>>And welcome back to the cubes coverage of a, of us. Reinforc here in Boston, Massachusetts. I'm John furrier. We're here for a great interview on the next generation topic of state of industrial security. We have two great guests, Tim Jefferson, senior vice president data network and application security at Barracuda. And Cenon Aron vice president of zero trust engineering at Barracuda. Gentlemen. Thanks for coming on the queue. Talk about industrial security. >>Yeah, thanks for having us. >>So one of the, one of the big things that's going on, obviously you got zero trust. You've got trusted, trusted software supply chain challenges. You've got hardware mattering more than ever. You've got software driving everything, and all this is talking about industrial, you know, critical infrastructure. We saw the oil pipeline had a hack and ransomware attack, and that's just constant barrage of threats in the industrial area. And all the data is pointing to that. This area is gonna be fast growth machine learning's kicking in automation is coming in. You see a huge topic, huge growth trend. What is the big story going on here? >>Yeah, I think at a high level, you know, we did a survey and saw that, you know, over 95% of the organizations are experiencing, you know, security challenges in this space. So, you know, the blast radius in the, of the, the interface that this creates so many different devices and things and objects that are getting network connected now create a huge challenge for security teams to kind of get their arms around that. >>Yeah. And I can add that, you know, majority of these incidents that, that these organizations suffer lead to significant downtime, right? And we're talking about operational technology here, you know, lives depend on, on these technologies, right? Our, our wellbeing everyday wellbeing depend on those. So, so that is a key driver of initiatives and projects to secure industrial IOT and operational technologies in, in these businesses. >>Well, it's great to have both of you guys on, you know, Tim, you know, you had a background at AWS and sit on your startup, founder, soldier, coming to Barracuda, both very experienced, seeing the ways before in this industry. And I'd like to, if you don't mind talk about three areas, remote access, which we've seen in huge demand with, with the pandemic and the out, coming out with the hybrid and certainly industrial, that's a big part of it. And then secondly, that the trend of clear commitment from enterprises to have in a public cloud component, and then finally the secure access edge, you know, with SAS business models, securing these things, these are the three hot areas let's go into the first one, remote access. Why is this important? It seems that this is the top priority for having immediate attention on what's the big challenge here? Is it the most unsecure? Is it the most important? What, why is this relevant? >>So now I'll let you jump in there. >>Yeah, sure. Happy to. I mean, if you think about it, especially now, we've been through a, a pandemic shelter in place cycle for almost two years. It, it becomes essentially a business continuity matter, right? You do need remote access. We also seen a tremendous shift in hiring the best talent, wherever they are, right. Onboarding them and bringing the talent into, into, into, into businesses that have maybe a lot more distributed environments than traditionally. So you have to account for remote access in every part of everyday life, including industrial technologies, you need remote support, right? You need vendors that might be overseas providing you, you know, guidance and support for these technologies. So remote support is every part of life. Whether you work from home, you work on your, on the go, or you are getting support from a vendor that happens to be in Germany, you know, teleporting into your environment in Hawaii. You know, all these things are essentially critical parts of everyday life. Now >>Talk about ZT and a zero trust network access is a, this is a major component for companies. Obviously, you know, it's a position taking trust and verifies. One other approach, zero trust is saying, Hey, I don't trust you. Take us through why that's important. Why is zero trust network access important in this area? >>Yeah. I mean, I could say that traditionally remote access, if you think about infancy of the internet in the nineties, right? It was all about encryption in, in transit, right? You were all about internet was vastly clear text, right? We didn't have even SSL TLS, widely distributed and, and available. So when VPNs first came out, it was more about preventing sniffing, clear tech clear text information from, from, from the network, right? It was more about securing the, the transport, but now that kind of created a, a big security control gap, which implicitly trusted user users, once they are teleported into a remote network, right? That's the essence of having a remote access session you're brought from wherever you are into an internal network. They implicitly trust you that simply breakdown over time because you are able to compromise end points relatively easily using browser exploits. >>You know, so, so for supply chain issues, water hole attacks, and leverage the existing VPN tunnels to laterally move into the organization from within the network, you literally move in further and further and further down, you know, down the network, right? So the VPN needed a, a significant innovation. It was meant to be securing packets and transit. It was all about an encryption layer, but it had an implicit trust problem with zero trust. We turn it into an explicit trust problem, right? Explicit trust concept, ideally. Right? So you are, who do you say you are? And you are authorized to access only to things that you need to access to get the work done. >>So you're talking about granular levels versus the one time database look up you're in >>That's right. >>Tim, talk about the OT it side of this equation of industrial, because it, you know, is IP based, networking, OT have been purpose built, you know, maybe some proprietary technology yeah. That connects to the internet internet, but it's mainly been secure. Those have come together over the years and now with no perimeter security, how is this world evolving? Because there's gonna be more cloud there, be more machine learning, more hybrid on premise, that's going on almost a reset if you will. I mean, is it a reset? What's the, what's the situation. >>Yeah. I think, you know, in typical human behavior, you know, there's a lot of over rotation going on. You know, historically a lot of security controls are all concentrated in a data center. You know, a lot of enterprises had very large sophisticated well-established security stacks in a data center. And as those applications kind of broke down and, and got rearchitected for the cloud, they got more modular, they got more distributed that centralized security stack became an anti pattern. So now this kind of over rotation, Hey, let's take this stack and, and put it up in the cloud. You know, so there's lots of names for this secure access, service edge, you know, secure service edge. But in the end, you know, you're taking your controls and, and migrating them into the cloud. And, you know, I think ultimately this creates a great opportunity to embrace some of security, best practices that were difficult to do in some of the legacy architectures, which is being able to push your controls as far out to the edge as possible. >>And the interesting thing about OT and OT now is just how far out the edge is, right? So instead of being, you know, historically it was the branch or user edge, remote access edge, you know, Syon mentioned that you, you have technologies that can VPN or bring those identities into those networks, but now you have all these things, you know, partners, devices. So it's the thing, edge device edge, the user edge. So a lot more fidelity and awareness around who users are. Cause in parallel, a lot of the IDP and I IBM's platforms have really matured. So marrying those concepts of this, this lot of maturity around identity management yeah. With device in and behavior management into a common security framework is really exciting. But of course it's very nascent. So people are, it's a difficult time getting your arms around >>That. It's funny. We were joking about the edge. We just watching the web telescope photos come in the deep space, the deep edge. So the edge is continuing to be pushed out. Totally see that. And in fact, you know, one of the things we're gonna, we're gonna talk about this survey that you guys had done by an independent firm has a lot of great data. I want to unpack that, but one of the things that was mentioned in there, and I'll get, I wanna get your both reaction to this is that virtually all organizations are committing to the public cloud. Okay. I think it was like 96% or so was the stat. And if you combine in that, the fact that the edge is expanding, the cloud model is evolving at the edge. So for instance, a building, there's a lot behind it. You know, how far does it go? So we don't and, and what is the topology because the topology seem to change too. So there's this growth and change where we need cloud operations, DevOps at, at the edge and the security, but it's changing. It's not pure cloud, but it's cloud. It has to be compatible. What's your reaction to that, Tim? I mean, this is, this is a big part of the growth of industrial. >>Yeah. I think, you know, if you think about, there's kind of two exciting developments that I would think of, you know, obviously there's this increase to the surface area, the tax surface areas, people realize, you know, it's not just laptops and devices and, and people that you're trying to secure, but now they're, you know, refrigerators and, you know, robots and manufacturing floors that, you know, could be compromised, have their firmware updated or, you know, be ransomware. So this a huge kind of increase in surface area. But a lot of those, you know, industrial devices, weren't built around the concept with network security. So kind of bolting on, on thinking through how can you secure who and what ultimately has access to those, to those devices and things. And where is the control framework? So to your point, the control framework now is typically migrated now into public cloud. >>These are custom applications, highly distributed, highly available, very modular. And then, you know, so how do you, you know, collect the telemetry or control information from these things. And then, you know, it creates secure connections back into these, these control applications, which again, are now migrated to public cloud. So you have this challenge, you know, how do you secure? We were talking about this last time we discussed, right. So how do you secure the infrastructure that I've, I've built in deploying now, this control application and in public cloud, and then connect in with this, this physical presence that I have with these, you know, industrial devices and taking telemetry and control information from those devices and bringing it back into the management. And this kind marries again, back into the remote axis that Sunan was mentioning now with this increase awareness around the efficacy of ransomware, we are, you know, we're definitely seeing attackers going after the management frameworks, which become very vulnerable, you know, and they're, they're typically just unprotected web applications. So once you get control of the management framework, regardless of where it's hosted, you can start moving laterally and, and causing some damage. >>Yeah. That seems to be the common thread. So no talk about, what's your reaction to that because, you know, zero trust, if it's evolving and changing, you, you gotta have zero trust you. I didn't even know it's out there and then it gets connected. How do you solve that problem? Cuz you know, there's a lot of surface area that's evolving all the OT stuff and the new, it, what's the, what's the perspective and posture that the clients your clients are having and customers. Well, >>I, I think they're having this conversation about further mobilizing identity, right? We did start with, you know, user identity that become kind of the first foundational building block for any kind of zero trust implementation. You work with, you know, some sort of SSO identity provider, you get your, you sync with your user directories, you have a single social truth for all your users. >>You authenticate them through an identity provider. However that didn't quite cut it for industrial OT and OT environments. So you see like we have the concept of hardware machines, machine identities now become an important construct, right? The, the legacy notion of being able to put controls and, and, and, and rules based on network constructs doesn't really scale anymore. Right? So you need to have this concept of another abstraction layer of identity that belongs to a service that belongs to an application that belongs to a user that belongs to a piece of hardware. Right. And then you can, yeah. And then you can build a lot more, of course, scalable controls that basically understand the, the trust relation between these identities and enforce that rather than trying to say this internal network can talk to this other internal network through a, through a network circuit. No, those things are really, are not scalable in this new distributed landscape that we live in today. So identity is basically going to operationalize zero trust and a lot more secure access going forward. >>And that's why we're seeing the sassy growth. Right. That's a main piece of it. Is that what you, what you're seeing too? I mean, that seems to be the, the approach >>I think like >>Go >>Ahead to, yeah. I think like, you know, sassy to me is really about, you know, migrating and moving your security infrastructure to the cloud edge, you know, as we talked to the cloud, you know, and then, you know, do you funnel all ingress and egress traffic through this, you know, which is potentially an anti pattern, right? You don't wanna create, you know, some brittle constraint around who and what has access. So again, a security best practices, instead of doing all your enforcement in one place, you can distribute and push your controls out as far to the edge. So a lot of SASI now is really around centralizing policy management, which is the big be one of the big benefits is instead of having all these separate management plans, which always difficult to be very federated policy, right? You can consolidate your policy and then decide mechanism wise how you're gonna instrument those controls at the edge. >>So I think that's the, the real promise of, of the, the sassy movement and the, I think the other big piece, which you kind of touched on earlier is around analytics, right? So it creates an opportunity to collect a whole bunch of telemetry from devices and things, behavior consumption, which is, which is a big, common, best practice around once you have SA based tools that you can instrument in a lot of visibility and how users and devices are behaving in being operated. And to Syon point, you can marry that in with their identity. Yeah. Right. And then you can start building models around what normal behavior is and, you know, with very fine grain control, you can, you know, these types of analytics can discover things that humans just can't discover, you know, anomalous behavior, any kind of indicators are compromised. And those can be, you know, dynamic policy blockers. >>And I think sun's point about what he was talking about, talks about the, the perimeters no longer secure. So you gotta go to the new way to do that. Totally, totally relevant. I love that point. Let me ask you guys a question on the, on the macro, if you don't mind, how concerned are you guys on the current threat landscape in the geopolitical situation in terms of the impact on industrial IOT in this area? >>So I'll let you go first. Yeah. >>I mean, it's, it's definitely significantly concerning, especially if now with the new sanctions, there's at least two more countries being, you know, let's say restricted to participate in the global economic, you know, Mar marketplace, right? So if you look at North Korea as a pattern, since they've been isolated, they've been sanctioned for a long time. They actually double down on rents somewhere to even fund state operations. Right? So now that you have, you know, BES be San Russia being heavily sanctioned due to due to their due, due to their activities, we can envision more increase in ransomware and, you know, sponsoring state activities through illegal gains, through compromising, you know, pipelines and, you know, industrial, you know, op operations and, and seeking large payouts. So, so I think the more they will, they're ized they're pushed out from the, from the global marketplace. There will be a lot more aggression towards critical infrastructure. >>Oh yeah. I think it's gonna ignite more action off the books, so to speak as we've seen. Yeah. We've >>Seen, you know, another point there is, you know, Barracuda also runs a, a backup, you know, product. We do a, a purpose built backup appliance and a cloud to cloud backup. And, you know, we've been running this service for over a decade. And historically the, the amount of ransomware escalations that we got were very slow, you know, is whenever we had a significant one, helping our customers recover from them, you know, you know, once a month, but over the last 18 months, this is routine now for us, this is something we deal with on a daily basis. And it's becoming very common. You know, it's, it's been a well established, you know, easily monetized route to market for the bad guys. And, and it's being very common now for people to compromise management planes, you know, they use account takeover. And the first thing they're doing is, is breaking into management planes, looking at control frameworks. And then first thing they'll do is delete, you know, of course the backups, which this sort of highlights the vulnerability that we try to talk to our customers about, you know, and this affects industrial too, is the first thing you have to do is among other things, is, is protect your management planes. Yeah. And putting really fine grain mechanisms like zero trust is, is a great, >>Yeah. How, how good is backup, Tim, if you gets deleted first is like no backup. There it is. So, yeah. Yeah. Air gaping. >>I mean, obviously that's kinda a best practice when you're bad guys, like go in and delete all the backups. So, >>And all the air gaps get in control of everything. Let me ask you about the, the survey pointed out that there's a lot of security incidents happening. You guys pointed that out and discussed a little bit of it. We also talked about in the survey, you know, the threat vectors and the threat landscape, the common ones, ransomware was one of them. The area that I liked, what that was interesting was the, the area that talked about how organizations are investing in security and particularly around this, can you guys share your thoughts on how you see the, the market, your customers and, and the industry investing? What are they investing in? What stage are they in when it comes to IOT and OT, industrial IOT and OT security, do they do audits? Are they too busy? I mean, what's the state of their investment thesis progress of, of, of how they're investing in industrial IOT? >>Yeah. Our, our view is, you know, we have a next generation product line. We call, you know, our next, our cloud chain firewalls. And we have a form factor that sports industrial use cases we call secure connectors. So it's interesting that if you, what we learned from that business is a tremendous amount of bespoke efforts at this point, which is sort of indicative of a, of a nascent market still, which is related to another piece of information I thought was really interested in the survey that I think it was 93% of the, the participants, the enterprises had a failed OT initiative, you know, that, you know, people tried to do these things and didn't get off the ground. And then once we see build, you know, strong momentum, you know, like we have a, a large luxury car manufacturer that uses our secure connectors on the, on the robots, on the floor. >>So well established manufacturing environments, you know, building very sophisticated control frameworks and, and security controls. And, but again, a very bespoke effort, you know, they have very specific set of controls and specific set of use cases around it. So it kind of reminds me of the late nineties, early two thousands of people trying to figure out, you know, networking and the blast radi and networking and, and customers, and now, and a lot of SI are, are invested in this building, you know, fast growing practices around helping their customers build more robust controls in, in helping them manage those environments. So, yeah, I, I think that the market is still fairly nascent >>From what we seeing, right. But there are some encouraging, you know, data that shows that at least helpful of the organizations are actively pursuing. There's an initiative in place for OT and a, you know, industrial IOT security projects in place, right. They're dedicating time and resources and budget for this. And, and in, in regards to industries, verticals and, and geographies oil and gas, you know, is, is ahead of the curve more than 50% responded to have the project completed, which I guess colonial pipeline was the, you know, the call to arms that, that, that was the big, big, you know, industrial, I guess, incident that triggered a lot of these projects to be accelerating and, and, you know, coming to the finish line as far as geographies go DACA, which is Germany, Austria, Switzerland, and of course, north America, which happens to be the industrial powerhouses of, of the world. Well, APAC, you know, also included, but they're a bit behind the curve, which is, you know, that part is a bit concerning, but encouragingly, you know, Western Europe and north America is ahead of these, you know, projects. A lot of them are near completion or, or they're in the middle of some sort of an, you know, industrial IOT security project right >>Now. I'm glad you brought the colonial pipeline one and, and oil and gas was the catalyst. Again, a lot of, Hey, scared that better than, than me kinda attitude, better invest. So I gotta ask you that, that supports Tim's point about the management plane. And I believe on that hack or ransomware, it wasn't actually control of the pipeline. It was control over the management billing, and then they shut down the pipeline cuz they were afraid it was gonna move over. So it wasn't actually the critical infrastructure itself to your point, Tim. >>Yeah. It's hardly over the critical infrastructure, by the way, you always go through the management plane, right. It's such an easier lying effort to compromise because it runs on an endpoint it's standard endpoint. Right? All this control software will, will be easier to get to rather than the industrial hardware itself. >>Yeah. It's it's, it's interesting. Just don't make a control software at the endpoint, put it zero trust. So down that was a great point. Oh guys. So really appreciate the time and the insight and, and the white paper's called NETEC it's on the Barracuda. Netex industrial security in 2022. It's on the barracuda.com website Barracuda network guys. So let's talk about the read force event hasn't been around for a while cuz of the pandemic we're back in person what's changed in 2019 a ton it's like security years is not dog years anymore. It's probably dog times too. Right. So, so a lot's gone on where are we right now as an industry relative to the security cybersecurity. Could you guys summarize kind of the, the high order bit on where we are today in 2022 versus 2019? >>Yeah, I think, you know, if you look at the awareness around how to secure infrastructure in applications that are built in public cloud in AWS, it's, you know, exponentially better than it was. I think I remember when you and I met in 2018 at one of these conferences, you know, there were still a lot of concerns, whether, you know, IAS was safe, you know, and I think the amount of innovation that's gone on and then the amount of education and awareness around how to consume, you know, public cloud resources is amazing. And you know, I think that's facilitated a lot of the fast growth we've seen, you know, the consistent, fast growth that we've seen across all these platforms >>Say that what's your reaction to the, >>I think the shared responsibility model is well understood, you know, and, and, and, and we can see a lot more implementation around, you know, CSBM, you know, continuously auditing the configurations in these cloud environments become a, a standard table stake, you know, investment from every stage of any business, right? Whether from early state startups, all the way to, you know, public companies. So I think it's very well understood and, and the, and the investment has been steady and robust when it comes to cloud security. We've been busy, you know, you know, helping our customers and AWS Azure environments and, and others. So I, I think it's well understood. And, and, and we are on a very optimistic note actually in a good place when it comes to public cloud. >>Yeah. A lot of great momentum, a lot of scale and data act out there. People sharing data, shared responsibility. Tim is in, thank you for sharing your insights here in this cube segment coverage of reinforce here in Boston. Appreciate it. >>All right. Thanks for having >>Us. Thank you. >>Okay, everyone. Thanks for watching the we're here at the reinforced conference. AWS, Amazon web services reinforced. It's a security focused conference. I'm John furier host of the cube. We'd right back with more coverage after the short break.

hey everyone this is thecube's live coverage from los angeles of kubecon and cloud native con north america 21 lisa martin with dave nicholson we're going to be talking with the founder and ceo next of cloudnatics rohit seth rohit welcome to the program thank you very much lisa pleasure to meet you good to meet you too welcome so tell the the audience about cloudnatics what you guys do when you were founded and what was the gap in the market that you saw that said we need a solution so just to start uh cloud9x was started in 2019 by me and the reason for starting cloud netex was as i was starting to look at the cloud adoption and how enterprises are kind of almost blindly jumping on this cloud bandwagon i started reading what are the key challenges the market is facing and it started resonating with what i saw in google 15 years before when i joined google the first thing i noticed was of course the scale would just overwhelm anyone but at the same time how good they are utilized at that scale was the key that i was starting to look for and over the next couple of months i did all the scripting and such with my teams and found out that lower teens is the utilization of their computers servers and uh lower utilization means if you're spending a billion dollars you're basically wasting the major portion of that and a tech savvy company like google if that's a state of affair you can imagine what would be happening in other companies so in any case we actually now started work at that time started working on a technology so that more groups more business units could share the same machine in a efficient fashion and that's what led to the invention of containers over the next six years we rolled out containers across the whole google fleet the utilization went up at least three times right fast forward 15 years and you start reading 125 billion dollars are spent on a cloud and 60 billion dollars of waste someone would say 90 billion dollars a waste you know what i don't care whether 60 or 90 billion is a very large number and if tech savvy company google couldn't fix it on its own i bet you it it's not an easy problem for enterprises to fix it so we i started talking to several executives in the valley about is this problem for real or not the worst thing that i found was not only they didn't know how bad the problem was they actually didn't have any means to find out how bad the problem could be right one cfo just ran like headless chicken for about two months to figure out okay i know i'm spending this much but where is that spend going so i started kind of trading those waters and i started saying okay visibility is the first thing that we need to provide to the end customer saying that listen it doesn't need to be rocket science for you to figure out how much is your marketing spending how much your different business units so the first line of action is basically give them the visibility that they need to make the educated business decisions about how good or how bad they are doing their operations once they have the visibility the next thing is what to do if there is a waste there are a thousand different type of vms on aws alone people talk about complexity on multi-cloud hybrid cloud and that's all right but even on a single cloud you have thousand vms the heterogeneity of the vms with dynamic pricing that changes every so often is a killer and so and so rohit when you talk about driving levels of efficiency you're not just you're not just talking about abstraction versus bare metal utilization you're talking about even in environments that have used sort of traditional virtualization yes okay absolutely i think all clouds run in vms but within vms sometimes you have containers sometimes you don't have containers if you don't have containers there is no way for you to securely have a protagonist and antagonist job running on the same machines so containers basically came to the world just so that different applications could share the same resources in a meaningful fashion we are basically extending that landscape to to the enterprises so that that utilization benefit exists for everyone right so first of first order business for cloud natick is basically provide them the visibility on how well or bad they are doing the second is to give them the recommendation if you are not doing well what to do about it to do well and we can actually slice and dice the data based on what is important for you okay we don't tell you that these are the dimensions that you should be looking at of course we have our recommendations but we actually want you to figure out basically do you want to look at your marketing organization or your engineering organization or your product organization to see where they are spending money and you can slice and match that data according and we'll give you recommendations for those organizations but now you have the visibility now you have the recommendations but then what right if you ask a cubernities administrator to go and apply those recommendations i bet you the moment you have more than five cluster which is a kind of a very ordinary thing it'll take at least two hours just to figure out how to go from where you are to be able to log in and to be able to apply those recommendations and then changing back the ci cd pipelines and asking your developers to be cognizant about your resources next time is a month-long ordeal no one follows it that's why those recommendations falls on deaf ears most of the time what we do is we give you the choice you want to apply those recommendations manually or you can put the whole system on autopilot in which case once you have enough confidence in cloud native platform we will actually apply those recommendations for you dynamically on the fly as your workloads are increasing or decreasing in utilization and where are your customer conversations happening you mentioned the cfl you mentioned the billions in cloud waste where do you start having these conversations within an organization because clearly you mentioned marketing services you can give them that visibility across the organization who are you talking to within these customers so we start with mostly the cios ctos vp of engineering but it's very interesting we say it's a waste and i think the waste is most more of an effect than a cause the real cause is the complexity and who is having the complexity is the devops and the developers so in 99 of our customer interactions we basically start from cios and ctos but very soon we have these conversations over a week with developers and devops leads also sitting in the room saying that but this is a challenge on why i cannot do this so what we have done is to address the real cause and waste aspect of cloud computing we have we have what we call the management console through which we reduce the complexity of kubernetes operations themselves so think about how you can log into a crashing pod within two minutes rather than two hours right and this is where cloud native start differentiating from the rest of the competition out there because we provide you not only or do this recommendation do this right sizing of vm here or there but this is how you structurally fix the issue going forward right i'm not going to tell you that your containers are not going to crash loop their failures are regular part of distributed systems how you deal with them how you debug them and how you get it back up and running is a core integral part of how businesses get run that's what we provide in cloud natives platform a lot of this learning that we have is actually coming from our experience in hyperscalers we have a chief architect who is also from google he was a dl of a technology called borg and then we have sonic who was the head of products at mesosphere before so we understand what it takes for an enterprise who's primarily coming from on-prem or even the companies that are starting from cloud to scale in cloud often you hear this trillion dollar paradoxes that hey you're stupid if you don't start from cloud and you're stupid if you scale at cloud we are saying that if you're really careful about how you function on cloud it has a value prop that can actually take you to the web scalar heights without even blinking twice can you share an example of one of your favorite customer stories absolutely even by industry only where you've really shown them tremendous value in savings absolutely so a couple of discussions that happened that led like oh but we are we have already spent a team of four people trying to optimize our operations over the last year and we said that's fine uh you know what our onboarding exercise takes only 20 minutes right let's do the onboarding in about a week we will tell you if we could save you any money or not and put your best devops on this pov prove a value exercise to see if it actually help their daily life in terms of operations or not this particular customer only has 30 clusters so it's not very small but it's not very big in terms of what we are seeing in the market first thing the maximum benefit or the cost optimization that they could do over the past year using some of the tools and using their own top-class engineering shots were about seven to ten percent within a week we told them 38 without even having those engineers spend more than two hours in that week we gave them the recommendations right another two weeks because they did not want to put it on autopilot just because it's a new platform in production within next two hours they were able to apply i think at least close to 16 recommendations to their platform to get that 37 improvement in cost what are some examples of of recommendations um obviously you don't want to reveal too much of the secret sauce behind the scene but but but you know what are some what are some classic recommendations that are made so some of them could be as low-hanging fruit as or you have not right sized your vms right this is what i call a lot of companies you would find that oh you have not right side but for us that's the lowest hanging code you go in and you can tell them that whether you have right size that thing or not but in kubernetes in particular if you really look at how auto scaling up and how auto scaling down happens and particularly when you get a global federated view of the number of losses that's where our secret sources start coming and that's where we know how to load balance and how to scale vertically up or how to scale horizontally within the cluster right those kind of optimization we have not seen anywhere in the market so far and that's where the most of the value prop that our customers are seeing kind of comes out and it doesn't take uh too much time i think within a week we have enough data to to say that this service that has thousands of containers could benefit by about this much and just to kind of give you i wouldn't be able to go into the specific dollar numbers here but we are talking in at least a 5 million ish kind of a range of a spend for this cluster and think about it 37 of that if we could save that that kind of money is a real money that not only helps you save your bottom line but at that level you're actually impacting your top line of the business as well sure right that's our uh value crop that we are going to go in and completely automate you're not going to look for devops that don't exist anymore to hire one of the key challenges i'm pretty sure that you must have already heard 86 percent of businesses are not able to hire the devops and they want to hire 86 percent what happens when you don't have that devops that you want to have your existing devops want to move as fast cutting corners sometimes not because they don't know anywhere but just because there's so much pressure to do so much more they don't scale when things become brittle that's when um the fragility of the system comes up and when the demand goes up that's when the systems break but you're not prepared for that breakage just because you have not really done the all the things that you would have done if you had all the time that you needed to do the right thing it sounds like some of the microservices that are in containers that are that run the convention center here have just crashed i think it's gone hopefully the background noise didn't get picked up too much yeah but you're the so the the time to value the roi that you're able to deliver to customers is significant yes you talked about that great customer use case are there any kind of news or announcements anything that you want to kind of share here that folks can can be like looking forward to without the index absolutely so two things even though this is kubecon and everyone is focused on kubernetes kubernetes is still only about three to five percent of enterprise market okay we differentiate ourselves by saying that it doesn't matter whether you're running kubernetes or you're in running legacy vms we will come on board in your environment without you making a single line of change in less than 20 minutes and either we give you the value prop in one week or we don't all right that's number one number two we have a webinar coming on november 3rd uh please go to cloudnetix.com and subscribe or sign up for that webinar sonic and i will be presenting that webinar giving you the value proposition going through some use cases that oh we have seen with our customers so far so that we can actually educate the broader audience and let them know about this beautiful platform i think that my team has built up here all right cloudnatics.com rohit thank you for joining us sharing with us what you're doing at cloud natives why you founded the company and the tremendous impact and roi that you're able to give to your customers we appreciate learning more about the technology thank you so much and i really believe that cloud is here for stay for a long long time it's a trillion dollar market out there and if we do it right i do believe we will accelerate the adoption of cloud even further than what we have seen so far so thanks a lot lisa it's been a pleasure nice to meet you it's a pleasure we want to thank you for watching for dave nicholson lisa martin coming to you live from los angeles we are at kubecon cloudnativecon north america 21. dave and i will be right back with our next guest thank you you