(soft electronic music) >> Welcome to this special CUBE Conversation. I'm John Furrier here, in theCUBE's Palo Alto studio. We're here, remotely, with Nick Halsey who's the CEO of OKERA, hot startup doing amazing work in cloud, cloud data, cloud security, policy governance as the intersection of cloud and data comes into real stable operations. That's the number one problem. People are figuring out, right now, is how to make sure that data's addressable and also secure and can be highly governed. So Nick, great to see you. Thanks for coming on theCUBE. >> It's great to be here, John, thank you. >> So you guys have a really hot company going on, here, and you guys are in an intersection, an interesting spot as the market kind of connects together as cloud is going full, kind of, whatever, 3.0, 4.0. You got the edge of the network developing with 5G, you've got space, you've got more connection points, you have more data flowing around. And the enterprises and the customers are trying to figure out, like, okay, how do I architect this thing. And oh, by the way, I got a, like all these compliance issues, too. So this is kind of what you could do. Take a minute to explain what your company's doing. >> Yeah, I'm happy to do that, John. So we're introduced a new category of software that we call universal data authorization or UDA which is really starting to gain some momentum in the market. And there're really two critical reasons why that happening. People are really struggling with how do I enable my digital transformation, my cloud migration while at the same time making sure that my data is secure and that I'm respecting the privacy of my customers, and complying with all of these emerging regulations around data privacy like GDPR, CCPA, and that alphabet soup of regulations that we're all starting to become aware of. >> I want to ask about the market opportunity because, you know, one of the things we see and the cloud covers normal conversations like, "Hey, modern applications are developing." We're starting to see cloud-native. You're starting to see these new use cases so you're starting to see new expectations from users and companies which creates new experiences. And this is throwing off all kinds of new, kinds of data approaches. And a lot of people are scratching their head and they feel like do they slow it down, they speed it up? Do I get a hold of the compliance side first? Do I innovate? So it's like a real kind of conflict between the two. >> Yeah, there's a real tension in most organizations. They're trying to transform, be agile, and use data to drive that transformation. But there's this explosion of the volume, velocity, and variety of data, we've all heard about the three Ds, we'll say there're five Ds. You know, it's really complicated. So you've got the people on the business side of the house and the Chief Data Officer who want to enable many more uses of all of these great data assets. But of course, you've got your security teams and your regulatory and compliance teams that want to make sure they're doing that in the right way. And so you've got to build a zero-trust infrastructure that allows you to be agile and be secure at the same time. And that's why you need universal data authorization because the old manual ways of trying to securely deliver data to people just don't scale in today's demanding environments. >> Well I think that's a really awesome approach, having horizontally scalable data. Like infrastructure would be a great benefit. Take me through what this means. I'd like to get you to define, if you don't mind, what is universal data authorization. What is the definition? What does that mean? >> Exactly and people are like, "I don't understand security. "I do data over here and privacy, "well I do that over here." But the reality is you really need to have the right security platform in order to express your privacy policies, right. And so in the old days, we used to just build it into the database, or we'd build it into the analytic tools. But now, we have too much data in too many platforms in too many locations being accessed by too many, you know, BI applications and A-I-M-L data apps and so you need to centralize the policy definition and policy enforcement so that it can be applied everywhere in the organization. And the example I like to give, John, is we are just like identity access management. Why do I need Okta or Sale Point, or one of those tools? Can't I just log in individually to, you know, SalesForce or to GitHub or? Sure, you can but once you have 30 or 40 systems and thousands of users, it's impossible to manage your employee onboarding and off-boarding policy in a safe and secure way. So you abstract it and then you centralize it and then you can manage and scale it. And that's the same thing you do with OKERA. We do all of the security policy enforcement for all of your data platforms via all of your analytic tools. Anything from Tableau to Databricks to Snowflake, you name it, we support those environments. And then as we're applying the security which says, "Oh, John is allowed access to this data in this format "at this time," we can also make sure that the privacy is governed so that we only show the last four digits of your social security number, or we obfuscate your home address. And we certainly don't show them your bank balance, right? So you need to enable the use of the data without violating the security and privacy rights that you need to enforce. But you can do both, with our customers are doing at incredible scale, then you have sort of digital transformation nirvana resulting from that. >> Yeah, I mean I love what you're saying with the scale piece, that's huge. At AWS's Reinforce Virtual Conference that they had to run because the event was canceled due to the Delta COVID surge, Stephen Schmidt gave a great keynote, I called it a master class, but he mainly focused on cyber security threats. But you're kind of bringing that same architectural thinking to the data privacy, data security piece. 'Cause it's not so much you're vulnerable for hacking, it's still a zero-trust infrastructure for access and management, but-- >> Well you mean you need security for many reasons. You do want to be able to protect external hacks. I mean, every week there's another T-Mobile, you know, you name it, so that's... But 30% of data breaches are by internal trusted users who have rights. So what you needed to make sure is that you're managing those rights and that you're not creating any long tails of data access privilege that can be abused, right? And you also need, one of the great benefits of using a platform like OKERA, is we have a centralized log of what everybody is doing and when, so I could see that you, John, tried to get into the salary database 37 times in the last hour and maybe we don't want to let you do that. So we have really strong stakeholder constituencies in the security and regulatory side of the house because, you know, they can integrate us with Splunk and have a single pane of glass on, weird things are happening in the network and there's, people are trying to hit these secure databases. I can really do event correlation and analysis, I can see who's touching what PII when and whether it's authorized. So people start out by using us to do the enforcement but then they get great value after they've been using us for a while, using that data, usage data, to be able to better manage their environments. >> It's interesting, you know, you bring up the compliance piece as a real added value and I wasn't trying to overlook it but it brings up a good point which is you have, you have multiple benefits when you have a platform like this. So, so take me through like, who's using the product. You must have a lot of customers kicking the tires and adopting it because architecturally, it makes a lot of sense. Take me through a deployment of what it's like in the customer environment. How are they using it? What is some of the first mover types using this approach? And what are some of the benefits they might be realizing? >> Yeah, as you would imagine, our early adopters have been primarily very large organizations that have massive amounts of data. And they tend also to be in more regulated industries like financial services, biomedical research and pharmaceuticals, retail with tons of, you know, consumer information, those are very important. So let me give you an example. We work with one of the very largest global sports retailers in the world, I can't use their name publicly, and we're managing all of their privacy rights management, GDPR, CCPA, worldwide. It's a massive undertaking. Their warehouse is over 65 petabytes in AWS. They have many thousands of users in applications. On a typical day, an average day OKERA is processing and governing six trillion rows of data every single day. On Black Friday, it peaked over 10 trillion rows of data a day, so this is scale that most people really will never get to. But one of the benefits of our architecture is that we are designed to be elastically scalable to sort of, we actually have a capability we call N scale because we can scale to the Nth degree. We really can go as far as you need to in terms of that. And it lets them do extraordinary things in terms of merchandising and profitability and market basket analysis because their teams can work with that data. And even though it's governed and redacted and obfuscated to maintain the individuals' privacy rights, we still let them see the totality of the data and do the kind of analytics that drive the business. >> So large scale, big, big customer base that wants scale, some, I'll say data's huge. What are some of the largest data lakes that you guys have been working with? 'Cause sometimes you hear people saying our data lakes got zettabytes and petabytes of content. What are some of the, give us a taste of the order of magnitude of some of the size of the data lakes and environments that your customers were able to accomplish. >> I want to emphasize that this is really important no matter what size because some of our customers are smaller tech-savvy businesses that aren't necessarily processing huge volumes of data, but it's the way that they are using the data that drives the need for us. But having said that, we're working with one major financial regulator who has a data warehouse with over 200 petabytes of data that we are responsible for providing the governance for. And one thing about that kind of scale that's really important, you know, when you want to have everybody in your organization using data at that scale, which people think of as democratizing your data, you can't just democratize the data, you also have to democratize the governance of the date, right? You can't centralize policy management in IT because then everybody who wants access to the data still has to go back to IT. So you have to make it really easy to write policy and you have to make it very easy to delegate policy management down to the departments. So I need to be able to say this person in HR is going to manage these 50 datasets for those 200 people. And I'm going to delegate the responsibility to them but I'm going to have centralized reporting and auditing so I can trust but verify, right? I can see everything they're doing and I can see how they are applying policy. And I also need to be able to set policy at the macro level at the corporate level that they inherit so I might just say I don't care who you are, nobody gets to see anything but the last four digits of your social security number. And they can do further rules beyond that but they can't change some of the master rules that you're creating. So you need to be able to do this at scale but you need to be able to do it easily with a graphical policy builder that lets you see policy in plain English. >> Okay, so you're saying scale, and then the more smaller use cases are more refined or is it more sensitive data? Regulated data? Or more just levels of granularity? Is that the use case? >> You know, I think there's two things that are really moving the market right now. So the move to remote work with COVID really changed everybody's ideas about how do you do security because you're no longer in a data center, you no longer have a firewall. The Maginot Line of security is gone away and so in a zero-trust world, you know, you have to secure four endpoints: the data, the device, the user, and the application. And so this pretty radical rethinking of security is causing everybody to think about this, big, small, or indifferent. Like, Gartner just came out with a study that said by 2025 75% of all user data in the world is going to be governed by privacy policy. So literally, everybody has to do this. And so we're seeing a lot more tech companies that manage data on behalf of other users, companies that use data as a commodity, they're transacting data. Really, really understand the needs for this and when you're doing data exchange between companies that is really delicate process that have to be highly governed. >> Yeah, I love the security redo. We asked Pat Gelsinger many, many years ago when he was a CEO of VMware what we thought about security and Dave Allante, my co-host at theCUBE said is it a do-over? He said absolutely it's a do-over. I think it was 2013. He mused around that time frame. It's kind of a do-over and you guys are hitting it. This is a key thing. Now he's actually the CEO of Intel and he's still driving forward. Love Pat's vision on this early, but this brings up the question okay, if it's a do-over and these new paradigms are existing and you guys are building a category, okay, it's a new thing. So I have to ask you, I'm sure your customers would say, "Hey, I already got that in another platform." So how do you address that because when you're new you have to convince the customer that this is a new thing. Like, I don't-- >> So, so look, if somebody is still running on Teradata and they have all their security in place and they have a single source of the truth and that's working for them, that's great. We see a lot of our adoption happening as people go on their cloud transformation journey. Because I'm lifting and shifting a lot of data up into the cloud and I'm usually also starting to acquire data from other sources as I'm doing that, and I may be now streaming it in. So when I lift and shift the data, unfortunately, all of the security infrastructure you've built gets left behind. And so a lot of times, that's the forcing function that gets people to realize that they have to make a change here, as well. And we also find other characteristics like, people who are getting proactive in their data transformation initiatives, they'll often hire a CDO, they'll start to use modern data cataloging tools and identity access management tools. And when we see people adopting those things, we understand that they are on a journey that we can help them with. And so we partner very closely with the catalog vendors, with the identity access vendors, you know, with many other parts of the data lake infrastructure because we're just part of the stack, right? But we are the last mile because we're the part of the stack that lets the user connect. >> Well I think you guys are on a wave that's massive and I think it's still, it's going to be bigger coming forward. Again, when you see categories being created it's usually at the beginning of a bigger wave. And I got to ask you because one thing's I've been really kind of harping on on theCUBE and pounding my fist on the table is these siloed approaches. And you're seeing 'em everywhere, I mean, even in the consumer world. LinkedIn's a silo. Facebook's a silo. So you have this siloed mentality. Certainly in the enterprise they're no stranger to silos. So if you want to be horizontally scalable with data you've got to have it free, you've got to break the silos. Are we going to get there? Is this the beginning? Are we breaking down the silos, Nick, or is this the time or what's your reaction to that? >> I'll tell you something, John. I have spent 30 years in the data and analytics business and I've been fortunate enough to help launch many great BI companies like Tableau and Brio Software, and Jaspersoft and Alphablocks we were talking about before the show. Every one of those companies would have been much more successful if they had OKERA because everybody wanted to spread those tools across the organization for better, more agile business analytics, but they were always held back by the security problem. And this was before privacy rights were even a thing. So now with UDA and I think hand-in-hand with identity access management, you truly have the ability to deliver analytic value at scale. And that's key, you need simplicity at scale and that is what lets you let all parts of your organization be agile with data and use it to transform the business. I think we can do that, now. Because if you run in the cloud, it's so easy, I can stand up things like Hadoop in, you know, like Databricks, like Snowflake. I could never do that in my on-prem data center but I can literally press a button and have a very sophisticated data platform, press a button, have OKERA, have enforcement. Really, almost any organization can now take advantage of what only the biggest and most sophisticated organizations use to be able to do it. >> I think Snowflake's an example for all companies that you could essentially build in the shadows of the big clouds and build your own franchise if you nail the security and privacy and that value proposition of scale and good product. So I got, I love this idea of security and privacy managed to a single platform. I'd love to get your final thought while I got you here, on programmability because I'm seeing a lot of regulators and people in the privacy world puttin' down all these rules. You got GDPR and I want to write we forgot and I got all these things... There's a trend towards programmability around extraction of data and managing data where just a simple query could be like okay, I want to know what's goin' on with my privacy and we're a media company and so we record a lot of data too, and we've got to comply with all these like, weird requests, like hey, can you, on June 10th, I want, can you take out my data? And so that's programmatic, that's not a policy thing. It's not like a lawyer with some privacy policy. That's got to be operationalized. So what's your reaction to that as this world starts to be programmable? >> Right, well that's key to our design. So we're an API first approach. We are designed to be a part of a very sophisticated mesh of technology and data so it's extremely simple to just call us to get the information that you need or to express a policy on the fly that might be created because of the current state-based things that are going on. And that's very, very important when you start to do real-time applications that require geo-fencing, you're doing 5G edge computing. It's a very dynamic environment and the policies need to change to reflect the conditions on the ground, so to speak. And so to be callable, programmable, and betable, that is an absolutely critical approach to implementing IUDA in the enterprise. >> Well this is super exciting, I feel you guys are on, again, a bigger wave than it appears. I mean security and privacy operating system, that's what you guys are. >> It is. >> It is what it is. Nick, great to chat with you. >> Couldn't have said it better. >> I love the category creation, love the mojo and I think you guys are on the right track. I love this vision merging data security policy in together into one to get some enablement and get some value creation for your customers and partners. Thanks for coming on to theCUBE. I really appreciate it. >> Now, it's my pleasure and I would just give one piece of advice to our listeners. You can use this everywhere in your organization but don't start with that. Don't boil the ocean, pick one use case like the right to be forgotten and let us help you implement that quickly so you can see the ROI and then we can go from there. >> Well I think you're going to have a customer in theCUBE. We will be calling you. We need this. We've done a lot of digital events now with the pandemic, so locked data that we didn't have to deal with before. But thanks for coming on and sharing, appreciate it. OKERA, hot startup. >> My pleasure, John and thank you so much. >> So OKERA conversation, I'm John Furrier here, in Palo Alto. Thanks for watching. (soft electronic music)

(cheerful music) >> Hello everyone, welcome to today's session of theCUBE's presentation of AWS Startup Showcase, New Breakthroughs in DevOps, Data Analytics, Cloud Management Tools, featuring Okera from the cloud management migration track. I'm John Furrier, your host. We've got two great special guests today, Nong Li, founder and CTO of Okera, and Sanjeev Mohan, principal @SanjMo, and former research vice president of big data and advanced analytics at Gartner. He's a legend, been around the industry for a long time, seen the big data trends from the past, present, and knows the future. Got a great lineup here. Gentlemen, thank you for this, so, life in the trenches, lessons learned across compliance, cloud migration, analytics, and use cases for Fortune 1000s. Thanks for joining us. >> Thanks for having us. >> So Sanjeev, great to see you, I know you've seen this movie, I was saying that in the open, you've at Gartner seen all the visionaries, the leaders, you know everything about this space. It's changing extremely fast, and one of the big topics right out of the gate is not just innovation, we'll get to that, that's the fun part, but it's the regulatory compliance and audit piece of it. It's keeping people up at night, and frankly if not done right, slows things down. This is a big part of the showcase here, is to solve these problems. Share us your thoughts, what's your take on this wide-ranging issue? >> So, thank you, John, for bringing this up, and I'm so happy you mentioned the fact that, there's this notion that it can slow things down. Well I have to say that the old way of doing governance slowed things down, because it was very much about control and command. But the new approach to data governance is actually in my opinion, it's liberating data. If you want to democratize or monetize, whatever you want to call it, you cannot do it 'til you know you can trust said data and it's governed in some ways, so data governance has actually become very interesting, and today if you want to talk about three different areas within compliance regulatory, for example, we all know about the EU GDPR, we know California has CCPA, and in fact California is now getting even a more stringent version called CPRA in a couple of years, which is more aligned to GDPR. That is a first area we know we need to comply to that, we don't have any way out. But then, there are other areas, there is insider trading, there is how you secure the data that comes from third parties, you know, vendors, partners, suppliers, so Nong, I'd love to hand it over to you, and see if you can maybe throw some light into how our customers are handling these use cases. >> Yeah, absolutely, and I love what you said about balancing agility and liberating, in the face of what may be seen as things that slow you down. So we work with customers across verticals with old and new regulations, so you know, you brought up GDPR. One of our clients is using this to great effect to power their ecosystem. They are a very large retail company that has operations and customers across the world, obviously the importance of GDPR, and the regulations that imposes on them are very top of mind, and at the same time, being able to do effective targeting analytics on customer information is equally critical, right? So they're exactly at that spot where they need this customer insight for powering their business, and then the regulatory concerns are extremely prevalent for them. So in the context of GDPR, you'll hear about things like consent management and right to be forgotten, right? I, as a customer of that retailer should say "I don't want my information used for this purpose," right? "Use it for this, but not this." And you can imagine at a very, very large scale, when you have a billion customers, managing that, all the data you've collected over time through all of your devices, all of your telemetry, really, really challenging. And they're leveraging Okera embedded into their analytics platform so they can do both, right? Their data scientists and analysts who need to do everything they're doing to power the business, not have to think about these kind of very granular customer filtering requirements that need to happen, and then they leverage us to do that. So that's kind of new, right, GDPR, relatively new stuff at this point, but we obviously also work with customers that have regulations from a long long time ago, right? So I think you also mentioned insider trading and that supply chain, so we'll talk to customers, and they want really data-driven decisions on their supply chain, everything about their production pipeline, right? They want to understand all of that, and of course that makes sense, whether you're the CFO, if you're going to make business decisions, you need that information readily available, and supply chains as we know get more and more and more complex, we have more and more integrated into manufacturing and other verticals. So that's your, you're a little bit stuck, right? You want to be data-driven on those supply chain analytics, but at the same time, knowing the details of all the supply chain across all of your dependencies exposes your internal team to very high blackout periods or insider trading concerns, right? For example, if you knew Apple was buying a bunch of something, that's maybe information that only a select few people can have, and the way that manifests into data policies, 'cause you need the ability to have very, very scalable, per employee kind of scalable data restriction policies, so they can do their job easier, right? If we talk about speeding things up, instead of a very complex process for them to get approved, and approved on SEC regulations, all that kind of stuff, you can now go give them access to the part of the supply chain that they need, and no more, and limit their exposure and the company's exposure and all of that kind of stuff. So one of our customers able to do this, getting two orders of magnitude, a 100x reduction in the policies to manage the system like that. >> When I hear you talking like that, I think the old days of "Oh yeah, regulatory, it kind of slows down innovation, got to go faster," pretty basic variables, not a lot of combination of things to check. Now with cloud, there seems to be combinations, Sanjeev, because how complicated has the regulatory compliance and audit environment gotten in the past few years, because I hear security in a supply chain, I hear insider threats, I mean these are security channels, not just compliance department G&A kind of functions. You're talking about large-scale, potentially combinations of access, distribution, I mean it seems complicated. How much more complicated is it now, just than it was a few years ago? >> So, you know the way I look at it is, I'm just mentioning these companies just as an example, when PayPal or Ebay, all these companies started, they started in California. Anybody who ever did business on Ebay or PayPal, guess where that data was? In the US in some data center. Today you cannot do it. Today, data residency laws are really tough, and so now these organizations have to really understand what data needs to remain where. On top of that, we now have so many regulations. You know, earlier on if you were healthcare, you needed to be HIPAA compliant, or banking PCI DSS, but today, in the cloud, you really need to know, what data I have, what sensitive data I have, how do I discover it? So that data discovery becomes really important. What roles I have, so for example, let's say I work for a bank in the US, and I decide to move to Germany. Now, the old school is that a new rule will be created for me, because of German... >> John: New email address, all these new things happen, right? >> Right, exactly. So you end up with this really, a mass of rules and... And these are all static. >> Rules and tools, oh my god. >> Yeah. So Okera actually makes a lot of this dynamic, which reduces your cloud migration overhead, and Nong used some great examples, in fact, sorry if I take just a second, without mentioning any names, there's one of the largest banks in the world is going global in the digital space for the first time, and they're taking Okera with them. So... >> But what's the point? This is my next topic in cloud migration, I want to bring this up because, complexity, when you're in that old school kind of data center, waterfall, these old rules and tools, you have to roll this out, and it's a pain in the butt for everybody, it's a hassle, huge hassle. Cloud gives the agility, we know that, and cloud's becoming more secure, and I think now people see the on-premise, certainly things that'd be on-premises for secure things, I get that, but when you start getting into agility, and you now have cloud regions, you can start being more programmatic, so I want to get you guys' thoughts on the cloud migration, how companies who are now lifting and shifting, replatforming, what's the refactoring beyond that, because you can replatform in the cloud, and still some are kind of holding back on that. Then when you're in the cloud, the ones that are winning, the companies that are winning are the ones that are refactoring in the cloud. Doing things different with new services. Sanjeev, you start. >> Yeah, so you know, in fact lot of people tell me, "You know, we are just going to lift and shift into the cloud." But you're literally using cloud as a data center. You still have all the, if I may say, junk you had on-prem, you just moved it into the cloud, and now you're paying for it. In cloud, nothing is free. Every storage, every processing, you're going to pay for it. The most successful companies are the ones that are replatforming, they are taking advantage of the platform as a service or software as a service, so that includes things like, you pay as you go, you pay for exactly the amount you use, so you scale up and scale down or scale out and scale in, pretty quickly, you know? So you're handling that demand, so without replatforming, you are not really utilizing your- >> John: It's just hosting. >> Yeah, you're just hosting. >> It's basically hosting if you're not doing anything right there. >> Right. The reason why people sometimes resist to replatform, is because there's a hidden cost that we don't really talk about, PaaS adds 3x to IaaS cost. So, some organizations that are very mature, and they have a few thousand people in the IT department, for them, they're like "No, we just want to run it in the cloud, we have the expertise, and it's cheaper for us." But in the long run, to get the most benefit, people should think of using cloud as a service. >> Nong what's your take, because you see examples of companies, I'll just call one out, Snowflake for instance, they're essentially a data warehouse in the cloud, they refactored and they replatformed, they have a competitive advantage with the scale, so they have things that others don't have, that just hosting. Or even on-premise. The new model developing where there's real advantages, and how should companies think about this when they have to manage these data lakes, and they have to manage all these new access methods, but they want to maintain that operational stability and control and growth? >> Yeah, so. No? Yeah. >> There's a few topics that are all (indistinct) this topic. (indistinct) enterprises moving to the cloud, they do this maybe for some cost savings, but a ton of it is agility, right? The motor that the business can run at is just so much faster. So we'll work with companies in the context of cloud migration for data, where they might have a data warehouse they've been using for 20 years, and building policies over that time, right? And it's taking a long time to go proof of access and those kind of things, made more sense, right? If it took you months to procure a physical infrastructure, get machines shipped to your data center, then this data access taking so long feels okay, right? That's kind of the same rate that everything is moving. In the cloud, you can spin up new infrastructure instantly, so you don't want approvals for getting policies, creating rules, all that stuff that Sanjeev was talking about, that being slow is a huge, huge problem. So this is a very common environment that we see where they're trying to do that kind of thing. And then, for replatforming, again, they've been building these roles and processes and policies for 20 years. What they don't want to do is take 20 years to go migrate all that stuff into the cloud, right? That's probably an experience nobody wants to repeat, and frankly for many of them, people who did it originally may or may not be involved in this kind of effort. So we work with a lot of companies like that, they have their, they want stability, they got to have the business running as normal, they got to get moving into the new infrastructure, doing it in a new way that, you know, with all the kind of lessons learned, so, as Sanjeev said, one of these big banks that we work with, that classical story of on-premise data warehousing, maybe a little bit of Hadoop, moved onto AWS, S3, Snowflake, that kind of setup, extremely intricate policies, but let's go reimagine how we can do this faster, right? What we like to talk about is, you're an organization, you need a design that, if you onboarded 1000 more data users, that's got to be way, way easier than the first 10 you onboarded, right? You got to get it to be easier over time, in a really, really significant way. >> Talk about the data authorization safety factor, because I can almost imagine all the intricacies of these different tools creates specialism amongst people who operate them. And each one might have their own little authorization nuance. Trend is not to have that siloed mentality. What's your take on clients that want to just "Hey, you know what? I want to have the maximum agility, but I don't want to get caught in the weeds on some of these tripwires around access and authorization." >> Yeah, absolutely, I think it's real important to get the balance of it, right? Because if you are an enterprise, or if you have diversive teams, you want them to have the ability to use tools as best of breed for their purpose, right? But you don't want to have it be so that every tool has its own access and provisioning and whatever, that's definitely going to be a security, or at least, a lot of friction for you to get things going. So we think about that really hard, I think we've seen great success with things like SSO and Okta, right? Unifying authentication. We think there's a very, very similar thing about to happen with authorization. You want that single control plane that can integrate with all the tools, and still get the best of what you need, but it's much, much easier (indistinct). >> Okta's a great example, if people don't want to build their own thing and just go with that, same with what you guys are doing. That seems to be the dots that are connecting you, Sanjeev. The ease of use, but yet the stability factor. >> Right. Yeah, because John, today I may want to bring up a SQL editor to go into Snowflake, just as an example. Tomorrow, I may want to use the Azure Bot, you know? I may not even want to go to Snowflake, I may want to go to an underlying piece of data, or I may use Power BI, you know, for some reason, and come from Azure side, so the point is that, unless we are able to control, in some sort of a centralized manner, we will not get that consistency. And security you know is all or nothing. You cannot say "Well, I secured my Snowflake, but if you come through HTFS, Hadoop, or some, you know, that is outside of my realm, or my scope," what's the point? So that is why it is really important to have a watertight way, in fact I'm using just a few examples, maybe tomorrow I decide to use a data catalog, or I use Denodo as my data virtualization and I run a query. I'm the same identity, but I'm using different tools. I may use it from home, over VPN, or I may use it from the office, so you want this kind of flexibility, all encompassed in a policy, rather than a separate rule if you do this and this, if you do that, because then you end up with literally thousands of rules. >> And it's never going to stop, either, it's like fashion, the next tool's going to come out, it's going to be cool, and people are going to want to use it, again, you don't want to have to then move the train from the compliance side this way or that way, it's a lot of hassle, right? So we have that one capability, you can bring on new things pretty quickly. Nong, am I getting it right, this is kind of like the trend, that you're going to see more and more tools and/or things that are relevant or, certain use cases that might justify it, but yet, AppSec review, compliance review, I mean, good luck with that, right? >> Yeah, absolutely, I mean we certainly expect tools to continue to get more and more diverse, and better, right? Most innovation in the data space, and I think we... This is a great time for that, a lot of things that need to happen, and so on and so forth. So I think one of the early goals of the company, when we were just brainstorming, is we don't want data teams to not be able to use the tools because it doesn't have the right security (indistinct), right? Often those tools may not be focused on that particular area. They're great at what they do, but we want to make sure they're enabled, they do some enterprise investments, they see broader adoption much easier. A lot of those things. >> And I can hear the sirens in the background, that's someone who's not using your platform, they need some help there. But that's the case, I mean if you don't get this right, there are some consequences, and I think one of the things I would like to bring up on next track is, to talk through with you guys is, the persona pigeonhole role, "Oh yeah, a data person, the developer, the DevOps, the SRE," you start to see now, developers and with cloud developers, and data folks, people, however they get pigeonholed, kind of blending in, okay? You got data services, you got analytics, you got data scientists, you got more democratization, all these things are being kicked around, but the notion of a developer now is a data developer, because cloud is about DevOps, data is now a big part of it, it's not just some department, it's actually blending in. Just a cultural shift, can you guys share your thoughts on this trend of data people versus developers now becoming kind of one, do you guys see this happening, and if so, how? >> So when, John, I started my career, I was a DBA, and then a data architect. Today, I think you cannot have a DBA who's not a developer. That's just my opinion. Because there is so much of CICD, DevOps, that happens today, and you know, you write your code in Python, you put it in version control, you deploy using Jenkins, you roll back if there's a problem. And then, you are interacting, you're building your data to be consumed as a service. People in the past, you would have a thick client that would connect to the database over TCP/IP. Today, people don't want to connect over TCP/IP necessarily, they want to go by HTTP. And they want an API gateway in the middle. So, if you're a data architect or DBA, now you have to worry about, "I have a REST API call that's coming in, how am I going to secure that, and make sure that people are allowed to see that?" And that was just yesterday. >> Exactly. Got to build an abstraction layer. You got to build an abstraction layer. The old days, you have to worry about schema, and do all that, it was hard work back then, but now, it's much different. You got serverless, functions are going to show way... It's happening. >> Correct, GraphQL, and semantic layer, that just blows me away because, it used to be, it was all in database, then we took it out of database and we put it in a BI tool. So we said, like BusinessObjects started this whole trend. So we're like "Let's put the semantic layer there," well okay, great, but that was when everything was surrounding BusinessObjects and Oracle Database, or some other database, but today what if somebody brings Power BI or Tableau or Qlik, you know? Now you don't have a semantic layer access. So you cannot have it in the BI layer, so you move it down to its own layer. So now you've got a semantic layer, then where do you store your metrics? Same story repeats, you have a metrics layer, then the data centers want to do feature engineering, where do you store your features? You have a feature store. And before you know, this stack has disaggregated over and over and over, and then you've got layers and layers of specialization that are happening, there's query accelerators like Dremio or Trino, so you've got your data here, which Nong is trying really hard to protect, and then you've got layers and layers and layers of abstraction, and networks are fast, so the end user gets great service, but it's a nightmare for architects to bring all these things together. >> How do you tame the complexity? What's the bottom line? >> Nong? >> Yeah, so, I think... So there's a few things you need to do, right? So, we need to re-think how we express security permanence, right? I think you guys have just maybe in passing (indistinct) talked about creating all these rules and all that kind of stuff, that's been the way we've done things forever. We get to think about policies and mechanisms that are much more dynamic, right? You need to really think about not having to do any additional work, for the new things you add to the system. That's really, really core to solving the complexity problem, right? 'Cause that gets you those orders of magnitude reduction, system's got to be more expressive and map to those policies. That's one. And then second, it's got to be implemented at the right layer, right, to Sanjeev's point, close to the data, and it can service all of those applications and use cases at the same time, and have that uniformity and breadth of support. So those two things have to happen. >> Love this universal data authorization vision that you guys have. Super impressive, we had a CUBE Conversation earlier with Nick Halsey, who's a veteran in the industry, and he likes it. That's a good sign, 'cause he's seen a lot of stuff, too, Sanjeev, like yourself. This is a new thing, you're seeing compliance being addressed, and with programmatic, I'm imagining there's going to be bots someday, very quickly with AI that's going to scale that up, so they kind of don't get in the innovation way, they can still get what they need, and enable innovation. You've got cloud migration, which is only going faster and faster. Nong, you mentioned speed, that's what CloudOps is all about, developers want speed, not things in days or hours, they want it in minutes and seconds. And then finally, ultimately, how's it scale up, how does it scale up for the people operating and/or programming? These are three major pieces. What happens next? Where do we go from here, what's, the customer's sitting there saying "I need help, I need trust, I need scale, I need security." >> So, I just wrote a blog, if I may diverge a bit, on data observability. And you know, so there are a lot of these little topics that are critical, DataOps is one of them, so to me data observability is really having a transparent view of, what is the state of your data in the pipeline, anywhere in the pipeline? So you know, when we talk to these large banks, these banks have like 1000, over 1000 data pipelines working every night, because they've got that hundred, 200 data sources from which they're bringing data in. Then they're doing all kinds of data integration, they have, you know, we talked about Python or Informatica, or whatever data integration, data transformation product you're using, so you're combining this data, writing it into an analytical data store, something's going to break. So, to me, data observability becomes a very critical thing, because it shows me something broke, walk me down the pipeline, so I know where it broke. Maybe the data drifted. And I know Okera does a lot of work in data drift, you know? So this is... Nong, jump in any time, because I know we have use cases for that. >> Nong, before you get in there, I just want to highlight a quick point. I think you're onto something there, Sanjeev, because we've been reporting, and we believe, that data workflows is intellectual property. And has to be protected. Nong, go ahead, your thoughts, go ahead. >> Yeah, I mean, the observability thing is critically important. I would say when you want to think about what's next, I think it's really effectively bridging tools and processes and systems and teams that are focused on data production, with the data analysts, data scientists, that are focused on data consumption, right? I think bridging those two, which cover a lot of the topics we talked about, that's kind of where security almost meets, that's kind of where you got to draw it. I think for observability and pipelines and data movement, understanding that is essential. And I think broadly, on all of these topics, where all of us can be better, is if we're able to close the loop, get the feedback loop of success. So data drift is an example of the loop rarely being closed. It drifts upstream, and downstream users can take forever to figure out what's going on. And we'll have similar examples related to buy-ins, or data quality, all those kind of things, so I think that's really a problem that a lot of us should think about. How do we make sure that loop is closed as quickly as possible? >> Great insight. Quick aside, as the founder CTO, how's life going for you, you feel good? I mean, you started a company, doing great, it's not drifting, it's right in the stream, mainstream, right in the wheelhouse of where the trends are, you guys have a really crosshairs on the real issues, how you feeling, tell us a little bit about how you see the vision. >> Yeah, I obviously feel really good, I mean we started the company a little over five years ago, there are kind of a few things that we bet would happen, and I think those things were out of our control, I don't think we would've predicted GDPR security and those kind of things being as prominent as they are. Those things have really matured, probably as best as we could've hoped, so that feels awesome. Yeah, (indistinct) really expanded in these years, and it feels good. Feels like we're in the right spot. >> Yeah, it's great, data's competitive advantage, and certainly has a lot of issues. It could be a blocker if not done properly, and you're doing great work. Congratulations on your company. Sanjeev, thanks for kind of being my cohost in this segment, great to have you on, been following your work, and you continue to unpack it at your new place that you started. SanjMo, good to see your Twitter handle taking on the name of your new firm, congratulations. Thanks for coming on. >> Thank you so much, such a pleasure. >> Appreciate it. Okay, I'm John Furrier with theCUBE, you're watching today's session presentation of AWS Startup Showcase, featuring Okera, a hot startup, check 'em out, great solution, with a really great concept. Thanks for watching. (calm music)