(lively music) >> Welcome back to our coverage of Cloud Native Security Con. I'm Dave Vellante, here in our Boston studio. We're connecting today, throughout the day, with Palo Alto on the ground in Seattle. And right now I'm here with Michael Foster with Red Hat. He's on the ground in Seattle. We're going to discuss the trends and containers and security and everything that's going on at the show in Seattle. Michael, good to see you, thanks for coming on. >> Good to see you, thanks for having me on. >> Lot of market momentum for Red Hat. The IBM earnings call the other day, announced OpenShift is a billion-dollar ARR. So it's quite a milestone, and it's not often, you know. It's hard enough to become a billion-dollar software company and then to have actually a billion-dollar product alongside. So congratulations on that. And let's start with the event. What's the buzz at the event? People talking about shift left, obviously supply chain security is a big topic. We've heard a little bit about or quite a bit about AI. What are you hearing on the ground? >> Yeah, so the last event I was at that I got to see you at was three months ago, with CubeCon and the talk was supply chain security. Nothing has really changed on that front, although I do think that the conversation, let's say with the tech companies versus what customers are actually looking at, is slightly different just based on the market. And, like you said, thank you for the shout-out to a billion-dollar OpenShift, and ACS is certainly excited to be part of that. We are seeing more of a consolidation, I think, especially in security. The money's still flowing into security, but people want to know what they're running. We've allowed, had some tremendous growth in the last couple years and now it's okay. Let's get a hold of the containers, the clusters that we're running, let's make sure everything's configured. They want to start implementing policies effectively and really get a feel for what's going on across all their workloads, especially with the bigger companies. I think bigger companies allow some flexibility in the security applications that they can deploy. They can have different groups that manage different ones, but in the mid to low market, you're seeing a lot of consolidation, a lot of companies that want basically one security tool to manage them all, so to speak. And I think that the features need to somewhat accommodate that. We talk supply chain, I think most people continue to care about network security, vulnerability management, shifting left and enabling developers. That's the general trend I see. Still really need to get some hands on demos and see some people that I haven't seen in a while. >> So a couple things on, 'cause, I mean, we talk about the macroeconomic climate all the time. We do a lot of survey data with our partners at ETR, and their recent data shows that in terms of cost savings, for those who are actually cutting their budgets, they're looking to consolidate redundant vendors. So, that's one form of consolidation. The other theme, of course, is there's so many tools out in the security market that consolidating tools is something that can help simplify, but then at the same time, you see opportunities open up, like IOT security. And so, you have companies that are starting up to just do that. So, there's like these countervailing trends. I often wonder, Michael, will this ever end? It's like the universe growing and tooling, what are your thoughts? >> I mean, I completely agree. It's hard to balance trying to grow the company in a time like this, at the same time while trying to secure it all, right? So you're seeing the consolidation but some of these applications and platforms need to make some promises to say, "Hey, we're going to move into this space." Right, so when you have like Red Hat who wants to come out with edge devices and help manage the IOT devices, well then, you have a security platform that can help you do that, that's built in. Then the messaging's easy. When you're trying to do that across different cloud providers and move into IOT, it becomes a little bit more challenging. And so I think that, and don't take my word for this, some of those IOT startups, you might see some purchasing in the next couple years in order to facilitate those cloud platforms to be able to expand into that area. To me it makes sense, but I don't want to hypothesize too much from the start. >> But I do, we just did our predictions post and as a security we put up the chart of candidates, and there's like dozens, and dozens, and dozens. Some that are very well funded, but I mean, you've seen some down, I mean, down rounds everywhere, but these many companies have raised over a billion dollars and it's like uh-oh, okay, so they're probably okay, maybe. But a lot of smaller firms, I mean there's just, there's too many tools in the marketplace, but it seems like there is misalignment there, you know, kind of a mismatch between, you know, what customers would like to have happen and what actually happens in the marketplace. And that just underscores, I think, the complexities in security. So I guess my question is, you know, how do you look at Cloud Native Security, and what's different from traditional security approaches? >> Okay, I mean, that's a great question, and it's something that we've been talking to customers for the last five years about. And, really, it's just a change in mindset. Containers are supposed to unleash developer speed, and if you don't have a security tool to help do that, then you're basically going to inhibit developers in some form or another. I think managing that, while also giving your security teams the ability to tell the message of we are being more secure. You know, we're limiting vulnerabilities in our cluster. We are seeing progress because containers, you know, have a shorter life cycle and there is security and speed. Having that conversation with the C-suites is a little different, especially when how they might be used to virtual machines and managing it through that. I mean, if it works, it works from a developer's standpoint. You're not taking advantage of those containers and the developer's speed, so that's the difference. Now doing that and then first challenge is making that pitch. The second challenge is making that pitch to then scale it, so you can get onboard your developers and get your containers up and running, but then as you bring in new groups, as you move over to Kubernetes or you get into more container workloads, how do you onboard your teams? How do you scale? And I tend to see a general trend of a big investment needed for about two years to make that container shift. And then the security tools come in and really blossom because once that core separation of responsibilities happens in the organization, then the security tools are able to accelerate the developer workflow and not inhibit it. >> You know, I'm glad you mentioned, you know, separation of responsibilities. We go to a lot of shows, as you know, with theCUBE, and many of them are cloud shows. And in the one hand, Cloud has, you know, obviously made the world, you know, more interesting and better in so many different ways and even security, but it's like new layers are forming. You got the cloud, you got the shared responsibility model, so the cloud is like the first line of defense. And then you got the CISO who is relying heavily on devs to, you know, the whole shift left thing. So we're asking developers to do a lot and then you're kind of behind them. I guess you have audit is like the last line of defense, but my question to you is how can software developers really ensure that cloud native tools that they're using are secure? What steps can they take to improve security and specifically what's Red Hat doing in that area? >> Yeah, well I think there's, I would actually move away from that being the developer responsibility. I think the job is the operators' and the security people. The tools to give them the ability to see. The vulnerabilities they're introducing. Let's say signing their images, actually verifying that the images that's thrown in the cloud, are the ones that they built, that can all be done and it can be done open source. So we have a DevSecOps validated pattern that Red Hat's pushed out, and it's all open source tools in the cloud native space. And you can sign your builds and verify them at runtime and make sure that you're doing that all for free as one option. But in general, I would say that the hope is that you give the developer the information to make responsible choices and that there's a dialogue between your security and operations and developer teams but security, we should not be pushing that on developer. And so I think with ACS and our tool, the goal is to get in and say, "Let's set some reasonable policies, have a conversation, let's get a security liaison." Let's say in the developer team so that we can make some changes over time. And the more we can automate that and the more we can build and have that conversation, the better that you'll, I don't say the more security clusters but I think that the more you're on your path of securing your environment. >> How much talk is there at the event about kind of recent high profile incidents? We heard, you know, Log4j, of course, was mentioned in the Keynote. Somebody, you know, I think yelled out from the audience, "We're still dealing with that." But when you think about these, you know, incidents when looking back, what lessons do you think we've learned from these events? >> Oh, I mean, I think that I would say, if you have an approach where you're managing your containers, managing the age and using containers to accelerate, so let's say no images that are older than 90 days, for example, you're going to avoid a lot of these issues. And so I think people that are still dealing with that aspect haven't set up the proper, let's say, disclosure between teams and update strategy and so on. So I don't want to, I think the Log4j, if it's still around, you know, something's missing there but in general you want to be able to respond quickly and to do that and need the tools and policies to be able to tell people how to fix that issue. I mean, the Log4j fix was seven days after, so your developers should have been well aware of that. Your security team should have been sending the messages out. And I remember even fielding all the calls, all the fires that we had to put out when that happened. But yeah. >> I thought Brian Behlendorf's, you know, talk this morning was interesting 'cause he was making an attempt to say, "Hey, here's some things that you might not be thinking about that are likely to occur." And I wonder if you could, you know, comment on them and give us your thoughts as to how the industry generally, maybe Red Hat specifically, are thinking about dealing with them. He mentioned ChatGPT or other GPT to automate Spear phishing. He said the identity problem is still not fixed. Then he talked about free riders sniffing repos essentially for known vulnerabilities that are slow to fix. He talked about regulations that might restrict shipping code. So these are things that, you know, essentially, we can, they're on the radar, but you know, we're kind of putting out, you know, yesterday's fire. What are your thoughts on those sort of potential issues that we're facing and how are you guys thinking about it? >> Yeah, that's a great question, and I think it's twofold. One, it's brought up in front of a lot of security leaders in the space for them to be aware of it because security, it's a constant battle, constant war that's being fought. ChatGPT lowers the barrier of entry for a lot of them, say, would-be hackers or people like that to understand systems and create, let's say, simple manifests to leverage Kubernetes or leverage a misconfiguration. So as the barrier drops, we as a security team in security, let's say group organization, need to be able to respond and have our own tools to be able to combat that, and we do. So a lot of it is just making sure that we shore up our barriers and that people are aware of these threats. The harder part I think is educating the public and that's why you tend to see maybe the supply chain trend be a little bit ahead of the implementation. I think they're still, for example, like S-bombs and signing an attestation. I think that's still, you know, a year, two years, away from becoming, let's say commonplace, especially in something like a production environment. Again, so, you know, stay bleeding edge, and then make sure that you're aware of these issues and we'll be constantly coming to these calls and filling you in on what we're doing and make sure that we're up to speed. >> Yeah, so I'm hearing from folks like yourself that the, you know, you think of the future of Cloud Native Security. We're going to see continued emphasis on, you know, better integration of security into the DevSecOps. You're pointing out it's really, you know, the ops piece, that runtime that we really need to shore up. You can't just put it on the shoulders of the devs. And, you know, using security focused tools and best practices. Of course you hear a lot about that and the continued drive toward automation. My question is, you know, automation, machine learning, how, where are we in that maturity cycle? How much of that is being adopted? Sometimes folks are, you know, they embrace automation but it brings, you know, unknown, unintended consequences. Are folks embracing that heavily? Are there risks associated around that, or are we kind of through that knothole in your view? >> Yeah, that's a great question. I would compare it to something like a smart home. You know, we sort of hit a wall. You can automate so much, but it has to actually be useful to your teams. So when we're going and deploying ACS and using a cloud service, like one, you know, you want something that's a service that you can easily set up. And then the other thing is you want to start in inform mode. So you can't just automate everything, even if you're doing runtime enforcement, you need to make sure that's very, very targeted to exactly what you want and then you have to be checking it because people start new workloads and people get onboarded every week or month. So it's finding that balance between policies where you can inform the developer and the operations teams and that they give them the information to act. And that worst case you can step in as a security team to stop it, you know, during the onboarding of our ACS cloud service. We have an early access program and I get on-calls, and it's not even security team, it's the operations team. It starts with the security product, you know, and sometimes it's just, "Hey, how do I, you know, set this policy so my developers will find this vulnerability like a Log4Shell and I just want to send 'em an email, right?" And these are, you know, they have the tools and they can do that. And so it's nice to see the operations take on some security. They can automate it because maybe you have a NetSec security team that doesn't know Kubernetes or containers as well. So that shared responsibility is really useful. And then just again, making that automation targeted, even though runtime enforcement is a constant thing that we talk about, the amount that we see it in the wild where people are properly setting up admission controllers and it's acting. It's, again, very targeted. Databases, cubits x, things that are basically we all know is a no-go in production. >> Thank you for that. My last question, I want to go to the, you know, the hardest part and 'cause you're talking to customers all the time and you guys are working on the hardest problems in the world. What is the hardest aspect of securing, I'm going to come back to the software supply chain, hardest aspect of securing the software supply chain from the perspective of a security pro, software engineer, developer, DevSecOps Pro, and then this part b of that is, is how are you attacking that specifically as Red Hat? >> Sure, so as a developer, it's managing vulnerabilities with updates. As an operations team, it's keeping all the cluster, because you have a bunch of different teams working in the same environment, let's say, from a security team. It's getting people to listen to you because there are a lot of things that need to be secured. And just communicating that and getting it actionable data to the people to make the decisions as hard from a C-suite. It's getting the buy-in because it's really hard to justify the dollars and cents of security when security is constantly having to have these conversations with developers. So for ACS, you know, we want to be able to give the developer those tools. We also want to build the dashboards and reporting so that people can see their vulnerabilities drop down over time. And also that they're able to respond to it quickly because really that's where the dollars and cents are made in the product. It's that a Log4Shell comes out. You get immediately notified when the feeds are updated and you have a policy in action that you can respond to it. So I can go to my CISOs and say, "Hey look, we're limiting vulnerabilities." And when this came out, the developers stopped it in production and we were able to update it with the next release. Right, like that's your bread and butter. That's the story that you want to tell. Again, it's a harder story to tell, but it's easy when you have the information to be able to justify the money that you're spending on your security tools. Hopefully that answered your question. >> It does. That was awesome. I mean, you got data, you got communication, you got the people, obviously there's skillsets, you have of course, tooling and technology is a big part of that. Michael, really appreciate you coming on the program, sharing what's happening on the ground in Seattle and can't wait to have you back. >> Yeah. Awesome. Thanks again for having me. >> Yeah, our pleasure. All right. Thanks for watching our coverage of the Cloud Native Security Con. I'm Dave Vellante. I'm in our Boston studio. We're connecting to Palo Alto. We're connecting on the ground in Seattle. Keep it right there for more coverage. Be right back. (lively music)

>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back to Vegas, guys and girls, it's great to have you with us. The Cube Live. Si finishing our second day of coverage of Palo Alto Ignite. 22 from MGM Grand in Las Vegas. Lisa Martin here with Dave Valante. Dave Cybersecurity is one of my favorite topics to talk about because it is so interesting. It is so dynamic. My other favorite thing is to hear the voice of our vendors' customers. And we could to >>Do that. I always love to have the customer on you get you get right to the heart of the matter. Yeah. Really understand. You know, what I like to do is sort of when I listen to the keynotes, try to see how well it aligns with what the customers are actually doing. Yeah. So let's >>Do it. We're gonna unpack that now. Michael Fagan joins us, the Chief Transformation Officer at Village Roadshow. Welcome Michael. It's great to have you >>And thank you. It's a pleasure to be here. >>So this is a really interesting entertainment company. I find the name interesting, but talk to us a little bit about Village Roadshow so the audience gets an understanding of all of the things that you guys do cuz theme parks is part of >>This. Yeah, so Village Road show's Australia's largest cinema exhibitor in conjunction with our partners at event. We also own and operate Australia's largest theme parks. We have Warner Brothers movie World, wet and Wild. SeaWorld Top Golf in Australia is, is operated by us plus more. We also do studio, we also own movie studios, so Aquaman, parts of the Caribbean. We're, we're filming our movie studios Elvis last year. And we also distribute and produce movies and TV shows. Quite diverse group. >>Yeah, you guys have won a lot of awards. I mean, I don't know, academy Awards, golden Globe, all that stuff, you know, and so it's good. Congratulations. Yeah. >>Thank you. >>Cool stuff. I wanna also, before we dig into the use case here, talk to us about the role of a chief transformation officer. How long have you been in that role? What does it encompass and what do you get to drive from a transformation perspective? Yeah, >>So the, the, the nature and pace of disruption is accelerating and on, on one side. And then on the other side, the running business as usual is becoming increasingly complex and, and more difficult to do. So running both simultaneously and at pace can put organizations at risk, both financially and and other ways. So in my role as Chief Transformation officer, I support the rest of the executive team by giving them additional capacity and also bring capability to the team that wasn't there before. So I do a lot of strategic and thought leadership. There's some executive coaching in there, a lot of financial modeling and analysis. And I believe that when a transformation role in particularly a chief transformation role is done correctly, it's a very hands-on role. So there's certain things where I, I dive right down and I'm actually hands in, hands-on leading teams or leading pieces of work. So I might be leading particular projects. I tried to drive profit revenue and profitability across the divisions and does any multi or cross-divisional opportunities or initiative, then I will, I will lead those. >>The transformation, you know, a while ago was cloud, right? Okay, hey, cloud and transformation officers, whether or not they had that title, we'll tell you, look, you gotta change the operating model. You can't just, you know, lift and shift in the cloud. That's, you know, that's pennies. We want, you know, big bucks. That's the operating. Now it's, I'm my question is, is did the pandemic just accelerate your transformation or, or was it, you know, deeper than that? >>Yeah, so what in my role have both digital and business transformation, some of it has been organizational. I think the pandemic has had a, a significant and long lasting effect on society, not just on, on business. So I think if you think about how work work used to be a, a place you went to and how it was done beforehand, before the, before COVID versus now where, you know, previously, you know, within the enterprise you had all of the users, you had all of the applications, you had all of the data, you had all of the people. And then since March, 2020, just overnight, that kind of inverted and, you know, you had people working from home and a person working from home as a branch office of one. So, so we ended up with another thousand branches literally overnight. A lot of the applications that we use are now SASS or cloud-based, whether that's timekeeping with Kronos or communica employee communication or work Jam. So they're not sitting within our data center, they're not sitting within, within our enterprise. It's all external. >>So from a security perspective, you obviously had to respond to that and we heard a lot about endpoint and cloud security and refactoring the network and identity. These guys aren't really an identity. They partner for that, but still a lot of change in focus that the CISO had to deal with. How, how did you guys respond to that? And, and you had a rush to do it. Yeah. And so as you sit back now, where do you go from here? >>Well we had, we had two major triggers for our, our network and security transformation. The first being COVID itself, and then the second beam, we had a, a major MPLS telco renewal that came up. So that gave you an opportunity to look at what we were doing and essentially our network was designed for a near, that no longer exists for when, for when p like I said, when people, when people were from home, all the applications were inside. So, and we had aging infrastructure, our firewalls were end of life. So initially we started off with an SD WAN at the SD WAN layer and an SD WAN implementation. But when we investigated and saw the security capabilities that are available now, we that to a full sassy WAN implementation. >>Why Palo Alto Networks? Because you, you had, you said you had an aging infrastructure designed for an era that doesn't exist anymore, but you also had a number of tools. We've been talking about a consolidation a lot the last couple days. Yeah. How did, what did you consolidate and why with Palo Alto? >>So we had a great partner in Australia, incidentally also called Cube. Cube Networks. Yeah. That we worked with great >>Names. Yeah, right. >>So we, so we, we worked for Cube. We ran a, a form of tender process. And Palo Alto with, you know, Prisma access and Global Global Protect was the only, the only solution that gave us everything that we needed in terms of network modernization, the agility that we required. So for example, in our theme part, we want to send out a hotdog cart or an ice cream cart, and that becomes, all of a sudden you got a new branch that I want to spin up this branch in 10 minutes and then I wanna spin it back down again. So from agility perspective, from a flexibility perspective, the security that, that we wanted, you know, from a zero trust perspective, and they were the only, certainly from a zero trust perspective, they're probably the only vendor that, that exists that, that actually provided the, the, all those capabilities. >>And did you consolidate tools or you were in the process of consolidating tools now? >>Yeah, so we actually, we actually consolidated down to, to, to a, to a single vendor. And in my previous role I had, I had implemented SD WAN before and you know, interoperability is a, is a major issue in the IT industry. I think there's, it's probably the only industry in the, the only industry I can think of certainly that where we, we ship products that aren't ready. They're not of all the features, they, they don't have all the features that they should have. They're their plans. They were releasing patches, releasing additional features every, every couple of months. So, you know, if you, if if Ford sold the card, I said, Hey, you're gonna give you backseats in a couple of months, they'd be uproar. But, but we do that all the time in, in it. So I had, when I previously implemented an Sdwan transformation, I had products from two tier one vendors that just didn't talk to one another. And so when I went and spoke to those vendors, they just went, well, it's not me. It's clearly, clearly those guys. So, so there's a lot to be said for having a, you know, a champion team rather than a team of champions. And Palo Alto have got that full stack fully integrated that was, you know, exactly meant what we were looking for. >>They've been talking a lot the last couple days about integration and it, and I've talked with some of their executives and some analysts as well, including Dave about that seems to be a differentiator for them because they really focus on that. Their m and a strategy is very, it seems to be very clear and there's purpose on that backend integration instead of leaving it to the customer, like Village Road show to do it. They also talked a lot about the consolidation. I'm just curious, Michael, in terms of like what you've heard at the show in the last couple of days. >>Yeah, I mean I've been hearing to same mess, but actually we've, we've lived in a >>You're living it. That's what I wanted to >>Know. So, so, you know, we had a choice of, you know, do you try and purchase so-called best of breed products and then put a lot of effort into integrating them and trying to get them to work, which is not really what we want to spend time doing. I don't, I don't wanna be famous for, you know, integration and, you know, great infrastructure. I want to be, I want Village to be famous for delivering great experiences to our customers. Memories that last a lifetime. And you know, when kids grow up in Australia, they, everybody remembers going to the theme parks. That's what, that's what I want our team to be doing and to be delivering those great experiences, not to be trying to plug together bits of software and it may or may not work and have vendors pointing at one another and then we are left carrying the cannon and holding the >>Baby. So what was the before and after, can you give us a sense as to how life changed, you know, pre that consolidation versus post? >>Yeah, so our, our, our infrastructure, say our infrastructure was designed for, you know, the, you know, old ways of working where we had you knowm routers that were, you know, not designed for cloud, for modern traffic, including cloud Destin traffic, an old MPLS network. We used to back haul all the traffic from, from our branches back to central location run where we've got, you know, firewall walls, we've got a dmz, we could run advanced inspection services on that. So if you had a branch that wanted to access a website that was housed next door, even if it was across the country, then it would, we would pull that all the way back to Melbourne. We would apply advanced inspection services to it, send it up to the cloud out back across the country. Traffic would come back, come down to us, back out to our branch. >>So you talk about crossing the country four times, even at the website is, is situated next door now with, with our sasi sdwan transformation just pops out to the cloud now straight away. And the, the difference in performance for our, for our team and for our customers, it, it's phenomenal. So you'll talk about saving minutes, you know, on a log on and, and seconds then and on, on an average transaction and second zone sound like a lot. But when you, it's every click up, they're saving a second and add up. You're talking about thousands of man hours every month that we've saved. >>If near Zuke were sitting right here and said, what could we do better? You know, what do you need from us that we're not delivering today that you want to, you want us to deliver that would change your life. Yeah, >>There's two things. One, one of which I think they're all, they're already doing, but I actually haven't experienced myself. It's around the autonomous digital experience management. So I've now got a thousand users who are sitting at home and they've got, when they've got a problem, I don't know, is it, is it my problem or is it their problem? So I know that p were working on a, an A solution that digital experience solution, which can actually tell, well actually know you're sitting in your kitchen and your routes in your front room, maybe you should move closer to the route. So there, there they, that's one thing. And the second thing is using AI to tell me things that I wouldn't be able to figure out with a human training. A lot of time sifting through data. So things like where I've potentially overcompensated and, you know, overdelivered on the network and security side or of potentially underdelivered on a security side. So having AI to, you know, assess all of those millions and probably billions of, you know, transactions and packets that are moving around our network and say, Hey, you could optimize it more if you, if you dial this down or dial this up. >>So you said earlier we, this industry has a habit of shipping products before, you know they're ready. So based on your experience, seems like, first of all, it sounds like you got a at least decent technical background as well. When do you expect to have that capability? Realistically? When can we expect that as an industry? >>I think I, I think, like I said, the the rate and nature of change is, is, I think it's accelerating. The halflife of degree is short. I think when I left university, what I, what I learned in first year was, was obsolete within five years, I'd say now it's probably obsolete of you. What'd you learn in first year? It's probably obsolete by the time you finish your degree. >>Six months. Yeah, >>It's true. So I think the, the, the rate of change and the, the partnership that I see Palo building with the likes of AWS and Google and that and how they're coming together to, to solve, to jointly solve these problems is I think we will see this within 12 months. >>Who, who are your clouds? You got multiple clouds >>Or We got multiple clouds. Mostly aws, but there are certain things that we run that run in run in Azure as well. We, we don't really have much in GCP or, or, or some of the other >>Azure for collaboration and teams, stuff like that. >>Ah, we, we run, we run SAP that's we hosted in, in Azure and our cinema ticketing system is, is was run in Azure. It's, it was only available in, in in Azure the time we're mo we are mostly an AWS >>Shop. And what do you do with aws? I mean, pretty much everything else is >>Much every, everything else, anything that's customer facing our websites, they give us great stability. Great, great availability, great performance, you know, we've had and, and, and, and a very variable as well. So, we'll, you know, our, our pattern of selling movie tickets is typically, you know, fairly flat except when, you know, there's a launch of a, of a new movie. So all of a sudden we might say you might sell, you know, at 9:00 AM when, you know, spider-Man went on sale last year, I think we sold 100 times the amount of tickets in the forest, 10 minutes. So our website didn't just scale look beautifully, just took in all of that extra traffic scale up. We're at only any intervention and then scale back down >>Taylor Swift needs that she does need that. So yeah. And so is your vision to have Palo Alto networks security infrastructure have be a common sort of layer across those clouds and maybe even some on-prem? Is it, are you, are you working toward that? Yeah, >>We, yeah, we, yeah, we, we'd love to have, you know, our end, our end customers don't really care about the infrastructure that we run. They won't be >>Able to unless it breaks. >>Unless it breaks. Yeah. They wanna be able to go to see a movie. Do you wanna be able to get on a rollercoaster? They wanna be able to go, you know, play around around a top golf. So having that convergence and that seamless integration of working across cloud network security now for most of our team, they, they don't know and they don't need to know. In fact, I, I frankly don't want them to know and be, be thinking about networks and clouds. I kind of want them thinking about how do we sell more cinema tickets? How do we give a great experience to our guests? How do we give long lasting lifetime memories to, to the people who come visit our parks? >>That's what they want. They want that experience. Right. I'd love to get your final thoughts on, we, we had you give a great overview of the ch the role that you play as Chief transformation officer. You own digital transformation, you want business transformation. What advice would you give to either other treat chief transformation officers, CISOs, CSOs, CEOs about partnering, what's the right partner to really improve your security posture? >>I think there's, there's two things. One is if you haven't looked at this in the last two years and made some changes, you're outta date. Yeah. Because the world has changed. We've seen, I mean, I've heard somebody say it was two decades worth of, I actually think it's probably five 50 years worth of change in, in Australia in terms of working habits. So one, you need to do something. Yeah. Need to, you need to have a look at this. The second thing I think is to try and partner with someone that has similar values to your organization. So Village is a, it's a wonderful, innovative company. Very agile. So the, like the, the concept of gold class cinema, so, you know, big proceeds, recliners, waiter service, elevated foods concept that, that was invented by village in 1997. Thank you. And we had thanks finally came to the states so decade later, I mean we would've had the CEO of every major cinema chain in the world come to come to Melbourne and have a look at what Village is doing and go, yeah, we're gonna export that back around around the world. It's probably one of, one of Australia's unknown exports. Yeah. So it's, yeah, so, so partnering. So we've got a great innovation history and we'd like to think of ourselves as pretty agile. So working with partners who are, have a similar thought process and, and managed to an outcome and not to a contract Yeah. Is, is important for us. >>It's all about outcomes. And you've had some great outcomes, Michael, thank you for joining us on the program, walking us through Village Roadshow, the challenges that you had, how you tackled them, and, and next time I think I'm in a movie theater and I'm in reclining chair, I'm gonna think about you and village. So thank you. We appreciate your insights, your time. Thank you. Thanks Michael. For Michael Fagan and Dave Valante. I'm Lisa Martin. You've been watching The Cube. Our live coverage of Palo Alto Networks. Ignite comes to an end. We thank you so much for watching. We appreciate you. You're watching the Cube, the leader in live enterprise and emerging emerging tech coverage next year. >>Yeah.

(light music) (airy white noise rumbling) >> Hey everyone, welcome back to Las Vegas. It's theCUBE. We're here, day four of our coverage of AWS re:Invent 22. There's been about, we've heard, north of 55,000 folks here in person. We're seeing only a fraction of that but it's packed in the expo center. We're at the Venetian Expo, Lisa Martin, Dave Vellante. Dave, we've had such great conversations as we always do on theCUBE. With the AWS ecosystem, we're going to be talking with another partner on that ecosystem and what they're doing to innovate together next. >> Well, we know security is the number one topic on IT practitioners, mine, CIOs, CISOs. We also know that they don't have the bench strength, that's why they look to manage service providers, manage service security providers. It's a growing topic, we've talked about it. We talked about it at re:Inforce earlier this year. I think it was July, actually, and August, believe it or not, not everybody was at the Cape. It was pretty well attended conference and that's their security focus conference, exclusive on security. But there's a lot of security here too. >> Lot of security, we're going to be talking about that next. We have two guests from Capgemini joining us. Mike Wasielewski, the head of cloud security, and NextGen secure architectures, welcome Mike. Anne Saunders also joins us, the Director of Cybersecurity Technology Partnerships at Capgemini, welcome Anne. >> Thank you. >> Dave: Hey guys. >> So, day four of the show, how you feeling? >> Anne: Pretty good. >> Mike: It's a long show. >> It is a long, and it's still jamming in here. Normally on the last day, it dwindles down. Not here. >> No, the foot traffic around the booth and around the totality of this expo floor has been amazing, I think. >> It really has. Anne, I want to start with you. Capgemini making some moves in the waves in the cloud and cloud security spaces. Talk to us about what Cap's got going on there. >> Well, we actually have a variety of things going on. Very much partner driven. The SOC Essentials offering that Mike's going to talk about shortly is the kind of the starter offer where we're going to build from and build out from. SOC Essentials is definitely critical for establishing that foundation. A lot of good stuff coming along with partners. Since I manage the partners, I'm kind of keen on who we get involved with and how we work with them to build out value and focus on our overall cloud security strategy. Mike, you want to talk about SOC Essentials? >> Yeah, well, no, I mean, I think at Capgemini, we really say cybersecurity is part of our DNA and so as we look at what we do in the cloud, you'll find that security has always been an underpinning to a lot of what we deliver, whether it's on the DevSecOps services, migration services, stuff like that. But what we're really trying to do is be intentional about how we approach the security piece of the cloud in different ways, right? Traditional infrastructure, you mentioned the totality of security vendors here and at re:Inforce. We're really seeing that you have to approach it differently. So we're bringing together the right partners. We're using what's part of our DNA to really be able to drive the next generation of security inside those clouds for our clients and customers. So as Anne was talking about, we have a new service called the Capgemini Cloud SOC Essentials, and we've really brought our partners to bear, in this case Trend Micro, really bringing a lot of their intelligence and building off of what they do so that we can help customers. Services can be pretty expensive, right, when you go for the high end, or if you have to try to run one yourself, there's a lot of time, I think you mentioned earlier, right, the people's benches. It's really hard to have a really good cybersecurity people in those smaller businesses. So what we're trying to do is we're really trying to help companies, whether you're the really big buyers of the world or some of the smaller ones, right? We want to be able to give you the visibility and ability to deliver to your customers securely. So that's how we're approaching security now and we're cloud SOC Essentials, the new thing that we're announcing while we were here is really driving out of. >> When I came out of re:Invent, when you do these events, you get this Kool-Aid injection and after a while you're like hm, what did I learn? And one of the things that struck me in talking to people is you've got the shared responsibility model that the cloud has sort of created and I know there's complexities across cloud but let's just keep it at cloud generically for a moment. And then you've got the CISO, the AppDev, AppSecDev group is being asked to do a lot. They're kind of being dragged into security that's really not their wheelhouse and then you've got audit which is like the last line of defense. And so one of the things that struck me at re:Inforce is like, okay, Amazon, great job for their portion of the shared responsibility model but I didn't hear a lot in terms of making the CISO's life easier and I'm guessing that's where you guys come in. I wonder if you could talk about that trend, that conceptual layers that I just laid out and where you guys fit. >> Mike: Sure, so I think first and foremost, I always go back to a quote from, I think it's attributed to Peter Drucker, whether that's right or wrong, who knows? But culture eats strategy for breakfast, right? And I think what we've seen in our conversations with whether you're talking to the CISO, the application team, the AppDev team, wherever throughout the organization, we really see that culture is what's going to drive success or failure of security in the org, and so what we do is we really do bring that totality of perspective. We're not just cloud, not just security, not just AppDev. We can really bring across the totality of the Capgemini estate. So that when we go, and you're right, a CISO says, I'm having a hard time getting the app people to deliver what I need. If you just come from a security perspective, you're right, that's what's going to happen. So what we try to do is so, we've got a great DevSecOps service, for example in the cloud where we do that. We bring all the perspectives together, how do we align KPIs? That's a big problem, I think, for what you're seeing, making CISO's lives easier, is about making sure that the app team KPIs are aligned with the CISO's but also the CISO's KPIs are aligned with the app teams. And by doing that, we have had really great success in a number of organizations by giving them the tools then and the people on our side to be able to make those alignments at the business level, to drive the right business outcome, to drive the right security outcome, the right application outcome. That's where I think we've really come to play. >> Absolutely, and I will say from a partnering perspective, what's key in supporting that strategy is we will learn from our partners, we lean on our partners to understand what the trends they're seeing and where they're having an impact with regards to supporting the CISO and supporting the overall security strategy within a company. I mean, they're on the cutting edge. We do a lot to track their technology roadmaps. We do a lot to track how they build their buyer personas and what issues they're dealing with and what issues they're prepared to deal with regards to where they're investing and who's investing in them. A lot of strategy around which partner to bring in and support, how we're going to address the challenges, the CISO and the IT teams are having to kind of support that overall. Security is a part of everything, DNA kind of strategy. >> Yeah, do you have a favorite example, Anne, of a partner that came in with Capgemini, helped a customer really be able to do what Capgemini is doing and that is, have cybersecurity be actually part of their DNA when there's so many challenges, the skills gap. Any favorite example that really you think articulates how you're able to enable organizations to achieve just that? >> Anne: Well, actually the SOC Essentials offering that we're rolling out is a prime example of that. I mean, we work very, very closely with Trend on all fronts with regards to developing it. It's one of those completely collaborative from day one to going to the customer and that it's almost that seamless connectivity and just partnering at such a strategic level is a great example of how it's done right, and when it's done right, how successful it can be. >> Dave: Why Trend Micro? Because I mean, I'm sure you've seen, I think that's Optiv, has the eye test with all the tools and you talk to CISOs, they're like really trying to consolidate those tools. So I presume there's a portfolio play there, but tell us, tell the audience a little bit more about why Trend Micro and I mean your branding with them, why those guys? >> Well, it goes towards the technology, of course, and all the development they've done and their position within AWS and how they address assuring security for our clients who are moving onto and running their estates on AWS. There's such a long heritage with regards to their technology platform and what they've developed, that deep experience, that kind of the strength of the technology because of the longevity they've had and where they sit within their domain. I try to call partners out by their domain and their area of expertise is part of the reason, I mean. >> Yeah, I think another big part of it is Gartner is expecting, I think they published this out in the next three years, we expect to see another consolidation both inside of the enterprises as well as, I look back a couple years, when Palo Alto went on a very nice spending spree, right? And put together a lot of really great companies that built their Prisma platform. So what I think one of the reasons we picked Trend in this particular case is as we look forward for our customers and our clients, not just having point solutions, right? This isn't just about endpoint protection, this isn't just about security posture management. This is really who can take the totality of the customer's problems and deliver on the right outcomes from a single platform, and so when we look at companies like Trend, like Palo, some of the bigger partners for us, that's where we try to focus. They're definitely best in breed and we bring those to our customers too for certain things. But as we look to the future, I think really finding those partners that are going to be able to solve a swath of problems at the right price point for their customers, that is where I think we see the industry moving. >> Dave: And maybe be around as an independent company. Was that a factor as well? I mean, you see Thoma Bravo buying up all his hiring companies and right, so, and maybe they're trying to create something that could be competitive, but you're saying Trend Micros there, so. >> Well I think as Anne mentioned, the 30 year heritage, I think, of Trend Micro really driving this and I've done work with them in various past things. There's also a big part of just the people you like, the people that are good to work with, that are really trying to be customer obsessed, going back right, at an AWS event, the ones that get the cloud tend to be able to follow those Amazon LPs as well, right, just kind of naturally, and so I think when you look at the Trend Micros of the world, that's where that kind of cloud native piece comes out and I like working with that. >> In this environment, the macro environment, lets talk a bit, earning season, it's really mixed. I mean you're seeing some really good earnings, some mixed earnings, some good earnings with cautious guidance. So nobody really (indistinct), and it was for a period time there was a thinking that security was non-discretionary and it's clearly non-discretionary, but the CISO, she or he, doesn't have unlimited budgets, right? So what are you seeing in terms of how are customers dealing with this challenging macro environment? Is it through tools consolidation? Is that a play that's going on? What are you seeing in the customer base? >> Anne: I see ways, and we're working through this right now where we're actually weaving cybersecurity in at the very beginning of how we're designing offers across our entire offer portfolio, not just the cybersecurity business. So taking that approach in the long run will help contain costs and our hope, and we're already seeing it, is it's actually helping change the perception that security's that cost center and that final obstacle you have to get over and it's going to throw your margins off and all that sort of stuff. >> Dave: I like that, its at least is like a security cover charge. You're not getting in unless we do the security thing. >> Exactly, a security cover charge, that's what you should call it. >> Yeah. >> Like it. >> Another piece though, you mentioned earlier about making CISO's life easier, right? And I think, as Anne did a really absolutely true about building it in, not to the security stack but application developers, they want visibility they want observability, they want to do it right. They want CI/CD pipeline that can give them confidence in their security. So should the CISO have a budget issue, right? And they can't necessarily afford, but the application team as they're looking at what products they want to purchase, can I get a SaaS or a DaaS, right? The static or dynamic application security testing in my product up front and if the app team buys into that methodology, the CISO convinces them, yes, this is important. Now I've got two budgets to pull from, and in the end I end up with a cheaper, a lower cost of a service. So I think that's another way that we see with like DevSecOps and a few other services, that building in on day one that you mentioned. >> Lisa: Yeah. >> Getting both teams involved. >> Dave: That's interesting, Mike, because that's the alignment that you were talking about earlier in the KPIs and you're not a tech vendor saying, buy my product, you guys have deep consultancy backgrounds. >> Anne: And the customer appreciates that. >> Yeah. >> Anne: They see us as looking out for their best interest when we're trying to support them and help them and bringing it to the table at the very beginning as something that is there and we're conscientious of, just helps them in the long run and I think, they're seeing that, they appreciate that. >> Dave: Yeah, you can bring best practice around measurements, alignment, business process, stuff like that. Maybe even some industry expertise which you're not typically going to get from a product company. >> Well, one thing you just mentioned that I love talking about with Capgemini is the industry expertise, right? So when you look at systems integrators, there are a lot of really, really good ones. To say otherwise would be foolish. But Capgemini with our acquisition of Altran, a couple years ago, I think think it was, right? How many other GSIs or SIs are actually building silicon for IoT chips? So IoT's huge right now, the intelligent industry moving forward is going to drive a lot of those business outcomes that people are looking for. Who else can say we've built an autonomous vehicle, Capgemini can. Who can say that we've built the IoT devices from the ground up? We know not just how to integrate them into AWS, into the IoT services in the cloud, but to build and have that secure development for the firmware and all and that's where I think our customers really look to us as being those industry experts and being able to bring that totality of our business to bear for what they need to do to achieve their objectives to deliver to their customer. >> Dave: That's interesting. I mean, using silicon as a differentiator to drive a lot of business outcomes and security. >> Mike: Absolutely. >> I mean you see what Amazon's doing in silicon, Look at Apple. Look at what Tesla's doing with silicon. >> Dave: That's where you're seeing a lot of people start focusing 'cause not everybody can do it. >> Yeah. >> It's hard. >> Right. >> It's hard. >> And you'll see some interesting announcements from us and some interesting information and trends that we'll be driving because of where we're placed and what we have going around security and intelligent industry overall. We have a lot of investment going on there right now and again, from the partner perspective, it's an ecosystem of key partners that collectively work together to kind of create a seamless security posture for an intelligent industry initiative with these companies that we're working with. >> So last question, probably toughest question, and that's to give us a 30 second like elevator pitch or a billboard and I'm going to ask you, Anne, specifically about the SOC Essentials program powered by Trend Micro. Why should organizations look to that? >> Organizations should move to it or work with us on it because we have the expertise, we have the width and breadth to help them fill the gaps, be those eyes, be that team, the police behind it all, so to speak, and be the team behind them to make sure we're giving them the right information they need to actually act effectively on maintaining their security posture. >> Nice and then last question for you, Mike is that billboard, why should organizations in any industry work with Capgemini to help become an intelligent industrial player. >> Mike: Sure, so if you look at our board up top, right, we've got our tagline that says, "get the future you want." And that's what you're going to get with Capgemini. It's not just about selling a service, it's not just about what partners' right in reselling. We don't want that to be why you come to us. You, as a company have a vision and we will help you achieve that vision in a way that nobody else can because of our depth, because of the breadth that we have that's very hard to replicate. >> Awesome guys, that was great answers. Mike, Anne, thank you for spending some time with Dave and me on the program today talking about what's new with Capgemini. We'll be following this space. >> All right, thank you very much. >> For our guests and for Dave Vellante, I'm Lisa Martin, you're watching theCUBE, the leader in live enterprise and emerging tech coverage. (gentle light music)

(upbeat music) >> Good afternoon, fellow cloud nerds, and welcome back to theCUBE's live coverage of AWS re:Invent, here in a fabulous Sin City, Las Vegas, Nevada. My name is Savannah Peterson, joined by my fabulous co-host, John Furrier. John, how you feeling? >> Great, feeling good Just getting going. Day one of four more, three more days after today. >> Woo! Yeah. >> So much conversation. Talking about business transformation as cloud goes next level- >> Hot topic here for sure. >> Next generation. Data's classic is still around, but the next gen cloud's here, it's changing the game. Lot more AI, machine learning, a lot more business value. I think it's going to be exciting. Next segment's going to be awesome. >> It feels like one of those years where there's just a ton of momentum. I don't think it's just because we're back in person at scale, you can see the literally thousands of people behind us while we're here on set conducting these interviews. Our bold and brave guests, just like the two we have here, combating the noise, the libations, and everything else going on on the show floor. Please help me welcome Mike from Science Logic and Ajay from Zebrium. Gentlemen, welcome to the show floor. >> Thank you. >> Thank you Savannah. It's great to be here. >> How you feeling? Are you feeling the buzz, Mike? Feeling the energy? >> It's tough to not feel and hear the buzz, Savannah >> Savannah: Yeah. (all laughing) >> John: Can you hear me? >> Savannah: Yeah, yeah, yeah. Can you hear me now? What about you, Ajay? How's it feel to be here? >> Yeah, this is high energy. I'm really happy it's bounced back from COVID. I was a little concerned about attendance. This is hopping. >> Yeah, I feel it. It just, you can definitely feel the energy, the sense of community. We're all here for the right reasons. So I know that, I want to set the stage for everyone watching, Zebrium was recently acquired by Science Logic. Mike, can you tell us a little bit about that and what it means for the company? >> Mike: Sure, sure. Well, first of all, science logic, as you may know, has been in the monitoring space for a long time now, and what- >> Savannah: 20 years I believe. >> Yeah. >> Savannah: Just about. >> And what we've seen is a shift from kind of monitoring infrastructure, to monitoring these increasingly complex modern cloud native applications, right? And so this is part of a journey that we've been on at Science Logic to really modernize how enterprises of all sizes manage their IT estate. Okay? So, managing, now workloads that are increasingly in the public cloud, outside the four walls of the enterprise, workloads that are increasingly complex. They're microservices based, they're container based. >> Mhmm. >> Mike: And the rate of change, just because of things like CICD, and agile development has also increased the complexity in the typical IT environment. So all these things have conspired to make the traditional tools and processes of managing IT and IT applications much more difficult. They just don't scale. One of the things that we've seen recently, Savannah is this shift in sort of moving to cloud native applications, right? >> Huge shift. >> Mike: Today it only incorporates about roughly 25% of the typical IT portfolio, but most of the projections we've seen indicate that that's going to invert in about three years. 75% of applications will be what I call cloud native. And so this really requires different technologies to understand what's going on with those applications. And so Zebrium interested us when we were looking at partners at the beginning of this year as they have a super innovative approach to understanding really what's going on with any cloud native application. And they really distill, they separate the complexity out of the equation and they used machine learning to tremendous effect to rapidly understand the root cause of an application failure. And so I was introduced to Ajay, beginning of this year, actually. It feels like it's been a long time now. But we've been on this journey together throughout 2022, and we're thrilled to have Zebrium now, part of the Science Logic family. >> Ajay, Zebrium saves people a lot of time. Obviously, I've worked with developers and seen that struggle when things break, shortening that time to recovery and understanding is so critical. Can you tell us a little bit about what's under the hood and how the ML works to make that happen? >> Ajay: Yeah. So the goal is to figure out not just that something went wrong, but what went wrong. >> Savannah: Right. >> And we took, you know, based on a couple of decades of experience from my co-founders- >> Savannah: Casual couple of decades, came into went into this product just to call that out. Yeah, great. >> Exactly. It took some general learnings about the nature of software and when software breaks, what tends to happen, you tend to see unusual things happen, and they lead to bad things happening. It's very simple. >> Yes. >> It turns out- >> Savannah: Mutations lead to bad things happening, generally speaking. >> So what Zebrium's really good at is identifying those rare things accurately and then figuring out how they connect, or correlate to the bad things, the errors, the warnings, the alerts. So the machine learning has many stages to it, but at its heart it's classifying the event, catalog of any application stack, figuring out what's rare, and when things start to break it's telling you this cluster of events is both unusual, and unlikely to be random, and it's very likely the root cause report for the problem you're trying to solve. We then added some nice enhancements, such as correlation with knowledge spaces in, on the public internet. If someone's ever solved that problem before, we're able to find a match, and pull that back into our platform. But the at the heart, it was a technology that can find rare events and find the connections with other events. >> John: Yeah, and this is the theme of re:Invent this year, data, the role of data, solving end-to-end complexities. One, you mentioned that. Two, I think the Mike, your point about developers and the CICD pipeline is where DevOps is. That is what IT now is. So, if you take digital transformation to its conclusion, or its path and continue it, IT is DevOps. So the developers are actually doing the IT in their coding, hence the shift to autonomous IT. >> Mike: Right, right. Now, those other functions at IT used to be a department, not anymore, or they still are, so, but they'll go away, is security and data teams. You're starting to see the formation of- >> Mike: Yep. >> New replacements to IT as a function to support the developers who are building the applications that will be the company. >> That's right. Yeah. >> John: I mean that's, and do you agree with that statement? >> Yeah, I really do. And you know, collectively independent of whether it's like traditional IT, or it's DevOps, or whatever it is, the enterprise as a whole needs to understand how the infrastructure is deployed, the health of that infrastructure, and more importantly the applications that are hosted in the infrastructure. How are they doing? What's the health? And what we are seeing, and what we're trying to facilitate at Science Logic is really changed the lens of IT, from being low level compute, storage, and networking, to looking at everything through a services lens, looking at the services being delivered by IT, back to the business, and understanding things through a services lens. And Zebrium really compliments that mission that we've been on, by providing, cause a lot of cases, service equal equal application, and they can provide that kind of very real time view of service health in, you know, kind of the IT- >> And automation is beautiful there too, because, as you get into some of the scale- >> Yeah >> Ajay's. understanding how to do this fast is a key component. >> Yeah. So scale, you, you've pinpointed one of the dimensions that makes AI really important when it comes to troubleshooting. The humans just can't scale as fast as data, nor can they keep up with complexity of modern applications. And the third element that we feel is really important is the velocity with which people are now rolling out changes. People develop new features within hours, push them out to production. And in a world like that, the human has just no ability or time to understand what's normal, what's bad, to update their alert rules. And you need a machine, or an AI technology, to go help you with that. And that's basically what we're about. >> So this is where AI Ops comes in, right? Perfectly. Yeah. >> Yeah. You know, and John started to allude to it earlier, but having the insight on what's going on, we believe is only half of the equation, right? Once you understand what's going on, you naturally want to take action to remediate it or optimize it. And we believe automation should not be an exercise that's left to the reader. >> Yeah. >> As a lot of traditional platforms have done. Instead, we have a very robust, no-code, low-code automation built into our platform that allows you to take action in context with what you're seeing right then and there with the service. >> John: Yeah. Essentially monitoring, a term you use observability, some used as a fancy word today, is critical in all operating environments. So if we, if we kind of holistically, hey we're a distributed computing system, aka cloud, you got to track stuff at scale and you got to understand what it, what the impact is from a systems perspective. There's consequences to understanding what goes wrong. So as you look at that, what's the challenge for customers to do that? Because that seems to be the hard part as they lift and shift to the cloud, run their apps on the cloud, now they got to go take it to the next level, which is more developer velocity, faster productivity, and secure. >> Yeah. >> I mean, that seems to be the table stakes now. >> Yeah. >> How are companies forming around that? Are they there yet? Are they halfway there? Are they, where are they in the progression of, one, are they changing? And if so- >> Yeah that's a great question. I mean, I think whether it's an IT use case or a security use case, you can't manage what you don't know about. So visibility, discoverability, understanding what's going on, in a lot of ways that's the really hard problem to solve. And traditionally, we've approached that by like, harvesting data off of all these machines and devices in the infrastructure. But as we've seen with Zebrium and with related machine learning technologies, there's multiple ways of gaining insight as to what's going on. Once you have the insight be it an IT issue, like a service outage, or a security vulnerability, then you can take action. And the idea is you want to make that action as seamless as possible. But I think to answer your question, John, enterprises are still kind of getting their heads around how can we break down all the silos that have built up over the last decade or two, internally, and get visibility across the estate that really matters. And I think that's the real challenge. >> And I mean, and, at the velocity that applications are growing, just looking at our notes here, number of applications scaling from 64 million in 2017 to 147 million in 2021. That goes to what you were talking about, even with those other metrics earlier, 582 million by 2026 is what Morgan Stanley predicts. So, not only do we need to get out of silos we need to be able to see everything all the time, all at once, from the past legacy, as well as as we extend at scale. How are you thinking about that, Ajay? You're now with a big partner as an umbrella. What's next for you all? How, how are you going to help people solve problems faster? >> Yeah, so one of the attractions to the Zebrium team about Science Logic, aside from the team, and the culture, was the product portfolio was so complimentary. As Mike mentioned, you need visibility, you need mapping from low level building blocks to business services. And the end, at the end of the spectrum, once you know something's wrong you need to be able to take action automatically. And again, Science Logic has a very strong product, set of product capabilities and automated actions. What we bring to the table is the middle layer, which is from visibility, understanding what went wrong, figuring out the root cause. So to us, it was really exciting to be a very nice tuck in into this broader platform where we helped complete the story. >> Savannah: Yeah, that's, that's exciting. >> John: Should we do the Insta challenge? >> I was just getting ready to do that. You go for it John. You go ahead and kick it off. >> So we have this little tradition now, Instagram real, short and sweet. If you were going to see yourself on Instagram, what would be the Instagram reel of why this year's re:Invent is so important, and why people should pay attention to what's going on right now in the industry, or your company? >> Well, I think partly what Ajay was saying it's good to be back, right? So seeing just the energy and being back in 3D, you know en mass, is awesome again. It really is. >> Yeah. >> Mike: But, you know, I think this is where it's happening. We are at an inflection point of our industry and we're seeing a sea change in the way that applications and software delivered to businesses, to enterprises. And it's happening right here. This is the nexus of it. And so we're thrilled to be here as a part of all this, and excited about the future. >> All right, Ajay- >> Well done. He passes >> Your Instagram reel. >> Knowing what's happening in the broader economy, in the business context, it's, it feels even more important that companies like us are working on technologies that empower the same number of people to do more. Because it may not be realistic to just add on more headcount given what's going on in the world. But your deliverables and your roadmaps aren't slowing down. So, still the same amount of complexity, the same growth rates, but you're going to have to deal with all of that with fewer resources and be smarter about it. So, the approaches we're taking feel very much off the moment, you know, given what's going on in the real world. >> I love it. I love it. I've got, I've got kind of a finger to the wind, potentially hardball question for you here to close it out. But, given that you both have your finger really on the pulse right here, what percentage of current IT operations do you think will eventually be automated by AI and ML? Or AI ops? >> Well, I think a large percentage of traditional IT operations, and I'm talking about, you know, network operating center type of, you know, checking heartbeat monitors of compute storage and networking health. I think a lot of those things are going to be automated, right? Machine learning, just because of the scale. You can't scale, you can't hire enough NOC engineers to scale that kind of complexity. But I think IT talents, and what they're going to be focusing on is going shift, and they're going to be focusing on different parts. And I believe a lot of IT is going to be a much more of an enabler for the business, versus just managing things when they go wrong. So that's- >> All right. >> That's what I believe is part of the change. >> That's your, all right Ajay what about your hot take? >> Knowing how error-prone predictions are, (all laughing) I'll caveat my with- >> Savannah: We're allowing for human error here. >> I could be wildly wrong, but if I had to guess, you know, in 10 years you know, as much as 50% of the tasks will be automated. >> Mike: Oh, you- >> I love it. >> Mike: You threw a number out there. >> I love it. I love that he put his finger out- >> You got to see, you got to say the matrix. We're all going to be part of the matrix. >> Well, you know- >> And Star Trek- >> Skynet >> We can only turn back to this footage in a few years and quote you exactly when you have the, you know Mackenzie Research or the Morgan Stanley research that we've been mentioning here tonight and say that you've called it accurately. So I appreciate that. Ajay, it was wonderful to have you here. Congratulations on the acquisition. Thank you. Mike, thank you so much for being here on the Science Logic side, and congratulations to the team on 20 years. That's very exciting. John. Thank you. >> I try, I tried. Thank you. >> You try, you succeed. And thank you to all of our fabulous viewers out there at home. Be sure and tweet us at theCUBE. Say hello, Furrier, Sav is savvy. Let us know what you're thinking of AWS re:Invent where we are live from Las Vegas all week. You're watching theCUBE, the leader in high tech coverage. My name's Savannah Peterson, and we'll see you soon. (upbeat music)

(upbeat music) >> Hey guys, welcome back to the show floor of KubeCon + CloudNativeCon '22 North America from Detroit, Michigan. Lisa Martin here with John Furrier. This is day one, John at theCUBE's coverage. >> CUBE's coverage. >> theCUBE's coverage of KubeCon. Try saying that five times fast. Day one, we have three wall-to-wall days. We've been talking about Kubernetes, containers, adoption, cloud adoption, app modernization all morning. We can't talk about those things without addressing security. >> Yeah, this segment we're going to hear container and Kubernetes security for modern application 'cause the enterprise are moving there. And this segment with Red Hat's going to be important because they are the leader in the enterprise when it comes to open source in Linux. So this is going to be a very fun segment. >> Very fun segment. Two guests from Red Hat join us. Please welcome Doron Caspin, Senior Principal Product Manager at Red Hat. Michael Foster joins us as well, Principal Product Marketing Manager and StackRox Community Lead at Red Hat. Guys, great to have you on the program. >> Thanks for having us. >> Thank you for having us. >> It's awesome. So Michael StackRox acquisition's been about a year. You got some news? >> Yeah, 18 months. >> Unpack that for us. >> It's been 18 months, yeah. So StackRox in 2017, originally we shifted to be the Kubernetes-native security platform. That was our goal, that was our vision. Red Hat obviously saw a lot of powerful, let's say, mission statement in that, and they bought us in 2021. Pre-acquisition we were looking to create a cloud service. Originally we ran on Kubernetes platforms, we had an operator and things like that. Now we are looking to basically bring customers in into our service preview for ACS as a cloud service. That's very exciting. Security conversation is top notch right now. It's an all time high. You can't go with anywhere without talking about security. And specifically in the code, we were talking before we came on camera, the software supply chain is real. It's not just about verification. Where do you guys see the challenges right now? Containers having, even scanning them is not good enough. First of all, you got to scan them and that may not be good enough. Where's the security challenges and where's the opportunity? >> I think a little bit of it is a new way of thinking. The speed of security is actually does make you secure. We want to keep our images up and fresh and updated and we also want to make sure that we're keeping the open source and the different images that we're bringing in secure. Doron, I know you have some things to say about that too. He's been working tirelessly on the cloud service. >> Yeah, I think that one thing, you need to trust your sources. Even if in the open source world, you don't want to copy paste libraries from the web. And most of our customers using third party vendors and getting images from different location, we need to trust our sources and we have a really good, even if you have really good scanning solution, you not always can trust it. You need to have a good solution for that. >> And you guys are having news, you're announcing the Red Hat Advanced Cluster Security Cloud Service. >> Yes. >> What is that? >> So we took StackRox and we took the opportunity to make it as a cloud services so customer can consume the product as a cloud services as a start offering and customer can buy it through for Amazon Marketplace and in the future Azure Marketplace. So customer can use it for the AKS and EKS and AKS and also of course OpenShift. So we are not specifically for OpenShift. We're not just OpenShift. We also provide support for EKS and AKS. So we provided the capability to secure the whole cloud posture. We know customer are not only OpenShift or not only EKS. We have both. We have free cloud or full cloud. So we have open. >> So it's not just OpenShift, it's Kubernetes, environments, all together. >> Doron: All together, yeah. >> Lisa: Meeting customers where they are. >> Yeah, exactly. And we focus on, we are not trying to boil the ocean or solve the whole cloud security posture. We try to solve the Kubernetes security cluster. It's very unique and very need unique solution for that. It's not just added value in our cloud security solution. We think it's something special for Kubernetes and this is what Red that is aiming to. To solve this issue. >> And the ACS platform really doesn't change at all. It's just how they're consuming it. It's a lot quicker in the cloud. Time to value is right there. As soon as you start up a Kubernetes cluster, you can get started with ACS cloud service and get going really quickly. >> I'm going to ask you guys a very simple question, but I heard it in the bar in the lobby last night. Practitioners talking and they were excited about the Red Hat opportunity. They actually asked a question, where do I go and get some free Red Hat to test some Kubernetes out and run helm or whatever. They want to play around. And do you guys have a program for someone to get start for free? >> Yeah, so the cloud service specifically, we're going to service preview. So if people sign up, they'll be able to test it out and give us feedback. That's what we're looking for. >> John: Is that a Sandbox or is that going to be in the cloud? >> They can run it in their own environment. So they can sign up. >> John: Free. >> Doron: Yeah, free. >> For the service preview. All we're asking for is for customer feedback. And I know it's actually getting busy there. It's starting December. So the quicker people are, the better. >> So my friend at the lobby I was talking to, I told you it was free. I gave you the sandbox, but check out your cloud too. >> And we also have the open source version so you can download it and use it. >> Yeah, people want to know how to get involved. I'm getting a lot more folks coming to Red Hat from the open source side that want to get their feet wet. That's been a lot of people rarely interested. That's a real testament to the product leadership. Congratulations. >> Yeah, thank you. >> So what are the key challenges that you have on your roadmap right now? You got the products out there, what's the current stake? Can you scope the adoption? Can you share where we're at? What people are doing specifically and the real challenges? >> I think one of the biggest challenges is talking with customers with a slightly, I don't want to say outdated, but an older approach to security. You hear things like malware pop up and it's like, well, really what we should be doing is keeping things into low and medium vulnerabilities, looking at the configuration, managing risk accordingly. Having disparate security tools or different teams doing various things, it's really hard to get a security picture of what's going on in the cluster. That's some of the biggest challenges that we talk with customers about. >> And in terms of resolving those challenges, you mentioned malware, we talk about ransomware. It's a household word these days. It's no longer, are we going to get hit? It's when? It's what's the severity? It's how often? How are you guys helping customers to dial down some of the risk that's inherent and only growing these days? >> Yeah, risk, it's a tough word to generalize, but our whole goal is to give you as much security information in a way that's consumable so that you can evaluate your risk, set policies, and then enforce them early on in the cluster or early on in the development pipeline so that your developers get the security information they need, hopefully asynchronously. That's the best way to do it. It's nice and quick, but yeah. I don't know if Doron you want to add to that? >> Yeah, so I think, yeah, we know that ransomware, again, it's a big world for everyone and we understand the area of the boundaries where we want to, what we want to protect. And we think it's about policies and where we enforce it. So, and if you can enforce it on, we know that as we discussed before that you can scan the image, but we never know what is in it until you really run it. So one of the thing that we we provide is runtime scanning. So you can scan and you can have policy in runtime. So enforce things in runtime. But even if one image got in a way and get to your cluster and run on somewhere, we can stop it in runtime. >> Yeah. And even with the runtime enforcement, the biggest thing we have to educate customers on is that's the last-ditch effort. We want to get these security controls as early as possible. That's where the value's going to be. So we don't want to be blocking things from getting to staging six weeks after developers have been working on a project. >> I want to get you guys thoughts on developer productivity. Had Docker CEO on earlier and since then I had a couple people messaging me. Love the vision of Docker, but Docker Hub has some legacy and it might not, has does something kind of adoption that some people think it does. Are people moving 'cause there times they want to have these their own places? No one place or maybe there is, or how do you guys see the movement of say Docker Hub to just using containers? I don't need to be Docker Hub. What's the vis-a-vis competition? >> I mean working with open source with Red Hat, you have to meet the developers where they are. If your tool isn't cutting it for developers, they're going to find a new tool and really they're the engine, the growth engine of a lot of these technologies. So again, if Docker, I don't want to speak about Docker or what they're doing specifically, but I know that they pretty much kicked off the container revolution and got this whole thing started. >> A lot of people are using your environment too. We're hearing a lot of uptake on the Red Hat side too. So, this is open source help, it all sorts stuff out in the end, like you said, but you guys are getting a lot of traction there. Can you share what's happening there? >> I think one of the biggest things from a developer experience that I've seen is the universal base image that people are using. I can speak from a security standpoint, it's awesome that you have a base image where you can make one change or one issue and it can impact a lot of different applications. That's one of the big benefits that I see in adoption. >> What are some of the business, I'm curious what some of the business outcomes are. You talked about faster time to value obviously being able to get security shifted left and from a control perspective. but what are some of the, if I'm a business, if I'm a telco or a healthcare organization or a financial organization, what are some of the top line benefits that this can bubble up to impact? >> I mean for me, with those two providers, compliance is a massive one. And just having an overall look at what's going on in your clusters, in your environments so that when audit time comes, you're prepared. You can get through that extremely quickly. And then as well, when something inevitably does happen, you can get a good image of all of like, let's say a Log4Shell happens, you know exactly what clusters are affected. The triage time is a lot quicker. Developers can get back to developing and then yeah, you can get through it. >> One thing that we see that customers compliance is huge. >> Yes. And we don't want to, the old way was that, okay, I will provision a cluster and I will do scans and find things, but I need to do for PCI DSS for example. Today the customer want to provision in advance a PCI DSS cluster. So you need to do the compliance before you provision the cluster and make all the configuration already baked for PCI DSS or HIPAA compliance or FedRAMP. And this is where we try to use our compliance, we have tools for compliance today on OpenShift and other clusters and other distribution, but you can do this in advance before you even provision the cluster. And we also have tools to enforce it after that, after your provision, but you have to do it again before and after to make it more feasible. >> Advanced cluster management and the compliance operator really help with that. That's why OpenShift Platform Plus as a bundle is so popular. Just being able to know that when a cluster gets provision, it's going to be in compliance with whatever the healthcare provider is using. And then you can automatically have ACS as well pop up so you know exactly what applications are running, you know it's in compliance. I mean that's the speed. >> You mentioned the word operator, I get triggering word now for me because operator role is changing significantly on this next wave coming because of the automation. They're operating, but they're also devs too. They're developing and composing. It's almost like a dashboard, Lego blocks. The operator's not just manually racking and stacking like the old days, I'm oversimplifying it, but the new operators running stuff, they got observability, they got coding, their servicing policy. There's a lot going on. There's a lot of knobs. Is it going to get simpler? How do you guys see the org structures changing to fill the gap on what should be a very simple, turn some knobs, operate at scale? >> Well, when StackRox originally got acquired, one of the first things we did was put ACS into an operator and it actually made the application life cycle so much easier. It was very easy in the console to go and say, Hey yeah, I want ACS my cluster, click it. It would get provisioned. New clusters would get provisioned automatically. So underneath it might get more complicated. But in terms of the application lifecycle, operators make things so much easier. >> And of course I saw, I was lucky enough with Lisa to see Project Wisdom in AnsibleFest. You going to say, Hey, Red Hat, spin up the clusters and just magically will be voice activated. Starting to see AI come in. So again, operations operator is got to dev vibe and an SRE vibe, but it's not that direct. Something's happening there. We're trying to put our finger on. What do you guys think is happening? What's the real? What's the action? What's transforming? >> That's a good question. I think in general, things just move to the developers all the time. I mean, we talk about shift left security, everything's always going that way. Developers how they're handing everything. I'm not sure exactly. Doron, do you have any thoughts on that. >> Doron, what's your reaction? You can just, it's okay, say what you want. >> So I spoke with one of our customers yesterday and they say that in the last years, we developed tons of code just to operate their infrastructure. That if developers, so five or six years ago when a developer wanted VM, it will take him a week to get a VM because they need all their approval and someone need to actually provision this VM on VMware. And today they automate all the way end-to-end and it take two minutes to get a VM for developer. So operators are becoming developers as you said, and they develop code and they make the infrastructure as code and infrastructure as operator to make it more easy for the business to run. >> And then also if you add in DataOps, AIOps, DataOps, Security Ops, that's the new IT. It seems to be the new IT is the stuff that's scaling, a lot of data's coming in, you got security. So all that's got to be brought in. How do you guys view that into the equation? >> Oh, I mean you become big generalists. I think there's a reason why those cloud security or cloud professional certificates are becoming so popular. You have to know a lot about all the different applications, be able to code it, automate it, like you said, hopefully everything as code. And then it also makes it easy for security tools to come in and look and examine where the vulnerabilities are when those things are as code. So because you're going and developing all this automation, you do become, let's say a generalist. >> We've been hearing on theCUBE here and we've been hearing the industry, burnout, associated with security professionals and some DataOps because the tsunami of data, tsunami of breaches, a lot of engineers getting called in the middle of the night. So that's not automated. So this got to get solved quickly, scaled up quickly. >> Yes. There's two part question there. I think in terms of the burnout aspect, you better send some love to your security team because they only get called when things get broken and when they're doing a great job you never hear about them. So I think that's one of the things, it's a thankless profession. From the second part, if you have the right tools in place so that when something does hit the fan and does break, then you can make an automated or a specific decision upstream to change that, then things become easy. It's when the tools aren't in place and you have desperate environments so that when a Log4Shell or something like that comes in, you're scrambling trying to figure out what clusters are where and where you're impacted. >> Point of attack, remediate fast. That seems to be the new move. >> Yeah. And you do need to know exactly what's going on in your clusters and how to remediate it quickly, how to get the most impact with one change. >> And that makes sense. The service area is expanding. More things are being pushed. So things will, whether it's a zero day vulnerability or just attack. >> Just mix, yeah. Customer automate their all of things, but it's good and bad. Some customer told us they, I think Spotify lost the whole a full zone because of one mistake of a customer because they automate everything and you make one mistake. >> It scale the failure really. >> Exactly. Scaled the failure really fast. >> That was actually few contact I think four years ago. They talked about it. It was a great learning experience. >> It worked double edge sword there. >> Yeah. So definitely we need to, again, scale automation, test automation way too, you need to hold the drills around data. >> Yeah, you have to know the impact. There's a lot of talk in the security space about what you can and can't automate. And by default when you install ACS, everything is non-enforced. You have to have an admission control. >> How are you guys seeing your customers? Obviously Red Hat's got a great customer base. How are they adopting to the managed service wave that's coming? People are liking the managed services now because they maybe have skills gap issues. So managed service is becoming a big part of the portfolio. What's your guys' take on the managed services piece? >> It's just time to value. You're developing a new application, you need to get it out there quick. If somebody, your competitor gets out there a month before you do, that's a huge market advantage. >> So you care how you got there. >> Exactly. And so we've had so much Kubernetes expertise over the last 10 or so, 10 plus year or well, Kubernetes for seven plus years at Red Hat, that why wouldn't you leverage that knowledge internally so you can get your application. >> Why change your toolchain and your workflows go faster and take advantage of the managed service because it's just about getting from point A to point B. >> Exactly. >> Well, in time to value is, you mentioned that it's not a trivial term, it's not a marketing term. There's a lot of impact that can be made. Organizations that can move faster, that can iterate faster, develop what their customers are looking for so that they have that competitive advantage. It's definitely not something that's trivial. >> Yeah. And working in marketing, whenever you get that new feature out and I can go and chat about it online, it's always awesome. You always get customers interests. >> Pushing new code, being secure. What's next for you guys? What's on the agenda? What's around the corner? We'll see a lot of Red Hat at re:Invent. Obviously your relationship with AWS as strong as a company. Multi-cloud is here. Supercloud as we've been saying. Supercloud is a thing. What's next for you guys? >> So we launch the cloud services and the idea that we will get feedback from customers. We are not going GA. We're not going to sell it for now. We want to get customers, we want to get feedback to make the product as best what we can sell and best we can give for our customers and get feedback. And when we go GA and we start selling this product, we will get the best product in the market. So this is our goal. We want to get the customer in the loop and get as much as feedback as we can. And also we working very closely with our customers, our existing customers to announce the product to add more and more features what the customer needs. It's all about supply chain. I don't like it, but we have to say, it's all about making things more automated and make things more easy for our customer to use to have security in the Kubernetes environment. >> So where can your customers go? Clearly, you've made a big impact on our viewers with your conversation today. Where are they going to be able to go to get their hands on the release? >> So you can find it on online. We have a website to sign up for this program. It's on my blog. We have a blog out there for ACS cloud services. You can just go there, sign up, and we will contact the customer. >> Yeah. And there's another way, if you ever want to get your hands on it and you can do it for free, Open Source StackRox. The product is open source completely. And I would love feedback in Slack channel. It's one of the, we also get a ton of feedback from people who aren't actually paying customers and they contribute upstream. So that's an awesome way to get started. But like you said, you go to, if you search ACS cloud service and service preview. Don't have to be a Red Hat customer. Just if you're running a CNCF compliant Kubernetes version. we'd love to hear from you. >> All open source, all out in the open. >> Yep. >> Getting it available to the customers, the non-customers, they hopefully pending customers. Guys, thank you so much for joining John and me talking about the new release, the evolution of StackRox in the last season of 18 months. Lot of good stuff here. I think you've done a great job of getting the audience excited about what you're releasing. Thank you for your time. >> Thank you. >> Thank you. >> For our guest and for John Furrier, Lisa Martin here in Detroit, KubeCon + CloudNativeCon North America. Coming to you live, we'll be back with our next guest in just a minute. (gentle music)

(soft music) >> Hey, welcome back to theCUBE's coverage from Miami of IFS Unleashed 2022, Lisa Martin here with you. We've had great conversations today with IFS execs, customers, partners. Our ecosystem is quite robust and quite strong. And we've had some alumni on, I've got another alumni who's back with me, Michael Ouissi, the group's COO of IFS. Michael, welcome back to theCUBE. >> Thanks for having us, my pleasure. >> It's great to be back in-person. >> Absolutely. >> It was great to walk into the keynote this morning and see a full room. I was talking with Darren Roos, your CEO earlier this morning and I said, it must have felt great to walk out on stage and actually see a sea of people and customers and partners who want to engage and get that relationship with IFS just turbocharged. >> Absolutely, I mean, it's been three years, we haven't had this buzz, this energy, and the opportunity to actually see all our customers and also show our customers who we are, how we are evolving and how we're becoming a different company over the past four years. >> And it's impressive what IFS has done in that timeframe. All the conversations I've had today, really reflect the strategy, the strong strategy and vision that this company has. But I was looking at some of the financials and saw that your first half of 2022, which ended in June, there was tremendous growth. ARR up 33%, I think they're recurring revenue is in the 70 percentile now. Lot of new customers, a lot of of trust that existing customers are showing to the company. >> Yeah, absolutely. Look, and I think the secret sauce is that we have focused on where our strengths are, we haven't gone astray, we haven't tried to actually capture growth in any other vertical. We are really very religious about where we're going and there, where we are going, we are going deep and we really are trying to be the best version of ourselves for our customers and for those customers' business transformation needs. >> Talk a little bit about that vertical specialization. It's something that we don't see very often but throughout all of my conversations today with your executives, IFS executives, with customers, with partners, that domain expertise, really the granularity of the domain expertise is really resonant that IFS has achieved that in those five key verticals in which you have such specialization. >> Yeah, look, I mean, I would love to take credit for having been the person who has done that, but IFS has over the past 35 years, really had this very strong focus. But what actually was important when you try to double a business in the space of four years, not to be tempted to go away from that but actually double down on exactly that and see the opportunity in those verticals and make sure that our customers actually are getting the attention and the functionality they deserve. >> Let's talk about customers. Over 10,000 customers right now. I was also in the keynote this morning where Christian Peterson was sharing that, in its first 18 months, IFS Cloud has over 400,000 users. So the growth is tremendous. The customer loyalty is ostensible in those verticals. Talk about customers and their influence on the company, the direction the technology goes, the evolution, that kind of stuff. >> Yeah, I mean, look, as I said, we are all about the depth of the functionality and that means that we need to listen to our customers, We need to listen what's going on in the industries. We also need to not just listen but we need to think forward. >> Yeah. >> We need to have some thought leadership on what we think is going to emerge and then test that with our customers again. So our customers are at the core of everything we do. When we engage with a customer, we start with trying to understand their business in depth. We've got our own methodology around that and we don't just try to push technology onto them, but we are trying to understand what are their business drivers and then actually try to apply technology to what enables them to deliver on those business transformation objectives they've got. >> What are some of the changes or the waves that you've seen, especially the last couple of years during the pandemic when we saw so many customers pivot, we need to transform digitally to stay alive, and then those that did that well enough to be competitive and to thrive, talk to me about some of the changes as the group's COO that you've seen. >> Yeah, so when you go back, I mean, there's two types of transformation, business and digital transformation but they are the same thing, they're just a different side of the coin. And when I talk about business transformation, what we're seeing a lot is, and there's this big buzzword overtization out there, but customers going service and customers trying to build an end to end business that is more viable, more sustainable, more successful in how they develop great moments of service for their customers, that is something we are seeing a lot. And during this business transformation, digital transformation has become a means to that end. And that is something where customers have matured a lot, where in the past we have seen a lot of the IOT, AI, machine learning, cloud, everything was a means or a purpose in itself and that has changed. It's now become actually a means to an end. It's become a means to actually deliver a business transformation and a business outcome that is meaningful for their customers. >> Has to be meaningful for their customers. I love how IFS talks about enabling your customers to deliver those moments of service. And when we think of, in our consumer lives, many of us flew here, and you think about what's the moment of service for an airline? Well, it's being able to get on that plan on time, have it leave on time and meet my expectations as a demanding consumer. But regardless if we're talking about aerospace, energy, manufacturing, engineering, the customers on the other end expect to have an integrated seamless experience that's not fragmented, that is able to deliver moments of service that then help drive up their revenue. So what IFS is doing is so embedded in what your customers are able to deliver to their customers. >> Yeah, absolutely. And look, if you look at all the things that have to come together to actually have a plane taken off at the right point in time or if you take any other examples, but there's so many things that need to go right. Crew scheduling, you need to have the right crew at the right point in time. You need to have them actually with the right experience to fly the right plane. You need to have airplane maintenance going right to have the plane available at the right point in time and no technical failures and so on and so forth. And we look at that as between customers, the people, and the assets that an organization has, you need to coordinate between all those dimensions in everything you do to make sure that this one moment of service where your plane takes off on time, you actually catch your connecting flight at the other end, that this actually is being delivered. And that's what drives us, that's what customers are driving into our product development, into how we embed AI, machine learning and so on in our technology to make it relevant to exactly that moment of service. >> That's what we as those consumers want. We want relevance, we want personalization, we want that relationship to know who we are and how to serve us best. Let's dig into the Jotun case study. He was going to join us, our CEO was going to join us, couldn't make it. Talk to me a little bit about Jotun, what type of business is it and then let's kind of start unpacking how they're leveraging IFS technology. >> Yeah, so Jotun is the seventh largest paints and coatings manufacturer in the world. And they've got obviously a home decoration part of the business, but they've got an industrial part of the business where one large part of the business is also a marines part. So they actually provide paints, coating, for all sorts of large ships and it's quite astonishing what you learn about that customer. I mean, we are now partnering with them for more than 20 years, so we are very intimate with that customer obviously. But when you see all of a sudden, three, four years ago, they started going onto a journey where they looked at apart from paint and coating, what actually can I provide to my customer in the marine industry to actually make their business more efficient, to actually make it easier for them to get a ship from A to B in an efficient way, in a timely way and so on. And they developed something called Hull Skating Solutions and those Hull Skating Solutions are integrating all sorts of weather data, all sorts of other data and provide them to the marine companies that actually then help them drive this... Well, actually get this ship in a more efficient way from A to B. And at the same time, also where there's predictions as to when you need to clean that ship, and they've got Hull Skating Solutions, which then actually clean the ship automatically as well. So it's quite an astonishing thing for a paints and coating manufacturer to then think about what do I need to know about my customer's business to provide that additional service to my customer? Great solution and great way of dealing with or delivering that great moment of service to their customers. >> Absolutely, the evolution of that business from paint manufacturing into the marine industry is not a stretch based on how you described it, but it's very innovative. How is IFS enabling them to do that and do it well? >> Well, one, they went on a modernization program for all their factories for all these kinds of things that they need to integrate then deliver to their customers. And we are in the central part in being that agile partner that actually delivers those technology solutions that enable them to, well, first of all think about that service, provide that service to their customers and make sure that they run a very efficient, very integrated version of IFS and can actually harmonize globally to make sure that wherever the customer is, they can deliver on that promise. >> Fantastic, let's talk a little bit about from your team's perspective, the go to market. We talked about the five verticals in which IFS specializes energy, aerospace and defense, engineering, manufacturing and there's one I'm missing. >> Utilities. >> Utilities, of course. >> Yeah. >> In terms of the domain expertise, are there vertical teams that are focused? I imagine that there are, talk to me a little bit about that specialization from that lens. So obviously, I mean, there are so many dimensions. There's our sales teams, there's our pre-sales teams, there's our industry teams which actually are working with the customers on receiving their feedback, on actually providing thought leadership and then organizing the feedback loop into our development teams who are providing these solutions then that hopefully our customers will cherish. So we are very specialized in that respect. We are driving the industry specialization. We've got a complete aerospace and defense business unit. We are in the market unit, specializing in the industries where we work in the various different territories with just those industry teams. We've got specialization in the pre-sales teams. So we take that really deep down and very seriously to make sure that whenever we talk to a customer, we also have the understanding and we have also got the curiosity to understand more of the customer's business, and that is something that is part of the IFS DNA. >> It's a differentiating part of IFS' DNA that not only having the domain expertise, and a lot of people talk about, well, we got to meet the customer where they are, wherever they are digitally, wherever they are in business transformation. But you're actually talking the customer's language. >> Yeah. >> By industry, which I would imagine really helps to not only solidify that relationship, but you actually get to really do a double click and get much more tightly connected with the customers and the outcomes that they're wanting to achieve so that those moments of service happen. >> Well, that's so true. And actually this is not just while we are selling to the customers, but it's actually throughout the whole life cycle of this application and the technology in Jotun's case more than two decades. And we've got a lot of customers who are actually that long with us because we don't run away once we've implemented a solution, but we actually stay close to it because first of all, we want to learn from our customers continuously. We want to actually give to our customers also what we are learning outside of the conversations we have with these customers. And we make sure that these customers continuously evolve how they think about their business, how they think about the application of our technology and then in turn, we can actually develop technology again, for their use cases. >> It's a flywheel. >> It's a complete flywheel and that creates loyalty. >> Yeah. >> That actually creates the longstanding relationships we have with many, many of our customers, yeah. >> I was speaking with a number of your executives, Marni Martin was here and we were talking about brand recognition and the loyalty, but that intimate customer knowledge that IFS really works hard to gain with its customers. 'Cause as consumers, we bleed into our business lives and we have very little tolerance, very little patients. I think that was one of the things in COVID that went away. People were just not tolerating this rapid change and we had no choice. But I don't know that patience is going to come back at the level in which we experienced it before COVID. So customers expect businesses and brands to know them and help anticipate what's next for me, how do I get there? And it sounds to me like IFS has really nailed that from a customer relationship perspective. >> As I said, I mean it's really part of our DNA and we try to preserve that culture while we're doubling our business and hopefully, doubling our business in the next three years again, because that is really the secret sauce to being that successful, and not only with our existing customers, but also with the net new customers. And we are driving almost 50% of our revenue, which is very, very much a benchmark in the industry from net new customers that we're winning while we're actually keeping or staying close to our existing customers and try to apply that knowledge to our net new customers. >> Yeah. >> But it's something that we absolutely have to preserve to be as successful as we've been in the past four years, also in the next four years. >> So coming off a great first half in the summer, when I teased Darren, "Any nuggets you want to say?" He said financials for Q3 are coming out in the next couple of weeks. And I said, I imagine that trajectory is up and to the right. >> Yeah. >> What are some of the things, Michael, that excite you for where you've seen this company go in your time there and the rocket ship that it seems to be on today? >> Yeah, look, I mean, what's amazing to me is... And if I look back, I joined four and a half years ago, and only the first one and a half years were under normal circumstances. >> Right. >> The other three years were a major pandemic, now a major war and recession and we've got all sorts of economic and macroeconomic headwinds. And what what impresses me about the company, about our customers, about our employees is the resilience we've got to just carry on with what we're doing. And I mean, I don't give too much away when I say we had a pretty good Q3 as well, and we are looking forward to a really good 2022 as a full year, and there are no excuses that actually the organization makes, it has just taken along. And we are facing the economic headwinds and we are going through that time hugely successful. And I'm very optimistic about the year and about 2023 as much. >> Fantastic, it's kind of hard to believe that calendar year 2023 is literally around the corner. But Michael, it's been great having you on theCUBE. Thank you for coming back, talking about what's going on at IFS from the overall COO's perspective, the customer synergies that IFS has, the work that you do to really get granular in those industries, it's impressive and congratulations on the success. We'll have to have you back next year to talk about what else is new. >> Thank you very much, Lisa. >> All right, my pleasure. >> Thank you. >> For Michael Ouissi, I'm Lisa Martin, you're watching theCUBE's coverage live from Miami on the show floor of IFS Unleashed. We'll be back with our final guest in just a minute. (soft music)

>>Okay. We're back at the area in Las Vegas, Falcon 22. You're watching the cube. My name is Dave Valante. Michael cent is here. He's the chief technology officer at CrowdStrike. Michael. Good to see you. Thanks. Thanks >>For >>Having me. Yeah. So this is your first time I think, on the cube. It is, and, and it's really a pleasure. I've been following you, watching you very closely. You're, you know, quite prominent and, and, you know, very articulate. I loved your keynote talking about what is XDR. I think you guys are gonna do really well in that space, cuz you've got clarity of vision and execution. Talk about some of the announcements that you made this week, particularly interested in, in insight. XDR what's that all about? >>Yeah. So I've been talking about XDR for a while and trying to help push the right narrative. There's a lot of marketing in the industry with XDR. So we've been talking a lot about what it, what it means that the benefit that it provides from a technology perspective, what you need in the architecture. So we firmly believe it's a philosophy and we build all of our technology to work together, but it's bringing in third parties. And that was really a lot of the, the announcements. My keynote was to show everybody the work that we've been doing to bring in data from Zscaler and Proofpoint. And we talked about bringing in data from a whole range of different vendors, firewall vendors, and we've been doing XDR use cases for a long time. So a big part of our strategy is to make security easy. And we've been doing a lot of XDR use cases with our Falcon insight module. So the announcement that I made was to relaunch Falcon insight as insight XDR and it means all of our close to 20,000 customers have access to the product. >>So that gets bundled right in it's like SAS automatically part of the portfolio >>Log off on Friday, come back on Monday and you're good to go. >>And then, and you, you just, you just called out Zscaler and Proofpoint you, I think you also mentioned Palo Alto network, Cisco for net as well. You're pulling in telemetry from, yeah, >>We've got a, we got a long map of, of people that we're integrating with. We talked about Cisco, we talked about for drop and for net, we announced that we're gonna be pulling in telemetry from, from Palo and a range of other vendors, Microsoft and others. And that's what XDR is about. It's about first party and third party integration and making all of the telemetry work together. >>I was talking to George about this yesterday is I think there's a lot of confusion. Sometimes when you have the dogma of cloud native, you know, snowflake, same thing, no, we're not doing OnPrem. This is hybrid. People think that that you're excluding on-prem data, but you're not, you can ingest on-prem data, right? >>We absolutely are not excluding on-prem. We will support and, and secure every workload, whether it's on-prem or in the cloud, whether it's connected to the internet or offline, a lot of the, the indicators of attack and the, and the detection techniques that we have are on the sensor itself. So you don't have to be connected anywhere for that capability to work. You get the benefit when you connect to the cloud of the additional visibility, the additional protection, but the core capabilities on the sensor that we have >>Given that you guys started 11 years ago, plus two days now, and you had that dogma cloud cloud, first cloud cloud, only Nate cloud native. Was there ever a point where you're like, you know, boy, we might be missing some of the market, you know? And, and you, you, you held true to your principles. Two part question. Did you ever question that and by focusing all your resources on cloud, what, what has that given you? >>It's there's been a Eliza focus on having a, a native cloud platform. It's easy to say cloud native. And if you look at a lot of the vendors in the industry today, if you are a, a customer and you ask them, Hey, can you gimme an on-premise product? I'm not gonna buy your product. They've got an on premise product. The problem is when you have two different versions, you end up having compromise. You have to manage two code bases, impact to your engineering team. Their features are different customers. Ultimately are the ones that miss out because if I have the on-prem version or if the cloud version, I may not get the same capability for us, it's been very clear. It's been a laser focus to be a cloud and cloud only from day one. >>You've renamed humo. I gotta stop using humo. I guess it's not called log scale, Falcon, complete log scale. You're bringing together security and observability. Although you're not doing the full spectrum of observability, you're just sort of focusing on, you know, part of it. Can you explain that? >>Yeah. So first of all, we did rebrand and bring the homeo brand closer to a crowd strike by renaming it Falcon log scale. And just to be clear, it's not just the rebranding of the name. We've been spending a lot of time. We made that acquisition in March of, of last year, and we've been doing a lot of work on the technology. We built out long, the Falcon long term retention. We built a whole bunch of capability into the product. So now was the right time to rebrand it as Falcon log scale. And at the same time, we also announced Falcon complete log scale. And it's part of the complete franchise. And that's where customers can get the value and the benefit of log scale, but they don't have to set it up. They don't have to manage it. They leave that to us. >>So you get pretty much involved in, in the, the M and a activity. You talked on stage yesterday about reify and, and what's going on there. You guys got, obviously gotta, still do that. You, but you made investments this week. You announced investments in salt security, the API specialist, and, and also Vanta compliance automation. What's the thinking behind that, you know, explain actually the fund that you guys are sprinkling around as a strategic investor and why those companies. Yeah. >>So there's two, two parts that, that I'm involved in on that part of my team. One is the M and a team. And one is the Falcon fund side of the business. Obviously two very different things. The, the M and a part of CrowdStrike, we're always looking to see for every technology space that we want to get into, you know, what is the best option build by a partner? Sometimes it's built sometimes it's a, it's a hybrid approach of build and partner. Other times we go down the path of M and a, and I was super excited about reify, great company, great technology. And as you said, we made announcements to we're investing as part of the fund into, into van and salt. We, we, we are very blessed. We're very fortunate to have achieved a lot of success in a short period of time. And we think we've got an opportunity to help fledgling companies to help them guide through the process of setting up the company, helping them with engineering principles and guidelines, helping them with the go to market perspective. So the fund is really about that. It's finding the next cybersecurity company working closely together, and it's been a huge success. You had banter and salt on earlier, and there's so much excitement about what they do. >>Yeah. I mean, it's clear, clear, compliment to what you guys are doing. I want to ask you about your lightweight agent. There, there are other firms that say they have a lightweight agent too. You know, what, what makes your lightweight agent so different? So special? >>Yeah. I've never seen a PowerPoint presentation. That's wrong. It's very easy to, to say your lightweight agent is, is, you know, super lightweight. And many times when you look at them, they're, they're not lightweight. They take a lot of effort to install. They need reboots. If you've got security, that's part of the operating system. If you've got security that requires to reboot, you can't go to a bank and say, Hey, you've got a hundred thousand machines. We're gonna install all of this technology, but you've gotta reboot it once, twice, three times. So what ends up happening is you see deployment cycles that go on for 12 months. I've spoken to organizations here this week that said we had budgeted to roll out your product in 18 months because of what we experienced in the past. And we did it in seven weeks. That's a lightweight agent with no reboot. And then you look at the updates. You look at the CPU resource utilization. So again, very easy to say lightweight. I haven't seen anything like what we've built at crowd strike. >>How do you keep an agent lightweight when you're both acquiring in companies and adding modules? I think you're, you're over 20 modules now. How, how is it that the, the agent can remain so lightweight? >>So we spent a lot of time building out the agent cloud architecture that we have, the, the concept of our agent is very different. It's not collecting data, storing it, trying to sell, send it up. We have a smart agent with smart filtering built in. So we're very careful in terms of the data that we collect, but think of the aperture on a camera. You know, if you wanna let more light in you, you widen the aperture. It's the same as our, our agent. If we wanna bring in more telemetry, we, we widen that aperture. So we're very efficient on the network. And we collect data. When machine process runs, we collect that telemetry. We use it in different ways, but we collect once and reuse it many times. So it's the same agent for NextGen AV for EDR, for our spotlight vulnerability management module. And when we're looking at M M and a, so coming back to your, your question, we will look at technology. And if we can't bring that technology and incorporate it into the agent that we already have, we won't acquire it. Worst thing in security is complexity. When you give an organization, 1, 2, 3, 5 plus agents, and then they have 3, 4, 5 plus management consoles. It's too hard when they're under attack. >>Well, it's like my, my business partner co-host John furrier says is that as an industry, we tend to solve complexity with more complexity. And it's, that's problematic. Can you talk about your, your threat graph? Like, what is that? Is it a, is it a graph database? Is it a purpose built? Is it a time series, database, a combination? What, what is >>That? Yeah, it is a graph database. When we, when, when the company was started, obviously the vision was to crowdsource telemetry from so many machines from millions of devices around the world. And the thesis at the time was as that capability scales out, there's nothing commercially available that will be able to ingest all of that data. And today we are processing over 7 trillion events every single week. We, we can't go and get something off the shelf. So we've had to build the, the technology from the ground up. That's the first part. Secondly, there is a temporal element to this. There's a time element. And we, we have an ontology built where we track the relationship between all the telemetry that we get. The reason why I believe we stand alone in EDI is because of that time element, the relationship that we have, and we just have so much context that makes it easy for the threat hunter speed and, and ease of use is critical in cyber. >>So you see in data in the database world, everything's kind of converging with all this function, you know, 11 years ago, these were pretty rudimentary. I shouldn't say rudimentary, but immature markets they've come a long way. If you had to start, if, if those capabilities that are there today with graph databases and time series databases were available in, in 2010, would you have used off the shelf technology, or would you have still developed your >>Own? We would've done the same thing that we've done today. >>And, and why can you explain what that, what that is it a performance thing? Is it just control? >>Yeah, look, it, it, it's everything that I talked about before, the, the benefit that you get from the approach that we've taken and the scalability that the requirements that we need, we still today, there's nothing that we can, we can go and get off the shelf that can scale and give us the performance that we need that can give us the ability to, to have that relationship data, the ontology of, of what we have in the platform and the way that we inter operate with all of the different modules that just wouldn't exist. We wouldn't have that capability. And what you'd find is we'd be pretty much the same as every other vendor where they have on-prem solutions, they have hybrid hosted solutions. And when you have those trade offs, you see it in the product. >>Yeah. So the, the point is you're very focused on the purpose of your, your proprietary technology. You're not trying to serve the all things to all people. You used the term yesterday in your keynote, which it, it caught my attention. You used the term ground truth, and it has very specific meaning. Can you explain what you meant by what is ground truth, you know, in the world? And what, what, what does it mean to CrowdStrike? Yeah, >>I was talking about ground truth as it relates to the acquisition of reify and the big thing for us, we wanted to bring additional capability to the platform, to give our customers external and internal visibility of all their assets and all their vulnerabilities. What's important with us, with our agent is today, we give you a single source of truth. When we put that agent onto a device, we tell you everything about the hardware. We tell you everything about who's logged in. We tell you everything about the applications that are running the relationships between the, of the device and the application. We're not a CMDB. We feed CMDB with information that is instant, that is live. And when we look at reify, it broadens again, I'll use the same word. It broadens the aperture. It gives us more visibility around what's going on. So we're, we're super excited about that because having information about all of your assets, all of your users, the applications they use, whether they're vulnerable, how you need to protect them, having it at your finger fingertips, it's a game changer >>Contract, can CrowdStrike be a generational company. And what do you have to do to ensure that that outcome occurs? We, >>We, I think we absolutely are. And, and we're we're path paving a path to, you know, really continuing to build out that platform. I said, in my keynote that I think we're at an early innings. I, if you buy, for example, as a customer, our insight module, cuz you wanna start with EDR, you've got 21 modules to go yesterday. Today we, we talked about discover 2.0, we talked about discover for IOT. I talked about the, the repository acquisition, a whole range of technology built on that single cloud agent architecture. And we've heard the success stories here this week from customers that have just gotten so much benefit. They've rolled out one agent and they've turned off eight or nine from other security vendors. So absolutely we can be a generational company with what we're doing. What >>Are the blockers to customers turning on those additional modules? Cause not, not all customers are using our modules. Is it that they've made an investment in an alternative technology and they're sort of hugging onto it or are there other technical blockers? Yes. >>It many times it's the investment, right? So if you've made a, an investment in the company, you've got a year to go, you might wanna sweat that asset. But typically what we find is the benefit that we have. It's a very simple conversation. If we can give people a cost and a technology benefit, they're gonna make the transition to move. There's so many technical benefits. We talked about the single agent, but the actual features of the modules themselves. But the big thing for us is we've done over 4,700 business value assessments where we sit down with an organization and we look at what they have. We look at what their spend is. We look at their FTEs, we look at the security outcomes that they get. And then we come out with a model that shows them technology and business value. And that's what really drives them to make the switch. >>So the business value in that VVA is not just a, a reduction in expected loss. That's part of it, better security you're gonna, you know, be, be, be lower your risk. But you're saying it's also the labor associated with that. Yeah, >>Absolutely. It's it's how do you operationalize the solution? How many people do you need? How long does it take you to respond? You know, how do you interact with third parties with your suppliers is taking in all of that data. We've spent a long time building out that model and it's, it's proving to be very successful customers. Love it. Is >>That, is that sort of novel ROI thinking in the security business or I'm trying to think of, I mean, I know for years it would watch art. Coviello stand up at RSA and tell us how, how this year's worse than last year. And so, but, but, but I never really heard, you know, a strong business case that would resonate with the, with the P and L manager, other than, you know, we gotta do this or we're gonna get hacked and you're gonna be screwed. Is that new thinking? Or am I, did I just miss it? >>I don't know if I wanna size new thinking. I think what happened, what changed was 10, 15 years ago at a conference you'd stand up and everybody would tell you ransomwares up and fishing is up. And at the end of it, people are trying to work out. Is that good? Or is that bad? It went up 20% based off what that doesn't work anymore. Everyone, you know, got tired of that. And a few of us have been doing it for a while. I I'm, I'm sort of two and a half decades into this. And if you, if you try to use that model of scaring people, they switch off, they want to understand the benefit. You know, the break in the car is so you can go and stop safely when you need it. And I look at security the same way we want to accelerate the company. We want to help companies do their job, but security is there to make sure they don't get into trouble. >>Yeah. It's like having two security guards by your side, right? I mean, they're gonna help you get through the crowd and move forward. So Michael, thanks so much for coming to the cube. Thanks for having me your time. You're you're very welcome. All right. Keep it right there. After this short break, Dave ante will be back with the cube live coverage from Falcon 22 at the area in Las Vegas.

(upbeat music) (logo crystals tingle) >> Hi, everybody, welcome back to FalCon22, I'm Dave Vellante and you're watching theCube's continuous coverage, this is day two. We live in an API economy, but APIs, you know, they're sometimes vulnerable, Michael Nicosia is here, he's the Chief Operating Officer and co-founder of Salt Security, API Security Specialist, Michael, welcome to theCUBE, thanks for coming on. >> Thank you so much, Dave, glad to be here. >> You're very welcome. Why did you and your co-founder, is it Roy? >> Yeah. >> Why did you guys start Salt Security? >> So really easy, I mean, as you mentioned, the proliferation of APIs constantly is growing on a year to year basis. So in 2015, when he and I met, we had this idea that it was going to continue to grow and APIs were going to be critical to every organization from an innovation perspective, from a safety perspective and we thought that current tools out there couldn't protect against the new threat vector that we thought was going to happen. And, you know, you fast forward to 2022 and here we are, it's the largest growing threat vector from an API perspective because APIs are just growing like crazy. >> Right. Well, let's talk about the news, CrowdStrike made an investment in your company. >> Michael: Yes. >> Congratulations. >> Michael: Thank you. >> Tell us about that, why it's important, and to have a strategic partner like that. >> Yeah, so first of all, we're super thrilled about the partnership, I mean, it's amazing. And not only the partnership, the strategic investment for us just signifies the importance of our two companies in terms of what we want to do in the field together or in the market together. So the strategic investment is amazing, the partnership is even more amazing just because it's kind of like, you know, the first in its class from an API security perspective, we've got partners from the cloud providers and then the only other partnerships really have is with API Management vendors. So this is unique in that it goes outside the security ecosystem to provide this partnership and the nice thing about it is it's exclusive, excuse me, and it just continues to validate the leadership where we have an API security, as well as obviously a leadership that CrowdStrike has. >> Exclusive in the sense that CrowdStrike's not going to invest in another API competitor and you're not going to take investment from an endpoint- >> Michael: Exactly. >> Or something like that. >> Endpoint or, you know, really cloud workload situation. >> Anything within that vastly expanding portfolio. >> Michael: Exactly. >> So pretty much anybody. >> Michael: Exactly. >> Except network security, from what I saw in the keynote yesterday, that's sort of on the table, for now. So, okay, so why should customers care about this? What's the benefit to them? >> Yeah, so if you think about, the security profile of organizations and where they seem to have potential risk, threat vectors, you know, endpoint, you know, Cloud obviously API becomes a bigger, threat vector as well. So I think the partnership just solidifies the fact that we want to create a better security profile for organizations and we want to make it safe for them to innovate and continue to do what they do. So I think that's the importance and when you put the two together it just creates a larger value proposition, more stickiness from end point to cloud, to APIs. >> So we have a partner, theCUBE, and in New York city and it's called ETR and they do quarterly surveys of CISOs, CIOs, IT buyers, about 12 to 1500 a quarter. And so I was chatting with those guys last week, they knew we were going to be at CrowdStrike and so they ran some data for all the API security vendors and you guys were, you know they had like the Gartner Magic Quadrant but it's not, you know, vision and execution, it's spending momentum and like presence in their survey, it's like market share, mind share. >> Sure. >> You guys were up and to the right, like, way, way, way ahead, I presume that's why you got the attention of CrowdStrike. I found their data set to be incredibly good, that's how we found CrowdStrike years ago, like, "Wow, who's this company?" >> Yeah. >> You know, companies like CrowdStrike, Okta, Zscaler, Snowflake Off The Charts, but you guys were really noticeable. Talk about the spending momentum you're seeing with customers, where's that coming from? >> Yeah, I mean look, for us it's a continuing growing market, it's accelerating and we're still in the, you know, early stages of the market, which is amazing. But if you think about what organizations do, they innovate, right, they innovate through, you know, software, through applications or APIs. So if you think about, you know, how do they continue to innovate safely? They need a solution, like Salt Security to protect from any bad actors that could potentially create any breaches, vulnerabilities. So I think that that's why CISOs in particular are super excited about talking to us, making sure that they have all of their bases covered especially when it comes to applications that they have within their organization, which continues to grow. >> And not to not to be a methodology geek, but the methodology they use is to essentially say, is a customer spending more or less, they subtract the lesses from the mores and that's what you're left with. And one of the lesses is churn, and if you have high churn, you're spending momentum, >> you know- >> Micheal: Yeah. >> In their methodology goes into the tank. So you have obviously admitted you have very low churn is that what you're saying in the field? >> Micheal: Absolutely. >> Why is that? >> Yeah, I mean, again, I think it's, it goes back to the value that we bring to customers. I think, you know, our solution works, we're the only AI/ML-based solution with deep context so we can really take a closer granular look at the APIs, model those APIs, create a baseline and really protect against them. So I mean, our solution works and it works really well and I think we provide value in that, you know, CISOs don't have to worry about any bad actors trying to infiltrate their applications 'cause they know that Salt Security is there protecting them. >> I know you're not the tech guy but you're the founder, co-founder of a technology company so you got to be conversant in the tech, 'cause this is the way it is in our business, so tell us about the tech, what's so cool about it? What's the differentiation? >> Yeah, I guess, and I mentioned that it's really AI/ML based, you know, we leverage big data and it's really the context associated to that, which means that, you know, we can get into granular details of really baselining the API itself. And what we do really well is, because these are unique attacks and these attacks could be days, weeks, months and we're the only vendor that, that can really correlate across that timeline because of the context-based big data that we leverage to be able to, you know, spot these potential bad actors that we look for. >> And all this happens in the cloud or? >> Absolutely, it's all... >> You have a server in your office? >> No, no, it's all it's a hundred percent SaaS-based, Cloud-based solution, I think that's one of the reasons why the partnership with CrowdStrike is so amazing as well. >> Talk a little bit more about the synergies between CrowdStrike and Salt Security. >> Tons of synergies, I mean, if you think about from, you know, from the part of being a little fluffy culture, the two companies have similar cultures, we go after similar you know, first Cloud, innovative companies. If you think about kind of the technology that CrowdStrike has put forth, revolutionized the endpoint security, and now moving into the Cloud, you know, leveraging AI and ML, we're doing the exact same thing so I think there's a lot of synergies associated with that. And again, the final point that I'll make is that you know, we think together the, you know, better together story is, resonates just because if you think about all of the areas that you know have potential breaches, these threats, we kind of cover 'em all with the partnership. >> When I talk to a founding, you know, co-founder, who's a go to market pro, I like to ask them how did you know when to scale? I mean, you got to have product market fit, I see so many companies failing because they try to go to market before they have, they try to scale go to market before they have product market, but how did you do it? How did you know when to scale? >> You know, it's tricky, and you got to look at a couple of, you know, factors, you got to look at the market, you got to look at, you know, how much potential opportunity exists and you really need to look at, the momentum that is being established. You know, when you talk to CISOs, kind of, you know, talking to them about projects and how, how they prioritize projects and where API security fits, you know, once it begins to be the top three and you start that momentum and obviously you bringing in the revenue. I think that those are signs that we see, that we say, "Okay, we need to double down on making sure we've got coverage across the world in order for us to support demand." >> And you were the first sales rep, right? >> Michael: Yeah. >> Okay. >> Roy and I, I was the first AE, here was the first SE. >> Okay, but your early go-to market pros are probably different than what you're bringing in today, you didn't have, you know, a lot of BDRs at the time, but you guys were hands on consultants- >> Absolutely. >> Like sort of process consultants, sales folks, right? And then you codify that when you're ready to scale and now you're, is that kind of a, what you're doing? >> Absolutely, I mean, you nailed it, I mean, it's in the early stages, it's validating that there's a problem that exists in the market and how important is that problem, you know, to CISOs. So when we first started we met probably about 50 CISOs where we just had that conversation, not about sales, it was more about, "Hey we just want to talk to you about a problem we think exists in the market, love to get your reaction on that problem and then obviously how you're solving that problem and how much of a priority is that problem," How important is it to you? And then once you have those discussions then you can really find those individuals, early adopters if you will, that are ready to buy and then it kind of proliferates from there. >> And then you have a CRO , I presume, right? So what was that like finding him or her, is a really important first sales hire. >> Super important, yeah. >> How did you go about that? How long did it take? >> Yeah so it took about six to eight months and you know it's really tough because, you know, we look at cultural fit, above everything else. So it's not, that, "Can they do the job?" it's culturally, do they fit in? And you know, how much can that individual scale the organization? So there's a lot of factors associated, there's a lot of individuals associated to, you know with the interview process. So that's how we looked at it and obviously we wanted somebody that had experience in a company our size, was able to scale it and so on. The one tricky thing is, and I'll tell you this, is, you know, for Roy and I, you kind of have to let go a little bit, that was really tough, so knowing that you need to do that is something that- >> A little bit of founderitis? >> Micheal: Yeah. >> Dave: It's hard, right? >> Micheal: It's hard. >> Dave: Yeah, it's your baby. >> It's like, whaat? >> I get it, Michael, thanks so much for coming to theCUBE, congratulations on the news- >> Thank you Dave. >> The investment and good luck. >> Awesome, thank you so much, appreciate it. >> You're really welcome. All right, keep it right there, we'll be back right after this short break. Dave Vellante for theCUBE at FalCon22, CrowdStrike's big user event, we'll be right back. (cheerful bouncy music)

foreign okay we're back at Falcon 2022 crowdstrike's big user conference first time in a couple of years obviously because of kova this is thecube's coverage Dave vellante and Dave Nicholson wall-to-wall coverage two days in a row Michael Rogers the series the newly minted vice president of global alliances at crowdstrike Michael first of all congratulations on the new appointment and welcome to the cube thank you very much it's an honor to be here so dial back just a bit like think about your first hundred days in this new role what was it like who'd you talk to what'd you learn wow well the first hundred days were filled with uh excitement uh I would say 18 plus hours a day getting to know the team across the globe a wonderful team across all of the partner types that we cover and um just digging in and spending time with people and understanding uh what the partner needs were and and and and it was just a it was a blur but a blast I agree with any common patterns that you heard that you could sort of coalesce around yeah I mean I think that uh really what a common thing that we hear at crowdstrike whether it's internal is extra external is getting to the market as fast as possible there's so much opportunity and every time we open a door the resource investment we need we continue to invest in resources and that was an area that we identified and quickly pivoted and started making some of those new investments in a structure of the organization how we cover Partners uh how we optimize uh the different routes to Market with our partners and yeah just a just a it's been a wonderful experience and in my 25 years of cyber security uh actually 24 and a half as of Saturday uh I can tell you that I have never felt and had a better experience in terms of culture people and a greater mission for our customers and our partners you'll Max funny a lot of times Dave we talk about this is we you know we learned a lot from Amazon AWS with the cloud you know taking something you did internally pointing it externally to Pizza teams there's shared responsibility model we talk about that and and one of the things is blockers you know Amazon uses that term blocker so were there any blockers that you identified that you're you're sort of working with the partner ecosystem to knock down to accelerate that go to market well I mean if I think about what we had put in place prior and I had the benefit of being vice president of America's prior to the appointment um and had the pleasure of succeeding my dear friend and Mentor Matthew Pauley um a lot of that groundwork was put in place and we work collectively as a leadership team to knock down a lot of those blockers and I think it really as I came into the opportunity and we made new Investments going into the fiscal year it's really getting to Market as fast as possible it's a massive Target addressable market and identifying the right routes and how to how to harness that power of we to drive the most value to the marketplace yeah what is it what does that look like in terms of alliances alliances can take a lot of shape we've we've talked to uh service providers today as an example um our Global Systems integrators in that group also what what is what does the range look like yeah I mean alliances at crowdstrike and it's a great question because a lot of times people think alliances and they only think of Technology alliances and for us it spans really any and all routes to Market it could be your traditional solution providers which might be regionally focused it could be nationally focused larger solution providers or Lars as you noted service providers and telcos global system integrators mssps iot Partners OEM Partners um and store crouchstrike store Partners so you look across that broad spectrum and we cover it all so the mssps we heard a lot about that on the recent earnings call we've heard this is a consistent theme we've interviewed a couple here today what's driving that I mean is it the fact that csos are just you know drowning for talent um and why crowdstrike why is there such an affinity between mssps and crowdstrike yeah a great question we um and you noted that uh succinctly that csos today are faced with the number one challenge is lack of resources and cyber security the last that I heard was you know in the hundreds of thousands like 350 000 and that's an old stat so I would venture to Guess that the open positions in cyber security are north of a half a million uh as we sit here today and um service providers and mssps are focused on providing service to those customers that are understaffed and have that Personnel need and they are harnessing the crowdstrike platform to bring a cloud native best of breed solution to their customers to augment and enhance the services that they bring to those customers so partner survey what tell us about the I love surveys I love data you know this what was the Genesis of the survey who took it give us the breakdown yeah that's a great question no uh nothing is more important than the feedback that we get from our partners so every single year we do a partner survey it reaches all partner types in the uh in the ecosystem and we use the net promoter score model and so we look at ourselves in terms of how we how we uh rate against other SAS solution providers and then we look at how we did last year and in the next year and so I'm happy to say that we increased our net promoter score by 16 percent year over year but my philosophy is there's always room for improvement so the feedback from our partners on the positive side they love the Falcon platform they love the crowdstrike technology they love the people that they work with at crowdstrike and they like our enablement programs the areas that they like us to see more investment in is the partner program uh better and enhanced enablement making it easier to work with crowdstrike and more opportunities to offer services enhance services to their customers dramatic differences between the types of Partners and and if so you know why do you think those were I mean like you mentioned you know iot Partners that's kind of a new area you know so maybe maybe there was less awareness there were there any sort of differences that you noticed by type of partner I would say that you know the areas or the part the partners that identified areas for improvement were the partners that that uh either were new to crowdstrike or they're areas that we're just investing in uh as as we expand as a company and a demand from the market is you know pull this thing into these new routes to Market um not not one in particular I mean iot is something that we're looking to really blow up in the next uh 12 to 18 months um but no no Common Thread uh consistent feedback across the partner base speaking of iot he brought it up before it's is it in a you see it as an adjacency to i-team it seems like it and OT used to never talk to each other and now they're increasingly doing so but they're still it still seems like different worlds what have you found and learned in that iot partner space yeah I mean I think the key and we the way we look at the journey is it starts with um Discovery discovering the assets that are in the OT environment um it then uh transitions to uh detection and response and really prevention and once you can solve that and you build that trust through certifications in the industry um you know it really is a game changer anytime you have Global in your job title first word that comes to mind for me anyway is sovereignty issues is that something that you deal with in this space uh in terms of partners that you're working with uh focusing on Partners in certain regions so that they can comply with any governance or sovereignty yeah that's that's a great question Dave I mean we have a fantastic and deep bench on our compliance team and there are certain uh you know parameters and processes that have been put in place to make sure that we have a solid understanding in all markets in terms of sovereignty and and uh where we're able to play and how that were you North America before or Americas uh Americas America so you're familiar with the sovereignty issue yeah a little already Latin America is certainly uh exposed me plenty of plenty of that yes 100 so you mentioned uh uh Tam before I think it was total available Market you had a different word for the t uh total addressable Mark still addressable Market okay fine so I'm hearing Global that's a tam expansion opportunity iot is definitely you know the OT piece and then just working better um you know better Groove swing with the partners for higher velocity when you think about the total available total addressable market and and accelerating penetration and growing your Tam I've seen the the charts in your investor presentation and you know starts out small and then grows to you know I think it could be 100 billion I do a lot of Tam analysis but just my back a napkin had you guys approaching 100 billion anyway how do you think about the Tam and what role do Partners play in terms of uh increasing your team yeah that's a great question I mean if you think about it today uh George announced on the day after our 11th anniversary as a company uh 20 000 customers and and if you look at that addressable Market just in the SMB space it's north of 50 million companies that are running on Legacy on-prem Solutions and it really provides us an opportunity to provide those customers with uh Next Generation uh threat protection and and detection and and response partners are the route to get there there is no doubt that we cannot cover 50 50 million companies requires a span of of uh of of of a number of service providers and mssps to get to that market and that's where we're making our bets what what's an SMB that is a candidate for crowdstrike like employee size or how do you look at that like what's the sort of minimum range yeah the way we segment out the SMB space it's 250 seats or endpoints and below 250 endpoints yes right and so it's going to be fairly significant so math changes with xdr with the X and xdr being extended the greater number of endpoints means that a customer today when you talk about total addressable Market that market can expand even without expanding the number of net new customers is that a fair yeah Fair assessment yep yeah you got that way in that way but but map that to like company size can you roughly what's the what's the smallest s that would do business with crowdstrike yeah I mean we have uh companies as small as five employees that will leverage crowd strike yeah 100 and they've got hundreds of endpoints oh no I'm sorry five uh five endpoints is oh okay so it's kind of 250 endpoints as well like the app that's the sweets that's it's that's kind of the Top Line we look at and then we focus oh okay when we Define SMB it's below so five to 250 endpoints right yes and so roughly so you're talking to companies with less than 100 employees right yeah yeah so I mean this is what I was talking about before I say I look around the the ecosystem myself it kind of reminds me of service now in 2013 but servicenow never had a SMB play right and and you know very kind of proprietary closed platform not that you don't have a lot of propriety in your platform you do but you they were never going to get down Market there and their Tam is not as big in my view but I mean your team is when you start bringing an iot it's it's mind-boggling it's endless how large it could be yeah all right so what's your vision for the Elevate program partner program well I I look at uh a couple things that we've we've have in place today one is um one is we've we've established for the first time ever at crowdstrike the Alliance program management office apmo and that team is focused on building out our next Generation partner program and that's you know processes it's you know uh it's it's ring fencing but it's most important importantly identifying capabilities for partners to expand to reduce friction and uh grow their business together with crowdstrike we also look at uh what we call program Harmony and that's taking all of the partner types or the majority of the partner types and starting to look at it with the customer in the middle and so multiple partners can play a role on the journey to bringing a customer on board initially to supporting that customer going forward and they can all participate and be rewarded for their contribution to that opportunity so it's really a key area for us going forward Hub and spoke model with the center of the that model is the customer you're saying that's good okay so you're not like necessarily fighting each other for for a sort of ownership of that model but uh cool Michael Rogers thanks so much for coming on thecube it was great to have you my pleasure thank you for having me you're welcome all right keep it right there Dave Nicholson and Dave vellante we'll be right back to Falcon 22 from the Aria in Las Vegas you're watching thecube foreign [Music]

(intro music) >> Hi, everybody, we're back. Dave Vellante and Dave Nicholson. We're covering Fal.Con 22. This is CrowdStrike's big user conference. CrowdStrike is a very hot company, as you probably know started on endpoint security, expanding into another, a number of other areas trying to build the next great generational company in cybersecurity. Michael Sherwood is here. He's the chief innovation and technology officer for the city of Las Vegas. >> Got to love that. >> Thanks so much for coming to theCUBE. >> Welcome! >> Yeah, we got to love that. I mean, if it weren't for Las Vegas, I'm not sure where we would have our CUBE events, but so thank you for hosting us. >> Thank you for being here. This is awesome. It's a great day and a lot of people, and it's exciting to see everything that's going on here. >> Yeah, the city is booming. Obviously the convention, the conference business is booming. Tech is a big part of that but there's so many other industries that come to Las Vegas. Talk about your role, really interesting, chief innovation, technology officer, CTO. Tell us about what you do day to day. >> Kind of all over the place. But a lot of it has to do with day to day technology within the organization. So managing all the different technology components. When you start looking at any city, it's a lot of different companies inside of it. Think of fire service as a different company. They all have different missions. And so our technology needs are expansive. So while we have operational IT, we also have our innovation unit. Innovation unit works on next generation technology. So Las Vegas was one of the first cities in the United States to have a autonomous vehicle drive in mix-flow traffic, meaning it was out there with, driving along cars. We're also the first city to have an accident in a autonomous vehicle. That happened on day two. (Vellante laughing) So, there's always a lot of firsts in Las Vegas, but. >> Despite the grid. >> Despite the grid, you know. But even today, so that was in 2017, when we first started working with autonomous vehicles. Up until today, where you have the ability, anybody in Las Vegas, including yourselves right after the show can go ahead and use Lyft, go outside and hail an autonomous taxi to come pick you up and drive you up and down the strip. Those vehicles actually communicate with our infrastructure. So the innovation is, how do cities work with private companies to start building next generation amenities, next generation technologies? And so that happens a lot of times. People don't realize. They come to Las Vegas for entertainment, and now we're known for sports but we do have a lot of technology here that permeates through the entire community. >> So I'm from Boston. We're trying to get the smart traffic lights, we're not quite there yet. But I was at a session, Dave you'll appreciate it, it was John Rose, who was the CTO. He was the CTO of, he's a CTO of Dell Technologies now. And the mayor of Boston, we were talking about the vision for a smart city. But Boston and I mean talk about, a challenge for building a smart city. So when I come out here, it's like amazing to me to see the technology that's there. So as a CTO and innovation officer, you've got a playground where... Now, of course you have legacy infrastructure, you've got technical debt, but you also have, in certain cases, an opportunity and more latitude to get creative. So what are some of the cool things that you're working on that you're really excited about? >> There's a lot of things I'm excited about. It's just great being in this city. But a lot of the things that we're excited about here in the next year to two years, we have an innovation district. So not a lot of cities have this but Downtown around the Fremont Street Experience, there's a corridor there that covers government, covers entertainment, medical. And so this innovation district is where we test out new technologies. So some of the things we're testing out, computer vision. So we're, our smart parks program is how do we provide better security and enjoyment of those amenities without providing physical labor to constantly patrol. And so we're using cameras and vision and different types of AI algorithms to kind of manage the park. And while we're doing that, we're also getting data back on how often is the park used? Are the facilities, are the sprinklers going on during the day? Water's a big deal here. And so those type of projects. Again, autonomy is still huge, vehicle autonomy, still working on driving those next generation changes where you'll actually have a driverless vehicle. Right now, there's a safety driver in a lot of the autonomous vehicles. Even the one I talked about earlier, you have the, while the vehicles driving itself, for safety reasons, there's still a human driver in the seat. But as we go forward in the next year to two, that >> That's soon. >> is getting ready to change. I believe that's soon. You can quote it here, you heard it here first. >> Wow. >> But that would be coming up. You got drones as well. We've already started looking at a few types of drone delivery systems. It may not be too far away. Your pizza or maybe some other item that you want is delivered in the general area. Probably not in the hotel corridor but in the outside areas of the city. I just think there's a lot of, again, we're building amenities for the future. We really want people to understand that Las Vegas is not just a place to come visit, but it's a place to live and have fun and be part of a community. >> So from an academic perspective, what you just described is a highly ambidextrous organization, right? >> Yes. >> Because you're not just worried about keeping the lights on, but you're also looking at innovation. How did your organization get to this place? What you're describing is sort of the gold standard that any organization public or private would seek to implement. How did you get there? >> Baby steps, small steps. It all started back when there was the Smart Cities Challenge. So we were not selected as the finalist. We were in the, I think top 15 at the time but we didn't give up on it. And we continued to move forward. The pandemic helped us do things. When you ask, what do I do? Well, my normal job is running the day to day infrastructure. I also see my role as economic development to help bring companies here and bring new ideas. We have a great community, diverse and ready to do things. But when you take, talk about the innovation and the technology and what we're doing. Like I said, during a pandemic, we came up with the idea of, Hey, we don't want to send our building inspectors or our inspectors in the people's homes, one for the inspector's health and one for the citizen's health. So we used normal tools. We took an iPhone and made it a virtual inspector. So now if you get a new water heater, you can actually do your inspection via like a FaceTime. And you hold your phone up around the water heater. We can view it, we record the video, save it, and boom give you an inspection remotely. And so you build on it. So how do you get, I wouldn't quite say we're the gold. I appreciate, we're moving there, that's the bar. You've laid out the bar for us, but we're moving in that direction. But it's building on one win and not all of our things that we've deployed. We can talk about those as well. Some of the things like trash can sensors, we looked at doing, which would monitor when the trash can was full or empty, just didn't pan out. So a lot of the times I talk about the wins a lot not as much about the things that didn't pan out. >> So what're the big challenges, generally of building out a smart city and then specifically around cyber? >> So there's, community acceptance number one. Las Vegas, I'm very lucky cameras are everywhere. So there's not as much resistance to using video technology. But a lot of times it's just getting the constituents, getting people to understand the value of what we're trying to do. Not everybody is interested in autonomous vehicles or believes they're ready for that. But when you start looking at the increments, more than any other city I know, the community here is so robust and so supportive of bringing on these technologies. Look, what other city do you know that builds new buildings and knocks them down five years later to build something new again? Or, who has a volcano in the middle of their downtown? So different things like that. But when you start looking at all the advancements we're making, you brought up one of the biggest concerns. When people ask me, what keeps you up at night? It's not the autonomous vehicle not performing, its the cyber, it's the cyber issues that go along with becoming more advanced. And as you bring innovation in, you start bleeding the lines of what's government, what's private. And then how do you continue to have the data transmission between these multiple entities? How do you keep the endpoint secure? And that is something that you learn as you go, but it's always out there. And endpoint security and security in general is a huge, huge area. >> And how about the data? You were talking before about you can get actually approval for an inspection. That's data, it's video data. How have you changed the way in which you're using data? What are you doing with that data? How do you leverage it? How do you secure it? >> It's all great questions. One of the things we've undertaken is called an open data initiative. So we have an open data portal. It's opendata.lasvegasnevada.gov, where we publish a lot of the data sets that we collect. If it's air quality, if it's ambulance runs, and we make that data available. A lot of that is, one for the public for transparency, two though, it's, we hope enables the private sector to build apps off of the data that we have. A lot of times, you either you have the data but you don't have the app or you have the app, but no data. So in our way, it's trying to help the community build up new ideas. Our push has been moving to the cloud a lot. So we're pushing a lot more data into the cloud where before I think a lot of governments keep a lot of that internal, but obviously look, the cloud's here to stay and it's not going anywhere. And so now it's more about as we migrate, using our partners, our relationship with CrowdStrike, to start securing not only our endpoints but start looking at the cloud space as well. And then we have this new technology. It's not really new, but edge compute. You've heard a lot of, there's different people talking about it. When you start talking about autonomous vehicles, autonomous delivery, drones. We own a large private wireless network. A lot of data now is computed at the edge and we're only taking the metadata and sending it up to the cloud. So it becomes rather complicated with security being at the forefront. >> Yeah, so that very small portion of the actual amount of data that's created goes back but it's such a massive amount of data. It's not to trivialize it, it's still a lot. And some of it is probably ephemeral. Do you persist at all? Or probably not. >> Not always, I mean. A lot of it, what we're learning is, it's a learning process as you go through this smart city or what we call just basically emerging into, 'cause I believe all cities are smart. Not one city smarter than another necessarily. So I'm not really a fan of the term smart city. It's more in line with me as we're building amenities for the future and building amenities for people. And a lot of that is built upon data and then built upon providing things that citizens want. And we all know, we all live somewhere and we live there because it's safe community, it has good education, good infrastructure whatever it might be. And so we're trying to build out that smart community to be as many things as we can to as many people. >> Yeah, that's fair. And there's automation, there's certainly machine intelligence that's heavily involved. Of course, you talking autonomous. Now I understand your work transcends the city of Las Vegas into the broader state of Nevada helping make Nevada a safer state. What's that all about? >> So we have a great partnership. One of the great things, I come from California, so a rather large state. Here in Nevada, it's a very close knit state. So we have a lot of communications with the state. We get to work with them very closely. One of the initiatives we've been working on is how do we, a lot of organizations spend a lot of time doing cybersecurity for just their organization. So it's focused internal on the employees that might work in that organization. We're kind of now looking outwards and saying, how do we not only do that for our internal government employees but how do we involve the entire community? One of the things is, is Las Vegas over 40,000 conventions per year. You're here a lot. What happens in Vegas stays in Vegas and a lot of people bring malware with them and it stays here. We're trying to educate people. We do a lot in government to help people with police and fire and services. What is local government doing to help the community prepare for the next generation of cyber threats and issues? So our initiative is really working with the community, bringing in CrowdStrike and other partners to help us not only work with small business, but work with those entrepreneurs as well as the midsize businesses. >> So what do you do with Crowd? You got the cool little CrowdStrike, not CrowdStrike, but you got the red splash in your lapel. Very cool cuff links, I noticed that you have there. I love the red. >> Little poker chips there. >> They're Very nice, very nice. >> They're very cool. So what do you do with CrowdStrike? >> So CrowdStrike is one of our major components in our security posture. We use them as endpoint protection. I can tell you a quick story. I know my CISO's listening probably was going to cringe now when I tell this story, but our journey with CrowdStrike has been amazing. We deployed the product and when that first week of deployment, we had a malicious actor and CrowdStrike was able to catch it. I would probably would not be here today with you two gentlemen if it wasn't for CrowdStrike. That's not an endorsement it's just a, that's a fact of how things rolled out. But we depend on CrowdStrike and their capabilities to ensure the safety of our digital assets. >> You wouldn't be here 'cause we, it used to be failure means fire. Is that what you mean? >> That's what I mean. I'm not going to, I don't like to use that word in my terminology, but basically failure is not an option in my job. It's just not there. >> Well, it's funny, we had Kevin Mandy on early, he was like, look I started my company in 2004 with the assumption that breaches will happen, you are going to get breached. >> Yes >> So that's why I say, I think there was a day when, if you got breached, oh, you're fired. Well that, then everybody got breached. So I think that that sentiment changing 'cause CrowdStrike saying that the unstoppable breach is a myth. Well, we're not there yet, but. >> I'd say damage control now. At least we have a little bit more control but, again, look, government is about trust. And so when you have that trust level, from my perspective, I keep a high standard and try to prevent any loss of data or any type of malicious activity from happening. I hope the mayor's listening and she doesn't fire me if anything would happen, but you know. >> You got a fun job. How'd you get into this? >> It was a great opportunity. I worked in law enforcement prior to here. I was a Deputy Police Chief in city of Irvine. I oversaw technology as part of that role. I've always loved Las Vegas, always liked the energy of the city and I had a great opportunity to apply and I applied and was lucky enough to be selected. I have a great team that supports me. >> Deputy Police Chief, it sounds like, what you just described, the technology role. You had an operations role essentially, is that right? >> Correct. And so kind of gave me a lot of insights and really helped me, as you progress in government, having different roles in your portfolio makes you a little bit more adaptive and it's kind of, it helps in, especially now with so much video and cameras prevalent in cities, having that law enforcement role, understanding a little of the legal aspects and understanding some of the, what law enforcement wants kind of makes that bridge from technology to the actual end user. >> A really interesting story, Michael. Thanks so much for sharing on theCUBE, appreciate it. >> Thank you for having me here. >> You're very welcome. All right, keep it right there. Dave Nicholson and Dave Vellante will be back from Las Vegas at the Aria from Fal.Con 22. You're watching theCUBE. (outro music)

hello welcome everyone to thecube's coverage here in monaco i'm john furrier host of thecube the monaco crypto summit is happening we're here for the full day and tonight at the yacht club for special presentations crypto team is here digital bits and the industry's gathering and we get some great guests lined up throughout the day our first guest is michael gord co-founder and ceo of gda capital michael welcome to thecube cube great lunch on so we're kicking off the day here we got a lot of a lot of commentary around crypto and also we're in monaco so kind of a special inaugural event why this event why are people gathering here in monaco monaco has traditionally been a top financial jurisdiction but and there has been crypto events here before but never with participation from from prince albert so this being the first event first blockchain focus event in monaco that has participation from prince albert has brought a has brought a global audience and the fact that digital bets is intending to there's a a lot of excitement and and what uh what digital bits is going to be coming to market with yeah and i think i talked to alberto the founder and ceo of digitalbits um i've known him for many years he's a tech guy by heart but he's been in the trenches doing a lot of work over the years in crypto and one of the things i think digital bits has nailed this first the name's amazing but they got real deals i saw our announcement a couple days ago less than 48 hours roma soccer team has a new player they brought the big roll out digitalbits is on the uniform on the front of it huge crowd great visibility so this is a real trend where the the assets of physical and digital coming together there's certainly a lot of hype and a lot of kind of like cleaning up right now in the market but this train is definition is happening training has left the station there's been a lot of over the past decade a lot of startups building in the on blockchains and some of those startups have become big companies but big traditional enterprises have been slow to adopt digital assets and uh digitalbits is really well positioned to bring a lot of those and bring a lot of enterprise participation to the blockchain yeah i mean we met a couple days ago and we were talking in um at the hotel um you're you've been at this for a while you got some great successes talk about your firm what are you guys doing gda what are some of the things you're working on uh you're doing some investment what are some of the angles you're taking bets you've made things you're looking at yeah so i'm a serial entrepreneur and investor i've been focused on the mainstream adoption digital assets for the last decade went about that in in various different ways as i have as i've matured but the way our business looks now is uh is focused on bridging the gap between institutional capital markets and the blockchain and helping institutional capital participate in the market um so we help digital assets with their with their public offering we've gotten into traditional public markets through uh the blockchain moon acquisition corp spac that one of my co-founders is director of we have a brokerage business that does a few hundred million dollars about the transaction volume collateralized lending business we just started some some funds principal investments and then we incubate our own companies internally in category new categories like the metaverse nfts and um other things like that so pretty diversified across the boxing cabinet market at this point and in general looking to create solutions to um help the traditional capital market and the boxing cabinet market get get deeper exposure here you know it's interesting i hear you're speaking about the um how you guys are handling your your view of the landscape multiple moving parts on the investment thesis a lot of integration of instruments and vehicles it's a new creative structural change i mean if you look at just the money how crypto and the future of money this this cultural shift it's also some structural change on how to invest how to manage the investments how to bring on like incubation into most capital public private at the same time on the other side of the coin you have the entrepreneurial energy of um a lot of entrepreneurial ideas you see a lot of creative artists the creator culture has emerged in the past year and a half as a massive wave but to me that's just an application on top of the new infrastructure if you look at all the big investment houses that are pouring billions of whether it's industrial horowitz or other big vcs moving and shifting it's all the same game it's the infrastructure platform applications and it's but it's different it's not what we used to see because it decentralized how do you react to that what's your view on that concept you see it the same way yeah i think that there's everything with blockchains is novel but almost all of it we've seen before so um we've had games before now with the blockchain we have the ability to earn income by playing games we've had exchanges before but they've always been a centralized organization that everything that is now built on blockchains exists in the traditional internet or capital market or game industry or or whatever uh that you know there has been art for generations there's been uh now the ability to have art on the blockchain with provable nft like every everything is innovative because of the decentralization aspect but it's not it's not the first thing the first time that we've seen any of this stuff it's almost interesting you're seeing it recycling all the same concepts on the old web kind of come in the new web and there's also a gen z angle especially the metaverse metaverse the constant theme i'm seeing is hey you want to watch sports you can watch in the metaverse and do it differently and not have to attend so you know the whole pandemic has shown us that hybrid virtual and hybrid is coming together and so i see a huge tsunami of innovation coming from just the tailwind post pandemic i think still massive value in a real event like this us being able to sit in front of each other as real people is uh not replicatable in the metaverse but to be in monaco is not possible for everyone because uh visa reasons because they have something you know it's just you have to be here today is not possible for a hundred percent of the world or for a sports game or for a concert or for a music premiere movie premiere really anything that's happening in the real world is not the metaverse is not gonna replace the real world but it is gonna create a massive additional audience to anything that's happening in the real world that anyone around the world can participate and how amazing would it be for uh for someone from zimbabwe someone from sydney and someone from brazil to all be interested in what digital bits is doing in monaco and what prince albert is you know how how how how the monarchical crypto summit is looking to position monaco in the future of cryptocurrency the kind of theme of this event and they have the amazing fortune to meet in the metaverse it doesn't replace well i mean i think i mean i think this is a great point this to me is going to be the holy grail in my opinion i agree if you look at the notion of presence we're face to face we're here there's people here so we peace we see each other in the lobby maybe he's out sightseeing at dinners so when you have that face to face that's the scarce resource right that's going to be the intimacy sometimes it's not even just to learn about what the pro what's going on but if we're present here how do we create that same experience when you have presence not just some icon chatting but like just movement knowing that you're there connected to people first party is going to be no one's really done it well i think the metaverse is to me is showing the path to being a first-class citizen digitally with a real-time event it's new so it is possible to communicate in the metaverse through through a microphone so if if you're beside someone then similar to the real world you can say you know hey how's it going what do you think about the presentation or or whatever you want and if you're speaking in a conversational way then the person beside you will hear what the person down the hall might might not um it's also that i've i've seen new features in certain like experiences that are coming to market that kind of take the google hangout or skype yeah like video infrastructure and put that in so we could choose to have our cameras on which is it's getting better but it of course doesn't replace real presence there's no doubt in my mind that in near future soon sooner or later there's gonna be a guest sitting right next to you that's not here okay there will be a hologram model where people will be interviewed will have capability to visualize that person they'll be in a metaverse they'll be queuing up for interviews this is a game this is a mind-blowing thing i mean if you just think about that concept that we could have participation in real time here with expressions with their with their digital expression their icon whatever whatever their nfts are so i think this is going to be the blending of how communities gather and i think ultimately how truth and and journalism and news is going to change so to me yeah we're super excited we're here obviously because we want to get the stories and you know we love what digital bits is doing prince albert certainly a relevant figure on the global stage um i think this is a signal for a lot of things to come indeed indeed all right so final question before we move on what's your hottest thing you got going on what are you looking at what are you most excited about um well just just this conference um we've got quite a lot of of companies we have exposure in that are that are presenting and a lot of them are coining new new new niches of the market so um we have uh um we've spoken about a lot about the metaverse we have you know i'm and i think the metaverse is probably the the thing that i'm overall most excited about i think it's the next multi-trillion dollar market that feels like bitcoins in but in addition to that we have the first regenerative finance platform that is that is presenting here that's using decentralized finance and and blockchain technology to create a model that people can earn income while mining carbon credits essentially with an objective of having first boxing all blocking protocols but eventually creating a leader board of carbon positive businesses where businesses will challenge their competitors to be more carbon positive in a way that actually earns them earn some income outside of the potential value what's the name of that company that's kyoto protocol uh we have the first entertained to earn a company that is is presenting here it's playgood um the first uh e-commerce metaverse platform so integrated directly into e-commerce without needing to i think the future of the metaverse is is social links you have you know finest in the metaverse and you have all of the all the logos of metaverses that you have experiences in which is cool yeah that that's uh but then you're you're going out of the native website instead of having a um instead of you know native to the to the website having a metabolism experience so they're doing that um yeah really cool awesome final question one more final question i got for you because you made me think of it so metaverse obviously hot is there going to be an open metaverse you start to see walled gardens and you got facebook they got slam dunk by the u.s uh in terms of monopolistic move for buying a exercise act which you know i can i i don't think that was a good move by the u.s i think i let him do that but but there they're they're kind of the wall garden model the old facebook i mean decentralized about open yeah historically if we go back in time there's always open and closed infrastructure in the internet um there was there is companies building open infrastructure companies building closed infrastructure and we could have been talking in 1992 about whether the private intranet will create mass adoption or the open internet will create mass adoption and not that the the intranet is probably is even today still a multi-billion dollar per year business but it's not a multi-trillion dollar per year per year you know infrastructure like the public internet same with the blockchain in 2012 2013 um private blockchains were all the rage by banking raising hundreds of millions of dollars to build up private boxing infrastructure and private blockchains are generating probably today still multi-billion dollars of revenue annually but they haven't accrued multi-trillion dollars like the public watching has i think the same thing will be in the metaverse there will be open and closed infrastructure um but event and there already is close you know fortnight and and games are are essentially closed metaverses just without ownable land um i always look at the i'm old school i look at aol they had they monopolized dial up internet like where the hell did that go you know history so again yeah we don't know it's going to be maybe a connection a connection point between these open metaverses we'll see maybe i'm investment update michael thanks for coming on thecube appreciate you kicking off the event here monaco crypto summit powered by digital bits presented by digital bits uh the company really and behind all the innovation here and the companies i'm john furrier with more coverage after this short break thanks john [Music] you

>>Hey everyone. Welcome to the cubes coverage of PagerDuty summit 22. I'm Lisa Martin, and I'm on the ground with Michael cooky, the VP of product and marketing at PagerDuty. Michael. It's great to have you on the program. There is great momentum right now at PagerDuty. The company's fourth quarter fiscal 22 financials showed a revenue rise of 34% year over year with figures of 85.4 million for the quarter, for the first time ever. Awesome stuff. Let's talk Michael, about what some of the great things are that, um, attendees can expect from this year's summit. You know, automation has been always at the forefront of PagerDuty's focus on managing critical work, but it's a big focus for this year's summit. Let's unpack why that is. >>Sure, absolutely. Thanks so much for having me, Lisa. It's great to be here. Um, we did just finish a grade quarter. We're super excited about it. I think Summit's a good example. It kind of is aligned around the areas that we've been seeing a lot of success and momentum with our customer base. Um, and automation is definitely one of those pillars without a doubt. Um, you know what we've seen, uh, we've been at this now, uh, for over well over a decade, uh, and we've been investing in automation in kind of two major areas and I'll, and I'll explain why, um, we study our customers and what they need. And I think we can all talk about the limited time that everybody has to get their jobs done today, limited people, right? The, you know, the great rotation or the great resignation is definitely hit hitting, you know, every single industry. >>And so it results in limited skills, uh, and a lot of strain on the people that are trying to get their jobs done every day. Um, we also saw that the more you interrupt someone, so you have a very skilled worker, let's say it's a developer for example, and you're constantly interrupting them to try and get them to help you fix something. Uh, they get super unhappy and we actually on our platform prove they quit their jobs more often when they are interrupted more often. Uh, so you know, that is an area where we think automation can have huge impacts and huge returns to take limited resources and really stretch them a lot further, um, by taking care of repeat work, but also taking some of those higher skilled capabilities and handing them to more people across the enterprise. So the work could be shared across the enterprise. >>That's critical to share that work, but I also find it fascinating that you studied that and actually saw direct correlation of, of developers actually resigning from their jobs. And as you mentioned, the great resignation, something that many companies in every industry are dealing with. Let's talk a little bit about some of the things that we're announced recently. I know you guys are weaving automation actions everywhere to empower more users, to be able to, to be, to take action, to resolve issues faster, which is critical for the customer experience. It's critical for revenue. Talk a little bit about automation actions. What are some of the key things that, that delivers and enables PagerDuty to do for its customers? >>Yeah, great. So, you know, two years ago we acquired an automation company named Rundeck and we got right to work integrating their technology across the PagerDuty operations cloud and automation actions is, is the ability to execute automation from wherever you are. And so that is, um, you know, I think there's two directions to talk about automation. One is kind of what can we automate inside of an incident response? So when something's going wrong, what can we automate? What can we automate inside of our own platform? And then there's, what can we automate out in the customer's environment? So whether that's fixing something that's going wrong on a cloud or in a data center, or, uh, provisioning new resources out on the cloud so that, uh, people can scale their applications more rapidly. Um, all of that is done with automation actions, which you just mentioned. >>And so it's not enough to just be able to send work, to be done somewhere else. You have to kind of do it E everywhere. And so at summit this year, we announced that you'll be able to fire off that automation in real time using event intelligence, which is our machine learning product. So as machine learning learns something, it can then run off and try and take action based on it. And then we're delivering it to all of our users. So inside of, you know, for a responder, who's responding to a problem for a customer service representative who might be working with a customer who's having a problem, giving them automation can totally change the customer experience because now the customer service person is actually empowered, uh, to do diagnostics and try and solve problems. So, so that's right. Automation actions being delivered both in real time and to every different, uh, type of user that that leverages PagerDuty today, >>That's really quite transformative. Michael, it sounds like getting the first line responders, the corrective information that in an automated fashion, because as we know, one of the things that's been in short supply the last couple of years is patients. And one of the risks, several of the risks associated with that are customer churn, you know, poor customer experience, brand reputation, et cetera. What are some of the expected outcomes, um, with, with, uh, automation actions and one obviously speeding, mean time to repair, lowering interruptions, getting problems fixed faster, but from a customer's perspective, what are some of the outcomes that they can expect? >>Awesome. Um, great question. The there's a lot of different ways you can leverage automation, right? You just mentioned a bunch of super high return ones when something's broken and your company's actually losing customer experience or, or revenue, uh, or you're unable to deliver a service to your employees or your users. That is obviously a moment of massive return for automation in those cases. Like you said, you're gonna see a reduction in the requirements to escalate, which means that the first responder can actually solve the problem themselves. Uh, and they're not gonna have to go interrupt that more higher skilled employee. Like we talked about, uh, we see that over 50% of the time, we're actually reducing escalations by using this technology. That also means the problems are getting solved a lot faster, which you also mentioned. Um, so using automation actions to both diagnose what's going wrong, but then actually try and remediate it. >>Um, and as I mentioned earlier, we can do that before you even have to get a human being at all. We can do that with machine learning in real time, which is, uh, super powerful. And then there's a long tail of other ways to leverage, uh, automation in an environment from service provisioning and redundant tasks that are used, that are done for maintenance across an environment or provisioning, uh, provisioning services to developers so that they can get to work faster. So there's a lot to do there. Um, and, and then we're also exploring ways to, to automate, uh, outside of just technical use cases, um, which we talked a little bit about in the product keynote as well. >>One of the things that, that you mentioned earlier is that the, the data that PagerDuty has that demonstrates, um, from a resignation perspective, what happens when developers are, are really taken away from their core job? Is there any data that shows that auto, uh, automation actions, you mentioned, um, a big reduction, 50% reduction in time to respond there is that, is there a direct correlation in actually helping the folks on the front lines stay in the front lines? >>That's right. So, um, and, and also those that are coding coding, right? So, um, the, that 50% reduction means 50% time given back for them to do their primary function, which in this case is building amazing new digital services, whether that's a new customer experience, uh, or a piece of, uh, uh, digital service to drive the business and business efficiency. And so driving this automation access kind of a shock absorber for your business and for the people in your business that are, that are super taxed. And we actually release something called the state, uh, state of digital operations. And, uh, we are updating all that data actually, and announced, uh, today that that is now available on our website as well. So you can hop on there and actually see live statistics off of our platform that we culminate, uh, along with some survey statistics that are trending all of this information you're mentioning in terms of people being interrupted and then, uh, you know, churning actually from their job because they've been interrupted so many times. And so that's right, this will directly impact that. Um, and, and as we bring automation out from just developers, we hope to have an impact across the rest of the business in a very similar way, >>Absolutely transformative. I mean, you know, we, when we think about churn, it impacts to revenue. I always think the customer experience and the employee experience are inextricably linked. And, and I think what you're talking about really demonstrates that you need to be able to empower the right employees to resolve incidents, to absorb that shock as you talked about. And that's really something that for any organization in any industry globally, is no longer a nice to have. It's really something that I think sounds like a competitive differentiator that PagerDuty can help organizations really uncover and bring to the surface. >>Yeah, you're, you're hitting on one of my favorite topics, I think in, in the service of the customer in service of like customer delight and customer obsession, all of the business is now centered on the customer, which, which means that the back office is the front office they're coming together. And, um, and with the pandemic and kind of the transition that we all took into dependency on digital services, it's all starting to look very similar. And so, um, because of that, we're able to now expand our impact at PagerDuty across so much more of a business, uh, out to, uh, everything, including employee experience, um, and also accelerating the time to productivity for your, for your business, so that you can serve your customer faster. Um, we, we acquired a company recently, uh, named catalytic and, uh, their help, their technology helped us kind of accelerate a couple of pieces to market that are just the tip of the iceberg, uh, for kind of being able to rapidly automate and configure workflows for anyone at the enterprise, whether that's for a customer, uh, experience or whether it's, uh, it's to keep your business productive or efficient, uh, for business users. >>So unpack those incident workflows, you talked about the, the catalytic acquisition that was just from March. Talk to me about the incident workflows and what were customers asking for that really kind of generated this new capability that PagerDuty recently announced. >>So, you know, people lean on PagerDuty at, at all types of times, but as we've already kind of talked about the most critical time is when something is broken for the business that is vital to their business. And so when those moments happen, you know, we call those major incidents and when you're responding to a major incident across a business, you really have to do everything you can because every second really matters. And so, um, we, you know, Catalytics technology enables flexible, automated workflows of behavior when certain conditions exist. And so the first thing you're seeing from that technology is called incident workflows, which when something's going wrong, enables you to kind of automate steps of processes very, very quickly that can be carried out company wide. So this could be something like when we see that, uh, critical service is impacted, we wanna automatically send out updates across the business. >>We wanna automatically create a, an area to go troubleshoot on a, on a collaborative, you know, collab, ops platform. We wanna automatically invite the right people into that room and automatically deliver diagnostics to them and automation to them. So they can troubleshoot faster instead of a human having to take those steps in terms of firefighting and trying to re, trying to pull those coordination steps together. Now we can configure that quickly and have it, you know, happen automatically and it, and it can actually happen without a human having to trigger it. So again, this is about something's broken, we're responding. We need to be as fast as possible. You can't rely on a human anymore. You really need, you know, the, what the earlier automation we talked about was automating off our platform. Incident workflows is automating on the operations cloud. So taking steps to solve the problem when it goes wrong without needing a human being to take those steps, >>When you're in customer conversations, Michael, and you, you talk about these capabilities. What are some of the things that, that you talk to the customers about, about why automation is going to be, I wouldn't even say critical for, or, I mean, business critical table stakes for organizations it's no longer okay. To just default to depend on humans. You know, the, the customers on the other end don't want to, you know, a couple seconds delay is hugely impactful. >>Yeah. We, we call that the abandonment threshold, but that's absolutely right. So we've already talked a lot about why you have, why the, why our businesses and our employees depend on digital. I think we've covered that what's important to understand is what is digital. So contemporary applications and digital services, there, there are tens and hundreds of microservices that are powering these things. And then there's thousands of different dependencies between those services. Um, and so supporting these and understanding these is difficult. So, so being able to interpret are they operating correct correctly? And if not, what do we do about it? It's actually a problem that humans can't calculate. Um, then you throw into change, right? So everybody's now competing with the digital service. So they want to innovate as fast as possible, get new capabilities out, keep that customer excited and happy with your offering. >>And so we need to push change on that complex environment. Very often, it's a pretty hairy mess to try and solve and to do that in real time. So we, we use two arms of an area that, that we call AIOps. One is using machine learning to interpret all of those signals and figure out is what is going on? Is it happening correctly? Is something going wrong? Is, is something looking like it's going wrong. And also to determine how to fix it, if it is going wrong, do we need a person to do this or not? And then that other side is, is what we've talked about today, which is you can't bring a human in to do all the work. So you have to know how to solve the problem. So the combination of is, is what we call AIOps it's it's event intelligence, which is machine learning to understand the situation. And then it's automation to actually go out and react to it and solve the problem. That's that's this branch of our, of our platform. >>Got it. You guys have PagerDuty has 19,000 customers, including 60% of the fortune 100. Is there a customer example that, that jumps to mind to you that really articulates the value of AI ops for example, and what it is at PagerDuty is able to allow its customers to do >>Sure. Um, and, and now a million users on this platform, which is just phenomenal. And so that, that actually helps us design better machine learning, because we have so many people using this platform. Um, you know, there's, there's a great example that was just shown on in our kickoff. So if you haven't seen the product, uh, keynote, you really have to see it. We run what are called, uh, day in the life demos. And in this case, this kind of hit close to home for us, because a lot of us have been sitting in delays in airports around the globe, as we get back to our travel, uh, and, and get back to seeing people face to face. Um, but, but what we showed there is, is, uh, very, very, uh, close to real world example where, um, you know, a, a ticketing, uh, service goes down for a travel agency and it impacts everything from directly their end users, customer satisfaction, but also partner engagements and employee behaviors. >>And whether they can get the right people booked to staff, that flight, et cetera, it really throws logistical chaos on the entire business. And it's all based on digital systems. And in that you can see our, our platform helps them react and manage customers at the customer service layer. It gets the developers and the infrastructure, and it teams reacting to solve the problem instantly. They use automation to solve the problem, and they actually learn some new things in that situation. And they bring that back to the flexible workflows. So it's a, it's basically what I call a virtuous loop as they solve a problem, and they realize they could do it faster, better, quicker, or automate more of it. You're now able to bake that back into the platform so that you're basically getting better and better and better every single time you are called to solve a problem. And so over time, we like to bring our customers up. We what we call the operational maturity model. And, uh, it, in, in, in, at the end of that journey, you should really be focused on critical work for you and for your business. And the rest of it should really be handled by our platform. >>An operational flywheel that is constantly learning is impactful. As you described in that example across an entire enterprise. So many different facets there, last question, Michael, as we're running out of time, here, you, as I mentioned in the very beginning, PagerDuty is coming off amazing momentum from FY 22. What are some of the things that you're seeing, uh, for the year ahead that, that you're excited about or that we can expect? >>Uh, great question. Um, so you just saw us release automation in every area for every user. Um, I think what you're gonna see us do across automation is bring faster and more powerful value out of the box with our automation capability. Some of that will be, for example, finding homogeneous, what we call runbooks or automation calls that you can make shared across all platforms. One of our recent announcements was the ability to host process automation, either in the PagerDuty operations cloud or behind your own firewall. We also have a hosted SAS offering for process automation. And what we're gonna do is enable the very common set of automation capabilities across all of those. So it's a homogeneous environment, no matter how you are hosting or scaling your automation. So that's one, and I think number two is this workflow stuff we touched on very, very much just the tip of the iceberg, uh, leveraging kind of a no code rapid interface to build workflows, to solve the highest ROI problem, but then we're gonna take that technology. We're gonna apply it to every downstream, repetitive service in your environment. So everything from employee onboarding to critical sales processes, or legal contract management, um, you know, anything that is time critical, you're gonna be able to build these rapid workflows around, um, and PagerDuty's gonna help you keep your business, uh, you know, healthy and, and operating around them. And so that's, that's where we're gonna be focused, uh, is for the, for the next 12, uh, months I would say. And, uh, it's gonna be an exciting run. >>It is gonna be exciting run. I better let you get back to work as VP of product and marketing. You got a lot to do Michael >>That's right. Well, I'll get back to it. I appreciate the time though. Thanks for so much for the chat, Lisa, >>Thank you so much for Michael Cook. I'm Lisa Martin. You're watching the cubes on the ground coverage of PagerDuty summit 22.

>>The cube presents Koon and cloud native con Europe, 2022, brought to you by red hat, the cloud native computing foundation and its ecosystem partners. >>Welcome to Valencia Spain and CubeCon cloud native con Europe, 2022 I'm cube Townsend, along with Paul Gill, senior editor, enterprise architecture at Silicon angle. We are talking to some incredible folks this week, continuing the conversation around enabling developers to do their work. Paul you've said that this conference is about developers. What are you finding key as a theme running throughout the show >>That that developers really need a whole set of special tools. You know, it's not the end user, the end user tools, the end user access controls the authentication it's developers need a need their own to live their in their own environment. They need their own workflow tools, their own collaboration and their own security. And that's where teleport comes in. >>So speaking of teleport, we have Michael fork, chief marking our officer at teleport new world role for you. First, tell me about how long have you been at teleport now >>Going on seven or eight months now, >>Seven or eight months in this fast moving market. I'm I'm going to tell you a painful experience I've had in this new world. We've built applications. We've moved fast audits come in. The auditors have come in and they said, you know what, who authorized this change to the cluster? And we'll go into the change ticket and say, this person authorized the changes and the change ticket. And then they'll ask for trace back. Okay. Show me the change. What do it mean? Show you the changes. It just happened. >>Yeah. Check, check GitHub. >>Yeah, check GI, get, see, we, we, we, we said we were gonna make the changes, the change happen. That's not enough. What are CU, how are you helping customers solve this access control and audit problem? >>Yeah, that's a great question. There're kind of, there're kind of two, two sides to the puzzle. And actually I think that the intro hits it. Well, you you've talked about kind of developer experience needing needing tools to more efficiently do the job as a practitioner. And you're coming at it from kind of a security and compliance angle. And there's a tension between both of those teams. It's like, you know, there's, there's a tension between dev and ops before we created DevOps. There's also a tension between kind of security teams and developers. So we've created dev SecOps. What that means is you need an easy way for developers to get access, access to the resources they needed through their jobs. That's, you know, Linux hosts and databases and Kubernetes clusters and, you know, monitoring dashboards and managing all of those credentials is quite cumbersome. If I need to access a dozen systems, then you know, I'm using SSH keys to access this. >>I have admin credentials for my database. I I'm going through a VPN to access an internal dashboard, teleport, consolidates, all of that access into a single login via your identity provider, Okta active directory, but then on the security and compliance side, we make it really easy for that compliance officer. When they say, show me that change, we have all of the audit logs. That's that show exactly what changes Keith made when he logged into, into that system. And in fact, one of the booths behind here is talking about E B P F a modern way to get that kind of kernel level grade granularity. We build all of that observability into teleport to make the security and compliance teams happy. And the engineering teams a lot more productive. >>Where do the, the access control tools like Okta, you mentioned fall short. I mean, why, why is there a need for your level of, of control at the control plane? >>Yeah. When you, when you start to talk about authorization, authentication, audit at the infrastructure level, each of these technologies has its own way of managing what kind of in, in the jargon often and Ze, right? Authentication authorization. So you have SSH for, for Linux. Kubernetes has its own way of doing authorization. All of the database providers have their own way and it's quite complicated, right? It's, it's much different. So, you know, if I'm gonna access office 365 or I'm gonna a access Salesforce, right. I'm really talking about the HTTP protocol. It's relatively trivial to implement single sign on for web-based applications. But when we start talking about things that are happening at the Linux kernel level, or with Kubernetes, it's quite complicated to build those integrations. And that's where teleport extends what you have with your IDP. So for instance, Okta, lots of our customers use Okta as their identity provider, but then teleport takes those roles and applies them and enforces them at the actual infrastructure level. >>So if I'm a lay developer, I'm looking at this thinking, you know, I, I have service mesh, I've implemented link D SEO or something to that level. And I also have Ansible and Ansible has security, etcetera. What, what role, or how does that integrate to all together from a big picture perspective? >>Yeah. So >>What, one of the, kind of the meta themes at teleport is we, we like to, we like to say that we are fighting complexity cuz as we build new technologies, we tend to run the new tech on top of the old tech. Whereas for instance, when you buy a new car, you typically don't, you know, hook the old car to the back and then pull it around with you. Right? We, we replace old technology with new technology, but in infrastructure that doesn't happen as often. And so you end up with kind of layers of complexity with one protocol sitting on top of another protocol on top of another protocol. And what teleport does is for the access control plane, we, we kind of replace the legacy ways of doing authentication authorization and audit with a new modern experience. But we allow you to continue to use the existing tools. >>So we don't replace, for instance, you know, your configuration management system, you can keep using Ansible or, or salt or Jenkins, but teleport now is gonna give those, those scripts or those pipelines in identity that you can define. What, what should Ansible be able to do? Right? If, cuz people are worried about supply chain attacks, if a, if a vulnerable dependency gets introduced into your supply chain pipeline and your kind of Ansible playbook goes crazy and starts deploying that vulnerability everywhere, that's probably something you wanna limit with teleport. You can limit that with an identity, but you can still use the tools that you're, that you're used to. >>So how do I guarantee something like an ex-employee doesn't come in and, and initiate Ansible script that was sitting in the background just waiting to happen until, you know, they left. >>Yeah. Great question. It's there's kind of the, the, the great resignation that's happening. We did a survey where actually we asked the question kind of, you know, can you guarantee that X employees can no longer access your infrastructure? And shockingly like 89% of companies could not guarantee that it's like, wow, that's like that should, that should be a headline somewhere. And we actually just learned that there are on the dark web, there are people that are targeting current employees of Netflix and Uber and trying to buy credentials of those employees to the infrastructure. So it's a big problem with teleport. We solve this in a really easy, transparent way for developers. Everything that we do is based on short lift certificates. So unlike a SSH key, which exists until you decommission it, shortlist certificates by, by default expire. And if you don't reissue them based on a new login based on the identity, then, then you can't do anything. So even a stolen credential kind of the it's value decreases dramatically over time. >>So that statistic or four out of five companies can't guarantee X employees can't access infrastructure. Why is simply removing the employee from the, you know, from the L app or directory decommissioning their login credentials. Why is that not sufficient? >>Well, it, it depends on if everything is integrated into your identity provider and because of the complexities of accessing infrastructure, we know that developers are creative people. And by, by kind of by definition, they're able to create systems to make their lives easier. So one thing that we see developers doing is kind of copying an SSH key to a local notepad on, on their computer. So they essentially can take that credential out of a vault. They can put it somewhere that's easier for them to access. And if you're not rotating that credential, then I can also, you know, copy it to a, to a personal device as well. Same thing for shared admin credentials. So the, the, the issue is that those credentials are not completely managed in a unified way that enables the developer to not go around the system in order to make their lives easier. >>But rather to actually use the system, there's a, there's a market called privilege access management that a lot of enterprises are using to kind of manage credentials for their developers, but it's notoriously disruptive to developer workflows. And so developers kind of go around the system in order to make their jobs easier. What teleport does is we obviate the need to go around the system, cuz the simplest thing is just to come in in the morning, log in one time to my identity provider. And now I have access to all of my servers, all of my databases, all of my Kubernetes clusters with a short lift certificate, that's completely transparent. And does >>This apply to, to your, both your local and your cloud accounts? >>Yes. Yes, exactly. >>So as a security company, what's driving the increase in security breaches. Is it the lack of developer hygiene? Is it this ex-employee great resignation bill. Is it external intruders? What's driving security breaches today. >>Yes. >>It's you know, it's, it's all of those things. I think if I had to put, give you a one word answer, I would say complexity. The systems that we are building are just massively complex, right? Look at how many vendors there are at this show in order to make Kubernetes easy to use, to do what its promises. It's just, we're building very complex systems. When you build complex systems, there's a lot of back doors, we call it kind of a tax surface. And that's why for every new thing that we introduce, we also need to think about how do we remove old layers of the stack so that we can simplify so that we can consolidate and take advantage of the power of something like Kubernetes without introducing security vulnerabilities. >>One of the problems or challenges with security solutions is, you know, you there's this complexity versus flexibility knob that you, you need to be careful of. What's the deployment experience in integration experience for deploying teleport. >>Yeah, it's it, we built it to be cloud native to feel like any other kind of cloud native or Kubernetes like solution. So you basically, you deploy it using helm chart, you deploy it using containers and we take care of all of the auto configuration and auto update. So that it's just, it's, it's part of your stack and you manage it using the same automation that you use to manage everything else. That's a, that's a big kind of installation and developer experience. Part of it. If it's complex to use, then not only are developers not gonna use it. Operations teams are not gonna want to have to deal with it. And then you're left with doing things the old way, which is very unsatisfactory for everybody. >>How does Kubernetes change the security equation? Are there vulnerabilities? It introduces to the, to the stack that maybe companies aren't aware of >>Almost by definition. Yes. Kind of any new technology is gonna introduce new security vulnerabilities. That's the that's that is the result of the complexity, which is, there are things that you just don't know when you introduce new components. I think kind of all of the supply chain vulnerabilities are our way of looking at that, which is we have, you know, Kubernetes is itself built on a lot of dependencies. Those dependencies themselves could have security vulnerabilities. You might have a package that's maintained by one kind of hobbyist developer, but that's actually deployed across hundreds of thousands of applications across, across the internet. So again, it's about one understanding that that complexity exists and then saying, is there a way that we can kind of layer on a solution that provides a common layer to let us kind of avoid that complexity and say, okay, every critical action needs to be authorized with an identity that way if it's automated or if it's human, I have that level of assurance that a hacked Ansible pipeline is not going to be able to introduce vulnerabilities across my entire infrastructure. >>So one of the challenges for CIOs and CTOs, it's the lack of developer resources and another resulting pain point that compounds that issue is rework due to security audits is teleport a source of truth that when a auditor comes in to audit a, a, a, a C I C D pipeline that the developer or, or operations team can just say, Hey, here's, self-service get what you need. And come back to us with any questions or is there a second set of tools we have to use to get that audit and compliance reporting? >>Yeah, it's teleport can be that single source of truth. We can also integrate with your other systems so you can export all of the, what we call access logs. So every, every behavior that took place, every query that was run on a database, every, you know, curl command that was run on a Lennox, host, teleport is creating a log of that. And so you can go in and you can filter and you can view those, those actions within teleport. But we also integrate with other systems that, that people are using, you have its Splunk or Datadog or whatever other tool chain it's really important that we integrate, but you can also use teleport as that single source. So >>You can work with the observability suites that are now being >>Installed. Yeah, there, the, the wonderful thing about kind of an ecosystem like Kubernetes is there's a lot of standardization. You can pick your preferred tool, but under the hood, the protocols for taking a log and putting it in another system are standardized. And so we can integrate with any of the tools that developers are already using. >>So how big is teleport when I'm thinking about a, from a couple of things big as in what's the footprint and then from a developer operations team overhead, is this kind of a set and forget it, how much care feed and maintenance does it >>Need? So it's very lightweight. We basically have kind of two components. There's the, the access proxy that sits in front of your infrastructure. And that's what enables us to, you know, regardless of the complexity that sits across your multi data center footprint, your traditional applications, running on windows, your, your, your modern applications running on, you know, Linux and Kubernetes, we provide seamless access to all of that. And then there's an agent that runs on all of your hosts. And this is the part that can be deployed using yo helm or any other kind of cloud native deployment methodology that enables us to do the, the granular application level audit. For instance, what queries are actually being run on CockroachDB or on, on Postgres, you know, what, what CIS calls are running on Linnux kernel, very lightweight automation can be used to install, manage, upgrade all of it. And so from an operations perspective, kind of bringing in teleport shouldn't be any more complicated than running any application on a container. That's, that's the design goal and what we built for our customers. >>If I'm in a hybrid environment, I'm transitioning, I'm making the migration to teleport. Is this a team? Is this a solution that sits only on the Kubernetes cloud native side? Or is this something that I can trans transition to initially, and then migrate all of my applications to, as I transition to cloud native? >>Yeah. We, there are kind of, no, there are no cloud native dependencies for teleport. Meaning if you are, you're a hundred percent windows shop, then we support for instance, RDP. That's the way in which windows handles room access. If you have some applications that are running on Linux, we can support that as well. If you've got kind of the, you know, the complete opposite in the spectrum, you're doing everything, cloud native containers, Kubernetes, everything. We also support that. >>Well, Michael, I really appreciate you stopping by and sharing the teleport story. Security is becoming an obvious pain point for cloud native and container management. And teleport has a really good story around ensuring compliance and security from Licia Spain. I'm Keith towns, along with Paul Gillon and you're watching the cue, the, the leader, not the, the leader two, the high take tech coverage.

(calm music) >> Hi everybody. We're here at VeeamON 2022. This is day two of the CUBE's continuous coverage. I'm Dave Vellante. My co-host is Dave Nicholson. A ton of energy. The keynotes, day two keynotes are all about products at Veeam. Veeam, the color of green, same color as money. And so, and it flows in this ecosystem. I'll tell you right now, Michael Cade is here. He's the senior technologist for product strategy at Veeam. Michael, fresh off the keynotes. >> Yeah, yeah. >> Welcome. Danny Allen's keynote was fantastic. I mean, that story he told blew me away. I can't wait to have him back. Stay tuned for that one. But we're going to talk about protecting containers, Kasten. You guys got announcements of Kasten by Veeam, you call it K10 version five, I think? >> Yeah. So just rolled into 5.0 release this week. Now, it's a bit different to what we see from a VBR release cycle kind of thing, cause we're constantly working on a two week sprint cycle. So as much as 5.0's been launched and announced, we're going to see that trickling out over the next couple of months until we get round to Cube (indistinct) and we do all of this again, right? >> So let's back up. I first bumped into Kasten, gosh, it was several years ago at VeeamON. Like, wow this is a really interesting company. I had deep conversations with them. They had a sheer, sheer cat grin, like something was going on and okay finally you acquire them, but go back a little bit of history. Like why the need for this? Containers used to be ephemeral. You know, you didn't have to persist them. That changed, but you guys are way ahead of that trend. Talk a little bit more about the history there and then we'll get into current day. >> Yeah, I think the need for stateful workloads within Kubernetes is absolutely grown. I think we just saw 1.24 of Kubernetes get released last week or a couple of weeks ago now. And really the focus there, you can see, at least three of the big ticket items in that release are focused around storage and data. So it just encourages that the community is wanting to put these data services within that. But it's also common, right? It's great to think about a stateless... If you've got stateless application but even a web server's got some state, right? There's always going to be some data associated to an application. And if there isn't then like, great but that doesn't really work- >> You're right. Where'd they click, where'd they go? I mean little things like that, right? >> Yeah. Yeah, exactly. So one of the things that we are seeing from that is like obviously the requirement to back up and put in a lot of data services in there, and taking full like exposure of the Kubernetes ecosystem, HA, and very tiny containers versus these large like virtual machines that we've always had the story at Veeam around the portability and being able to move them left, right, here, there, and everywhere. But from a K10 point of view, the ability to not only protect them, but also move those applications or move that data wherever they need to be. >> Okay. So, and Kubernetes of course has evolved. I mean the early days of Kubernetes, they kept it simple, kind of like Veeam actually. Right? >> Yeah. >> And then, you know, even though Mesosphere and even Docker Swarm, they were trying to do more sophisticated cluster management. Kubernetes has now got projects getting much more complicated. So more complicated workloads mean more data, more critical data means more protection. Okay, so you acquire Kasten, we know that's a small part of your business today but it's going to be growing. We know this cause everybody's developing applications. So what's different about protecting containers? Danny talks about modern data protection. Okay, when I first heard that, I'm like, eh, nice tagline, but then he peel the onion. He explains how in virtualization, you went from agents to backing up of VMware instance, a virtual instance. What's different about containers? What constitutes modern data protection for containers? >> Yeah, so I think the story that Danny tells as well, is so when we had our physical agents and virtualization came along and a lot of... And this is really where Veeam was born, right, we went into the virtualization API, the VMware API, and we started leveraging that to be more storage efficient. The admin overhead around those agents weren't there then, we could just back up using the API. Whereas obviously a lot of our competition would use agents still and put that resource overhead on top of that. So that's where Veeam initially got the kickstart in that world. I think it's very similar to when it comes to Kubernetes because K10 is deployed within the Kubernetes cluster and it leverages the Kubernetes API to pull out that data in a more efficient way. You could use image based backups or traditional NAS based backups to protect some of the data, and backup's kind of the... It's only one of the ticks in the boxes, right? You have to be able to restore and know what that data is. >> But wait, your competitors aren't as fat, dumb and happy today as they were back then, right? So it can't... They use the same APIs and- >> Yeah. >> So what makes you guys different? >> So I think that's testament to the Kubernetes and the community behind that and things like the CSI driver, which enables the storage vendors to take that CSI abstraction layer and then integrate their storage components, their snapshot technologies, and other efficiency models in there, and be able to leverage that as part of a universal data protection API. So really that's one tick in the box and you're absolutely right, there's open source tools that can do exactly what we're doing to a degree on that backup and recovery. Where it gets really interesting is the mobility of data and how we're protecting that. Because as much as stateful workloads are seen within the Kubernetes environments now, they're also seen outside. So things like Amazon RDS, but the front end lives in Kubernetes going to that stateless point. But being able to protect the whole application and being very application aware means that we can capture everything and restore wherever we want that to go as well. Like, so the demo that I just did was actually a Postgres database in AWS, and us being able to clone or migrate that out into an EKS cluster as a staple set. So again, we're not leveraging RDS at that point, but it gives us the freedom of movement of that data. >> Yeah, I want to talk about that, what you actually demoed. One of the interesting things, we were talking earlier, I didn't see any CLI when you were going through the integration of K10 V5 and V12. >> Yeah. >> That was very interesting, but I'm more skeptical of this concept, of the single pane of glass and how useful that is. Who is this integration targeting? Are you targeting the sort of traditional Veeam user who is now adding as a responsibility, the management of protecting these Kubernetes environments? Or are you at the same time targeting the current owners of those environments? Cause I know you talk about shift left and- >> Yeah. >> You know, nobody needs Kubernetes if you only have one container and one thing you're doing. So at some point it's all about automation, it's about blueprints, it's about getting those things in early. So you get up, you talk about this integration, who cares about that kind of integration? >> Yeah, so I think it's a bit of both, right? So we're definitely focused around the DevOps focused engineer. Let's just call it that. And under an umbrella, the cloud engineer that's looking after Kubernetes, from an application delivery perspective. But I think more and more as we get further up the mountain, CIS admin, obviously who we speak to the tech decision makers, the solutions architects systems engineers, they're going to inherit and be that platform operator around the Kubernetes clusters. And they're probably going to land with the requirement around data management as well. So the specific VBR centralized management is very much for the backup admin, the infrastructure admin or the cloud based engineer that's looking after the Kubernetes cluster and the data within that. Still we speak to app developers who are conscious of what their database looks like, because that's an external data service. And the biggest question that we have or the biggest conversation we have with them is that the source code, the GitHub or the source repository, that's fine, that will get your... That'll get some of the way back up and running, but when it comes to a Postgres database or some sort of data service, oh, that's out of the CI/CD pipeline. So it's whether they're interested in that or whether that gets farmed out into another pre-operations, the traditional operations team. >> So I want to unpack your press release a little bit. It's full of all the acronyms, so maybe you can help us- >> Sure. >> Cipher. You got security everywhere enhance platform hardening, including KMS. That's key- >> Yeah, key management service, yeah. >> System, okay. With AWS, KMS and HashiCorp vault. Awesome, love to see HashiCorp company. >> Yeah. >> RBAC objects in UI dashboards, ransomware attacks, AWS S3. So anyway, security everywhere. What do you mean by that? >> So I think traditionally at Veeam, and continue that, right? From a security perspective, if you think about the failure scenario and ransomware's, the hot topic, right, when it comes to security, but we can think about security as, if we think about that as the bang, right, the bang is something bad's happen, fire, flood, blood, type stuff. And we tend to be that right hand side of that, we tend to be the remediation. We're definitely the one, the last line of defense to get stuff back when something really bad happens. And I think what we've done from a K10 point of view, is not only enhance that, so with the likes of being able to... We're not going to reinvent the wheel, let's use the services that HashiCorp have done from a HashiCorp vault point of view and integrate from a key management system. But then also things like S3 or ransomware prevention. So I want to know if something bad's happened and Kasten actually did something more generic from a Veeam ONE perspective, but one of the pieces that we've seen since we've then started to send our backups to an immutable object storage, is let's be more of that left as well and start looking at the preventative tasks that we can help with. Now, we're not going to be a security company, but you heard all the way through Danny's like keynote, and probably when he is been on here, is that it's always, we're always mindful of that security focus. >> On that point, what was being looked for? A spike in CPU utilization that would be associated with encryption? >> Yeah, exactly that. >> Is that what was being looked- >> That could be... Yeah, exactly that. So that could be from a virtual machine point of view but from a K10, and it specifically is that we're going to look at the S3 bucket or the object storage, we're going to see if there's a rate of change that's out of the normal. It's an abnormal rate. And then with that, we can say, okay, that doesn't look right, alert us through observability tools, again, around the cloud native ecosystem, Prometheus Grafana. And then we're going to get insight into that before the bang happens, hopefully before the bang. >> So that's an interesting when we talk about adjacencies and moving into this area of security- >> We're talking to Zeus about that too. >> Exactly. That's that sort of creep where you can actually add value. It's interesting. >> So, okay. So we talked about shift left, get that, and then expanded ecosystem, industry leading technologies. By the way, one of them is the Red Hat Marketplace. And I think, I heard Anton's... Anton was amazing. He is the head of product management at Veeam. Is been to every VeeamON. He's got family in Ukraine. He's based in Switzerland. >> Yeah. >> But he chose not to come here because he's obviously supporting, you know, the carnage that's going on in Ukraine. But anyway, I think he said the Red Hat team is actually in Ukraine developing, you know, while the bombs are dropping. That's amazing. But anyway, back to our interview here, expanded ecosystem, Red Hat, SUSE with Rancher, they've got some momentum. vSphere with Tanzu, they're in the game. Talk about that ecosystem and its importance. >> Yeah, and I think, and it goes back to your point around the CLI, right? Is that it feels like the next stage of Kubernetes is going to be very much focused towards the operator or the operations team. The CIS admin of today is going to have to look after that. And at the moment it's all very command line, it's all CLI driven. And I think the marketplace is OpenShift, being our biggest foothold around our customer base, is definitely around OpenShift. But things like, obviously we are a longstanding alliance partner with VMware as well. So their Tanzu operations actually there's support for TKGS, so vSphere Tanzu grid services is another part of the big release of 5.0. But all three of those and the common marketplace gives us a UI, gives us a way of being able to see and visualize that rather than having to go and hunt down the commands and get our information through some- >> Oh, some people are going to be unhappy about that. >> Yeah. >> But I contend the human eye has evolved to see in color for a very good reason. So I want to see things in red, yellow, and green at times. >> There you go, yeah. >> So when we hear a company like Veeam talk about, look we have no platform agenda, we don't care which cloud it's in. We don't care if it's on-prem or Google Azure, AWS. We had Wasabi on, we have... Great, they got an S3 compatible, you know, target, and others as well. When we hear them, companies like you, talk about that consistent experience, single pane of glass that you're skeptical of, maybe cause it's technically challenging, one of the things, we call it super cloud, right, that's come up. Danny and I were riffing on that the other day and we'll do that more this afternoon. But it brings up something that we were talking about with Zeus, Dave, which is the edge, right? And it seems like Kubernetes, and we think about OpenShift. >> Yeah. >> We were there last week at Red Hat Summit. It's like 50% of the conversation, if not more, was the edge. Right, and really true edge, worst cases, use cases. Two weeks ago we were at Dell Tech, there was a lot of edge talk, but it was retail stores, like Lowe's. Okay, that's kind of near edge, but the far edge, we're talking space, right? So seems like Kubernetes fits there and OpenShift, you know, particularly, as well as some of the others that we mentioned. What about edge? How much of what you're doing with container data protection do you see as informing you about the edge opportunity? Are you seeing any patterns there? Nobody's really talking about it in data protection yet. >> So yeah, large scale numbers of these very small clusters that are out there on farms or in wind turbines, and that is definitely something that is being spoken about. There's not much mention actually in this 5.0 release because we actually support things like K3s,(indistinct), that all came in 4.5, but I think, to your first point as well, David, is that, look, we don't really care what that Kubernetes distribution is. So you've got K3s lightweight Kubernetes distribution, we support it, because it uses the same native Kubernetes APIs, and we get deployed inside of that. I think where we've got these large scale and large numbers of edge deployments of Kubernetes and that you require potentially some data management down there, and they might want to send everything into a centralized location or a more centralized location than a farm shed out in the country. I think we're going to see a big number of that. But then we also have our multi cluster dashboard that gives us the ability to centralize all of the control plane. So we don't have to go into each individual K10 deployment to manage those policies. We can have one big centralized management multi cluster dashboard, and we can set global policies there. So if you're running a database and maybe it's the same one across all of your different edge locations, where you could just set one policy to say I want to protect that data on an hourly basis, a daily basis, whatever that needs to be, rather than having to go into each individual one. >> And then send it back to that central repository. So that's the model that you see, you don't see the opportunity, at least at this point in time, of actually persisting it at the edge? >> So I think it depends. I think we see both, but again, that's the footprint. And maybe like you mentioned about up in space having a Kubernetes cluster up there. You don't really want to be sending up a NAS device or a storage device, right, to have to sit alongside it. So it's probably, but then equally, what's the art of the possible to get that back down to our planet, like as part of a consistent copy of data? >> Or even a farm or other remote locations. The question is, I mean, EVs, you know, we believe there's going to be tons of data, we just don't.. You think about Tesla as a use case, they don't persist a ton of their data. Maybe if a deer runs across, you know, the front of the car, oh, persist that, send that back to the cloud. >> I don't want anyone knowing my Tesla data. I'll tell you that right now. (all laughing) >> Well, there you go, that one too. All right, well, that's future discussion, we're still trying to squint through those patterns. I got so many questions for you, Michael, but we got to go. Thanks so much for coming to theCUBE. >> Always. >> Great job on the keynote today and good luck. >> Thank you. Thanks for having me. >> All right, keep it right there. We got a ton of product talk today. As I said, Danny Allan's coming back, we got the ecosystem coming, a bunch of the cloud providers. We have, well, iland was up on stage. They were just recently acquired by 11:11 Systems. They were an example today of a cloud service provider. We're going to unpack it all here on theCUBE at VeeamON 2022 from Las Vegas at the Aria. Keep it right there. (calm music)