>> Announcer: From around the globe, it's theCUBE. With digital coverage of VMworld 2020, brought to you by VMware and its ecosystem partners. >> Welcome back, I'm Stu Miniman. This is theCUBE's coverage of VMworld 2020 of course, happening virtually. And there are certain people that we talk to every year at theCUBE, and this guest, I believe, has been on theCUBE at VMworld more than any others. It's actually not Pat Gelsinger, Eric Herzog. He is the chief marketing officer and vice president of global storage channels at IBM. Eric, Mr. Zoginstor, welcome back to theCUBE, nice to see you. >> Thank you very much, Stu. IBM always enjoys hanging with you, John, and Dave. And again, glad to be here, although not in person this time at VMworld 2020 virtual. Thanks again for having IBM. >> Alright, so, you know, some things are the same, others, very different. Of course, Eric, IBM, a long, long partner of VMware's. Why don't you set up for us a little bit, you know, 2020, the major engagements, what's new with IBM and VMware? >> So, a couple of things, first of all, we have made our Spectrum Virtualize software, software defined block storage work in virtual machines, both in AWS and IBM Cloud. So we started with IBM Cloud and then earlier this year with AWS. So now we have two different cloud platforms where our Spectrum Virtualize software sits in a VM at the cloud provider. The other thing we've done, of course, is V7 support. In fact, I've done several VMUGs. And in fact, my session at VMworld is going to talk about both our support for V7 but also what we're doing with containers, CSI, Kubernetes overall, and how we can support that in a virtual VMware environment, and also we're doing with traditional ESX and VMware configurations as well. And of course, out to the cloud, as I just talked about. >> Yeah, that discussion of hybrid cloud, Eric, is one that we've been hearing from IBM for a long time. And VMware has had that message, but their cloud solutions have really matured. They've got a whole group going deep on cloud native. The Amazon solutions have been something that they've been partnering, making sure that, you know, data protection, it can span between, you know, the traditional data center environment where VMware is so dominant, and the public clouds. You're giving a session on some of those hybrid cloud solutions, so share with us a little bit, you know, where do the visions completely agree? What's some of the differences between what IBM is doing and maybe what people are hearing from VMware? >> Well, first of all, our solutions don't always require VMware to be installed. So for example, if you're doing it in a container environment, for example, with Red Hat OpenShift, that works slightly different. Not that you can't run Red Hat products inside of a virtual machine, which you can, but in this case, I'm talking Red Hat native. We also of course do VMware native and support what VMware has announced with their Kubernetes based solutions that they've been talking about since VMworld last year, obviously when Pat made some big announcements onstage about what they were doing in the container space. So we've been following that along as well. So from that perspective, we have agreement on a virtual machine perspective and of course, what VMware is doing with the container space. But then also a slightly different one when we're doing Red Hat OpenShift as a native configuration, without having a virtual machine involved in that configuration. So those are both the commonalities and the differences that we're doing with VMware in a hybrid cloud configuration. >> Yeah. Eric, you and I both have some of those scars from making sure that storage works in a virtual environment. It took us about a decade to get things to really work at the VM level. Containers, it's been about five years, it feels like we've made faster progress to make sure that we can have stateful environments, we can tie up with storage, but give us a little bit of a look back as to what we've learned and how we've made sure that containerized, Kubernetes environments, you know, work well with storage for customers today. >> Well, I think there's a couple of things. First of all, I think all the storage vendors learn from VMware. And then the expansion of virtual environments beyond VMware to other virtual environments as well. So I think all the storage vendors, including IBM learned through that process, okay, when the next thing comes, which of course in this case happens to be containers, both in a VMware environment, but in an open environment with the Kubernetes management framework, that you need to be able to support it. So for example, we have done several different things. We support persistent volumes in file block and object store. And we started with that almost three years ago on the block side, then we added the file side and now the object storage side. We also can back up data that's in those containers, which is an important feature, right? I am sitting there and I've got data now and persistent volume, but I got to back it up as well. So we've announced support for container based backup either with Red Hat OpenShift or in a generic Kubernetes environment, because we're realistic at IBM. We know that you have to exist in the software infrastructure milieu, and that includes VMware and competitors of VMware. It includes Red Hat OpenShift, but also competitors to Red Hat. And we've made sure that we support whatever the end user needs. So if they're going with Red Hat, great. If they're going with a generic container environment, great. If they're going to use VMware's container solutions, great. And on the virtualization engines, the same thing. We started with VMware, but also have added other virtualization engines. So you think the storage community as a whole and IBM in particular has learned, we need to be ready day one. And like I said, three years ago, we already had persistent volume support for block store. It's still the dominant storage and we had that three years ago. So for us, that would be really, I guess, two years from what you've talked about when containers started to take off. And within two years we had something going that was working at the end user level. Our sales team could sell our business partners. As you know, many of the business partners are really rallying around containers, whether it be Red Hat or in what I'll call a more generic environment as well. They're seeing the forest through the trees. I do think when you look at it from an end user perspective, though, you're going to see all three. So, particularly in the Global Fortune 1000, you're going to see Red Hat environments, generic Kubernetes environments, VMware environments, just like you often see in some instances, heterogeneous virtualization environments, and you're still going to see bare metal. So I think it's going to vary by application workload and use case. And I think all, I'd say midsize enterprise up, let's say, $5 billion company and up, probably will have at least two, if not all three of those environments, container, virtual machine, and bare metal. So we need to make sure that at IBM we support all those environments to keep those customers happy. >> Yeah, well, Eric, I think anybody, everybody in the industry knows, IBM can span those environments, you know, support through generations. And very much knows that everything in IT tends to be additive. You mentioned customers, Eric, you talk to a lot of customers. So bring us inside, give us a couple examples if you would, how are they dealing with this transition? For years we've been talking about, you know, enabling developers, having them be tied more tightly with what the enterprise is doing. So what are you seeing from some of your customers today? >> Well, I think the key thing is they'd like to use data reuse. So, in this case, think of a backup, a snap or replica dataset, which is real world data, and being able to use that and reuse that. And now the storage guys want to make sure they know who's, if you will, checked it out. We do that with our Spectrum Copy Data Management. You also have, of course, integration with the Ansible framework, which IBM supports, in fact, we'll be announcing some additional support for more features in Ansible coming at the end of October. We'll be doing a large launch, very heavily on containers. Containers and primary storage, containers in hybrid cloud environments, containers in big data and AI environments, and containers in the modern data protection and cyber resiliency space as well. So we'll be talking about some additional support in this case about Ansible as well. So you want to make sure, one of the key things, I think, if you're a storage guy, if I'm the VP of infrastructure, or I'm the CIO, even if I'm not a storage person, in fact, if you think about it, I'm almost 70 now. I have never, ever, ever, ever met a CIO who used to be a storage guy, ever. Whether I, I've been with big companies, I was at EMC, I was at Seagate Maxtor, I've been at IBM actually twice. I've also done seven startups, as you guys know at theCUBE. I have never, ever met a CIO who used to be a storage person. Ever, in all those years. So, what appeals to them is, how do I let the dev guys and the test guys use that storage? At the same time, they're smart enough to know that the software guys and the test guys could actually screw up the storage, lose the data, or if they don't lose the data, cost them hundreds of thousands to millions of dollars because they did something wrong and they have to reconfigure all the storage solutions. So you want to make sure that the CIO is comfortable, that the dev and the test teams can use that storage properly. It's a part of what Ansible's about. You want to make sure that you've got tight integration. So for example, we announced a container native version of our Spectrum Discover software, which gives you comprehensive metadata, cataloging and indexing. Not only for IBM's scale-out file, Spectrum Scale, not only for IBM object storage, IBM cloud object storage, but also for Amazon S3 and also for NetApp filers and also for EMC Isilon. And it's a container native. So you want to make sure in that case, we have an API. So the AI software guys, or the big data software guys could interface with that API to Spectrum Discover, let them do all the work. And we're talking about a piece of software that can traverse billions of objects in two seconds, billions of them. And is ideal to use in solutions that are hundreds of petabytes, up into multiple exabytes. So it's a great way that by having that API where the CIO is confident that the software guys can use the API, not mess up the storage because you know, the storage guys and the data scientists can configure Spectrum Discover and then save it as templates and run an AI workload every Monday, and then run a big data workload every Tuesday, and then Wednesday run a different AI workload and Thursday run a different big data. And so once they've set that up, everything is automated. And CIOs love automation, and they really are sensitive. Although they're all software guys, they are sensitive to software guys messing up the storage 'cause it could cost them money, right? So that's their concern. We make it easy. >> Absolutely, Eric, you know, it'd be lovely to say that storage is just invisible, I don't need to think about it, but when something goes wrong, you need those experts to be able to dig in. You spent some time talking about automation, so critically important. How about the management layer? You know, you think back, for years it was, vCenter would be the place that everything can plug in. You could have more generalists using it. The HCI waves were people kind of getting away from being storage specialists. Today VMware has, of course vCenter's their main estate, but they have Tanzu. On the IBM and Red Hat side, you know, this year you announced the Advanced Cluster Management. What's that management landscape look like? How does the storage get away from managing some of the bits and bytes and, you know, just embrace more of that automation that you talked about? >> So in the case of IBM, we make sure we can support both. We need to appeal to the storage nerd, the storage geek if you will. The same time to a more generalist environment, whether it be an infrastructure manager, whether it be some of the software guys. So for example, we support, obviously vCenter. We're going to be supporting all of the elements that are going to happen in a container environment that VMware is doing. We have hot integration and big time integration with Red Hat's management framework, both with Ansible, but also in the container space as well. We're announcing some things that are coming again at the end of October in the container space about how we interface with the Red Hat management schema. And so you don't always have to have the storage expert manage the storage. You can have the Red Hat administrator, or in some cases, the DevOps guys do it. So we're making sure that we can cover both sides of the fence. Some companies, this just my personal belief, that as containers become commonplace while the software guys are going to want to still control it, there eventually will be a Red Hat/container admin, just like all the big companies today have VMware admins. They all do. Or virtualization admins that cover VMware and VMware's competitors such as Hyper-V. They have specialized admins to run that. And you would argue, VMware is very easy to use, why aren't the software guys playing with it? 'Cause guess what? Those VMs are sitting on servers containing both apps and data. And if the software guy comes in to do something, messes it up, so what have of the big entities done? They've created basically a virtualization admin layer. I think that over time, either the virtualization admins become virtualization/container admins, or if it's a big enough for both estates, there'll be container admins at the Global Fortune 500, and they'll also be virtualization admins. And then the software guys, the devOps guys will interface with that. There will always be a level of management framework. Which is why we integrate, for example, with vCenter, what we're doing with Red Hat, what we do with generic Kubernetes, to make sure that we can integrate there. So we'll make sure that we cover all areas because a number of our customers are very large, but some of our customers are very small. In fact, we have a company that's in the software development space for autonomous driving. They have over a hundred petabytes of IBM Spectrum Scale in a container environment. So that's a small company that's gone all containers, at the same time, we have a bunch of course, Global Fortune 1000s where IBM plays exceedingly well that have our products. And they've got some stuff sitting in VMware, some such sitting in generic Kubernetes, some stuff sitting in Red Hat OpenShift and some stuff still in bare metal. And in some cases they don't want their software people to touch it, in other cases, these big accounts, they want their software people empowered. So we're going to make sure we could support both and both management frameworks. Traditional storage management framework with each one of our products and also management frameworks for virtualization, which we've already been doing. And now management frame first with container. We'll make sure we can cover all three of those bases 'cause that's what the big entities will want. And then in the smaller names, you'll have to see who wins out. I mean, they may still use three in a small company, you really don't know, so you want to make sure you've got everything covered. And it's very easy for us to do this integration because of things we've already historically done, particularly with the virtualization environment. So yes, the interstices of the integration are different, but we know here's kind of the process to do the interconnectivity between a storage management framework and a generic management framework, in, originally of course, vCenter, and now doing it for the container world as well. So at least we've learned best practices and now we're just tweaking those best practices in the difference between a container world and a virtualization world. >> Eric, VMworld is one of the biggest times of the year, where we all get together. I know how busy you are going to the show, meeting with customers, meeting with partners, you know, walking the hallways. You're one of the people that traveled more than I did pre-COVID. You know, you're always at the partner shows and meeting with people. Give us a little insight as to how you're making sure that, partners and customers, those conversations are still happening. We understand everything over video can be a little bit challenging, but, what are you seeing here in 2020? How's everybody doing? >> Well, so, a couple of things. First of all, I already did two partner meetings today. (laughs) And I have an end user meeting, two end user meetings tomorrow. So what we've done at IBM is make sure we do a couple things. One, short and to the point, okay? We have automated tools to actually show, drawing, just like the infamous walk up to the whiteboard in a face to face meeting, we've got that. We've also now tried to make sure everybody is being overly inundated with WebEx. And by the way, there's already a lot of WebEx anyway. I can think of meeting I had with a telco, one of the Fortune 300, and this was actually right before Thanksgiving. I was in their office in San Jose, but they had guys in Texas and guys in the East Coast all on. So we're still over WebEx, but it also was a two and a half hour meeting, actually almost a three hour meeting. And both myself and our Flash CTO went up to the whiteboard, which you could then see over WebEx 'cause they had a camera showing up onto the whiteboard. So now you have to take that and use integrated tools. One, but since people are now, I would argue, over WebEx. There is a different feel to doing the WebEx than when you're doing it face to face. We have to fly somewhere, or they have to fly somewhere. We have to even drive somewhere, so in between meetings, if you're going to do four customer calls, Stu, as you know, I travel all over the world. So I was in Sweden actually right before COVID. And in one day, the day after we had a launch, we launched our new Flash System products in February on the 11th, on February 12th, I was still in Stockholm and I had two partner meetings and two end user meetings. But the sales guy was driving me around. So in between the meetings, you'd be in the car for 20 minutes or half an hour. So it connects different when you can do WebEx after WebEx after WebEx with basically no break. So you have to be sensitive to that when you're talking to your partners, sensitive of that when you're talking to the customers sensitive when you're talking to the analysts, such as you guys, sensitive when you're talking to the press and all your various constituents. So we've been doing that at IBM, really, since the COVID thing got started, is coming up with some best practices so we don't overtax the end users and overtax our channel partners. >> Yeah, Eric, the joke I had on that is we're all following the Bill Belichick model now, no days off, just meeting, meeting, meeting every day, you can stack them up, right? You used to enjoy those downtimes in between where you could catch up on a call, do some things. I had to carve out some time to make sure that stack of books that normally I would read in the airports or on flights, everything, you know. I do enjoy reading a book every now and again, so. Final thing, I guess, Eric. Here at VMworld 2020, you know, give us final takeaways that you want your customers to have when it comes to IBM and VMware. >> So a couple of things, A, we were tightly integrated and have been tightly integrated for what they've been doing in their traditional virtualization environment. As they move to containers we'll be tightly integrated with them as well, as well as other container platforms, not just from IBM with Red Hat, but again, generic Kubernetes environments with open source container configurations that don't use IBM Red Hat and don't use VMware. So we want to make sure that we span that. In traditional VMware environments, like with Version 7 that came out, we make sure we support it. In fact, VMware just announced support for NVMe over Fibre Channel. Well, we've been shipping NVMe over Fibre Channel for just under two years now. It'll be almost two years, well, it will be two years in October. So we're sitting here in September, it's almost been two years since we've been shipping that. But they haven't supported it, so now of course we actually, as part of our launch, I pre say something, as part of our launch, the last week of October at IBM's TechU it'll be on October 27th, you can join for free. You don't need to attend TechU, we'll have a free registration page. So just follow Zoginstor or look at my LinkedIns 'cause I'll be posting shortly when we have the link, but we'll be talking about things that we're doing around V7, with support for VMware's announcement of NVMe over Fibre Channel, even though we've had it for two years coming next month. But they're announcing support, so we're doing that as well. So all of those sort of checkbox items, we'll continue to do as they push forward into the container world. IBM will be there right with them as well because we know it's a very large world and we need to support everybody. We support VMware. We supported their competitors in the virtualization space 'cause some customers have, in fact, some customers have both. They've got VMware and maybe one other of the virtualization elements. Usually VMware is the dominant of course, but if they've got even a little bit of it, we need to make sure our storage works with it. We're going to do the same thing in the container world. So we will continue to push forward with VMware. It's a tight relationship, not just with IBM Storage, but with the server group, clearly with the cloud team. So we need to make sure that IBM as a company stays very close to VMware, as well as, obviously, what we're doing with Red Hat. And IBM Storage makes sure we will do both. I like to say that IBM Storage is a Switzerland of the storage industry. We work with everyone. We work with all these infrastructure players from the software world. And even with our competitors, our Spectrum Virtualized software that comes on our Flash Systems Array supports over 550 different storage arrays that are not IBM's. Delivering enterprise-class data services, such as snapshot, replication data, at rest encryption, migration, all those features, but you can buy the software and use it with our competitors' storage array. So at IBM we've made a practice of making sure that we're very inclusive with our software business across the whole company and in storage in particular with things like Spectrum Virtualize, with what we've done with our backup products, of course we backup everybody's stuff, not just ours. We're making sure we do the same thing in the virtualization environment. Particularly with VMware and where they're going into the container world and what we're doing with our own, obviously sister division, Red Hat, but even in a generic Kubernetes environment. Everyone's not going to buy Red Hat or VMware. There are people going to do Kubernetes industry standard, they're going to use that, if you will, open source container environment with Kubernetes on top and not use VMware and not use Red Hat. We're going to make sure if they do it, what I'll call generically, if they use Red Hat, if they use VMware or some combo, we will support all of it and that's very important for us at VMworld to make sure everyone is aware that while we may own Red Hat, we have a very strong, powerful connection to VMware and going to continue to do that in the future as well. >> Eric Herzog, thanks so much for joining us. Always a pleasure catching up with you. >> Thank you very much. We love being with theCUBE, you guys do great work at every show and one of these days I'll see you again and we'll have a beer. In person. >> Absolutely. So, definitely, Dave Vellante and John Furrier send their best, I'm Stu Miniman, and thank you as always for watching theCUBE. (relaxed electronic music)

>> From the Hard Rock Hotel in Las Vegas, it's theCUBE! Covering HoshoCon 2018! Brought to you by Hosho. >> Okay, welcome back everyone, we're here live in Las Vegas for the first security blockchain conference's inaugural event, HoshoCon, and it's all about the top brains in the industry coming together, with experience and tech chops to figure out the future in security. I'm John Furrier, the host of theCUBE. Our next guest, Andre McGregor, who's the partner and head of global security for TLDR. Welcome to theCUBE, thanks for joining me. >> Thank you for having me. >> So you have a background, we were just talking off-camera, FBI, you've been doing the cyber for a long time, cyber-security, mostly enterprise-grade, large-scale. Now we're in crypto, where you have small set of teams, running massive scale, with money involved. >> Correct. So guess what, money attracts. >> Right. People who want it, want that money. Lot of hacks, $400 million in Japan, plus 60 million over here, you add it all up, there's a billion so far this year, who knows what really the number is, it's pretty big. >> It is, and what's concerning and the reason why I came over in this space was the number of hacks that were happening. My company, we get probably a call a week, whether it's high net worth individuals, CEO, exchanges, we've helped a couple, some that you'd know of if I told you who they were, trying to get out of a very bad situation. And interim response has been big, but what we've learned is that it's the same old fraud, the same old security tactics that are being used against some of these crypto-companies. >> And we've seen it all the time, everyone's had fraud alerts on their credit card, this is like classic blocking and tackling, at a whole 'nother level. >> It is, because if you think about it from, like a traditional start-up, you have a company that's small, they have time to develop their MVP, they go out and do maybe a seed round, friends and family, they're sort of ramping up over time, whereas we basically flipped the model upside-down, the same six founders now have $10 million worth of crypto, and they're not protecting it in the ways they think they should, because they're in hyper-growth mode. So the bad guys have determined that as a great place to target, and now as we see in the news, it's actually happening. >> Yeah, and Hartej, the co-founder of Hosho, was just one talking about physical security, in the sense of you got to watch out where you go too now, it's not just online security, it's physical security. So start-ups have that kind of fast and loose kind of culture. >> Well, if you think about it, traditional security in corporations, I can put everyone in a building, I have this similar or same network egress points, I can protect those, I can do the gates, guards, guns, perimeters around, but I got people working from home now in the crypto space, everyone's got their own setup. If someone's in an audience, they say oh, I've been in the blockchain space since 2010 or 11, I can make assumptions about them, about their financial worth, and other people are doing the same, but having nefarious reasons. >> Yeah, you connected the dots okay, it was $0.22 in 2011, so therefore, if they had kept a little bit of Bitcoin-- >> They would be doing very well. >> They're a target. >> Therefore, they're a target now. So when you think about it, you put all those scams together, it becomes sort of a hot topic for-- >> I just got into crypto. (laughs) >> Good answer, good answer. >> Alright, so let's talk about this security hack. Because obviously, in the enterprise tech, we cover a lot of those events across the year. IoT Edge is a huge topic, cloud computing booming, so now you have a lot of compute, which is good, and for bad actors too. So you have now a service area that's now, no perimeter, there's no egress points to manage. Is there a digital way to kind of map this out, and does blockchain give us any advantages or is there anything on the horizon that you see, where we can, in digital form? >> Well, I mean the true reason I came to the blockchain space, having worked hundreds of victim notifications and several dozen actual intrusions, from large intrusions at banks that are top five in the world, all the way down to small core defense contractors, you realize it's always a server you didn't know about, credentials that had more access than they should, obviously gaining access to a centralized server, that then gets exposed and allows that data to be leaked out. So the idea of blockchain and being able to decentralize, distribute that data, own it, and keep it cryptographically pure, and also being able to essentially remove the single source of failure that we saw in a lot of these hacks is exciting. Obviously, blockchain is also not the answer to everything. So in some ways, the spread sheet is still a spread sheet, and the MongoDB will still be the MongoDB, but-- >> The post-it next to your computer, your private key on it. >> But at the same point in time, it all comes down to cyber-hygiene, right? I mean, the stuff that we're looking at, the hacks that we're seeing, the hacks that I'm dealing with and my company dealing with, day in and day out, are not sophisticated. They may be sophisticated actors, but they're using insophisticated means, and of course, I hate to harp on it, but e-mail is still the number one intrusion vector, we all have it, we all use it. You could take stats from the FBI that says 92%, you could take stats from Verizon that says 93%, but that will be the number one way in. >> And phishing is the classic attack point. >> It will always be, because-- >> It's easy. >> I can manipulate people, I find the right opportunity, I always say even I've been phished. It happens, the way your mind is, it's just how you react, is what we need to teach people. >> It's really clicking on that one thing, that just takes one time. >> Yep. >> A PDF that you think is a document from work, or potentially a job opportunity, a new thing, sports scores, your favorite team, girlfriend, boyfriend, whatever, I mean, you don't know! >> But, I'm going to challenge you on this, you get, you click on that bad link, or you feel like your computer has been hacked, who do you call? Do you actually have someone that you can call? There's no cyber 911. Unless you are a high net worth individual, or being targeted by a nation-state, you're not calling the FBI. So who do you call? And that's a problem that we have in our industry right now. I mean, I guess I've been the person that people have been calling, which is fine, I want to help them. 12 years as a firefighter on top of my FBI career, I'm used to helping people in time of need. But really, in the grand scheme of things, there's not enough Mandiants or Verizons are too big. So for these smaller, six-person companies, that don't have $500,000 to spend on instant response, they actually have no one to call when they actually do click something bad. >> And the people they punch in a call, the ones that aren't actually there to help them. Sometimes they get honey-potted into another vector. >> Sure. >> Which is hey, how can I help you? >> Or I even challenge it a bit further. You call any of these companies when your phone has been hacked, you SIM-swap, whatever it is, and you need to sign a master services agreement, you need to go through all the legalese, while you're actively being hacked. Like, it's happening hour after hour, and you're seeing it, your accounts are being compromised and being taken over, and you're trying to find outside counsel to do redline. So in emergency services, we say, don't exchange business cards at the disaster site. It's not the time that you should be saying hi, I'm introducing myself, we should figure out all the retainers, inter-response, legal questions beforehand, so that at 2:00 in the morning, someone calls, and you have someone pick up the phone. >> Yeah, and you know what the costs are going to be, 'cause it's solve the problem at hand, put out that fire, if you will. Okay, so I got to ask you a question on how do people protect themselves? 'Cause we know Michael Terpin's doing a fireside chat, it's well known that he sued AT&T, he had his phone SIM swapped out, this is a known vector in the crypto community. Most people maybe in the mainstream might not know it. But you know, your phone can be hacked. >> Yes. >> Simple two-factor authentication's not enough. >> Correct. >> What is the state-of-the-art solution for people who want to hold crypto, any meaningful amount, could be casual money, to high net worth individual wants to have a lot of crypto. >> I mean, I spent a good amount of my time talking about custody. We've sort of pivoted off to a new part of our business line, that deals specifically around institutional custody solutions, and helping people get through this particular process. But we all know, especially from that particular case, that SMS compromises, after account takeover of a phone, is high. Hardware tokens are always going to be something that I'm going to, Harp or YubiKey, or something like that, where I'm still having the ability to keep a remote adversary away from being able to attack my system that has my private keys, or whatever high-value data I have on it. But if I think about it at the end of the day, I'm going to need to transfer that risk. I would like to say that we can transfer all risk, but instead for the people that have a lot of crypto, you're going to need to look for a good custody solution, you're going to need to look and trust the team, you're going to need to look and trust the technology they have, and you're going to have to get insurance. Because there are so many vectors, in a certain point in time, we can't go back to the wild west, where we're actually >> The insider job is, is really popular now too. >> It is, but there are ways around the collusion, counterparty, third party risk of ensuring that not one person can take the billion dollars worth of crypto and run away off to Venezuela and never appear again. But again, it comes down to basic hygiene. I ask people, I've surveyed hundreds of people in the crypto space, and I ask simple questions like VPNs, and I'm still getting a third to a half of people are using VPNS. Very simple things that people are not doing. When you looks at password for example, if anyone still has a password under 12 characters, then game over. I mean, there are a variety of ways of hacking them. I can use GPU servers to do them very quickly. I won't go into all the different options that are there. People still-- >> So 12 characters, alphanumeric obviously, with-- >> With special characters as well. >> Special characters. >> But the assumption, let's just make the assumption, that either those passwords have been cracked already, because they've already been dumped, people share passwords, they get used again, and then the entropy is exponentially higher with every single character after 12. So my password's 22 characters, sure it's a pain to type it in, but when you think about it, at the end of the day, when I combine that with a password manager that also has a YubiKey that's a hardware token, and I require that access all the time, then I don't run into the problem that someone's going to compromise a single system to get into multiple systems. >> And then also, I know there's a lot of Google people as well, they're looking at security at the hardware level, down to the firmware. >> Sure, sure. >> There's all kinds of-- >> I mean, obviously, you could use the TPM chip as well, and that's something that we should be better at, as a society. >> So while I got you here, I might as well ask you about the China super micro modchip baseboard management controller, BMC, that was reported in Bloomberg, debunked, Apple and Amazon both came out and said no, that's been confirmed. They shift their story a little bit too, the reality probably there is some mods going on, it's manufactured in China. I mean, it's a zero-margin business going to zero, why not just let the Chinese continue to develop, and have a higher-value security solution somewhere else, that's what some people are discussing, like okay, like the DRAM market was. >> Yep. >> Let the Japanese own that, they did, and then Intel makes the Pentium. Wall Street Journal reported that, Andy Kessler. So the shifts in the industry, certainly China's manufacturing the devices. There's no surprise when you go to China, and if you turn on your iPhone, it says Apple would like to push an update, but that's not Apple, it's a forged certificate, pretty much public knowledge. The DNS is controlled by China, and a certificate, these are things that they can control, that's, this is the new normal. >> It, it-- >> If you know the hardware, you can exploit it. >> We've been dealing with supply-chain issues since Maxtor hard drives in Indonesia. So was I shocked when I hear stories about that? No, I'm sort of scared myself into a corner, working in skiffs over the years and reading the various reports that come out about supply chain poisoning. >> Certainly possible. >> It's happening. I mean, it's just to what extent is still something that may or may not be known to its full extent, but it's something that will happen, always happens, and will continue to happen. And so at a certain point in time, capitalism does step in and says alright, well, guess what, China, the way I see it is, China wants to be a super-power. At a certain point, they know that people are looking at them, and saying we can't trust you. So they're going to clean up their house, just like anyone else. >> It's inevitable for them. >> It is inevitable. Because they need to show that they can be a trusting force, in the world economy. And at the same time, we're going to have competition out there that's essentially going to say, alright, we can actually prove to have a much better, stronger, validated supply chain that you'll use. >> I mean, IoT and blockchain, great solutions for supply chain. >> 100%. >> I mean, so this is where-- >> I mean, we're talking, I mean, I was actually on a plane flying from Phoenix, to Santa Fe, New Mexico, and I was sitting next to a guy, who was just like, I just want to use a blockchain to be able to deal with a supply chain around compromised food. So in the sense that if you think about it, fish for example, there's a lot of fake fish, fake type of tuna and other stuff that's out there, that people don't know the difference. But the restaurants are paying double, triple the amount of money for it. You start taking things like elephant tusks, you take things like just being able to track things that no one's really thinking about, and you're just like huh, I never thought of it that way. So at the end of the day, I still get surprised with what people are thinking about, that they can do with the blockchain. >> So Andre, question for you here, this event, what's the impact of this event and for the industry, in your opinion? Obviously, a lot of smart people here talking, candidly, sometimes maybe a little bit contentious about philosophies, regulation, no regulation, self-governance, lot of different things being discussed as exploration, to a new proficiency level that we need to get to. What are some of the hallway conversations you're hearing, and involved in? >> A lot of mine are obviously around custody. That is the topic of the moment. And for me, I'm in learning mode. I recognize that I've spent a lot of time in cyber-security. However, whereas it relates to blockchain and digital asset custody, whether it's utility tokens or security tokens, I'm on the CFTC Technology Advisory Committee, specifically, with cyber-security and custody, and so I want to take in as much information as I can, bring it back to the committee, bring it back to the commissioners, and help them create the proper regulations and standards, whether it's through an SRO, or it's through the government itself. >> For the folks that may watch this video later, that are new to the area, what does custody actually mean? Obviously, holding crypto, but define custody in context of these conversations, what is it, what's the threshold issues that are being discussed? >> Sure. I mean, to break it down, custody is very similar to a bank. So you are, you're saying I have a lot of X. It could be baseball cards, it could be gold bars, it could be fiat cash. And I want to have someone hold it, and I'm going to trust them with that. Of course, I'm transferring that risk, and with that, I have an expectation to have a qualified custodian, that has rules and regulations of how they're going to actually manage it, how they're going to control it, ensure that the risk, that people aren't going to take it. It could be, again, the Monet, it could be the Johnny Bench Ricky card, it could be 100 million blocks of gold. But I also want to have a level of insurance. That insurance could come from the insurance industry themselves, and allowing me to protect it in case something does happen to that, or the government. The FDIC, $250,000 for your bank account is a type of insurance that people are using. By the end of the day, from an institutional perspective, you want a pure custodian that takes all the risk. The government wants to say a certain point, that that custodian can allow for margin call, so that the client can't come in and say, well I'm not going to pay out $100 million worth of crypto, and I'm going to seize, or seizure of funds as well. And that's what's being set up right now. Traditional banks are not ready to handle that. Traditional auditing firms, like PWC or Ernst & Young, are still trying to figure out how they'd even be given a qualified opinion, as it relates to how-- >> So it's not so much that they are not have the appetite to do it, they don't have systems, they don't have expertise, >> They don't have systems, they don't have expertise, >> They don't have workflows. >> And right now, things are so new and so volatile, that they're sort of almost putting their toe in the water, but really not sure what the temperature is yet of the water to hop in. >> If someone wants to go to court, you say hey, prove it. Well, it's encrypted, I don't know who did it. >> Well, and the thing is is that when you have 53 states and territories with different money-transmitting laws, on top of the countless federal agencies and departments that are managing that, it is hard to come to consensus. It is much easier in a place like Bermuda, where the government is small enough where everyone can get together pretty quickly, have consensus on an opinion of how they want to deal with the crypto market, deal with custody, pass a regulation, and what's nice about Bermuda is it has crown ascendancy, so the UK government still approves it. >> And they move fast on the regulation side. They literally just passed-- >> They are the only jurisdiction that has a fully complete law surrounding cryptocurrency. >> You're bullish on Bermuda. >> I am, because I saw the efficiency there. And I expressed my same opinion with the CFTC, when I was doing my hearing last week, that it's nice to see the speed, but it's also a small island that allows for that speed. >> And they have legitimate practices that have been going on for years in other industries. >> Right, so there's no dirty money, there's no anything that people are sort of concerned with, they have the same AML, KYC, anti-money laundering and know your customer regulations that you would expect if you had your money in the United States. >> Yeah, we had a chance to interview the honorable charge there. >> Premier Burt, oh very nice. >> Yeah, he's great, and Toronto, so it's awesome. >> Nice. >> Alright, so final takeaway, for this show here, what's your takeaway about this event, the impact to the industry? >> This is a very important event, because I think people are still trying to get their footing around blockchain, they're still trying to get their footing around digital asset protections. And if we can get the smart people in one room, and they can share knowledge, and then we can come together as a community, and create some standards that make sense, then we're protecting the world. >> Well Andre, I'm glad you're in the industry, 'cause your expertise and background on the commercial side and government side certainly lend well to the needs. (laughs) So to speak. We need you, we need more of you. Thanks for coming on theCUBE, really appreciate your commentary and your insight. It's theCUBE, bringing the insights here, we are live in Las Vegas for HoshoCon, I'm John Furrier with theCUBE, we'll be back with more coverage after this short break. (upbeat music)

>> Narrator: Live, from Las Vegas, it's The Cube. Covering InterConnect 2017. Brought to you by IBM. >> Welcome back, everyone. Live here in Las Vegas, this is The Cube's coverage of IBM's Interconnect 2017. I'm John Furrier with my co-host Dave Vellante. Our next guest is Eric Herzog, Cube alumni, Vice President of Product Market at IBM storage. Welcome back to The Cube. Good to see you with the shirt on. You got the IBM tag there, look at that. >> I do. Well, you know, I've worn a Hawaiian shirt now, I think, ten Cubes in a row, so I got to keep the streak going. >> So, pretty sunny here in Vegas, great weather. Storage is looking up as well. Give us the update. Obviously, this is never going away, we talk about it all the time, but now cloud, more than ever, a lot of action happening with storage, and data is a big part of it. >> Yeah, the big thing with us has been around hybrid cloud. So our software portfolio, the spectrum family, Spectrum Virtualize, Spectrum Protect, our backup package, Spectrum Scale, our scale out NAS, IBM Cloud Object Storage, all will move data transparently from on-premises configurations out to multiple cloud vendors, including IBM Bluemix. But also other vendors, as well. That software's embedded on our array products, including our VersaStack. And just two weeks ago, at Cisco Live in Melbourne, Australia, we did a announcement with Cisco around our VersaStack for the hybrid cloud. >> So what's the hybrid cloud equation look like for you guys right now, because it is the hottest topic. It's almost like brute force, everywhere you see, it's hybrid cloud, that's what people want. How does it change the storage configurations? What's the solutions look like? What's different now than it was a year ago? >> I think the key thing you've got to be able to do is to make sure the data can move transparently from an on-premise location, or a private cloud, you could have started as a private cloud config and then decid it's OK to use a public cloud with the right security protocols. So, whether you've got a private cloud moving to a public cloud provider, like Bluemix, or an on-premises configuration moving to a public cloud provider, like Bluemix, the idea is they can move that data back and forth. Now, with our Cisco announcement, Cisco, with their cloud center, is also providing the capability and moving applications back and forth. We move the data layer back and forth with Spectrum Virtualize or IBM's copy data management product, Spectrum Copy Data Management, and with Cloud Center, or the ECS, Enterprise Cloud Sweep, from Cisco, you can move the application layer back and forth with that configuration on our VersaStacks. >> So this whole software-defined thing starts, it started when people realized, hey, we can run our data centers kind of the way the big hyper-scalers do. IBM pivoted hard toward software-defined. What's been the impact that you've seen with customers? Are they actually, I mean, there was a big branding announcement with Spectrum and everything a while back. What's been the business impact of that shift? >> Well, for us, it's been very strong. So if you look at the last couple quarters, according to the analysts that track the numbers, from a total storage perspective, we've moved into the number two position, and have been, now for the last two years. And for software-defined storage, we're the number one provider of software-defined storage in the world, and have been for the last three years in a row. So we've been continuing to grow that business on the software-defined side. We've got scale-up block configurations, scale-out block configurations, object storage with IBM Cloud Object Storage, and scale-out NAS and file with our IBM Spectrum Scale. So if you're file, block, or object, we've got you covered. And you can use either A, our competitor's storage, we work with all our competitor's gear, or you could go with your reseller, and have them, or your distributor provide the raw infrastructure, the servers, the storage, flash or hard drives, and then use our software on top to create essentially your own arrays. >> So when you say competitor's gear, you're talking about what used to be known as the SAN Volume Controller, and now is Spectrum Virtualize, right? Did I get that right? >> Yes, well, we still sell the SAN Volume Controller. When you buy the Spectrum Virtualize, it comes as just a piece of software. When you buy the SAN Volume Controller as well as our FlashSystem V9000, and our Storwize V7 and V5000, they come with Spectrum Virtualize pre-loaded on the array. So we have three ways where the array is pre-loaded: SAN Volume Controller, FlashSystems V9000, and then the Storwiz products, so it's pre-loaded. Or, you can buy the stand-alone software Spectrum Virtualize and put it on any hardware you want, either way. >> So, I know we're at an IBM conference, and IBM hates, they don't talk about the competition directly, but I have to ask the competitive questions. You've had a lot of changes in the business. Obviously, cloud's coming in in a big way. The Dell EMC merger has dislocated things, and you still see a zillion starups in storage, which is amazing to me, alright? Everybody says, oh, storage is dead, but then all this VC money still funneling in and all this innovation. What's happening in the storage landscape from your perspective? >> Well, I think there's a couple things. So, first of all, software-defined has got its legs, now. When you look at it from a market perspective, last quarter ended up at almost 400 million, which put it on a, let's say, a 1.6 to 2 billion dollar trajectory for calendar 2017, out of a total software market of around 16 billion. So it's gone from nothing to roughly 2 billion out of 16 billion for all storage software of all various types, so that's hot. All flash arrays are still hot. You're looking at, right now, last year, all flash arrays end up at roughly 25% of all arrays shipped. They're now in price parity, so an all-flash array is not more expensive. So you see a lot of innovation around that. You're still seeing innovation around backup, right? You've got guys trying to challenge us with our SpectrumProtect with some of these other vendors trying to challenge us, even though backup is the most mature of the storage software spaces, there's people trying to challenge that. So, I'd say storage is still a white-hot space. As you know, the overall market is flat, so it is totally a drag out, knock-down fight. You know, the MMA and the UFC guys got nothing on what goes on in the storage business. So, make sure you wear your flak jacket if you're a storage guy. >> Meaning, you got to gain share to grow, right? >> Yes, and it's all about fighting it out. This Hawaiian shirt looks Hawaiian, but just so you know, this is Kevlar. Just in case there's another storage company here at the show. >> So what are the top conversations now with storage buyers? Because we saw Candy's announcement about the object store, Flex, for the cold storage. It changes the price points. It's always going to be a price sensitive market, but they're still buying storage. What are those conversations that you're having? You mentioned moving data around, do they want to move the data around? Do they want to keep it at the edge? Is it moving the application around? What are some of those key conversations that you're involved in? >> So we've done a couple innovative things. One of the things we've done is worked with our sales team to create what we call, the conversations. You know, I've been doing this storage gig now for 31 years. Seven start-ups, IBM twice, EMC, Maxtor and Seagate- >> John: You're a hardened veteran. >> I'm a storage veteran, that's why this is a Kevlar Hawaiian shirt. But no CIO's a storage guy, I've never met one, in 31 years, ever, ever, ever met a storage guy. So what we have to do is elevate the conversation when you're talking to the customer, about why it's important for their cloud, why it's important for machine learning, for cognitive, for artificial intelligence. You know, this about it, I'm a Star Trek guy. I like Star Wars, too, but in Star Trek, Bones, of course, wands the body. So guess what that is? That's the edge device going through the cloud to a big, giant server farm. If that storage is not super resilient, the guy on the table might not make it. And if the storage isn't super fast, the guys on the table might not make it. And while Watson isn't there, yet, Watson Health, they're getting there. So, in ten years from now, I expect when I go to the doctor, he's just like in Star Trek, waving the wand, and boy, you better make sure the storage that that wand is talking to better be highly resilient and high performing. >> Define resilient, in your terms. >> So, resilient means you really can't have more than 30 seconds, 50 seconds a year of down time. Because whoever's on the table when that thing goes down has got a real problem. So you've got to be up all the time, and if you take it out of the healthcare space and look at other applications, whether you look at trading applications, data is the new gold. Data is the new diamonds. It's about data. Yes, I'd love to have a mound of gold, but you know what, if you have the right amount of data, it worth way more than a mound of gold is. >> You're right about the CIO and storage. They don't want to worry about storage. They don't want to spend a lot of time thinking about it. A CIO once said to me, "I care about storage like this, "I want it to be dirt cheap, lightning fast, and rock solid." Now, the industry has done a decent job with rock solid, I would say, but up until Flash, not really that great with lightning fast, and really not that great with dirt cheap. Price has come down for the hardware, but the management has been so expensive. So, is the industry attacking that problem? And what's IBM doing? >> Yeah, so the big thing is all about automation. So when I talk about moving to the hybrid cloud, I'm talking about transparent migration, transparent movement. That's an automation play. So you want to automate as much as you can, and we've got some things that we're not willing to disclose yet that'll make our storage even more automated whether it be from a predictive analytics perspective, self-healing storage that actually will heal itself, you know, go out and grab a code load and put the new code on because it knows there's a bug in the old code, and do that transparently so the user doesn't have to do anything. It's all about automating data movement and data activity. So we've already been doing that with the Spectrum family, and that Spectrum family ships on our storage systems and on our VersaStack, but automation is the critical key in storage. >> So I wonder, does that bring up new KPIs? Like, I presume you guys dog food your own storage internally, and your own IT. >> Eric: Yes >> Are you seeing, because it used to be, OK, the light's green on the disc drive, and you know, this is our uptime or downtime, planned downtime, you know, sort of standard metrics that we've known for 30-40 years. With automation, are we seeing a new set of metrics in KPIs emerge? You know, self-healing, percentage of problems that corrected themselves, or- >> Well, and you're also seeing things like time spent. So if you go back to the downturn of seven, eight, and nine, IT was devastated, right? And, as you know, you've seen a lot of surveys that IT spend is basically back up to '08, OK, the pre-08 crash. When you open up that envelope, they're not hiring storage guys anymore, and usually not infrastructure guys. They're hiring guys to do devops and testdev, and do cloud-based applications, which means there's not a lot of guys to run the storage. So one of the metrics we're seeing is, how much guys do I have managing my storage, or, my infrastructure? I used to have 50, now I'm a big bank, can I do it with 25? Can I do it with 20? Can I do it with 15? And then, how much time do they spend between the networking, the storage, the facilities themselves. These data center guys have to manage all of that. So there are new metrics about, what is the workload that my actual human beings are doing? How much of that is storage versus something else? And there's way less guys doing storage as a full-time job, anyway, because what happened in the downturn? And, so automation is critical to a guy running a datacenter, whether he's a cloud guy, whether he's a small shop. And clearly in the Fortune, global 2500, those guys, where they've got in-house IT, they've cut back on the infrastructure team and the storage team, so it's all about automation. So, part of the KPIs are not just about the storage itself, such as uptime, cost per Gig, cost per transaction, the bandwidth, you know, those sorts of KPIs. But it's also about how much time do I really spend managing the storage? So if I've only got five guys, now, and I used to have 15 guys, those five guys are managing, usually, three, to four, to five times more storage than they did in 2008 and 2009. So now you've got to do it with five guys instead of 15, so there's a KPI, right there. >> So, what about cloud? We heard David Kinney talk today about the object store with that funny name, and then he talked about this cloud-tiering thing, and I couldn't stay. I had to get ready for theCube. How do you work with those guys? How do you sell a hybrid story, together, because cloud is eating away at the traditional infrastructure business, but it's all sort of one big, happy family, I'm sure. But how do you work with a cloud group to really drive, to make the water level higher for IBM? >> So, all of our products from the Spectrum family, not all, but almost all our products from the Spectrum family, will automatically move data to the cloud, including IBM Bluemix/SoftLayer. So our on-premises can do it. If you buy our software only, and don't buy our storage arrays, or don't buy a Storwize, or don't buy a flash system, you still can automatically move that data to the cloud, including the IBM cloud object store. Our Spectrum Scale product, for example, ScaleOut NAS, and file system, which is very highly used in big data analytics and cognitive workloads, automatically, by policy, will tier-data to IBM cloud object storage. Spectrum Protect can be set up to automatically take data and back it up from on-premises to IBM cloud object storage. So we've automated those processes between our software and our array family, and IBM cloud object storage, and Bluemix and SoftLayer. And, by the way, in all honesty, we also work with other cloud vendors, just like they work with other storage vendors. All storage vendors can put data in Bluemix. Well, guess what, we can put data in clouds that are not Bluemix, as well. Of course, we prefer Bluemix. We all have IBM employee stock purchase, so of course we want Bluemix first, but if the customer, for whatever reason, doesn't see the light and doesn't go to Bluemix and goes with something else, then we want to make sure that customer's happy. We want to get at least some of the PO, and our Spectrum family, and our VersaStack family, and all of our array family can get that part of the PO. >> You need versatility to be on any cloud. >> Eric: We can be on any cloud. >> So my question for you is, the thing that came out of our big data, Silicon Valley event last week was, Hadoop was a great example, and that's kind of been, now, a small feature of the overall data ecosystem, is that batch and real time are coming together. So that conversation you're having, that you mentioned earlier, is about more real time than there is anything else more than ever. >> Well, and real time gets back to my examples of Bones on Star Trek wanding you over healthcare. That is real time, he's got a phaser burn, a broken leg, a this and that, and then we know how to fix the guy. But if you don't get that from the wand, then that's not real time analytics. >> Speaking of Star Trek, just how much data do you think the Enterprise was throwing off, just from an IOT standpoint? >> I'm sure that they had about a hundred petabytes. All stored on IBM Flash Systems arrays, by the way. >> Eric, thanks for coming on. Real quick, in the next 30 seconds, just give the folks a quick update on why IBM storage is compelling now more than ever. >> I think the key thing is, most people don't realize, IBM is the number two storage company in the world, and it has been for the last several years. But I think the big thing is our embracing of the hybrid cloud, our capability of automating all these processes. When they've got less guys doing storage and infrastructure in their shop, they need something that's automated, that works with the cloud. And that's what IBM storage does. >> All right, Eric Herzog, here, inside theCube, Vice President of Product Market for IBM Storage. I'm John Furrier, and Dave Velante. More live coverage from IBM InterConnect after this short break. Stay with us. (tech music)