(soft music) >> There are many constants in the storage business, relentlessly declining cost per bit, innovations that perpetually battled the laws of physics, a seemingly endless flow of venture capital, despite the intense competition. And there's one other constant in the storage business, Eric Hertzog, and he joins us today in this CUBE video exclusive to talk about IBM's recent storage announcements. Eric, welcome back to theCUBE. >> Great, Dave, thanks very much, we love being on theCUBE and you guys do a great job of informing the industry about what's going on in storage and IT in general. >> Well, thank you for that. >> Great job. >> We're going to cover a lot of ground today. IBM Storage, made a number of announcements the past month around data resilience, a new as-a-service model, which a lot of folks are doing in the industry, you've made performance enhancements. Can you give us the top line summary of the hard news, Eric? >> Sure, the top line summary is of course cyber security is on top of mind for everybody in the recent Fortune 500 list that came out, you probably saw, there was a survey of CEOs of Fortune 500 companies, they named cybersecurity as their number one concern, not war, not pandemic, but cybersecurity. So we've got an announcement around data resilience and cyber resiliency built on our FlashSystem family with our new offering, Safeguarded Copy. And the second thing is the move to a new method of storage consumption. Storage-as-a-Service, a pay-as-you-go model, cloud-like the way people buy cloud storage, that's what you can do now from IBM Storage with our Storage-as-a-Service. Those are the key, two takeaways, Dave. >> Yeah and I want to stay on the trends that we're seeing in cyber for a moment, the work from home pivot in the hybrid work approach has really created a new exposures, people aren't as secure outside of the walled garden of the offices and we've seen a dramatic escalation in the adversaries capabilities and techniques, another least of which is island hopping, in other words, putting code fragments in the digital supply chain, they reform once they're inside the company and it's almost like this organic creepy thing that occurs. They're also living as you know, stealthily for many, many months, sometimes years, exfiltrating data, and then just waiting and then when companies respond, the incidents response trigger a ransomware incident. So they escalate the cyber crime and it's just a really, really bad situation for victims. What are you seeing in that regard and the trends? >> Well, one of the key things we see as everyone is very concerned about cybersecurity. The Biden administration has issued (indistinct) not only to the government sector, but to the private sector, cyber security is a big issue. Other governments across the world have done the same thing. So at IBM Storage, what we see is taking a comprehensive view. Many people think that cybersecurity is moat with the alligators, the castle wall and then of course the sheriff of Nottingham to catch the bad guys. And we know the sheriff of Nottingham doesn't do a good job of catching Robin Hood. So it takes a while as you just pointed out, sitting there for months or even longer. So one of the key things you need to do in an overall cybersecurity strategy is don't forget storage. Now our announcement around Safeguarded Copy is very much about rapid recovery after an attack for malware or ransomware. We have a much broader set of cyber security technology inside of IBM Storage. For example, with our FlashSystem family, we can encrypt data at rest with no performance penalty. So if someone steals that data, guess what? It's encrypted. We can do anomalous pattern detection with our backup product, Spectrum Protect Plus, why would you care? Well, if theCUBE's backup was taking two hours on particular datasets and all of a sudden it was taking four hours, Hmm maybe someone is encrypting those backup data sets. And so we notify. So what we believe at IBM is that an overarching cybersecurity strategy has to keep the bad guys out, threat detection, anomalous pattern behavior on the network, on the servers, on the storage and all of that, chasing the bad guy down once they breach the wall, 'cause that does happen, but if you don't have cyber and data resilience built into your storage technology, you are leaving a gap that the bad guys can explain, whether that be the malware ransomware guys oh by the way, Dave, there still is internal IT theft that there was a case about 10 years ago now where 10 IT guys stole $175 million. I kid you not, $175 million from a bunch of large banks across the country, and that was an internal IT theft. So between the internal IT issues that could approach you malware and ransomware, a comprehensive cybersecurity strategy, must include storage. >> So I want to ask you about come back to Safeguarded Copy and you mentioned some features and capabilities, encrypting data at rest, your anomalous pattern recognition inferring, you're taking a holistic approach, but of course you've got a storage centricity, what's different about your cyber solution? What's your unique value probability to your (indistinct) . >> Well, when you look at Safeguarded Copy, what it does is it creates immutable copies that are logically air-gapped, but logically air-gapped locally. So what that means is if you have a malware or ransomware attack and you need to do a recovery, whether it be a surgical recovery or a full-on recovery, because they attacked everything, then we can do recovery in a couple hours versus a couple of days or a couple of weeks. Now, in addition to the logical local air-gapping with Safeguarded Copy, you also could do remote logical air-gapping by snapping out to the cloud, which we also have on our FlashSystem products and you also of course, could take our FlashSystem products and back up to tape, giving you a physical air gap. In short, we give our customers three different ways to help with malware and ransomware. >> Let me ask you- >> Are air-gapped locally. >> Yeah, please continue, I'm sorry. >> So our air-gapping locally for rapid recovery, air-gapping remotely, which again, then puts it on the cloud provider network, so hopefully they can't breach that. And then clearly a physical air gap going out to tape all three and on the mainframe, we have Safeguarded Copy already, Dave and several of our mainframe customers actually do two of those things, they'll do Safeguarded Copy or rapid recovery locally, but they'll also take that Safeguarded Copy and either put it out to tape or put it out to a cloud provider with a remote logical air-gap using a snapshot. >> I want to ask you a question about management 'cause when you ask CSOs, what's your number one challenge, they'll say lack of talent, We've got all these tools and all this lack of skills to really do all this stuff. Can't hire people fast enough and they don't have the skills. So when you think about it, and so what you do is you bring a lot of automation into the orchestration and management. My question is this, when you set up air gaps, do you recommend, or what do you see in terms of not, of logically and physically not only physically separating the data, but also the management and orchestration and automation does that have to be logically air-gapped as well or can you use the same management system? What's best practice there? >> Ah, so what we do is we work with our copy management software, which will manage regular copies as well, but Safeguarded Copies are immutable. You can't write to them, you can't get rid of them and they're logically air-gapped from the local hosts. So the hosts, for the Safeguarded Copies that immutable copy, you just made, the hosts don't even know that it's there. So you manage that with our copy management software, which by the way, we'll manage regular snapshots and replicas as well, but what that allows you to do is allows you to automate, for example, you can automate recovery across multiple FlashSystem arrays, the copy services manager will allow you to set different parameters for different Safeguarded Copies. So a certain Safeguarded Copy, you could say, make me a copy every four hours. And then on another volume on a different data set, you could say, make me a copy every 12 hours. Once you set all that stuff update, it's completely automated, completely automated. >> So, I want to come back to something you mentioned about anomalous pattern recognition and how you help with threat detection. So a couple of a couple of quick multi-part question here. First of all, the backup corpus is an obvious target. So that's an area that you have to protect. And so can, and you're saying, you've used the example if your backups taking too long, but so how do you do that? What's the technology behind that? And then can you go beyond, should you go beyond just the backup corpus, with primary data or copies on-prem, et cetera? Two part questions. >> So when we look at it, the anomalous pattern detection is part of our backup software, say Spectrum Protect and what it does it uses AI-based technology, it recognizes a pattern. So it knows that the backup dataset for the queue takes two hours and it recognizes that, and it sees that as the normal state of events. So if all of a sudden that backup that theCUBE was doing used to take two hours and starts taking four, what it does is that's an anomalous pattern, it's not a normal pattern. It'll send a note to the backup admin, the storage admin, whoever you designate it to and say the backup data set for theCUBE that used to take two hours, it's taken four hours, you probably ought to check that. So when we view cyber resiliency from a storage perspective, it's broad. We just talked about anomalous pattern detection in Spectrum Protect. We were talking most of the conversation about our Safeguarded Copy, which is available on the mainframe for several years and is now available on FlashSystems, making immutable local air-gap copies, that can be rapidly recovered and are immutable and can help you recover for a malware or ransomware attack. Our data at rest encryption happens to be with no performance penalty. So when you look at it, you need to create an overarching strategy for cybersecurity and then when you look at your storage estate, you need to look at your secondary storage, backup, replicas, snaps, archive, and have a strategy there to protect that and then you need a strategy to protect your primary storage, which would be things like Safeguarded Copy and encryption. So then you put it all together and in fact, Dave, one of the things we offer is a free cyber resilience assessment. It's not only for IBM Storage, but it happens to be a cyber resilience assessment that conforms to the NIST Framework and it's heterogeneous. So if you're a big company, you've got IBM EMC and HP Storage, guess what? It's all about the data sets not about the storage. So we say, you said these 10 data sets are critical, why are you not encrypting them? These data sets are XYZ, why are you not air-gapping them? So we come up based on the NIST Framework, a set of recommendations that are not IBM specific, but they are storage specific. Here's how you make your storage more resilient, both your secondary storage and your primary storage. That's how we see the big thing and Safeguarded Copy of course fits in on the primary storage side, A on the mainframe, which we've had for several years now and B in the Linux world, the Unix world and the Windows Server world on our FlashSystem portfolio with the announcement we did on July 20th. >> Great, thank you for painting that picture. Eric, are you seeing any use case patterns emerge in this space? >> Well, we see a couple of things. First of all, is A most resellers and most end-users, don't see storage an overarching part of the cybersecurity strategy, and that's starting to change. Second thing we're seeing is more and more storage companies are trying to get into this bailiwick of offering cyber and data resilience. The value IBM brings of course is much longer experience to that and we even integrate with other products. So for example, IBM offers a product called QRadar from the security divisions not a storage product, a security product, and it helps you with early data breach recognition. So it looks at servers, network access, it looks at the storage and it actually integrates now with our Safeguarded Copy. So, part of the value that we bring is this overarching strategy of a comprehensive data and cyber resilience across our whole portfolio, including Safeguarded Copy our July 20th announcement. But also integration beyond storage now with our QRadar product from IBM security division. And there will be future announcements coming in both Q4 and Q1 of additional integration with other security technologies, so you can see how storage can be a vital COD in the corporate cybersecurity strategy. >> Got it, thank you. Let's pivot to the, as-a-service it's, cloud obviously is brought in that as-a-service. Now, it seems like everybody has one now. You guys have announced obviously HPE, Dell, Lenovo, Cisco, Pure, everybody's gotten out there as-a-service model, what do we need to know about your as-a-service solution and why is it different from the others? >> Sure. Well, one of the big differences is we actually go on actual storage, not effective. So when you look at effective storage, which most of them do that includes creating the (indistinct) data sets and other things, so you're basically paying for that. Second thing we do is we have a bigger margin. So for example, if theCUBE says we want SLA-3 and we sell it by the SLA, Dave, SLA-1, two and three. So let's say theCUBE needs SLA-3 and the minimum capacity is a 100 terabytes, but let's say you think you need 300 terabytes. No problem. You also have a variable. One of the key differences is unlike many of our competitors, the rate for the base and the rate for the variable are identical. Several of our competitors, when you're in the base, you pay a certain amount, when you go into the variable, they charge you a premium. The other key differentiator is around data reduction. Some of our competitors and all storage companies have data reduction technology. Block-level D do thin provisioning, compression, we all offer those features. The difference is with IBM's pay-as-you-grow, Storage-as-a-Service model, if you have certain data sets that are not very deducible, not very compressible, we absorbed that with our competitors, most of them, if the dataset is not easily deducible, compressible, and they don't see the value, they actually charge you a premium for that. So that is a huge difference. And then the last big difference is our a 100% availability guarantee. We have that on our FlashSystem product line, we're the only one offering 100% availability guarantee. We also against many of the competitors offer a better base nines, as you know, availability characteristics. We offer six nines of availability, which is five minutes and 26 seconds of downtime and a 100% availability of offering. Some of our competitors only offer four nines of availability and if you want five or six, they charge you extra. We give you six nines base in which has only five minutes and change of downtime in a year. So those are the key difference between us and the other as-a-service models out there. >> So, the basic concept I think, is if you commit to more and buy more, you pay less per. I mean, that's the basic philosophy of these things, right? So, if- >> Yes. >> I commit to you X, let's say, I want to just sort of start small and I commit to you to X and great. I'm in now in, maybe I sign up for a multi-year term, I commit this much, whatever, a 100 terabytes or whatever the minimum is. And then I can say, Hey, you know what? This is working for me. The CFO likes it and the IT guys can provision more seamlessly, we got our chargeback or showback model goes, I want to now make a bigger commitment and I can, and I want to sort of, can I break my three-year term and come back and then renegotiate, kind of like reserved instances, maybe bigger and pay less? How do you approach that? >> Well, what you do is we do a couple of things. First of all, you could always add additional capacity, and you just call up. We assign a technical account manager to every account. So in addition to what you get from the regular sales team and what you get from our value business partners, by the way, we did factor in the business partners, Dave, into this, so business partners will have a great pay-as-you-go Storage-as-a-Service solution, that includes partners and their ability to leverage. In fact, several of our partners that do have both MSP and MHP businesses are working right now to leverage our Storage-as-a-Service, and then add on their own value with their own MSP and MHP capability. >> And they can white label that? Is that right or? >> Well, you'd still have Storage-as-a-Service from IBM. They would resell that to theCUBE and then they'd add in their own MHP or MSP. >> Got it. >> That said partners interested in doing a white label, we would certainly entertain that capability. >> Got it. I interrupted you, carry on please. >> Yeah, you can go ahead and add more capacity, not a problem. You also can change the SLA. So theCUBE, one of the leading an industry analyst firms, you bought every analyst firm in the world, and you're using IBM Storage-as-a-Service, pay-as-you-go cloud-like model. So what you do is you call up the technical account manager and say, Eric, we bought all these other companies they're using on-prem storage, we'd like to move to Storage-as-a-Service for all the companies we acquire. We can do that, so that would up your capacity. And then you could say, now we've been at SLA-2, but because we're adding all these new applications of workloads from our acquired companies, we want some of it to be at SLA-1. So we can have some of your workloads on SLA-2, others on SLA-1, you could switch everything to SLA-1, and you just call your technical account manager and they'll make that happen for you or your business partner, obviously, if you bought through the channel. >> I get it, the hard question is what if all those other companies theCUBE acquired are also IBM Storage-as-a-Service customers? Can I, what's that discussion like? Hey, can I consolidate those and get a better deal? >> Yeah, there are all Storage-as-a-Service customers and Dave I love that thought, we would just figure out a way to consolidate the agreement. The agreements are one through five years. What I think also that's very unique is let's say for whatever reason, and we all love finance people. Let's say the IT guys have called the finance and say, we did a one-year contract, we now like to do a three-year contract. The one year is coming up and guess what? Finance's delayed for whatever reason, the PO doesn't go through. So the ITI calls up the technical account manager, we love your service, it's delayed in finance. We will let them stay on their Storage-as-a-Service, even though they don't have a contract. Now, of course they've told us they want to do one, but if they exceed the contract by a quarter or two, because they can't get the finance guys are messing with the IT guys, that's fine. What the key differentiators? Exactly the same price. Several of our competitors will also extend without a contract, but until you do a contract, they charge you a premium, we do not, whatever, if you're an SLA-3, you're SLA-3, we'll extend you and no big deal. And then you do your contract, when the finance guys get their act together and you're ready to go. So that is something we can do and we'll do on a continual basis. >> Last question. Let's go way out. So, we're not doing any time, near-term forecasts, I'm trying to understand how popular you think as-a-service is going to be. I mean, if you think about the end of the decade, let's think industry total, IBM specific, how popular do you think as-a-service models will be? Do you think it will be the majority of the transacted business or it's kind of more of a, just one of many? >> So I think there will be many, some people will still have bare metal on-premises. Some people will still do virtualization on-premises or in a hybrid cloud configuration. What I do think though is Storage-as-a-Service will be over 50% by the end. Remember, we're sitting at 2021. So we're talking now 2029. >> Right. >> So I think Storage-as-a-Service will be over 50%. I think most of that Storage-as-a-Service will be in a hybrid cloud model. I think the days of a 100% cloud, which is the way it started. I think a lot of people realize that a 100% cloud actually is more expensive than a hybrid cloud or fully on-prem. I was at a major university in New York, they are in the healthcare space and I know their CIO from one of my past lives. I was talking to him, they did a full on analysis of all the cloud providers going a 100% cloud. And their analysis showed that a 100% cloud, particularly for highly transactional workloads was 50% more expensive than buying it, paying the maintenance and paying their employees. So we did an all in view. So what I think it's going to be is Storage-as-a-Service will be over 50%. I think most of that Storage-as-a-Service will be in a hybrid cloud configuration with storage on-prem or in a colo, like what our IBM pay-as-you-go service will do and then it will be accessed and available through a hybrid cloud configuration with IBM Cloud, Google, Amazon as or whoever the cloud provider is. So I do think that you're looking at over 50% of the storage being as-a-service, but I do think the bulk of that as-a-service will be as-a-service through someone like IBM or our competitors and then part of it will be from the cloud providers. But I do think you're going to see a mix because right now the expense of going a 100% cloud cloud storage is dramatically understated and when someone does an analysis like that major university in New York did, they had a guy from finance, help them do the analysis and it was 50% more expensive than doing on-premise either on-prem or on-prem as-a-service, both were way cheaper. >> But you own the asset, right? >> Yes. >> As-a-service model. >> We, right, we own the asset. >> And I would bet, >> I would bet that over the lifetime value of the spend and it as-a-service model, just like the cloud, if you do this with IBM or any of your competitors, I would bet that overall you're going to spend more just like you've seen in the cloud, but you get the benefit is the flexibility that you get. >> Yeah, yeah. If you compare it to the, so obviously the number one model would be to buy. That's probably going to be the least expensive. >> Right. >> But it's also the least flexible. Then you also have leasing, more flexibility, but leasing usually is more expensive. Just like when you lease your car, if you add up all the lease payments and then you, at the end, pay that balloon payment to buy, it's cheaper to buy the car up front than it is to lease a car. Same thing with any IT asset, now storage network servers, all are available on leasing, the net is at the bottom line, that's more than buying it upfront. And then Storage-as-a-Service will also be more expensive than buying it, my friend, but ultimate capability, altering SLAs, adding new capacity, being able to handle an app very quickly. We can provision the storage, as you mentioned, the IT guys can easily provision. We provision, the storage in 10 minutes, if you bought from IBM Storage or any competitor you bought and you need more storage, A you got to put a PO through your system and if you're not theCUBE, but you're a giant global Fortune 500, sometimes it takes weeks to get the PO done. Then the PO has to go to the business partner, the business partner has got to give a PO to the distributor and a PO to IBM. So it can take you weeks to actually get the additional storage that you need. With Storage-as-a-Service from IBM with our pay-as-you-go, cloud-like model, all you have to do is provision and you're done. And by the way, we provide a 50% overage for free. So if they end up needing more storage, that 50% is actually sitting on-prem already and if they get to 75% utilization of the total amount of storage, we then call them up, the technical account manager would call them up and their business partner and say, Dave, do you know that you guys are at 75% full? We'd like to come add some additional storage to get you back down to a 50% margin. And by the way, most of our competitors only do a 25% margin. So again, another differentiator for IBM Storage-as-a-Service. >> What about, I said, last question, but I have another question. What about day one? Like how long does it take, if I want to start fresh with as-a-service? >> Get it. >> How long does it take to get up and running? >> Basically you put the PO through, whatever it takes on your side or through your business partner, we then we'll sign the technical account manager, will call you up because you need to tell us, do you want to, in a colo facility that you're working with or do you want to put it on on-prem? And then once we do that, we just schedule a time for your IT guys do the install. So, probably two weeks. >> Yeah. >> It all depends because you've got to call back and say, Eric, we'd like it at our colo partner, our colo partners, ABC, we got to call ABC and then get back to you or on-prem , we're going to have guys in the office, a good day when it's not going to be too busy. Could you come two weeks from Thursday? Which now would be three weeks for sake of argument. But that would be, we interface with the customer, with the technical account manager to do it on your schedule on your time, whether you do it in your own facility or use a colo provider. >> Yeah, but once you tell, once I tell you, once we get through all that stuff, it's two weeks from when that's all agreed. >> Yeah. >> It's like the Xerox copier salesman, (Dave chuckles) Where are you going to put it? Once you decide where you're going to put it, then it's a couple of weeks. It's not a month or two months or yeah. >> Yeah, it's not. And we need additional capacity, remember there's a 50% margin sitting there. So if you need to go into the variable and use it, and when we hit a 75%, we actually track it with our storage insights pro. So we'll call you up and say, Dave, you're at 76%. We'd like to add more storage to give you better margin of extra storage and you would say, great, when can we do it? So, yeah, we're proactive about that to make sure that you stay at that 50% margin. Again, our competitors, all do only have 25% margin. So we're giving you that better margin, a larger margin in case you really have a high capacity demand for that quarter and we proactively will call you up, if we think you need more based on monitoring your storage usage. >> Great. Eric got to go, thank you so much for taking us through that great detail, I really appreciate it. Always good to see you. >> Great, thanks Dave, really appreciate it. >> Alright, thank you for watching this CUBE conversation, this is Dave Vellante and we'll see you next time. (soft music)

(bright music) >> Welcome back to HPE Discover 2021. My name is Dave Vellante and you're watching theCUBE's virtual coverage of Discover. We're going to dig into the most pressing topic, not only for IT, but entire organizations. And that's cyber security. With me is Sunil James, senior director of security engineering at Hewlett Packard Enterprise. Sunil, welcome to theCUBE. Come on in. >> Dave, thank you for having me. I appreciate it. >> Hey, you talked about project Aurora today. Tell us about project Aurora, what is that? >> So I'm glad you asked. Project Aurora is a new framework that we're working on that attempts to provide the underpinnings for Zero Trust architectures inside of everything that we build at HPE. Zero Trust is a way of providing a mechanism for enterprises to allow for everything in their enterprise, whether it's a server, a human, or anything in between, to be verified and attested to before they're allowed to access or transact in certain ways. That's what we announced today. >> Well, so in response to a spate of damaging cyber attacks last month, President Biden issued an executive order designed to improve the United States' security posture. And in that order, he essentially issued a Zero Trust mandate. You know, it's interesting, Sunil. Zero Trust has gone from a buzzword to a critical part of a security strategy. So in thinking about a Zero Trust architecture, how do you think about that, and how does project Aurora fit in? >> Yeah, so Zero Trust architecture, as a concept, has been around for quite some time now. And over the last few years, we've seen many a company attempting to provide technologies that they purport to be Zero Trust. Zero Trust is a framework. It's not one technology, it's not one tool, it's not one product. It is an entire framework of thinking and applying cybersecurity principles to everything that we just talked about beforehand. Project Aurora, as I said beforehand, is designed to provide a way for ourselves and our customers to be able to measure, attest, and verify every single piece of technology that we sell to them. Whether it's a server or everything else in between. Now, we've got a long way to go before we're able to cover everything that HPE sells. But for us, these capabilities are the root of Zero Trust architectures. You need to be able to, at any given moment's notice, verify, measure, and attest, and this is what we're doing with project Aurora. >> So you founded a company called Scytale and sold that to HPE last year. And my understanding is you were really the driving force behind the secure production identity framework, but you said Zero Trust is really a framework. That's an open source project. Maybe you can explain what that is. I mean, people talk about the NIST Framework for cybersecurity. How does that relate? Why is this important and how does Aurora fit into it? >> Yeah, so that's a good question. The NIST Framework is a broader framework for cybersecurity that couples and covers many aspects of thinking about the security posture of an enterprise, whether it's network security, host based intrusion detection capabilities, incident response, things of that sort. SPIFFE, which you're referring to, Secure Production Identity Framework For Everyone, is an open source framework and technology base that we did work on when I was the CEO of Scytale, that was designed to provide a platform agnostic way to assign identity to anything that runs in a network. And so think about yourself or myself. We have identities in our back pocket, driver's license, passports, things of that sort. They provide a unique assertion of who we are, and what we're allowed to do. That does not exist in the world of software. And what SPIFFE does is it provides that mechanism so that you can actually use frameworks like project Aurora that can verify the underpinning infrastructure on top of which software workloads run to be able to verify those SPIFFE identities even better than before. >> Is the intent to productize this capability, you know, within this framework? How do you approach this from HPE's standpoint? >> So SPIFFE and SPIRE will and always will be, as far as I'm concerned, remain an open source project held by the Cloud Native Computing Foundation. It's for the world, all right. And we want that to be the case because we think that more of our Enterprise customers are not living in the world of one vendor or two vendors. They have multiple vendors. And so we need to give them the tools and the flexibility to be able to allow for open source capabilities like SPIFFE and SPIRE to provide a way for them to assign these identities and assign policies and control, regardless of the infrastructure choices they make today or tomorrow. HPE recognizes that this is a key differentiating capability for our customers. And our goal is to be able to look at our offerings that power the next generation of workloads. Kubernetes instances, containers, serverless, and anything that comes after that. And our responsibility is to say, "How can we actually take what we have and be able to provide those kinds of assertions, those underpinnings for Zero Trust that are going to be necessary to distribute those identities to those workloads, and to do so in a scalable, effective, and automated manner?" Which is one of the most important things that project Aurora does. >> So a lot of companies, Sunil, will set up a security division. But is the HPE strategy to essentially embed security across its entire portfolio? How should we think about HPE strategy in cyber? >> Yeah, so it's a great question. HPE has a long history in security and other domains, networking, and servers, and storage, and beyond. The way we think about what we're building with project Aurora, this is plumbing. This is plumbing that must be in everything we build. Customers don't buy one product from us and they think it's one company, and something else from us, and they think it's another company. They're buying HPE products. And our goal with project Aurora is to ensure that this plumbing is widely and uniformly distributed and made available. So whether you're buying an Aruba device, a Primera storage device, or a ProLiant server, project Aurora's capabilities are going to provide a consistent way to do the things that I've mentioned beforehand to allow for those Zero Trust architectures to become real. >> So, as I alluded to President Biden's executive order previously. I mean, you're a security practitioner, you're an expert in this area. It just seems as though, and I'd love to get your comments on this. I mean, the adversaries are well-funded, you know, they're either organized crime, they're nation states. They're extracting a lot of very valuable information, they're monetizing that. You've seen things like ransomware as a service now. So any knucklehead can be in the ransomware business. So it's just this endless escalation game. How do you see the industry approaching this? What needs to happen? So obviously I like what you're saying about the plumbing. You're not trying to attack this with a bunch of point tools, which is part of the problem. How do you see the industry coming together to solve this problem? >> Yeah. If you operate in the world of security, you have to operate from the standpoint of humility. And the reason why you have to operate from a standpoint of humility is because the attack landscape is constantly changing. The things, and tools, and investments, and techniques that you thought were going to thwart an attacker today, they're quickly outdated within a week, a month, a quarter, whatever it might be. And so you have to be able to consistently and continuously evolve and adapt towards what customers are facing on any given moment's notice. I think to be able to, as an industry, tackle these issues more and moreso, you need to be able to have all of us start to abide, not abide, but start to adopt these open-source patterns. We recognize that every company, HPE included, is here to serve customers and to make money for its shareholders as well. But in order for us to do that, we have to also recognize that they've got other technologies in their infrastructure as well. And so it's our belief, it's my belief, that allowing for us to support open standards with SPIFFE and SPIRE, and perhaps with some of the aspects of what we're doing with project Aurora, I think allows for other people to be able to kind of deliver the same underpinning capabilities, the plumbing, if you will, regardless of whether it's an HPE product or something else along those lines as well. We need more of that generally across our industry, and I think we're far from it. >> I mean, this sounds like a war. I mean, it's more than a battle, it's a war that actually is never going to end. And I don't think there is an end in sight. And you hear CESOs talk about the shortage of talent, they're getting inundated with point products and tools, and then that just creates more technical debt. It's been interesting to watch. Interesting maybe is not the right word. But the pivot to Zero Trust, endpoint security, cloud security, and the exposure that we've now seen as a result of the pandemic was sort of rushed. And then of course, we've seen, you know, the adversaries really take advantage of that. So, I mean what you're describing is this ongoing never-ending battle, isn't it? >> Yeah, yeah, no, it's going to be ongoing. And by the way, Zero Trust is not the end state, right? I mean, there was things that we called the final nail in the coffin five years ago, 10 years ago, and yet the attackers persevered. And that's because there's a lot of innovation out there. There's a lot of infrastructure moving to dynamic architectures like cloud and others that are going to be poorly configured, and are going to not have necessarily the best and brightest providing security around them. So we have to remain vigilant. We have to work as hard as we can to help customers deploy Zero Trust architectures. But we have to be thinking about what's next. We have to be watching, studying, and evolving to be able to prepare ourselves, to be able to go after whatever the next capabilities are. >> What I like about what you're saying is, you're right. You have to have humility. I don't want to say, I mean, it's hard because I do feel like a lot of times the vendor community says, "Okay, we have the answer," to your point. "Okay, we have a Zero Trust solution." Or, "We have a solution." And there is no silver bullet in this game. And I think what I'm hearing from you is, look we're providing infrastructure, plumbing, the substrate, but it's an open system. It's got to evolve. And the thing you didn't say, but I'd love your thoughts on this is we've got to collaborate with somebody you might think is your competitor. 'Cause they're the good guys. >> Yeah. Our customers don't care that we're competitors with anybody. They care that we're helping them solve their problems for their business. So our responsibility is to figure out what we need to do to work together to provide the basic capabilities that allow for our customers to remain in business, right? If cybersecurity issues plague any of our customers that doesn't affect just HPE, that affects all of the companies that are serving that customer. And so, I think we have a shared responsibility to be able to protect our customers. >> And you've been in cyber for much, if not most of your career, right? >> Correct. >> So I got to ask you, did you have a superhero when you were a kid? Did you have a sort of a, you know, save the world thing going? >> Did I have a, you know, I didn't have a save the world thing going, but I had, I had two parents that cared for the world in many, many ways. They were both in the world of healthcare. And so everyday I saw them taking care of other people. And I think that probably rubbed off in some of the decisions that I make too. >> Well it's awesome. You're doing great work, really appreciate you coming on theCUBE, and thank you so much for your insights. >> I appreciate that, thanks. >> And thank you for being with us for our ongoing coverage of HPE Discover 21. This is Dave Vellante. You're watching theCUBE. The leader in digital tech coverage. We'll be right back. (bright music)

>> Live from Bahrain, it's theCUBE. Covering AWS Summit, Bahrain. Brought to you by Amazon Web Services. >> Welcome back everyone, we're here live in Bahrain, for exclusive Amazon coverage. It's theCUBE's first time in the region, we're excited to be here as AWS Public Sector Summit and commercial opportunities are expanding Amazon has announced and will be up and running in 2019 with a new region here in Bahrain in the middle east. It will generate a lot of activity, we expect it to create a tsunami of innovation, data information is the new oil. We're here covering it, this is going to be the beginning of more coverage here in the area for theCUBE. And we're meeting new people, and then we've run into some luminaries, CUBE alumnus, and our next guest is a CUBE alumna, John Wood is the CEO of Telos, also been on theCUBE many times as you might know, is an expert in cybersecurity, just an overall knowledgeable and visionary entrepreneur, good to see you thanks for joining us today. >> Thanks John, I really appreciate it. >> So you're part of the entourage with Teresa and the team as she comes in a cross-pollinates Amazon Web Services public sector seven, what she's done in Washington DC and beyond, here in the region, it's going to be a new formula that Bahrain and the people here have recognized. Like we were in a meeting yesterday, where you weren't pounding the table, but you looked very clearly at the Chief Executive Officer who reports to the king and the crown prince and you said, you don't really know yet, what you got, and you're a visionary, so and we've talked about this and so I want to get it out here on camera, this is a big freaking deal. >> It is. >> Can you explain why, and what your vision is and what will happen with Amazon, 'cause you've been a partner of AWS with Telos, you've been very successful, you've seen the moving parts, you've seen the impact of innovation. >> Yup, absolutely. >> What's your thoughts? >> So you know, the shot heard around the world back at the end of 2013 John was when the Central Intelligence Agency made the decision that the cloud was just secure enough for them. And that kind of made everybody around the world stand up and notice. So yesterday, when we were talking with all of the various people around economic development in Bahrain, you know I said the shot heard around the Middle East is that Amazon is located here in Bahrain. I think just like what happened in America, it's going to have a massive impact from a socio-economic point of view here in the Middle East and specifically in Bahrain. >> What are some of the things that you might expect to see, that they got to be ready for here? >> Well first of all, one thing I'll say is a marked difference from America is that the government here and the business environment here all has agreed it's important to move to the cloud. That in and of itself is a big, big difference than America. In America it's been a lot more fragmented and it's taken more time. I think here, I think the government and the industry is seeing the value of the cloud globally, and they're going to be able to move that much faster than even we did in America. >> They built a Formula 1 race track in 14 months, they don't have a lot of the baggage that America has in terms of older systems. I mean, more tech baggage, or tech legacy, older systems, older databases, kind of a clean sheet of paper. >> They have a bit of a clean sheet of paper, but they also do have legacy John. What they've also done though, is they've given themselves a two year time frame to move everything to the cloud. Now that in and of itself, having a beginning, a middle, and an end, is a really good thing because the journey's going to be relatively rapid and I think the uptick economically as a result is going to be rapid as well. >> So one of the things that you were also involved in here with Teresa and the local Bahrain government and entrepreneurs is you were here with General Keith Alexander, who had to leave last night, we had hoped to have him on theCUBE, four star general, head of the NSA, he's seen his shares of data and scale, he had a unique perspective. What are some of the things that you and General Alexander were discussing with the government here? Can you share with appropriate, some of the things you were talking about? >> I think we can apply best practices here, just like we applied back in America. I think the fact that they've gone to a cloud first policy is a really good thing, the next step I think is to find a standard that you can actually look to from a security point of view, 'cause with that standard you can then have a common lexicon. And that common lexicon allows you to share data between and amongst each other that much more quickly. >> You know, one of the things I overheard you over here and I kind of observed this, and I'm just going to throw it out there because we think the same way with theCUBE is that when you have a cloud model, the benefit of the cloud is you can just actually spin up another instance or thing. It's horizontally scalable, generally speaking. So as you run your business Telos with Amazon in the US and other areas, this is a new opportunity for you. It's almost rinse and repeat, just kind of plug in. And cloud gives you that benefit, so this kind of opens up the conversation of opportunities that Amazon will pull with them to Bahrain and the region. Do you agree with that? How do you see this pull that Amazon might have? >> I think what Amazon can do more than really any other cloud organizations is because they've been at it for such a long time, so much longer than the other cloud providers, they can bring best practices to the table, they can bring best technologies to the table, they can bring best partnerships to the table, which allows people to actually know with confidence that if they move to the cloud it's going to work, and it's going to be more secure. >> The other thing I will also point out at the end of that is then that Andy Jassy and Teresa also bring expertise. They'll do work here on behalf of citizens. >> Well absolutely, you know when Amazon makes a commitment to build a region over a 10 year period it's anywhere between a two to three billion dollar financial commitment to the region, so that in and of itself drives economic value into the region. >> So I got to ask you the tough question, which is obviously the one that's the elephant in the room, is instability in the region, potentially, how does digital disruption impact, say Bahrain and Middle East, you got Horizon, you got crypto-currency we know that markets kind of frothy and somewhat unethical in some areas, that's a red flag, but wants to be legitimate, cybersecurity, a big thing. This is your wheelhouse, cybersecurity, these new emerging areas, you got A.I. booming, you got cloud booming, got the notion these emerging tech, cybersecurity's at the center of the action. What does that mean for Amazon? What does that mean for stability in the region? What's the impact? What's your view on cybersecurity, Middle East, Bahrain, Amazon, can you share, can you unpack that? >> So John, that's an incredibly broad question, so thank you. So from my point of view, I can't deal with the political situations, what we can deal with is what we can control. And we know we can help control the security automation orchestration, we know it works. We've seen the most security conscious organization in the world adopt the security. We and Amazon are the security for the agencies cloud and we know that works. As it relates to the political situation I think here the ruling party understands that's an issue and they're working on it, and I can just leave that to them. >> But you're independent of that, you allow the scale piece on Amazon. And what do you hope to do in the region? What are some of your goals as a commercial opportunity with Bahrain announcing this partnership at the highest levels, this community here, young people want to work here. >> So I see it as a huge work force opportunity for everybody, number one. Number two, I think we can find a way to make sure that everybody can feel confident that it's going to work, so they can feel confident they can move their workload to the cloud. People in Kuwait can feel confident, people in Saudi Arabia can feel confident, and again, that confidence builds stability. With stability, with economic stability, there becomes political stability. That's the other point I'll make, is that at the end of the day, if you have the benefit of having the financial stability it helps in a lot of different ways. >> So what's your advice to the folks, if I had the king sitting here and the crown prince, we had a round table, what are some of the things that you would advise them from your experience, kind of looking back on your career and what you've done now knowing that the regions got a cultural and more of a different economic dynamic, what's your advice to the crown prince, the king, and folks trying to figure this out? >> From a cybersecurity perspective, I would want to do something similar, maybe not the same, but something similar to what the United States government did. When the US government decided to adopt a cybersecurity policy, the so called Cybersecurity Executive Order, there were two parts to it John, the first was cloud first which has been done here, and the second was to adopt the NIST Framework, the NIST Framework gave the common lexicon for all the cybersecurity professionals to be able to push their workloads to the cloud and then guys like me, what we do is, we push automation into that framework, which basically means we get out of the way of the mission and we help make the mission happen much more quickly. >> What about training and support? What's your impression of the economic development board, some of the work they're doing? Obviously they have a transition we heard, maybe some of them in a work force not yet mature, but they got programs in place. How do you see that developing? How would you put them on the progress bar vis-a-vis their aspiration? >> I think in general some of the work force issues that they have here are very similar to the work force issues we have in America. You know, in America, often when kids graduate from college there's a gap between what they get in terms of a degree and what we need in terms of a skill set, that kind of happens everywhere. I think that simple programs like apprenticeships; which have been around for a long time, can be very, very effective in terms of narrowing that gap so that when the kids come out we can actually put them to work and they don't have to be re-trained in the work force. I think that's a big opportunity. I also think there's a big opportunity to bring some of the people here into America to teach best practices, and then bring them back, that they can bring those best practices into the environments here, so they can have that work themselves here. >> What's your take on the eco-system, obviously here we heard start-ups are very active but there's a glass ceiling if you will because cloud's not yet here in full throttle, capital markets mechanics have not yet formed, but there's funds of funds they're just putting this in place, your assessment of the entrepreneurial landscape here. >> I think it's a small, but growing landscape. I think a key point to making an entrepreneurial company successful, you know I started the company back in 1991, which is many, many, many, many moons ago, but anyway, what I can remember is I worked so hard, seven days a week, the joke was it was nine to five, 9 am to 5 am, you're not here on Saturday don't bother coming on Sunday. So fundamentally there's a thing you got to do, what is it Ben Franklin used to say? It's about 99% perspiration, 1% inspiration. So hard work does help a lot. Not to say that we don't have that culture here, but I think in general-- >> They were hard working here. >> Entrepreneurial is all about making sure you do the work. >> One of my observations, they're hard working here, so I think that's a good sign. >> Absolutely. >> So let's go back and talk about this, your experience, you mentioned 1991, my first start-up was 1997, and so we've seen a few cycles, and as cycles come and go this one seems to be a bigger cycle in the sense of a lot of combining forces going on; you've got cloud scale, the role of data and now A.I. to automate, and honestly traditional stuff is kind of being moved to a whole 'nother operating model. Given that you've seen so many cycles, what have you learned from those cycles that you could apply here if you were an entrepreneur here, you're now going to do some business hopefully here I think with Amazon. And for people in government trying to get out of the way or figure out policy, given your cycle experience, these guys are jumping into a wave that's coming. >> I definitely have a point of view on this. So for years, back in the United States, I would have one customer, I'd go to this customer, and I'd say, hey, this other customer over here, they've done it this way, and this customer would say, I want to do it a different way. And I'm like, well then everybody's going to be out of sync. Well recently the CIA decided to publish a case study that talked about moving to the cloud and why they moved to the cloud. And the reason they published this case study was for something called reciprocity. I think if more governments, if more industries can work together from a standpoint of reciprocity, then we're going to be able to more quickly ascertain the threat, discover what the vulnerability is, and mitigate it. >> What specifically the reciprocity should they be working on? Data transfer, information, what are some of the specifics? >> I think a specific will be the NIST Framework as an example. The NIST Framework is made up of 1100 different controls, which are lots, and lots of different subsets of other controls around the world, whether you're talking about ISO, Gramm-Leach-Bliley, HIPAA, whatever, they're all derivations of a framework which basically is a common lexicon. So for me that's something that is very specific when I think they should consider here. >> So one of the things I wanted to get your thoughts before we end here, is your observations, as you look around here, you're seeing a cultural shift, a woman's on the supreme court in Bahrain, we went to the women's breakfast that Teresa Carlson held yesterday, packed house, they had to kick us out of our table, us guys. >> They did, they did. >> They got to make room for the workshop, great fireside chat with Mary Camarata, head of Analysts and corporate communication for Andy and Teresa, fireside chat, then they had breakouts, we didn't get kicked out, but we were asked to give up the table for the women to do the workshop. This was a robust, packed house. >> Not just packed John, it was also just positive, optimistic, happy, they see a future, they see possibilities, there was a lot of give and take, I didn't see any of the stuff that you read about, and I tell ya, this is my first time in the Middle East, my first time to come to Bahrain, and I'm so happy I've come, I'm so sad it took me almost 55 years to make it happen. >> Yeah, I feel the same way. I feel like there's an opportunity bubbling that's going to be really big and legit, and I love the diversity here, it surprised me. My daughter, 21 years old, asked me, she said, dad can you, what's the women like over there? Because there's a perception around culture, around the role of women. Packed house yesterday for the Women in Tech Breakfast, inspirational speech by Teresa Carlson, great workshop here, you see women forcing function; cultural shift. >> Cultural shift, but also don't believe everything you read in the paper, right John? So we all know that you got to go sometimes to see what things are really like, and I'm really happy I came. It's a bubbling, growing, active, really active, really cool nightlife, really cool skyline very beautiful beaches, it's a great place. >> The ground truth always trumps fake news and innuendo. Of course theCUBE is bringing you all the action, we are here with entrepreneur, visionary, John Wood, CEO of Telos, a big strategic partner with Amazon, part of the cultural sea change with AWS, Amazon Web Services, announcing a region here in Bahrain, in the Middle East. I'm John Furrier your CUBE co-host, you can reach me on twitter @furrier, F-U-R-R-I-E-R, if you want to reach out and ping me on twitter any time. More coverage live here, in Bahrain, in the Middle East after this short break. (futuristic electronic music)

>> Narrator: Live from Boston, Massachusetts, it's theCUBE, covering ZertoCON 2018. Brought to you by Zerto. >> This is theCUBE, I'm Paul Gillin. We're here at ZertoCON 2018, Hynes Convention Center in Boston. The final day of ZertoCON, and a lot of talk about partnership at this conference, and one of Zerto's key partners is IBM. Daniel Witteveen is a vice president of resiliency services portfolio at IBM, and I guess the manager of the Zerto relationship from IBM's perspective, is that so? >> Yeah, so I have responsibility for IBM's Resiliency Portfolio. Which includes disaster recovery as a service, backup as a service, data migration services. As well as we do a lot around site and facilities design, construction, and build. So specifically around DRaaS and what you heard today going into the backup world, our backup-as-a-service offering, Zerto's been a partner of ours since 2016. >> Now DRaaS, I think of, is certainly, has been around, disaster recovery has been around for a long time. How much of that business has moved into the cloud now and become a service? >> There's still a very large segment of the population that's doing traditionally DR, but that is moving rapidly to a more automated function. Now, the challenge our customers are faced with is not all workload is cloud ready. So we have a partnership with Zerto for all that cloud-ready workload, using them, but we also combine the Zerto technology into our orchestration software, which handles the full recovery of non-cloud workload IT. So, think about multiple platforms, think about multiple clouds, think about multiple data movers and replicators. We can orchestrate that entire recovery process using Zerto for the virtual environment. >> Talking to executives here today, we don't hear a lot about recovery, we hear a lot about resilience. How ready, how many of your customers are really in that position where they're thinking resilience is never going down as opposed to recovery from a failure? >> So, the goal is to be as close to no outage as possible. But in lieu of recent cyber incidents in cyber-related attacks, the conversation for our clients has shifted to true business resilience. Right, so we have a business resilience conversation verse an IT resilience conversation. Business resilience clearly includes IT, but when you talk about a malicious cyber-related attack, which will cause disruption which'll cause outage, which'll cause data corruption, you're always-on-never-be-out-age viewpoint changes a bit. So, our clients are having a lot of discussions with us around changing the way we think about IT resilience in light of a cyber-related incident. >> Well security, the fastest growing business at IBM is security, how closely do you work with these people in that group? >> Very closely, we've combined, if you're familiar with the NIST Framework around cyber resiliency, you know that there's a lot of effort from our security services around identification and prevention. But what happens when it gets through all that and actually causes and outage, right? So we've partnered very close together on how do you recover and restore, right, using technologies from resiliency services while you try to prevent and detect for true resiliency. >> Talk about the history of the relationship. It's only been a couple years, but how did you first become aware of Zerto and why were they chosen as part of the portfolio? >> Yeah, that's a very good question. So, Zerto started relationship with IBM Cloud. I think at the time it was probably called SoftLayer or Bluemix, right? >> Paul: Yes, it Was probably. >> And that started right as a mechanism to provide DRaaS in a very simple version on IBM Cloud. And the benefits IBM Cloud provided at that time, and still do today, is true hypervisor access to Zerto. And that's been very attractive to Zerto clients because a version of Zerto on-prem is the same as in the cloud, and that's a unique capability for us. But also, another value point was that the data replication between our data centers is free to the customer, so think about the cost structure when it comes to bandwidth. If the customer's moving production in one cloud, in one data center of IBM Cloud, and wants to do recovery out of region, another IBM data center, all that data transfer is included. Right, that's an amazing value prop. But when we're having those discussions with our clients, it expanded to, well, that's nice, that answers this section of my workload. What about all this? And that's really where the relationship blossomed with our integration of orchestration to handle the full IT estate really focusing on hybrid IT. >> Of course, hybrid IT is really the sweet spot for IBM-- >> Daniel: It is. >> How does resilience fit into. The sweetest services that you're offering customers now, is this sort of a core service? Resilience, is a core service of the IBM Hybrid Solution? >> Yeah, absolutely, so within global technology services, it's one of three key plays, resiliency. And if you think of us as a very large outsourcing firm, clients are dependent on us providing these services to them, so it is very significant, as the nature of all of our conversations, any kind of managed service, the default expectation of our client is that it's resilient. >> And, would you say that the clients have understand and really internalized this idea of resilience? Or are they still not quite sure what it all means? >> I would say there's, clients vary brainly. The regulatory clients and the clients that are most potentially exposed to negative publicity as a result of a cyber attack are much more aware and in tune. I will tell you also in lieu of cyber, and it was part of the conversation on that panel yesterday, you're talking about a very different way to respond to an outage. Which is creating a lot of dialogue within our clients of what does it truly mean to be resilient. So it's driving a conversation. They used to be siloed: maybe in IT, maybe in the risk officer or maybe in the CISO. It is bringing them now altogether, and say, we've got to work much stronger together to be resilient. >> We hear a lot of talk about multi-cloud. Is it mostly talk or are you seeing customers really adopt? Are they excited about adopting multiple public clouds? >> I would probably draw a parallel to, did a client ever use one platform, right? And they do. And so clients are very in tune to want to have multiple options. It is very rare today that I go into a client that's single cloud oriented. They'll start single cloud, but they're going to want the flexibility to be multi-cloud. And we want to make sure when we orchestrate their disaster recovery, or even their backup or any of our other offerings, that that can be seamless, that they can move from one cloud to another cloud for whatever reason, maybe it's financial, maybe it's location, maybe it's capability. We want to be able to seamlessly provide that interaction. >> Now AWS and Azure are never going to play nicely together, Where does IBM fit into that matrix? Are you a Switzerland between all these public clouds? >> Well, so we have our own. >> Yes, of course. >> Within IBM Cloud, we'll talk about our strength and our size in the enterprise relative to those providers. But as a services entity, we will continue to be (mumbles). Our shareholders great to be using IBM Cloud. But certainly if a solution or a customer dictates another solution, we would be fine with that. >> Paul: What do your customers ask you about backup these days? Where is backup going? >> How can you do it for me, so I don't have to do it? >> Because it's so painful. (laughing) >> That's our probably biggest use case is customers recognize it's not a core competency. The data explosion has just, they can't handle it anymore. They're buying storage everyday. And they're going there's got to be a better way. And our conversation with customers around backup is let us be your better way. We will provide the infrastructure. We'll provide the label. We'll provide the software. We'll provide the architectural positioning. And we'll focus on providing you the business outcome that you need relative to that offer. >> Would you say the backup is rapidly going to move to the cloud or do you think on-prem backup is going to be around for a long time? >> It's a good question. Unfortunately, as it depends the answer is. For the smaller companies and the remote offices, going directly to cloud makes complete sense. When you have a high-change rate and you have a lot of storage volume, your decision will become where do I need to recover or how do I need to access that data? And maybe that's best suited on-prem. Once (mumbles) in the cloud, maybe that's suited in cloud. I think long term, they'll ultimately sit in the cloud, but there's still a massive amount of storage and customers prefer a massive amount of that to be on-prem. >> In a multi-cloud world, is resilience more difficult to ensure? Or is it easier? >> Way more complex. Way more complex, because if you think about, what 10 years ago, you had site A and site B, site A went down, you're worried about site B. Very easy. One failure case. Now our clients have not only multi-cloud, they have multiple locations, remote offices, back offices. They have multiple software-as-a-service providers. And so our view is, you have to look at the business process resiliency. If you have one system that goes down in a software-as-a-service provider, how does that impact you business process? Can it still work? And how do you make it work in the event that one of those components fail? So it's a lot more complex because you're not just thinking about A and B, you're thinking about 10 different failure scenarios, 20 different scenarios, and making sure that doesn't interrupt the business process. >> The quest for simplicity, IT always seems to become more complex. >> What's interesting is every evolution of technology, which increases redundancy, reliability, the first sense is, well, then I don't need as much resiliency, and every change of technology consolidates that risk, and therefore resiliency becomes that much more important. >> Good job security. Daniel Witteveen, thanks very much for joining us from IBM. >> Excellent, as always, I appreciate being here. Thank you. >> I'm Paul Gillin. That's it for us here at ZertoCON 2018. This is theCUBE. Thanks for watching. (upbeat music)