>>Oh, welcome to this cube unstoppable domain showcase. I'm John for your host of the cube and showcasing all the great content about web three. And what's around the corner for web. For of course, stoppable domains is one of the big growth stories in the business bread. Can the co-founders here with me have ensembles mains break. Great to see you. Thanks for coming on the showcase. >>So you have a lot of history in the, in the web three, they're calling it net, but it's basically crypto and blockchain. You know, the white paper came out and then, you know how it developed was organically. We saw how that happened. Now, the co-founder was titled domains. You seeing the mainstream, I would say main street scene, super bowl commercials. Okay. You're seeing it everywhere. So it is, it is here. Stadiums are named after cryptos companies. It's here. Hey, it's no longer a fringe. It is reality. You guys are in the middle of it. What's what's going on with the trend. And where does unstoppable fit in? Where do you guys tie in here? >>I mean, I think that what's been happening in general, this whole revolution around cryptocurrencies and then in FTEs and what unstoppable domains is doing, it's all around creating this idea that people can own something that's digital. And this hasn't really been possible before Bitcoin Bitcoin was the first case. You could own money. You don't need a bank. No one else. You can completely control it. No one else can turn you off. Then there was this next phase of the revolution, which is assets beyond just currencies. So, and if T is digital art, what we're working on is like a decentralized identity, like a username for web three and each individual domain name is a is an NFT. But yeah, it's a, it's been a, it's been a, it's been a crazy ride over the past. >>It's fun because you on siliconangle.com, which we founded, we were covering early days of crypto. In fact, our first website, the developer want to be paid in crypto is interesting price of Bitcoin. I won't say that how low it was, but then you saw, you saw the, you know, the ICO way, the token started coming in, you started seeing much more engineering, focused, a lot of white papers coming out, a lot of cool ideas. And then now you got this mainstream of it. So I had to ask you, what are the coolest things you guys are working on because ensemble has a solution that solves a problem today, and that people are facing at the same time. It is part of this new architecture. What problem do you guys solve right now? That's in market that you're seeing the most traction on. >>Yeah. So it's really about, so whenever you inter interact with a blockchain, you wind up having to deal with one of these really, really crazy public keys, public addresses. And they're like anywhere from 20 to 40 characters, long they're random, they're impossible to memorize. And going back to even early days in crypto, I think if people knew that this tech was not going to go mainstream, if you have to copy and paste these things around, if I'm getting to send you like a million dollars, I'm going to copy and paste some random string of numbers and letters. I'm going to have no confirmations about who I'm sending it to. And I'm going to hope that it works out. It's just not practical people. Who've kind of always known there was going to be a solution. And one of the more popular ideas was doing kind of like what DNS did, which is instead of having to deal with these crazy IP addresses this long, random string of numbers to find a website, you have a name, like a keyword, something that's easy to remember, you know, like a hotels.com or something like that. And so what NFT domains are, is basically the same thing, but for blockchain addresses and yeah, it's just, it's just better and easier. There's this joke that everybody, if you want to send me money, you're going to send me a test transaction of, you know, like a dollar first, just to make sure that I get it, call me up and make sure that I get it before you go and send the big amount. I'm just not the way moving, you know, billions of dollars of value is going to work in the future. >>Yeah. And I think one of the things you just pointed out, make it easier. One of these, when you have these new waves, these shifts we saw with the web web pages, more and more web pages were coming on more online users, they call the online population is growing here, the same thing's happening. And the focus is on ease of use, making things simple, to understand and reducing the step it takes to do things, right. This is kind of, kind of what is going on and with the developer community and what a theory has done really well is brought in the developers. So that's the, that's the convergence of all the action. And so when you, so that's where you're at right now, how do you go forward from here? Obviously see this business development deals to do. You guys are partnering a lot. What's the strategy? What are some of the things that you can share about some of your business activity that points to how mainstream it is and where it's going? Okay. >>So I think the, the, the, the way to, the way to think about, and, and T domain name is that it's meant to be like your identity on web three. So it's gonna have a lot of different contexts. It's kind of like your, your Venmo account, where you could send me money to Brad dot crypto can be your decentralized website, where you can check out my content at Brad dot crypto. It can also be my like login kind of like a decentralized Facebook OAuth, where I can log into ADAPs and share information about myself and bring my data along with me. So it's got all of these, all of these different, all these different things that it can do, but where it's starting is inside of crypto wallets and crypto apps, and they are adopting it for this identity, this identity idea. And it's the same identity across all your apps. >>That's the thing that's kinda, that's new here. So, so yeah, that's the, that's the really, that's the really big and profound shift that's happening. And the reason why this is going to be maybe even more important, a lot of, you know, your, your listeners thing is that everyone's going to have a crypto wallet. Every person in the world is going to have a crypto wallet. Every app, every consumer app that you use is going to build one in Twitter, just launched, just built one. Reddit is building one. You're seeing it across all the consumer finance apps. So it's not just the crypto companies that you're thinking of. Every app is going to have a wallet, and it's going to really, it's going to really change the way that we use the internet. >>I think there's a couple of things you pointed. I want to get your reaction to and thoughts more on this constant adapts or decentralized applications or dimension when you call it, this is applications and that take advantage of, of the architecture and then this idea of users owning their own data. And this absolutely reverses the script today. Today, you see Facebook, you see LinkedIn, all these silos, they own the data. The, you are the product here. The users are in control. They have their data, but the apps are being built for it for the paradigm shift here. Right. That's what's happening. Is that right now? >>Totally, totally. And, and so it all starts, I mean, DAP is just this crazy term. It feels like it's this like really foreign, weird thing. All it means is that you sign in with your wallet instead of signing in with a username and password where the data is stored inside of that app, like inside of Facebook. So that's, that's the only real, like core underneath difference to keep in mind signing in with a wallet. But that is like a complete sea change in the way the internet works, because I have this, this key, this private key it's on my phone or my device or whatever. And I'm the only one that has it. So if somebody wanted to hack me, they need to go get access to my device. Two years ago, when Twitter got hacked, Barack Obama and Elon Musk were tweeting the same stuff. >>That's because Twitter had all the data. And so you needed to hack Twitter instead of each individual person, it's a completely different security model. It's, it's way better for users to have that. But if you're thinking from the user perspective what's going to happen is, is that instead of Facebook storing all of my data, and then me being trapped inside of Facebook, I'm going to store it. And I'm gonna move around on the internet, logging in with my web three username, my, my, my NFT domain name. And I'm going to have all my data with me. And then I could use a hundred different Facebooks all in one day. And it would be effortless for me to go and move from one to the other. So the monopoly situation that we exist in as a society is because of the way data storage works. >>So that's the huge point. So let's just, let's double down on that for one more. Second, this is huge point. I want to get your thoughts. I think people don't understand that in the mainstream having that horizontal traversal or, or, or the ability to move around with your identity in this case, your unstoppable domain and your data allows the user to take it from place to place. It's like going to other apps that could be Facebook where the user's in charge. And they're either deciding whether to share their data or not, or are certainly continually their data. And this allows for more of a horizontal scalability for the user, not for a company. >>Yeah. And what's going to happen is, is users are building up their reputation. They're building up their identity in web three. So you have your username and you have your, your profile and you have certain badges of, you know, activities that you've done. And you're building up this reputation. And now apps are looking at that and they're starting to create social networks and other things to provide me services because I, it started with the user as, or the user is starting to collect all this valuable data. And then apps are saying, well, Hey, let me give you a special experience based on that, but the real thing, and this is like, this is like the core mean, this is just like a core capitalist idea. In general, you have more competition, you get a better experience for users. We have not had competition on, on, in web two for decades because these companies have become monopolies. And what web three is really allowing is this wide open competition. And, and that is what, that's the core thing. Like, it's not like, you know, it's going to take time for, for, for web three to get better than web two. You know, it's very, very early days, but the reason why it's going to work is because of the competitive aspect here. Like you can just, it's just so much better for consumers when this happened. >>I would also add to that, first of all, great point, great insight. I would also add that the web presence technology based upon DNS specifically is first of all, it's asking, so it's not foreign characters. It's not union code for, for the geeks out there, but that's limiting to its limits you to be on a site. And so I think the combination of kind of inadequate or antiquated DNS has limitations. So if, and that doesn't help communities, right? So when you're in the communities, you have potentially marketplaces, that could be anywhere. So if you have a ID and just kind of thinking it forward here, but if you have your own data and your own ID, you can jump into a marketplace two-sided marketplace anywhere. And app can provide that if the community is robust, this is kind of where I see the use case going. How do you guys, do you guys agree with that statement and how do you see that ability for the user to take advantage of other competitive or new emerging communities or marketplace? >>So I think it all comes down. So I identity is just this huge problem in web two. And part of the reason why it's very, very hard for new marketplaces and new communities to emerge is because you need all kinds of trust and reputation. And it's very hard to get, to get real information about the users that you're interacting with. If you're, if you're in the web three paradigm, then what happens is, is you can go and check certain things on the blockchain to see if they're true. And you can know that they're true. A hundred percent. You can know that I have used unit swab in the past 30 days and open, see in the past 30 days, you can know for sure that this wallet is mine. The same owner of this wallet also owns this other wallet, owns this certain asset. So all of having the ability to know certain things about a stranger is really what's going to change behavior. >>And one of the things that we're really excited about is being able to prove information about yourself without sharing it. So I can tell you, Hey, I'm a unique person. I'm an American, I'm not an American, but I don't have to tell you who I am. And, and you can still know that it's true. And, and that is that concept is going to be what enables, what you're talking about. I'm going to be able to show up in some new community that was created two hours ago, and we can all trust each other that a certain set of facts are true. And that's possible because of >>Exchange and exchange value with smart contracts and other no middlemen involved activities, which is the promise of the new decentralized web. All right. So let me ask you a question on that, because I think this is key. The anonymous point is huge. If you look at any kind of abstraction layers or any evolution in technology over the years, it's always been about cleaning up the mess or the, or extending capabilities of something that was inadequate. We mentioned DNS. Now you got this, there's a lot of problems with web two, 2.0, social bots. You mentioned bots, bots are anonymous and they don't have a lot of time in market. So it's easy to start bots and everyone who does either scraping bots, everyone knows this. What you just pointed out was an ops environment that was user choice, but has all the data that could be verified. So it's almost like a blue check mark on Twitter without your name, >>Kind of, it's good. It's going to be hundreds of check marks, but exactly, because there's so many different things that you're going to want to be, you're going to want to communicate to strangers, but that's exactly the right. That's exactly the right mental model. It's going to be these check marks for all kinds of different contexts. And that's, what's going to enable people to trust that they're, you know, you're talking to a real person or you're talking to the type of person you thought you were talking to, et cetera. But yeah, it's, it's, you know, I, I think that the issues that we have with bots today are because a web tool has failed at solving identity. I think Facebook at one point was deleting half a billion fake accounts per quarter. Something like the entire number of user profiles. They were deleting per you know, per year. So it's just a total. >>They spring up like mushrooms. They just pop up the thing. This is the problem. I mean, the data that you acquire in new siloed platforms is used by them, the company. So you don't own the data. So you become the product as the cliche goes. But what you're saying is if you have an identity and you pop around to multiple sites, you also have your digital footprints and your exhaust that you own. Okay. That's time. That's reputation data. I mean, you can cut it any way you want, but the point is, it's your stuff over time, that's yours and that's immutable. It's on the blockchain. You can store it and make that permanent and add to it. Exactly. That's, that's a time-based thing versus today, bots that are spreading misinformation can, can get popped up when they get killed. They just start another one. So time actually is a metric for quality here. >>Absolutely. And people already use it in the crypto world to say like, Hey, this wallet was created greater than two years ago. This wallet has had, you know, head has had transactions for at least three or four years. Like this is probably a real, you know, this is probably a legit legitimate user and anybody can look that up. I mean, we could go look it up together right now on, on ether scan. It would take, you know, a minute. >>Yeah. It's awesome. Yeah. I'm a big fan. I can tell, I love this product. I think you guys are gonna do really well. Congratulations. I'm a big fan. I think this is needed. What are some of the deals you've done? blockchain.com has won an opera. Can you take us through those deals and why they're working with you? We'll start with blockchain.com. >>Yeah. So the whole thing here is that this identity standard for web three apps need to choose to support it. So we spent several years as a company working to get as many crypto wallets and browsers and crypto exchanges to support this, to support this identity standard. Some of the, some of the, the, the largest, and probably, you know, most, most popular companies to have done. This are blockchain.com. For example, blockchain.com, one of the largest crypto wallets in the world. And you can use your domain names instead of crypto addresses. And, and, and this is, this is, this is super cool because blockchain.com in particular focuses on onboarding new users. So they're very focused on how we're going to get the next 4 billion internet users to use this tech. And they said, you know, usernames are going to be essential. Like, how can we onboard this next several billion people? If we have to explain to them about all these crazy addresses, and it's not just one, like we want to give you 10 40 character addresses for all these different contexts. Like, it's just, it's just, it's just no way people are gonna be able to do that without, without having a username. So that's why we're really excited about, about what blockchain that comes through. And they, they, they want to train users that this is the way you should use it. >>Yeah. And certainly no one wants to remember. I remember writing down all my writing. I, I'm not, I was never a big wallet fan cause all the hacks, I used to write it down and store it in my safe. But if the house burns down or I, I kick the can I'm, who's going to find it. Right? So again, these are all important things, your key storing it, securing it, super important. Talk about opera. And that's an interesting partnership because it's got a browser and people know what it is, what are they doing? Different almost imagine they're innovating around the identity and what people's experiences with, what they touch. >>So this is, this is one of those things. That's a little bit easier. And I strongly encourage everybody to go and try dApps after this. Cause this is going to be one of those concepts to be a little easier. If you, if you try it, then if you hear about it, but the concept of a wallet and a browser are kind of merging. So it makes sense to have a wallet inside of your browser. Because when you go to a website, the website is going to want you to sign in with your wallet. So having that be in one app is quite convenient for users. And so opera was one of the trailblazers, a traditional browser that added a crypto wallet so that you can store money in there. And then also added support for domain names, for payments and for websites. So you can type in Brad dot crypto and you can send me money or you can type in Brad dot crypto into the browser and you can check out my website. I've got a little NFT gallery. You can see my collection up there right now. So that's the, that's the idea is that browsers have this kind of super power in a web three. And what I think is going to happen opera and brave have been kind of the trailblazers here. But I think is going to happen is that these traditional browsers are going to wake up and they're going to see that integrating a wallet is critical for them to be able to provide services to consumers. >>I mean, it is an app. I mean, why not make it a D app as well? Because why wouldn't I want to just send you crypto, like Venmo, you mentioned earlier, which people can understand that concept. Ben, let me make my cash. Same concept here, but built in to the browser, which is not a browser anymore. It's a, a reader, a D app reader, basically with a wallet. All right. So, so what does this mean for you guys in the marketplace? You've got opera pushing the envelope on browsing, changing the experience, enabling the applications to be discovered and navigated and consumed. You got blockchain.com, blockchain.com with the wallets and being embedded there. Good distribution. How, what, who are you looking for for partners? How do people partner? Let's just say the cube wants to do NFTs and we want to have a login for our communities, which are all open. How do we partner with you? Or do we have to wait? Or is there a, I mean, take us through the partnership strategy. How do we, how do people engage with unstoppable Dwayne's >>Yeah, so, I mean, I think that if you're, you know, if you're a wallet or a crypto exchange, it's super easy, we would love to have you support being able to send money using domains. We also have all sorts of different kind of marketing activities we can do together. We can give out free stuff to, to your communities. We have a bunch of education that we do. We're really trying to be this onboarding point to web three. So there's, I think a lot of, a lot of cool stuff we can do together on the commercial side and on the, the, the marketing side. And then the other category that we didn't talk about was dabs. And we now have this login with unstoppable domains, which you kind of alluded to there. And so you can log in with your domain name and then you can give the app permission to get certain information about you or proof of information about you, not the actual information, if you don't want to share it because it's your choice and you're in control. And so that would be, that would be another thing. Like if you all launch a DAP, we should absolutely have log-in with unstoppable. >>Yeah. There's so much headroom here. You've got a short-term solution with exchange. Get that distribution. I get that that's early days of the foundation, push the distribution, get you guys everywhere. But the real success comes in for the login. I mean, the sign-on single sign-on concept. I think that's going to be powerful, great stuff. Okay. Future, tell us something we don't know about ensemble domains that people might be interested in. >>I think it's really, I think the thing that you're going to hear about a lot from us in the future is going to be around this idea of identity, of being able to prove that you're a human and be able to tell apps that and apps are going to give you all kinds of special access and rewards and all kinds of other things, because, because you gave them that information. So that's the that's, that's probably, that's the hint I'm going to drop. >>Yeah. It's interesting. Brad, you bring trust, you bring quality verified data to intelligence, software, and machine learning, AI and access to distributed communities and distributed applications. Interesting to see what the software does, what that, cause it traditionally didn't have that before. I mean just in mindblowing, I mean, it's pretty crazy great stuff, Brad. Thanks for coming on. Thanks for sharing the insight. Co-founder unstoppable domains, Brad camp. Thanks for stopping by the cubes. Showcase with unstoppable domains.

>> From "theCUBE" studios in Palo Alto in Boston, bringing you data-driven insights from "theCUBE" in ETR. This is breaking analysis with Dave Vellante. >> Chief Information Security Officer's site trust, is the number one value attribute, they can deliver to their organizations. And when it comes to security, identity is the new attack surface. As such identity and access management, continue to be the top priority among technology decision makers. It also happens to be one of the most challenging and complicated areas of the cybersecurity landscape. Okta, a leader in the identity space has announced its intent to converge privileged access and Identity Governance in an effort to simplify the landscape and re-imagine identity. Our research shows that interest in this type of consolidation is very high, but organizations believe technical debt, compatibility issues, expense and lack of talent are barriers to reaching cyber nirvana, with their evolving Zero-Trust networks. Hello and welcome to this week's Wikibon CUBE insights, powered by ETR. In this breaking analysis, we'll explore the complex and evolving world of identity access and privileged account management, with an assessment of Okta's market expansion aspirations and fresh data from ETR, and input from my colleague Eric Bradley. Let's start by exploring identity and why it's fundamental to digital transformations. Look the pandemic accelerated digital and digital raises the stakes in cybersecurity. We've covered this extensively, but today we're going to drill into identity, which is one of the hardest nuts to crack in security. If hackers can steal someone's identity, they can penetrate networks. If that someone has privileged access to databases, financial information, HR systems, transaction systems, the backup corpus, well. You get the point. There are many bespoke tools to support a comprehensive identity access management and privilege access system. Single sign-on, identity aggregation, de-duplication of identities, identity creation, the governance of those identities, group management. Many of these tools are open source. So you have lots of vendors, lots of different systems, and often many dashboards. Practitioners tell us that it's the paper cuts that kill them, patches that aren't applied, open ports, orphan profiles that aren't disabled. They'd love to have a single dashboard, but it's often not practical for large organizations because of the bespoke nature of the tooling and the skills required to manage them. Now, adding to this complexity, many organizations have different identity systems for privileged accounts, the general employee population and customer identity. For example, around 50 percent of ETR respondents in a recent survey use different systems for workforce identity and consumer identity. Now this is often done because the consumer identity is a totally different journey. The consumer is out in the wild and takes an unknown, nonlinear path and then enters the known space inside a brand's domain. The employee identity journey is known throughout. You go onboarding, to increasing responsibilities and more access to off-boarding. Privileged access may even have different attributes, does usually like no email and, or no shared credentials. And we haven't even touched on the other identity consumers in the ecosystem like selling partners, suppliers, machines, etcetera. Like I said, it's complicated and meeting the needs of auditors is stressful and expensive for CSOs. Open chest wounds, such as sloppy histories of privileged access approvals, obvious role conflicts, missing data, inconsistent application of policy and the list goes on. The expense of securing digital operations goes well beyond the software and hardware acquisition costs. So there's a real need and often desire, to converge these systems. But technical debt makes it difficult. Companies have spent a lot of time, effort and money on their identity systems and they can't just rip and replace. So they often build by integrating piece parts or they add on to their Quasi-integrated monolithic systems. And then there's the whole Zero-Trust concept. It means a lot of different things to a lot of different people, but folks are asking if I have Zero-Trust, does it eliminate the need for identity? And what does that mean for my architecture, going forward. So, let's take a snapshot of some of the key players in identity and PAM, Privileged Access Management. This is an X-Y graph that we always like to show. It shows the net score or spending velocity, spending momentum on the vertical axis and market share or presence in the ETR dataset on the horizontal axis. It's not like revenue market share. It's just, it's mentioned market share if you will. So it's really presence in the dataset. Now, note the chart insert, the table, which shows the actual data for Net Score and Shared In, which informs the position of the dot. The red dotted line there, it indicates an elevated level. Anything over 40 percent that mark, we consider the strongest spending velocity. Now within this subset of vendors that we've chosen, where we've tried to identify some, most of them are pure plays, in this identity space. You can see there are six above that 40 percent mark including Zscaler, which tops the charts, Okta, which has been at or near the top for several quarters. There's an argument by the way, to be made that Okta and Zscaler are on a collision course as Okta expands it's TAM, but let's just park that thought for a moment. You can see Microsoft with a highly elevated spending score and a massive presence on the horizontal axis, CyberArk and SailPoint, which Okta is now aiming to disrupt and Auth zero, which Okta officially acquired in may of this year, more on that later now. Now, below that 40 percent mark you can see Cisco, which is largely acquired companies in order to build its security portfolio. For example, Duo which focuses on access and multi-factor authentication. Now, word of caution, Cisco and Microsoft in particular are overstated because, this includes their entire portfolio of security products, whereas the others are more closely aligned as pure plays in identity and privileged access. ThycotyicCentrify is pretty close to that 40 percent mark and came about as a result of the two companies merging in April of this year. More evidence of consolidation in this space, BeyondTrust is close to the red line as well, which is really interesting because this is a company whose roots go back to the VAX VMS days, which many of you don't even know what a VAX VMS is in the mid 1980s. It was the mini computer standard and the company has evolved to provide more modern PAM solutions. Ping Identity is also notable in that, it essentially emerged after the dot com bust in the early 2000s as an identity solution provider for single sign-on, SSO and multifactor authentication, MFA solutions. In IPO'd in the second half of 2019, just prior to the pandemic. It's got a $2 billion market cap-down from its highs of around $3 billion earlier this year and last summer. And like many of the remote work stocks, they bounced around, as the reopening trade and lofty valuations have weighed on many of these names, including Okta and SailPoint. Although CyberArk, actually acted well after its August 12th earnings call as its revenue growth about doubled year on year. So hot space and a big theme this year is around Okta's acquisition of Auth zero and its announcement at Oktane 2021, where it entered the PAM market and announced its thrust to converge its platform around PAM and Identity Governance and administration. Now I spoke earlier this week with Diya Jolly, who's the Chief Product Officer at Okta and I'll share some of her thoughts later in this segment. But first let's look at some of the ETR data from a recent drill down study that our friends over there conducted. This data is from a drill down that was conducted early this summer, asking organizations how important it is to have a single dashboard for access management, Identity Governance and privileged access. This goes directly to Okta strategy that it announced this year at it's Oktane user conference. Basically 80 percent of the respondents want this. So this is no surprise. Now let's stay on this theme of convergence. ETR asks security pros if they thought convergence between access management and Identity Governance would occur within the next three years. And as you can see, 89% believe this is going to happen. They either strongly agree, agree, or somewhat agree. I mean, it's almost as though the CSOs are willing this to occur. And this seemingly bodes well for Okta, which in April announced its intent to converge PAM and IGA. Okta's Diya jolly stressed to me that this move was in response to customer demand. And this chart confirms that, but there's a deeper analysis worth exploring. Traditional tools of identity, single sign-on SSO and multi-factor authentication MFA, they're being commoditized. And the most obvious example of this is OAuth or Open Authorization. You know, log in with Twitter, Google, LinkedIn, Amazon, Facebook. Now Okta currently has around a $35 billion market cap as of today, off from its highs, which were well over 40 billion earlier this year. Okta stated, previously stated, total addressable market was around 55 billion. So CEO, Todd McKinnon had to initiate a TAM expansion play, which is the job of any CEO, right? Now, this move does that. It increases the company's TAM by probably around $20 to $30 billion in our view. Moreover, the number one criticism of Okta is, "Your price is too high." That's a good problem to have I say. Regardless, Okta has to think about adding more value to its customers and prospects, and this move both expands its TAM and supports its longer-term vision to enable a secure user-controlled ubiquitous, digital identity, supporting federated users and data within a centralized system. Now, the other thing Jolly stressed to me is that Okta is heavily focused on the user experience, making it simple and consumer grade easy. At Oktane 21, she gave a keynote laying out the company's vision. It was a compelling presentation designed to show how complex the problem is and how Okta plans to simplify the experience for end users, service providers, brands, and the overall technical community across the ecosystem. But look, there are a lot of challenges, the company faces to pull this off. So let's dig into that a little bit. Zero-Trust has been the buzz word and it's a direction, the industry is moving towards, although there are skeptics. Zero-Trust today is aspirational. It essentially says you don't trust any user or device. And the system can ensure the right people or machines, have the proper level of access to the resources they need all the time, with a fantastic user experience. So you can see why I call this nirvana earlier. In previous breaking analysis segments, we've laid out a map for protecting your digital identity, your passwords, your crypto wallets, how to create Air Gaps. It's a bloody mess. So ETR asked security pros if they thought a hybrid of access management and Zero-Trust network could replace their PAM systems, because if you can achieve Zero-Trust in a world with no shared credentials and real-time access, a direction which Diya jolly clearly told me Okta is headed, then in theory, you can eliminate the need for Privileged Access Management. Another way of looking at this is, you do for every user what you do for PAM users. And that's how you achieve Zero-Trust. But you can see from this picture that there's more uncertainty here with nearly 50 percent of the sample, not in agreement that this is achievable. Practitioners in Eric Bradley's round tables tell us that you'll still need the PAM system to do things, like session auditing and credential checkouts and other things. But much of the PAM functionality could be handled by this Zero-Trust environment we believe. ETR then asks the security pros, how difficult it would be to replace their PAM systems. And this is where it gets interesting. You can see by this picture. The enthusiasm wanes quite a bit when the practitioners have to think about the challenges associated with replacing Privileged Access Management Systems with a new hybrid. Only 20 percent of the respondents see this as, something that is easy to do, likely because they are smaller and don't have a ton of technical debt. So the question and the obvious question is why? What are the difficulties and challenges of replacing these systems? Here's a diagram that shows the blockers. 53 percent say gaps in capabilities. 26 percent say there's no clear ROI. IE too expensive and 11 percent interestingly said, they want to stay with best of breed solutions. Presumably handling much of the integration of the bespoke capabilities on their own. Now speaking with our Eric Bradley, he shared that there's concern about "rip and replace" and the ability to justify that internally. There's also a significant buildup in technical debt, as we talked about earlier. One CSO on an Eric Bradley ETR insights panel explained that the big challenge Okta will face here, is the inertia of entrenched systems from the likes of SailPoint, Thycotic and others. Specifically, these companies have more mature stacks and have built in connectors to legacy systems over many years and processes are wired to these systems and would be very difficult to change with skill sets aligned as well. One practitioner told us that he went with SailPoint almost exclusively because of their ability to interface with SAP. Further, he said that he believed, Okta would be great at connecting to other cloud API enabled systems. There's a large market of legacy systems for which Okta would have to build custom integrations and that would be expensive and would require a lot of engineering. Another practitioner said, "We're not implementing Okta, but we strongly considered it." The reason they didn't go with was the company had a lot of on-prem legacy apps and so they went with Microsoft Identity Manager, but that didn't meet the grade because the user experience was subpar. So they're still searching for a solution that can be good at both cloud and on-prem. Now, a third CSO said, quote, " I've spent a lot of money, writing custom connectors to SailPoint", and he's stressed a lot of money, he said that several times. "So, who was going to write those custom connectors for me? Will Okta do it for free? I just don't see that happening", end quote. Further, this individual said, quote, "It's just not going to be an easy switch. And to be clear, SailPoint is not our PAM solution. That's why we're looking at CyberArk." So the complexity that, unquote. So the complexity and fragmentation continues. And personally I see this as a positive trend for Okta, if it can converge these capabilities. Now I pressed Okta's Diya Jolly on these challenges and the difficulties of replacing them over to our stacks of the competitors. She fully admitted, this was a real issue But her answer was that Okta is betting on the future of microservices and cloud disruption. Her premise is that Okta's platform is better suited for this new application environment, and they're essentially betting on organizations modernizing their application portfolios and Okta believes that it will be ultimately a tailwind for the company. Now let's look at the age old question of best of breed versus incumbent slash integrated suite. ETR and it's drilled down study ask customers, when thinking about identity and access management solutions, do you prefer best of breed and incumbent that you're already using or the most cost efficient solution? The respondents were asked to force rank one, two and three, and you can see, incumbent just edged out best in breed with a 2.2 score versus a 2.1, with the most cost-effective choice at 1.7. Now, overall, I would say, this is good news for Okta. Yes, they faced the issues that we brought up earlier but as digital transformations lead to modernizing much of the application portfolio with container and microservices, Okta will be in a position, assuming it continues to innovate, to pick up much of this business. And to the point earlier, where the CSO told us they're going to use both SailPoint and CyberArk. When ETR asked practitioners which vendors are in the best position to benefit from Zero-Trust, the Zero-Trust trend, the answers were not surprisingly all over the place. Lots of Okta came up. Zscaler came up a lot too, hmm. There's that collision course. But plenty of SailPoint, Palo Alto, Microsoft, Netskope, Dichotic, Centrify, Cisco, all over the map. So now let's look specifically at how practitioners are thinking about Okta's latest announcements. This chart shows the results of the question. Are you planning to evaluate Okta's recently announced Identity Governance and PAM offerings? 45 to nearly 50 percent of the respondents either were already using or plan to evaluate, with just around 40 percent saying they had no plans to evaluate. So again, this is positive news for Okta in our view. The huge portion of the market is going to take a look at what Okta's doing. Combined with the underlying trends that we shared earlier related to the need for convergence, this is good news for the company. Now, even if the blockers are too severe to overcome, Okta will be on the radar and is on the radar as you can see from this data. And as with the Microsoft MIM example, the company will be seen as increasingly strategic, Okta that is, and could get another bite at the apple. Moreover, Okta's acquisition of Auth zero is strategically important. One of the other things Jolly told me is they see initiative starting both from devs and then hand it over to IT to implement, and then the reverse where IT may be the starting point and then go to devs to productize the effort. The Auth zero acquisition gives Okta plays in both games, because as we've reported earlier, Okta wasn't strong with the devs, Auth zero that was their wheelhouse. Now Okta has both. Now on the one hand, when you talk to practitioners, they're excited about the joint capabilities and the gaps that Auth zero fills. On the other hand, it takes out one of Okta's main competitors and customers like competition. So I guess I look at it this way. Many enterprises will spend more money to save time. And that's where Okta has traditionally been strong. Premium pricing but there's clear value, in that it's easier, less resources required, skillsets are scarce. So boom, good fit. Other enterprises look at the price tag of an Okta and, they actually have internal development capabilities. So they prefer to spend engineering time to save money. That's where Auth zero has seen its momentum. Now Todd McKinnon and company, they can have it both ways because of that acquisition. If the price of Okta classic is too high, here's a lower cost solution with Auth zero that can save you money if you have the developer talent and the time. It's a compelling advantage, that's unique. Okay, let's wrap. The road to Zero-Trust networks is long and arduous. The goal is to understand, support and enable access for different roles, safely and securely, across an ecosystem of consumers, employees, partners, suppliers, all the consumers, (laughs softly) of your touch points to your security system. You've got to simplify the user experience. Today's kluge of password, password management, security exposures, just not going to cut it in the digital future. Supporting users in a decentralized, no-moat world, the queen has left her castle, as I often say is compulsory. But you must have federated governance. And there's always going to be room for specialists in this space. Especially for industry specific solutions for instance, within healthcare, education, government, etcetera. Hybrids are the reality for companies that have any on-prem legacy apps. Now Okta has put itself in a leadership position, but it's not alone. Complexity and fragmentation will likely remain. This is a highly competitive market with lots of barriers to entry, which is both good and bad for Okta. On the one hand, unseating incumbents will not be easy. On the other hand, Okta is both scaling and growing rapidly, revenues are growing almost 50% per annum and with it's convergence agenda and Auth zero, it can build a nice moat to its business and keep others out. Okay, that's it for now. Remember, these episodes are all available as podcasts, wherever you listen, just search braking analysis podcast, and please subscribe. Thanks to my colleague, Eric Bradley, and our friends over at ETR. Check out ETR website at "etr.plus" for all the data and all the survey action. We also publish a full report every week on "wikibon.com" and "siliconangle.com". So make sure you check that out and browse the breaking analysis collection. There are nearly a hundred of these episodes on a variety of topics, all available free of charge. Get in touch with me. You can email me at "david.vellante@siliconangle.com" or "@dvellante" on Twitter. Comment on our LinkedIn posts. This is Dave Vellante for "theCUBE" insights powered by ETR. Have a great week everybody. Stay safe, be well And we'll see you next time. (upbeat music)

>> Narrator: From Sand Hill Road, in the heart of Silicon Valley, it's theCUBE, presenting the People First Network, insights from entrepreneurs and tech leaders. >> Hello and welcome to a special Cube conversation, I'm John Furrier with theCUBE. We're here at Mayfield Fund on Sand Hill Road, Venture Cap for investing here for the People First co-created production by theCube and Mayfield. Next to us, Phil Finucane who's the former CTO of Express Scripts as well as a variety of other roles. Went to Stanford, Stanford alum. >> Mm hmm. >> Good to see you, thanks for joining me for this interview. >> Thank you, thank you for having me. >> So, before we get into some of the specifics, talk about your career, you're a former CTO of Express Scripts >> Yep. >> What are some of the other journeys that you've had? Talk about your roles. >> Yeah, I've had sort of a varied career. I started off as just a computer coder for a contract coder in the mid-90s. I sort of stumbled into it, not because I had a computer science background, but because when you start coding, sort of for fun in Silicon Valley in the mid-90s, there are just lots of jobs and I was lucky to have great mentors along the way. In 2003, I joined Yahoo and came in as the lead engineer, sort of the ops guy and the build and release guy for the log in and registration team at Yahoo, so I learned how to, went from being just a coder to being somebody who know how to run and build big systems and manage them all around the world. That was in the day when everything was bare metal and I could go to a data center and actually look at my machine and say, "Wow, that one's mine," right? And you know, sort of progressed from there to being the architect by the time that I left for some of the big social initiatives at Yahoo. On my way out, the YOS, the initiative to try to build Facebook in I think 2007, 2008 to try to take them on. That didn't work out too well, but it was definitely a formative experience in my career. From there I went to Zynga, where I was the CTO for Farmville. Was really, really good at getting middle-aged women in the Midwest to come play our game, and you know, was there for >> And it was highly, >> About three years >> high growth, Farmville >> Huge growth >> Took off like a rocket ship. >> Yeah, you know, over the 10 quarters I worked on the game we had over a billion dollars in revenue and that was, you know, the Zynga IPO'd on the back of that, right? And we weren't the only game, but we were certainly >> That was one of the big games >> The big whale, us and poker were the two that really drove the value in Zynga at that point. After that, I went to American Express, where I worked in a division that sort of sat off on the side of American Express focusing on stored value products. I was the chief architect for that division. Stored value products and international currency exchange. So, you know, at one point, I was in charge of both a pre-paid platform and American Express's traveler's checks platform, believe it or not, a thing that still exists. Although it's not heavily used any more. And you know, finally, I went to Express Scripts, where I spent the last three years as the CTO for that org. >> It's interesting, you've got a very unique background, because you know, you've seen the web scale, talk about bare metal Yahoo days, I mean, I remember those days vividly, you know, dealing with database schemas, I mean certainly the scale of Yahoo front page, never mind the different services that they had, which by the way, silo-like, they had databases >> Very, oh totally >> So building a registration and identity system must've been like, really stitching together a core part of Yahoo, I mean, what a Herculean task that must've been. >> Yeah, it was a lot of fun. I learned a lot, you know, we, it was my first experience in figuring out how to deal with security around the web. You know, we had, at the beginning, some vulnerabilities here and there, as time went on, our standards around interacting around the web got better and better. Obviously, Yahoo has run into trouble around that in subsequent years, but it was definitely a big learning experience, being involved in you know, the development of the OAuth 2.0 spec and all of that, I was sort of sitting there advising the folks who were, you know, in the middle of that, doing all the work. >> And that became such a standard as we know, tokens, dealing with tokens and SAS. Really drove a lot of the SAS mobile generation that did cloud, which becomes kind of that next generation so you had, you know Web 1.0, Web 2.0, then you had the cloud era, cloud 2.0, now they're goin' DevOps and apps. I want to get your thought, and you throw crypto in there just for fun, of dealing with blockchain and then token economics and new kinds of paradigms are coming online >> It's amazing how far we've come in those years, right? I mean I look at the database that was built inside of Yahoo and this predated me, you know, this was back to circa 1996, I think, but you know, big massively scalable databases that were needed just because the traditional relational database just wouldn't work at that scale, and Yahoo was one of the first to sort of discover that. And now you look at the database technologies that are out there today that take some of those core concepts and just extend them so much further and they're so much easier to access, to use, to run, operate, all of those things than back in the days of Yahoozle, UDB, and it's amazing just to see how far we've come. >> Phil, I want to get your thoughts, because you know, talking about Yahoo and just your experiences and even today, at that time it was like changing the airplane's engine at 35,000 feet, it's really difficult. A lot of corporate enterprises right nhow are having that same kind of feeling with digital, and digital transformation, I'd say it's a cliche, but it is true this impact, the role of data that's playing and the just for value creation but also cybersecurity could put a company out of business, so there's all kinds of looming things that are opportunities and challenges, that are sizable, huge tasks that was once regulated to the full stack developers and the full web scalers, now the lonely CIO with the anemic enterprise staff has to turn around on a dime. Staff up, build a stack, build commodity, scale out, this is pretty massive, and not a lot of people are talking about this. What's your view on this? Because this is super important. >> Yeah it is, and you know, so I had kind of a shock, moving from working my whole career here on Silicon Valley and then going to American Express, which you know, is very similar in a lot of ways to Express Scripts, and the sort of corporate mindset around, "What is technology?" There is this notion that everything is IT and here in the valley, IT is you know, internal networks and laptops and those sorts of things, the stuff that's required to make your enterprise run internally. Their IT is all of your infrastructure, right? And IT is a service organization, it's not the competitive advantage in your industry, right? And so both of the places that I've gone have had really forward-thinking leaders that have wanted to change the way that their enterprise operates around technology, and move away from IT but, to technology, to thinking about engineering as a core competency. And that's a huge change, not only for the CIO >> You're saying they did have that vision >> They had the vision, but they didn't know how to get there, so my charter coming in and you know, others who were on the teams around me, our charter was to come in and help build a real engineering organization as opposed to an IT org that's very vendor-oriented, you know, that's dependent on third parties to tell you the right thing or the wrong thing, you know that hires consultants to come in and help set up architecture standards, because we couldn't do that on our own, we're not the experts on this side. You know, that's sort of the mindset in many old school companies, right? That needs, that I think needs to change. This notion that software is eating the world is still not something that people have gotten their heads around in many companies, right? >> And data's washing out old business models, so if software's eating the world, data's the tsunami that's coming in and going to take out the beach and the people there. >> Right. And so it's like, all of these things, it's one thing for, you know, a forward-thinking CEO like Tim Wentworth at Express Scripts, who was responsible for bringing me and the group in, you know, those kinds of folks, it's one thing to know that you have to make that transition it's another thing to have a sense of what that means for an engineering team, and all the more for the rest of the organization to be able to get behind it. I mean, people you know, I don't know any number of business partners who've been used to, just sort of taking a spec, throwing it over the wall, and saying, "Come back to me in two years when you're done." That's not how effective organizations work around technology. >> Let's drill into that, because one of the things that's cultural, I mean I do some of the interviews of theCUBE, I talk to leaders all the time like yourself, the theme keeps coming back, it's culture, it's process, technology, all those things you talk about, but culture is the number one issue people point to, saying, "That's the reason why "something did or didn't happen." >> Correct. >> So, you talk about throwing it over the fence, that's waterfall, so you think about the old waterfall methodology, agile, well documented, but the mindset of product thinking is a really novel concept to corporate America Not to Silicon Valley, and entrepreneurs, they got to launch a product, not roll out SAP over two years, right, or something they used to be doing. So that's a cultural mindset shift. >> It's difficult for folks, even if they want to get on board to come along some of the time. One of the real big successes we had early on at Express Scripts was, you know, transitioning our teams to Agile wasn't difficult, what was difficult was getting business partners to sort of come along and be actively engaged in that product development mindset and lifecycle and all those sorts of things. And you know, we had one partner in particular, we were migrating from a really old, really clunky customer care application that you know had taken years and years to build, took on average, a new agent took six weeks to get trained on it because it was so complex and it's Oracle Forms and you know, every field in the database was a field on this thing, and there were green screens to do the stuff that you couldn't do in Oracle Forms, so and we wanted to rebuild the application. We tried to get them to come along and say, "Okay, we're going to do it in really small chunks," but business partners were like, "No, we can't afford "to have our agents swiveling between two applications." And so finally after we got our first sort of full-feature complete, we begged to go into a call center, you know with our business partners, and sit down with a few agents and just have them use it and see if it looked like it worked, if it did the right thing, and it was amazing seeing the business partner go, over the course of an hour, from "I can't be engaged in this, "I don't want an agent swiveling, "I don't want to be, you know, delivering partial applications "I want the whole thing." to, "Oh my god, it works way better, "the design is much nicer, the agents seem to like it," you know, "Here are the next things we should work on, "These are the things we got wrong." They immediately pivoted, and it wasn't, it was because they're the experts, they know how to run their business, they know what's important in their call centers, they know what their agents need, and they had just never seen the movie before, they just had no concept you could work that way. >> So this is actually interesting, 'cause what you're saying is, a new thing, foreign to the business partners, the tech team's on board, being Agile, building product, they have to, they can't just hear the feature benefits, they got to feel it. >> Yeah, they have to see it >> This seems to be the experience of success before they can move. Is that a success you think culturally, something that people have to be mindful of? >> It's absolutely something you have to be mindful of. And that was just the first step down the path. I mean, that team made a number of mistakes that folks here I think in the valley wouldn't normally make, you know. Over-committing and getting themselves into deep water by trying to get too much done and actually getting less accomplished in the process because of it and you know, the engagement around using data to actually figure out what's the next feature that we build. When you've got this enormous application to migrate, you should probably have some insight as to you know, feature by feature, what are you going to work on next? And that was a real challenge, 'cause there's a culture of expertise-driven, you know being subject-matter driven, expertise driven as opposed to being data driven about how do you >> Let's talk about data-driven. We had an interview earlier this morning with another luminary here at the Mayfield 50th conference celebration that they're having, and he said, "Data is the new feedback mechanism." and his point was, is that if you treat the Agile as an R&D exercise from a data standpoint. Not from a product but get it out there, get the data circulating in, it's critical in formulation of the next >> It is, yeah, it's absolutely critical. That was the eye opener for me going to Zynga. Zynga had an incredible, probably still does have, an incredible product culture that every single thing gets rolled out behind an experiment. And so you know, that's great from an operational perspective, because it allows you to, you know, move quickly and roll things out in small increments and when it doesn't work, you can just shut it off but it's not some huge catastrophe. But it's also critical because it allows you to see what's working and what's not and the flip side of that is, some humility of the people developing the products that their ideas are not going to work sometimes just because you know this domain well doesn't mean that you're necessarily going to be the expert on exactly how everything is going to play out. And so you have to have this ability to go out, try stuff, let it fail, use that, hopefully you fail quickly, you learn what's not working and use that to inform what's the next step down the path that you take, right? And Agile plays into it, but that's for me, that's the big transition that corporations really have to struggle with, and it's hard. >> You know you're, been there done that, seen multiple waves of innovation, want to bring up something to kind of get you going here. You see this classically in the old school 90s, 80s day. Product management, product people and sales people. They're always buttin' heads, you know? Product marketing, marketing people want this sales and marketing want this, product people buttin' heads, but now with Agile, the engineering focus has been the front lines. People are building engineering teams in house. They're building custom stacks for whatever reasons, the apps are getting smarter. The engineers are getting closer to the edge, the customer if you will. How do you help companies, or how do you advise companies to think about the relationship between a product-centric culture and a sales-centric culture? Because sometimes you have companies that are all about the customer-centric, customer-centric customer-centric, product-centric and sometimes if you try to put 'em together there's always going to be an alpha-beta kind of thing there and that's the balance in this. What's your take on this? Seems to be a cutting edge topic >> Yeah, well, so you know, one of the last big initiatives that I worked on at Express Scripts. Express Scripts has the, to my knowledge, the largest automated home delivery pharmacy in the world. It's amazing if you walk into one of our pharmacies where automation is packaging and filling prescriptions and packaging and shipping and doing all of that stuff. And we've built so much efficiency into the process that we've started getting slack in the system. Every year, you're trying to figure out how to make something work better and you know, have better automation around it. And so, you know, what do you do with all of that slack? The sales team can't sign up enough new customers for Express Scripts to actually fill that capacity. And so they create a division of commoditizing this, basically white labeling your pharmacy. We called it Pharmacy as a Platform, exposing APIs to third parties who might want to come along and hey, Phil's pharmacy can now fill branded prescriptions to get sent to you in your home, right? And so that's a fantastic vision, but there's a real struggle between engineering who had all these legacy stacks that we needed to figure out how to move to be able to really live up to this, you know the core of Express Scripts was our members and not somebody else's members. And so there's a lot of rewiring at the core that needs to be done. An operations team, a product team that's, you know, running these home delivery pharmacies, and a sales team that wants to go off and sell all over the place, right? And so, you know, early on, we started off and the sales team tried to sell, like six different deals that all required different parts of the vision, but you know, they weren't really, there was no real roadmap to figure out how do you get from where we're at to the end, and we could've done any of those things, but trying to do them all at once was going to be a trainwreck. And so, you know, we stubbed our toes a couple of times along the way, but I think it just came down to having a conversation and trying to be as transparent as possible on all sides, in all sides. To you know, try to get to a place where we could be effective in delivering on the vision. The vision was right. Everybody was doing all of the right things. But if you haven't actually, with so much of this stuff, if you haven't seen the movie, if you haven't worked this way before, there's nothing I can tell you that's going to make it work magically for you tomorrow. You have to just get this together and work in small increments to figure out how to get there. >> You got to go through spring training, you got to do the reps. >> Yep, absolutely. >> All right, so on your career, as you look at what you've done in your career, and what people outside are looking at right now, you got startups trying to compete and get a market position. You have other existing suppliers who could be the old guard, retooling and replatforming, refactoring, whatever the buzz word you want to use. And then the ultimate customer who wants to consume and have the ability of having custom personalization, data analytics, unlimited elastic capability with resources for their solution. How, what advice would you give to the startup, to the supplier, and to the customer to survive this next transition of cloud 2.0, you know and data tsunami, and all the opportunities that are coming? Because if they don't, they'll be challenged a startup goes out of business, a supplier gets displaced. >> Right, I mean, well, so the startup, I don't know if I have good advice for the startup. Startups in general have to find a market that actually works for them. And so, you know, I don't know that I've got some secret key that allows startups to be effective other than don't run out of money, try to figure out how to build effectively to get you to the point where you're, you know, where you're going to win. One of my earliest, one of the earliest jobs I had in my career, I came into a startup, and I tried, one of the founders had written the initial version of the code base. I, as a headstrong engineer, was convinced that he had done horrible work, and so I sort of holed up for like, six to eight weeks doing a hundred hours a week trying to rewrite the entire code base while getting nothing done for the startup. You know, in the end, that was the one job I've ever been fired from, and I should've been fired, because, you know, honestly as a startup, you shouldn't worry about perfection from an engineering perspective. You should figure out how to try to find your marketplace. Everybody has tech debt, you can fix that as time goes on, the startup needs to figure out how to be viable more than anything else. As far as suppliers go, you know, I don't know it's interesting the, you know, I sort of look at corporate America and there are many many companies that really rely heavily on their vendors to tell them how to do things. They don't trust in their own internal engineering ability. And then there are the ones, like the teams I have built at AmEx and Express Scripts that really do want to learn it all and be independent. I would say, identify when you walk into somebody's shop which they are and sell to them appropriately. You know, I've been a Splunk customer for a long time, I love Splunk. But the Splunk sales team early on at Express Scripts tried to come in and sell me on a whole bunch of stuff that Splunk was just not good at, right? >> And you knew that. >> And I knew that, because I've been a hands-on customer every since Zynga, right? I know what it's good at, and I love it as a tool, but you know, it's not the Swiss Army knife. It can't do everything. >> Well now you got Signal FX, so now you can get the observability you need. >> Exactly, right? So yeah, I, you know, I would say, you know, for those kinds of companies, it's important to go in and understand what your customer is, you know, what your customer is asking for and respond to them appropriately. And in some cases, they're going to need your expertise, either because they're building towards it or they haven't gotten there yet, and some cases, one of the things that I have done with teams of mine in the past, was it with AppDynamics at Express Scripts, excuse me at AmEx, five or six years ago, they were sold on, you know, bringing in AppDynamics as a monitoring tool, I actually made them not bring it in, because they didn't know what they didn't know. I made them go build some basic monitoring, you know, using some open source tools, just to get some background, and then, you know, once they did, we ended up bringing AppDynamics in, but doing it in a way that they were accretive to what we were trying to accomplish and not just this thing that was going to solve all of our problems. >> And so that brings up the whole off-the-shelf general purpose software model that you were referring to. The old model was lean on your vendors. They're supplying you, and because you don't have the staff to do it yourself. That's changing, do you think that's changing? >> It is, it's changing, but again, I think there's a lot of places where people nominally want to go there, but don't know how to get there, and so, you know, people are stubbing their toes left and right. If you're doing it with this mindset of, we're constantly getting better and we're learning and it's okay to make mistakes as long as we move forward, >> It's okay to stub your toe as long as you don't cut an artery open. >> Yeah, that's true, yeah exactly >> You don't want to bleed out, that's a cybersecurity hack >> That's true, that's true. But for me a lot of the time that just comes down to how long are you waiting before you stub your toe? If you're, you know, if you wait two years before you actually try to launch something, the odds of you cutting your leg off are much higher than >> Well I want to get into the failure thing, so I think stubbing your toe brings up this notion of risk management, learning what to try, what not to do, take experiments to try to your, which is a great example. Before you get there, you mentioned suppliers. One of the things we hear and I want to get your thoughts on, is that, a lot of CIOs and C-sos, and CBOs, or whatever title is the acronym, they're trying to reduce the number of suppliers. They don't want more tools, right? They don't necessarily want another tool for the tool's sake or they might want to replatform, what does that even mean? So, we're hearing in our interviews and our discussions with partitioners, "Hey, I want to get my suppliers down, "and by the way, I want to be API driven, "so I want to start getting to a mode "where I'm dictating the relationship to suppliers." How do you respond to that? Do you see that as aspirational, real dynamic, or fiction? >> It's a good goal to give motivation, I believe it. For me, I approach the problem a little differently. I'm a big believer, well, so, because I've seen this pattern of this next tool is going to be the one that consolidates three things and it's going to be the right answer and instead of eliminating three and getting down to one, you have four, because you're, you need to unwire this new thing, there's a lot of time and effort required to get rid of, you know, your old technology stack, and move to the new one, right? I've seen that especially coming from the C-Sec for Express Scripts is an amazing guy, and you know, was definitely trying to head down that path but we stubbed our toes, we ran into problems in trying to figure out, you know, how do you move from one set of networking gear to the next set? How do you deal with, you know, all of the virus protection and all the other, there's a huge variety of tools. >> So it's not just technical debt, it's disruption >> It's disruption to the existing stack, and you've got to move from old to new, so my philosophy has always been, with technical debt, when you're in debt, and I think technical debt really does operate in a lot of ways like real debt, right? Probably good to have some of it. If you're completely debt-free, that's I've never been in that place before. >> You're comfortable. You might not be moving, >> Exactly, right? But with that technical debt, you know, there's two ways to pay down your debt. You can scrimp and save and put more money into debt principal payments as opposed to spending on other new things, or, well and/or, build productive capacity. So a huge focus for me for the engineering teams that we've built, and this is not anything new to the folks in this area, but, you know, always think about an arms race, where you're getting 1% better every day. The aggregation of marginal gains and investing in internal improvements so that your team is doubling productivity every year, which is something that's really possible for, you know, some of these engineering organizations, is the way that you deal with that, right? If you get to the point where your team is really, really productive, they can go through and eliminate all the old legacy technology. >> That's actually great advice, and it's interesting, because a lot of people just get hung up on one thing. Operating something, and then growing something, and you can have different management styles and different techniques for both, the growth team, the operating team. You're kind of bringing in and saying, we can do both. Operate with growth in mind, to 1% better approach. >> Right, you know, and for me, it's been an interesting journey, you know. I started off as the engineer and then the architect, who was always focused on just the technology, the design of the system in production. Sort of learned from there that you had to be good at the you know, all the systems that get code from a developer's desktop into production, that's a whole interrelated system that's not isolated from your production system. And then from there, it has to be the engineering team that you build has to be effective as well. And so, I've moved from being very technology-centric to somebody who says, "Okay, I have to start "with getting the team right "and getting the culture right if we're ever going to "be able to get the technology to a good place." Mind you, I still love the technology. I'm still an architect at my core, but I've come to this realization that good technology and bad teams will get crushed by bad technologies and good teams. Because now I've seen that a couple of places, where you have old but evolving technology stacks that have gone from low availability and poor performance and low ability to get new features into production to a place where you're fixing all of that at a high rate. It starts with the team. >> You're bringing us some core Silicon Valley ethos to the IT conversation, because what you're talking about is "I'll fund an A team with a B plan any day "over a B team with an A plan." >> Right. >> And where this makes sense, I think is true, is that to your point about debt, A teams know how to manage it. >> Yeah. >> So this is kind of what you're getting at here. >> Right. >> You can take that same ethos, so it's the Agile enterprise. >> Yeah, it is >> That's what we're talking about. Okay, so hypothetical final point I want to chat with you about. Let's just say you and I were startin' a company. We're chief architects, you're the chief architect, I'm a coder, what are we doing? Do I code from horizontally scalable cloud, certainly cloud native, how would you think about building, we have an app in mind, all of our requirements defined, it's going to be data-centric, it's going to be game change and have community, it might have some crypto in there, who knows, but it's going to be fun. How do we scale this out to be really fast? How would you architect this? >> Yeah, well, you know, I do start in the cloud. I go to AWS or Azure or any of the offerings that are out there, and you know, leverage everything that they have that's already wired up already for you. I mean the thing that we've seen in the evolution of software and production systems over the last, well, forever, is you get more and more leverage every day, every year, right? And so, if you and I are startin' a new company, let's go use the tools that are there to do the things that we shouldn't be wasting our time on. Let's focus on the value for our company as much as we can. Don't over-architect. I think premature optimization is a thing that you know, I learned early on is a real problem. You should, you know >> Give an example, what that would look like. >> I've seen >> Database scale decisions done with no scale >> Correct, yeah, you know? You go off >> Let's pick this! It's the most scalable database, well we have no users yet. >> Right, you know you build the super complicated caching architecture or you know, you go design the most critical part of the system out of the gate, you know, using Assembly. You use C++ or, you use a low level language when a high level language with your three users would be just fine, right? You can get the work done in a fraction of the time. >> And get the business logic down, the IP, >> Solve the problem when it becomes a problem. Like, it's, you know, I've, any number of times, I've run into systems, I've built systems where you have some issue that you run into, and you have to go back and redesign some chunk of the system. In my experience, I'm really bad at predicting, and I think engineers are really bad at predicting what are going to be the problem areas until you run into them, so just go as simple as you can out of the gate, you know. Use as many tools as you can to solve problems that, you know, maybe as an engineer, I want to go rebuild every thing from scratch every time. I get the inclination. But it's >> It's a knee-jerk reaction to do that but you stay your course. Don't over-provision, overthink it, thus start taking steps toward the destination, the vision you want to go to, and get better, operate >> Solve the problem you have when it shows up. >> So growth mindset, execute, solve the problems when they're there. >> Right, and initially the problem that you have is finding a market, you know, not building the greatest platform in the world, right? >> Find a market, exactly. >> Right? >> Phil, thanks for taking the time >> Thank you very much, appreciate it. >> Appreciate the insights. Hey, we're here for the People First, Mayfield's 50th celebration, 50 years in business. It's a CUBE co-production, I'm John Furrier, thanks for watching >> Thanks John. (outro music)

>> Announcer: Live, from Copenhagen, Denmark. It's theCUBE! Covering KubeCon and CloudNativeCon Europe 2018. Brought to you by the Cloud Native Computing Foundation, and its Ecosystem partners. >> Hi everyone, welcome back, this is theCUBE's exclusive coverage of the Linux Foundation's Cloud Native Compute Foundation KubeCon 2018 in Europe. I'm John Furrier, host of theCUBE and we're here with two Google folks. JD Velazquez who's the Product Manager for Stackdriver, got some news on that we're going to cover, and David Aronchick, who's the co-founder of Kubeflow, also with Google, news here on that. Guys, welcome to theCUBE, thanks for coming on. >> Thank you John. >> Thank you very much. >> So we're going to have Google Next coming out, theCUBE will be there this summer, looking forward to digging in to all the enterprise traction you guys have, and we had some good briefings at Google. Ton of movement on the Cloud for Google, so congratulations. >> JD: Thank you. >> Open source is not new to Google. This is a big show for you guys. What's the focus, you've got some news on Stackdriver, and Kubeflow. Kubeflow, not Cube flow, that's our flow. (laughing) David, share some of the news and then we'll get into Stackdriver. >> Absolutely, so Kubeflow is a brand new project. We launched it in December, and it is basically how to make machine learning stacks easy to use and deploy and maintain on Kubernetes. So we're not launching anything new. We support TensorFlow and PyTorch, Caffe, all the tools that you're familiar with today. But we use all the native APIs and constructs that Kubernetes rides to make it very easy and to let data scientists and researchers focus on what they do great, and let the I.T. Ops people deploy and manage these stacks. >> So simplifying the interactions and cross-functionality of the apps. Using Kubernetes. >> Exactly, when you go and talk to any researcher out there or data scientist, what you'll find is that while the model, TensorFlow, or Pytorch or whatever, that gets a little bit of the attention. 95% of the time is spent in all the other elements of the pipeline. Transforming your data, ingesting it, experimenting, visualizing. And then rolling it out toward production. What we want to do with Kubeflow is give everyone a standard way to interact with those, to interact with all those components. And give them a great workflow for doing so. >> That's great, and the Stackdriver news, what's the news we got going on? >> We're excited, we just announced the beta release of Stackdriver Kubernetes monitoring, which provides very rich and comprehensive observability for Kubernetes. So this is essentially simplifying operations for developers and operators. It's a very cool solution, it integrates many signals across the Kubernetes environment, including metrics, logs, events, as well as metadata. So what it allows is for you to really inspect your Kubernetes environment, regardless of the role, and regardless of where your deployment is running it. >> David is bringing up just the use cases. I just, my mind is exploding, 'cause you think about what Tensorflow is to a developer, and all the goodness that's going on with the app layer. The monitoring and the instrumentation is a critical piece, because Kubernetes is going to bring the people what is thousands and thousands of new services. So, how do you instrument that? I mean, you got to know, I want to provision this service dynamically, that didn't exist. How do you measure that, I mean this is, is this the challenge you guys are trying to figure out here? >> Yeah, for sure John. The great thing here is that we, and at Google primarily, many of our ancillary practices go beyond monitoring. It really is about observability, which I would describe more as a property of a system. How do you, are able to collect all these many signals to help you diagnose the production failure, and to get information about usage and so forth. So we do all of that for you in your Kubernetes environment, right. We take that toil away from the developer or the operator. Now, a cool thing is that you can also instrument your application in open source. You can use Prometheus, and we have an integration for that, so anything you've done in a Prometheus instrumentation, now you can bring into the cloud as needed. >> Tell about this notion, everyone gets that, oh my God, Google's huge. You guys are very open, you're integrating well. Talk about the guiding principles you guys have when you think about Prometheus as an example. Integrating in with these other projects. How are you guys treating these other projects? What's the standard practice? API Base? Is there integration plans? How do you guys address that question? >> Yeah, at a high level I would say, at Google, we really believe in contributing and helping grow open communities. I think that the best way to maintain a community open and portable is to help it grow. And Prometheus particularly, and Kubernetes of course, is a very vibrant community in that sense. So we are, from the start, designing our systems to be able to have integration, via APIs and so on, but also contributing directly to the projects. >> And I think that one thing that's just leveraging off that exact point, y'know, we realize what the world looks like. There's literally zero customers out there, like, "Well, I want be all in on one cloud. "Y'know, that 25 million dollar data center "I spent last year building. "Yeah, I'll toss that out so that I can get, "y'know, some special thing." The reality is, people are multi-cloud. And the only way to solve any problem is with these very open standards that work wherever people are. And that's very much core to our philosophy. >> Well, I mean, I've been critical of multi-cloud, by the definition. Statistically, if I'm on Azure, with 365, that's Azure. If I'm running something on Amazon, those are two clouds, they're not multi-cloud, by my definition. Which brings up where this is going, which is latency and portability, which you guys are really behind. How are you guys looking at that, because you mentioned observation. Let's talk about the observation space of clouds. How are you guys looking at, 'cause that's what people are talking about. When are we going to get to the future state, which is, I need to have workload portability, in real time, if I want to move something from Azure to AWS or Google Cloud, that would be cool. Can't do that today. >> That is actually the core of what we did around Kubeflow. What we are able to do is describe in code all the layers of your pipeline, all the steps of your pipeline. That works based on any conformant Kubernetes cluster. So, you have a Kubernetes conformant cluster on Azure, or on AWS, or on Google Cloud, or on your laptop, or in your private data center, that's great. And to be clear, I totally agree. I don't think that having single workloads spread across cloud, that's not just unrealistic, because of all the things you identified. Latency, variability, unknown failures, y'know. Cap theorem is a thing because, y'know, it's well-known. But what people want to do is, they want to take advantage of different clouds for the efforts that they provide. Maybe my data is here, maybe I have a legal reason, maybe this particular cloud has a unique chip, or unique service-- >> Use cases can drive it. >> Exactly, and then I can take my workload, which has been described in code and deploy it to that place where it makes sense. Keeping it within a single cloud, but as an organization I'll use multiple clouds together. >> Yeah, I agree, and the data's key, because if you can have data moving between clouds, I think that's something I would like to see, because that's going to be, because the metadata you mentioned is a real critical piece of all these apps. Whether it's instrumentation logging, and/or, y'know, provisioning new services. >> Yeah, and as soon as you have, as David is mentioning, if you have deployments on, y'know, with public or private clouds, then the difficult part is that of severability, that we were talking before. Because now you're trying to stitch together data, and tools to help you get that diagnosed, or get signals when you need them. This is what we're doing with Stackdriver Kubernetes monitoring, precisely. >> Y'know, we're early days in the cloud. It stills feels like we're 10 years in, but, y'know, a lot of people are now coming to realize cloud native, so. Y'know, I'm not a big fan of the whole, y'know, Amazon, although they do say Amazon's winning, they are doing quite well with the cloud, 'cause they're a cloud. It's early days, and you guys are doing some really specific good things with the cloud, but you don't have the breadth of services, say, Amazon has. And you guys are above board about that. You're like, "Hey, we're not trying to meet them "speed for speed on services." But you do certain things really, really well. You mentioned SRE. Site Reliability Engineers. This is a scale best practice that you guys have bringing to the table. But yet the customers are learning about Kubernetes. Some people who have never heard of it before say, "Hey, what's this Kubernetes thing?" >> Right. >> What is your perspectives on the relevance of Kubernetes at this point in history? Because it really feels like a critical mass, de facto, standard movement where everyone's getting behind Kubernetes, for all the right reasons. It feels a lot like interoperability is here. Thoughts on Kubernetes' relevance. >> Well I think that Alexis Richardson summed it up great today, the chairperson of the technical oversight committee. The reality is that what we're looking for, what operators and software engineers have been looking for forever, is clean lines between the various concerns. So as you think about the underlying infrastructure, and then you think about the applications that run on top of that, potentially services that run on top of that, then you think about applications, then you think about how that shows up to end users. Before, if you're old like me, you remember that you buy a $50,000 machine and stick it in the corner, and you'd stack everything on there, right? That never works, right? The power supply goes out, the memory goes out, this particular database goes out. Failure will happen. The only way to actually build a system that is reliable, that can meet your business needs, is by adopting something more cloud native, where if any particular component fails, your system can recover. If you have business requirements that change, you can move very quickly and adapt. Kubernetes provides a rich, portable, common set of APIs, that do work everywhere. And as a result, you're starting to see a lot of adoption, because it gives people that opportunity. But I think, y'know and let me hand off to JD here, y'know, the next layer up is about observability. Because without observing what's going on in each of those stacks, you're not going to have any kind of-- >> Well, programmability comes behind it, to your point. Talk about that, that's a huge point. >> Yeah, and just to build on what David is saying, one thing that is unique about Google is that we've been doing for more than a decade now, we've been very good at being able to provide innovative services without compromising reliability. Right, and so what we're doing is in that commitment, and you see that with Kubernetes and Istio, we're externalizing many of our, y'know, opinionated infrastructure, and platforms in that sense, but it's not just the platforms. You need those methodologies and best practices. And now the toolset. So that's what we're doing now, precisely. >> And you guys have made great strides, just to kind of point out to the folks watching, in the enterprise, I know you've got a lot more work to do but you're pedaling as fast as you can. I want to ask you specifically around this, because again, we're still early days with the cloud, if you think about it, there are now table stakes that are on the table that you got to get done. Check boxes if you will. Certainly on the government side there's like, compliance issues, and you guys are now checking those boxes. What is the key thing, 'cause you guys are operating at a scale that enterprises can't even fathom. I mean, millions of services, on and on up a huge scale. That's going to be helpful for them down the road, no doubt about it. But today, what is the Google table stakes that are done, and what are enterprises need to have for table stakes to do cloud native right, from your perspective? >> Well, I think more than anything, y'know, I agree with you. The reality is all the hyperscale cloud providers have the same table stakes, all the check boxes are checked, we're ready to go. I think what will really differentiate and move the ball forward for so many people is this adoption of cloud native. And really, how cloud native is your cloud, right? How much do you need to spin up an entire SRE team like Netflix in order to operate in the Netflix model of, y'know, complete automation and building your own services and things like that. Does your cloud help you get cloud native? And I think that's where we really want to lean in. It's not about IAS anymore, it's about does your cloud support the reliability, support the distribution, all the various services, in order to help you move even faster and achieve higher velocity. >> And standing up that is critical, because now these applications are the business model of companies, when you talk about digital. So I tweeted, I want to get your reaction to this, yesterday I got a quote I overheard from a person here in the hallways. "I need to get away from VPNs and firewalls. "I need user application layer security "with unphishable access, otherwise I'm never safe." Again this talks about the perimeterless cloud, spearphishing is really hot right now, people are getting killed with security concerns. So, I'm going to stop if I'm enterprise, I'm going to say, "Hold on, I'm not going," Y'know, I'm going to proceed with caution. What are you guys doing to take away the fear, and also the reality that as you provision all these, stand up all this infrastructure, services for customers, what are you guys doing to prevent phishing attacks from happening, security concerns, what's the Google story? >> So I think that more than anything, what we're trying to do is exactly what JD just said, which is externalize all the practices that we have. So, for example, at Google we have all sorts of internal tools that we've used, and internal practices. For example, we just published a whitepaper about our security practices where you need to have two vulnerabilities in order to break out of any system. We have all that written up there. We just published a whitepaper about encryption and how to do encryption by default, encryption between machines and so on. But I think what we're really doing is, we're helping people to operate like Google without having to spin up an entire SRE team as big as Google's to do it. An example is, we just released something internally, we have something called BeyondCorp. It's a non-firewall, non-VPN based way for you to authenticate against any Google system, using two-factor authentication, for our internal employees. Externally, we just released it, it's called, Internet, excuse me, IdentityAware proxy. You can use with literally any service that you have. You can provision a domain name, you can integrate with OAuth, you can, including Google OAuth or your own private OAuth. All those various things. That's simply a service that we offer, and so, really, y'know, I think-- >> And there's also multi, more than two-factor coming down the road, right? >> Exactly, actually IdentityAware proxy already supports two-factor. But I will say, one of the things that I always tell people, is a lot of enterprises say exactly what you said. "Jeez, this new world looks very scary to me. "I'm going to slow down." The problem is they're mistaken, under the mistaken impression that they're secure today. More than likely, they're not. They already have firewall, they already have VPN, and it's not great. In many ways, the enterprises that are going to win are the ones that lean in and move faster to the new world. >> Well, they have to, otherwise they're going to die, with IOT and all these benefits, they're exposed even as they are, just operationally. >> Yep. >> Just to support it. Okay, I want to get your thoughts, guys, on Google's role here at the Linux Foundation's CNCF KubeCon event. You guys do a lot of work in open source. You've got a lot of great fan base. I'm a fan of what you guys do, love the tech Google brings to the table. How do people get involved, what are you guys connecting with here, what's going on at the show, and how does someone get on board with the Google train? Certainly TensorFlow has been, it's like, great open source goodness, developers are loving it, what's going on? >> Well we have over almost 200 people from Google here at the show, helping and connecting with people, we have a Google booth which I invite people to stop by and tell about the different project we have. >> Yeah, and exactly like you said, we have an entire repo on Github. Anyone can jump in, all our things are open source and available for everyone to use no matter where they are. Obviously I've been on Kubernetes for a while. The Kubernetes project is on fire, Tensorflow is on fire, KubeFlow that we mentioned earlier is completely open source, we're integrating with Prometheus, which is a CNCF project. We are huge fans of these open source foundations and we think that's the direction that most software projects are going to go. >> Well congratulations, I know you guys invested a lot. I just want to highlight that. Again, to show my age, y'know these younger generation have no idea how hard open source was in the early days. I call it open bar and open source, you guys are bringing so much, y'know, everyone's drunk on all this goodness. Y'know, just these libraries you guys bringing to the table. >> David: Right. >> I mean Tensorflow is just the classic poster-child example. I mean, you're bringing a lot of stuff to the table. I mean, you invented Kubernetes. So much good stuff coming in. >> Yeah, I couldn't agree more. I hesitate to say we invented it. It really was a community effort, but yeah, absolutely-- >> But you opened it up, and you did it right, and did a good job. Congratulations. Thanks for coming on theCUBE, I'm going to see you at Google Next. theCUBE will be broadcasting live at Google Next in July. Of course we'll do a big drill-down on Google Cloud platform at that show. It's theCUBE here at KubeCon 2018 in Copenhagen, Denmark. More live coverage after this short break, stay with us. (upbeat music)

>> Announcer: Live from Munich, Germany; it's The Cube! Covering IBM Fast Track Your Data, brought to you by IBM. >> Welcome back to Munich, Germany everybody. This is The Cube, the leader in live tech coverage. We're covering Fast Track Your Data, IBM's signature moment here in Munich. Big themes around GDPR, data science, data science being a team sport. I'm Dave Vellante, I'm here with my co-host Jim Kobielus. Marc Altshuller is here, he's the general manager of IBM Business Analytics. Good to see you again Marc. >> Hey, always great to see you. Welcome, it's our first time together. >> Okay so we heard your key note, you were talking about the caveats of correlations, you were talking about rear view mirror analysis versus sort of looking forward, something that I've been sort of harping on for years. You know, I mean I remember the early days of "decision support" and the promises of 360 degree views of the customer, and predictive analytics, and I've always said it, "DSS really never lived up to that", y'know? "Will big data live up to that?" and we're kind of living that now, but what's your take on where we're at in this whole databean? >> I mean look, different customers are at different ends of the spectrum, but people are really getting value. They're becoming these data driven businesses. I like what Rob Thomas talked about on stage, right. Visiting companies a few years ago where they'd say "I'm not a technology company.". Now, how can you possibly say you're not a technology company, regardless of the industry. Your competitors will beat you if they are using data and you're not. >> Yeah, and everybody talks about digital transformation. And you hear that a lot at conferences, you guys haven't been pounding that theme, other than, y'know below the surface. And to us, digital means data, right? And if you're going to transform digitally, then it's all about the data, you mentioned data driven. What are you seeing, I mean most organizations in our view aren't "data driven" they're sort of reactive. Their CEO's maybe want to be data driven, maybe they're aboard conversations as to how to get there, but they're mostly focused on "Alright, how do we keep "the lights on, how do we meet our revenue targets, "how do we grow a little bit, and then whatever money "we have leftover we'll try to, y'know transform." What are you seeing? Is that changing? >> I would say, look I can give you an example right from my own space, the software space. For years we would have product managers, offering managers, maybe interviewing clients, on gut feel deciding what features to put at what priority within the next release. Now we have all these products instrumented behind the scenes with data, so we can literally see the friction points, the exit points, how frequently they come back, how long they're sessions are, we can even see them effectively graduating within the system where they continue to learn, and where they had shorter sessions, they're now going the longer sessions. That's really, really powerful for us in terms of trying to maximize our outcome from a software perspective. So that's where we kind of like, drink our own champagne. >> I got to ask you, so in around 2003, 2004 HBR had an article, front page y'know cover article of how "gut feel beats data and analytics", now this is 2003, 2004, software development as you know it's a lot of art involved, so my question is how are you doing? Is the data informing you in ways that are nonintuitive? And is it driving y'know, business outcomes for IBM? >> It is, look you see, I'll see like GM's of sports teams talking about maybe pushing back a little bit on the data. It's not all data driven, there's a little bit of gut, like is the guy going to, is he a checker in hockey or whatever that happens to be, and I would say, when you actually look at what's going on within baseball, and you look at the data, when you watch baseball growing up, the commentator might say something along the lines of "the pitcher has their stuff" right? "Does the pitcher have their stuff or not?". Now they literally know, the release point based on elevation, IOT within the state of the release point, the spin velocity of the ball, where they mathematically know "does the pitcher have their stuff?", are they hitting their locations? So all that stuff has all become data driven, and if you don't want to embrace it, you get beat, right? I mean even in baseball, I remember talking to one of these Moneyball type guys where I said like "Doesn't weather impact baseball?" And they're like "Yeah, we've looked at that, it absolutely impacts it." 'Cause you always hear of football and remember the old Peyton Manning thing? Don't play Peyton Manning in cold weather, don't bet on Peyton Manning in cold weather. So "I'm like isn't the same in baseball?", And he's like, absolutely it's the same in baseball, players preform different based on the climate. Do any mangers change their lineup based on that? Never. >> Speaking of HBR, I mean in the last few years there was also an article or two by Michael Shrage about the whole notion of real world experimentation and e-commerce, driven by data, y'know in line, to an operational process, like tuning the design iteratively of say, a shopping cart within your e-commerce environment, based on the stats on what work and what does not work. So, in many ways I mean AB testing, real world experimentation thrives on data science. Do you see AB testing becoming a standard business practice everywhere, or only in particular industries like you know, like the Wal-marts of the world? >> Yeah, look so, AB testing, multi-variant testing, they're pervasive, pretty much anyone who has a website ought to be doing this if they're not doing it already. Maybe some startups aren't quite into it. They prioritized in different spots, but mainstream fortune 500 companies are doing this, the tools have made it really easy. I would say, maybe the Achilles heel or the next frontier is, that is effectively saying, kind of creating one pattern of user, putting everyone in a single bucket, right? "Does this button perform better "when it's orange or when it's green? "Oh, it performs better orange." Really, does it perform well for every segmentation orange better than green or is it just a certain segmentation? So that next kind of frontier is going to be, how do we segment it, know a little bit more about you when you're coming in so that AB testing starts to build these kind of sub-profiles, sub-segmentation. >> Micro-segmentation, and of course, the end extreme of that dynamic is one-to-one personalization of experiences and engagements based on knowing 360 degrees about you and what makes you tick as well, so yeah. >> Altshuller: And add onto that context, right? You have your business, let's even keep it really simple, right, you've got your business life, you've got your social life, and your profile of what you're looking for when you're shopping your social life or something is very different than when you're shopping your business life. We have to personalize it to the idea where, I don't want to say schizophrenic but you do have multiple personalities from an online perspective, right? From a digital perspective it all depends in the moment, what is it that you're actually doing, right? And what are you, who are you acting for? >> Marc, I want to ask you, you're homies, your peeps are the business people. >> Yes. >> That's where you spend your time. I'm interested in the relationship between those business people and the data science teams. They're all, we all hear about how data science and unicorns are hard to find, difficult to get the skills, citizen data science is sort of a nirvana. But, how are you seeing businesses bring the domain expertise of the business and blending that with data science? >> So, they do it, I have some cautionary tales that I've experienced in terms of how they're doing it. They feel like, let's just assign the subject matter expert, they'll work with the data scientist, they'll give them context as they're doing their project, but unfortunately what I've seen time and time again, is that subject matter expert right out of the gate brings a tremendous amount of bias based on the types of analysis they've done in the past. >> Vellante: That's not how we do it here. >> Yeah, exactly, like "did you test this?". "Oh yeah, there's no correlation there, we've tried it." Well, just because there's no correlation, as I talked about onstage, doesn't mean it's not part of the pattern in terms of, like you don't want someone in there right off the bat dismissing things. So I always coach, when the business user subject matter experts become involved early, they have to be tremendously open-minded and not all of them can be. I like bringing them in later, because that data scientist, they are unbiased, like they see this data set, it doesn't mean anything to them, they're just numerically telling you what the data set says. Now the business user can then add some context, maybe they grabbed a field that really is an irrelevant field and they can give them that context afterwards. But we just don't want them shutting down, kind of roots, too early in the process. >> You know, we've been talking for a couple of years now within our community about this digital matrix, this digital fabric that's emerged and you're seeing these horizontal layers of technology, whether it's cloud or, you know, security, you all OAuth in with LinkedIn, Facebook, and Twitter. There's a data fabric that's emerging and you're seeing all these new business models, whether it's Uber or Airbnb or WAZE, et cetera, and then you see this blockbuster announcement last week, Amazon buying Whole Foods. And it's just fascinating to us and it's all about the data that a company like an Amazon can be a content company, could be a retail company, now it's becoming a grocer, you see Apple getting into financial services. So, you're seeing industries being able to traverse or companies being able traverse industries and it's all because of the data, so these conversations absolutely are going on in boardrooms. It's all about the digital transformation, the digital disruption, so how do you see, you know, your clients trying to take advantage of that or defend against that? >> Yeah look, I mean, you have to be proactive. You have to be willing to disrupt yourself in all these tech industries, it's just moving too quickly. I read a similar story, I think yesterday, around potentially Blockchain disrupting ridesharing programs, right? Why do you need the intermediary if you have this open ledger and these secure transactions you can do back and forth with this ecosystem. So there's another interesting disruption. Now do the ridesharing guys proactively get into that and promote it, or do they almost in slow motion, get replaced by that at some point. So yeah I think it's a come-on on all of us, like you don't remain a market lead, every market leader gets destructive at some point, the key is, do you disrupt yourself and you remain the market leader, or do you let someone else disrupt you. And if you get disrupted, how quickly can you recover. >> Well you know, you talked to banking executives and they're all talking Blockchain. Blockchain is the future, Bitcoin was designed to disintermediate the bank, so they're many, many banks are embracing it and so it comes back to the data. So my question I have, the discussion I'd like to have is how organizations are valuing data. You can't put data as a value on, y'know an asset on your balance sheet. The accounting industry standards don't exist. They probably won't for decades. So how are companies, y'know crocking data value, is it limiting their ability to move toward a data driven economy, is it a limiting factor that they don't have a good way to value their data, and understand how to monetize it. >> So I have heard of cases where companies have but data on their balance sheet, it's not mainstream at this point, but I mean you've seen it sometimes, and even some bankruptcy proceedings, their industry that's being in a bankruptcy protection where they say "Hey, but this data asset "is really where the value is." >> Vellante: And it's certainly implicit in valuations. >> Correct, I mean you see bios all the time based on the actual data sets, so yeah that data set, they definitely treasure it, and they realize that a lot of their answers are within that data set. And they also I think, understand that they're is a lot of peeling the onion that goes on when you're starting to work through that data, right? You have your initial thoughts, then you correct something based on what the data told you to do, and then the new data comes in based on what your new experience is, and then all of a sudden you have, you see what your next friction point is. You continue to knock down these things, so it is also very iterative working with that data asset. But yeah, these companies are seeing it's very value when they collect the data, but the other thing is the signal of what's driving your business may not be in your data, more and more often it may be in market data that's out there. So you think about social media data, you think about weather data and being able to go and grab that information. I remember watching the show Millions, where they talk about the hedge fund guys running satellites over like Wal-mart parking lots to try to predict the redux for the quarter, right? Like, you're collecting all this data but it's out there. >> Or maybe the value is not so much in the data itself, but in what it enables you to develop as a derivative asset, meaning a statistical predictive model or machine learning model that shows the patterns that you can then drive into, recommendation engines, and your target marketing y'know applications. So you see any clients valuate, doing their valuation of data on those derivative assets? >> Altshuller: Yeah. >> In lieu of... >> In these new business models I see within corporations that have been around for decades, it's actual data offers that they make to maybe their ecosystem, their channel. "Here's data we have, here's how you interpret it, "we'll continue to collect it, we'll continue to curate it, "we'll make it available." And this is really what's driving your business. So yeah, data assets become something that, companies are figuring out how to monetize their data assets. >> Of course those derived assets will decay if those models of, for example machine learning models are not trained with fresh, y'know data from the sources. >> And if we're not testing for new variable too, right? Like if the variable was never in the model, you still have to have this discovery process, that's always going on the see what new variables might be out there, what new data set, right. Like if a new IOT sensor in the baseball stadium becomes available, maybe that one I talked about with elevation of the pitcher, like until you have that you can't use it, but once you have it you have to figure out how to use it. >> Alright lets bring it back to your business, what can I buy from you, what do sell, what are your products? >> Yeah so after being in business analytics is Cognos analytics, Watson analytics, Watts analytics for social media, and planning analytics. Cognos is the "what", what's going on in my business. Watts analytics is the "why", planning analytics is "what do we think is going to happen?". We're starting to do more and more smarter, what do we think's going to happen based on these predictive models instead of just guessing what's going to happen. And then social media really gets into this idea of trying to find the signal, the sentiment. Not just around your own brand, it could be a competitor recall, and what now the intent is of that customer, are they going to now start buying other products, or are they going to stick with the recall company. >> Vellante: Okay so the starting point of your business having Cognos, one of the largest acquisitions ever in IBM's history, and of course it was all about CFO's and reporting and Sarbanes-Oxley was a huge boom to that business, but as I was saying before it, it never really got us to that predictive era. So you're layering those predictive pieces on top. >> That's what you saw on stage. >> Yes, that's right, what, so we saw on stage, and then are you selling to the same constituencies? Or how is constituency that you sell to changing? >> Yeah, no it's actually the same. Well Cognos BI, historically was selling to IT, and Cognos Analytics is selling to the business. But if we take that leap forward then we're now in the market, we have been for a few years now at Cognos Analytics. Yeah, that capability we showed onstage where we talked about not only what's going on, why it's going on, what will happen next, and what we ought to do about it. We're selling that capability for them, the business user, the dashboard becomes like a piece of glass to them. And that glass is able to call services that they don't have to be proficient in, they just want to be able to use them. It calls the weather service, it calls the optimization service, it calls the machine learning data sign service, and it actually gives them information that's forward looking and highly accurate, so they love it, 'cause it's cool they haven't had anything like that before. >> Vellante: Alright Marc Altshuller, thanks very much for coming back on The Cube, it's great to see you. >> Thank you. >> "You can't measure heart" as we say in boston, but you better start measuring. Alright keep right there everybody, Jim and I will right back after this short break. This is The Cube, we're live from Fast Track Your Data in Munich. We'll be right back. (upbeat jingle) (thoughtful music)

>> Hey, welcome back everybody. Jeff Frick here with the CUBE. We are in downtown San Francisco at the Twitter headquarters for a big event, the Data Privacy Day that's been going on for years and years and years. It's our first visit and we're excited to be here. And our next guest is going to talk about something that is near and dear to all of our hearts. Eve Maler, she's the VP Innovation and Emerging Technology for ForgeRock. Welcome. >> Thank you so much. >> Absolutely. So for people who aren't familiar with ForgeRock, give us a little background on the company. >> Sure. So, of course, the digital journey for every customer and consumer and patient and citizen in the world is so important because trust is important. And so what ForgeRock is about is about creating that seamless digital identity journey throughout cloud, mobile, internet of things, devices, across all of their experiences in a trustworthy and secure way. >> So one of the topics that we had down and getting ready for this was OAuth. >> Yes. >> And as the proliferation of SAS applications continues to grow both within our home life as well as our work life, we have these pesky things called passwords which no one can remember and they force you to change all the time. So along comes OAuth. >> Yes. So OAuth is one of those technologies... I'm kind of a standards wonk. I actually had a hand in creating XML for those people who remember XML. >> Jeff: That's right. >> OAuth took a tact of saying, "Let's get rid of what's called the password anti-pattern. "Let's not give out our passwords to third party services and applications so that we can just give those applications what's called an access token. Instead it's meant just for that application. In fact, Twitter... We're heard at Twitter headquarters. Twitter uses that OAuth technology. And I'm involved in a standard, being a standards wonk, that builds on top of OAuth called user managed access. And it uses this so that we can share access with applications in the same way. And we can share access also with other people using applications. So for example, the same way we hit a share button in Google, Alice hits a share button to share access with a document with Bob. We want to allow every application in the world to be able to do that, not just GoogleDocs, GoogleSheets, and so on. So OAuth is powerful and user managed access is powerful for privacy in the same way. >> Now there's OAuth and I use my Twitter OAuth all the time. Or with Google. >> That's right. >> And then there's these other kind of third party tools which add kind of another layer. >> So you might use like tweetbot is something I like to use on my phone to tweet. >> Jeff: Right, right. >> And so there's... >> Well there's the tweetbot. But then there's these pure, like identity password manager applications which you know you load it into there and then... >> LastPass or something like that. >> Right, right, right. >> One password people use yeah >> To me it's just like wow, that just seems like it's adding another layer. And if oh my gosh, if I forget the LastPass password, I'm really in bad shape. >> You are. >> Not just the one application, but a whole bunch. I mean, how do you see the space kind of evolving to where we got to now? And how is it going to change going forward? It just fascinates me that you still have passwords when our phones have fingerprint. >> TouchID. >> Why can't it just work off my finger? >> More and more, SAS services and applications are actually becoming more sensitive to multifactor authentication, strong authentication, what we at ForgeRock would actually call contextual authentication and that's a great way to go. So they're leveraging things like TouchID, like device fingerprint, for example. Recognizing that the devices kind of represents you and your unique way of using the device. And in that way, we can start to do things like what's called a password list flow. Where it can, most of the time, or all of the time, actually not even use a password. And so, I don't know, I used to be an industry analyst and 75 percent of my conversations with folks like you would be about passwords. And more frequently, I would say now, we're getting into the topic of people are more password savvy and more of the time people are turning on things like multifactor authentication and more of that it knows the context that I'm using my corporate WiFi which is safer. Or I'm using a familiar device. And that means I don't have to use the password as often. So that's contextual authentication. Meaning I don't have to use that insecure password so often. >> Jeff: Right. >> So I think the world has gotten actually a little bit smarter about authentication. I'm hoping. And actually, technologies like OAuth and the things that are based on OAuth like OpenIDConnect which is an identity technology, a modern identity, federated identity technology. And things like user managed access are leveraging the fact that OAuth is getting away from having to use, if it was a password based authentication, not flinging the password around the internet, which is the problem. >> Right, right. Okay so that's good, that's getting better, but now we have this new thing. Internet of things. >> Yes indeed. >> And people are things. But now we've got connected devices, they're not necessarily ones that I purchased, that I authorized, that I even maybe am aware of. >> Like a beacon on a wall, just observing you. >> Like a beacon on a wall and sensors, and the proliferation is just now really starting to run. So from a privacy point of view, how does kind of IOT that I'm not directly involved with compare to IOT with my Alexa compare to applications that I'm actively participating in. How do those lines start to blur? And how does the privacy issues kind of spill over now into managing this wild world of IOT? >> Yeah, there's a couple of threads with the Internet of Things. And so I'm here today at this Data Privacy Day Event to participate on a panel about the IOT tipping point. And there's a couple of threads that are just really important. One is the security of these devices is in large part, a device identity theft problem with this dyn attack. In fact, that was an identity theft problem of devices. We had poorly authenticated devices. We had devices that have identities they have identities, they have identifiers, and they have secrets. And it was a matter of their own passwords being easily taken over. It was account takeovers, essentially for devices, that was the problem. And that's something we have to be aware of. So, you know, just like applications and services can have identities, just like people, we've always known that. It's something our platform can handle. We need to authenticate our devices better and that's something manufacturers have to take responsibility for. >> Jeff: Right. >> And we can see the government agencies starting to crack down on that which is a really good thing. The second thing is there's a saying in the healthcare world for people who are working on patient privacy rights, for example. And the saying is, no data about me without me. So there's got to be a kind of a pressure, you know we see whenever there's a front page news article about the latest password breach. We don't actually see so many password breaches anymore as we see this multifactor authentication come in to play. So that's the industry pressures coming in to play. Where passwords become less important because we have multifactor. We're starting to see consumer pressure say I want to be a part of this. I want you to tell me what you shared. I want more transparency, and I want more control. And that's got to be part of the equation now when it comes to these devices. It's got to be not just more transparent, but what is it you're sharing about me? >> Jeff: Right. >> Last year I actually bought, maybe this is TMI, I always have this habit of sharing too much information, >> That's okay, we're on theCUBE we like >> Being honest here. >> To go places other companies don't go. >> I bought one of those adjustable beds that actually has an air pump that... >> What's your number? Your sleep number. >> It is, it's a Sleep Number bed and it has a feature that connects to an app that tells you how well you slept. You look at the terms and conditions and it says we own your biometric data, we are free to do whatever we want. >> Where did you even find the terms and conditions? >> They're right there on the app, to use the app. >> Oh in the app, in the app. >> You have to say yes. >> So you actually read before just clicking on the box. >> Hey, I'm a privacy pro, I've got to. >> Right, right, right. >> And of course, I saw this, and to use the feature, you have to opt in. >> Right. >> This is the way it is. There's no choice, and they probably got some lawyer... This is the risk management view of privacy. It's no longer tenable to have just a risk management view because the most strategic and the most robust way to see your relationship with your customers is you have to realize there's two sides to the bargain because businesses are commoditized now. There's low switching costs to almost anything. I mean, I bought a bed, but I don't have to have that feature. >> Do you think, do you think they'll break it up? So you want the bed, you're using a FitBit or something else to tell you whether you got a good night's sleep or not. Do you see businesses starting to kind of break up the units of information that they're taking and can they deliver an experience based on a fragmented selection? >> I do believe so. So, user managed access and certain technologies like it, standards like it, there's a standard called consent receipts. They're based on a premise of being able to now deliver convenient control to users. There's even, so there's regulations that are coming like the general data protection regulation in the EU. It's bearing down on pretty much every multinational, every global enterprise that monitors or sells to an EU citizen. That's pretty much every enterprise. >> Jeff: Right, right. >> That demands that individuals get some measure of the ability to withdraw consent in a convenient fashion. So we've got to have consent tech that measures up to the policy that these >> Right. >> organizations have to have. So this is coming whether we sort of like it or not. But we should have a robust and strategic way of exposing to these people the kind of control that they want anyway. >> Jeff: Right. >> They all tell us they want it. So in essence, personal data is becoming a joint asset. We have to conceive of this that way. >> So that's in your... So that's in your sleep app, but what about the traffic cameras and the public facility? >> Yeah. >> I mean, they say in London right you're basically on camera all the time. I don't know if that's fact or not, but clearly there's a lot >> That's true, CCTV, yeah. Of cameras that are tracking your movements. You don't get a chance to opt in or out. >> That is actually true, that's a tough case. >> You don't know. >> The class of... Yeah. The class of beacons. >> And security, right. Obviously, post 9/11 world, that's usually the justification for we want to make sure something bad doesn't happen again. We want to keep track. >> Yeah. >> So how does kind of the government's role in that play? And even in the government, then you have you know all these different agencies, whether it's the traffic agency or even just a traffic camera that maybe KCBS puts up to keep track of you know, it says slow down >> Yeah. >> Between two exits. How does that play into this conversation? >> Yeah, where you don't have an identified individual. And not even an identifiable individual, these are actually terms if you look at GDPR, which I've read closely. It is a tougher case, although I have worked... One of the members of my user managed access working group is one of the sort of experts on UK CCTV stuff. And it is a very big challenge to figure out. And governments do have a special duty of care to figure this out. And so the toughest cases are when you have beacons that just observe passively. Especially because the incentives are such that, I will grant you, the incentives are such that, well how do they go and identify somebody who's hard to identify and then go inform them and be transparent about what they're doing. >> Jeff: Right, right. >> So in those cases, even heuristically identifying somebody is very, very tough. However, there is a case where eye beacons in, say, retail stores do have a very high incentive to identify their consumers and their retail customers. >> Right. >> And in those cases, the incentives flip in the other direction towards transparency and reaching out to the customer. >> Yeah. The tech of these things of someone who I will not name, recently got a drive through red light ticket. >> Yep. >> And the clarity of the images that came in that piece of paper that I saw was unbelievable. >> Yes. >> So I mean, if you're using any kind of monitoring equipment, the ability to identify is pretty much there. >> Now we have cases... So this just happened, actually I'm not going to say, do I say it was to me or to my husband? It was in a non-smart car in a non-smart circumstance where simply a red light camera that takes a picture of an identified car, so you've got a license plate and that binds it to a registered owner of a car. >> Right. >> Now I have a car that's registered in the name of a trust. They didn't get a picture of the driver. They got a picture of the car. So now here we can talk about, let's translate that from a dumb car circumstance, registered to a trust, not to an individual, they sent us what amounted to a parking ticket. Cause they couldn't identify the driver. So now that gives us an opportunity to map that to an IOT circumstance. Because if you've got a smart device. You've got a person, you've got a cloud account. What you need to do is the ability to, in responsible secured fashion, bind a smart device to a person and their cloud account. And the ability to unbind. So now we're back to having an identity centric architecture for security and privacy that knows how to... I'll give you a concrete example, let's say you've got a fleet vehicle in a police department. You assign it to whatever cop on the beat. And at the end of their shift, you assign the car to another cop. What happens on one shift and what happens on another shift is a completely different matter. And it's a smart car, maybe it's a cop who has a uniform with some sort of camera, you know body cam. That's another smart device, and those body cams also get reassigned. So you want whatever was recorded, in the car, on the body cam, with the cop, and with their whatever online account it is, you want the data to go with the cop, only when the cop is using the smart devices that they've been assigned and you want the data for somebody else to go with the somebody else. So in these cases, the binding of identities and the unbinding of identities is critical to the privacy of that police person. >> Jeff: Right, right. >> And to the integrity of the data. So this is why I think of identity centric security and privacy as being so important. And we actually say, at ForgeRock, we say identity relationship management is being so key. >> And whether you use it or not, it is really kind of after the fact of being able to effectively tie the two together. >> You have to look at the relationships in order to know whether it's viable to associate the police person's identity with the car identity. Did something happen to the car on the shift? Did something through the view of the camera on the shift? >> Right, right. And all this is underlaid by trust, which has come up in a number of these interviews today. And unfortunately we're in a situation now if you read all the surveys. And the government particularly, these are kind of the more crazy cases cause businesses can choose to or not to and they've got a relationship with the customer. But on the government side, where there's really no choice, right, they're there. Right now, I think we're at a low point on the trust factor. >> Indeed. >> So how is that, and if you don't trust, then these things are seen as really bad as opposed to if you do trust and then maybe they're just inconvenient or they're not quite worked out all the way. So as this trust changes and fake news and all this other stuff going on right now, how is that impacting the implementation of these technologies? >> Well ask me if I said yes to the terms and conditions. (laughter) Of the sleep app, right. I mean I said yes, I said yes. And I didn't even ask for the app, you know my husband signed up for the free trial. >> Just showed up on my phone. Cause I was in proximity >> I said this one on stage >> to the bed, right? >> at RSA so this is not news. I'm not breaking news here. But you know, consumers want the features, they want convenience, they want value. So it's unreasonable, I believe to simply mount an education campaign and thereby change the world. I do think it's good to have general awareness of what to demand and that's why I say no data about me without me. That's what people should be demanding is to be let in to the loop. Because that gives them more convenience and value. >> Right. >> They want share buttons. I mean, we saw that with the initial introduction of CareKit with Apple. Because that enabled what, people who are involved in user managed access, we call ourselves Umanitarians. So umanitarians like to say, like to call it Alice to Bob sharing, that's the use case. >> Jeff: Okay. >> And it enabled Alice to Dr. Bob sharing. That's a real use case. And IOT kind of made real that use case. When web and mobile and API, I don't think we thought about it so much as a positive use case, although in healthcare it's been a very real thing with EHR. You know you can go into your EHR system and you can see it, you can share with a spouse your allergy record or something, it's there. >> Right, right, right. >> But with IOT, it's a really positive thing. I've talked to folks in my day job about sharing access to a connected car to a remote user. You know, we've seen the experiments with let somebody deliver a package into the trunk of my car, but not get access to driving the car. These are real. That's better than saving >> I've heard that one actually >> Saving a little money by having smart light bulbs is not as good as you've got an Airbnb renter and you want to share limited access to all your stuff while you're away with your renter and then shut down access after you leave, that's an uma use case, actually. And that's good stuff. I could make money. >> Jeff: Right. >> Off of sharing that way. That's convenience and value. >> It's only, I just heard the other day that Airbnb is renting a million rooms a night. >> There you go. >> So not insignificant. >> So once you've have... You have a home that's bristling with smart stuff, you know. That's when it really makes sense to have a share button on all that stuff. It's not just data you're sharing. >> Well Eve, we could go on and on and on. >> Apparently. >> Are you going to be at RSA in a couple of weeks? >> Absolutely. >> Absolutely. >> I'm actually speaking about consent management. >> Alright, well maybe we'll see you there. >> That would be great. >> But I want to thank you for stopping by. >> It's a pleasure. >> And I really enjoyed the conversation. >> Me too, thanks. >> Alright, she's Eve, I'm Jeff, you're watching theCUBE. We'll catch you next time, thanks for watching. (upbeat music)