>>And welcome back to the cubes coverage of AWS summit public sector here live in Washington, DC, where we're actually having a physical event, but also broadcasting to a hybrid audience digitally. I'm John, your hosted, like you've got a great panel here. Martin Rieger's chief solutions, officer stack armor, the thin poli who's with Splunk group vice president of partner go to market Americas and public sector, and Troy Bertram, vice president sales, a telos. Good to see you guys. Thanks for coming on. It's great to be. So you guys stuck on them to have a great solution on AWS called faster. Okay. Which is nice name what's what's it all about? >>So faster is about getting cloud service providers to an authorization, to operate with the federal government, uh, basically as fast as possible. It is the collection of threat alert, which is a fed ramp designed solution and boundary solution. That includes all those key security stack components. Uh, primarily our partners over at Splunk and telos. Uh, those products are scripted, streamlined, and designed to get customers there as fast as possible in a compliant manner. >>I love the acronym fast tr faster on AWS. Uh, how did you guys come up with the threat alerts concept? What did, what's this all about? How did it all come together? >>Uh, threat alert was, was born out of one of our primary services, which is migration and, uh, for roughly about a five-year stretch migrating federal agency systems, um, to Amazon, both east, west and gov cloud, uh, we recognized quickly that there was a need to include a security stack of common components, such as vulnerability scanning, uh, security incident event monitoring, uh, as well as a number of other key components designed around the continuous monitoring aspect of it. And so we quickly realized that, you know, the packaging of this solution and putting together a dashboard that allows us to tie everything in, uh, deploy very, very quickly through infrastructure as a code, um, was a vehicle that could help, uh, our customers and CSPs as well as agencies get through the FedRAMP ATO process. Um, quickly >>Talk about the relationship with Splunk and telos. How's this all connecting with? Just what's your role? >>Yeah, so really with the support of NIST and the new Oscar standard, which I'm going to make sure I get the acronym right. Open securities controls, assessment language, or asked gal, um, with our release of Exacta and automation of the compliance standards working with, and the framework, we've been able to look at best of breed partners in the industry, and it is all around acceleration of how can we move faster to deliver the end customer, the controls they need and want in a secure compliant manner. Um, and as someone that served in the government, right, it's, it's passion for the mission. And that's really what brought the three companies together >>And my opinion, by the way, congratulations on Telus going public. You guys do a lot of great cyber work. Congratulations. Now that data is the heart of this. I mean, Splunk that's all you guys do is think about data. How do you guys connect into, into the product? >>Well, it's exactly that really providing that data platform, then they analytics capability to enable the subject matter experts to bring the data to life. Right. And that's what we, that's why these partnerships are so important to Splunk because, uh, they have the subject matter expertise and can really leverage the power of the data platform to provide services to customers. >>Yeah. One of the big trends that's kind of underreported, in my opinion, is that partnerships required to kind of get the cyber security equation, right? This is a huge trend. People are sharing, but also working together. How, how do you guys see that evolving? Because you know, there has to be an openness around the data. There has to be more open solutions. How do you guys see that evolving? Um, >>Well you kind of hit the hammer on the heads. Splunk is, is essentially the heart and soul of our auditing logging and continuous monitoring piece. Um, in terms of, of the relationships and how we all work together. We we've evolved now to a point where we are able to pre-stage customers well in advance. Um, and in working with our partners, uh, tell us on Splunk. By the time we get started with a customer, we, we reduced the amount of time this takes, uh, on average by 40%, um, and even faster with the exact piece because, uh, as, as Troy kind of mentioned, the OSC gal component, um, is the future of accreditation. And it's certainly not limited to fed ramp, but that machine language, that XML Yammel Jason code, we've got things to the point where not only are we deploying Splunk in a, in a scripted pre-configured manner to work with our technology, we're also doing the same thing with Exacta. >>So the controls are three documented for everything that we provide, which means we don't have to spend the time going through the process of saying, okay, tell me what you're doing. We already have that down. The other best of breed type components that were mentioned by Troy. Um, it's the same thing, right? So customers, when they show up, they have a security stack that's ready to go. They already have FIPs compliance for encryption. They already have hardening in place so that when, when they approach us, all they've really got to do is deploy their application and close a very small gap in documentation, which we do with Exacta and then auditors can come in, hit the, they can jump, get what they need out of Exacta. And eventually once everyone else catches up to OSC gal, we'll be connecting systems to other systems and just pushing the package, the days of PDFs. And those are almost gone >>As someone that went through, um, achieving an ATO, the paper process and the Excel spreadsheets. It's a nightmare. And you've got sales engineers, you've got solution architects that are spending their time, not focused on delivering mission outcomes or new products and services to our public sector customers, but on the process and the paperwork, >>Can you share order of magnitude the old way, time wasting versus this solution? What's, what's gained cause that's key. This needs a resources when people are >>Every CFO ad in ISV wants to do two things, right? They want to support the sales efforts to move into the federal or state environment, right? We're talking about fed ramp, but state ramp is upon us now. So they want two things. How do I do this at the lowest cost possible limit my resources that are really expensive on the engineering side and how do I shrink the amount of time? So 40% is a very conservative estimate. I believe that we can continue with implementations of Bosco and other ingestation points, especially across government. We can shrink that time, which reduces the cost immensely >>The time savings day. What about the stack? >>But if you want to put it in perspective, right? I've been doing this since the beginning in 2012, and I've stood up three different three pills. I've audited over 200 companies. I've been doing this a long time. And in the beginning it was an average of 12 months just to get someone ready, just to get ready. That didn't include the audit time. So we've evolved to a point now where on average, that's down to 12 weeks. And that was before the inclusion of the exact piece. We were able to shave off four more weeks with that, to the point where we're down to eight weeks and the government is pushing to try to get towards a 30 day ATO. And I think Oscar was the answer for that. And so to give you an idea of where we were to where we are now, we went from 12 months to 12 weeks. >>That's huge. So the data is the key in here. And then you got faster on AWS. Love the name wa how does that compare to other ATO solutions? How do you guys see that comparing a wonder place? >>I think in terms of the other solutions that are available out there, there, there's a couple key things that, that I think the rest of the market is trying to do to catch up. And one of those is the dashboard technology that we have in place integrates directly with Splunk and with Exacta, it pulls in from all the AWS sources that are available in terms of security and information and centralizes it in one spot. And so nobody else is doing that and we've been doing it for years. And this, this to me, OSS gal, and the addition of the exact component was the next evolution. >>Um, on the partnership side, how do you guys see it evolving? What's next >>More continuous monitoring, I think, right. It's not just about a FedRAMP authorization, but continuous monitoring in general for, for all of our public sector. >>That's day two operations continues ongoing AI operations. There's gotta be some machine learning in here somewhere. Is there? >>Yeah. I'll speak to the partnerships a little bit. And I think even back to AWS, right? Why we're here and it's great to be in person is it's around us working together as an industry and companies, right? The authority to operate on AWS, the ATO and AWS was started to bring like-minded companies together to help solve these problems. Yeah. >>I mean, it's a real benefit. It really shows that you can put a stack together, right. And then save time like that 12 months to 12 weeks. That's what cloud's about right now. Then the question is security. Think you should get that right. That is going to be an evolution. What's the vision of the product? >>Um, well, there's two things around that we, we, we talked about, yes, it's, it's planned prepare authorized, right? That is the current fed ramp mantra and post ATO. The continuous monitoring piece is really a core element. But in terms of the future three PAOs, the third-party assessment organizations that, that audit our customers, that, that we're all preparing together. Eventually they're systems, they're all developing audit systems around. And so where we're going is the auditor will connect to Exacta and they will simply over API or whatever calls they make. They will pull all of that audit information control information, which is only going to accelerate this even more. >>Yeah. I mean, the observability, the data, the automation all plays into more speed, more agility, faster, >>And, and meeting all of the standards, right? Whether it's smart Z or it's HIPAA state Ram home in Austin, Texas Tex ramp is, is a thing, right? How do we help each one of these customers with their own compliance or super smart, >>You know, the business model of reduce the steps it takes to do something, make it easier and faster is a good business model. Wow. >>It's not, it's becoming an ecosystem right. In the sense that, um, you know, Oscar has been under development for three years and, and, and stack armor, we've been supporting some components at NIST, but to the point where, uh, once we eliminate the, the traditional paper, you know, word doc XL PDF, um, and get to a point where everything is tied together. But one there's one important aspect to this is that it's all in boundary. So the authorization boundary is that invisible red line. We draw around everything in scope for an audit. And so that, by the way, is another critical component. The Splunk servers are in boundary. The exact servers are in boundary, which is a huge, huge element to this. >>Yeah. Good. Great. To see the spunk partnership, adding value here with telos, good, your cybersecurity expertise, pulling it all together. It's a great solution. >>It is, and great partners to work with, right? And I know that we will have additional solutions and product offerings in the future. >>Martin treadmill, Bethann. Thanks for coming on the queue. Appreciate it. Enjoy the rest of the show. As we wind down day two of cube live coverage in-person event, AWS public sector summit in Washington, DC. This is the cube. We right back after this short break,