live from Boston Massachusetts it's the cube covering AWS reinforced 2019 brought to you by Amazon Web Services and its ecosystem partners hey welcome back everyone's cute live coverage here in Boston Massachusetts for AWS Amazon Web Services reinforced this is in our roll call for an RO conference for security this is the first event Amazon's dedicating to security I'm Jeffrey day Volante Dave reinvents the big show reinforced will be the big show for security 12,000 people we have Vittorio for Arango who's the VP of Marketing cloud business unit McAfee formerly of sky-high networks great to see you again on the cube I am happy to be here you guys had an institution so delighted to be here with you guys super excited been big fan of your work but finally work at VMware sky high networks now McAfee you've seen the big company of the startup real change is going on in cloud the McAfee certainly the expertise and the antivirus and security been there check now cloud comes into the equation with sky-high networks gives the update what's that what it's all about sky high comes in to McAfee you got a cloud business unit they leave you alone you get to do your own thing but take advantage of the McAfee goodness it give us the what's going on tell us well you know when you wake an acquisition usually you do it for two reasons why one is I sit at the table in a new market acquiring the skills of the people those are the two two main reasons so Skye McAfee when they acquire sky high in January 2018 they kept the sky high as a separate business unit to keep the momentum and if you think about the the investment thesis there is that today works gets done on endpoints that are attached to the cloud increasingly the network now is used to be the control point for everything security but now we run applications in on infrastructure we don't own that traverses network we don't operate and so the our strategy is secured data what works get gets done which is in on the device which that's the Mac of you know heritage and then in the cloud that's where the McAfee the with the sky-high acquisition what will bring it I'm usually exclusive they both work together because once an endpoint one's kind of a in transit data and cloud all that stuff happening there are two different things but they work together yeah it's it to me device is mobile devices and laptops are the the the land endpoints to the cloud right and so I think we are and then on top of it IT ones complete disability and so McAfee has this great footprint with the device the cloud and then EPO which is our management management layer on top of it it gives you visibility across everything so you guys are making mad mcafee with the cloud business unit which is sky-high enactment a big investment at this show you guys look at reinforces an opportunity why are you making such a big investment in reinforce this show this community what's the big move well if you look at the what the enterprise data is increasingly it's in the cloud so we recently ran a report of the live system so we have a run a thousand customers using our cloud solutions so we know exactly what data is and around thirty five percent is in SAS office CCC five boss Dropbox twenty five percent is in structured application like Salesforce ServiceNow and twenty four percent is in iis and pass and that's the area that is growing the most and so in the past if you look at the evolution of cloud security there have been a lot of different point solution to solve these different problems we're trying to bring it all together so we have a single point for visibility and control of your data in a cloud so I is and pass is where data is growing the fastest and the show like this is the perfect opportunity for a hard question on to you right now because this is what everyone's been asking us see shows and CIOs run or running or managing or trying to figure out the security equation we love our vendors giving us alerts we don't need more alert anymore if there's a really video more alerts we need our suppliers to help us fix the problem yes that's the big focus of this show we're hearing a lot of that and a lot of help my people be better so not just tell me what the problem is fix it yeah what's your view on that absolutely so once you get visibility and you set your policies our system enforces those policies in real time and so it doesn't require human intervention for the most part plus there is another aspect if you look at the number of incident that happens in the cloud there are one order of magnitude higher than on-prem so what we do we bring the users into the picture as a solution so let me give you an example so it said that you look use the cloud to collaborate right and that makes us productive we found that 85% I didn't have a percent of people to go to the cloud find business acceleration in their business and so why because people working collaborate freely but sometimes collaborating they share a document that contains confidential information so when we detect that instead of we let IT know but instead of asking IT to fix it we inform the user and we say hey mr. user did you know that you just share a document that contains credit card information and healthcare information and we show them what it is so they can fix it in most cases people don't do it maliciously like that just trying to get their job done and so we make the user be part of the solution instead of just creating the problem why our instance ray internet rates so much higher in the cloud material because the just the number of peopie definition the moment you start to put your data in the cloud to collaborate you collaborate with many more people right and so that's why the number of incident is so much higher against that the stuff is all out there and the number of people that I have access to your data is much larger so when you think of risk you think of you know the probability of an event and then the impact of that event so we just heard that the probability goes up when you're collaborating in the cloud you have any data on the impact in terms of specific to the cloud is the cloud doing a better job than say on Prem is it more higher impact is it not there's not as enough enough high value data in the cloud yet more data's on Prem do you have any sort of senses first of all there is our actual use of the cloud we know that confidential data is in the cloud and we also know that over time 50% of and confidential data or computational documents in the cloud gets shared in the process all right here's the the good news is that we believe that with the proper tools like an visual cloud and the proper Cosby platform in place the cloud can be more secure than on pram and this is why first these cloud providers AWS and others they put more resources in security that any comprend company ever could right but then you still have the share responsibility model it's a part of the the security puzzle that the end-user is in charge of and if you put in place a cosmic platform we love for people to use ours but any costly platform I think eventually the cloud will become more secure than on Prem ever was yeah so that shared responsibility you talk about endpoints data user access right and you start from SAS the your responsibility is really device security and user access so if an end user logs in with their credential and start stealing your data AWS or Microsoft they're not gonna be responsive to take care of that when you're doing going to pass your responsibility goes deeper because now you're running your own applications there so you have to make sure that the applications the infrastructure that the application runs on is properly configured and the data going in and out of the application and the container are secure and then you're going to I is your responsibility goes even deeper but these are problems now that can be solved well understood it can be solved by leveraging the underlying platform and then building your own infrastructure or your security solution gobbled it sorry I talk about the most important story that that's that should be told in technology security industry today or that media should tell are not being told what is the most important story for first customers to to know about and or the media should be covering more of that's uh putting me on the spot well I think I the thing that I'm most excited right now in NIT is DevOps I think about every technology transition for the last 25 years was driven by one set of people developers and so over the years developers had all these roadblocks or I need a server or now I need the security clearance now I did compliance clearance and so we always got in the way of them until they figured out in you a new platform and your way to be more agile and I think right now in the cloud is with DevOps is the ultimate of expression of that so I think it's very exciting and I think as security vendors instead of this is my pet peeve with security is you have to scare people into buying your stuff I hate that right you know if you don't buy this you're gonna get fired you're gonna get breached all true but the reason why people go to the cloud is business agility the ability to unleash the developers to build new differentiating applications and so to me a better way to sell insecurity and build a security solution is to cater to that need and build security that that is transparent to the users and now transparent to the developers and also here what you're really saying there is you want to increase the speed of security for that slot that is lagging behind the agility of DevOps yeah if I get faster so it's in line with the developer in fact today we just announced that this shift left right instead of like make it easier to deploy application then put security on top of it how about we look at your development process and trying to identify flaws they may end up into a non secure runtime environment and so last goes along the lines of like let's forget about security that doesn't create friction let's put build security in the code it's a shift left by that you mean security is code exactly talk about you now last time we talked to you the cube you were an engineer yeah now you're in marketing what happened well I'm seeing engineer so what happened was you know I I never planned my career I always look for smart people and we're smart people kind of aggregate there's some good stuff to do and when I was at I when I left VMware I joined MobileIron and the only spot that they helped that was open was CMO and so once I got the job I had to learn it I well you're a builder I mean Amazon love Zion generic mindset then you're gonna build our mindset how are you going to build out your cloud division because you have some big tail winds big demand for security price to be sold in a new way yeah and consumed with services so good opportunities for you what's your strategy what are you gonna do our strategy is to keep growing this business right now the cloud as you will expect is the fastest growing business at McAfee and so from from my perspective within the cloud business unit when we're trying to inject energy and the vision for cloud and and that's that's what I think McAfee needs from us so obviously you're a fan of agile scrum I mean you know modern modern development techniques are you bringing that to marketing in any way yeah absolutely so when I made a transition to marketing I realized that whenever you have an environment where you have to ship something in engineering is shipping software in marketing is shipping a new webpage or a new campaign and you a video or something and where there is a lot of unknown and market the moves fast scrum and agile is the perfect solution for it so basically what I do I take the priority from the company we make these plans like a year out right who knows what's gonna happen in here our recipe take these goals and then break them down in two weeks interval and every two weeks here are the priorities the map to those and then every two weeks you have you moved the needle I just talked to some people and and AWS you know they told me maybe it's confidential information or not they told me two weeks it's too long we have it weekly so sometimes when somebody new comes to my team and they see this mechanism workers who always on the treadmill take all this this guy's insane and they may have a point but then you look at the companies that are changing the world and guess what they are doing weekly it's a graph it's like a task week once you get on that cadence you're in shape and you get the team rolling because success is a great motivator yeah it has that kind of success when you're agile and you can respond faster yeah because look at this our counterpart is sales right and if you engage with sales you talk to sales everything is an emergency that was needed yesterday and that's okay they're bringing the money so we like them but with agile would these two weeks print what allows me and my team to do is to say hey what you're asking for is it more important than these things that were shipping in average a week from now and be answers typically no or can you wait the two weeks and you're not and then I can take the whole team and focus on whatever is that do your best work you bring in the best of cloud ethos yep into marketing and then again look if we do believe that engineers make the work around I truly believe that in Silicon Valley Engineers change the world to make the workaround let's take some of those best practices and apply them to other part of the organization why not sorry I've great to chat with you love your vision thanks for coming on the cube and sharing hi thank you for insights great insights here that we're driving all the data here inside the cube for reinforced Amazon Web Services first security conference its inaugural we're excited to be here two days of live cover staying with us for more after this short break

from our studios in the heart of Silicon Valley Palo Alto California this is a cute conversation welcome to the cube studios for another cube conversation where we go in-depth with thought leaders driving business outcomes with technology I'm your host Peter Burris every Enterprise that is trying to do digital transformation finds themselves facing two challenges one their digital assets themselves are a source of value and to other assets that are sources of value are becoming increasingly digitized and that creates a lot of challenges a lot of security concerns that bad agents out in the internet are exploiting and requires a programmatic fundamental response to try to ensure that the digital assets or digitized assets aren't mucked with by bad guys so to have that conversation we're here with Tony Jian Domenico Tony's a senior security strategist and a researcher and the CTI lead at Ford NIT Tony welcome back to the cube hey Pete it's great to be here man so as you get to see you yeah well we've been doing this for a couple of years now Tony and so let's get just kick it off what's new so what's new should we start talking about a little bit about the index here what we saw with the overall threat landscape sure well cool so you know y'all like you know like we always do we always like to start off with an overall threat landscape at least they give an overview of what that index looks like and it really consists of malware botnets application exploits and what we looked at over the quarter there was a lot of volatility throughout the quarter but at the end of the day it ended up only 1% higher than the quarter before now some of that volatility really is being driven by what we've talked about a lot of times Peter and a lot of these other episodes is that swarm like activity whenever an actual vulnerability is successfully exploited by an adversary everybody swarms in on that vulnerability and our fertig are labs you see that really like super spike up a great example of that would be in the last year in December think PHP which is an application that's a framework to rapidly develop web apps they had a vulnerability that if you successfully exploited it it would give you remote the remote access or I'm sorry remote code execution and they were exploiting that and we definitely seen a huge uptick now that wasn't the only one for the quarter but that and along with some of the other ones it's really what's kind of driving on volume so the index has been around for a few quarters now and it's a phenomenal way for folks out there to observe how overall trends are evolving but as you said one of the key things that's being discovered is that or you're discovering as you do this research is this notion of swarming it seems as though there ought to be a couple of reasons why that's the case Tony it's it's we've talked about this in the past there's folks who want to get a little bit more creative in creating bad stuff and there's other folks who just want to keep the cost low and just leverage what's out there which approach are the bad guys tend to using more and or is there an approach one of the other approach is more targeted to one or another kind of attack well it's funny you usually see the folks in the cyber crime ecosystem that are really focusing on you know identifying them not so much where they're doing more sort of targeted attacks it's more of a you know pray and spray you know type of thing and you see a lot of that you know anytime they can hire you can get a life of cybercrime right in the leverage some of these common you know you know services you have code reuse you know which is out there so you have that sort of like group there right and then you have more of the you know more of the you know hands-on sort of keyboard the more you know targeted attacks that are really focused on specific you know victims so you have those you know those two groups I say now with that though there kind of is a commonality there where there's this concept and it's nothing new we've been talking about this for years in the cybersecurity industry it's living off the land right where once a victim is on the actual machine itself they start leveraging some of the tools that are already available there and usually these tools their administration tools to be able to minister the actual network but these tools can also be used in the farías ways from example here would be you know PowerShell they you know a lot of admins use PowerShell for efficiencies on the network but that also can be used in the forest ways and the bad guys are using that and then this past quarter you know we did see a lot of PowerShell activity now you know Peter having said that though I think as a whole with the security community we're getting better at being able to identify these types of PowerShell attacks one we got better technology on the endpoint and I think to Microsoft is in a better job of being able to provide us more hardening capabilities for PowerShell like being able to restrict access to PowerShell as well as giving us better logging capability to be able to identify that malicious activity so we are getting better and the bad guys know this so I think what we can probably look for in the future is them leveraging either a different interface or different language because all they really need to do is interface with that dotnet framework which is part of a Windows system and they can start doing the same exact things they were doing with PowerShell and we're seeing that it in the open-source community now things like Silent Trinity open source tool that allows you to do those same things so for C an open source pretty much guarantee we're gonna see it out there in the wild here soon so we've got a group of bad actors that are using this living off the land approach to leverage technology that's out there and we've still got kind of the big guys having to worry about being targeted because you know that's how you make a lot of money if you're successful but it certainly does sound is that a general business practice for a lot of these guys is to leverage common infrastructure and that this common infrastructure is increasingly becoming you know better understood have I got that right no I you know Peter you're spot-on here what we did we did some exploratory research in this last quarter and what we found out is with the exploits within that quarter or or or the axe will come threats sixty percent of those threats are using the same infrastructure what I mean by infrastructure you know I I mean things like you know infrastructure to download malware maybe to redirect you to some other site and then downloads malware and that makes a lot of sense Peter you know why because in this cybercrime ecosystem if you didn't realize this it's a vicious competitive market everybody is trying to sell their wares and they want to make sure that their service is the best it's better than someone else's and they want to make sure that it's stable so they find these you know community you know infrastructures that are tried-and-true you know some of them are from you know bulletproof hosting so you know services you know things of that nature so you see a lot of the folks in a cybercrime ecosystem using them now on the flip side though you definitely see some of the thread actors that are more sort of you know more the advanced threat actors maybe what they want to do is hide a little bit so they'll hide in that larger community to be able to possibly be able to bypass that that attribution back to them because they don't want to be sort of labeled with oh hey this particular thread actor always uses this infrastructure so if they can blend in a lot harder to find them so they can use what is available but at the same time differentiate themselves in this bad actor ecosystem to take on even more challenging the potentially lucrative exploits now tell me if we know something about this common infrastructure as you said sixty percent of these attacks are using this common infrastructure that suggests we can bring a common set of analysis frameworks to bear as we consider who these actors are and what their practices are have I got that right yeah yeah absolutely if you can align your PlayBook defenses with the offensive actual playbook that the threat actors are using they're better off you're gonna be right because then you can be able to combat them a lot better and as a matter of fact I mean we've kind of introduced this sort of concept in conjunction with our our partnership with the cyber threat Alliance we're actually producing these thread actor play books you know and what we're doing is the idea behind this is if we can identify the malicious activity the threat actors are actually doing to complete their cyber mission expose some of them tactics those techniques those procedures we could possibly disrupt some of that malicious activity and you know this past this past quarter here we focused on a group you know Peter called the the silence group and they're really focused on identifying and stealing financial data they're looking at banks banking infrastructure and ATM machines and you'll get a kick out of this with the ATM machines they're doing something called jackpot II where they if they can find the axle software behind the ATM machine find that ATM process they can inject a malicious DLL into that process giving them total control over the ATM machine and now they can dispense money at will and they can have these money mules on the other side receive that actual money so you know we have a lot of different campaigns in play books that we've identified on our website and that once we understand that we align that with our security fabric and ensure that our customers are protected against that particular playbook Tony I'm not happy to hear that so this is this is my distressed face that I use during these types of interviews but it's if if we're able to look at how bad guy play books are operating then we ought to be able to say and what are those fundamentals that a shop should be using the security professionals should be using that are just you know so basic and so consistent and it seems that are you guys have identified three to do a better job of taking a fabric approach that starts to weave together all assets into a more common security framework to to do a better job of micro and macro segmentation so that you can identify where problems are and then finally increase your overall use of automation with AI and m/l how is this translating into your working with customers as they try to look at these playbooks and apply their own playbooks for how they set up their response regimes yeah so I mean I think overall I mean I think you can hit it on the head computer you kind of nailed down really those some it was kind of fundamental sort of concepts here now you can identify and you can document as many playbooks as you want but if you're not able to quickly respond when you identify those actual playbooks you know that's really half the battle I mean if you need to be able to identify you know one not only when the threat actors in your environment but then also you need to be able to quickly you know take action and like you were saying with that fabric if we can have that actual fabric being able to talk to the other controls within that fabric and take some action they're better off you're gonna be because you can align your defenses there and that's a great would you gotta make sure that all the controls within that fabric are all communicating together they're working together they're sharing information and they're responding together sure enough yeah are you starting to advise customers I'm curious you advising customers that even as they increase the capabilities of their fabric and how they handle their architectures from a micro macro segmentation and increase their use of automation or are there things that they can do from a practice standpoint just to ensure that their responses are appropriate fast and accurate yeah sure sure I mean I think a lot of the actual fabric once you actually build that fabric there's certain you know playbook responses that you can program into that fabric and I'll also even go I know we talked about you know fundamentals but I'll even dive a little bit lower here and you know you have that fabric but you also have to make sure you understand all the assets you have in your in you know your environment because that that information and that knowledge helps you with that macro and micro segmentation because when you can isolate you know different areas if there is a certain area that gets infected you can quickly turn the knobs to isolate that particular threat and that specific you know area or that's a specific segmented area and that is really gonna allow you to fight through the attack give you more time and ultimately reduce the impact of that particular breach so Tony we got the summer months coming up that means more vacations which is you jest less activity but then we got summer interns coming in which you know may involve additional clicking on things that shouldn't be clicked on any ideas what what should security pros be thinking about in the summer months what's the trend show well I think we're gonna continue to see that you know I I think the same type of threats that we've seen in the first quarter but I would say you know there may be a slight sort of drop-off right we got kind of kids that are gonna be out on vacation so you know schools may not see as much activity you got you know folks gonna be taking vacations and at the end of the day most of these exploits are client-side exploits which means you know a lot of times you need somebody to do something on the actual computer either you know clicking that link or clicking the attachment and if they're not there to do that they'll just sit there and you'll see less activity over time so we might see a little reduction in volume but I still think we'll see very similar types of you know threats in the coming months so good time good time are a good opportunity for security pros to double down on putting in place new architecture practices and response regime so that when stuff kicks up in the fall they're that much more prepared da Tony G on Domenico fort Ned great once again thanks very much for being on the cube hey you know Peter it's always a pleasure being here man hope to see you again soon you will and once again I'm Peter Burroughs until next time [Music]

live from Las Vegas it's the cube covering Dell technologies world 2019 brought to you by Dell technologies and it's ecosystem partners welcome back everyone to day one of the cubes live coverage of Dell technologies world here in Sin City Las Vegas 15,000 attendees I'm your host Rebecca night along with my co-host Dave Volante we're joined by a Charlie Haney he is the senior vice president Dell technologies consulting services thanks so much for coming on the queue absolutely thanks for having me again so we were talking a little before the cameras rolling you have spent nearly your entire career at this company at first EMC then Daley MC now Dell technologies how how have you seen the landscape change and transform over the course of your career yeah it's it's crazy I mean think about just even as consumers what we've seen in the last 10 years I mean us thinking about my flight out you know I booked everything online Amex all my calendar and everything is managed by TripIt I check in with my United app I get here I take an uber I mean the entire experience is digital and we see that in our everyday lives and today with technology I mean all of our customers are looking to figure out how do they apply these emerging technologies to their business so that they can open up new revenue streams or create new business opportunities to really win inside their industry and so I think it's just an exciting time and I couldn't be happier to be here at Dell technologies because I feel like we're at the center of all of itself so you mentioned all these exciting new technologies AI IOT this in the end this is all part of this digital transformation how would you describe how your clients are thinking about all of this but sort of what what are their pain points what is keeping them up at night you know I mean not all customers are the same as you could imagine we have some that are just starting and some that feel like they're well on their way but it seems like as as they go down their path they learn that there is still a lot to go I would say many of them are excited about the emerging technologies but they're still puzzled with how to actually apply it in their business and things like multi-cloud you know while it has a great promise they're also you know a little bit betwixt with how to actually manage and run this multi cloud environment so the new solutions like dell technologies cloud and the promise to actually manage that and provide a single cloud playing across hybrid environments on prem off prem you know these are ways that as a technology company we're able to help customers start to stitch these technologies together in a more seamless way to help enable what they're trying to do inside their business so certainly the narrative you hear in the press and no question comes from a lot of the technology companies is you've gotta transform digitally your gut your if not you're gonna get disrupted most organizations you talk to have some kind of digital transformation strategy going on but the reality is there are a number of industries that really haven't encountered disruption Financial Services is a good example the defense industry health care it's probably ripe for destructive disruption but but hasn't yet but we certainly all believe it's coming and we all believe it underlying that trend is data yet I wonder what that discussion is like with customers is there a keen sense that they've got to do something or is it really mixed is there a complacency in some industries and what role do you guys play and sort of helping them squint through that yeah I mean we certainly find that customers that are trying to transform are looking at how do they take the data that oftentimes they already have and figure out how to actually consolidate it and get it into a well-run data platform first so that then they can do analytics and they can actually get the business insights out of it to actually go do something on the Digital side and so oftentimes you know as an infrastructure company right we're helping them build the digital infrastructure for their data platform to enable their digital transformation initiatives at the same time we're helping on the IT side to actually drive out the cost of their IT to go capture the dollars to go enable and fund a lot of those digital transformation initiatives - so there's kind of the data play and then there's obviously the infrastructure play that enables in Hansa when we first started doing the Cubist is our tenth year and and back then if you talked about eliminating you know mundane infrastructure management tasks a lot of people would tighten up ago that's my job you're talking about today people are sort of embracing that because they realize this is the there's there's a brighter future ahead so maybe talk about that skills gap what role you guys play in closing that gap is it just purely sort of they outsource that and you teaching them how to fish yeah it really varies and I would agree with you I mean years ago people were afraid of what might happen to them and today right with the stats most of our organizations that we talked to already leveraged five or more clouds right whether it's an on-prem or an off Prem cloud or a SAS based application and so it's no longer afraid it's like it's reality it's happening and so for us we're helping them figure out how to stitch those things together now our consulting services we can either help them build the upfront strategy to actually build a roadmap and a plan of where they should go and how they should get there as well as those iterations of actually executing and implementing whether that is an IT transformation or a digital transformation plan oftentimes by us helping them build we're actually enabling and helping them establish also an operating model of what is the people and process now that I need within the organization to actually start to deliver something like IT as a service it's extremely different and so then you know obviously there's projects that we do jointly with organizations and customers and they learn as we go and then obviously we have educational services if they want something that's more formal on that side so here's talking about people process technology and and practitioners to tell you people and to in process of the hardest technologies the easiest part you'll always hear that yeah having said that technology catalyzes these change whether it's AI 5g you know IOT so what are some of the catalysts that you're seeing today and what kind of services are you guys providing I mean think again just think about the cloud platform that was announced earlier today I mean for years to be honest we've been building on-premise private clouds and doing manual integration with public all right we've been creating a vision of a service catalog that actually spans multiple on-prem off Prem but not fully integrated now we have an entire cloud plane that actually enables what you just said so the technology is starting to catch up to what we want to consume which is I see as a service on Prem or off Prem but again that will change those roles with NIT you're not going to have silo-based roles around server storage networking you're going to have cloud operators that are stretching not just on Prem but off Prem technologies could be as your Google AWS whatever right and so those roles are drastically different and how do we enable technology across those and so as a consulting organization we're helping define those roles as well as enable them and then build the platforms that ultimately deliver that service so I want to ask you about innovation because we learned that Dell is turning 35 next week that's sort of the start of middle age where's that you get a little slower and get a little creepier how do you stay on the cutting edge and how do you make sure that you are thinking four steps ahead of your customers and and what they will need next you know it's amazing I mean obviously as an organization we're investing 12 billion dollars or more of R&D over the course of the last three years I mean the innovation and the funding for innovation is just continuing to pour the synergies of bringing organizations like VMware and L EMC infrastructure together or pivotal or secure works I mean it's the right blend and mixture of software and infrastructure that allows us to integrate and by integrating we can then innovate and so I honestly think many times our customers are telling us what they need and as long as we continue to be good listeners and we are delivering on what our customers are needing with the technology investments we're making we'll continue to innovate so you guys announced some had some announcements today around multi-cloud the VMware cloud on gel EMC I want to ask you a question Charlie and then tie into that announcement is multi cloud sort of a symptom of multi vendor and line of business and shadow IT or is it increasingly becoming a strategy and if so how do you see that strategy evolving well you know I would say for the organization that hasn't built the right plan and strategy and is getting reactive you know it's really a reactive kind of plan they're seeing all these clouds just kind of pop up and they're not integrated so they're isolation of technologies in different locations for those organizations that are building a strategy to figure out how to best leverage those technologies it's completely different right and by doing that we're able to go look at applications and do proactive cloud suitability studies and make sure that they're putting applications in the right locations to get the right benefits and cost advantage that they need and that's a very different thing than IT waiting for the business to go invest in some SAS model so there's a hut there have to be a top-down edict for the latter vision to be realized in other words if the corner office isn't saying hey without pay attention to IT when they say this is our multi cloud strategy or can it actually happen from a grassroots level you know I don't want to say it can't happen perhaps it could I can tell you the customers that we've engaged with that are having the most success absolutely it's starting at the board level right I mean it's it is a top-down support and focus for the organization I mean there's going to be people challenges as we've talked about technology challenges financial challenges it's gonna take senior level people to actually knock those things down when we do advisory services like this broken saw advisory where we help customers build a strategy one of the number-one barriers that we're knocking down is internal conflict we bring people within the organization together with our subject matter expertise who have done this before and oftentimes we can't get the organization itself to agree on what is the vision and the guiding principles of this multi-cloud strategy and so that is oftentimes the challenged and can't be done ground up oftentimes it does require a strong leadership team to actually support it fund it and then help remove those roles typical starting point for you guys you'll go get an executive sponsor and then you'll organize the team and then you know that's always the cleanest but again as we just talked about customers are you know in various places along that journey so for us it's important to figure out where they are meet them where they are if they're halfway down that maybe it's just a course correction maybe it's something where they're struggling with and we just need to help them with a particular area of it so you know we have customers all along that journey and our goal is just to help them get to the end of that regardless of where we start well Charlie thank you so much for coming on the cube this was a great conversation absolutely thanks for having me I'm Rebecca Knight for Dave Volante we will have much more from day one of the cubes live coverage from Dell technologies world here in Las Vegas coming up in just a little bit [Music]

live from Orlando Florida it's the cube coverage conf 18 got to you by Splunk hey welcome back to Splunk kampf 18 conf 8 hashtag Splunk conf 18 my name is Dave Volante I'm here with my co-host a minimun you watching the cube the leader and live tech coverage there's two days of wall-to-wall coverage is our seventh year stew at conf we're seeing the evolution of Splunk from kind of analyzing log files to having deep business impact across the organization and doing more with data Jim Nichols is here is the DevOps manager in Improv odda healthcare company good to see it thanks for coming to the cube again thank you for having me thank you so tell us about M privada and then love the the title DevOps in the title we'll get into that sure first the company yep so in providers the healthcare IT security company and we provide health court healthcare organizations around the world with secure Identity Management multi-factor authentication and enable just ubiquitous access to whatever sort of medical systems that they need to get into and we really try to enable healthcare by establishing trust between the medical providers the patient's the data and do that all securely and seamlessly so that we're not Security's not a part of their workflow it's just in there and they don't have to think about it and they just get access to what they need when they need it so I hear yeah on your website trust between people technology and information reminds me a little bit of a certain software company that branding is all around us today that is there seems like there's a line up between what Splunk does in your company's mission oh they're there absolutely is and you know like Splunk in privada has a very strong on premises in the data center footprint and we're expanding that into the cloud and that's where most of my work is is kind of managing those cloud systems that kind of complement the on-premise appliance and we're looking at how that's going to move into the cloud and what that means and it's very similar to like what Splunk is done with Splunk enterprise and now moving into Splunk cloud and we're actually a customer's point cloud everything that we do that we could possibly do is out in the cloud not in the data center in you you've got DevOps two new titles maybe bring us inside you know what that means that improv odda you usually think about you know moving fast things are changing all the time it's themes that we heard in the keynote this morning so explain that a little bit yeah so the way the DevOps model that we follow at improv odd is really like kind of a consultant model where we've got a small team of a very senior very expert DevOps folks and they kind of get assigned out to the agile teams and they're a team member that gets planned into the Sprint's plan and what we're going to be dealing and really kind of make sure that those deployment events or the DevOps work that we need to do is planned in as part of the normal development work and that consultancy model is really good in regards to Splunk because we run the Splunk infrastructure we do all the training we do some of the basic dashboard work and make sure that no matter what the team products onshore offshore wherever they are we're all looking at data exactly the same way exact same dashboards and it really kind of forces the knowledge to get shared throughout the organization across products and how we think about things and so Splunk you know DevOps isn't like a tool or a thing or whatever but Splunk is definitely a great like enabling forcing function to make sure that we are sharing metrics how the system works what we're learning on and all that stuff in a really consistent way so you know the t-shirt met tricks I've seen that I have what do you think that means oh so it's like the same old same old man metrics so huh what does that mean to you guys you have new metrics do you have a sort of new set of KPIs that you're using ourselves so I think the metrics part is that it's maybe 10 years ago the IT industry figured out how to get every single metric about CPU memory disk ram and all the tool there are a lot of different tools for doing it you know Splunk zabbix data dog others I don't know if it's okay to talk about other products or whatever but you know when you get like a CPU alert that goes off all right the CPU usage is 92% is that good or is that bad it sounds kind of high and you get that alert you look at that CPU chart and it's like there's no context there's no information and you know you might be designing your system to run at 90% if it's doing some batch processing or something so it's like metrics it's like you need to get the alert you need to know what's going on but you really need to like get the insight into what it is and that's why a lot of this stuff that they show this morning at the keynote was really exciting where you've got the metrics in one place the logs in one place it's all in one place so you get that alert and you can look at it and then see what else is going on without having to like jump into a bunch of different systems and how about DevOps your DevOps in the title what is how do you guys look at DevOps what is DevOps to you and where did it come from and where is it going I think that I've been doing DevOps my entire career since I got out of college and I came out of WPI and was studying like performance evaluation and it's like how do you measure systems get the insight how do you make sure they're running efficiently and I think that what I was kind of doing on the performance engineering side kind of intersected with like the agile movement and folks get into agile development teams and trying to integrate that knowledge and the metrics and how you're gonna run it in production into that sort of product building process so I feel like I've been doing DevOps for a long time and called it different things over the years you know for for us at improv Adi it's really about enabling our developers to deliver functionality to our customers as fast and as safely as possible so you know we're in the healthcare industry and you know the the systems that we build and integrate and support support life right like these are doctors that are using these systems they have to work a hundred percent all the time and that adds some interesting wrinkles where you wouldn't really think about doing continuous deployment for the system that you know somebody's going to get logged into to get into their medical records you might want to be able to move that quickly if you need to if there's an emergency bug fix but the level of safety and testing that we need to put in before it actually gets into production that's really where we spend a lot of our time in DevOps is making sure that that's a fish but that's fast and then when it goes from going from like a test environment into production if it takes an hour for office is not that big of a deal we're doing like you know multi week to week release cycles or even longer and so as far as like DevOps a lot of the movement has been around like continuous delivery and deployment and we kind of use that to optimize like the test build and debug cycle and that way when we know when we get to production that's going to go smoothly and that there aren't going to be any unanticipated how do security fit into this conversation sometimes you know the the buzzword term you know dev sac ops is you know how to how to Splunk in your practice look at security well so you know where a security company you know you know and we wouldn't really ever call anything dev sack offs because security is ingrained in a part of every single thing that we do walking into the building every day when we badge in I think about it our security people like is the building's secure all the way into like what we're ending up doing in the system so obviously Splunk is a huge supporter of that so we've got audit trail information on all the systems and we can know not only what you are system administrators and DevOps users are doing but like what docker is doing what commands it runs and really get at a very very low level of detail and we literally have everything that ever happens on those systems is audited and we've built a whole set of alerts around things that we know about things that we think might be a problem and we use kind of our expertise in the healthcare security space and then apply that to all our cloud systems so it's like we never have a team called dev sack ops it's like it's it's just what we do it's the first most important thing that we think about every day is security so that's why it's a little bit different for us but we like some of the ideas and I've you know we've started doing some work around automated security testing on the application code you know running like static analysis dynamic analysis integrating web scanning tools into our CI CD pipelines so that it just makes it that much easier you know and not wait till the end before you ship it or whatever we have it right in the development process what's the regime for your organization you know the classic development and operations throw it over the fence and okay DevOps brings those together but you still got a spectrum of skills and presumably you've got people on you know some kind of maturity model where you've got sort of newer folks maybe guys coming out of college like you were several years ago and you're training them and sort of you're one unified team at the same time you you might have some degrees of specialization so what have you found is the right regime for the DevOps team well I think the consultant model that we've established works really well and we've got a very senior DevOps person that's on the agile team and they may do some of the really tricky bits but once we get out of the part that only us as DevOps can do we really try to get the developers to do it so a lot of that's like Splunk training how do you build a dashboard here's maybe a simple example dashboard now you do the next panel that sort of thing to try to level everybody up and get everybody on the same page you know turned in terms of this divide between like Devon Ops when I actually joined and provided DevOps was NIT it was managed as part of like our SAS management offering along with like a lot of the other applications that IT managed and one of the very first things that our senior vice-president did was like they get to be in development they can't Oregon is a we were working together we're all on the same teams we're all doing all that stuff but just mentally organizationally get rid of the divide put them in engineering and report to the VP of engineering just like the developers development managers and architects and that's the way we've just get rid of any organizational or thought divide between the between the groups Jim you mention alerts just now and we've heard a few times you get alerts and you know I imagined the beeper in the old days now you get an alert on your mobile phone where are we in terms of being able to take action on those alerts have the machines take action for us is that an objective that you have is that just too damn scary your thoughts yeah so my first my first impression is that it's a little scary we do have some problems that occur with some frequency right so losing an Amazon ec2 instance happens you know 10 times out of 100 instances in the cloud on a given month so there's certain types of those failures that we've automated around just because you have to as a part of just doing business in the cloud so why do the Amazon like auto scaling groups all that stuff we've got a couple of you know issues that happen that we want to just resolve faster and repair faster they don't impact customer experience or user experience but we just want to get on top of those sooner so we've started to automate some of the very thin small carefully controlled controlled use cases so that if the alert were to go up spurious lis I know it's not gonna then take down a system that was running and finding good false positives exactly so only were places where false positives can be tolerated is where we're looking to do that yeah you don't want to take the humans out of the equation just yet or maybe ever for some of the simple things we we have and we can and we will but some of the complicated things it's like just stop and look at it and think about it for 90 seconds and then make the action we're to come up with how to program that 90 seconds of thought is like maybe talk about it be complete about it off oh this way okay let me explain it to somebody a second time and make sure it's right and then go and do a quake like just philosophically that's where I have to get a sheen to do that so Jim you're wearing the revolution a word shirt my understanding in privada is now one of two two-time Award winners if I got it right you're a commander Award winner maybe you could explain what that means and what it means to you and your company sure so the commander award is really about getting you know other folks in your organization using Splunk looking you know either looking at a dashboard at a report or digging down into the data and you know so why I won the award was really around like our use of docker containers so it was really important to me that developers people in DevOps people and support don't really have like a strong like network operations function but those types of folks that they're all looking at the exact same thing all the exact same tools all the exact same data so kind of as part of that mission it's just I hold trainings I hold office hours I've got one of my DevOps folks down here today or at the conference to then kind of spread the Splunk gospel show people how to use it if they've got questions all that sort of stuff and then the other part of that is really just showing people what we can do and advocating for the making decisions based on the data we have it in data you know I have it in spunk let's look at that to make the decision so that's really what that commander Awards kind of all about so if you're doing the doctor stuff you're a bit of a trailblazer so we were only a few years into this container initiative I was walking the show floor I even saw some companies looking at like the serverless technology you know what what led you to kind of put these pieces together and you know it tell us a little bit about kind of the community that you lean on to learn these things yes so the the technology trend around containers was very strong and very fast like with Amazon's especially like that when they came out with their ECS orchestration it was really fast and very strong and really the the technology trend kind of led me into it and then the developers being like we're gonna use docker we're gonna have to figure you're gonna have to figure out how to Splunk it so really from the very beginning I've gone through each and every sort of possible way to get data out of a dr. container in this Splunk and part of that is you know networking with the Splunk folks pretty good relationship with the with the fella that wrote the logging driver that went into the dock or open source project and like looked at the code reviews and all that and then it's really just trying it out trying things out and eventually kind of got to the sweet spot now where I've got the developers are all using local docker compose and that's configured a certain way then when we run in Amazon it's using Amazon ECS where I've also been working on kubernetes for a while and the way that you configure your docker in each of those environments is totally different the code running in the is exactly the same so we've realized that vision but the runtime environment is totally different so kind of where we're at now the config may be totally different on the logging drivers but in the end when you load up Splunk and you look at it and Splunk it's exactly the same whether it's your local laptop and amazon in production staving staging or whatever and I think my kind of favorite part in terms of like the Splunk commander award and getting folks using Splunk is that the way that I have it set it up set up now there is literally no local log file for the developers on their laptop it just doesn't exist it all goes out to Splunk so you can do a lot with grep and text pad and stuff on your local local laptop and I get that but now that they're in Splunk and it's just it's been a great way to get folks on board with what its gonna look like in production I know what it looks like in dev so I can make sure that my logs are good I'm logging enough and not too much and all that stuff so that's really where docker is really software is the same now we've got the logging the same the tools are all the same but then the runtime bits those are a little bit different and that's abstracted away hopefully Jim what does a DevOps guy want from a vendor you got a lot of open source stuff that you're working with you got a lot of different tooling what do you look for in a vendor what's what's the thumbs-up and positives and what what stuff really kind of ticked you off well so you know we're we're a key trusted vendor for a lot of healthcare organizations so I can kind of talk about how I we prison if a customer or a user comes up comes to us with a problem doesn't matter what it is it's our problem and we go through exhaustive lengths to identify where the problem actually is and so that may be in our code that maybe in another vendors code some third party some open source thing doesn't matter we're after the evidence we're after the facts we don't care if it's not in our code we're gonna help our customer be successful and that's what we would want from any vendor right so if we contact them with a support case we've got a problem we don't want any of this uh looks like a firewall problem or something like get to the data get to the facts and if you can prove if the vendor can prove that the problem is somewhere else great but we want a reproducible test case we want this whole finger-pointing thing is like it's horrible inside of an organization in terms of like running operational systems but then when you've got like as your Google Cloud Amazon Cloud Salesforce service now all these things all working together like you can't people just going to own the problem basically and that's what that's what we do right so if the customer comes to us with an issue it's our problem and then we go from there and figure it out and that's really what any vendor that we work with especially like a production operational sort of system that's really what we look for so you look for collaboration and focus on solving the problem not not the finger-pointing you know a virtual single throat to choke if you will yeah exactly hm well thanks very much for joining us on the cube is great to have you yeah thank you thank you very much appreciate I keep right - everybody stew and I'll be back hashtag Splunk conf 18 you're watching the cube right back [Music]

why from Las Vegas it's the cube covering informatica world 2018 bacio by inform Attica hey welcome back it runs the cubes exclusive coverage of informatica world 2018 we're here at the Venetian in Las Vegas live I'm John for your co-host with Peterborough's coasting and head of analyst said we keep on insulating all the cube our next guest is jammed the dalla who's the enterprise analytics architecture engineer sire pharmaceutical and some named director of the enterprise analytic solutions lead at sire as well great to have you guys thanks for joining us thank you so love getting the practitioner view of kind of the reality right of what's going on off see dramatic has their show you guys are a customer you're looking at some of their products take a minute first to talk about what you guys do first see Pharma got some stuff going on Davies involved privacy's involves you're in Europe in the u.s. GDP ours here think I'm gonna talk about what you guys do sure so char Pharmaceuticals is a global leader in rare diseases so there's about 350 million patients who are effective remedies is today and so art group with NIT enterprise analytics so we're focused on making sure we bring the right technologies and capabilities around bi and analytics to the organization so we look at products tools figure out how they fit into our our ecosystem of bi stack of tools and make that available to our RIT colleagues as well as our business colleagues so rare disease can you just explain kind of categorically what that is cuz I'm assuming this fits rare is not a lot of data on it or there's data you got to figure out what is that how do you guys categorize that so rare disease you know majority the rare disease affected by affected children so that's a kind of a critical aspect of what we do you know rare disease could be in immunology it could be in oncology GI I mean there's very disease typically you know people who are affected affected probably less than a thousand or 2,000 I think one of our drugs the population is around 5,000 people and these are chronic diseases typically their chronic diseases so they're they're they're diseases that affect the quality of life of an individual so what you guys are doing is identifying what is it about the genealogy etc the genome associated with the disease but then providing treatments that will allow especially kids an opportunity to have live a better life over extensive time yeah and what do you guys do there in terms the data side can you explain what your roles are yeah so like I said we're you're in the enterprise analytics so we're focused on bringing technologies and capabilities around bi and analytics spaces so how do we bring data in and ingest it how do we curate the data how do we do if data visualizations how do we do data discovery advanced analytics so all of those kind of capabilities and we're responsible for so what's your architecture today you have some on premises their cloud involved you just kind of lay out kind of the environment as much as you can share I know maybe some confidential information but for the most part what's the current landscape internally for you guys what are you dealing with the data sure so we fill out a new a new next generation analytics we called it our marketplace or the analytics marketplace we're leveraging both on Prem as well as cloud technologies so we're leveraging Microsoft Azure hdinsight for Hadoop the Big Data technologies as well as informatica for data ingestion and bringing data and transform or transforming yet but there are many tools involved in that one so it's like the whole ecosystem we call does marketplace which is backbone for shared enterprise analytics strategy and future you guys put a policy around what tools people can bring to work so to speak and we're seeing a proliferation of tools there's a tool vendor everywhere we look around the big data it's right I got a tool for this I got a tool for wrangling I've seen everything how do you guys deal with that onslaught of tools coming in do you guys look at it more from a platform respective how are you guys handling that right so look at a platform perspective and we try to bring tools in and make that a standard within the organization we look at you know the security is it enterprise grade technology and yeah it's a challenge I mean they're basically certified you kick the tires give it a pace test through its paces and then we have our own operations team so we can support that that tool set the platform itself so and what are your customers do with the data they doing self service or they data scientists are they like just business analysts what's the profile of the users of your customers of your we have all set of users they have like a technical folks which they want to use the data like traditional ETL reality so there are folks from the business they want to do like self-serve and unless they want to do analysis on the data so we have all the capabilities in our marketplace so some tools enable those guys to get the data for the selves or like the tools we have and dalibor does their own stuff like the eld talk a little bit about the one of the key challenges associated with pharmaceuticals especially in the types of rare disease chronic young people types of things that you guys are mainly focused on a big challenge has always been that people when they start taking a drug that can significantly improve their lives they start to feel better and when they start to feel better they stop taking it so how are you using big data to or using analytics to identify people help describe potential treatments for them help keep them on the regimen how do you do are you first of all are you doing those things and as you do it how are you ensuring that you are compliant with basic ethical and privacy laws and what types of tools are you using to do that it's a big question yeah yeah so we are doing some of that you know we have looked at things around persistence and adherence and understanding kind of you know what what combination of drugs may work best for certain individuals or groups of people yeah and definitely you know some compliance is a big factor in that so when I'm working close with a compliance group understanding how we're allowed to use that data in between which parts of the organization do you anticipate that you'll have a direct relationship as some of these customers or is there an optimist in other words does analytics provide you an opportunity to start to alter the way that you engage the core users of your products and services like I believe so you know I think one thing that we're looking at which strategic standpoint is um how do we diagnose people sooner a lot of these chronic diseases you know they go through 2-3 years of undiagnosed so they'll jump around from you know doctor a doctor if I understand what you know what the issue is so I think one thing we're looking at is how do we use data and AI to to more quickly be able to diagnose patients has a 360 view helped you guys of data you guys have a 360 view how do you cuz we'll look at that in terms of a channel selling a product and serving because we have a different perspective what's the 360 view benefit that you guys are getting yeah so we have a kind of a customer care model which is kind of a 360 for our customer so understanding you know around just drug manufacturing to making sure they have the right you know they have the right supply to understand is it working for the patient's so we've always been talking about the role a big day you mentioned had to do that Hadoop supposed to be this whole industry now it's a feature of data right so there's a variety of you know infrastructure as a service platform as a service some say I pass and Big Data how are you guys looking at that as as as builders of IT next-generation IT the role of I pass and Big Data we see it as a role in a blur you know I think what cloud brings us in the past type solutions is agility you know we as the market is so evolving so quickly and there's new versions of new software coming out so quickly that you wanna be able to embrace that and leverage that give it benefit of like give it some sort of a comparison old way versus a cloud like is there been some immediate benefits that just pop out yeah that a lot more benefits with doing the world way and the cloud way because with the cloud that brings a lot more scalability in in all India's to get like 10 servers you need to work with the infrastructure team I get it like it takes three months or two months again it with the cloud based one you've worked out you can scale up or scale down so that's one thing because it's so you're talking about Big Data yeah you're getting the volume of data you're getting you need to scale up your storage or your any compute you either JMS and compute bring data to the table and then you gotta have the custom tooling for the visualization yeah how that kind of together right you talk about them from your perspective the balance that you have to have guys have to deal with every day like you got to deal with the current situation NIT you got cloud you got an electrical customers personas of people using the product but you got to stay in the cutting edge it's like what's next cuz we going down the cloud road you're looking at containers kubernetes service meshes you need a lot more stuff coming down the pike if you will coming down the road for you guys how are you guys looking at that and how are you managing it you have some greenfield projects do you do a little you know Rd you integrated in how are you dealing with this new cloud native set of technologies yeah definitely a balancing act you know I think we do a lot of pocs and we actually work with our business and IT counterparts to see hey if there's a new use case that is coming down you know how do we solve that use case with some of the newer technologies and we try a POC may bring in a product to just see if it works and then see how do we then do we then take that to the enterprise so I got one final question for you guys and maybe you do as well John but but in life and death businesses like pharmaceuticals is a life and death business the quality of the data is really really important getting it wrong has major implications the fidelity of the system is really crucial you say using informatica for for example ingest and other types of services how has that choice made the business feel more certain about the quality of their data that you're using in your analytic systems into standardization so you know if between MDM round mastering our data - ingesting data transforming our data just having that data lineage having that standard around how that data gets transformed is that fundamentally a feature of the services that you're providing is you not only were you you know the ability to do visualization on data but actually providing your scientists and your businesspeople and your legal staff explicit knowledge about where this data came from and how trustworthy it is and whether they should be making these kind of free complex very real hardcore human level decisions on is that is that all helping yes because it seems like it would be a really crucial determination of what tools you guys would use right it is yeah and absolutely I think also as we move more towards self-service and having these people having data scientists do their things on their own being able to have the tools that can do that kind of audit and data lineage is crucial great to have you guys on we had a wrap I want to ask one more question here you guys were an innovation award e informática congratulations any advice for your peers out there want to unleash the power data and be on the cutting edge and potentially be an honoree yeah I would say just definitely think outside the box seem to try new things try puce you know do POCs is there so much new technologies coming down so quickly that it's hard to keep up Jam cuz it's like a moving target you need to chase your movie target and based on B was it that gets you like what you want it to do you know siding yeah get out front don't keep your eye on the prize yeah focus on task at hand bring in the new technologies guys thanks so much for coming on great to hear the practitioners reality from the trenches certainly front lines you know life-or-death situations of quality of the data matter scaling is important cloud era of data I'm John for a Peterborough's more live coverage after the short break

[Music] hi I'm Peter burns and welcome to another cube conversation we are here in our Palo Alto studios with Chen C Wang Chen C is the founder and General Partner of rain capital and an old colleague Chen see you've been around for a long time we're very happy to have you here in a cube at least in my opinion one of the leading thinkers and security what's happening in ite data security digital business security we were colleagues at four store many years ago what are you doing now well I'm doing this new fund I just started rain capital it's an early-stage venture fund focusing on cyber security innovation so very excited about that and very specific yes I was security and AI as well but the core focus is cyber security so let's talk about what that actually means because there's a lot of new practices new processes new groups with NIT that are being spawned as a consequence of this memoriae agile devops one of the groups or one of the practices or expertise centers it's especially underrepresented in the security world somewhat surprisingly is DevOps what do we need to do to bring more security into DevOps right that's a really good question and that's one of the areas that I've been focusing on in the last two three years is looking at the impact of DevOps practices to IT or including security and it's a huge impact because initially or originally what we have is security is a practice that that is gatekeeper right so you got applications being developed and then you you test them and then you go through security tests at the end and before you could deploy DevOps practices disrupt all of that what DevOps set says is I'm a developer I can deploy my application directly onto a production productionserver without going through all those gates because business agility demands it right once you have developers or testers touching your production servers directly some of the old security practices go away right you cannot do that anymore because too heavy-handed there's also the notion of portability so today it's very common for companies to want move their workloads from the internal data center to AWS or maybe next month I want to move to Google Cloud or Azure and I don't want to go through all the testing and pre-implementation practices I want to do it right away and the portability also disrupts existing security practices right so if your security policy depends on you instrumenting the server to put some kind of module on there tomorrow the server is not not there anymore right so what do you do so it engenders hosts loads of issues and also is a catalyst for innovation so that's why I'm very very excited about that so when you talk to customers users because I know you still have work with a lot of relationships I'm sure that's going to be one of the distinctions that you bring to bear when you think about what rain capital does what are say the three things that you tell them you've already mentioned you got a you got to ensure that the practices are in place that portability is at least made more obvious and that you don't bind security down to a particular device because it device may not be there that's three what are some of the kind of organizational institutional things that DevOps folks have to do to make sure that everybody gets the security profile with the need right so what we're seeing in terms organizationally or culturally the change is that in a in a DevOps led organization the the boundaries are going away right so some of the companies that I'm seeing cloud native to start with they may not have an ops team right what they do is that IT there their infrastructure team is embedded with the applications team it really the application demand and knowing what the application wants to do and then works with the developers to establish policies and deployment practices as opposed to being arms and lands from the the developers which you know creates all kinds of tension so it's an organizational shift as well and mindset shift right so the mindset shift is that you're no longer somebody who enforces policies you actually enable business versus the policy enforcer and it's easy to say but they actually requires a very deep shift in thinking so I got another question on security and I won't move to something else but really quickly as IT organizations or as businesses source their IT capabilities more from public cloud or service providers that means that they also have to have a new approach to how they to institutionalizing the work the practice the process the certainty associated with good security in in your experience what are just a couple of things that businesses have to worry about as they negotiate and monitor and manage relationships with third parties as it pertains to security right that's a good question there possibly a long list of things right but I don't use the the top things is don't get locked in right all the platform providers want to give you all these enriched capabilities as long as you buy into our services right so what you want to do is I want to stay at the level that I can easily move right so then this may mean I have to do a little bit more things or have to compensate with third party technologies as opposed to buying into this vertically integrated notion of the platform providers and that's where you need to stay at because if otherwise you get locked it so that's one second is the the ability to do monitoring has to be real-time has and the the thing about DevOps is real-time visible of the real-time closed loop response right so you cannot like secure the analytics in the past has to usually is you get tons of logs put there and somebody chewing through logs and look for anomalies it's not fast enough it's not good enough anymore so what we want is monitoring capabilities that are able to do it platform in the platform independent way but able to give you real-time visibility and response capability right there and that's where the innovation comes from you know one thing I've noticed we've been talking I've been talking a couple customers and they're starting to discover that some of the cloud service providers are using security as a way to lock in right so so and security I think should be built in right it should be by default secure by default is the way we want to be you always know how to do yeah yeah and and you should be able to get out if if security is the differentiation then maybe it's not the right market rights group yeah all right so ring capital has in addition to looking at the whole DevOps world you bring in your security expertise to bear on potential investments it's got another distinction what's the other distinction about rain capital um it's a woman led venture fund which is a rarity in Silicon Valley right so oh is it I don't know you tell me yeah no it is a rarity there are not a lot of funds that one would associate as being a broadly representative of or very inclusive so as you are moving forward with recap we'll talk a bit about the evolving role of women in technology so so I would say that even though it's a woman led venture fund I don't think of ourselves as different just because woman led I think we are different because we have a deep deep understanding of the market and deep understanding of the technology and also very extensive relationship with end-users but in terms of women in technology and women in security I'm a big advocate um so for the past two years I was the program co-chair for the Grace Hopper conference I put together the security and privacy content for the conference and the the need for a an ecosystem that is inclusive that is enabling for underrepresented either gender or race it is huge right so people go to Grace Hopper conference and they come back and they so inspired because they see all these women representing them and I think in Silicon Valley we need that insecurity we need that even more because if you look at some statistics I think women in general IT is about 24% representative army representation in security is about 11% so we have a long way to go now I'm going to avoid making comments about that because it's smart not to but those are those are numbers that are distressing that's obvious clearly there's a lot of talent you're not the only one there's a lot of talent out there there's clearly got be brought to bear and so you might not be differentiated by the fact that as women you do things differently but it might nonetheless be a more comfortable home for a woman like yourself and have a great idea and want to turn it into a business failure that's one thing all right so Chauncey and by the way I got to say just a quick advertisement for the cube the cube has been a major supporter for for women in tech for a couple years now we've been at a number of these different conferences Jeff Frick who's the general manager john john fourier co co dave one co co put a lot of time and energy so we look forward and give us a point oh absolutely we look forward to more fruitful relationships like that in the future so once again I'm Peter Burris with Wicky bonds looking angle and we've been talking to Chen Zi Wang of rain Capital founder General Partner about a number of different topics Chauncey once again thank you for every much for being on the cube thank you for having me

from Gillette Stadium in Foxborough Massachusetts it's the cube covering Vita winter warmer 2018 presented by silicon angle hi I'm Stu minimun and we're here at the Vita winter warmer 2018 have with me Chris Harney who's the founder yes and president Vita great to see you Chris great to you so 12th annual one of this event it's gone through a couple of name change it's actually the fifth year we've been doing it I'd been coming for a few years before that but for just for our audience that doesn't know explain kind of the why of the V Tugg you know and what's what's changed you know over the years so so V tug was originally a still founded on the principle that we can get smarter together you know if everyone learns a little piece and teaches everyone because back when it started there was no YouTube there was no Google he had to learn on your own and you know we started out learning how to virtualize machines we learned how the emotion worked well now you're talking serverless applications you're talking crowd or cloud native you talk it's tough going to the cloud is it staying on Prem how do you automate and it's changing I mean Moore's law has gone out the window you know change is happening win weeks rather than years yeah and Chris I always love this it's one of our first events of the year the last few years it's a user group it's good grounding for me to really understand you know the typical people NIT what do they care about what are they struggling you know in what's going on in their world so you know you're going to bring us some of the users that we have on here but from your standpoint you know what are you seeing you know what are you hearing yeah so I'm hearing that users are struggling you know that the old adage 80% of their job is maintaining systems and 20% as upgrades yet 20 of some of the budget is spent on upgrades and 80 so that the dumb numbers are skewed so that having trouble keeping up with technology yeah it you throw out some things you talked about you know server lists type applications you'd key notes this morning we had Microsoft Amazon yet some developer to tracks going on looking at you know orchestration and yet some stalwarts the in the industry you know talking about you know what what's happening from from an IT standpoint where is kind of there is no typical but you know when you look at the range of people that are here um you know are they still I'm doing my virtualization rollout are they you know where are they in the cloud journey have they heard about things like kubernetes and server list yet so this audience may have heard of kubernetes very few people are implementing it I still think you know we matured 10 years ago we haven't kind of made that next leap yet so people are still they've got VMware they've got they're looking at NSX and they're running on what's the next hardware platform hyperconvergence is still a big deal yeah uh and hyper-converged is a big deal I mean we've been watching you for many days as I said this is a good grounding for us because right it's like oh well why is that AWS reinvent I was at cube con and you talk about all this stuff where you know the future is going but you know what what's happening today is super important um I like you you talked about some of the dynamics about like how they spend budget you know we talk a lot today about you know it's got to be a switch from kappa to op X and consumption and you know that that's changing a lot people's roles so training education so super important what are they getting coming to an event like this and what are the resources are you seeing that's and that are important today so at this event I think there's a lot of validation you know we we get inundated with marketing go to the cloud go to cloud and all of these users are coming together hey what are you doing for cloud and they're realizing that everyone is pretty much in the same boat together you know so so that's one thing they get networking they share their problems and what the fixes are and then the vendors they bring their a-game they really do some great training sessions so you know we've got 20 different training sessions going on upstairs and the users will go up there and they'll be able to talk one-on-one with real engineers who are doing this stuff yeah so Chris you know both big Patriots fans we've got you know Tedy Bruschi behind us here the Patriots are actually on the practice field right now getting ready for yet another Super Bowl so yeah it's amazing hopefully bring in ring number six home I think we're good lucky were the cube every time we've done your event the Patriots have still been the hunt so you know we got to keep that going but you know you look at the Patriots you say they've done so well you know other than Belichick and Brady there's been a lot of change you know you're gonna have you know this Patriots alumni is coming and I'm hoping we'll talk to like Logan Mankins and be like you know the game it seen the people change you know the strategies change but you know how do you keep that winning formula and it's a lot of its same an IT I mean so much tech has changed you know in 12 years what's the same and we you know what what's different from your viewpoint so the same you know we all have end users you know we aren't applications delivered without without hesitation or without issues so that's that will always be the same what's changed is how do we deliver that you know we used to put a server in one application and then we had sans you know so we could put the sands in and have smaller servers to virtualization to automation you know people are still looking at clones and making that automation happen faster but I think security is starting to take a 4-4-2 that you know we're seeing what's the Intel some viruses and some weaknesses so I think a lot more people are spending more time remediating possible issues and less time building new stuff yeah great points they are I mean I'm in a first structure guy by background and right you talked we went from server to we went to a VM and even we talk about things like containers and then functions it's that delivery of how do I deliver my application right how do I build modernize applications you know term you know cloud native gets thrown out a lot you know developers you know are involved here and you know it still matters some of those underneath piece even something like serverless eventually somebody is responsible that for for that infrastructure it's just you know we looked at the wiki bond research looked at you know we see a big shift going to platforms whether that be a public cloud or even something like hyper-converged there's less that I need to be worried about building and playing with those geek knobs and more software is going to allow me to handle that as data grows as scale happens I can't have people you know in there having to worry about some of those pieces you know machine learning needs to help you know the the the software itself needs to do it in that that's a shift it's challenging for people to kind of embrace that change understand where they add value and where they need to go and it's events like this that I think help people you know make understand where they need to make those transition points and where they can keep adding value is spot on there and I think people just see a point they need to learn that the more things they can affect the more positive influence they can have on that company and the long longer they'll be there the long they'll want them there if you're just affecting one thing you don't add as much value if you're affecting a thousand things there's a lot more value to you all right well Chris once again it's pleasure having you on the program we really appreciated that we could come you know help share the user activity with our community so thanks so much and you know wishing the past good luck absolutely you up for addiction on the score I hate to do predictions when we're going to be there you know I'm confident the Patriots do well if history has shown us anything it's usually a close game absolutely you know so you know I've seen a couple of Eagles fans here but a lot of Patriots colors so thanks so much and we're gonna be back with lots more coverage here from the V tog winter warmer 2018 I'm stew min Amman and you're watching the cube