that go beyond just those companies. So and this may not be a case where the NSA is even tracking the threat. There's been some legislation that's come out, rather controversial legislation about so-called hacking back initiatives and things like that. But I think everybody knows that this is already kind of happening. The real question is going to be, how does the public sector, and how does the private sector work together to create this environment where they're working in synergy, rather than at cross purposes? >> Yeah, and this brings up, I've heard this before. I've heard people talk about the fact that open source nation states can actually empower by releasing tools in open source via the Dark Web or other vehicles, to not actually have, quote, their finger prints, on any attacks. This seems to be a tactic. >> Or go through criminals, right? Use proxies, things like that. It's getting even more complicated and Alexander's talked about that as well, right? He's talked about the convergence of crime and nation-state actions. So whereas with nation-states it's already hard-attributed enough, if that's being outsourced to either whether it's patriotic hackers or criminal groups, it's even more difficult. >> I think you know, Keith is a good friend of all of ours, obviously, good guy. His point is a good one. I'd like to take it a little more extreme state and say, defense is worth doing and probably hopeless. (everyone laughs) So, as they always say, all it takes is one failure. So, we always talk about defense, but really, he's right. Offense is easy. You want to go after somebody? We can get them. But if you want to play defense against a trillion potential points of failure, there's no chance. One way to say this is, if we ignore individuals for a moment and just look at nation-states, it's pretty clear that any nation-state of size, that wants to get into a certain network, will get in. And then the question will be, Well, once they're in, can they actually do damage? And the answer is probably yeah, they probably can. Well, why don't they? Why don't they do more damage? We're kind of back to the original premise here, that there's some restraint going on. And I suspect that Keith's absolutely right because in general, they don't want to get attacked. They don't want to have to come back at them what they're about to do to your banks or your grid, and we could do that. We all could do that. So my guess is, there's a little bit of failure on our part to have deep discussions about how great our defenses either are, or are not, when frankly the idea of defense is a good idea, worthwhile idea, but not really achievable. >> Yeah, that's a great point. That comes up a lot where it's like, people don't want retaliation, so it's a big, critical event that happens, that's noticeable as a counterstrike or equivalent. But there's been discussion of the, I call it "the slow bleed" where they push the line of where that is, like slowly infiltrate, and just cause disruption and inconvenience, as a tactic. This has become something we're seeing a lot of. Whether it's misinformation campaigns on fake news, to just disrupting operations slowly over time, and just kind of, 1,000 paper cuts, if you will. Your guys' thoughts on that? Is that something you guys see out there that's happening? >> Well, you saw Iran go after our banks. And we were pushing Iran pretty hard on the sanctions. Everybody knows they did that. It wasn't very much fun for anybody. But what they didn't do is take down the entire banking system. Not sure they could, but they didn't. >> Yeah, I would just add there that you see this on multiple fronts. You see this is by design. I'm sure that Mark is talking about this in his report but... they talk about this incremental approach that over time, this is part of the problem, right? Is that we have a very kind of black or white conception of warfare in this country. And a lot of times, even companies are going to think, well you know, we're at peace, so why would I do something that may actually be construed as something that's warlike or offensive or things like that? But in reality, even though we aren't technically at war, all of these other actors view this as a real conflict. And so we have to get creative about how we think about this within the paradigm that we have and the legal strictures that we have here in this country. >> Well there's no doubt at least in my non-expert military opinion, but as someone who is a techie, been on the Internet from day one, all my life, and all those tools, you guys as well, I personally think we're at war. 100%, there's no debate on that. And I think that we have to get better policy around this and understand it better. Because it's happening. And one of the obvious areas that we see in the news everyday, it's Huawei and intellectual property theft. This is an economic impact. I mean just look at what's happening in Brexit in the U.K. If that was essentially manipulated, that's the ultimate smart bomb, is to just destroy their financial system, which ended up happening through that misinformation. So there are economic realizations here, Evan,that not only come from the misinformation campaigns and other attacks, but there's real value with intellectual property. This is the report you put out. Your thoughts? >> There's very much an active conflict going on in the economic sphere, and that's certainly an excellent point. I think one of the most important things that most of the world doesn't quite understand yet, but our adversaries certainly understand, is that wars are fought for usually, just a few reasons. And there's a lot of different justification that goes on. But often it's for economic benefit. And if you look at human history, and you look at modern history, a lot of wars are fought for some form of economic benefit, often in the form of territory, et cetera, but in the modern age, information can directly and very quite obviously translate into economic benefit. And so when you're bleeding information, you're really bleeding money. And when I say information, again, it's a broad word, but intellectual property, which our definition, here at INVNT/IP is quite broad too, is incredibly valuable. And so if you have an adversary that's consistently removing intellectual property from what I would call our information ecosystem, and our business ecosystem, we're losing a lot of economic value there, and that's what wars are fought over. And so to pretend that this conflict is inactive, and to pretend that the underlying economy and economic strength that is bolstered or created by intellectual property isn't critical would be silly. And so I think we need to look at those kinds of dynamics and the kind of Gerasimov Doctrine, and the essential doctrine of unrestricted warfare that came out of the People's Republic of China are focused on avoiding kinetic conflict while succeeding at the kinds of conflict that are more preferable, particularly in an asymmetric environment. So that's what we're dealing with. >> Mark and Phil, people waking up to this reality are certainly. People in the know are that I talk to, but generally speaking across the board, is this a woke moment for tech? This Armageddon now or later? >> Woke moment for politicians not for tech, I think. I'm sure Phil would agree with this, but the old guard, go back to when Keith was running the NSA. But at that time, there was a very clear distinction between military and economic security. And so when you said security, that meant military. And now all the rules have changed. All the ways CFIUS works in the United States have changed. The legislation is changing, and now if you want to talk about security, most major nations equate economic security with national security. And that wasn't true 10 years ago. >> That's a great point. That's really profound, I totally agree. Phil. >> I think you're seeing a change in realization in Washington about this. I mean, if you look at the cybersecurity strategy of 2018, it specifically says that we're going to be moving from a posture of active defense to one of defending forward. And we can get into the discussion about what those words mean, but the way I usually boil down is it means, going from defending, but maybe a little bit forward, to actually going out and making sure that our interests are protected. And the reason why that's important, and we're talking about offense versus defense here, obviously the reason why, from what Mark was saying, if they're already in the networks, and they haven't actually done anything, it's because they're afraid of what that offensive response could be. So it's important that we selectively demonstrate what costs we could impose on different actors for different kinds of actions, especially knowing that they're already operating inside of our network. >> That's a great point. I mean, I think that's again another profound statement because it's almost like the pin in the grenade. Once they pull it, the damage is done. Again, back to our theme, Armageddon, now or later? What's the answer to this, guys? Is it the push to policy conversation and the potential consequences higher? Get that narrative going. Is it more technical protection in the networks? What's some of the things that people are talking about and thinking about around this? >> And it's really all of the above. So the tough part about this for any society and for our society is that it's expensive to live in a world with this much insecurity. And so when these kind of low-level conflicts are going on, it costs money and it costs resources. And companies had to deal with that. They spent a long time trying to dodge security costs, and now particularly with the advent of new law like the GDPR in Europe, it's becoming untenable not to spend that defensive money, even as a company, right? But we also are looking at a deepening to change policy. And I think there's been a lot of progress made. Mark mentioned the CFIUS reforms. There are a lot of different essentially games of Whack-A-Mole being played all around the world right now figuring out how to chase these security problems that we let go too long, but there's many, many, many fronts that we need to-- >> Whack-A-Mole's a great example. The visualization of that is just horrendous. You know, not the ideal scenario. But I got to get your point on this, because one of the things that comes up all the time in our conversations in theCUBE is, the government's job is to protect our securities. So again, if someone came in, and invaded my town in Palo Alto, it's not my responsibility to fight for the town. Maybe defend my own house. But if I'm a company being attacked by Russia, or China or Iran, isn't it the government's responsibility to protect me as a citizen and the company doing business there? So again, this is kind of the confusion that people have. If somebody's going to defend their hack, I certainly got to put security practices in place. This is new ground for the government, digitally speaking. >> When we started this INVNT/IP project, it was about seven years ago. And I was told by a very smart guy in D.C. that our greatest challenge was going to be American corporations, global corporations. And he was absolutely right. Literally in this fight to protect intellectual property, and to protect the welfare even of corporations, our greatest enemies so far have been American corporations. And they lobby hard for China, while China is busy stealing from them, and stealing from their company, and stealing from their country. All that stuff's going on, on a daily basis and they're in D.C. lobbying in favor of China. Don't do anything to make them mad. >> They're getting their pockets picked at the same time. And they're trying to do business in China. They're getting their pockets picked. That's what you're saying. >> They're going for the quarterly earnings report and that's all. >> So the problem is-- >> Yeah so-- >> The companies themselves are kind of self-inflicted wounds here for them. >> Yes. >> Yeah, just to add to that, on this note, there have been some... Business to settle interest. And this is something you're seeing a little bit more of. There's been legislation through CFIUS and things like that. There have been reforms that discourage the flow of Chinese money in the Silicon Valley. And there's actually a measurable difference in that. Because people just don't want to deal with the paperwork. They don't want to deal with the reputational risk, et cetera, et cetera. And this is really going to be the key challenge, is having policy makers not only that are interested in addressing this issue, because not all of them are even convinced it's a problem, if you can believe it or not, but having them interested and then having them understand the issue in a way that the legislation can actually be helpful and not get in the way of things that we value, such as innovation and entrepreneurialism and things like that. So it's going to take sophisticated policy-making and providing incentives so that companies actually want to participate and helping to make America safer. >> You're so right about the politicians. Capitol Hill's really not educated. I mean I tell my kids, and they ask the same questions, just look at Mark Zuckerberg and Sundar Pichai present to the government. They don't even know what an Android phone versus an iPhone is, nevermind what the Internet, and how this global economy works. This has become a makeup problem of the personnel in Capitol Hill. You guys see any movement? I'm seeing some change with a new guard, a new generation of younger people coming in. Certainly from the military, that's an easy when you see people get this. But a new generation of young millennials who are saying, "Hey, why are we doing this the old way?" and actually becoming more informed. Not being the lawyer at law-making. It's actually more technically savvy. Is there any movement, any bright hope there? >> I think there's a little hope in the sense that at a time when Congress has trouble keeping the lights on, they seem to have bipartisan agreement on this set of issues that we're talking about. So, that's hopeful. You know, we've seen a number of strongly bipartisan issues supported in Congress, with the Senate, with the House, all agreeing that this is an issue for us all, that they need to protect the country. They need to protect IP. They need to extend the definition of security. There's no argument there. And that's a very strange thing in today's D.C. to have no argument between the parties. There's no error between the GOP and the Democrats as far as I can tell. They seem to all agree on this, and so it is hopeful. >> Freedom has its costs and I think this is a new era of modern freedom and warfare and protection and all these dynamics are changing, just like Cloud 2.0 is changing application developers. Guys, this is a really important topic. Thank you so much for coming on, appreciate it. Love to do a follow-up on this again with you guys. Thanks for sharing your insight. Some great, profound statements there, appreciate it. Thank you very much. >> Thank you. >> Thanks for having us. >> It's been a CUBE Power Panel here from Palo Alto, California with Evan Anderson, Mark Anderson, and Phil Lohaus. Thank you guys for coming on. Power Panel: The Next Battleground in Industrial IoT. Security is a big part of it. Thanks for watching, this has been theCUBE. (energetic music)

>> Narrator: Live from Las Vegas, it's theCUBE covering AWS re:Invent 2017. Presented by AWS, Intel, and our ecosystem of partners. (techno music) >> Welcome back to The Sands. We are live here in Las Vegas as theCUBE continues our coverage of re:Invent. Still a jam packed show floor, it was like that yesterday. Talking about 42 to 45,000 attendees. I don't thing anybody's left the place yet. It's that kind of excitement that is certainly built within this community, so hats off to AWS for putting on such a great show. Along with Stu Miniman, I'm John Walls. We're now joined by Alok Ojha, who is the senior product manager and the lead for container security at CloudPassage. Alok, good to see you, Sir. >> Good to be here. >> Welcome to kind of breaking your maiden here on theCUBE, right, first time? >> Alok: First time here, yes, and super excited to be here. >> We're glad to have you, been talking about all kinds of fascinating things, gaming and security, we might get into that a little bit later on. First off, tell us a little bit about CloudPassage. I know you've only been there a short period of time, so, not only what it does, but what you're doing there. >> Great, great, so, CloudPassage is a cloud security, a cloud application security, infrastructure security company. We help our customers secure their workloads, whether they're running on servers, bare metal servers or VMs, and now yesterday we actually made an announcement around container security, so we now support containers as well. >> John: Alright, so go into that a little bit. I know you're pretty excited about that. >> Yeah, yeah we're pumped about it. So what we're hearing from our customers is that they have been using us to secure their workloads today whether it's running on Amazon, Azure, Google, their own data center, it doesn't really matter. What they're really looking for is one single platform that helps them secure and be compliant across the board. The next step in that direction of evolution is to have support for containers. And we announced the support for container security. We call it, pretty smartly, CloudPassage Container Secure. >> John: How long did it take you to come up with that, that must have been? >> Took us a million dollars to actually find somebody to get the idea. So we announced that yesterday, we are seeing a lot of excitement in our customer base. We actually had a pretty exciting beta as well where we had 10-plus Fortune 1,000 companies participating and a good chunk of them are actually looking at getting on board and using Container Secure. >> Alok, I want you to step back for a second. Security's been going through massive renaissance. It feels every few years there's always discussion, oh we're going to change the security model, but especially with DevOps. One of the main changes, I've talked to my friends that are developers, you read the literature, it's DevOps forces some of those changes in security and while it's one of the challenges, it's really one of the huge opportunities. Maybe talk about your thoughts on that. You've been in this industry a while. I think it's one of the reasons that brought you on to CloudPassage. >> Alok: I'll actually take multiple steps back because I kind of look from a broad perspective. So, when I look at trends, to me it's more about what's happening and how are the lives of people changing when it comes to people, process, and technology, right? So I'll start with tech. If you look at tech, there are three major changes that are relevant to our customers. On the infrastructure side, we have seen customers using servers, moving to containers, moving to surface architecture, right? And in between, there was this massive shift that happened between customers moving from pure place servers to VMs and there was huge concern about, hey, how do we handle security for VMs? Now we are past that and now the next wave of questions and concerns are around how do you secure your containers running across your infrastructure? The second piece is people used commercial, off the shelf software and that's moving on, but companies like Amazon providing services like databases, we had a huge set of announcements from Mandy Jesse today in the morning about databases and some interesting comments made there. So, we have seen trends in that direction. We're also seeing a trend that people are building monolithic applications and now they're breaking it apart and building micro services. Now because of these major tech changes, we are seeing significant changes on the people process side, which is what you're talking about. So you had people structured as IT, operations and IT security, buying commercial software, providing security and compliance based on it and driving business. It changed, as Mark Anderson said, software is eating the world, and as a result, you're seeing more developers getting hired by organizations, building softwares fast, delivering it to meet their respective customer needs, and as a result, there's a major shift happening driven by technology, as well as needs from the customer where now we're looking at Ops and DevSecOps. >> I want you to bring us inside a little bit, that container security discussion. Remember back, kinda two years ago, it was like, oh, containers aren't secure, shove 'em in a VM, no, you don't want to do that. Oh, maybe the isolation of containers actually will give us an opportunity. So what is the state of security? What is your company doing? What's special about the offering you have? And how does that fit in with kind of what Amazon's doing, the open source piece, I mean it's a big, hairy ball there, but yeah? >> It's interesting, so what we're seeing on the container side, the reason why the industry is using containers is because it simplifies deployment. You build your application, mostly images, and it becomes easier to deploy them. Doesn't matter where you're deploying them, which infrastructure it is, who owns it, doesn't really matter. But from a security standpoint, there's a huge benefit that Docker provides as well, which is the whole name space operation across processes, networks, so on and so forth. But the key challenge that we see is because Docker has inherent security, it's not still good enough. So, if you look at the images themselves that the developers are building, the images could have embedded secrets in them. They could have vulnerable packages in them. And you could have images that are getting deployed in production that are not authorized images. So you have to be kind of watchful of those things. You look at the container run time, you have to be aware of the configurations the container has. Are they privileged? Are they read-only? Are there configuration drifts happening on the containers? At the same time, you have to look at the third pillar, which is the Docker host on which the container is running, because containers are only as secure as the underlying operating system, the host. >> Where does the container strategy fit in with the holistic security that companies need to look at? >> Alok: As I said earlier, our customers are looking for one platform where they can secure the host, the virtual machines, and the containers, and our strategy is solely focused on that. Going from VMs to containers and you're also looking at supporting several less end services. >> I was kind of kidding there off the top when I said, we're talking about gaming, we're talking about all kinds of things here. We were talking about that, but on a different plane, about generations. You said, yeah, as a parent, we have different problems, but they're the same problems. So in the security world, you have the same nature of problems, but the magnitudes may be changed. So what do you think the next generation of security issues, what is that going to be? And how do you think your colleagues and you at CloudPassage are going to have to address that? >> That's a great question. The trend that we are seeing, and I think a couple of years from now what's gonna happen is the IT security organization is gonna go through a major transformation, right? Software is eating the world, and as a result, DevOps is going to become front and center of what's gonna happen. If I'm a VPO for application development, I would like to have both DevOps and security part of the entire process because I, as a business owner, I am accountable for the brand, the use case and the problems I'm solving for my customers, but at the same time, meeting security and compliance requirements. So security and compliance as a problem is still the same, but how people are building and delivering software, where they're doing it, what infrastructure they're actually running on, as to complexity, as to scalability problems, and last but not least, because you're looking at big-scale, automation is key. >> Look, I'm curious how IOT fits into this. I hear surface area, magnitude, you know, huge kind of threat when it comes to security. >> So we don't do much in the IOT space. But I think what's happening is customers who are looking at using IOT for their infrastructure, they're using more and more of microservices and containers to deliver that service, which is where we come in. We are seeing, as they're adopting IOT and delivering services using IOT, tracking trucks, devices, and those pieces across their network, we are the vendor of choice when it comes to securing those pieces of infrastructure as well as virtual machines and hosts they are running on. >> What kind of customer interactions are you having here? What are kind of some of the top issues that are driving customers to your booth and challenges that they're looking to solve? >> Customers are coming to us, saying, hey, we have a mandate, the IOT security guys and the DevOps guys are saying, from the business perspective, we have a mandate to deliver software fast, we have to meet our customer needs and stay ahead and up our game every day. In order to do that, you have to look at how you move security to the left of the DevOps pipeline. So customers are coming to us and asking, how do you fix that? How do you help us meet those needs that we have? How do I secure my workload? How do I move security to the left on the DevOps pipeline? And while doing all of that, be continuously compliant? And we're having so many conversations on these topics with our customers and containers happens to be front and center of that. >> You said you've been five months at CloudPassage? What was, in your mind, the most attractive element that pulled you in, and what do you see then, as you've created this business from scratch, what little bumps are you hitting along the way in your work, forget your clients, I mean for you, what you have to handle when you are trying to create this whole new enterprise within a system? >> It's a great question, so when I looked at CloudPassage, I was looking for two things. One from a market perspective, I clearly believed in what CloudPassage was doing back then when I was looking at them, and they still continue to do that, which is enterprise IT is going through a significant change and DevOps and DevSecOps is becoming front and center. And CloudPassage is solely focused on that. So it's a big check for me, from a market trend standpoint. At the same time, it's a great team, great people. So I came in with a mandate to actually build and define the container security product which we announced yesterday. Moving forward, I think in terms of bumps, it's interesting as a start-up, which areas do we focus on? Because you look at containers, customers are talking about a very broad spectrum. I mean security container run time, but they're also talking about microsegmentation and different pieces, but what we're finding in general, is that customers are still figuring out how to use Docker, how to containerize their application. And the challenge that we are facing and we are focused is you have to solve the problem across visibility, you know, use cases across the platform, be it VMs or containers, instead of going too deep vertically on the container side alone. So we are going broad, helping meet the needs of our customers as they're deploying it today. >> I'd love to hear your viewpoint, what's it like being in the AWS ecosystem these days? >> It's amazing, I mean the rate at which these guys are innovating, developers are adapting, they have the eyes and the ears of the developers. What that means is DevOps is going to speed up. What is also means is the use of infrastructures is going to speed up. What it means for us is our customers are going to be requiring means to secure and be compliant with the various regulations as they're deploying the software and containerizing different applications as they're deploying ECS, well moving forward maybe ETS, and we are the vendor of choice to help them get there. >> I think it means good news. >> Great news, yes. >> Well, congratulations on the news yesterday. And we certainly wish you all the well, all the continued success down the road. >> Thank you. >> John: I know five months probably felt like five days, right it's been flying by for ya? >> Of course. >> John: Good luck. >> Thank you. >> Thanks Alok, we're back with more here from re:Invent. AWS putting on the show here in Las Vegas. We're in The Sands and we're live here on theCUBE. Back with more in a bit. (techno music)