>>Good day. And thanks for joining us as we continue our series here on the Coupa, the AWS startup showcase featuring today, big ID and what this is, will Murphy was the vice president of business development and alliances at big idea. Well, good day to you. How are you going today? Thanks John. I'm doing well. I'm glad to be here. That's great. And acute belong to, I might add, so it's nice to have you back. Um, let's first off, let's share the big ID story. Uh, you've been around for just a handful of years accolades coming from every which direction. So obviously, uh, what you're doing, you're doing very well, but for our viewers who might not be too familiar with big ID, just give us a 30,000 foot level of your core competence. Yeah, absolutely. So actually we just had our five-year anniversary for big ID, uh, which we're quite excited about. >>Um, and that five-year comes with some pretty big red marks. We've raised over $200 million for a unicorn now. Um, but where that comes to and how that came about was that, um, we're dealing with, um, longstanding problems with modern data landscape security governance, privacy initiatives, um, and starting in 2016 with the, uh, authorship of GDPR, the European privacy law organizations, how to treat data differently than they did before they couldn't afford to just sit on all this data that was collected for a couple of reasons, right? Uh, one of them being that it's expensive. So you're constantly storing data, whether that's on-prem or in the cloud is we're going to talk about there's expense that you have to pay to secure the data and keep it from being leaked. You have to pay for access control. It's paid for a lot of different things and you're not getting any value out of that. >>And then there's the idea of like the customer trust piece, which is like, if anything happens to that data, um, your reputational, uh, your reputation as a company and the trust you have between your customers and your organization is broken. So big ID. What we did is we decided that there was a foundation that needed to be built. The foundation was data discovery. If you even an organization knows where its data is, whose data it is, where it is, um, and what it is, and also who has access to it, they can start to make actionable decisions based on the data and based on this new data intelligence. So we're trying to help organizations keep up with modern data initiatives and we're empowering organizations to handle their data sensitive, personal regulated. And what's actually quite interesting is we allow organizations to define what's sensitive to them because like people, organizations are all different. >>And so what's sensitive to one organization might not be to another, it goes beyond the wall. And so we're giving organizations that new power and flexibility, and this is what I still find striking is that obviously with this exponential growth of data and machine learning, just bringing billions of inputs, it seems like right. All of a sudden you have this fast reservoir data, is that the companies in large part, um, don't know a lot about the data that they're harvest state and where it is. And so it's not actionable, it's kind of dark data, right. Just out there reciting. >>Um, and so as I understand it, this, this is your focus basically is tell people, Hey, here's your landscape. Uh, here's how you can better put it to action, why it's valuable and we're going to help them protect it. Um, and they're not aware of these things, which I still find a little striking in this day and age, >>And it goes even further. So, you know, when you start to, when you start to reveal the truth and what's going on with data, there's a couple things that some organizations do. Uh, and I think human instincts, some organizations want to bury their head in the sand. I'm like, everything's fine. Uh, which is, as we know, and we've seen the news frequently, not a sustainable approach. Uh, there's the, there's the, like, let's be a, we're overwhelmed. We don't, we don't even know. We don't even know where to start. Then there's the natural reaction, which is okay. We have to centralize and control everything which defeats the purpose of having, um, shared drives and collaboration and, um, geographically disparate workforces, which we've seen particularly over the last year, how important that resiliency within organizations is to be able to work in different areas. And so, um, it really restricts the value that, um, organizations can get from their data, which is important. And it's important in a ton of ways. Um, and for customers that have allowed their, their data to be, to be stored and harvested by these organizations, they're not getting value out of it either. It's just risk. And we've got to move data from the liability side of the balance sheet, um, to the assets out of the balance sheet. And that comes first and foremost with knowledge. >>So everybody's vote cloud, right? Everybody was on prem and also we build a bigger house and build a bigger house, better security, right in front of us, got it, got to grow. And that's where I assume AWS has come in with you. And, and this was a two year partnership that you've been engaged with in AWS. So maybe shine a little light on that, about the partnership that you've created with AWS, and then how you then in turn transition that, to leverage that for the betterment of your >>Customer base. Yeah. So AWS has been a great partner. Um, they are very forward-looking for an organization, as large as they are very forward looking that they can't do everything that their customers need. And it's better for the ecosystem as a whole to enable small companies like us. And we were very small when we started our relationship with them, uh, to, to join their partner organization. So we're an advanced partner. Now we're part of ISV accelerate. So it's a slightly more lead partner organization. Um, and we're there because our customers are there and AWS like us, but we both have a customer obsessed culture. Um, but organizations are embracing the cloud and there's fear of the cloud. There's there really shouldn't be in the, in the way that we thought of it, maybe five or 10 years ago. And that, um, companies like AWS are spending a lot more money on security than most organizations can. >>So like they have huge security teams, they're building massive infrastructure. And then on top of that, companies themselves can do, can use, uh, products like big ID and other products to make themselves more secure, um, from outside threats and from, from inside threats as well. So, um, we are trying to with them approach modern data challenge as well. So even within AWS, if you put all the information in, like, let's say S3 buckets, that doesn't really tell you anything. It's like, you know, I, I make this analogy. Sometimes I live in Manhattan. If I were to collect all the keys of everybody that lived in a 10 block radius around me and put it into a dumpster, uh, and keep doing that, I would theoretically know where all the keys were there in the dumpster. Now, if somebody asked me, I'd like my keys back, uh, I'd have a really hard time giving them that because I've got to sort through, you know, 10,000 people's keys. >>And I don't really know a lot about it, but those key sale a lot, you know, it says, are you in an old building, are you in a new building? You have a bike, do you have a car? Do you have a gym locker? There's all sorts of information. And I think this analogy holds up for data because of the way you store your data is important, but, um, you can gain a lot of theoretically innocuous, but valuable information from the data that's there while not compromising the sensitive data. And as an AWS has been a fabulous partner in this, they've helped us build a AWS security, have integration out of the box. Um, we now work with over 12 different AWS native, uh, applications from anything like S3 Redshift and Sienna, uh, Kinesis, as well as, um, apps built on AWS like snowflake and Databricks that we, that we connect to. >>And AWS, the technical team of department teams have been an enormous part of our success there. We're very proud of joining the marketplace to be where our customers want to buy enterprise software more and more. Um, and that's another area that we're collaborating, uh, in, in, in joint accounts now to bring more value in simplicity to our joint customers. What's your process in terms of your customer and, uh, evaluating their needs because you just talked about earlier, you had different approaches to security. Some people put their head in the sand, right? Some people admit that there's a problem. Some people fully engaged. So I assume there's also different levels of sophistication in terms of whatever you have in place and then what their needs are. So if you would shine a little light on that, you know, where they are in terms of their data landscape and AWS and its tools, but you just touched them on multiple tools you have in your service. >>Now, all that comes together to develop what would be, I guess, a unique program for a company's specific needs. It is. We started talking to the largest enterprise accounts when we were founded and we still have a real proclivity and expertise in that area. So the issues with the large enterprise accounts and the uniqueness there is scale. They have a tremendous amount of data, HR data, financial data, customer data, you name it, right? Like, we'll go. We can, we can go dry mouth talking about how many you're saying data. So many times with, with these large customers, um, freight Ws scale, wasn't an issue. They can store it, they can analyze it. They can do tons. It where we were helping is that we could make that safer. So if you want to perform data analytics, you want to ensure that sensitive data is not being, or that you want to make sure you're not violating local, not national or industry specific regulations. >>Financial services is a great example. There's dozens of regulations at the federal level in the United States and each state has their own regulations. This becomes increasingly complex. So AWS handles this by, by allowing an amazing amount of customization for their customers. They have data centers in the right places. They have experts on, on, uh, vertical, specific issues. Big ID handles this similarly in some ways, but we handle it through ostensive ability. So one of our big things is we have to be able to connect to every everywhere where our customers have data. So we want to build a foundation of like, let's say first let's understand the goals is the goal compliance with the law, which it should be for everybody that should just be like, we need to, we need to comply with the law. Like that's, that's easy. Yeah. Then as the next piece, like, are we dealing with something legacy? >>Was there a breach? Do we need to understand what happened? Are we trying to be forward-looking and understanding? We want to make sure we can lock down our most sensitive data, tier our storage tier, our security tier are our analytics efforts, which also is cost-effective. So you don't have to do, uh, everything everywhere, um, or is the goal a little bit like we needed to get a return on investment faster, and we can't do that without de-risking some of that. So we've taken those lessons from the enterprise where it's exceedingly difficult, uh, to work because of the strict requirements, because the customers expect more. And I think like AWS, we're bringing a down market. Uh, we have some, a new product coming out. Uh, it's exclusive for, uh, AWS now called small ID, which is a cloud native, a smaller version, lighter weight version of our product for customers in the more commercial space in the SMB space where they can start to build a foundation of understanding their data or, um, protection for security for, for, for privacy. >>And, and before I let you go here, what I'd like to hear about is practical application. You know, somebody that, that you've, you know, that you were able to help and assist you evaluated. Cause you've talked about the format here. You've talked about your process and talk about some future, I guess, challenges, opportunities, but, but just to give our viewers an idea of maybe the kind of success you've already had to, uh, give them a perspective on that, this share a couple stories. If you wouldn't mind with some work that you guys did and rolled up your sleeves and, and, uh, created that additional value >>For your customers. Yeah, absolutely. So I'll give a couple examples. I'm going to, I'm going to keep everyone anonymized, uh, as a privacy based company, in many ways, what we, we try to respect colors. Um, but let's talk about different types of sensitive data. So we have customers that, um, intellectual property is their biggest concern. So they, they do care about compliance. They want to comply with all local and national laws where they, where they, their company resides all their offices are, but they were very concerned about sensitive data sprawl around intellectual property. They have a lot of patents. They have a lot of sensitive data that way. So one of the things we did is we were able to provide custom tags and classifications for their sensitive data based on intellectual property. And they could see across their cloud environment, across their on-premise environment across shared drives, et cetera. >>We're sensitive data had sprawl where it had moved, who's having access to it. And they were able to start realigning their storage strategy and their content management strategy, data governance strategy, based on that, and start to, uh, move sensitive data back to certain locations, lock that down on a higher level could create more access control there, um, but also proliferate and, uh, share data that more teams needed access to. Um, and so that's an example of a use case that I don't think we imagined necessarily in 2016 when we were focused on privacy, but we've seen that the value can come from it. Um, so yeah, no, I mean, the other piece is, so we've worked with some of the largest AWS customers in the world. Their concern is how do we even start to scan the Tedder, terabytes and petabytes of data in any reasonable fashion? >>Uh, without it being out of date, if we create this data map, if we prayed this data inventory, uh, it's going to be out of date day one, as soon as we say, it's complete, we've already added more. That's where our scalability fit Sam. We were able to do a full scan of their entire AWS environment and, uh, months, and then keep up with the new data that was going into their AWS environment. This is a, this is huge. This was groundbreaking for them. So our hyper scan capability, uh, that we've wrote, brought out that we rolled out to AWS first, um, was a game changer for them to understand what data they had and where it is who's it is et cetera at a way that they never thought they could keep up with. You know, I I'm, I brought back to the beginning of code when the British government was keeping track of all the COVID cases on spreadsheets and spreadsheet broke. >>Um, it was also out of date, as soon as they entered something else. It was already out of date. They couldn't keep up with them. Like there's better ways to do that. Uh, luckily they think they've moved on from, from that, uh, manual system, but automation using the correct human inputs when necessary, then let, let machine learning, let, uh, big data take care of things that it can, uh, don't waste human hours that are precious and expensive unnecessarily and make better decisions based on that data. You know, you raised a great point too, which I hadn't thought of about the fact is you do your snapshot today and you start evaluating all their needs for today. And by the time you're going to get that done, their needs have now exponentially grown. It's like painting the golden gate bridge, right. You get that year and now you've got to pay it again. I said it got bigger, but anyway, they will. Thanks for the time. We certainly appreciate it. Thanks for joining us here on the sort of showcase and just remind me that if you ever asked for my keys, keep them out of that dumpster to be here.

(upbeat music) >> Well, good day and thank you for joining us as we continue our series here on theCUBE of the AWS Startup Showcase featuring today BigID. And with us is Will Murphy, who's the Vice President of the Business Development and Alliances at BigID. Will, good day to you, how are you doing today? >> Thanks John, I'm doing well. I'm glad to be here. >> Yeah, that's great. And theCUBE alum too, I might add so it's nice to have you back. Let's first off, let's share the BigID story. You've been around for just a handful of years. Accolades coming from every which direction so obviously what you're doing, you're doing very well. But for our viewers who might not be too familiar with BigID, just give us a 30,000 foot level of your core competence. >> Yeah absolutely. So actually we just had our five-year anniversary for BigID, which we're quite excited about. And that five year comes with some pretty big red marks. We've raised over $200 million for a unicorn now. But where that comes to and how that came about was that we're dealing with longstanding problems with modern data landscapes, security governance, privacy initiatives. And starting in 2016 with the authorship of GDPR, the European privacy law organizations had to treat data differently than they did before. They couldn't afford to just sit on all this data that was collected. For a couple reasons, right? One of them being that it's expensive. So you're constantly storing data whether that's on-prem or in the cloud as we're going to talk about. There's expense to that. You have to pay to secure the data and keep it from being leaked, You have to pay for access control, you have to pay for a lot of different things. And you're not getting any value out of that. And then there's the idea of the customer trust piece, which is like if anything happens to that data, your reputation as a company and the trust you have between your customers and your organization is broken. So BigID, what we did is we decided that there was a foundation that needed to be built. The foundation was data discovery. If an organization knows where its data is, whose data it is, where it is, and what it is and also who has access to it, they can start to make actionable decisions based on the data and based on this new data intelligence. So, we're trying to help organizations keep up with modern data initiatives. And we're empowering organizations to handle their data, sensitive, personal regulated. What's actually quite interesting is we allow organizations to define what's sensitive to them because like people, organizations are all different. And so what's sensitive to one organization might not be to another. It goes beyond the wall. And so we're giving organizations that new power and flexibility. >> And this is what I still find striking is that obviously with this exponential growth of data you got machine learning, just bringing billions of inputs. It seems like right now. Also you had this vast reservoir of data. Is that the companies in large part don't know a lot about the data that they're harvesting and where it is, and so it's not actionable. It's kind of dark data, right? Just out there residing. And so as I understand it, this is your focus basically is to tell people, hey here's your landscape, here's how you can better put it to action why it's valuable and we're going to help you protect it. And they're not aware of these things which I still find a little striking in this day and age >> And it goes even further. So you know, when you start to reveal the truth and what's going on with data, there's a couple things that some organizations do. And enter the human instincts. Some organizations want to bury their head in the sand like everything's fine. Which is as we know and we've seen the news frequently not a sustainable approach. There's the like let's be we're overwhelmed. Yeah. We don't even know where to start. Then there's the unnatural reaction, which is okay, we have to centralize and control everything. Which defeats the purpose of having shared drives and collaboration in geographically disparate workforces, which we've seen in particularly over the last year, how important that resiliency within organizations is to be able to work in different areas. And so it really restricts the value that organizations can get from their data, which is important. And it's important in a ton of ways. And for customers that have allowed their data to be stored and harvested by these organizations, like they're not getting value out of it neither. It's just risk. And we've got to move data from the liability side of the balance sheet to the assets side of the balance sheet. And that comes first and foremost with knowledge. >> So everybody's going cloud, right? Used to be, you know, everybody's on prem. And all of a sudden we build a bigger house. And so because you build a bigger house, you need better security, right? Your perimeter's got to grow. And that's where I assume AWS has come in with you. And this is a two year partnership that you've been engaged with in AWS. So maybe shine a little light on that. About the partnership that you've created with AWS and then how you then in turn transition that to leverage that for the benefit of your customer base. >> Yeah. So AWS has been a great partner. They are very forward-looking for an organization as large as they are. Very forward looking that they can't do everything that their customers need. And it's better for the ecosystem as a whole to enable small companies like us, and we were very small when we started our relationship with them, to join their partner organization. So we're an advanced partner now. We're part of ISV Accelerate. So it's a slightly more lead partner organization. And we're there because our customers are there. And AWS like us, we both have a customer obsessed culture. But organizations are embracing the cloud. And there's fear of the cloud, but there really shouldn't be in the way that we thought of it maybe five or 10 years ago. And that companies like AWS are spending a lot more money on security than most organizations can. So like they have huge security teams, they're building massive infrastructure. And then on top of that, companies themselves can can use products like big ID and other products to make themselves more secure from outside threats and from inside threats as well. So we are trying to with them approach modern data challenges well. So even within AWS, if you put all the information in like let's say S3 buckets, it doesn't really tell you anything. It's like, you know, I make this analogy sometimes. I live in Manhattan and if I were to collect all the keys of everybody that lived in a 10 block radius around me and put it into a dumpster and keep doing that, I would theoretically know where all the keys were. They're in the dumpster. Now, if somebody asked me, I'd like my keys back, I'd have a really hard time giving them that. Because I've got to sort through, you know, 10,000 people's keys. And I don't really know a lot about it. But those key say a lot, you know? It says like, are you in an old building? Are you in a new building? Do you have a bike? Do you have a car? Do you have a gym locker? There's all sorts of information. And I think that this analogy holds up for data but ifs of the way you store your data is important. But you can gain a lot of theoretically innocuous but valuable information from the data that's there, while not compromising the sensitive data. And as an AWS has been a fabulous partner in this. They've helped us build a AWS security, have integration out of the box. We now work with over 12 different AWS native applications from anything like S3, Redshift, Athena, Kinesis, as well as apps built on AWS, like Snowflake and Databricks that we connect to. And in AWS, the technical teams, department teams have been an enormous part of our success there. We're very proud to have joined the marketplace, to be where our customers want to buy enterprise software more and more. And that's another area that we're collaborating in joint accounts now to bring more value and simplicity to our joint customers. >> So what's your process in terms of your customer and evaluating their needs? 'Cause you just talked about it earlier that you had different approaches to security. Some people put their head in the sand, right? Some people admit that there's a problem. Some people fully are engaged. So I assume there's also a different level of sophistication in terms of what they already have in place and then what their needs are. So if you were to shine a little light on that, about assessing where they are in terms of their data landscape. And now AWS and its tools, which you just touched on. You know, the multiple tools you have in your service. Now, all that comes together to develop what would be I guess, a unique program for a company's specific needs. >> It is. We started talking to the largest enterprise accounts when we were founded and we still have a real proclivity and expertise in that area. So the issues with the large enterprise accounts and the uniqueness there is scale. They have a tremendous amount of data: HR data financial data, customer data, you name it. Right? Like, we could go dry mouth talking about how many insane data so many times with these large customers. For AWS, scale wasn't an issue. They can store it. They can analyze it. They can do tons with it. Where we were helping is that we could make that safer. So if you want to perform data analytics, you want to ensure that sensitive data is not being part of that. You want to make sure you're not violating local, national or industry specific regulations. Financial services is a great example. There's dozens of regulations at the federal level in United States. And each state has their own regulations. This becomes increasingly complex. So AWS handles this by allowing an amazing amount of customization for their customers. They have data centers in the right places. They have experts on vertical specific issues. BigID handles this similarly in some ways, but we handle it through extensibility. So one of our big things is we have to be able to connect to everywhere where our customers have data. So we want to build a foundation of like let's say first, let's understand the goals. Is the goal compliant with the law? Which it should be for everybody. That should just be like, we need to comply with the law. Like that's easy. Yeah. Then there's the next piece, like are we dealing with something legacy? Was there a breach? Do we need to understand what happened? Are we trying to be forward-looking and understanding? We want to make sure we can lock down our most sensitive data. Tier our storage, tier our security, tier are our analytics efforts which also is cost-effective. So you don't have to do everything everywhere. Or is the goal a little bit like we needed to get our return on investment faster. And we can't do that without de-risking some of that. So we've taken those lessons from the enterprise where it's exceedingly difficult to work because of the strict requirements because the customers expect more. And I think like AWS, we're bringing it down market. We have some new product coming out. It's exclusive for AWS now called SmallID, which is a cloud native. A smaller version, lighter weight version of our product for customers in the more commercial space. In the SMB space where they can start to build a foundation of understanding their data for protection and for security, for privacy. >> Will, and before I let you go here what I'd like to hear about is practical application. You know, somebody that you've, you know, that you were able to help and assist, you evaluated. 'Cause you've talked about the format here. You talked about your process and talked about some future, I guess, challenges, opportunities. But just to give our viewers an idea of maybe the kind of success you've already had. To give them a perspective on that. Just share a couple of stories, if you wouldn't mind. Whether there's some work that you guys did and rolled up your sleeves and created that additional value for your customers. >> Yeah, absolutely. So I'll give a couple examples. I'm going to keep everyone anonymized. As a privacy based company, in many ways, we try to respect-- >> Probably a good idea, right? (Will chuckles) >> But let's talk about different types of sensitive data. So we have customers that intellectual property is their biggest concern. So they do care about compliance. They want to comply with all the local and national laws where their company resides and all their offices are. But they were very concerned about sensitive data sprawl around intellectual property. They have a lot of patents. They have a lot of sensitive data that way. So one of the things we did is we were able to provide custom tags and classifications for their sensitive data based on intellectual property. And they could see across their cloud environment, across their on-premise environment, across shared drives et cetera, where sensitive data had sprawl. Where it had moved, who's having access to it. And they were able to start realigning their storage strategy and their content management strategy, data governance strategy, based on that. And start to move sensitive data back to certain locations, lock that down on a higher level. Could create more access control there, but also proliferate and share data that more teams needed access to. And so that's an example of a use case that I don't think we imagined necessarily in 2016 when we were focused on privacy but we've seen that the value can come from it. Yeah. >> So it's a good... Please, yeah, go ahead. >> No, I mean, the other (mumbles). So we've worked with some of the largest AWS customers in the world. Their concern is how do we even start to scan the Tedder terabytes and petabytes of data in any reasonable fashion without it being out of date. If we create this data map, if we create this data inventory, it's going to be out of date day one. As soon as we say, it's complete, we've already added more. >> John: Right. >> That's where our scalability fits in. We were able to do a full scan of their entire AWS environment in months. And then keep up with the new data that was going into their AWS environment. This is huge. This was groundbreaking for them. So our hyper scan capability that we brought out, that we rolled out to AWS first, was a game changer for them. To understand what data they had, where it is, who's it is et cetera, at a way that they never thought they could keep up with. You know, I brought back to the beginning of code when the British government was keeping track of all the COVID cases on spreadsheets and spreadsheets broke. It was also out of date. As soon as they entered something else it was already out of date. They couldn't keep up with it. Like there's better ways to do that. Luckily they think they've moved on from that manual system. But automation using the correct human inputs when necessary. Then let machine learning, let big data take care of things that it can. Don't waste human hours that are precious and expensive unnecessarily. And make better decisions based on that data. >> Yeah. You raised a great point too which I hadn't thought of about. The fact is, you do your snapshot today and you start evaluating all their needs for today. And by the time you're able to get that done their needs have now exponentially grown. It's like painting the golden gate bridge. Right? You get done and now you got to paint it again, except it got bigger. We added lanes, but anyway. Hey, Will. Thanks for the time. We certainly appreciate it. Thanks for joining us here on the startup showcase. And just remind me that if you ever asked for my keys keep them out of that dumpster. Okay? (Will chuckles) >> Thanks, John. Glad to be here. >> Pleasure. (soft music)

from the cube studios in Palo Alto in Boston connecting with thought leaders all around the world this is a cube conversation LeBron welcome to the cube studio I'm John Ferrier here in Palo Alto in our remote coverage of the tech industry we are in our quarantine crew here getting all the stories in the technology industry from all the thought leaders and all the newsmakers we've got a great story here about data data compliance and really about the platforms around how enterprises are using data I've got two great guests and some news to announce Kieran our CEO is the vice president of business development with elation and William Murphy vice president of technology alliances of big ID got some interesting news a integration partnership between the two companies really kind of compelling especially now as people have to look at the cloud scale what's happening in our world certainly in the new realities of kovin 19 and going forward the role of data new kinds of applications and the speed and agility are gonna require more and more automation more reality around making sure things are in place so guys thanks for coming on appreciate it Kieran William thanks for joining me thank you thank you so let's take a step back elation you guys have been on the cube many times we've been following you guys been a leader and Enterprise catalog a new approach it's a real new technology approach and methodology and team approach to building out the data catalogues so talk about the Alliance here why what's the news why you guys in Creighton is integration partnership well let me start and thank you for having us today you know as you know elation launched the data catalog a category seven years ago and even today we're acknowledging the leader as a leader in that space you know and but we really began with the core belief that ultimately data management will be drive driven more and more by business demand and less by information suppliers so you know another way to think about that is you know how people behave with data will drive how companies manage data so our philosophy put very simply is to start with people and not first not data and our customers really seem to agree with this approach and we've got close to 200 brands using our data you know our tool every single day to drive vibrant data communities and and foster a real data culture in the environment so one of the things that was really exciting to us is the in been in data privacy by large corporate customers to get their arms around this and you know we really strive to improve our ability to use the tool inside you know these enterprises across more use cases so the partnership that we're announcing with big ID today is really you know Big Ideas the leading modern data intelligence platform for privacy and what we're trying to do is to bring bring a level of integration between our two technologies so that enterprises in better manage and scale their their data privacy compliance capability William talked about big ID what you guys are doing you guys also have a date intelligence platform we've been covering gdpr for a very long time I once called I won't say it again because it wasn't really that complimentary but the reality has sit in and they and the users now understand more than ever privacy super important companies have to deal with this you guys have a solution take a minute to explain big-big ID and what you guys are doing yeah absolutely so our founders Demetri Shirota and Nimrod Beck's founded big idea in 2016 Sam you know gdpr was authored and the big reason there is that data changed and how companies and enterprises doubled data was changing pretty much forever that profound change meant that the status quo could no longer exist and so privacy was gonna have to become a day-to-day reality to these enterprises but what big ID realized is that to start to do to do anything with privacy you actually have to understand where your data is what it is and whose it is and so that's really the genesis of what dimitri nimrod created which which is a privacy centric data discovery and intelligence platform that allows our enterprise customers and we have over 70 customers in the enterprise space many within the Fortune hundred to be able to find classify and correlate sensitive data as they defined it across data sources whether its own Prem or in the cloud and this gives our users and kind of unprecedented ability to look into their data to get better visibility which if both allows for collaboration and also allows for real-time decision-making a big place with better accuracy and confidence that regulations are not being broken and that customers data is being treated appropriately great I'm just reading here from the release that I want to get you guys thoughts and unpack some of the concepts on here but the headline is elation strengthens privacy capabilities with big ID part nur ship empowering organizations to mitigate risks delivering privacy aware data use and improved adherence to data privacy regulations it's a mouthful but the bottom line is is that there's a lot of stuff to that's a lot of complexity around these rules and these platforms and what's interesting you mentioned discovery the enterprise discovery side of the business has always been a complex nightmare I think what's interesting about this partnership from my standpoint is that you guys are bringing an interface into a complex platform and creating an easy abstraction to kind of make it usable I mean the end of the day you know we're seeing the trends with Amazon they have Kendre which they announced and they're gonna have a ship soon fast speed of insights has to be there so unifying data interfaces with back-end is really what seems to be the pattern is that the magic going on here can you guys explain what's going on with this and what's the outcome gonna be for customers yeah I guess I'll kick off and we'll please please chime in I think really there's three overarching challenges that I think enterprises are facing is they're grappling with these regulations as as we'll talked about you know number one it's really hard to both identify and classify private data right it's it's not as easy as it might sound and you know we can talk a little bit more about that it's also very difficult to flag at the point of analysis when somebody wants to find information the relevant policies that might apply to the given data that they're looking to it to run an analysis on and lastly the enterprise's are constantly in motion as enterprises change and by new businesses and enter new markets and launch new products these policies have to keep up with that change and these are real challenges to address and you know with Big Idea halation we're trying to really accelerate that compliance right with the the you know the combination of our tools you know reduce the the cost and complexity of compliance and fundamentally keep up through a single interface so that users can know what to do with data at the point of consumption and I think that's the way to think about it well I don't know if you want to add something to that absolutely I think when Karen and I have been working on this for actually many months at this point but most companies don't have a business plan of just saying let's store as much data as possible without getting anything out of it but in order to get something out of it the ability to find that data rapidly and then analyze it so that decision makers make up-to-date decisions is pretty vital a lot of these things when they have to be done manually take a long time they're huge business issues there and so the ability to both automate data discovery and then cataloging across elation and big ID gives those decision makers whether the data steward the data analyst the chief data officer an ability to really dive deeper than they have previously with better speed you know one of the things that we've been talking about for a long time with big data as these data links and they're fairly easy to pull I mean you can put a bunch of data into a corpus and you you act on them but as you start to get across these silos there's a need for you know getting a process down around managing just not only the data wrangling but the policies behind it and platforms are becoming more complex can you guys talk about the product market fit here because there's sass involved so there's also a customer activity what's the product market fit that you guys see with this integration what are some of the things that you're envisioning to emerge out of this value proposition I think I can start I think you're exactly right enterprises have made huge investments in you know historically data warehouses data Mart's data lakes all kinds of other technology infrastructure aimed at making the data easier to get to but they've effectively just layered on to the problem so elations catalog has made it incredibly much more effective at helping organizations to find to understand trust to reuse and use that data so that stewards and people who know about the data can inform users who may need need to run a particular report or conduct a specific analysis can accelerate that process and compress the time the insights much much more than then it's are possible with today's technologies and if you if you overlay that on to the data privacy challenge its compounded and I think you know will it would be great for you to comment on what the data discovery capability it's a big ID do to improve that that even further yeah absolutely so as to companies we're trying to bridge this gap between data governance and privacy and and John as you mentioned there's been a proliferation of a lot of tools whether their data lakes data analysis tools etc what Big Idea is able to do is we're looking across over 70 different types of data platforms whether they be legacy systems like SharePoint and sequel whether they be on pram or in the cloud whether it's data at rest or in motion and we're able to auto populate our metadata findings into relations data catalog the main purpose there being that those data stewards and have access to the most authentic real time data possible so on the terms of the customer value they're going to see what more built in privacy aware features is its speed but you know what I mean the problem is compounded with the data getting that catalog and getting insights out of it but for this partnership is it speed to outcome what does the outcome that you guys are envisioning here for the customer I think it's a combination of speed as you said you know they can much more rapidly get up to speed so an analyst who needs to make a decision about specific data set whether they can use it or not and know at the point of analysis if this data is governed by policies that has been informed by big IDs so the elation catalog user can make a much more rapid decision about how to use that the second piece is the complexity and costs of compliance they can really reduce and start to winnow down their technology footprint because with the combination of the discovery that big ID provides the the the ongoing discovery the big ID provides and the enterprise it data catalog provided violation we give the framework for being able to keep up with these changes in policies as rules and as companies change so they don't have to keep reinventing the wheel every time so we think that there's a significant speed time the market advantage as well as an ability to really consolidate technology footprint well I'll add to that yeah yeah just one moment so elation when they helped create this marketplace seven years ago one of the goals there and I think we're Big Ideas assisting as well as the trusting confidence that both the users of these software's the data store of the analysts have and the data that they're using and then the the trust and confidence are building with their end consumers is much better knowing that there is the this is both bi-directional and ongoing continuously you know I've always been impressed with relations vision it's big vision around the role of the human and data and it's always been impressive and yeah I think the world spinning in that direction you starting to see that now William I want to get your thoughts with big id because you know one of the things is challenging out there from what we're hearing is you know people want to protect the sensitive data obviously with the hacks and everything else and personal information there's all kinds of regulation and believe me state by state nation by nation it's crazy complex at the same time they've got to ensure this compliance tripwires everywhere right so you have this kind of nested complex web of stuff and some real security concerns at the same time you want to make data available for machine learning and for things like that this is the real kind of things that the problem has twisted around so if I'm an enterprise I'm like oh man this is a pain in the butt so how are you guys seeing this evolve because this solution is one step in that direction what are some of the pain points what are some of the examples can you share any insights around how people are overcoming that because they want to get the data out there they want to create applications that are gonna be modern robust and augmented with whether it's augmented AI of some sort or some sort of application at the same time protecting the information and compliance it's a huge problem challenge your thoughts absolutely so to your point regulations and compliance measures both state-by-state and internationally they're growing I mean I think when we saw GDP our four years ago in the proliferation of other things whether it be in Latin America in Asia Pacific or across the United States potentially even at the federal level in the future it's not making it easier to add complexity to that every industry and many companies individually have their own policies in the way that they describe data whether what's sensitive to them is it patent numbers is it loyalty card numbers is it any number of different things where they could just that that enterprise says that this type of data is particularly sensitive the way we're trying to do this is we're saying that if we can be a force multiplier for the individuals within our organization that are in charge of the stewardship over their data whether it be on the privacy side on the security side or on the data and analytics side that's what we want to do and automation is a huge piece of this so yes the ID has a number of patents in the machine learning area around data discovery and classification cluster analysis being able to find duplicate of data out there and when we put that in conjunction with what elations doing and actually gave the users of the data the kind of unprecedented ability to curate deduplicate secure sensitive data all by a policy driven automated platform that's actually I think the magic gear is we want to make sure that when humans get involved their actions can be made how do I say this minimum minimum human interaction and when it's done it's done for a reason of remediation so they're there the second step not the first step here I'll get your thoughts you know I always riff on the idea of DevOps and it's a cloud term and when you apply that the data you talk about programmability scale automation but the humans are making calls whether you're a programmer and devops world or to a data customer of the catalog and halation i'm making decisions with my business I'm a human I'm taking action at the point of design or whatever this is where I think the magic can happen your thoughts on how this evolves for that use case because what you're doing is you're augmenting the value for the user by taking advantage of these things is is that right or am i around the right area yeah I think so I think the one way to think about elation and that analogy is that the the biggest struggle that enterprise business users have and we target the the consumers of data we're not a provider to the information suppliers if you will but the people who had need to make decisions every single day on the right set of data we're here to empower them to be able to do that with the data that they know has been given the thumbs up by people who know about the data connecting stewards who know about the subject matter at hand with the data that the analyst wants to use at the time of consumption and that powerful connection has been so effective in our customers that enabling them to do in our analytical work that they just couldn't dream of before so the key piece here is with the combination with big ID we can now layer in a privacy aware consumption angle which means if you have a question about running some customer propensity model and you don't know if you can use this data or that data the big ID data discovery platform informs the elation catalog of the usage capabilities of that given data set at the moment the analyst wants conduct his or her analysis with the appropriate data set as identified by the stewards and and as endorsed by the steward so that point in time is really critical because that's where the we can we can fundamentally shrink the decision sight yeah it's interesting and so have the point of attack on the user in this case the person in the business who's doing some real work that's where the action is yeah it's a whole nother meaning of actionable data right so you know this seems to where the values quits its agility really it's kind of what we're talking about here isn't it it is very agile on the differentiation between elation and big idea in what we're bringing to the market now is we're also bringing flexibility and you meant that the point of agility there is because we allow our customers to say what their policies are what their sense of gait is define that themselves within our platforms and then go out find that data classify and catalog at etc like that's giving them that extra flexibility the enterprise's today need so that it can make business decisions and faster and I actually operationalize data guys great job good good news it's I think this is kind of a interesting canary in the coal mine around the trends that are going on around how data is evolving what's next how you guys gonna go to market partnership obviously makes a lot of sense technical integration business model integration good fit what's next for you guys I'm sorry I mean I think the the great thing is that you know from the CEO down our organizations are very much aligned in terms of how we want to integrate our two solutions and how we want to go to market so myself and will have been really focused on making sure that the skill sets of the various constituents within both of our companies have the level of education and knowledge to bring these results to bear coupled with the integration of our two technologies well your thoughts yeah absolutely I mean between our CEOs who have a good cadence to care to myself who probably spend too much time on the phone at this point we might have to get him a guest bedroom or something alignments a huge key here ensuring that we've enabled our field to - and to evangelize this out to the marketplace itself and then doing whether it's this or our webinars or or however we're getting the news out it's important that the markets know that these capabilities are out there because the biggest obstacle honestly to adoption it's not that other solutions or build-it-yourself it's just lack of knowledge that it could be easier it could be done better that you could have you could know your data better you could catalog it better great final question to end the segment message to the potential customer out there what it what about their environment that might make them a great prospect for this solution is it is it a known problem is it a blind spot when would someone know to call you guys up in this to ship and leverage this partnership is it too much data as it's just too much many applications across geographies I'm just trying to understand the folks watching when it's an opportunity to call you guys welcome a relation perspective there that can never be too much data they the a signal that may may indicate an interest or a potential fit for us would be you know the need to be compliant with one or more data privacy regulations and as well said these are coming up left and right individual states in the in addition to the countries are rolling out data privacy regulations that require a whole set of capabilities to be in place and a very rigorous framework of compliance those those requirements and the ability to make decisions every single day all day long about what data to use and when and under what conditions are a perfect set of conditions for the use of a data catalog evacuation coupled with a data discovery and data privacy solution like big I well absolutely if you're an organization out there and you have a lot of customers you have a lot of employees you have a lot of different data sources and disparate locations whether they're on prime of the cloud these are solid indications that you should look at purchasing best-of-breed solutions like elation and Big Ideas opposed to trying to build something internally guys congratulations relations strengthening your privacy capabilities with the big ID partnership congratulations on the news and we'll we'll be tracking it thanks for coming I appreciate it thank you okay so cube coverage here in Palo Alto on remote interviews as we get through this kovat crisis we have our quarantine crew here in Palo Alto I'm John Fourier thanks for watching [Music] okay guys

>>Fly from San Francisco. It's the cube covering RSA conference, 2020 San Francisco brought to you by Silicon angled medias. >>Hey, welcome back everybody. Jeff Frick here with the queue. We are wrapping up a Wednesday here at RSA 2020. Again, it's like 50,000 people. This is a huge conference. Everyone has got anything to do with cybersecurity is here. Uh, it's the biggest show, uh, that we cover outside I think of reinvent. So we're excited to have our next guest. She's been on the cube many times but never. And in her current role, she's Pam Murphy, the new CEO of Imperva. Pam, great to see you and congratulations on your new law, on your new gig. Thank you very much. Second month, your second month. So tell us about, you know, kind of what attracted you to the opportunity, you know, kinda, you haven't been there a whole long time, but what's, uh, what's kind of your first impression now that you've been at it for a couple of days? >>I, I'm extremely impressed. It really is. Uh, how would you describe it? Like a dark horse or sort of like the biggest kept secret. So in terms of my previous roles, as you know, we've, you've interviewed me many times, but I've always been in software vendors who basically build applications and sort of build to build databases. Um, and I guess for the last five to eight years it's been all about rebuilt again rearchitecting applications for the cloud. Right. Um, and through that I've managed dev op functions and CCL functions. And so I've been on the consuming side of security. Um, so it's always been a very, you know, area that interested me, Greg Lee, um, as a consumer, you know, obviously the landscape was very much changing. Um, and so I decided to jump over to the other side, right. And lead a company that created and delivered cybersecurity solutions. >>So, uh, so it's been awesome. As I said, month two, uh, Imperva has just amazing products. Um, I didn't quite know when I took the job exactly everything that had had, but when I came over and saw it, it was really working very hard over the last couple of years to acquire new products. And also build and innovate new solutions, uh, to have such a complete AppSec and dataset set of solutions today. I mean, I think, I can't see anybody else in the market right now that has as complete a solution covering ups and data stack that we have. So it's, it's been a really fun time. Um, I must say, you know, it's, uh, it's got a great culture as well. Um, there people have sort of a purpose and sort of, you know, have a feel that they'd be great responsibility sort of making great solutions, which really protect our customer's data and their applications. So it's been really cool. >>No, I saw it on the website. You know, the values are very clearly stated right up front and uh, it's a really important ones. But before we go deeper there, I want to kind of take you back to your old role from a, from a buyer of these services. Because as I, as I walk around the floor here, there are so many vendors, right? Big and small, established and new. So for when you were in your other role and now you, it'll be a great thing for you now that you're on this side of the house, how did you think about sorting it all out? How do you, you know, kind of keep up with, you know, the trusted and true, but yet, you know, kind of the new and innovative in this massive sea of vendors and technologies? >>Totally at one of the things that customers have been saying to me since I came to Imperva is they want a partnership from us because as you rightly said, we're in a sea of loads of vendors, a lot of whom claim to do the same, the same thing effectively. And it's becoming, and I found the same thing when I was on the other side. There is such a sea of clutter right now. It's really hard to sort of find your way through, um, costumers and like myself and my former role, you want fewer vendors, um, and you want to have more complete and integrated solutions. Uh, that's what I wanted and my former role. And that's really what I'm focused on now at Imperva is on the customer side of things. Um, making solutions easier to consume. Um, showing them the breadth of what we have, frankly speaking so that they don't have to go to other solutions. >>I mean your worst nightmare is going to a customer and finding out that you had a, B and C and they didn't realize that you actually had it. So from that perspective, I am bringing the voice of the customer with me from my previous role. It's been echoed and what I'm hearing from our customers now in terms of where they want to see us go and do. Um, so that's really what we're focused on is just doing a better job of giving customers more integrated solutions. Because, you know, as you said, the threat landscape right now, it's becoming really complex. Um, very much automated. Um, you know, in terms of automated attacks, I think by talking to my team this morning, we think based on the data we're seeing right now that bad bots are probably making up like 30% of web traffic right now. Yeah. Yeah. I mean it's getting really hard. Right? And that's in terms of, you know, what they do around account scraping, ATO, um, spam in terms of all the damage that that could do right to you as a customer. So that's what we're focused on. We're focused on, and again, it's bringing from my former old, what do customers need rather than what software companies or tech companies or security companies think that they need. Right. >>Such a good spot. Cause you were in that buyer's seat, you know, just a short, long, short time ago. Cause the other thing you've seen and where you guys applied across a lot of apps in your old space was AI and machine learning and really the power of that apply to lots of different challenges, opportunities and really changing the game now. Now you're fighting against those, those same forces that are being much more sophisticated in their, in their attacks. So when you, when you sit with the team and you look at kind of the evolution of AI, you look at the evolution of 5g and all the IOT connectivity that's going to happen in the increased vulnerabilities. Um, where do you see kind of the solution evolving? Is it just a constant, you know, kind of grind and trying to keep up? Or are there some big strategic things that you see now that you've been here for whatever, all the 60 days? Um, to kind of take advantage of these opportunities. >>So we have this, uh, we call it a threat research group within the company. And their job is to take all the data from the sensors we have. I mean, we have, we look at about 25 petabytes of data every day. All our solutions are cloud solutions as well as on-prem. So we get the benefit of basically seeing all the datas that are hitting our customers every day. I mean, we block a bed 1 million attacks every minutes, like every minute, basically every minute, right? We protect over 3 million databases and you know, we've mitigated some of the largest DDoSs, um, attacks that's ever been reported. So we have a lot of data, right, that we're seen. And the interesting thing is that you're right, we are having to always, we're using that threat research data to see what's happening, how the threat threat landscape is changing there for guiding us on how we need to augment an add to our products to prevent that. >>But interestingly, we're also consuming AI and machine learning as well on our products because we're able to use those solutions to actually do a lot of attack analytics and do a lot of predictive and research for our customers that can kind of guide them about, you know, where things are happening. Because what's happening is that before a lot of the talks were just, um, sort of fast and furious, now we're seeing a pattern towards snow, snow, and continuous, if that makes sense. And so we're seeing all these patterns and threats coming in. Uh, so we're fighting against those technologies like AI, but we're also using those technologies to help us soon, you know, decide where we need to continue to, to add capabilities to stop it. You know, the whole bad box thing wasn't a problem right. A number of years ago. And so it's, it's ever changing in our world, which frankly speaking makes it an interesting place to be because who wants to be in a static, >>in a boring place, no boring here. So another kind of interesting thing about this, this particular industry is the coopertition, you know, kind of aspects to it where there is a lot of sharing across competitors on information when there is some new new type of threat or new kind of threat pattern. So it's a little bit different than, than just a pure competition because there is a, a shared benefit in sharing some of this late breaking news. I don't know if you've started to get into to some of that or had an instant, yeah, it's probably a little bit early, but that's, that's a unique trade I think. >>No, it is for sure. And we make all of our data publicly available. If you go to our website, you look at the CTI index whereby we literally index what we, you know, see the level as being and we're providing all of this data. I mean we get that from our own sensors, but obviously we pull it as well from other third party data sources as well and bring it all together. Um, you know, T to hide that and not make it available to everyone would be would be would be just a very bad thing. Um, for us we are, and I, I'm still trying to find someone, but in terms of most of the vendors out there focus on pieces of apps or pieces of data where we've got both combined, right? Which gives us a huge closed loop advantage of being able to mesh that data together and see the full track record of what's happening from the data from the, from the application down to the data on back again. So that's a benefit that we have that literally we're taking great advantage of right now because in other cases, our competition is sort of point solution based, right? For every one of the best of breed solutions that we have. Right, >>right. It always goes back to the data, right? I mean it's always about the data. >>That's the thing. I mean at the end of the day, uh, why, why is all these things happening? HEOS and attacks and spamming. It's your, as you said, it's to get to the data. And that's why we say we protect data and all paths leading to it because fundamentally that's what customers care about, right? >>Right. So it's crazy. The date is the business and the date is what you're protecting and the business. All right, so put you on the spot. So what are some of your kind of top priorities, you know, kind of out of the gate, they brought you in, you're all excited, you see this great team and opportunity. You know, what are some of the things if we sit down a year from now or maybe six months of black hat that you, uh, that you've got on your plate that you're working on? >>So I think innovation will always be, you know, first and foremost, um, we have Gardner magic quadrant and Forester leading edge products. But in this industry, you need to be paranoid. You always need to be staying ahead. So from an innovation perspective, that's where we're focused. We're working on a lot of cool stuff which we'll be rolling out through the rest of the year. Um, platform as well is really important. I mentioned that we have the unique advantage of having a huge amount of data at the application level and also at the database level and that's allowing us to give use cases and value back to our customers that they don't have right now from any other vendor. So we're working with customers on, on getting that done. Um, I think as well, just purely in terms of, um, publicizing what we have. Right. I think we could do a, I found a lot of things right coming to Imperva and I feel we didn't communicate exactly, exactly. So I think there's a lot of capabilities that we're going to do, um, a lot in terms of publicizing them this year. So there's a lot of really, really cool stuff happening and uh, you know, great momentum going on in the company. Right. >>Well, uh, well, good for them for getting you there. Very fortunate to have you, uh, have you on board. Alright. Right. Well, thanks for taking a few minutes and again, congratulations on your new role. We really look forward to watching this story unfold. All. Alright. Geez, Pam, I'm Jeff. You're watching the cube where at R S a 2020 fear. We're supposed to know everything with the benefit of hindsight, but we're still learning. Thanks for watching. We'll see you next time.

>> Live from Las Vegas. It's theCUBE covering AWSre:Invent 2018. Brought to you by, the Amazon Web Services, Intel and their ecosystem partners. >> Well, welcome back here to the stands. As we continue our coverage here on theCUBE of AWSre:Invent as the day starts to wind down here. Still a lot of energy out there on that show floor. As we are packed with all kinds of great exhibits here. A lot of interesting folks here still making themselves at home. Tom Murphy's with us now, along with Justin Moore and John Walls. He's the Chief Marketing Officer, Turbonomic and Tom glad to have you here on theCUBE. Thank you for joining us. >> Yeah, great to be here. >> So just tell us a little bit about Turbonomic, first off. And then we'll drill down a little bit there. So why you're here at AWS but what do you do for the folks at home? >> Yeah, ultimately what we're doing is we have workload automation for hybrid cloud. And workload automation for us is ultimately where we go out, we discover the workloads, we optimize performance, cost and compliance simultaneously in real time. So what that gives for the customer is we call them smart workloads. Self managing anywhere in real time. The outcome of that for the customers is, they get guaranteed performance, a short performance, a short compliance. And they eliminate a lot of the complexity that they're experiencing today. >> So you're trying to grease the skids, more or less, right? >> Grease the skids, make sure that they're life's easier and they can actually accomplish the outcomes they want. >> Complexity's been a theme that we've been covering in the last couple of days. It's come up quite a bit. The customers are struggling with the amount of choices. We had Andy Jassy on stage today, again, announcing another zillion products today that the US has created. And that gives you a lot of flexibility. It means that you can optimize for particular choices that suit you very, very well. But being able to choose between them can be a pretty daunting task. Now how does Turbonomic help customer decide which of these choices is right for them? >> What we see from our customers is that they're actually looking at typically three platforms. They're still running on prem with VMware. They're looking at AWS, of course. That's why we're out here. And they're looking at Azure as well. So when it comes to choices, they want that flexibility to decide where the workloads can run. By looking at the workloads versus the infrastructure, we abstract the work that's running. And we can model for them, for example, a VM workload that's running on pram, we can pick it up and say what would that look like if it runs on AWS? What will that look like when it runs on Azure? So for us, by abstracting the work from the underlying infrastructure, that gives the customers the flexibility, the simplicity to understand and de risk any migration projects that they have. >> When you identify the way something could go based on what the workload is, do you just tell customers what that is or are you able to automate that decision making process for them? >> When a customer decides to actually deploy workloads they don't know necessarily how big the resources should be. They don't know where should they be placed. But our analytics engine, what it does is it goes out and says we understand the complete infrastructure, we're agent less, we plug into vCenter, we plug into Azure, we plug into AWS, we pull the configurations back and when we decide where to place it, we know best where to place it. We decide how big it is, we know best how big it should be at that time. Should the demand change, what we can do is actually dynamically adjust, in real time, automatically, the size of the workload, where it lives. We can scale out on prem, we can multiply the number of instances or we can actually scale up which means add more resources to the actual workloads. >> And what about that decision then because you talk about on prem and a lot of people have heard a lot. Making the move over, going public. There's a little bit of pain there for some people, right? >> For sure. >> There's some barriers there, what are you saying and what are you trying I guess to lead people through that consideration so they get it. Alright, so it's going to hurt a little bit, maybe. >> Yeah, for sure. >> But, ya know, we're going to be a lot better off by the end of the day. >> Ultimately what we see is, especially on a lift and shift where customers take existing workloads and they move them to the Cloud. A lot of times when you think about how utilized they are on prem, they tend around 50% utilization. So if you actually take that box of, lets say the resources that you've defined on prem and just pick it up and drop it into the Cloud, you're 50% over prevision. Part of the pain point is knowing exactly the resources they need, but understanding not just what you allocated but what you consume, which is a smaller view. Looking at the consumption and using consumption in the Cloud versus the allocation. That's a quick, efficient use case for making sure that they use exactly what they need when they get there. But then not compromising performance when they get there. They have the right performance at the right cost. >> This isn't a static decision either because as we've seen, there's new announcements everyday so we get new instant types that have been announced at the show, but also workloads and the demands for what customers need to do with those workloads. It's constantly changing, so you need to be able to react to that and to change what the right option is from moment to moment. >> And then when you add on top of that, like reserved instances, right. So the complexity of what instance type to use, let's say there's millions of choices when you look at the combinations. Ultimately, there's new one's introduced regularly, so how do I take advantage of that? There's discounting that's applied, there's discounts that come out, bundles that come out. And also the RI's. So RI's, thing of the two metrics for RI's, one would be utilization of the RI's, so I want to make sure if I actually buy RI's and invest in RI's, I want to make sure I use them. And the second is, out of all the instances that I have, what percentage of my environment actually is RI's? So think of that as coverage. So the two metrics that we look at closely with RI's as an example is coverage, which means I'm taking advantage of RI's, I'm not just doing one percent, I'm doing more than that. And the second is utilization which means of the one's I've purchased, I'm making sure that I'm using those, they're not going to waste. >> So customers who are doing this well, like clearly you've got plenty of customers who've done this successfully. So what is doing this well look like? >> Sure, well they start with an assessment, which they look at their on prem in many cases. They right size that, they run models, they run plans as to when they're looking at workloads that are picking up and moving to the Cloud, what do I need when I get there? Once they're in the Cloud, that's just the beginning of the journey, really. And what it is, is they continually optimize. And the continual optimization means that we're constantly meeting, I started talking about supply and demand earlier. But constantly making sure that the demand of the workloads is matched with the underlying supply at all times for the benefit of performance, for cost and also making sure we're compliant with business policies at all times as well. >> So if you have a customer that maybe comes to the show, and the catch the bug, right, they got the fever. We're going to go back, hey Tom. They're on the phone tomorrow, we got to go now. Do you ever have to tell people, just slow your roll, we're going to do this in a methodical way, we're going to do this in a responsible way. We're not going to go nuts. I know you want to go -- >> Go now! >> But people get excited, right? >> For sure. >> So, I mean, how do you handle that? >> Well, I think what I hear from customers today is you guys talked about complexity, right? So, if you think about complexity, and then on top of that you think about a little bit of a skills gap that's happening because there's really not the maturity of the expertise to manage a lot of the transitions that are taking place. And then lastly, once they're in the Cloud, again, I said it's not done, right? So to address really that how do they get through that, what do they use? We don't necessarily say slow down because we can actually get people to the Cloud very very quickly, in a responsible way. The thing that we like to say is we take the guess work out so what we're doing is we're taking the analytics, we're giving them intelligence that they can actually make very rapid decisions. Our solution can probably make decisions about what to do faster that people already to make the progress so, ultimately, we want to go at the pace they want to go. We've had customers call us on a weekend to ploy the software, actually go live like in a couple days. So, it's up to the customer. We feel confident in our decision making. You can't automate decisions and actions if you don't feel confident about it and we've got the customer points that give us to prove. >> So based on what you've seen so far at the show and your experience with customer who have been moving to Cloud, figuring out where they're going to put these workloads, what's next? What do you think people are going to be doing next? >> It's a great question, 'cause as a company, I'm really proud that we started as VMturbo many people still know us as Vmturbo. And what happened was Virtual Machines was were we started. We plugged into vCenter, we pulled information back and all of the sudden we're making decisions and actions about what to do on a virtualized environment on prem. Well, we started doing the Cloud, all of the sudden its like well it's more than just VM, it's Cloud too. We literally had to change the name of the company to accommodate the capabilities. So by having this economic supply and demand model, it'll alow us to really just apply it to not just VM on prem, not just Cloud. So to answer your question, containers or micro services is steam rolling into, we hear that in all of our customers now. When I came here three years ago it was worth thinking about Cloud. Last year, actually, we're testing, right? This year it's we're live. Next year it's going to be containers, containers, that's what I think cause containers are just going to be just coming in, Cloud Native applications, we're past a litte bit of lift and shift. We're moving into Cloud Native so that's what I think is going to happen next year. >> I think you can stick with Turbonomic. I think you're okay for a while. >> (laughing) Sure. >> Hey thanks for being with us Tom. >> Absolutely guys, I appreciate the opportunity, thank you. >> You bet, have a great show the rest of the time here in Las Vegas. >> Thanks very much. >> Excellent, Tom Murphy joining us from Turbonomic and that will be it for this day here on theCUBE AWS:reInvent. Back with you tomorrow Thursday for Justin Moore and I'm John Walls, thank you for watching. (electric sounding music)

(upbeat synthesized music) >> Announcer: Live from the Javits Center in New York City, it's The Cube, covering Inforum 2017. Brought to you by Infor. >> Welcome back to The Cube's live coverage of Inforum, I'm your host Rebecca Knight, along with my co-host, Dave Vellante. We're joined by Pam Murphy, she is the Infor COO, thanks so much for coming on the program-- >> Thank you for having us, thank you. >> So you're hosting for the third time, a special session devoted to WIN, the Women's Infor Network. Tell us a little bit about this session and who are the guests and what we can expect. >> Yes, absolutely, so as you said, it's our third year hosting it. It's a very popular session, it's the only non product session of the entire conference and open to everybody, men and women. We always have a fantastic lineup of speakers and this year is no different. So the way we work it is we do a combination of TED Talks and panel sessions so we've got Tan Lee, who's the founder of Emotiv brain augmentation technology. And then we've got Reshma Saujani who's the founder of Girls Who Code. She's done great stuff in terms of pioneering STEM and getting girls to code. So she's going to talk us through her work, if you will, in training so many girls to code and how she wants girls to adopt, and behaviors she wants them to exhibit in this industry. And then we've got what will be I'm sure a lively panel with Ambassador Susan Rice and Farah Pandith and we're going to be talking about the government's ability to manage the terrorism that we're seeing today and we're going to be talking counter terrorism, we're going to be talking about what lessons are we learning from what's going on in Europe and what is the role in technology in helping curb terrorism. So that's going to be an exciting and interesting session. And then we're going to have Dr. Jill Biden come in and hopefully lighten up the session and talk about resilience and leadership today, so very exciting, very much looking forward to it. It's 11 AM tomorrow morning in the Special Events Hall, and hopefully it will be good if not better than the last two years. >> Rebecca: And we're going to have many of those guests on our program >> Yes. >> after that too. So why, what is the purpose of it? It sounds like a great session and it's going to be enlightening and exciting to hear all those women talk, but what is your goal in gathering this group of women? >> I guess I should go back to the founding of WIN. So I started WIN probably over four or five years ago at this point and its purpose was to just galvanize and bring women together, allow forum in which they could mentor each other and where we could work on the advancement of women within the organization. It's something that as I traveled through the offices, people have been asking me a lot to create that forum, create that environment and so we've got hundreds of WIN chapters around the globe with thousands of women participating. So we have very regular sessions and we talk about topics that are relevant to women and also just about advancing their careers and given that at a forum we have so many thousands and thousands of not only our own Infor WIN members but also customers, we just thought it was a great opportunity to have one of our sessions at Inforum and invite inspiring female speakers to come and talk to us about their experiences, how they got to be where they are, the challenges that they met along the way. So what's interesting is that the only WIN or female aspect of the session is the fact that every speaker on stage is female. Outside of that, that's where the relevance ends in the sense that it really is talking to topics that is applicable to everyone. So that's why it is just a topic and an audience that appeals to everybody, men, female, old, and young. >> So these sessions are always interesting and inspiring. What kind of impact have they had? Can you share with us any results? >> Absolutely, so we have, first of all they're very inspirational for everybody attending and I've had customers, not only our own employees, but I've had customers reach out to me and say that they were inspired by a story and it caused them to take action and change in their life. And before they may have felt something but they heard from somebody else saying that how they overcame it and it caused them to honestly take change within their own lives and their own organizations. So for customers, partners, whoever's attending, it just, to hear from someone else, you often have the perception with these speakers that they have this fantastic upbringing, fantastic education, they're successful because it's a function of that. Well actually that's not often the case. People have had a hard upbringing or they've met a lot of challenges around the way and it's how they overcame those challenges and the resilience that they brought into the mix is what inspires people. So really that's what I would say people get out of it, and often spawning from that, we often end up as well tailoring programs or development techniques which we feel would be of benefit to folks beyond that. So one of our speakers last year prompted a big thought about diversity and how we should be dealing with ways in which we may be dismissive of certain topics or abrasive to people, so it's thought provoking and it inspires action, which is obviously what we want to get out of it. >> We funded a nonprofit initiative last year in partner with another journalism outfit, The GroundTruth, to study women in tech and we presented at the, we had The Cube at the Grace Hopper Conference and some of the things that came out of that, I wanted to comment, chief data officers actually have a disproportionately higher percentage of women, maybe it's 'cause it's such a thankless job and they're (laughing) wiling to take it on. And then we found cyber bullying had a very negative effect on the participation of women in tech which is about 17% of the women. And then of course the salary disparity, one of the areas that we found was most egregious was Cambridge, Mass, now this is supposed to be a progressive, relatively liberal area. >> Our hometown. >> And it was huge, our hometown, very high disparity of low participation of women in tech. Any thoughts on that data and what kind of progress you'd like to see us make as an industry? >> I'm hopeful of the fact that the next generation will look back on where technology is now from the perspective of the low representation of women and that whole diversity factor and look on it as being a non-issue. I'm hopeful in the sense that, I don't think it's going to be as pronounced as we have it now. I think we're doing a far better job of going out to colleges, to institutions, and enabling girls and providing girls with coding courses. So I'm hoping it's not going to be a longterm issue for us. From our perspective, to your point, we look at the various line of businesses and functions within our organization and we see where is the disparity arising and where do we need to focus? And so interestingly enough, if you look at G&A functions or if you look at marketing functions, it's 50/50, right, in terms of representation, but there's definitely certain functions where either the nature of what they're doing or if it's a high travel related function, meaning you're away for long periods of time, there are certainly the areas I think which don't have as equal distribution in terms of men, and for those really, we've been working on creating programs to ease those burdens that may be had, or else promote them positively where it literally is an unconscious bias, if you will. It's a long topic, for sure, that I could go on about for a long period of time but I just think it's constant, looking at unconscious biases, it's looking at ways in which we feel that there's fairness, if you will, into the equation. And a lot of the time I honestly feel that it's not conscious, if you will, and it therefore just needs to be looked at specifically at ways and means in which that could be addressed or tackled. >> So as a successful woman in technology, COO at a major technology company, what advice do you have for that young woman who wants to get into technology but is dispirited by the headlines and by what appears to be a very macho culture where there is vast salary discrepancies? >> Yeah, it's unfortunate that that has come out all too much more frequently and with volume in the last six months for the companies that we're aware of. But I would say, I personally haven't experienced that, and I'm personally of the view that, by the way, I never meant to end up in this industry, so I look back and think how on Earth did I actually get here, but I think you have to be willing to take risks and you have to be wiling to dismiss a lot of what you hear and look on the fact that there is a lot of very successful women, even within Infor. Since we started WIN, we have had a huge increase in the amount of SVPs and VPs within our organization. I think it's something like a 60% increase in terms of who we have. There is so much more women in very, very senior roles now than we've ever had before, so I'm hopeful that it is changing. I hope that some recent coverage and recent events have not, will not create a longterm impact, but I think people just need to look and see with the tech industry booming, with the way in which people are being compensated, that it's a good industry in which you can be very successful and do great things. >> Dave: And cloud helps. >> Yeah. >> It does. >> Yeah. >> There are far more women at application oriented shows than there are infrastructure oriented, 'cause hardware guys are hardware guys. I don't know why, like mechanics, other than Mona Lisa Vito, mostly hardware people. But let's shift gears a little bit and talk about the global alliances. You are running that initiative here. These are folks that we haven't typically seen at Inforum but they're coming out of the wood works, what's going on, what's driving that? >> Yeah first of all we have a fantastic base of existing partners who had great successes in implementing Infor applications for their customers and so but with the growth that we've been seeing, honestly, in our business, over the last number of years, we just need to have more and more delivery capacity to create more choice for our customers as to who they can go to to implement our software. And if you think about the move to the cloud and if you think about digitalization and the fact that every customer is becoming more consumed and obsessed with technology because it's changing their businesses so fundamentally, they do want the option and the choice of having the large global system integrators, digital integrators, that they can go to do massive transformation work and business process re-engineering and program management and change management. And so for us it was important to form good reliances with the Deloittes, the Accentures, the Caps, and the Grant Thorntons in order to provide that larger ecosystem of transformational services that we can offer to our customers. So it's great, they're all platinum sponsors here at Inforum this year and there's over a hundred very senior executives and managing directors from those four. And we're just very excited about the extent and pace to which they're building out Infor practices, so it's great. >> I have to ask you, so don't hate me for saying this, but those guys love to pig out on big complicated ERP implementations that take two and three years. Is that world just going away and it's moving toward more of a digital transformation and a whole new line of thinking and that's why there's a good fit with Infor or is it something else? >> I think they understand and know that the older days of a company spending $100 million on an ERP implementation are gone, that's really not acceptable anymore. It's absolutely not our strategy, as you know from being here at the conference, our strategy is around creating industry specific end to end suites which don't require modifications and which are purpose built for the cloud. And so that is very clear to them and they understand that and are embracing the concept because they realize that cloud is an enabler, it's just another deployment method, but fundamentally it's about helping the customers take advantage of that technology and transform their businesses and to do that, it requires a lot more than software. And so they're changing, our industry is changing. Steve talked to the point of the stage today that the cost of technology is becoming very low and that therefore the permeation of technology in everything we do is going to be so prevalent. So it's understood and for them, it's more about helping our customers get to that digital age and being able to transform their businesses to cope with the changing technology. >> Are you satisfied with the pace? >> Pace of? >> Of the change, of getting people to the cloud. Do you feel there is, is the momentum there? >> Well we've seen huge growth in our sector. We have completely tipped the balances. I would have said, obviously it's been coming, it's like Salesforce.com and companies who basically do certain applications in the cloud and for us, we're different because we have complete end to end suites in the cloud, mission critical applications. And so our business has grown enormously over the course of the last three years and I think now it's mainstream, if you will. And so we're very pleased and happy. We have a lot of customers who have made, obviously we have over 8,400 customers now already there. And the pace is increasing. And it's just a continuous effort for the customers who haven't gone already, helping them understand what they need to do to get there, and that's what we've been doing in spades for the last couple of years. >> Great, well Pam Murphy, thanks so much for joining us. >> Thank you. >> We really appreciate it. >> Thank you. >> I'm Rebecca Knight, for Dave Vallente, we will have more from The Cube's coverage of Inforum 2017 just after this. (upbeat synthesized music)

>> Narrator: Live from Orlando, Florida, it's the Cube, covering ServiceNow, Knowledge 17. Brought to you by ServiceNow. >> Welcome back to Orlando, everybody, my name is Dave Vellante and I'm here with my co-host, Jeff Frick. This is day two of ServiceNow, Knowledge, and this is the Cube, the leader in live tech coverage. Bart Murphy is here, he's the CTO of York Risk Services, and he's the CIO and CTO of CareWorks, Cube alum. Bart, good to see you again. >> Great to see you guys. So we were talking off camera, Mark came over, we're talking about the CIO Decisions, you participated in that last year as well. What have you been doing at the conference? What are you seeing that's interesting? >> Well I've been attending the sessions and you just mentioned the CIO Decisions, that was my day yesterday. Great opportunity to get you know, great speakers, we mentioned a few of them that spoke yesterday, but also there were some customer round tables that allowed you to collaborate with your peers over a few areas, and sort of discuss what's working for them, what's not. You know, what their road map looks like, how they're selling that to the board, those type of things. It was a very productive day. >> So, since we last talked, what have you been working on? We had a great discussion last year on security, I'm sure things have changed there, they keep evolving. What kind of things you've been working on, what are some of the initiatives that are new? >> Yeah, so last year we did talk about that and my desire, I was somewhat excited when I started to see the new play into SecOps with ServiceNow. So we've now gone live with SecOps. We're continuing to mature our security posture as a company, and I think that's, when you look at a road map or you're looking at things, what we want to see is continual capability maturity in our security space. One, we need to be there, right? As an organization, we're a services organization. We also want to just make sure that we're continuing to get better and automate. So we saw SecOps as a real opportunity for that. So we've now gone live, we've deployed that. We did it and integrated that with certain tools that we have, Tanium, LogRhythm, Symantec, some of our scanning tools. What that's allowing us to do is look at a wide range of log information, parse through that in order to automate certain types of work flows and cases. So whether it be as simple as finding an end point that say has an outdated Symantec update and having that automatically update, or create a case because it can't push the automation, those type of things we're trying to do now to try to raise the level of our security and start weeding through all the noise that's out there, that's provided with all the tools that we have. >> How did you find the integration? >> Well, we did the integration ourselves, and we found the integration, compared to some other products that we've done in the past, to be much smoother. You know, I think this is a later product that they've built into their platform. I think they've taken into account implementation, so some of the integrations were out of the box like the Tanium, others, we built those integrations. So, and we also, I think I may have mentioned this, not sure if I did, when I looked at my incident security response plan and the way I developed that, I developed it very closely to what was coming out of the box with ServiceNow. I wanted to make sure that our policies, procedures, process for that really just met out-of-the-box functionality, so we didn't have to do a lot of customization and configuration there, and we could focus on the technical integrations that really provide some of the power of the automation with the CMBB. >> Speaking of sort of custom work, you talk about M and A, you mention you get a mulligan coming. >> Bart: Yeah. >> Talk about that a little bit, kind of unwinding some of the custom mods. >> Yeah, so we have multiple instances of ServiceNow, and over the last year we've been building our newest instance with York Risk Services Group, that's our total company. And I'm in the process now of taking what we built for CareWorks, you know, we have been a customer since 2010, and really learning what we did well there and what we didn't do well. In addition to the fact that a lot of customization that we did on that platform is no longer really required, that's how much the platform has matured with ServiceNow. >> Which one was it, which release, do you remember? >> Oh gosh, Berlin, probably. >> Berlin, right, right. >> Early, early on if I'm accurate, from the very beginning. And you know GRC was an example where we did a lot of customization because that product just is night and day compared from where it is today. >> Jeff: Right >> So now we get a new opportunity to look at our process to see, say, is this something that we really need to keep the customization, or can we leverage the platform better, and by the way, even if we do have to do customization, can we do it a better way? So it is a little bit of a mulligan, from that standpoint, we get a sort of fresh start on a platform that we understand even better now, and we're doing it at a larger scale, so we're trying to really look at those automation opportunities so we can gain the efficiencies that we need. >> So I wonder if you can talk about the sort of business impact that you've seen over the years. You've been a long-time ServiceNow customer, and it just feels like this whole ecosystem is on the steep part of the s-curve now. Maybe describe the sort of business impact in whatever terms make sense. >> Well, I think partly supporting consolidated shared services, whether it's in IT or other areas of the business, and even finding areas of the business that aren't doing a good job of tracking their work today. And it still exists, in I think every organization. I was mentioning, you know, another area that we're looking at that we'll most likely deploy this year or early next year, I would assume this year, is the HR Case Management. >> Dave: Mmm hmm. >> That's an area very similar to IT, very similar to other areas that we've built use cases within ServiceNow, where things are done primarily through email. It's very inefficient, they don't have very good metrics to understand how much support they're providing the organization. They're pressured just as I am from an SG&A perspective, to do more with less. And the only way we're going to be able to continue to do more with less is to provide some level of automation and stay consistent with it. So when I started looking at ServiceNow, and yes, we're probably on that s-curve too. We've done some really good work on the automation side, but now with the platform, with what they're doing with some of the analytics, what they're, you know, I know what they're going to do with machine learning, what we can do with some of the predictive stuff. How can we take a security instance, for example, have it remediate itself and then inform us on what it did? Those are the type of things that I think's going to bring us way sharp up on that curve. I mean we've done a good job, we're very technical, we've done a good job automating, I'm not, but for what we can do I think over the next three to four years with this platform and the automation, is going to be a game changer for us and we're going to need that. 'Cause you know our SG&A can't grow at the same rate. You want to have that margin improvement, and this is one of the areas that we can use a platform to do that. >> It's interesting, you're, always a lot of talk about automation when we're here. >> Yeah. >> Different automated processes and make them easier. But you mentioned before we went on air, you just mentioned it again, that the desire to get measurement on the process as the primary driving factor, 'cause you just can't measure that which is in email and all these disparate systems, and now you can actually use the motivation of measurement so then you can get improvement as a primary driver to implement it. >> Yeah, I mean one of our core values is to be a data-driven decision making company. And you can't improve what you can't measure. And there's still to this day a lot of these processes that we take for granted. You know, SecOps, HR, operation service center, claim setup. We think we're doing a good job managing it and understanding the productivity of it, but we don't have really good tools in place or they're very disparate. So if we can get that into one CMDB, we can start to leverage automation. Once we start to measure it, we truly can start to see that business value, 'cause we can see those measurements go down. So whether we're using out-of-the-box performance analytics now, you know we started originally, performance analytics was a separate product. On the new York one, again, that's another benefit, we just turn it on, right? And there's already really good, rich data that it's giving us to stay, and we can compare that against our previous performance, whether it's incidents, closing rate, you know all these type of things out of the box. So I can start to show improvement. It's not to say that we don't have areas to improve, we do. There are things outside of ServiceNow that we need to do to improve our overall capability. So whether you're talking leveraging orchestration within ServiceNow but then I need a deployment tool to actually go and do that work. So that's where Tanium comes into play, so there's other strategies we're deploying to say where can we get the full life-cycle of that automation? And that's where engineering discipline and bringing that to your supply chain of activities is key. >> The other thing that you mentioned that kind of flipped it on its head, is you talked about your incidents response plan and trying to make it pretty much as out of the box from ServiceNow as possible. Was that because you just kind of went with the custom, or now are they delivering more best practices in the way that configuration comes out of the box that you don't really have to think about it. >> Yeah, I mean absolutely. >> You can presume best practices, because that's how it's preconfigured out of the box. >> Yeah, and I don't think they tout that, and I understand why, but they're getting feedback from a ton of customers on how to build a process in the most efficient way. I don't think they're doing it in a vanilla way. I think they're doing it in an efficient, robust way. So I think they are at that point where there's a lot of things that come out of the box that people really need to pay attention to. Like I understand that we may have done it this way, but this way is more than sufficient. And if it means that I don't have to customize and I can make my upgrades even easier than they are today, 'cause they aren't that painful at all, on the ServiceNow front, then why not? And then we can benefit from their maturity on the platform, because they're going to continue to add in releases and add in functionality just like we saw over the last two days. >> Back to the sort of s-curve, it sounds like you're getting in the position now to get real operating leverage almost like Metcalf's Law. The first one you get some benefit, but the nth one, boy that's when it really kicks in. >> I hope so. That's what I'm, I think right now we've spent a lot of time and energy getting onto one platform, right? Whether it's from all the acquisitions, whether it's from an older instance to a newer instance. I think once we get critical mass on that platform, yes, the automation stuff will make a marketable difference. We've done some great things for our business but I think once we get everybody on one platform and we get that true understanding of how we want to do our enterprise process and we have some other uplift in our areas and systems. You know, Tanium's a new product that we have. We're looking potentially HRIS, there's other things at play that will play in the ecosystem. And as we mature those and really understand what our end game's going to be, I think that's where we have that power. >> One of the speakers at CIO Decisions this week was author Daniel Pink. We had him on the Cube, talk about selling is human. When you run a business case, you talked about the HR, moving into HR, do you go sell, do you make the business case, are they coming to you, is it push/pull, how does it work? >> A little bit of both. As a CTO and as any executive, I listen to Daniel as well and I'm a firm believer that we're all in sales. All of us are part of some type of revenue-generating company, okay, and if we don't take that to heart, and we just think that we're some cog in a wheel in somebody else's problem, shame on you. No company's going to grow without a full company of great sales people. They're either advocates for their brand, they understand the mission, they understand what they're doing for the mission. So from a sales perspective, certainly I'm going around trying to tell people about the capability of ServiceNow. I saw the CEO speak yesterday too and one thing that struck me that I think a lot of people need to do, is he's spent a lot of time over the last 49 days trying to understand the vernacular of IT. You know, he was the CEO at some large companies, they all had IT, now he's at an IT company. And so he's trying to really understand the speak and some of the capabilities that you have to understand. He's got a better appreciation of it. It's my job, really, to be able to do that type of evangelism within our company to say here are some of the platforms that we have and here are some of the capabilities and at least start the conversation. I will tell you that other times I have people come to me because they've either heard from someone else that they're using it at their company and their HR team loves it, or what's it about? But I need to go around and say I see you guys doing this and we have a platform that's totally made for that. It's why it was built. Let's have a demo or let's start looking at how you think that would improve your guys' productivity. You're stretched for resources, I'm stretched for resources, and just come at it from a common problem statement perspective. Then we build the business case from there. >> I see. So we hear a lot of the announcements this morning, Jacarta, another release. What do you, and so there's a lot of things they did in there, performance improvements, UI improvements and things like that, bringing in intelligent automation, a lot of really good, cool things in there. What's, from your mind, on their to-do list? What kinds of things, I mean, are they doing the types of things that you want them to do, is there something big that could really make a difference to your business? >> Yeah, I wish I was like the ServiceNow product visionary. (laughing) But I'm not, I got to commend 'em. I think they're doing some pretty darn good things. When you start to look at SecOps and its play into GRC and the way that you really start to automate some of your controls, which are a huge component of, I'm not going to say waste within your organization, but they take a lot of time, and they bring value, don't get me wrong, but they aren't bringing...they're not bringing in revenue, they're a lot of compliance and they're good practices, so the more we can automate some of those they're high value but you want your team working on other innovation type of stuff, I think the better. When they start looking at what they're doing with the data now, everybody's becoming a data company, everybody's talking about machine learning. Everybody's talking about AI. I think that is the next place that they got to get to. If they can start to generate, again, some of that low value work, whether it's automating an entire incident end to end. I mean, there's insurance companies out there that are doing that, right, trying to automate a claim end to end. So I think the more they can look at their domain and determine ways to automate an entire workflow, which they are well on their path. They've been doing that from a workflow automation perspective for years. Now take it into AI to do it, I think they're going to be in a good position, a better position than I am in, probably if I was to develop that myself. >> Right. >> So I think that will help me scale from a user support perspective and just workflow in general, service management perspective. >> So you might not be the product guru going forward, but the thing you know probably better than a lot of people under the 15,000 is how to get people to adopt a platform. I wonder if you can share some of your tips and tricks to fellow practitioners to convince the people to don't pick up the phone, you know, put it in the platform? >> Yeah, it's evangelism. You got to get out and educate people on what the platform's about. As a procurer of the platform, you know and ServiceNow is not a cheap solution, and nor should it be. I think you need to go and justify, I'm getting this platform and it's up to me to make sure that we're going to leverage those dollars as much as possible. So anything I buy I want to make sure we're leveraging it as much as we can within the organization. I'm also a firm believer, I understand that reality hits and it's not going to happen overnight. So how do you build a backlog and start really working through that? We do an agile process, we're doing releases every two weeks. We're trying to, I may take an opportunity in IT but then the next one I want to do is going to be in the business. Or it's going to be with security or it's going to be with HR. Trying to get winds across the spectrum instead of trying to take big projects. Big projects take time, you know, there's a lot of little things that I can do to whet their appetite, on boarding, off boarding, transfers, HR started to get familiar with ServiceNow and what it could o just in that space. That whet their appetite, then, to have a more serious discussion about case management, right, which we're still having. So I think trying to figure out how you can handle a backlog of smaller hit items to get winds, will allow you to get a little bit more credibility if you start looking at a more wholesale change to their entire business, which this would be, a wholesale change to their business. >> You have kind of this dual role of CTO and CIO. Over the last several years, so much has changed in information technology, cloud, infrastructures, code and now you're seeing containers explode, the whole sassification of softwares eating the world, obviously service management is playing a big part there. Now AI, the whole big data meme. How has the CIO role evolved and changed and how has that affected you? Particularly the CIO piece, and you know, the CTO piece as well, I guess. Technology's always there, the CTO has got to be following that. But the CIO role seems to be changing quite dramatically. >> I think each organization's a little different. The way I look at it is, and some organizations, and maybe it's just me, some people see a CIO as an operational guy or girl, and some of them see their CTO as going out and looking at new technology. The way I, and why I sort of have the title of the CTO is I never want to have a build and run type of organization. I don't want to have a marginalized CIO that's basically just keeping the lights running, maybe keeping enterprise systems up. We need to be innovative as an entire team and those assets that we build, the same people need to support them, because, man, they build much better assets if they have to support them, let me tell you. (laughing) I think the role is changing whether you use the term CTO, CIO, you know, who is that person that's going to help ensure that you're not only looking at new platforms but not, I don't want to just spend all my time looking at new platforms or looking at new innovations. And certainly want to be aware of the trends. What's the right time to look at that for your organization? Some would say you always need to be on top of all of that, and I don't need to be on top of every AI vendor or data analytics company. What I need to understand is within the context of our organization, our financial structure, where we are as a maturity as an organization, where are the tools right now that can really make a major lift? And sometimes those aren't the most recent platforms. Sometimes they aren't the gold-standard platforms, sometimes they're just grunt and hard work. So I think the role, I hope the role evolves into where somebody takes ownership of all that and it's not carved up. Now, I think there are, even in our organization, there's a place. We have a Chief Innovation Officer, who is staying on top of some of the front-end stuff dealing with our industry. And that's a fine model as well. But I don't like breaking up between operations and development work and innovation. I like to make sure that those are all in sync. I think that's where you don't get a lot of rogue IT, a lot of shadow IT, because ultimately somebody's got to support it, and we want to make sure that that support cost is as lean as possible. >> That's a great answer, steeped in accountability, Bart. It's always great having you on the Cube. Thanks so much for coming on. >> Thank you guys, it's a pleasure to see you. >> All right, good to see you. All right, keep it right there everybody, we'll be back with our next guest, this is the Cube live from Knowledge 17. Be right back. (upbeat music)

>> Announcer: Live from San Jose, California, it's the CUBE, covering Big Data Silicon Valley 2017. >> Good afternoon everyone. This is George Gilbert. We're at Silicon Valley Big Data in conjunction with Strata and Hadoop World. We've been here every year for six years and I'm pleased to bring with us today a really interesting panel, with our friends from Attunity, Itamar Ankorion. We were just discussing, has an Israeli name, but some of us could be forgiven for thinking Italian or Turkish. Itamar is CMO of Attunity. We have Chris Murphy who is from a very large insurance company that we can't name right now, and then Martin Lidl from Deloitte. We're going to be talking about their experience building a data lake, a high value data lake, and some of the technology choices they made, including how Attunity fits in that. Maybe kicking that off, Chris, perhaps you can tell us what the big objectives were for the data lake, in terms of what outcomes were you seeking. >> Okay, I'd start off by saying there wasn't any single objective. It was very much about putting in a key enterprise component that would facilitate many, many things. When I look at it now and I look back, with wisdom hopefully, I see it as trying to put in data as a service within the company. Very much we built it as an operational data lake first and foremost, because we wanted to generate value for the company. I very much convey to people that this was something that was worth investing in on an ongoing basis, and then on the back of that of course, once you've actually pulled all the data together and started to curate it and make it available, then you can start doing the research work as well. We were trying to get the best of both worlds from that perspective. >> Let me follow up with that just really quickly. It sounds like if you're doing data as a service, it's where central IT as a function created a platform on which others would build applications and you had to make that platform mature at a certain level, not just the software but the data itself. Then at that point, did you show prototype applications to different departments and business units, or how did the uptake, you know, how organically did that move? >> Not so much, it was very much a fast delivering, agile, set of projects working together, so we actually had, and we used to call it the holy trinity of the projects we were doing. We had putting in a new customer portal that would be getting all of its data from the data lake, putting in a new CRM system getting all of its data from the data lake and talking to the customer portal, and then of course at the back behind that, the data lake itself feeding all the data to these systems. We weren't developing in parallel to to those projects, but of course those were not small projects. Those were sizable beasts, but side by side with that, we were still able to use the data lake to do some proof of concept work around analytics. Interestingly, one of the first things we used the data lake for, in terms of on the analytics side, was actually meeting a government regulatory requirement, where they needed us to get an amount of data together for them very quickly. When I say quickly, I mean within two weeks. We went to our typical suppliers and said, "How long will this take?" About three months, they thought. In terms of actually using the data lake, we pulled the data together in about two days and most of the delays were due to the lack of strict requirements, where we were just figuring out exactly what people wanted, and that really helped demonstrate the benefit of having a data lake at base. >> So Martin, tell us how Deloitte, you know, with its sort of deep bench of professional services skills, could help make that journey easier for Chris and for others. >> There were actually a number of areas where we engaged ... We were all the way from the very beginning, engaged in working on the business case creation and really when it sort of came to life was when we brought our technology people actually in to work out a road map of how to deal with it. As Chris said, there were many moving parts, therefor many teams within Deloitte that were engaged with different areas of specialization, so from a big development perspective on the one hand to sales force, CRM in the background, and then obviously my team of sort of data ninjas that came in and built the data lake. What we also did is actually we partnered with other third parties on the testing side, so that we covered, really, the full life cycle there. >> If I were to follow up with that, it sounds like because there were other systems being built out in parallel that depended on this, you probably had less, fewer degrees of freedom in terms of what the data had to look like when you were done. >> I think that's true, to a degree, but when you look at that every model that we deployed, it was very much agile delivery and we, during the liberation phase, we were working together very closely across these three teams, right? So there was a certain amount of, well not freedom in terms of what to deliver in the end, but to come to an agreement as to what good will look like at the end of a sprint or for a release, so there were no surprises as such. Still, through the flexible architecture that we had built and the flexible model that we had delivering, we could also respond to changes very quickly, so if the product owner changed priority or made priority calls and changed priority items in the backlog, we could quite quickly respond to this. >> So Itamar, maybe you can help us understand how Attunity added value, that other products couldn't really do and how it made the overall pipeline more performant. >> Okay, absolutely. The project that again, this Fortune 100 company was putting together, was an operational data lake. It was very important for them to get data from a lot of different data sources, so they can merge it together for analytic purposes, and also get data in real time so they can support real time analytics using information that is very fresh. That data in many financial services and insurance companies came from the mainframe, so multiple systems on the mainframe as well as other systems, and they needed an efficient way to get the data ingested into their data lake, so that's where Attunity came in, as part of the overall data lake architecture, to support an incremental, continuous, universal data ingestion process. Attunity replicate lends itself to being able to load the data directly into the data lake, into Hadoop, in this case, or also if they opt to use Kafka or go through mechanisms like Kafka and others, so it provided a lot of flexibility architecturally to capture data as it changes, in their many different databases and feed that into the data lake so it can be used for different types of analytics. >> So just to drill down on that one level, 'cuz many of us would assume that, you know, the replication log that Attunity sort of models itself after, would be similar to the event log that Kafka works, sort of models itself after. Is it that if you use Kafka you have to modify the source systems, and therefor it puts more load on them, where as with Attunity you are sort of piggybacking on what's already happening, and so you don't add to the load on those systems? >> Okay, great question. Let me clarify. >> Okay. First of all, Kafka is a great technology that we're seeing more and more customers adopt as part of their overall big data management architectures. It's a public subscribe basically infrastructure that allows you to scale up the messaging of data and storage of data as events, as messages, so you can easily move it around and process it also in a more real time streaming fashion. Attunity complements Kafka and is actually very well integrated with it, as well as other streaming type of ingestion data processing technologies. What Attunity brings to the picture here is primarily the key function of technology, CDC, change data capture, which is the ability, the technology to capture the data as it changes, in many different databases. Do that in a manner that has very little impact, if any, on the source system and the environment, and deliver it in real time. So what Attunity does in a sense, we turn the databases to be live feeds that then can stream, either directly, either we can take it directly into platforms such as Hive, HDFS, or we can feed it into Kafka for further processing integration through Kafka integration. So again, it's very complementary in that sense. >> Okay. So maybe give us, Chris, a little more color on the before and after state, you know, before these multiple projects happened, and then the data lake as sort of a data foundation for these other systems that you're integrating. What business outcomes changed, and how did they change? >> Oof, that's a tough question. I've been asked many flavors of that question before and the analogy I always come back to is it's like we were moving from candle power to electricity. There's no single use case that shows this is why you need a data lake. It was many, many things they wanted to do. In the before picture, again that was always just very challenging, so like many companies, we've outsourced the mainframe support operation and running of our system to third parties, and we were constrained by that. You know, we were in that crazy situation where we couldn't get to our own data. By implementing the data lake, we've broken down that barrier. We now have things back in our control. I mentioned before that POC we did with the regulatory reporting, again, three months ... Two days. It was night and day in terms of what we were now able to do. >> Many banks are beginning to say that their old business model was get the customers' checking account and then, you know, upsell, cross sell, to all these other related products or services. Is something happening like that with insurance, where if you break down the data silos, it's easier to sell other services? >> There will be, is probably the best way to put it. We're not there yet, and you know it's a road, right? It's a long journey and we're doing it in stages, so I think we've done what? Three different releases on the data lake to date? That's very much on the plan. We want to do things like nudges to demonstrate to the customers how there are products that could be a very good fit for them, because once you understand your customer, you understand what their gaps are, what their needs, what their wants are. Again, very much in the roadmap, just not at that part of the map yet. >> So help us maybe understand some of the near term steps you want to take on that roadmap towards that nirvana. >> So, those >> And what the role Attunity as a vendor might play, and Deloitte, you know as a professional service organization, to help get you there. >> So Attunity was obviously was all about getting the data there as efficiently as possible. Unfortunately like many things, in your first iteration it's still, our data lake is still running on a batch basis, but we'd like to evolve that as time goes by. In terms of actually making use of the lake, one of the key things that we were doing on that was actually implementing a client matching solution, so we didn't actually have a MDM system in place for managing our customers. We had 12 different policy admin systems in place. Customers could be coming to us being enrolled, they could be a beneficiary, they could be the policy holder, they could be a power of attorney, and we could talk to someone on the phone and not really understand who they were. You get them into the data lake, you start to build up that 360 view about who people are, then you start to understand what can I do for this person. That was very much the journey we're going on. >> And Martin, have you worked with ... Are you organized by industry line and is there a sort of capability maturity level where you know, you can say, okay, you have to master these skills and at that skill level then you can do these richer business offerings? >> Yeah, absolutely. First of all, yes, we are organized by industry groups and we have sort of a common model across industry store that describe what you just said. When we talk about inside strength in organization, this is really where you are sort of moving to on the maturity curve, as you become more mature in using your analytical capabilities and turning data from just data into information, into a real asset you can actually monetize, right? Where we went with Chris' organization and actually there's many other life insurers, is actually sort of the first step on this journey, right? What Chris described around for the first time being able to see a customer centric view and see what a customer has in terms of product, and therefor what they don't have, right? And where there's opportunities for cross selling, this is sort of a first step into becoming more proactive, right? There's actually a lot more that can follow on after that, but yeah, we've got maturity models that we assess against and we sort of gradually move people, organizations to the right place for them, because it's not going to be right for every organization to be an inside driven organization, to make this huge investment, to get there, but most companies will benefit will benefit from nudging them in that direction. >> Okay, and on that note we're going to have to leave it here. I will say that I think that there's a session at 2:30 today with the Deloitte and the unnamed insurance team talking in greater depth about the case study, with Attunity. On that, we'll be taking a short break. We'll be back at Big Data Silicon Valley. This is George Gilbert and we'll see you in a few short minutes.

>> Narrator: You are Cube Alumni. Live from Silicon Valley, it's the Cube. Covering Google Cloud Next 17. >> Welcome back to the Cube's coverage of Google Next 2017. Having a lot of conversations as to how enterprises are really grappling with cloud. You know, move from on premises to public cloud, multi-cloud, hybrid-cloud, all those pieces in between. Happy to welcome to the program a first time guest, Paul Scott-Murphy who's the vice president of product management at WANdisco, thanks so much for joining us. >> Yeah, thanks very much, it's great to be here and join your program. >> Alright, so you know, Paul, I think a lot of our audience probably is familiar with WANdisco, we've had many of your executives on, really dug into your environment for the last few years, usually see you guys a lot of not only the big data shows, we've got Strata coming up next week, last time I did an interview with you guys was at AWS re:Invent. So you know, WAN, replication, data, all those things put together, you've got a big bucket of big data in cloud. Tell us a little bit about kind of your background, your role at the company. >> Okay. So I've been at WANdisco now for about two and a half years. I previously worked for TIBCO Software for a decade. Working out of Asia-Pacific, held the CTO role there for APJ. And joined WANdisco two and half years ago, just as we were entering into the big data market with our replication capabilities. I now run product management for the company and work out of our headquarters here in the Bay area. >> Stu Miniman: Great. And connect with us you know, what you guys are doing at Google, what's the conversations you're having with customers that are attending. >> Yeah, so Google is definitely one of the key strategic partners for WANdisco, obviously particularly in the Cloud space for us. We're hosting a booth fair for the conference and using that as an opportunity to speak to other vendors and the customers that we have attending the Google conference. Particularly around what we're doing for replication between on premises and cloud environments, and how we support Google Cloud. Dataproc, and Google Cloud Storage as well. >> Can you help unpack for us a little bit, where are your customers, give us a tip of the customers, you know they're saying hey, I want to start using this cloud stuff, how are they figuring out what applications stay on premises, what goes to the public cloud, and that data piece is a challenging thing, moving data is not easy, there's a whole data gravity piece that fits into it, maybe you can help walk us through some of the scenarios. >> Yeah, as we're progressing the technology, we're certainly finding a broader and broader range of customers getting interested in what they can do around data replication. The sorts of organizations that we deal with primarily are those who are looking to leverage both on premises and cloud infrastructure. All those who are moving from a situation where they've been toying with these environments and moving into production-ready scenarios where the demands or enterprise level SLAs or availability, or the needs around disaster recovery, backup and migration use cases become a lot more dominant for them. The organizations that we work with typically they are larger organizations, we deal a lot with retail, with financial services, telecommunications, with research institutions as well. All of whom have larger needs around taking advantage of cloud infrastructure. Of course they all share the same challenge of the availability of their data, where it's sourced from, isn't always necessarily in the cloud, taking advantage of cloud infrastructure then requires them to think about how they make their information available both to their on premises systems and to the cloud environment where they can run perhaps larger analytic workloads against it, or use the cloud services that they would otherwise not have access to. >> One of the challenges we've seen is when we've got kind of that hybrid or multi-cloud environment, you know, manages my data, kind of the holes, you know, orchestrating pieces and getting my arms around how I take care of it and leverage it can be challenging. Is that something you guys help with or are there other partners that get involved, how are customers helping to sort out and mature these environments? >> Yeah it's a big question of course, you've touched on the management of data as a whole and what they means, and how organizations handle that. WANdisco's role in supporting organizations with those challenges is in ensuring that when they need to take advantage of more than one environment or when they need their data to be available in more than one place. They can do that seamlessly and easily. What we aport to do and what we encourage our customers to do with our technology is rather than keeping one copy of data on premises and using it solely there, or copying your data to another location in order that you can act upon it there, we treat those environments as the same and say well, have the best of both worlds. Have your data available in each location, let your applications use it at the local speed and do that without regard to the need for retaining a workflow by which you exchange data between environments. WANdisco's technology can take care of all of that, and to do so it has to do some very smart things under the covers, around consistency and making it work across wide-area networks. Makes it particularly suited to cloud environments where we can leverage those underlying capabilities in conjunction with the scale of the cloud which is a native home for data at scale. >> Can you give us some, you know, where do you see customers kind of in this maturation, Dan Green made a statement that today 5% of the data is in the public cloud, so what are some of those barriers that are stopping people from getting more data in the Cloud, is it something that we will just see a massive adoption of data in the cloud, or what's your guys viewpoint as to where data's going to live, how that movement is happening. >> Yeah, I think longer term the economic advantages of using cloud environments are undeniable. The cost advantages of hosting information in the cloud and the benefits that come from the scalability of those environments is certainly far surpassing the capabilities that organizations can invest in themselves through their own data centers. So that natural migration of data to the cloud is a common theme that we see across all sorts of organizations. But as many people say, data has gravity, and if the majority of your application information resides today in your own environments or in environments outside of the cloud, whether that's internet connected devices, or in points of ingest that reside outside of cloud environments, there's a natural tendency for data to remain in place where they're either ingested or created. What you need to do to better take advantage of cloud environments then is the ability to easily access that data from cloud infrastructure. So the sorts of organizations that are looking to that are those with either burgeoning problems around consuming data at multiple points. They might operate environments that span multiple contents. They might have jurisdictional restrictions around where their data can reside but need to control its flow between separate environments as well. So WANdisco can certainly help with all of those problems, the underlying replication technology that we bring to bear is very well suited to it. But we are a part of the overall solution. We're not the full answer to everything. We certainly deal very well with replication and we believe we cover that very well. >> I'm curious when you talk about kind of the dispersion of data and where it's being created, of course edge-use cases for things like IOT, are quite a hot topic at that point. Is that something you guys are touching on yet, gets involved in discussions, you know, where does that sit? >> Yeah, definitely. The interesting thing about WANdisco's approach to data replication is that we base it on this foundation of consistency. And using a mathematically proven approach to distributed consensus to guarantee that changes made in one environment are represented in others equally, regardless of where those changes occur. Now when you apply that to batch based data storage or streaming environments, or other forms of ingest is relatively irrelevant as long as you have that same underlying capability to guarantee consistency regardless of where changes occur. If you're talking about high IT environments where you naturally have infrastructure sitting outside of the cloud, and this is the type of infrastructure that needs to reside out of the cloud, right, your edge points where data are captured, where your consuming information are generating it from devices perhaps from an automotive vehicle or from an embedded device, some sort of sensor array, whatever that happens to be, these are the types of environments where it means you're generating data outside of the cloud. So if you're looking to use that inside of the cloud itself, you need some way of moving data around, and you need to do that with some degree of consistency between those environments to make sure you're not just challenged with extra copies of information. >> The other really interesting topic around data that's being discussed at the Google Cloud event is artificial intelligence, machine learning, I'm curious, are your customers involved in that, where do you see that kind of on the radar today? >> Yeah, it's obviously an absolutely critical part of where the IT industry in general is going, and the type of solution that's fed off data. These systems are better as your data set grows. The more information you have, the better they work, and the more capable they become. It's certainly an aspect of how well machine learning technique and artificial intelligence approaches have been adopted in the industry, and the rapid rate of change in that side of IT is driving a lot of the demand for increasing access to data sets. We see some of our customers using that for really interesting things. You might've seen some of the recent news around our involvement in a research project led through the University of Sheffield, looking to use data sets captured from a variety of research institutions and medical environments to solve the problem of identifying and responding to dementia. And it's a great outcome from that type of environment. Through which machine learning techniques are being applied across data sets. What you find though is that because there's a large set of institutions sharing access to data, no single data set is sufficient to support those outcomes, regardless of what intelligence you can place against the machine learning models that you build up. So by enabling the ability to bring those data sets together, have them available in a single location, being the cloud, where larger models can be assessed against the data sets means much better outcomes for those types of environments. >> Okay. Paul, in your role of product management, we've been through some of the hot buzz terms out there, how do you help the company identify those trends, focused on the ones that are important to your customers and the kind of feedback loops that you get from them. >> I guess a lot of work in the end is how we do it but we need to listen to customers directly of course, understand what they're looking to do with their information systems. What they're aiming for. Their goals at a business level, what type of value that they want to get out of their data, and how they're approaching that. That's really critical. We also need to look to the industry in general. We're obviously in a very rapidly changing environment where technologies, the organizations that build IT systems, are increasingly adopting new approaches and building systems that simply weren't available days ago. You look at the announcements from Google of late around their video intelligence APIs as a service, their image APIs as well, all new capabilities that organizations today now have access to. So bringing those things together, understanding where the general IT trends are, how that applies to our customers, and what WANdisco can do with the unique value that we bring is really key to the product management role. >> Alright, and Paul, you've been at the show, curious, any cool things you saw, interesting customer conversations that may want to give our audience a flavor of what's going on, why 10 thousand people are excited to be at the event. >> Yeah well it is a very exciting event, just the scale of these types of events run by Google and similar organizations is something in itself to behold. We're really excited to be a part of that. The things that are really interesting for me out of the show tend to be where we see customers or opportunities coming to us, identifying challenges that they can't address without the type of technology that we bring to bear. Those tend to be areas where either they're looking to do migration from on premises systems into the cloud which is obviously very strong interest for Google themselves, they need to bring customers in to take better advantage of the services that they have. WANdisco can play a strong role in that. We're seeing a lot of interesting things around the edge too, so all of the ways in which data can be used are always exciting and interesting to see. The combination of technologies like artificial intelligence, like virtual reality, the type of work that WANdisco does also, is certainly going to bring forward I think a new wave of applications and systems that we just hadn't considered even a few years ago. >> Yeah. Lots of really interesting things. There's personal assistants at home and personal assistants that are listening. Okay Google, subscribe to SiliconANGLE on Youtube. We'll be back with lots more coverage here from the Cube, talking about Google Next 2017. You're watching the Cube.

>> Mine from Las Vegas. It's the cute covering knowledge sixteen brought to you by service. Now carry your host, Dave Alon and Jeff Rick. >> Welcome back to knowledge. Sixteen. Everybody, This is the Cube. Silicon Angles, flagship product. We go out to the events. We extract the signal from the noise Bart Murphy is. Here's the CTO of York Risk Services group. Mark. Good to see again. Good to see you. But thank you for having me. So what's been going on this week? Busy week. What you been doing this week has >> been busy. I've been doing a couple different things. One on the CIA decisions track, you know, collaborated on with those folks and getting some sessions in from service now and then on the partner side. You know, talking to customers, checking out and enjoying the the key notes on seeing what's new on the platform. Very exciting. >> Did you see Secretary Gates last night? We were, unfortunately, >> got pulled out for a call, So I >> think that's the >> one thing I did miss. You >> want to call me on that? One of things, he said, which I want to ask you about a former CEO. See XO now? Hey, said that consensus management don't bother now speaking to watch the CEO's as the CEO, yeah, it's a >> challenge. I think you know, there's there's one component that you have to devise, a strategy that you know a sound, and you have to have some resolve to help sell it. So I see that component of it. But the other is to sell that vision and get other people bought it. So, you know, I think there is a and consensus component from that, certainly from the executive team. And then you have to go sell it to your organization as well. And I think that truly doesn't come from just talking about the vision or the business case. It's from actually delivering the software and delivering the services and doing in an incremental basis that allows them to see and gain value from that, that that's what you build your credibility up on. And I think then that's what helps sell it. >> So you've gone through a few changes personally, your company. So take us through the care works acquisition. Sure, so >> careless family companies was required by your Chris Services Group S O. We're now part of a larger organization and national organization, Although care works itself had a few of the companies that had national footprint, a majority of them were primarily based in Ohio. So strategically great fit a great company. I moved into the corporate CTO roll about Oh, a year, year and a half after the acquisition, and I've been really trying to build out the entire enterprise strategy from a night perspective because they just they had procured a lot of acquired a lot of companies over a two to three year time span. And so we need to really invest a lot of time on what the future state of it is going to look like. >> So it's interesting gone from CEO to CTO. People talk coming to Cuba to talk about the role of the CIA. He'LL talk about all the time, and there'd been someone put forth the notion that the CEO eventually is going to have to choose a path, technical path or business path. You know, maybe both at different times. Do you subscribe to that, or do you see the CEO role is continuing on a CZ? We've known it. Yeah, >> we don't have a separate CIA and CTO I oversee the including operations. To me from a title perspective, I just want to have the organization view that that role is part of innovation. We have a chief innovation officer as well, but from a technology perspective, I think it's very difficult to run operations if you don't have a good grass for the technology in the platform. So regardless of the roller or title that they gave me, I think it's more about what are you managing on? And I don't want to ever be broken up between sort of SETI role that may be more focused on newer technology projects and then a CIA on Lee based on building our run methods. I want to make sure that those organizations are always combined because you're going to build much better software if you also have to support it. We also want to make sure that the automation is in place so that we have our support organization in mind when we actually deploy new platforms, new applications, new systems. >> So you see yourself as a software company. >> You know we do. We're in the wrist services business, so we are, ah, services provider, two carriers to large self insured Teo Large Claims organization. So we see ourselves. A lot of what we do is differentiated by our technology. Whether that's, you know, better business process, outsourcing functions or ability to do Bill review faster, more accurately. So our CEO definitely sees us as a technology company, and that's why there's a lot of investment in time being put into sort of build out what that future state of it is going to look like. >> What what do you do with service now? These days? How did the acquisition affect that and where you had it? >> Well, so we just went live with Yorker Services Group on service now is Platform on Geneva, and that's actually a separate production instance that we have with care work. So we deployed the care works instance in early two thousand eleven, late two thousand ten in that time frame, and there were, you know, there's a ton of customization a lot, you know, very solid platform for that family of companies with the York. There's a much larger scope that we wanted to address so very lucky again to be in that situation because I had an opportunity to start a redo and any time that you worked on a platform and you do it for a few years and then you get a chance to actually build again. So we really took more of an enterprise. I till out of the box type of approach s O that it could be flexible enough to manage across the entire enterprise, including all the acquired companies that we plan to pull onto the platform. And then that gives us time to figure out what was really the best out of our other platform that we want to, you know, retrofit back in. But the main reason I did that is to make sure that we could get some benefit out of the platform now and work and migrate into the business. Shared services functions within York that I think we're going to benefit very, very much from the new platform. >> So you've got a mulligan of sorts a little bit. >> Yeah, I got lucky on that on a little bit of the mulligan. And, you know, again, it's all about trying to make sure that we can come in and we just went live. You know, we're gonna have our challenges, like with any organizational change management solution, even just on the same side. But the cadence in which we're putting out releases to actually improve and bring on other shared services functions, I think, is where we will gain the majority of buying. >> So this notion here talked about a lot of this conference. The single cmd b yeah, is that something that you're able to achieve or working toward? Are you there? And absolutely, it's the goal. >> I mean, I don't know if you ever achieve it. I think it does take a lot of time. So the goal is to have everything in one platform for all of our companies across the board and to help facilitate automation, whether it's with GRC with the new security product that's coming out, which is, you know, something we're looking to get deployed in. Q three Q. Three Q For hopefully sooner rather than later. I just see there's a bunch of play on the automation orchestration side as it relates to tying in and tying an audit. Tien and Security on then also looking at business shared services and you know that's a whole different world of figuring out how can we help them? And we have ah operations service and are actually part of our next release. So I'll be very interested to see. You know, they do a lot of things manually like everybody does. He'LL be very keen to see how they see the platform and what they're going to come up with us, a strategy long term for them. >> So are you mentioned a couple times that York's made a number of acquisitions your company included, and don't give twenty four looking statements? Obviously, they're going to keep rolling up more things. But if you could speak to using service now as a vehicle to better integrate acquisitions, yeah, because for a lot of companies, that's a strategy. >> Yes, so and I actually have a strategy around that leveraging the platform is one of the main reasons that want to get it in now so that it could eventually build that. My whole goal there is the Leverage Performance Analytics on the way that I envisioned. Using that is, in many of the companies that we acquire, they will operate still, stand alone from a night perspective for some period of time. You know, whether that's six months, three months, two years until we can fully integrate him, whether it's network, you know, systems consolidation you name it. It takes a long time. It's not something that we have solved. So part of it is to be able to do modeling using Performance Analytics by pulling in the data so I can get them now onto this cloud platform because they don't need to be on network. I can have them operating their work within that platform for a period of a baseline period of time. And I could start to model that using Performance Analytics to say, How would that impact our enterprise? That's allies. Does it help our enterprise? That's always. Does it degrade our enterprise? That's the lace. Are they staffed appropriately to actually meet our enterprise? That's the lace and what our enterprises slaves. Once we start collecting all this data based on how we're staffed and how we're going to, you know, fund that transaction. So, >> Bart, if I understood it correctly, you have the dual role CEO slash CTO. Okay, is that there's the CSO report into you are he does. I saw Also he >> does. And so and that's ah, new rule that we established about a little less than a year ago. There was ah VP of corporate security. But we didn't have a chief information security officer s. So I we're not got a very season, see so and working not only as an internal what we do internally. Also within our tech company as well. We started cybersecurity practice. So everything we do, we try to make sure that we can actually support our technology investments from an enterprise perspective and be able to self serve ourselves as an enterprise. So very excited about that. That's why we're getting to the security components and some other products that we think will integrate extremely well into service. Now >> let's talk about that a little bit. I want to put forth the premise. You tell me, feel free to tell me the premise doesn't hold water. But it seems to us that there's been a shift in thinking about security from we'LL focus on you know, defense, defense, defense to one of you know we're going to get infiltrated. It's all about how we respond and I as the sea xo Whatever. See so CEO Seo, I can help lead that response. It's mechanism, but it's a team sport. Is that a valid premise? >> I think it's valid. I think you know, I think it's a little it is driving some change v f ear. But, you know, I think that, you know, is certainly from an external perspective can protect yourself pretty well. You know, a lot of the breaches were actually curve, and some of the cases were internal or through third party partners. So I think there's been a lot of additional due diligence being put on organization, especially as a service organization. We work with a lot of large insurance carriers as an example. So we are getting hit with a lot more requests and a lot more sort of assessments on what our controls are in that space. So we need to be mature, and that's based no matter what, since again, we're providing services to clients in this space, and we're collecting a good amount of claim data and bill data and medical data. So I'm not as going out staying okay, just when it's gonna happen and how we handle breach. If that's the case, I'm trying to figure out what are the ways that we can proactively manage our environment and be able to respond in a much faster fashion to isolate an issue as quickly as possible, which is why I'm really excited about the automation and security component within service now because properly integrated with similar tools that we have. There's a lot that the system conduce that a human can't get too fast enough that will actually shut down to manage that risk extremely well. >> Do you believe that the board level? There's sort of open and transparent communication that that it's not about If Wade get infiltrated, its we have been infiltrated and we will continue to be infiltrated. That discussion occur. >> I think, yeah, the board level. They're certainly more aware, and not just from their participation in our board for the companies that they run themselves, because many of these folks come from companies that their run themselves. So I think there's certainly an awareness I think they're demanding and wanting to have more concrete plans on what your corporate security strategy is going to be. So we've produced a three year plan on what that is and presented that our committee and are starting to communicate that all the way up, you know, through our CEO. So I think there's more awareness I I think that for whatever reason, people think that it hasn't been working on this for some time, but they have S o. You know, there's a lot of good things that we've already done and already put in place that people just need to be made aware of it and get up to speed if you will. And then there's. Here's what we're doing to invest in trying to stop future things or to be more proactive or tow, have better control. Is better auto practices this type of >> what's the right regime for a cyber security? In other words, who should be responsible for should be a single tech group? We Should it be a wider group. What responsibility? >> And no, it's it's it's It's by committee. So our committee included, you know, our general counsel, our CEO, our chief human resource officer, our CEO. So it it's a joint effort. Certainly there's a large component of it because many of it is about your defenses in your ability to manage and maintain and keep your data secure. But security is a company wide initiative. You know everything from training all the way down the associate level to not, you know, click on bad email links, right that no matter what you do and what type of in a virus you have and you're still going to get some of those fishing emails and some of those ransomware emails in those type of components. So there's a whole education put component that goes all the way down to the associate level. If that's not understood by the management over those groups, then you know how is it going to actually be distilled down and supported? So it's a complete company effort when it comes to corporate security. >> And how about >> the business lines? Because our research shows that a lot of organizations don't you don't even have the specifically answer for your organization. Just in your experience is the CEO and the CEO. If it seems as though a lot of businesses don't understand the value of their data or the value of their I p, and as a result, don't really know how to protect it, is that something that is challenging for organism >> Asians? I think it is least when I've talked to other clients potentially, I think less today than it was even five years ago. We certainly know the value of our data. I mean, there's been too many breaches in the large breaches in the past three years to not be aware. I have had that question asked ofyou on, even for a business perspective, understand the exposure. So you know they what is that? Hundred fifty hundred twenty five dollars per claim? Potentially on the data side. So people even put metrics around. It's you, Khun. Quickly go through and established what you think your overall exposure is from a dollar perspective and that starts toe. You know, open eyes when you have millions of claims, are even more millions of bills. >> And that's your business. So you would think you have a better understanding everything most. But so for those who don't how should they go about achieving that knowledge? That awareness, >> They should find someone that, you know, maybe some type of trusted advisor. You know, whether they need to hire a consulting company whether they need to go and just converse with another AA group like a CEO group and ask Hey, have you guys done this before? There's a ton of collaboration at that level where people are asking, Hey, how did you guys come up with your security road map on What did that >> look like? Because Because the value then drives your investment decisions, right, because that's the other thing is kind of like insurance. When is enough enough, You could always been Mohr, but at some point you're gonna have diminishing returns relative to the value. But you've gotta have a basis to set a budget. So I would imagine the value of the data, the value of the risk, whether its >> value brand right, so outside of the hard costs of potentially, you know, getting credit rating or those type of components. You know, there's there's the brand discussion, and I think that's somewhat invaluable. So, you know, budgets are just over. Go spend what you want, but there's certainly a lot of awareness that money needs to be spent that area. It needs to be spent wisely, but there hasn't been an issue as to either one. We're coming up with wild budgets for security but explaining what we're doing and why, and how cost effectively we're doing. It has been very well >> in thinking about how you communicate to the board Yeah, about cyber security. What would be the top two or three things that you would recommend that a C XO should have on his or her checklist? >> One is, you know, understanding all your end point, so understanding everything that's in your network. And it's an easy to say, but it's a very hard thing to do, especially when you have external facing applications. And you have a lot of different networks, so understanding your scope of devices and understand. You know, that way you could understand, to start to collect and fill up that C M G B and understand. Okay, if I have a patch that wasn't applied, how many devices were impacted? You know, how quickly can I get those remediated s so that you know, I think understanding the technical scope of your organization is important because it's very difficult to understand your risks, you know, rating if you will. If you don't understand the tools you have in place and where your potential holes maybe, ah, and then understanding you know your core data. So you know what is in your data that would potentially create a potential risk, even a financial risk? Certainly we go through all the insurance process, right? And even insurance now for cyber liability insurance. You know, the forms for five years ago were much different than the forms that are being filled out today. Much different. A lot more detail, a lot more drill down. So even just going through that process alone drives you to actually go and collect all this information that I'm talking about today, you know, so understanding your internal environment in understanding you know, those endpoints understanding the scope of your data management. And then I think it's around developing a sound strategy that is not just short term but short term and long term, with investments not just in tools, but also processes training those components. >> Did you look a tte security and responding to security is part of, ah, business continuity, as opposed to sort of a bespoke initiative. It is, There's business >> continuity and d are both have components of security, but it is truly what a way to ensure that you're you stay in business, right, and and And if people don't view it that way, then there's a lot of organizations that have been either crippled, not necessary put out of business but impacted extremely large. You know, financial impact with unmanaged breaches that actually went on way too long, right? And they weren't able to detect it, you know? So I think that there's a component there where you have to really think about what's the scope of the work, what the scope of the risk and how much do we need to invest? >> And you see service now. And I'm spending so much time in security this week because I'm excited about what I saw on Monday at the financial analyst meeting and who, talking to folks about this very important topic, you see, service now is playing a role in solving this problem. >> I do because we're a big user of GRC. So we already went down the audit route with service now years ago s Oh, this is just another extension I see of not just audit controls but being more proactive on the security side. And so, since all of our information is in this platform anyhow, we have a ton of opportunity toe automate and manage a lot of the things that again could have potentially gone unnoticed for a period of time simply because a manpower or logs if you ever had a review logs from some of these devices. I mean, trying to find the needle in the haystack is very difficult. So tools are extremely important in this space. Humans cannot meet this challenge alone at all. >> You just make a tad cloud. You wish, right? Awesome. Bart, this is I'LL give you the last word so that your impressions on knowledge sixteen. >> I'm excited, You know, the way it's grown again The way that they're really being purposeful about how they're building out their platform and truly trying to solve the enterprise problems to me is just it shows a very strategic, well thought out plan by service now. And as customers, you know and partners, you know, that's that's what you want to see from a company. So for me, I'm just very pleased where the platforms going. It's exciting how much they've grown. But the way that they've been able to invest in the right things, I feel and truly integrate things into the platform, even acquisitions that they had on and truly make it part of the platform versus and add on, I think, is really differentiating them from a lot of products that have grown in a similar matter but become unwieldy to manage because they're just pieced together. So I'm very, very excited, >> Fantastic. The cube securing knowledge for our audience that Bart, you have full of a lot of knowledge and really appreciate you coming on the Cuban and sharing. >> Yeah, appreciate it. Nice seeing you guys. >> All right, Keep it right there, everybody. We'LL be back with our next guests right after this. We're live knowledge. Sixteen from the Mandalay Bay Hotel in Las Vegas, right back. >> Every once in a while.

>> Narrator: The cube presents, the Kubecon and Cloudnativecon Europe, 2022 brought to you by Red Hat, the cloud native computing foundation and its ecosystem partners. >> Welcome to Valencia, Spain in Kubecon and Cloudnativecon Europe, 2022. I'm your host Keith Townsend. It's been a amazing day, three days of coverage 7,500 people, 170 sponsors, a good mix of end user organizations, vendors, just people with open source at large. I've loved the conversations. We're not going to stop that coverage just because this is the last session of the conference. Colin Murphy, senior software engineer, Adobe, >> Adobe. >> Oh, wow. This is going to be fun. And then Liam Randall, the chair of CNCF Cloud Native WebAssembly Day. >> That's correct. >> And CNCF & CEO of Cosmonic. >> That's right. >> All right. First off, let's talk about the show. How has this been different than other, if at all of other Kubecons? >> Well, first I think we all have to do a tremendous round of applause, not only for the vendors, but the CNC staff and all the attendees for coming out. And you have to say, Kubecon is back. The online experiences have been awesome but this was the first one, where Hallwaycon was in full effect. And you had the opportunity to sit down and meet with so many intelligent and inspiring peers and really have a chance to learn about all the exciting innovations that have happened over the last year. >> Colin. >> Yeah, it's been my most enjoyable Kubecon I've ever been to. And I've been to a bunch of them over the last few years. Just the quality of people. The problems that we're solving right now, everywhere from this newer stuff that we're talking about today with WebAssembly but then all these big enterprises trying to getting involved in Kubernetes >> Colin, to your point about the problems that we're solving, in many ways the pandemic has dramatically accelerated the pace of innovation, especially inside the CNCF, which is by far the most critical repository of open source projects that enterprises, governments and individuals rely on around the world, in order to deliver new experiences and to have coped and scaled out within the pandemic over the last few years. >> Yeah, I'm getting this feel, this vibe of the overall show that feels like we're on the cuff for something. There's other shows throughout the year, that's more vendor focused that talk about cloud native. But I think this is going to be the industry conference where we're just getting together and talking about it and it's going to probably be, in the next couple of years, the biggest conference of the year, that's just my personal opinion. >> I actually really strongly agree with you. And I think that the reason for that is the diversity that we get from the open source focus of Kubecon Kubecon has started where the industry really started which was in shared community projects. And I was the executive at Capital One that led the donation of cloud custodian into the CNCF. And I've started and put many projects here. And one of the reasons that you do that is so that you can build real scalable communities, Vendors that oftentimes even have competing interest but it gives us a place where we can truly collaborate where we can set aside our personal agendas and our company's agendas. And we can focus on the problems at hand. And how do we really raise the bar for technology for everybody. >> Now you two are representing a project that, you know as we look at kind of, how the web has evolved the past few decades, there's standards, there's things that we know that work, there's things that we know that don't work and we're beyond cloud native, we're kind of resistant to change. Funny enough. >> That's right. >> So WebAssembly, talk to me about what problem is WebAssembly solving that need solving? >> I think it's fitting that here on the last day of Kubecon, we're starting with the newest standard for the web and for background, there's only four languages that make up what we think of as the modern web. There's JavaScript, there's HTML, there's CSS, and now there's a new idea that's WebAssembly. And it's maybe not a new idea but it's certainly a new standard, that's got massive adoption and acceleration. WebAssembly is best thought of as almost like a portable little virtual machine. And like a lot of great ideas like JavaScript, it was originally designed to bring new experiences to browsers everywhere. And as organizations looked at the portability and security value props that come from this tiny little virtual machine, it's made a wonderful addition to backend servers and as a platform for portability to bring solutions all the way out to the edge. >> So what are some of the business cases for WebAssembly? Like what problem, what business problem are we solving? >> So it, you know, we would not have been able to bring Photoshop to the web without WASM. >> Wow. >> And just to be clear, I had nothing to do with that effort. So I want to make sure everybody understands, but if you have a lot of C++ or C code and you want to bring that experience to the web browser which is a great cost savings, cause it's running on the client's machines, really low latency, high performance experiences in the browser, WASM, really the only way to go. >> So I'm getting hints of fruit berry, Java. >> Liam: Yeah, absolutely. >> Colin: Definitely. >> You know, the look, WebAssembly sounds similar to promises you've heard before, right ones, run anywhere. The difference is, is that WebAssembly is not driven by any one particular vendor. So there's no one vendor that's trying to bring a plug in to every single device. WebAssembly was a recognition, much like Kubecon, the point that we started with around the diversity of thought ideas and representation of shared interest, of how do we have a platform that's polyglot? Many people can bring languages to it, and solutions that we can share and then build from there. And it is unlocking some of the most amazing and innovative experiences, both on the web backend servers and all the way to the edge. Because WebAssembly is a tiny little virtual machine that runs everywhere. Adobe's leadership is absolutely incredible with the things that they're doing with WebAssembly. They did this awesome blog post with the Google Chrome team that talked about other performance improvements that were brought into Chrome and other browsers, in order to enable that kind of experience. >> So I get the general concept of WebAssembly and it's one of those things that I have to ask the question, and I appreciate that Adobe uses it but without the community, I mean, I've dedicated some of my team's resources over the years to some really cool projects and products that just died on the buying cause there was no community around. >> Yeah. >> Who else uses WebAssembly? >> Yeah, I think so. We actually, inside the CNCF now, have an entire day devoted just to WebAssembly and as the co-chair of the CNCF Cloud Native WebAssembly Day, we really focus on bringing those case studies to the forefront. So some of the more interesting talks that we had here and at some of the precursor weekend conferences were from BMW, for example, they talked about how they were excited about not only WebAssembly, but a framework that they use on WebAssembly called WASM cloud, that lets them a flexibly scale machine learning models from their own edge, in their own vehicles through to their developer's workstations and even take that data onto their regular cloud Kubernetes and scale analysis and analytics. They invested and they just released a machine learning framework for one of the many great WebAssembly projects called WASM cloud, which is a CNCF project, a member project here in the CNCF. >> So how does that fit in overall landscape? >> So think of WebAssembly, like you think of HTML. It's a technology that gives you a lot of concept and to accelerate your journey on those technologies, people create frameworks. For example, if you were going to write a UI, you would not very likely start with an empty document you'd start with a react or view. And in a similar vein, if you were going to start a new microservice or backend application, project for WebAssembly, you might use WASM cloud or you might use ATMO or you might use a Spin. Those are three different types of projects. They all have their own different value props and their own different opinions that they bring to them. But the point is is that this is a quickly evolving space and it's going to dramatically change the type of experiences that we bring, not only to web browsers but to servers and edges everywhere. >> So Colin, you mentioned C+ >> Colin: Yeah. >> And other coding. Well , talk to me about the ramp up. >> Oh, well, so, yeah, so, C++ there was a lot of work done in scripting, at Adobe. Taking our C++ code and bringing it into the browser. A lot of new instructions, Cimdi, that were brought to make a really powerful experience, but what's new now is the server side aspect of things. So, just what kind of, what Liam was talking about. Now we can run this stuff in the data center. It's not just for people's browsers anymore. And then we can also bring it out to the edge too, which is a new space that we can take advantage of really almost only through WebAssembly and some JavaScript. >> So wait, let me get this kind of under hook. Before, if I wanted a rich experience, I have to run a heavy VDI instance on the back end so that I'm basically getting remote desktop calls from a light thin client back to my backend server, that's heavy. >> That is heavy. >> WebAssembly is alternative to that? >> Yes, absolutely. Think of WebAssembly as a tiny little CPU that is a shim, that we can take the places that don't even traditionally have a concept of a processor. So inside the browser, for example, traditionally cloud native development on the backend has been dominated by things like Docker and Docker is a wonderful technology and Container is a wonderful technology that really drove the last 10 years of cloud native with the great lift and shift, if you will. Take our existing applications, package them up in this virtual desktop and then deliver them. But to deliver the next 10 years of experiences, we need solutions that let us have portability first and a security model that's portable across the entire landscape. So this isn't just browsers and servers on the back end, WebAssembly creates an a layer of equality from truly edge to edge. It's can transcend different CPUs, different operating systems. So where containers have this lower bound off you need to be running Linux and you need to be in a place where you're going to bring Kubernetes. WebAssembly is so small and portable, it transcends that lower bound. It can go to places like iOS. It can go to places like web browsers. It can even go to teeny tiny CPUs that don't even traditionally have a full on operating systems inside them. >> Colin: Right, places where you can't run Docker. >> So as I think about that, and I'm a developer and I'm running my back end and I'm running whatever web stack that I want, how does this work? Like, how do I get started with it? >> Well, there's some great stuff Liam already mentioned with WASM cloud and Frmion Spin. Microsoft is heavily involved now on providing cloud products that can take advantage of WebAssembly. So we've got a lot of languages, new languages coming in.net and Ruby, Rust is a big one, TinyGo, really just a lot of places to get involved. A lot of places to get started. >> At the highest level Finton Ryan, when he was at Gartner, he's a really well known analyst. He wrote something profound a few years ago. He said, WebAssembly is the one technology, You don't need a strategy to adopt. >> Mm. >> Because frankly you're already using it because there's so many wonderful experiences and products that are out there, like what Adobe's doing. This virtual CPU is not just a platform to run on cloud native and to build applications towards the edge. You can embed this virtual CPU inside of applications. So cases where you would want to allow your users to customize an application or to extend functionality. Give you an example, Shopify is a big believer in WebAssembly because while their platform covers, two standard deviations or 80% of the use cases, they have a wonderful marketplace of extensions that folks can use in order to customize the checkout process or apply specialized discounts or integrate into a partner ecosystem. So when you think about the requirements for those scenarios, they line up to the same requirements that we have in browsers and servers. I want real security. I want portability. I want reuseability. And ultimately I want to save money and go faster. So organizations everywhere should take a few minutes and do a heads up and think about one, where WebAssembly is already in their environment, inside of places like Envoy and Istio, some of the most popular projects in the cloud native ecosystem, outside of Kubernetes. And they should perhaps consider studying, how WebAssembly can help them to transform the experiences that they're delivering for their customers. This may be the last day of Kubecon, but this is certainly not the last time we're going to be talking about WebAssembly, I'll tell you that. >> So, last question, we've talked a lot about how to get started. How about day two, when I'm thinking about performance troubleshooting and ensuring clients have a great experience what's day two operation like? >> That's a really good question. So there's, I know that each language kind of brings their own tool chain and their, and you know we saw some great stuff on, on WASM day. You can look it up around the .net experience for debugging, They really tried to make it as seamless and the same as it was for native code. So, yeah, I think that's a great question. I mean, right now it's still trying to figure out server side, It's still, as Liam said, a shifting landscape. But we've got some great stuff out here already >> You know, I'd make an even bigger call than that. When I think about the last 20 years as computing has evolved, we've continued to move through these epics of tech that were dominated by a key abstraction. Think about the rise of virtualization with VMware and the transition to the cloud. The rise of containerization, we virtualized to OS. The rise of Kubernetes and CNCF itself, where we virtualize cloud APIs. I firmly believe that WebAssembly represents the next epic of tech. So I think that day two WebAssembly continues to become one of the dominant themes, not only across cloud native but across the entire technical computing landscape. And it represents a fundamentally gigantic opportunity for organizations such as Adobe, that are always market leading and at the cutting edge of tech, to bring new experiences to their customers and for vendors to bring new platforms and tools to companies that want to execute on that opportunity. >> Colin Murphy, Liam Randall, I want to thank you for joining the Cube at Kubecon Cloudnativecon 2022. I'm now having a JavaScript based app that I want to re-look at, and maybe re-platforming that to WebAssembly. It's some lot of good stuff there. We want to thank you for tuning in to our coverage of Kubecon Cloudnativecon. And we want to thank the organization for hosting us, here from Valencia, Spain. I'm Keith Townsend, and you're watching the Cube, the leader in high tech coverage. (bright music)

>> Narrator: From theCUBE studios in Palo Alto in Boston connecting with our leaders all around the world. This is theCUBE conversation. >> Welcome to theCUBE and the special IBM Brocade panel. I'm Lisa Martin. And I'm having a great opportunity here to sit down for the next 20 minutes with three gentlemen please welcome Brian Sherman a distinguished engineer from IBM, Brian, great to have you joining us. >> Thanks for having me. >> And Matt key here. Flash systems SME from IBM, Matt, happy Friday. >> Happy Friday, Lisa. Thanks for having us. >> Our pleasure. And AIG Customer solution here from Brocade is here. AJ welcome. >> Thanks for having me along. >> AJ we're going to stick with you, IBM and Brocade have had a very long you said about 22 year strategic partnership. There's some new news. And in terms of the evolution of that talk to us about what's going on with with Brocade IBM and what is new in the storage industry? >> Yeah, so the the newest thing for us at the moment is that IBM just in mid-October launched our Gen seven platforms. So this is think about the stresses that are going on in the IT environments. This is our attempt to keep pace with with the performance levels that the IBM teams are now putting into their storage environments the All-Flash Data Centers and the new technologies around non-volatile memory express. So that's really, what's driving this along with the desire to say, "You know what people aren't allowed "to be in the data center." And so if they can't be in the data center then the fabrics actually have to be able to figure out what's going on and basically provide a lot of the automation pieces. So something we're referring to as the autonomous SAM. >> And we're going to dig into NBME of our fabrics in a second but I do want to AJ continue with you in terms of industries, financial services, healthcare airlines there's the biggest users, biggest need. >> Pretty much across the board. So if you look at the global 2000 as an example, something on the order of about 96, 97% of the global 2000 make use of fiber channel environments and in portions of their world generally tends to be a lot of the high end financial guys, a lot of the pharmaceutical guys, the automotive, the telcos, pretty much if the data matters, and it's something that's critical whether we talk about payment card information or healthcare environments, data that absolutely has to be retained, has to get there, has to perform then it's this combination that we're bringing together today around the new storage elements and the functionalities they have there. And then our ability in the fabric. So the concept of a 64 gig environment to help basically not be the bottleneck in the application demands, 'cause one thing I can promise you after 40 years in this industry is the software guys always figure out how to all the performance that the hardware guys put on the shelf, right? Every single time. >> Well there's gauntlet thrown down there. Matt, let's go to you. I want to get IBM's perspective on this. Again, as we said, a 22 year strategic partnership, as we look at things like not being able to get into the data center during these unprecedented times and also the need to be able to remove some of those bottlenecks how does IBM view this? >> Yeah, totally. It's certainly a case of raising the bar, right? So we have to as a vendor continue to evolve in terms of performance, in terms of capacity, cost density, escalating simplicity, because it's not just a case of not be able to touch the rates, but there's fewer people not being able to adjust the rates, right? It's a case where our operational density continues to have to evolve being able to raise the bar on the network and be able to still saturate those line rates and be able to provide that simply a cost efficiency that gets us to a utilization that raises the bar from our per capita ratio from not just talking about 200, 300 terabytes per admin but going beyond the petabyte scale per admin. And we can't do that unless people have access to the data. And we have to provide the resiliency. We have to provide the simplicity of presentation and automation from our side. And then this collaboration that we do with our network brother like Brocade here continued to stay out of the discussion when it comes to talking about networks and who threw the ball next. So we truly appreciate this Gen seven launch that they're doing we're happy to come in and fill that pipe on the flash side for them. >> Excellent and Brian as a distinguished engineer and let me get your perspectives on the evolution of the technology over this 22 year partnership. >> Thanks Lisa. It certainly has been a longstanding, a great relationship, great partnership all the way from inventing joint things, to developing, to testing and deploying to different technologies through the course of time. And it's been one of those that where we are today, like AJ had talked about being able to sustain what the applications require today in this always on time type of environment. And as Matt said, bringing together the density and operational simplicity to make that happen 'cause we have to make it easier from the storage side for operations to be able to manage this volume of data that we have coming out and our due diligence is to be able to serve the data up as fast as we can and as resilient as we can. >> And so sticking with you, Brian that simplicity is key because as we know as we get more and more advances in technology the IT environment is only becoming more complex. So really truly enabling organizations in any industry to simplify is absolute table stakes. >> Yeah, it definitely is. And that's core to what we're focused on and how do we make the storage environment simple. It's been one those through the years and historically, we've had entry-level us and the industry as a whole, is that an entry-level product mid range level products, high-end level products. And earlier this year, we said enough, enough of that it's one product portfolio. So it's the same software stack it's just, okay. Small, medium and large in terms of the appliances that get delivered. Again, building on what Matt said, from a density perspective where we can have a petabyte of uncompressed and data reduced storage in a two Enclosure. So it becomes from a overall administration perspective, again, one software stake, one automation stack, one way to do point in time copies, replication. So in focusing on how to make that as simple for the operations as we possibly can. >> I think we'd all take a little bit of that right now. Matt, let's go to you and then AJ view, let's talk a little bit more, dig into the IBM storage arrays. I mean, we're talking about advances in flash, we're talking about NBME as a forcing function for applications to change and evolve with the storage. Matt, give us your thoughts on that. >> We saw a monumental leap in where we take some simplicity pieces from how we deliver our arrays but also the technology within the arrays. About nine months ago, in February we launched into the latest generation of non technology and with that born the story of simplicity one of the pieces that we've been happily essentially negating of value prop is storage level tiering and be able to say, "Hey, well we still support the idea of going down "to near line SaaS and enterprise disc in different flavors "of solid state whether it's tier one short usage "the tier zero high performance, high usage, "all the way up to storage class memory." While we support those technologies and the automated tiering, this elegance of what we've done as latest generation technology that we launched nine months ago has been able to essentially homogenize the environments to we're able to deliver that petabyte per rack unit ratio that Brian was mentioning be able to deliver over into all tier zero solution that doesn't have to go through woes of software managed data reduction or any kind of software managed hearing just to be always fast, always essentially available from a 100% data availability guaranteed that we offer through a technology called hyper swap, but it's really kind of highlighting what we take in from that simplicity story, by going into that extra mile and meeting the market in technology refresh. I mean, if you say the words IBM over the Thanksgiving table, you're kind of thinking, how big blue, big mainframe, old iron stuff but it's very happy to say over in distributed systems that we are in fact leading this pack by multiple months not just the fact that, "Hey, we announced sooner." But actually coming to delivering on-prem the actual solution itself nine, 10 months prior to anybody else and when that gets us into new density flavors gets us into new efficiency offerings. Not just talk about, "Hey, I can do this petabyte scale "a couple of rack units but with the likes of Brocade." That actually equates to a terabyte per second and a floor tile, what's that do for your analytics story? And the fact that we're now leveraging NBME to undercut the value prop of spinning disc in your HBC analytics environments by five X, that's huge. So now let's take near line SaaS off the table for anything that's actually per data of an angle of value to us. So in simplicity elements, what we're doing now will be able to make our own flash we've been deriving from the tech memory systems acquisition eight years ago and then integrating that into some essentially industry proven software solutions that we do with the bird flies. That appliance form factor has been absolutely monumental for us in the distributed systems. >> And thanks for giving us a topic to discuss at our socially distant Thanksgiving table. We'll talk about IBM. I know now I have great, great conversation. AJ over to you lot of advances here also in such a dynamic times, I want to get Brocade's perspective on how you're taking advantage of these latest technologies with IBM and also from a customer's perspective, what are they feeling and really being able to embrace and utilize that simplicity that Matt talked about. >> So there's a couple of things that fall into that to be honest, one of which is that similar to what you heard Brian described across the IBM portfolio for storage in our SaaS infrastructure. It's a single operating system up and down the line. So from the most entry-level platform we have to the largest platform we have it's a single software up and down. It's a single management environment up and down and it's also intended to be extremely reliable and extremely performance because here's part of the challenge when Matt's talking about multiple petabytes in a two U rack height, but the conversation you want to flip on its head there a little bit is "Okay exactly how many virtual machines "and how many applications are you going to be driving "out of that?" Because it's going to be thousands like between six and 10,000 potentially out of that, right? So imagine then if you have some sort of little hiccup in the connectivity to the data store for 6,000 to 10,000 applications, that's not the kind of thing that people get forgiving about. When we're all home like this. When your healthcare, when your finance, when your entertainment, when everything is coming to you across the network and remotely in this version and it's all application driven, the one thing that you want to make sure of is that network doesn't hiccup because humans have a lot of really good characteristics. Patience would not be one of those. And so you want to make sure that everything is in fact in play and running. And that's as one of the things that we work very hard with our friends at IBM to make sure of is that the kinds of analytics that Matt was just describing are things that you can readily get done. Speed is the new currency of business is a phrase you hear from... A quote you hear from Marc Benioff at Salesforce, right. And he's right if you can get data out of intelligence out of the data you've been collecting, that's really cool. But one of the other sort of flip sides on the people not being able to be in the data center and then to Matt's point, not as many people around either is how are humans fast enough when you look... Honestly when you look at the performance of the platforms, these folks are putting up how is human response time going to be good enough? And we all sort of have this headset of a network operations center where you've got a couple dozen people in a half lit room staring at massive screens on the thing to pop. Okay, if the first time a red light pops the human begins the investigation at what point is that going to be good enough? And so our argument for the autonomy piece of of what we're doing in the fabrics is you can't wait on the humans. You need to augment it. I get that people still want to be in charge and that's good. Humans are still smarter than the Silicon. We're not as repeatable, but we're still so far smarter about it. And so we needed to be able to do that measurement. We need to be able to figure out what normal looks like. We need to be able to highlight to the storage platform and to the application admins, when things go sideways because the demand from the applications isn't going to slow down. The demands from your environment whether you want to think about take the next steps with not just your home entertainment home entertainment systems but learning augmented reality, right. Virtual reality environments for kids, right? How do you make them feel like they're part and parcel of the classroom, for as long as we have to continue living a modified world and perhaps past it, right? If you can take a grade school from your local area and give them a virtual walkthrough of the loop where everybody's got a perfect view and it all looks incredibly real to them those are cool things, right? Those are cool applications, right? If you can figure out a new vaccine faster, right. Not a bad thing, right. If we can model better, not a bad thing. So we need to enable those things we need to not be the bottleneck, which is you get Matt and Brian over an adult beverage at some point and ask them about the cycle time for the Silicon they're playing with. We've never had Moore's law applied to external storage before never in the history of external storage. Has that been true until now. And so their cycle times, Matt, right? >> Yeah you struck a nerve there AJ, cause it's pretty simple for us to follow the linear increase in capacity and computational horsepower, right. We just ride the X86 bandwagon, ride the Silicon bandwagon. But what we have to do in order to maintain But what we have to do in order to maintain the simplicity story is followed more important one is the resiliency factor, right? 'Cause as we increased the capacity as we increased the essentially the amount of data responsible for each admin we have to literally log rhythmically increase the resiliency of these boxes because we're going to talk about petabyte scale systems and hosting them really 10,000 virtual machines in the two U form factor. I need to be able to accommodate that to make sure things don't blip. I need resilient networks, right. Have redundancy and access. I need to have protection schemes at every single layer of the stack. And so we're quite happy to be able to provide that as we leapfrog the industry and go in literally situations that are three times the competitive density that we you see out there and other distributed systems that are still bound by the commercial offerings, then, hey we also have to own that risk from a vendor side we have to make these things is actually rate six protection scheme equivalent from a drive standpoint and act back from controllers everywhere. Be able to supply the performance and consistency of that service throughout even the bad situations. >> And to that point, one of the things that you talked about, that's interesting to me that I'd kind of like you to highlight is your recovery times, because bad things will happen. And so you guys do something very, very different about that. That's critical to a lot of my customers because they know that Murphy will show up one day. So, I mean 'cause it happens, so then what. >> Well, speaking of that, then what Brian I want to go over to you. You mentioned Matt mentioned resiliency. And if we think of the situation that we're in in 2020 many companies are used to DR and BC plans for natural disasters, pandemics. So as we look at the shift and then the the volume of ransomware, that's going up one ransomware attack every 11 seconds this year, right now. How Brian what's that change that businesses need to make from from cyber security to cyber resiliency? >> Yeah, it's a good point in, and I try to hammer that home with our clients that, you're used to having your business continuity disaster recovery this whole cyber resiliency thing is a completely separate practice that we have to set up and think about and go through the same thought process that you did for your DR What are you going to do? What are you going to pretest? How are you going to test it? How are you going to detect whether or not you've got ransomware? So I spent a lot of time with our clients on that theme of you have to think about and build your cyber resiliency plan 'cause it's going to happen. It's not like a DR plan where it's a pure insurance policy and went and like you said, every 11 seconds there's an event that takes place. It's going to be a win not then. Yeah and then we have to work with our customers to put in a place for cyber resiliency and then we spent a lot of discussion on, okay what does that mean for my critical applications, from a restore time of backup and mutability. What do we need for those types of services, right? In terms of quick restore, which are my tier zero applications that I need to get back as fast as possible, what other ones can I they'll stick out on tape or virtual tape in and do things like that. So again, there's a wide range of technology that we have available in the in the portfolio for helping our clients from cyber resiliency. And then we try to distinguish that cyber resiliency versus cyber security. So how do we help to keep every, everybody out from a cybersecurity view? And then what can we do from the cyber resiliency, from a storage perspective to help them once once it gets to us, that's a bad thing. So how can we help? How help our folks recover? Well, and that's the point that you're making Brian is that now it's not a matter of, could this happen to us? It's going to, how much can we tolerate? But ultimately we have to be able to recover. We can't restore that data and one of those things when you talk about ransomware and things, we go to that people as the weakest link insecurity AJ talked about that, there's the people. Yeah there's probably quite a bit of lack of patients going on right now. But as we look as I want to go back over to you to kind of look at, from a data center perspective and these storage solutions, being able to utilize things to help the people, AI and Machine Learning. You talked about AR VR. Talk to me a little bit more about that as you see, say in the next 12 months or so as moving forward, these trends these new solutions that are simplified. >> Yeah, so a couple of things around that one of which is iteration of technology the storage platforms the Silicon they're making use of Matt I think you told me 14 months is the roughly the Silicon cycle that you guys are seeing, right? So performance levels are going to continue to go up the speeds. The speeds are going to continue to go up. The scale is going to is going to continue to shift. And one of the things that does for a lot of the application owners is it lets them think broader. It lets them think bigger. And I wish I could tell you that I knew what the next big application was going to be but then we'd be having a conversation about which Island in the Pacific I was going to be retiring too. But they're going to come and they're going to consume this performance because if you look at the applications that you're dealing with in your everyday life, right. They continue to get broader. The scope of them continues to scale out, right. There's things that we do. I saw I think it was an MIT development recently where they're talking about being able to and they were originally doing it for Alzheimer's and dementia, but they're talking about being able to use the microphones in your smartphone to listen to the way you cough and use that as a predictor for people who have COVID that are not symptomatic yet. So asymptomatic COVID people, right? So when we start talking about where this, where this kind of technology can go and where it can lead us, right. There's sort of this unending possibility for it. But what that on, in part is that the infrastructure has to be extremely sound, right? The foundation has to be there. We have to have the resilience, the reliability and one of the points that Brian was just making is extremely key. We talk about disaster tolerance business continuous, so business continuance is how do you recover? Cyber resilience is the same conversation, right? So you have the protection side of it. Here's my defenses. Now what happens when they actually get in. And let's be honest, right? Humans are frequently that weak link, right. For a variety of behaviors that the humans that humans have. And so when that happens, where's the software in the storage that tells you, "Hey, wait there's an odd traffic behavior here "where data is being copied "at rates and to locations that that are not normal." And so that's part of when we talk about what we're doing in our side of the automation is how do you know what normal looks like? And once you know what normal looks like you can figure out where the outliers are. And that's one of the things that people use a lot for trying to determine whether or not ransomware is going on is, "Hey, this is a traffic pattern, that's new. "This is a traffic pattern. "That's different." Are they doing this because they're copying the dataset from here to here and encrypting it as they go, right? 'Cause that's one of the challenges you got to, you got to watch for. So I think you're going to see a lot of advancement in the application space. And not just the MIT stuff, which is great. The fact that people are actually able to or I may have misspoken, maybe Johns Hopkins. And I apologize to the Johns Hopkins folks that kind of scenario, right. There's no knowing what they can make use of here in terms of the data sets, right. Because we're gathering so much data, the internet of things is an overused phrase but the sheer volume of data that's being generated outside of the data center, but manipulated analyzed and stored internally. 'Cause you got to have it someplace secure. Right and that's one of the things that we look at from our side is we've got to be that as close to unbreakable as we can be. And then when things do break able to figure out exactly what happened as rapidly as possible and then the recovery cycle as well. >> Excellent and I want to finish with you. We just have a few seconds left, but as AJ was talking about this massive evolution and applications, for example when we talk about simplicity and we talk about resiliency and being able to recover when something happens, how did these new technologies that we've been unpacking today? How did these help the admin folks deal with all of the dynamics that are happening today? >> Yeah so I think the biggest the drop, the mic thing we can say right now is that we're delivering 100% tier zero in Vme without data reduction value props on top of it at a cost that undercuts off-prem S3 storage. So if you look at what you can do from an off-prem solution for air gap and from cyber resiliency you can put your data somewhere else. And it's going to take whatever long time to transfer that data back on prem, to read get back to your recover point. But when you work at economics that we're doing right now in the distributed systems, hey, you're DR side, your copies of data do not have to wait for that. Off-prem bandwidth to restore. You can actually literally restore it in place. And you couple that with all of the the technology on the software side that integrates with it I get incremental point in time. Recovery is either it's on the primary side of DRS side, wherever, but the fact that we get to approach this thing from a cost value then by all means I can naturally absorb a lot of the cyber resiliency value in that too. And because it's all getting all the same orchestrated capabilities, regardless of the big, small, medium, all that stuff, it's the same skillsets. And so I don't need to really learn new platforms or new solutions to providing cyber resiliency. It's just part of my day-to-day activity because fundamentally all of us have to wear that cyber resiliency hat. But as, as our job, as a vendor is to make that simple make it cost elegance, and be able to provide a essentially a homogenous solutions overall. So, hey, as your business grows, your risk gets averted on your recovery means also get the thwarted essentially by your incumbent solutions and architecture. So it's pretty cool stuff that we're doing, right. >> It is pretty cool. And I'd say a lot of folks would say, that's the Nirvana but I think the message that the three of you have given in the last 20 minutes or so is that IBM and Brocade together. This is a reality. You guys are a cornucopia of knowledge. Brian, Matt, AJ, thank you so much for joining me on this panel I really enjoyed our conversation. >> Thank you. >> Thank you again Lisa. >> My pleasure. From my guests I'm Lisa Martin. You've been watching this IBM Brocade panel on theCUBE.

>>Hi, everyone. My name is Dan Bonnie and I want to thank the organizers for inviting me to speak. Since I only have 15 >>minutes, I decided to talk about something relatively simple that will hopefully be useful to entity. This is joint work with my students Sabah Eskandarian and Sam Kim. And with Morrissey, this work will appear it, uh, the upcoming Asia crypt and is available on E print if anyone wants this to learn more about what I'm going to talk about, So >>I want to tell you the story >>of storing encrypted data in the cloud. >>So all of us have lots of data, and typically we'd rather not >>store the data on our local machines. But rather we'd like to move the data to the cloud so that the cloud can handle back up in the cloud, can handle access control on this data and allow us to share it with others. However, for some types of data, we'd rather not have the data available in the cloud in the clear. And so what we dio is we encrypt the data before we send it to the cloud, and the customer is the one that's holding the key. So the cloud has cipher text, and the customer is the only one that has the key that could decrypt that data. >>Now, whenever dealing with encrypted data, there is a very common requirements called key rotation. So key rotation refers to the act of taking a cipher text and basically re encrypting it under a different key without changing the underlying data. Okay. And the reason we do that is so that an old key basically >>stops working, right? So we re encrypt the data under a new key, and as a result, the old red key can no longer decrypt the data. So it's a way for us to expire keys so that Onley the new key can decrypt the current data stored in the cloud. Of >>course, when we do this, we have to assume that the cloud actually doesn't store the old cipher text. So we're just going to assume that the cloud deletes the old cipher text, and the only thing the cloud has is on Lee, >>the latest version of the cipher text which can only be decrypted using the latest version of the key. >>So why do we do key rotations. Well, it turns out it's actually quite a good idea for one reason. Like we said, it limits the lifetime of a key. If I give you a key today, you can decrypt the data today. But after I do key rotation on my data, the key that I gave you no longer works. Okay, so it's a way to limit the lifetime of a key. And it's a good idea, for example, in an organization that might have temporary employees. Basically, you might give those temporary employees a key. But once they leave effectively, >>the keys will stop working after the key rotation has been done. >>Not only is it a good idea, it's actually >>a requirement in many standards. So, for example, this requires key rotation, the payment industry and requires periodic he rotation. So it's a fairly common requirement out there. The >>problem is, how do we do key >>rotation when the data is stored in the cloud? Yeah, so there are >>two options that immediately come to mind, but both are problematic. The first option is we can download the entire data >>set onto our client machines. Things could be terabytes or petabytes of data so it's a huge amount of data that we might need to download on to the client >>machine, decrypt it under the old Ke re encrypted under the new key and then upload all >>that data back to the cloud. So that works and it's fine. The only problem is it's very expensive. You have to move the data back and forth in and out of the cloud. The >>other option, of course, is to send the actual old key in the new key to the cloud and then have the cloud re encrypt using the old key and re encrypt, then using the new key. And of course, that also works. >>But it's insecure because now the cloud will get to see your data in the clear. So >>the question is what to do. And it turns out there is a better option, which is called up datable encryption, so obtainable encryption works as follows. What we do is we take our old key and our new key, and we combine them together using some sort of ah kee Reekie generation algorithm. What this algorithm will do is it will generate a short key. That's a combination of the old and new key. We can then send the re encryption key over to the cloud. The cloud can then use this key to encrypt re encrypt the entire data in the cloud. So in doing so, basically, the cloud is able to do the rotation for us. But the hope is that the cloud learns >>nothing about the data in doing that. Okay, so the re encryption key that we send to the cloud should reveal nothing to the cloud about the actual data that's being held in the cloud. So obtainable encryption is relatively old concept. I guess it was first studied in one of our papers back from 2013. There were stronger definitions given in the work of Everest power it all in 2017. And there's been a number of papers studying this this concept since. So >>before we talk about the constructions for available encryption, let me just quickly make >>sure the syntax is clear. Just so we see how this works. So basically there's a key generation algorithm that generates a key from a security parameter. Then, when we encrypt a message using a particular key, we're gonna break the cipher text into a short header and the actual cipher text the hitter and the cipher text gets into the >>cloud. And like I said, this header is going to be short and independent of the message length. Then when we want to do rotation, what we'll do is basically will use the old key in the new key along with the cipher text header to produce what we call >>a re encryption key will denote that by Delta. Okay, so the way this works is we will download the header from the >>Cloud Short header Computer Encryption key, send their encryption key to the cloud, and then the cloud will use the re encrypt algorithm that uses the re encryption key and the old cipher >>text to produce the new cipher text. And then this new cipher text will be stored in the cloud. And again, I repeat, the assumption is that the cloud is gonna erase the old cipher text. It is going to erase the re encryption key that we send to it. >>And finally, at the end of the day, when we want to decrypt the actual cipher text in the cloud, we download >>the cipher text on the cloud we decrypted using the key K and recover the actual message in. >>Okay, So in this new work with my students, we set out to look Atmore efficient constructions for available encryption. So the first thing we did is we realize there's some issues >>with the current security definitions and so we strengthen the security definitions in particular, we strengthen them in a couple of ways, but in particular, we'd like to make sure that the actual cipher text has stored in the cloud doesn't actually revealed a number of key rotations. Yeah, so a rotated cipher text should look indistinguishable from a fresh cipher text. >>But not only that, That actually should also guarantee >>that the number of key rotations is not leaked by from just looking at the cipher text. So generally, we'd like to hide the number of key rotations so that it doesn't reveal private information about what's what's encrypted inside the cipher text. >>But our main goal was to look at more efficient construction. So we looked at two constructions, one based >>on a lattice based key home or fake. Prof. So actually, the main point of this work was actually to study the performance of a lattice based key home or fake prof relative to the existing of datable encryption systems >>and then the other. The other construction we give is what's called a nested. Construction would just uses plain old symmetric encryption. And interestingly, what we show is that in fact, the nested construction is actually the best construction we have as long as the number of key rotations is not too high. Yes, so if we do under 50 re encryptions, just go ahead and use the nested construction basically from symmetric encryption. However, if we do more than 50 key rotations, all of a sudden the lattice >>based construction becomes the best one that we have. >>I want to emphasize here that are our goal for using lattices. That was not to get quantum resistance. We wanted to use lattices just because >>lettuces are fast. Yeah, and so we wanted to gain from the performance of lattice is not from the security that they provide >>eso I guess before I talk about the constructions, I have to quickly just remind you of how >>what what the security model is, what it is we're trying to achieve and I have to say the security model for available encryption is not that easy to explain here, You know, the adversary gets to see lots of keys. He gets to see lots of re encryption keys. He gets to see lots of >>cipher text. So instead of giving you the full definition, I'm just gonna give you kind >>of the intuition for what this definition is trying to achieve. And I'm going to point you to the paper for the details. So >>really, what the definition is trying to say >>is the following settings. Right. So imagine we have a cipher text that's encrypted under a certain key K. At >>some point later on in the future, the cipher text gets re encrypted using a re encryption key Delta. Okay, so now the new cipher text is encrypted under the key K prime. And what we're basically trying to achieve in the definition is to say that well, if the adversary gets to see the old cipher text >>the new cipher text and they re encryption key, then they learn nothing about the message. And they can't harm the integrity of the cipher text. >>Similarly, if they just see the old key and the new >>cipher text. They learn nothing about the message, and they can't harm the integrity of the cipher text. And similarly, if you see an old cipher text in a new key, same thing. Yeah, this is again overly simplified because in reality, the adversary gets to see lots of cipher, text and lots of keys and lots of encryption keys. And there are all these correctness conditions for when he's supposed Thio learn something and whatnot. And so I'm going to defer this to the paper. But this gives you at least the intuition for what the definition is trying to >>achieve. So now let's turn to constructions, so the first construction we'll look >>at it is kind of the classic way to construct available encryption using what's called the key home or fake. Prof. Sochi Home or for Pierre Efs were used by the or Pincus and Rain go back in 99 there were defined in our paper. BLM are back in 2013 the point of the BLM. Our paper was mainly to construct key home or fake pl refs without random oracles. So first, let me explain what Akiyama Murphy pf >>is. So it's basically a Pierre F where we have home amorphous, um, >>relative to the key. So you can see here if I give you the prof under two different keys at the point X, I can add those values and get the PF under the some of the keys at the same point x. Okay, so that's what the key home or fake property lets >>us dio. And so keyhole Norfolk PRS were used to construct a datable encryption schemes. The first thing we show is that, in fact, using keyhole graphic PRS, weaken build an update Abel encryption scheme that satisfies are stronger security definitions. So again, I'm not going to go through this construction. But just to give you intuition for why key Horrific Pff's are useful for update Abel encryption. Let me just say that the re encryption key is gonna be the some of the old key and the new key. And to see why that's useful. Let's imagine we're encrypting >>a message using counter mode so you can see here a message is being encrypted using a P r f applied to a counter, I >>Well, if I give the cloud K one plus K to the cloud >>can evaluate F F K one plus K two at the point I and if we subtract that from the >>cipher text, then by the key home or FIC properties, you'll see that F K one cancels out. And basically we're left with an encryption of them under the ki minus K two. So we were able to transform the cipher text for an encryption under K one to an encryption under minus K two. Yeah, and that's kind of the reason why they're useful. But of course, in reality, the construction >>has many, many more bells and whistles to it to satisfy the security definition. Okay, so >>what do we know about Qihoo? Norfolk? Pff's? Well, the first key home or fake prof is based on the d. D H assumption. And that's just the standards PF from D d H. It's not difficult to see that this >>construction actually is key human Norfolk. >>In this work, we're particularly interested in the keyhole morphing prof that comes from lattices. So our question was, can we optimize the ski home amorphous prof to get a very fast update Abel encryption scheme? And so the answer is yes, we can. And to do that we use the ring learning with error problems. So our goal was really to kind of evaluate obtainable encryption as it applies to lattices. So that's the first construction. The second construction, like I said, is purely based on symmetric encryption, and it's kind of an enhancement of what we call the Trivial Update Abel encryption scheme. So what's the Trivial Update? Abel encryption scheme? Well, basically, we would look at >>a standard encryption where we encrypt the message using some message key. And then we encrypt the message key using the actual client key. These are all symmetric encryptions. The client basically clinic. He would be >>K, and the header would be the message encryption key. Now, when we want to rotate the keys, all we will do is basically we would generate a new message. >>Encryption key will call a K body prime. We'll send that over to the cloud that the >>cloud will encrypt the entire old cipher text under the new key and then encrypt a new key along with the old key under a new clients key, which we call Cape Prime. So what gets sent to the cloud is this K body prime and header prime and the cloud is able to do its operation and re encrypt the old cipher text. The new client key becomes K prime. And of course, we can continue this over and over in kind of an onion like encryption where we keep encrypting the old cipher text under a new message. He The benefit of the scheme, of course, is that it only uses >>symmetric encryption, so it's actually quite fast, so that's pretty good. >>Unfortunately, this is not quite secure. And the reason this is not secure is because the cipher >>text effectively grows with a number of key rotations. So the cipher text actually leaks the number of key rotations, and so it doesn't actually satisfy our definitions. Nevertheless, we're able to give a nest of construction that does satisfy our definitions. So it does hide the number of key rotations. And again, there are lots of details in this constructions. I'm going to point you to the paper for how the nested encryption works. So >>now we get to the main point that I wanted to make, which is >>comparing the different constructions. So let's compare the lattice based construction with a D. D H but its construction and the symmetric nested construction for the DTH based construction. We're going to use the GPRS system just for a comparison point, >>so you can see that for four kilobyte message >>blocks, the lattice based system is about 300 times faster than the D. D H P A system. And the reason we're able to get such a high throughput is, of course, lattices air more efficient but also were able to use the A V X instructions for speed up. And we've also optimized the ring that we're using quite a bit specifically for this purpose. Nevertheless, when we compared to the symmetric system, we see that the symmetric system is still in order of magnitude faster than even a lot of system. And so for encryption and re encryption purposes that the symmetric based system is the fastest that we have. When we go to a larger message blocks 32 kilobyte message blocks, you see that the benefit of the latter system is even greater over the D d H system. But the symmetric system performs even better Now if you think back to how the symmetric system works. It creates many layers of encryption and >>as a result, during decryption, we have to decrypt all these >>layers. So decryption in the symmetric system takes linear time in the number of re encryptions. So you can see this in this graph where the time to decrypt increases linearly with the number of re encryptions, whereas the key home or FIC methods take constant amount of time to decrypt, no matter how many re encryptions there are, the crossover point is about 50 re encryptions, Which is why we said that if in the lifetime of the cipher text we expect fewer than 50 re encryptions, you might as well use the symmetric nested system. But if you're doing frequently encryptions, let's say weekly re encryptions, you might end up with many more than 50 re encryptions, in which case the lattice based key home or fix scheme is the best up datable system we have today. >>So I'm going to stop here. But let me leave you with one open problem if you're interested in questions in this area. So let me say that in our latest based construction, because of the noise that's involved in latest constructions. It turns out we had toe slightly weaken >>our definitions of security to get the security proof to go through. I think it's an interesting problem to see if we can build a lattice based system that's as efficient as the one that we have, but one that satisfies our full security definition. Okay, so I'll stop here, and I'm happy to take any questions. Thank you very much.

(soft music) >> From theCUBE studios in Palo Alto, in Boston, connecting with thought leaders all around the world. This is theCUBE Conversation. >> Hi, I'm Stu Miniman coming to you from our Boston area studio here for a CUBE conversation. Really like when we can dig into help some of the nonprofits in our industry, going to be talking about, training, helping other people lift up their careers. Happy to welcome to the program, first time guests, Jerome Hardaway. He's the founder of vets who code coming down from Nashville, Jerome, I seem to remember a time where I was able to travel. I did some lovely hiking even saw bear last time I was down in Nashville. Thanks so much for joining us. Roger that. Thank you, a funny story. I saw a cow on the loose while driving on the highway yesterday. So not much has changed. (Jerome laughs) Thank you guys for having me. >> Yeah, it is a little bit of strange times here in the Covert area. I live kind of suburban Massachusetts area. One of my neighbors did report a small bear in the area. I'm definitely seeing more than just the usual, what kind of wild turkeys and the like that we get up in New England, but let's talk about Vets Who Code. So, you're the founder, the name doesn't leave much up for us to guess what you do, but tell us a little bit as to the inspiration and the goals of your organization. Roger that, Vets Who Code is the first veteran founded, operated and led, a remote 501 C three that focuses on training veterans regardless where they are and modern age of technologies. Our stack right now, I would say is focused more towards front-end DevOps with a lot of serverless technologies being built-in. And that's pretty much what exactly what we do well. >> Well awesome, I had been loving digging into the serverless ecosystem the last few years. Definitely an exciting area, help us understand a little bit, who comes and joins this? What skill set do they have to have coming in? And explain a little bit the programs that they can offer that they can be part of. >> Yeah, cool. So we run Vets Who Code like a mixture between a tech company or a tech nonprofit, I guess, using those practices while also using military practices as well. And the people that come in are veterans and military spouses. And we try to use what we call a pattern matching practice, showcasing like. Hey, these are the things, he's been in military. This is how it translates to the tech side. Like, our sit reps is what you guys would call stand up. Kanban is what we would call like systems checks and frag orders, Op orders, things like that, or, our SLPs. So we turn around, we just train them, retrain them. So that way they can understand the lingo, understand how things, how you code, move and communicate and make sure that these guys and girls, they know how the work as JavaScript engineers and a serverless community. As of right now, we've helped 252 veterans in 37 States get jobs, our social economic impacts, then I think it's at 17.6 million right now. So it all from the comfort of their homes, that's like the cool and free, and those are like the coolest things that we've been able to do. >> Wow, that's fascinating. Jerome, I heard something that you've talked about, leveraging the military organizational styles. I'm just curious, there's in the coding world a lot of times we talk about Conway's law, which is that the code will end up resembling the look of the organization. And you talk about DevOps, DevOps is all about various organizations collaborating and working together. It seems a little bit different from what I would think of traditional military command and control. So is that anything you've given any thought to? Is there some of the organizational pieces that you need to talk to people about? Moving into these environments compared to what they might've had in the military. >> Negative, I think the biggest misconception that we have is that people, when you're talking about how the military moves, they're thinking of the military of yesteryear of 20, 30, 40 years ago. They're not thinking of global war on terrorism veterans and how we move and things like that. We understand distributed chains. We understand cause we call, that's what we've done at CENTAF and CENTCOM in Iraq and Afghanistan. So we honored, like we are already doing a lot of this stuff, we just naming it different. So that's part of the thing that we have as an advantage as the, cause all the people who are educators, there are veterans who learn how to code and they've been working in industry and they know. And so when they're teaching, they know the entire process that a veteran's going to go through. So that's how now we focus on things. And so the organizational structure for us first term to second term veterans is pretty normal. If you're coming out within the last, heck 10 years. (Jerome laughs) >> Yeah, absolutely. That's wonderful. And I I've had the opportunity to work with plenty of people that had come from the military. Very successful in the tech industry, definitely tend to be hard workers and engaged in what they'r doing. Curious, you talked about being able to do this remotely and then it is free. What's the impact of the current global pandemic? Everything that's happening here in 2020 been on what you're doing in your resources. >> Of the impact, unfortunately, I mean, not unfortunately, fortunately it has been nothing but positive. It's been crazy, we've gotten more applications. We have people are seeing that during, I was the crazy person in the room, when in 2014, when I was saying nonprofits should move to remote first protocols. So that way they could have greater impact for less, with less financial resources. And back then I was the, like what are you talking about? This is the way we've always done. Well now everybody was scrambling to try to figure out how to help people without being in same room with them. We were like, Oh, okay, lt's do today. So we got an influx of people applying, influx of people, sending me, trying to get into our next cohort in August. It's just, the biggest thing that has happened for Vets Who Code is yet, it's been a really positive experience for us, which is really weird to say, but I think it has, my doomsday Murphy's law style of preparing, I assume that anything that can go wrong will go wrong. So I try to prepare for that. So being open source, being serverless, being having everything in a manner to where--in case I was out of the pot, out of the situation, other people operate having this distributed teams, or there are other leaders that can take over and do things. It's all stuff that, I guess I got from the military. So, we were know we were prepared because there was absolutely zero pivot for us. If anything, it has been more resources. We've been able to dive deeper in more subjects because people have had more time, but, we can do, we can dive deeper into AWS. We started a lunch and learn every two weeks. We actually have a lunch and learn next week with Dr. Lee Johnson. And she's going to be talking, we open that to it by all juniors and entry level devs, developers, regardless of whether you're a veteran or not, we just throw it on Twitter and let them get in. And the focus will be on tech ethics. We all know, right now we've been leading the charge on trying to make sure people are supercharging their skills during this time frame. So that's what, it's been very positive. I've been working with magazine, front-end masters. It's been awesome. >> Well, that's wonderful. Wish everyone had the mindset coming into 2020, because it does seem that anything that could go wrong has, (both laugh) I'm curious, once people have skilled up and they've gone through the program, what connections do you have with industry? How do you help with job placement in that sort of activity? >> That is the most asked question, because that is the thing that people expect because of code schools, because of our educational program protocols. We don't really need that issue because our veterans are skilled enough to where to hiring managers know the quality that we produce. I live in Nashville and I've only been able to place one veteran that I've trained locally in the community because of fame companies have snatched up every other veteran I've ever trained in the community, so things like that, it's not a problem because no, a usually 80% of our veterans have jobs before they even graduate. So you're literally picking up, picking people who, they know they have the potential to get a bit companies if they put the work in and it's just as they come, we actually have people. I think a company reached out to me yesterday and I was like, I don't even have people for you. They already have jobs. (jerome laughs) Or I'm in a situation now where all my senior devs are looking for fame companies. Cause that's one of the things we do is that we support our veterans from reentry to retirement. So we're not like other code schools where they only focus on that 30 to 60 to 90 days, so that first job, our veterans, they keep coming back to re-skill, get more skills, come up to the lunch and learns, come to our Slack side chats to become better programmers. And once they're, so we've helped several of our programmers go from entry-level dev to senior dev, from absolutely zero experience. And so, I think that's the most rewarding thing. When you see a person who they came in knowing nothing. And three years later, like after the cohort safe they got their job and then they come back after they got the jobs, they want to get more skills and they get another job and then they come back. And the next thing, my favorite, one of my favorites Schuster, he starts at a local web shop, a web dev shop in Savannah, Georgia. And then next thing, oh, he's on Amazon, he's at Amazon three years later and you're like, Oh wow, we did that, that's awesome. So that's the path that we do is awesome. >> I'm curious, are there certain skill sets that you see in more need than other? And I'm also curious, do you recommend, or do you help people along with certain certifications? Thinking, the cloud certifications definitely have been on the rise, the last couple years. >> I feel like the cloud, the cloud certifications have been on the rise because it's expensive to like test for that stuff. If a person messes up, unless you have a very dedicated environment to where they can't mess up, they can cost you a lot of money, right? So you want that certain, right? But for us, it's been, we just focused on what we like to call front-end DevOps. We focus on Jamstack, which is JavaScript, APIs and markup, also along with a lot of serverless. So we're using AWS, we're using, also they're, they're learning Lambda functions, all this stuff. We're using a query language called GraphQL. We're using Apollo with that query language. We're using some node, React, GET, Speed. And a lot of third party API has to do like a lot of heavy lifting cause we believe that the deeper dive that a person has in a language and being able to manipulate and utilize APIs that they can, the better they will be, Right? So, same way that colleges do it, but a more modern take like colleges, they give you the most painful language to learn, which is usually like C right? Where you had to make everything a very low-level language. And then you're going through this process of building. And because of that, other languages are easier because you felt the pain points. We do the same thing, but with JavaScript, because it's the most accessible, painful language on earth, that's what I called it with Wire magazine last year anyway. (jerome laughs) >> So Jerome, you've laid out how you you're well organized. You're lean and financially, making sure that things are done responsibly. We want to give you the opportunity though. What's the call to action? Vets Who Code, you're looking for more people to participate. Is it sponsorships? Work in the community, look to engage. >> Roger that, we are looking for two things. One, we're always looking for people to help support us. We're open source, we're on GitHub sponsors. Like the people who we we're up, we're open source. But the people that do most of our tickets are the students themselves. So that's one of the best things about us. there is no better move, feeling that having something in production that works, right? It actually does something right? Like, Oh, this actually helps people, right? So we help have our veterans like actually pull tickets and do things like that. But, we also, we build, we're building out teams that they're on all the time as well. We have our new tutorials team or veterans. They literally built front facing tutorials for people on the outside. So that way they can learn little skills as we also have podcasts team and they're always podcasting, always interviewing people that in community, from our mentors to our students, to our alumni. And so just, let's throw our podcasts on Spotify. Let's do some codes, the best Code podcast and sponsor song get up. >> Wonderful, Jerome. We want to give you the final word. you're very passionate. You've got a lot interested, loved hearing about some of the skill sets that you're helping others with. What's exciting you these days? What kind of things are you digging into, beyond Vets Who Code? >> Oh man, everything serverless dude. As a front-end, as a person who was full stack and move to front-end. This has never been a more exciting time to learn how to code because there's so many serverless technologies and is leveling the playing field for front-end engineers, just knowing a little bit of like server-side code and having DevOp skills and being able to work in a CLI, you can do like Jamstack and the people that are using it. You have Nike, you have governments. It's just, it's such an exciting time to be a front-end. So I'm just like, and just seeing also how people are like really turning towards wanting their data more open source. So that's another thing that's really exciting for me. I've never been a person that was very highbrow when it came to talking about code. I felt like that was kind of boring, but seeing how, when it comes to like how code is actually helping normal, average everyday people and how the culture as a whole is starting to get more hip to how, API is like our running the world and how tech is being leveraged for. And it gets them, I'm on fire with these conversations, so I try to contain it cause I don't want to scare anyone on TV, but we could talk like, we could talk hours of that stuff. Love it. >> Well, Jerome, thank you so much for sharing with our community, everything you're doing and wonderful activity Vets Who Code, definitely call out to the community, make sure check it out, support it. If you can and tie so much in Jerome, I've got a regular series I do called Cloud Native Insights that are poking at some of those areas that you were talking about serverless and some of the emerging areas. So Jerome, thanks so much for joining, pleasure having you on the program. >> Roger that, thank you for having me. >> All right. Be sure to check out thecube.net for all of the videos that we have as well as Siliconangle.com for the news an6d the writeups, what we do. I'm Stu Miniman and thank you for watching theCUBE. (soft music)