>>Welcome back to the Cube, as a continued coverage here from AWS Reinvent 22. It's day three of our coverage here at the Venetian in Las Vegas, and we're part of the AWS Global Startup Showcase. With me to talk about what Kong's to in that regard is Marco Palladino, who's the, the CTO and the co-founder of Con Marco. Good >>To see you. Well, thanks for having me >>Here. Yeah, I was gonna say, by the way, I, I, you've got a beautiful exhibit down on the show floor. How's the week been for you so far as an exhibitor here? >>It's been very busy. You know, to this year we made a big investment at the WS reinvent. You know, I think this is one of the best conferences in the industry. There is technology developers, but it's also business oriented. So you can learn about all the business outcomes that our, you know, customers or, you know, people are trying to make when, when adopting these new technologies. So it's very good so far. >>Good, good, good to hear. Alright, so in your world, the API world, you know, it used to be we had this, you know, giant elephant. Now we're cutting down the little pieces, right? That's right. We're all going micro now these days. That's right. Talk about that trend a little bit, what you're seeing, and we'll jump in a little deeper as to how you're addressing that. >>Well, I think the industry learned a long time ago that running large code bases is actually quite problematic when it comes to scaling the organization and capturing new opportunities. And so, you know, we're transitioning to microservices because we want to get more opportunities in our business. We want to be able to create new products, fasters, we want to be able to leverage existing services or data that we have built, like an assembly line of software, you know, picking up APIs that other developers are building, and then assemble them together to create new experiences or new products, enter new markets. And so microservices are fantastic for that, except microservices. They also introduce significant concerns on the networking layer, on the API layer. And so this is where Kong specializes by providing API infrastructure to our customers. >>Right. So more about the problems, more about the challenges there, because you're right, it, opportunities always create, you know, big upside and, and I, I don't wanna say downside, but they do introduce new complexities. >>That's right. And introducing new complexity. It's a little bit the biggest enemy of any large organization, right? We want to reduce complexity, we want to move faster, we want to be more agile, and, and we need an API vision to be able to do that. Our teams, you know, I'm speaking with customers here at Reinvent, they're telling me that in the next five years, the organization is going to be creating more APIs than all the APIs they've created up until now. Right? So how do you >>Support, that's a mind boggling number, right? >>It's mind boggling. Yeah, exactly. How do you support that type of growth? And things have been moving so fast. I feel like there is a big dilemma in, you know, with certain organizations where, you know, we have not taught a long term strategy for APIs, whereas we do have a long term strategy for our business, but APIs are running the business. We must have a long term strategy for our APIs, otherwise we're not gonna be able to execute. And that's a big dilemma right now. Yeah. >>So, so how do we get the horse back in front of the cart then? Because it's like you said, it's almost as if we've, we're, we're reprioritizing, you know, incorrectly or inaccurately, right? You're, you're getting a little bit ahead of ourselves. >>Well, so, you know, whenever we have a long-term strategy for pretty much anything in the organization, right? We know what we want to do. We know the outcome that we want to achieve. We work backwards to, you know, determine what are the steps that are gonna bring us there. And, and the responsibility for thinking long term in, in every organization, including for APIs at the end of the day, always falls on the leaders and the should on the shoulders of the leadership and, and to see executives of the organization, right? And so we're seeing, you know, look at aws by the way. Look at Amazon. This conference would not have been possible without a very strong API vision from Amazon. And the CEO himself, Jeff Bezos, everybody talks about wanting to become an API first organization. And Amazon did that with the famous Jeff Bezos mandate today, aws, it's a hundred billion revenue for Amazon. You see, Amazon was not the first organization with, with an e-commerce, but if it was the first one that married a very strong e-commerce business execution with a very strong API vision, and here we are. >>So yeah, here we are putting you squarely in, in, in a pretty good position, right? In terms of what you're offering to the marketplace who has this high demand, you see this trend starting to explode. The hockey sticks headed up a little bit, right? You know, how are you answering that call specifically at how, how are you looking at your client's needs and, and trying to address what they need and when they need it, and how they need it. Because everybody's in a kind of a different place right now. >>Right? That's exactly right. And so you have multiple teams at different stages of their journey, right? With technology, some of them are still working on legacy, some of them are moving to the cloud. Yep. Some of them are working in containers and in microservices and Kubernetes. And so how do you, how do we provide an API vision that can fulfill the needs of the entire organization in such a way that we reduce that type of fragmentation and we don't introduce too much complexity? Well, so at con, we do it by essentially splitting the API platform in three different components. Okay. One is API management. When, whenever we want to expose APIs internally or to an ecosystem of partners, right? Or to mobile, DRA is a service mesh. You know, as we're splitting these microservices into smaller parts, we have a lot of connectivity, all, you know, across all the services that the teams are building that we need to, to manage. >>You know, the network is unreliable. It's by default, not secure, not observable. There is nothing that that works in there. And so how do we make that network reliable without asking our teams to go and build these cross-cut concerns whenever they create a new service. And so we need a service match for that, right? And then finally, we could have the best AP infrastructure in the world, millions of APIs and millions of microservices. Everything is working great. And with no API consumption, all of that would be useless. The value of our APIs and the value of our infrastructure is being driven by the consumption that we're able to drive to all of these APIs. And so there is a whole area of API productivity and discovery and design and testing and mocking that enables the application teams to be successful with APIs, even when they do have a, the proper API infrastructure in place that's made of meshes and management products and so on and so forth. Right. >>Can you gimme some examples? I mean, at least with people that you've been working with in terms of addressing maybe unique needs. Cuz again, as you've addressed, journeys are in different stages now. Some people are on level one, some people are on level five. So maybe just a couple of examples Yeah. Of clients with whom you've been working. Yeah, >>So listen, I I was talking with many organizations here at AWS Reinvent that are of course trying to migrate to the cloud. That's a very common common transformation that pretty much everybody's doing in the world. And, and how do you transition to the cloud by de-risking the migration while at the same time being able to get all the benefits of, of running in the cloud? Well, we think that, you know, we can do that in two, two ways. One, by containerizing our workloads so that we can make them portable. But then we also need to lift and shift the API connectivity in such a way that we can determine how much traffic goes to the legacy and how much traffic goes to the new cloud infrastructure. And by doing that, we're able to deal with some of these transformations that can be quite complex. And then finally, API infrastructure must support every team in the organization. >>And so being able to run on a single cloud, multi-cloud, single cluster, multi cluster VMs containers, that's important and essential because we want the entire organization to be on board. Because whenever we do not do that, then the developers will make short term decisions that are not going to be fitting into the organizational outcomes that we want to achieve. And we look at any outcome that your organization wants to achieve the cloud transformation, improving customer retention, creating new products, being more agile. At the end of the day, there is an API that's powering that outcome. >>Right? Right. Well, and, and there's always a security component, right? That you have to be concerned about. So how are you raising that specter with your clients to make them aware? Because sometimes it, I wouldn't say it's an afterthought, but sometimes it's not the first thought. And, and obviously with APIs and with their integral place, you know, in, in the system now security's gotta be included in that, right? >>API security is perhaps the biggest, biggest request that we're hearing from customers. You know, 83% of the world's internet traffic at the end of the day runs on APIs, right? That's a lot of traffic. As a matter of fact, APIs are the first attack vector for any, you know, malicious store party. Whenever there is a breach, APIs must be secured. And we can secure APIs on different layers of our infrastructure. We can secure APIs at the L four mesh layer by implementing zero trust security, for example, encrypting all the traffic, assigning an identity to every service, removing the concept of trust from our systems because trust is exploitable, right? And so we need to remove the cut zero trust, remove the concept of trust, and then once we have that underlying networking that's being secure and encrypted, we want to secure access to our APIs. >>And so this is the typical authentication, authorization concerns. You know, we can use patterns like op, op or opa open policy agent to create a security layer that does not rely on the team's writing code every time they're creating a new service. But the infrastructure is enforcing the type of layer. So for example, last week I was in Sweden, as a matter of fact speaking with the largest bank in Sweden while our customers, and they were telling us that they are implementing GDPR validation in the service mesh on the OPPA layer across every service that anybody's building. Why? Well, because you can embed the GDPR settings of the consumer into a claim in a gel token, and then you can use OPPA to validate in a blanket way that Jo Token across every service in the mesh, developers don't have to do that. It just comes out of the box like that. And then finally, so networking, security, API security for access and, and management of those APIs. And then finally we have deep inspection of our API traffic. And here you will see more exotic solutions for API security, where we essentially take a subset of our API traffic and we try to inspect it to see if there is anybody doing anything that they shouldn't be doing and, and perhaps block them or, you know, raise, raise, raise the flag, so to speak. >>Well, the answer is probably yes, they are. Somebody's trying to, somebody's trying to, yeah, you're trying to block 'em out. Before I let you go, you've had some announcements leading up here to the show that's just to hit a few of those highlights, if you would. >>Well, you know, Kong is an organization that you know, is very proud of the technology that we create. Of course, we started with a, with the API gateway Con Gateway, which was our first product, the most adopted gateway in the world. But then we've expanded our platform with service mesh. We just announced D B P F support in the service mesh. For example, we made our con gateway, which was already one of the fastest gateway, if not the fastest gateway out there, 30% faster with Con Gateway 3.0. We have shipped an official con operator for Kubernetes, both community and enterprise. And then finally we're doubling down on insomnia, insomnia's, our API productivity application that essentially connects the developers with the APIs that are creating and allows them to create a discovery mechanism for testing, mocking the bagging, those APIs, all of this, we of course ship it OnPrem, but then also on the cloud. And you know, in a cloud conference right now, of course, cloud, right? Right. Is a very important part of our corporate strategy. And our customers are asking us that. Why? Because they don't wanna manage the software, they want the API platform, they don't, don't wanna manage it. >>Well, no, nobody does. And there are a few stragglers, >>A few, a few. And for them there is the on-prem >>Platform. Fine, let 'em go. Right? Exactly. But if you wanna make it a little quick and dirty, hand it off, right? Oh, >>That's exactly right. Yes. >>Let Con do the heavy lifting for you. Hey Marco, thanks for the time. Yeah, thank you so much. We appreciate, and again, congratulations on what appears to be a pretty good show for you guys. Yeah, thank you. Well done. All right, we continue our discussions here at aws. Reinvent 22. You're watching the Cube, the leader in high tech coverage. >>Okay.

>>Hey guys and girls, welcome back to Motor City, Lisa Martin here with John Furrier on the Cube's third day of coverage of Coon Cloud Native Con North America. John, we've had some great conversations over the last two and a half days. We've been talking about identity and security management as a critical need for enterprises within the cloud native space. We're gonna have another quick conversation >>On that. Yeah, we got a great segment coming up from someone who's been in the industry, a long time expert, running a great company. Now it's gonna be one of those pieces that fits into what we call super cloud. Others are calling cloud operating system. Some are calling just Cloud 2.0, 3.0. But there's definitely a major trend happening around how cloud is going Next generation. We've been covering it. So this segment should be >>Great. Let's unpack those trends. One of our alumni is back with us, O Rika Zi, co-founder and CEO of Aerio. Omri. Great to have you back on the >>Cube. Thank you. Great to be here. >>So identity move to the cloud, Access authorization did not talk to us about why you found it assertive, what you guys are doing and how you're flipping that script. >>Yeah, so back 15 years ago, I helped start Azure at Microsoft. You know, one of the first few folks that you know, really focused on enterprise services within the Azure family. And at the time I was working for the guy who ran all of Windows server and you know, active directory. He called it the linchpin workload for the Windows Server franchise, like big words. But what he meant was we had 95% market share and all of these new SAS applications like ServiceNow and you know, Workday and salesforce.com, they had to invent login and they had to invent access control. And so we were like, well, we're gonna lose it unless we figure out how to replace active directory. And that's how Azure Active Directory was born. And the first thing that we had to do as an industry was fix identity, right? Yeah. So, you know, we worked on things like oof Two and Open, Id Connect and SAML and Jot as an industry and now 15 years later, no one has to go build login if you don't want to, right? You have companies like Odd Zero and Okta and one login Ping ID that solve that problem solve single sign-on, on the web. But access Control hasn't really moved forward at all in the last 15 years. And so my co-founder and I who were both involved in the early beginnings of Azure Active directory, wanted to go back to that problem. And that problem is even bigger than identity and it's far from >>Solved. Yeah, this is huge. I think, you know, self-service has been a developer thing that's, everyone knows developer productivity, we've all experienced click sign in with your LinkedIn or Twitter or Google or Apple handle. So that's single sign on check. Now the security conversation kicks in. If you look at with this no perimeter and cloud, now you've got multi-cloud or super cloud on the horizon. You've got all kinds of opportunities to innovate on the security paradigm. I think this is kind of where I'm hearing the most conversation around access control as well as operationally eliminating a lot of potential problems. So there's one clean up the siloed or fragmented access and two streamlined for security. What's your reaction to that? Do you agree? And if not, where, where am I missing that? >>Yeah, absolutely. If you look at the life of an IT pro, you know, back in the two thousands they had, you know, l d or active directory, they add in one place to configure groups and they'd map users to groups. And groups typically corresponded to roles and business applications. And it was clunky, but life was pretty simple. And now they live in dozens or hundreds of different admin consoles. So misconfigurations are rampant and over provisioning is a real problem. If you look at zero trust and the principle of lease privilege, you know, all these applications have these course grained permissions. And so when you have a breach, and it's not a matter of if, it's a matter of when you wanna limit the blast radius of you know what happened, and you can't do that unless you have fine grained access control. So all those, you know, all those reasons together are forcing us as an industry to come to terms with the fact that we really need to revisit access control and bring it to the age of cloud. >>You guys recently, just this week I saw the blog on Topaz. Congratulations. Thank you. Talk to us about what that is and some of the gaps that's gonna help sarto to fill for what's out there in the marketplace. >>Yeah, so right now there really isn't a way to go build fine grains policy based real time access control based on open source, right? We have the open policy agent, which is a great decision engine, but really optimized for infrastructure scenarios like Kubernetes admission control. And then on the other hand, you have this new, you know, generation of access control ideas. This model called relationship based access control that was popularized by Google Zanzibar system. So Zanzibar is how they do access control for Google Docs and Google Drive. If you've ever kind of looked at a Google Doc and you know you're a viewer or an owner or a commenter, Zanzibar is the system behind it. And so what we've done is we've married these two things together. We have a policy based system, OPPA based system, and at the same time we've brought together a directory, an embedded directory in Topaz that allows you to answer questions like, does this user have this permission on this object? And bringing it all together, making it open sources a real game changer from our perspective, real >>Game changer. That's good to hear. What are some of the key use cases that it's gonna help your customers address? >>So a lot of our customers really like the idea of policy based access management, but they don't know how to bring data to that decision engine. And so we basically have a, you know, a, a very opinionated way of how to model that data. So you import data out of your identity providers. So you connect us to Okta or oze or Azure, Azure Active directory. And so now you have the user data, you can define groups and then you can define, you know, your object hierarchy, your domain model. So let's say you have an applicant tracking system, you have nouns like job, you know, know job descriptions or candidates. And so you wanna model these things and you want to be able to say who has access to, you know, the candidates for this job, for example. Those are the kinds of rules that people can express really easily in Topaz and in assertive. >>What are some of the challenges that are happening right now that dissolve? What, what are you looking at to solve? Is it complexity, sprawl, logic problems? What's the main problem set you guys >>See? Yeah, so as organizations grow and they have more and more microservices, each one of these microservices does authorization differently. And so it's impossible to reason about the full surface area of, you know, permissions in your application. And more and more of these organizations are saying, You know what, we need a standard layer for this. So it's not just Google with Zanzibar, it's Intuit with Oddy, it's Carta with their own oddy system, it's Netflix, you know, it's Airbnb with heed. All of them are now talking about how they solve access control extracted into its own service to basically manage complexity and regain agility. The other thing is all about, you know, time to market and, and tco. >>So, so how do you work with those services? Do you replace them, you unify them? What is the approach that you're taking? >>So basically these organizations are saying, you know what? We want one access control service. We want all of our microservices to call that thing instead of having to roll out our own. And so we, you know, give you the guts for that service, right? Topaz is basically the way that you're gonna go implement an access control service without having to go build it the same way that you know, large companies like Airbnb or Google or, or a car to >>Have. What's the competition look like for you guys? I'm not really seeing a lot of competition out there. Are there competitors? Are there different approaches? What makes you different? >>Yeah, so I would say that, you know, the biggest competitor is roll your own. So a lot of these companies that find us, they say, We're sick and tired of investing 2, 3, 4 engineers, five engineers on this thing. You know, it's the gift that keeps on giving. We have to maintain this thing and so we can, we can use your solution at a fraction of the cost a, a fifth, a 10th of what it would cost us to maintain it locally. There are others like Sty for example, you know, they are in the space, but more in on the infrastructure side. So they solve the problem of Kubernetes submission control or things like that. So >>Rolling your own, there's a couple problems there. One is do they get all the corner cases who built a they still, it's a company. Exactly. It's heavy lifting, it's undifferentiated, you just gotta check the box. So probably will be not optimized. >>That's right. As Bezo says, only focus on the things that make your beer taste better. And access control is one of those things. It's part of your security, you know, posture, it's a critical thing to get right, but you know, I wanna work on access control, said no developer ever, right? So it's kind of like this boring, you know, like back office thing that you need to do. And so we give you the mechanisms to be able to build it securely and robustly. >>Do you have a, a customer story example that is one of your go-tos that really highlights how you're improving developer productivity? >>Yeah, so we have a couple of them actually. So there's the largest third party B2B marketplace in the us. Free retail. Instead of building their own, they actually brought in aer. And what they wanted to do with AER was be the authorization layer for both their externally facing applications as well as their internal apps. So basically every one of their applications now hooks up to AER to do authorization. They define users and groups and roles and permissions in one place and then every application can actually plug into that instead of having to roll out their own. >>I'd like to switch gears if you don't mind. I get first of all, great update on the company and progress. I'd like to get your thoughts on the cloud computing market. Obviously you were your legendary position, Azure, I mean look at the, look at the progress over the past few years. Just been spectacular from Microsoft and you set the table there. Amazon web service is still, you know, thundering away even though earnings came out, the market's kind of soft still. You know, you see the cloud hyperscalers just continuing to differentiate from software to chips. Yep. Across the board. So the hyperscalers kicking ass taking names, doing great Microsoft right up there. What's the future? Cuz you now have the conversation where, okay, we're calling it super cloud, somebody calling multi-cloud, somebody calling it distributed computing, whatever you wanna call it. The old is now new again, it just looks different as cloud becomes now the next computer industry, >>You got an operating system, you got applications, you got hardware, I mean it's all kind of playing out just on a massive global scale, but you got regions, you got all kinds of connected systems edge. What's your vision on how this plays out? Because things are starting to fall into place. Web assembly to me just points to, you know, app servers are coming back, middleware, Kubernetes containers, VMs are gonna still be there. So you got the progression. What's your, what's your take on this? How would you share, share your thoughts to a friend or the industry, the audience? So what's going on? What's, what's happening right now? What's, what's going on? >>Yeah, it's funny because you know, I remember doing this quite a few years ago with you probably in, you know, 2015 and we were talking about, back then we called it hybrid cloud, right? And it was a vision, but it is actually what's going on. It just took longer for it to get here, right? So back then, you know, the big debate was public cloud or private cloud and you know, back when we were, you know, talking about these ideas, you know, we said, well you know, some applications will always stay on-prem and some applications will move to the cloud. I was just talking to a big bank and they basically said, look, our stated objective now is to move everything we can to the public cloud and we still have a large private cloud investment that will never go away. And so now we have essentially this big operating system that can, you know, abstract all of this stuff. So we have developer platforms that can, you know, sit on top of all these different pieces of infrastructure and you know, kind of based on policy decide where these applications are gonna be scheduled. So, you know, the >>Operating schedule shows like an operating system function. >>Exactly. I mean like we now, we used to have schedulers for one CPU or you know, one box, then we had schedulers for, you know, kind of like a whole cluster and now we have schedulers across the world. >>Yeah. My final question before we kind of get run outta time is what's your thoughts on web assembly? Cuz that's getting a lot of hype here again to kind of look at this next evolution again that's lighter weight kind of feels like an app server kind of direction. What's your, what's your, it's hyped up now, what's your take on that? >>Yeah, it's interesting. I mean back, you know, what's, what's old is new again, right? So, you know, I remember back in the late nineties we got really excited about, you know, JVMs and you know, this notion of right once run anywhere and yeah, you know, I would say that web assembly provides a pretty exciting, you know, window into that where you can take the, you know, sandboxing technology from the JavaScript world, from the browser essentially. And you can, you know, compile an application down to web assembly and have it real, really truly portable. So, you know, we see for example, policies in our world, you know, with opa, one of the hottest things is to take these policies and can compile them to web assemblies so you can actually execute them at the edge, you know, wherever it is that you have a web assembly runtime. >>And so, you know, I was just talking to Scott over at Docker and you know, they're excited about kind of bringing Docker packaging, OCI packaging to web assemblies. So we're gonna see a convergence of all these technologies right now. They're kind of each, each of our, each of them are in a silo, but you know, like we'll see a lot of the patterns, like for example, OCI is gonna become the packaging format for web assemblies as it is becoming the packaging format for policies. So we did the same thing. We basically said, you know what, we want these policies to be packaged as OCI assembly so that you can sign them with cosign and bring the entire ecosystem of tools to bear on OCI packages. So convergence is I think what >>We're, and love, I love your attitude too because it's the open source community and the developers who are actually voting on the quote defacto standard. Yes. You know, if it doesn't work, right, know people know about it. Exactly. It's actually a great new production system. >>So great momentum going on to the press released earlier this week, clearly filling the gaps there that, that you and your, your co-founder saw a long time ago. What's next for the assertive business? Are you hiring? What's going on there? >>Yeah, we are really excited about launching commercially at the end of this year. So one of the things that we were, we wanted to do that we had a promise around and we delivered on our promise was open sourcing our edge authorizer. That was a huge thing for us. And we've now completed, you know, pretty much all the big pieces for AER and now it's time to commercially launch launch. We already have customers in production, you know, design partners, and you know, next year is gonna be the year to really drive commercialization. >>All right. We will be watching this space ery. Thank you so much for joining John and me on the keep. Great to have you back on the program. >>Thank you so much. It was a pleasure. >>Our pleasure as well For our guest and John Furrier, I'm Lisa Martin, you're watching The Cube Live. Michelle floor of Con Cloud Native Con 22. This is day three of our coverage. We will be back with more coverage after a short break. See that.

>>The cube presents, Coon and cloud native con Europe, 2022, brought to you by red hat, the cloud native computing foundation and its ecosystem partners. >>Welcome to Valencia Spain in Coon cloud native con 2022 Europe. I'm Keith Townsend, along with my cohot on Rico senior, Etti senior it analyst at gig home. We are talking to amazing people, creators people contributing to all these open source projects. Speaking of open source on Rico. Talk to me about the flavor of this show versus a traditional like vendor show of all these open source projects and open source based companies. >>Well, first of all, I think that the real difference is that this is a real conference. Hmm. So real people talking about, you know, projects about, so the, the open source stuff, the experiences are, you know, on stage and there are not really too many product pitches. It's, it's about, it's about the people. It's about the projects. It's about the, the challenges they had, how they, you know, overcome some of them. And, uh, that's the main difference. I mean, it's very educative informative and the kind of people is different. I mean, developers, you know, SREs, you know, you find ends on people. I mean, people that really do stuff that that's a real difference. I mean, uh, quite challenginghow discussing with them, but really, I mean, because they're really opinionated, but >>So we're gonna get talked to, to a company that has boosts on the ground doing open source since the, almost the start mm-hmm <affirmative> Kirsten newcomer, director of hybrid platform security at red hat and, uh, Connor Gorman, senior principal software engineer at red hat. So Kirsten, we're gonna start with you security and Kubernetes, you know, is Kubernetes. It's a, it's a race car. If I wanted security, I'd drive a minivan. <laugh> >>That's, that's a great frame. I think, I think though, if we stick with your, your car analogy, right, we have seen cars in cars and safety in cars evolve over the years to the point where you have airbags, even in, you know, souped up cars that somebody's driving on the street, a race car, race cars have safety built into, right. They do their best to protect those drivers. So I think while Kubernetes, you know, started as something that was largely, you know, used by Google in their environment, you know, had some perimeter based security as Kubernetes has become adopted throughout enterprises, as people. And especially, you know, we've seen the adoption accelerate during the pandemic, the move to both public cloud, but also private cloud is really accelerated. Security becomes even more important. You can't use Kubernetes in banking without security. You can't use it, uh, in automotive without security telco. >>And Kubernetes is, you know, Telco's adoption, Telco's deploying 5g on Kubernetes on open shift. Um, and, and this is just so the security capabilities have evolved over time to meet the customers and the adopters really red hat because of our enterprise customer base, we've been investing in security capabilities and we make those contributions upstream. We've been doing that really from the beginning of our adoption of Kubernetes, Kubernetes 1.0, and we continue to expand the security capabilities that we provide. And which is one of the reasons, you know, the acquisition of stack rocks was, was so important to us. >>And, and actually we are talking about security at different levels. I mean, so yeah, and different locations. So you are securing an edge location differently than a data center or, or, or maybe, you know, the cloud. So there are application level security. So there are so many angles to take this. >>Yeah. And, and you're right. I mean, I, there are the layers of the stack, which starts, you know, can start at the hardware level, right. And then the operating system, the Kubernetes orchestration all the services, you need to have a complete Kubernetes solution and application platform and then the services themselves. And you're absolutely right. That an edge deployment is different than a deployment, uh, on, you know, uh, AWS or in a private da data center. Um, and, and yet, because there is this, if you, if you're leveraging the heart of Kubernetes, the declarative nature of Kubernetes, you can do Kubernetes security in a way that can be consistent across these environments with the need to do some additions at the edge, right? You may, physical security is more important at the edge hardware based encryption, for example, whereas in a, in a cloud provider, your encryption might be at the cloud provider storage layer rather than hardware. >>So how do you orchestrate, because we are talking about orchestration all day and how do you orchestrate all these security? >>Yep. So one of the things, one of the evolutions that we've seen in our customer base in the last few years is we used to have, um, a small number of large clusters that our customers deployed and they used in a multi-tenant fashion, right? Multiple teams from within the organization. We're now starting to see a larger number of smaller clusters. And those clusters are in different locations. They might be, uh, customers are both deploying in public cloud, as well as private, you know, on premises, um, edge deployments, as you mentioned. And so we've invested in, uh, multi cluster management and, or, you know, sort of that orchestration for orchestrators, right? The, and because again of the declarative nature of Kubernetes, so we offer, uh, advanced cluster management, red hat, advanced cluster management, which we open sourced as the multi cluster engine CE. Um, so that component is now also freely available, open source. We do that with everything. So if you need a way to ensure that you have managed the configuration appropriately across all of these clusters in a declarative fashion, right. It's still YAML, it's written in YAML use ACM use CE in combination with a get ops approach, right. To manage that, uh, to ensure that you've got that environment consistent. And, and then, but then you have to monitor, right. You have to, I'm wearing >>All of these stack rocks >>Fits in. I mean, yeah, sure. >>Yeah. And so, um, you know, we took a Kubernetes native approach to securing all of this. Right. And there's kind of, uh, we have to say, there's like three major life cycles. You have the build life cycle, right. You're building these imutable images to go deployed to production. Right. That should never change that are, you know, locked at a point in time. And so you can do vulnerability scanning, you can do compliance checks at that point right. In the build phase. But then you put those in a registry, then those go and be deployed on top of Kubernetes. And you have the configuration of your application, you know, including any vulnerabilities that may exist in those images, you have the R back permissions, right. How much access does it have to the cluster? Is it exposed on the internet? Right. What can you do there? >>And then finally you have, the runtime perspective of is my pod is my container actually doing what I think it's supposed to do. Is it accessing all the right things? Is it running all the right processes? And then even taking that runtime information and influencing the configuration through things like network policies, where we have a feature called process baselining that you can say exactly what processes are supposed to run in this pod. Um, and then influencing configuration in that way to kind of be like, yeah, this is what it's doing. And let's go stamp this, you know, declaratively so that when you deploy it the next time you already have security built in at the Kubernetes level. >>So as we've talked about a couple of different topics, the abstraction layers, I have security around DevOps. So, you know, I have multi tendency, I have to deal with, think about how am I going to secure the, the, the Kubernetes infrastructure itself. Then I have what seems like you've been talking about here, Connor, which is dev SecOps mm-hmm <affirmative> and the practice of securing the application through policy. Right. Are customers really getting what's under the hood of dev SecOps? >>Do you wanna start or yeah. >>I mean, I think yes and no. I think, um, you know, we've, some organizations are definitely getting it right. And they have teams that are helping build things like network policies, which provide network segmentation. I think this is huge for compliance and multi-tenancy right. Just like containers, you know, one of the main benefits of containers, it provides this isolation between your applications, right? And then everyone's familiar with the network firewall, which is providing network segmentation, but now in between your applications inside Kubernetes, you can create, uh, network segmentation. Right. And so we have some folks that are super, super far along that path and, and creating those. And we have some folks who have no network policies except the ones that get installed with our products. Right. And then we say, okay, how can we help you guys start leveraging these things and, and creating maybe just basic name, space isolation, or things like that. And then trying to push that back into more the declarative approach. >>So some of what I think we hear from, from what Connor just te teed up is that real DevSecOps requires breaking down silos between developers, operations and security, including network security teams. And so the Kubernetes paradigm requires, uh, involvement actually, in some ways, it, it forces involvement of developers in things like network policy for the SDN layer, right? You need to, you know, the application developer knows which, what kinds of communication he or she, his app or her app needs to function. So they need to define, they need to figure out those network policies. Now, some network security teams, they're not familiar with YAML, they're not necessary familiar with software development, software defined networking. So there's this whole kind of, how do we do the network security in collaboration with the engineering team? And when people, one of the things I worry about, so DevSecOps it's technology, but it's people in process too. >>Right. And one of the things I think people are very comfortable adopting vulnerability scanning early on, but they haven't yet started to think about the network security angle. This is one area that not only do we have the ability in ACS stack rocks today to recommend a network policy based on a running deployment, and then make it easy to deploy that. But we're also working to shift that left so that you can actually analyze app deployment data prior to it being deployed, generate a network policy, tested out in staging and, and kind of go from the beginning. But again, people do vulnerability analysis shift left, but they kind of tend to stop there and you need to add app config analysis, network communication analysis, and then we need appropriate security gates at deployment time. We need the right automation that helps inform the developers. Not all developers have security expertise, not all security people understand a C I C D pipeline. Right. So, so how, you know, we need the right set of information to the right people in the place they're used to working in order to really do that infinity loop. >>Do you see this as a natural progression for developers? Do they really hit a wall before, you know, uh, finding out that they need to progress in, in this, uh, methodology? Or I know >>What else? Yeah. So I think, I think initially there's like a period of transition, right? Where there's sometimes there's opinion, oh, I, I ship my application. That's what I get paid for. That's what I do. Right. <laugh> um, and, and, but since, uh, Kubernetes has basically increased the velocity of developers on top, you know, of the platform in order to just deploy their own code. And, you know, we have every, some people have commits going to production, you know, every commitment on the repo goes to production. Right. Um, and so security is even more at the forefront there. So I think initially you hit a little bit of a wall security scans in CI. You could get some failures and some pushback, but as long as these are very informative and actionable, right. Then developers always wanna do the right thing. Right. I mean, we all want to ship secure code. >>Um, and so if you can inform you, Hey, this is why we do this. Or, or here's the information about this? I think it's really important because I'm like, right, okay. Now when I'm sending my next commits, I'm like, okay, these are some constraints that I'm thinking about, and it's sort of like a mindset shift, but I think through the tooling that we like know and love, and we use on top of Kubernetes, that's the best way to kind of convey that information of, you know, honestly significantly smaller security teams than the number of developers that are really pushing all of this code. >>So let's scale out what, talk to me about the larger landscape projects like prime cube, Litner, OPPI different areas of investment in, in, in security. Talk to me about where customers are making investments. >>You wanna start with coup linter. >>Sure. So coup linter was a open source project, uh, when we were still, uh, a private company and it was really around taking some of our functionality on our product and just making it available to everyone, to basically check configuration, um, both bridging DevOps and SecOps, right? There's some things around, uh, privileged containers, right? You usually don't wanna deploy those into your environment unless you really need to, but there's other things around, okay, do I have anti affinity rules, right. Am I running, you know, you can run 10 replicas of a pod on the same node, and now your failure domain is a single node. Now you want them on different nodes, right. And so you can do a bunch of checks just around the configuration DevOps best practices. And so we've actually seen quite a bit of adoption. I think we have like almost 2000 stars on, uh, and super happy to see people just really adopt that and integrate it into their pipelines. It's a single binary. So it's been super easy for people to take it into their C I C D and just, and start running three things through it and get, uh, you know, valuable insights into, to what configurations they should change. Right. >>And then if you're, if you were asking about things like, uh, OPPA, open policy agent and OPPA gatekeeper, so one of the things happening in the community about OPPA has been around for a while. Uh, they added, you know, the OPPA gatekeeper as an admission controller for Cobe. There's also veno another open source project that is doing, uh, admission as the Kubernetes community has, uh, kind of is decided to deprecate pod security policies, um, which had a level of complexity, but is one of the key security capabilities and gates built into Kubernetes itself. Um, OpenShift is gonna continue to have security context constraints, very similar, but it prevents by default on an OpenShift cluster. Uh, not a regular user cannot deploy a privileged pod or a pod that has access to the host network. Um, and there's se Linux configuration on by default also protects against container escapes to the file system or mitigates them. >>So pod security policies were one way to ensure that kind of constraint on what the developer did. Developers might not have had awareness of what was important in terms of the level of security. And so again, the cube and tools like that can help to inform the developer in the tools they use, and then a solution like OPPA, gatekeeper, or SCCs. That's something that runs on the cluster. So if something got through the pipeline or somebody's not using one of these tools, those gates can be leveraged to ensure that the security posture of the deployment is what the organization wants and OPPA gatekeeper. You can do very complex policies with that. And >>Lastly, talk to me about Falco and Claire, about what Falco >>Falco and yep, absolutely. So, um, Falco, great runtime analysis have been and something that stack rocks leveraged early on. So >>Yeah, so yeah, we leveraged, um, some libraries from Falco. Uh, we use either an EB P F pro or a kernel module to detect runtime events. Right. And we, we primarily focus on network and process activity as, um, as angles there. And then for Claire, um, it's, it's now within red hat again, <laugh>, uh, through the acquisition of cores, but, uh, we've forked in added a bunch of things around language vulnerabilities and, and different aspects that we wanted. And, uh, and you know, we're really interested in, I think, you know, the code bases have diversion a little bit Claire's on V4. We, we were based off V2, but I think we've both added a ton of really great features. And so I'm really looking forward to actually combining all of those features and kind of building, um, you know, we have two best of best of breed scanners right now. And I'm like, okay, what can we do when we put them together? And so that's something that, uh, I'm really excited about. >>So you, you somehow are aiming at, you know, your roadmap here now putting everything together. And again, orchestrated well integrated yeah. To, to get, you know, also a simplified experience, because that could be the >>Point. Yeah. And, and as you mentioned, you know, it's sort of that, that orchestration of orchestrators, like leveraging the Kubernetes operator principle to, to deliver an app, an opinionated Kubernetes platform has, has been one of the key things we've done. And we're doing that as well for security out of the box security policies, principles based on best practices with stack rocks that can be leveraged in the community or with red hat, advanced cluster security, combining our two scanners into one clear based scanner, contributing back, contributing back to Falco all of these things. >>Well, that speaks to the complexity of open source projects. There's a lot of overlap in reconciling. That is a very difficult thing. Kirsten Connor, thank you for joining the cube Connor. You're now a cube alone. Welcome to main elite group. Great. From Valencia Spain, I'm Keith Townsend, along with en Rico senior, and you're watching the cue, the leader in high tech coverage.

>> From our studios in the heart of Silicon Valley. HOLLOWAY ALTO, California It is a cube conversation >> high on Peter Birds and welcome to another cube conversation from our beautiful Palo Alto studios. One of the things that makes a cube so exciting as we get great guest from great companies coming on here and talking about some of their new products that they're trying to get in the marketplace of customers Khun Doom or with their technology. And we've got that today. Eric Herzog, cmon VP of worldwide storage channels that IBM storage. He's here to talk about some new things that IBM is doing that especially relevant to high performance, closer, more down market, branch oriented kinds of applications. Eric, welcome to the Cube. >> Thank you, Peter. Really appreciate. Very excited to be with Cuba's Always. >> All right, So what? Start Give us the quick business update and IBM, And let's talk about how that inform some of the new announcement. You >> sure? So two thousand eighteen was a great year for IBM storage. Lots of new introductions and portfolio continue with our multi cloudiness. Everything we've doing now for seven years, all about my multi cloud hybrid private, multiple public cloud providers would continue that mantra. You always something very interesting from a storage array system level perspective brought out extensive portfolio around Envy Me the newest high performance protocol, both inside of a storage array and connecting a storage rate into a network fabric for storage. >> Now let's talk about that. Envy me because envy Me has been associate ID a little bit more higher and stuff. Some of the new things you're doing are bringing envy me and related classes of technology flash to a new class of workload. New class of Hugh's case. Tell us about it. >> Absolutely so what we're doing is bringing out the >> brand new >> refresh store wise portfolio. We start with R V seven thousand, which has envy me both inside the array and support for envy him Over Fibre channel. We have our fifty one hundred just below that, also supporting Envy me in the storage system. We're bringing out a new version of our fifty thirty called the fifty thirty at the very entry space are fifty tenny. These solutions all deliver dramatic performance gains but incredible price discounts as well. For example, the fifty ten e is not only twice as fast as the older fifty ten, but it happens to be up to twenty five percent less expensive. More for the money. That's the key watchword in the store. Wai's family. >> So tell us a little bit more about the fifty Tenney. What kind of use you love talking about applications, workload? Use cases? What kinds of applications were close use cases Are we talking about? >> So we've done a couple things. So first of all, we're leading with all flash across the portfolio. Yes, we still sell hybrids and hard drive a ways, and we'LL still do that in the fifty Tenney, for example. So if you're using hard drive, raise backup in archive work loads. Of course. Now, when using all flash arrays in a smaller shop, it could be your primary storage. Herzog's Barn Grill. That might be the great way to go when you're thinking more of the broader enterprises. It's great for edge. So branches of a bank, all of the outlets of a retail location and even a core data center. Not every workload is even not every data set is even so. Certain things need more expensive arrays and other ways you can go with an entry product. Still deliver the availability, the reliability of the performance you need, but you don't need to spend the most amount of money and stories gives you. That breath gives you the right price point the right software, and it even gives you six nines of availability, which is only thirty one seconds of downtime in a full year on an entry product. That's incredible. >> Well, I would think that the fifty thirty he would be especially relevant for some of those scale at work loves. Tell us about that. >> So in the fifty thirty, we can scale out into two note cluster up to thirty two petabytes, but we start small. You could get it at twelve. Same thing two. Ex Performance. Up to thirty percent less money and all of the store West family comes with our award winning Spectrum Virtualized software, which delivers enterprise class data services. Such a snapshot replication data rest, encryption, tearing, migration, et cetera, et cetera, not only for IBM store wise portfolio, but actually could work with over four hundred fifty raise, most of which are not ours. Great value for the money. Great software and bring better performance at a lower price. The fifty thirty and the whole portfolio includes our spectrum virtually software family. >> Now that's important because as we think about that, the relationship between these and other IBM or other products in the portfolio and multi cloud I know there's some work that's being done there tell us a bit about some of the some of the new updates that you've made. How that spectrum family is becoming even more relevant in the multi club so >> well, when you look at the whole family, everything in the spectrum family has heavy clarification in a multi cloud environment. Let's take spectrum protect not new from an announcement perspective of what we're doing and what we're launching on what we're doing from a new perspective. But it's been ableto backup to the cloud for years. In fact, over three hundred fifty cloud providers use spectrum protect as the engine further back. Oppa's a service portfolio Spectrum virtualized Computer Club. But we also have spectrum virtualized for public cloud that allows you to do staff shot replication only for IBM arrays, but for competitive a raise out to a public loud and even supports a rhe air gapping with a snapshot so you don't have to worry about ransomware malware, that's all. With Spectrum Virtualized family are spectrum sale product can automatically tear to the cloud IBM clad object storage could go from on premise toe off premise. So the big thing we've done with all of our portfolio, the software and then the arrays that sit on it when the case of spectrum protect backup is make sure we can work with any and almost every single cloud in the industry. Whether it's a big cloud like IBM Cloud, Amazon or Microsoft or a small cloud provider, you may want to use a local cloud provider depending on where you're located, not use one of the big club fighters. We work with that cloud provider to, But you made >> some made some special for spectrum virtual eyes. I mean spectrum virtualized. You're adding a new brother to the portfolio >> so that spectrum virtualized Republic Cloud. We first brought it out on IBM Cloud only. It now supports a ws. We know customers multi cloud most end users and you guys have written about it extensively at Weeki Bond in the Cube and silicon angle. That and users will not use one public loud. They will have four, five, six different public clouds. So spectrum virtualized republic loud delivers to onsite arrays. All the capability spectrum virtualized for public cloud sits in a V m wear virtualized in stand station out of the public cloud provider. Giving all those enterprise class functionalities and allowing us to move data back and forth to IBM. Cloud allows to move data back and forth to an Amazon cloud not only first store wise but also for again over four hundred fifty Raise that aren't ours using the spectrum virtualized software. So that's a great edition. We had it for IBM Cloud now for Amazon. As Republican Stanley first brought it out last year. It will also be extended to more clouds in the future as well. >> So store rise gonna refresh nooooo spectrum virtualized for public cloud Also getting, you know, adding to the portfolio great stuff. How do you anticipate that customers are gonna respond? >> Well, we've already had a great response for those customers we talked to under a non disclosure agreement. Now we're public with this new portfolio. What's not to like? You get extensive software capably spectrum virtualized with our fifty one hundred store wise and are seven thousand stories. Now get thie Envy Me technology, which is white hot performance technology in the storage injury, except at a much lower price point that when our competitors are brought out. So he brought Andrea me high end technology into the entry price point space, which is great. And we also have a nice portfolio that gives you certain products. Accuse the court data center other pranks that you would use the edge like banking and all the locations or in retail. So you're not going to put the most expensive practice. But you have a great six nines of availability, extensive software, twice the performance, and I said up to twenty five percent or thirty percent less, depending on which of our products than the older product. Bigger, faster, better, cheaper. >> So, Eric, let me be one of first congratulate you thie IBM storage journey since you and Ed Assualt have shown up at IBM or come backto idea in some cases has it's been a great thing to watch. You really refreshed portfolio made some great strides and we're getting great feedback from customers about the effort. So congratulations. >> Great. Thank you. And the new store lives is the latest in that and look for more just like we did in two thousand eighteen. Refresh across the plug. There's more coming in the second half here in other elements of our portfolio. >> Great sea IBM back and relevant in storage World Eric Herds on CMO VP of worldwide store channels, IBM Storage Thanks once again for being on the Cube. >> Thank you, Peter on. >> I'm Peter Burroughs. Thanks for listening until next time. Thanks for participating in this cube conversation.

>> Live from San Francisco. It's the cube covering IBM thing twenty nineteen brought to you by IBM. >> Run. Welcome back to the Cubes live coverage here in San Francisco. Mosconi North while you're here as part of our exclusive covers. The Cube for IBM think twenty nineteen, their annual conference of customers and employees coming together to set the agenda for the next year. For IBM and its ecosystem. I'm John for a student. Um, in day. Volonte and Lisa Martin co hosting all week This week. Four days of wall to wall coverage. Day two of our kind Really Day one of the show Kickoff. We're here ending out that day and just had the CEO's keynote, and we're going to a review and analysis. David's do. We had a lot of interviews. Coming up to this theme is pretty clear. It's a I cloud and everything else going underneath that classic development application. Developers, developers in general, making applications That's classic, but eyes the big story. And, like like Always Cloud and the promise of Where That's Going, which is hybrid and multi cloud Dave, You set on the keynote. Any surprises from Ginny Rometty? >> I wouldn't say there were any surprises. First of all, I like Jenny. I think she she's a great presenter. I'd like to hang out with their like we were kids. That was what I wanted to hang out with us. He's a time person. I think I would feel comfortable talking to, you know, sports or business. She looked good. She had a really nice, sharp white suit on. She's self deprecating. She was drinking Starbucks. You know, they're obviously a client of IBM. I got the best moment was when Jim White hearse came on stage. He said, It's great to be here So he was like, Yeah, given thirty four billion reasons why it's great to be here kind of thing, So that was pretty funny. And she had. She made the comment. We've been dating Red Hat for twenty years before we decided to get married. She was trying to make a case You normally in Jenny's presentation, she she makes a really solid, puts forth the solid premise and then sort of backs it up with her guests. Today, I thought her premise, which was we're entering Chapter two. It's all about scaling and embedding a I everywhere. It's about hybrid. It's about bringing mission critical APS, you know, move those forward. And she had a number of other lessons learned. I thought she laid it out, but I think it sort of missed the back end. I don't think they punctuated the tail end of Jenny's talk. The guests were great and they had guys on from Kaiser Permanente E. T. And they were very solid. Well, think they made the case as strong as the premises that she put forward. And you know, we could talk more about that. >> And Stewart see red hat on stage. We've been commenting. We've been analyzing the acquisition of Red Hat, big number, thirty four billion dollars critical point you guys talk about in your opening on day one, the leverage they need to get out of that. This is the Alamo for them with the cloud. In my opinion, IBM is a lot to bring to the bear in the cloud. They I anywhere telegraphs that they wanna have their stuff with containers and multiple clouds. They want to be positioned as a multi cloud company but still have their cloud, providing the power for the workload. That makes sense, right? Bm. This is their last stand. This is like, you know, the Alamo for them. They They need to make cloud work right now. Watson, move from a product or brand ballistically open step. Is it tied together? Stew your thoughts on open stack and how this fits into their narrative. >> So I think you mean open shift, right, John s o from red hat standpoint. Absolutely what they're doing. They are involved in open stack, but open stack. You got a small, >> but they're one of the few that are sanguine on Open, Zachary read. >> I mean, read had open shift. My bad >> way it absolutely. And it is complicated in the multi cloud world and lots of different pieces. We've had a number of conversations with the IBM people that have worked with side by side, red hat in the open source communities, IBM, no stranger to open source and a CZ we talked about in our open on yesterday. It's the developers is really what where IBM needs to go and where Red Hat has a bevy of them on DH John. What you said about Multi Cloud? Absolutely. It's if IBM thinks that buying Red hat will make them the Goebel Global player in Cloud. I think that's wrong, and I don't think that's what they're doing. When I wrote a block post when it came, and I said, Is this move going to radically change the cloud landscape? No. Can this acquisition radically change IBM and change the trajectory of where they fit into Multi cloud? Absolutely. So there's cultural differences. We had Ah, Stephanie sheriffs on who's a longtime IBM er who now runs the biggest business inside of Red Hat. And she talked about the passion of open source. This is not lip service. I've many friends that have worked for it. Had I've, you know, worked with them, partner with them and cover them for most of those twenty years on DH? Absolutely. You've got over ten thousand people that are passionate involved in communities on DH. When you talk about the developer world, you talk about the cloud native world. This is what you know. Really. Red Hat moment has been waiting. >> It was interesting. John and I would like one if you could comment on this is you hearing IBM? Jenny talked about Chapter two. She took a digital reinvention. Here's yet another company using the reinvent terminology. I think that's what sort of pointed she talked. About forty percent of the world is going to be private. Sixty percent is going to be public Cloud. The sort of that's the first time I've heard those that she said It's flipped if you're ah, regulated industry. But what do your thoughts on people essentially using and Amazons narrative on reinvention? >> Everyone's using Amazons narrative. Here's the bottom line. Amazon is winning impact large margins. I think the numbers airway skewed in the favor of the people trying to catch up. I think that's more of a game. If vacation by the analyst firms, Amazon is absolutely blowing away the competition when it comes to public loud. The only game at the table right now for the Oracle's, IBM, Sze and Microsoft and Google is the slow down the adoption of Amazon. And you see the cloud adoption of Amazon, whether it's in the government sector, which I think is more acute. And Mohr illustrative, the Jet I contract a ten billion dollar contract. That is a quote sole source deal. But it was bid as a multi source deal means anyone could bid on it. Well, guess what? That is a going to be an award and probably to Amazon as the sole winner because IBM doesn't have the certification. Nor does Microsoft notice Oracle. Nobody's got Amazons winning that, and that begs the argument. Can you use one cloud? And the answer is Yes, you can. If the APP worked, Load works best for it, and procurement does not decide output for the cloud. For example, if it's a Jet I contract, it's a military application. So, like a video game, would you want to play a video game and be lagging? Would you want our military to be lagging? Certainly, the D O d. Says no. So one cloud makes sense. If you're running office three sixty five, you want to use azure. So Microsoft has taken that, and their earnings have been phenomenal by specialising around their workloads. That makes sense for Azure, and they're catching up. IBM has an opportunity to do the same for their workload. The business workload. So aye, aye, anywhere is interesting to me. So I think this is a good bet. If they can pull it off, that's the strategy, and the world will go multi cloud, where certain clouds will be sold for the apple sole source for the workloads. That makes sense for those workload. So this is where the market's going, right? So this whole notion of there won't be multi class. It's going to be multi cloud and it's gonna winner, winner take most. And the game right now is to stop ama's. That is clearly the case, and you're seeing it in the bids you see in the customer base. And IBM is catching Oppa's fast as they can. They got the people and the technology. The question is, how much do they catch up and level up? Tamas on? >> Well, stew despite Jenny, you know, invoking the reinvent terminology, they're her. Kino was starkly different than what you would expect from an Amazon Kino. They may. She mentioned a couple of the announcements, Watson anywhere, which, by the way, is about time. It's about time that Watson ran on other people's clouds of it, which should have been a while ago and in hyper protect is the world's most secure cloud. But we don't have any really details on that. And then I'd be in business automation with Watson, and that was really it. I think it was by design not to give a big product pitch, you know, very non Steve jobs. Like very done, Andy Jazzy like which is all product product product. I mean, kind of surprising in a big show with all these customers. You think they'd be pitching, but I think their intent was to really be more content. Orient >> Well, So Dave, you know, goes back at the core. What is IBM's biggest business? IBM biggest businesses. So services. So I've done a number of interviews this week already talking about how IBM is helping with digital transformation, how they're helping people move to more agile and development for environments. You know, the multi cloud world. How do they know IBM has a long history with C. S, P s and M s peace? So they have large constituencies And sure, they have products. You know, great stuff talking about, You know, how do they have the best infrastructure to run your workloads and the strength that they haven't supercomputing in HPC. And how they can leverage that? Because IBM knows a thing or two about scale. But, you know, Dave, one of the questions I have for you is we've seen the big services organizations go through radical downsizing. You know, HP spun off their business. Del got rid of the Perot business. You know, IBM still is, you know, services. At its core, it is IBM built for the multi cloud cloud native. You know, Ai ai world, Or do they still need to go through some massive changes? >> Well, multi Cloud is complicated and complex. IBM does complicated services, you know, deal with complexity, but I still can't help but feel like, >> Well, I well, I thought, wouldn't comment on them. I think the services. If the Manual Services Professional Services dropped down, IBM has a great opportunity to move them to cloud based services, meaning I can write software. And this is where I think they have an advantage. They could really nail the business applications, which will become services, whether its domain expertise in a vertical. And I think this is their cloud opportunity. IBM could capture that they could take entirely new category of applications. Business applications and services, automate them with machine learning, automate them with cloud scale their cloud scale while making them portable on multiple clouds. So the notion of services will be the professional services classic your grandfather's services, too. Cloud based services at scale. >> Yeah, well, I think you're right. Look, that's one. IBM is biggest strengths, and Jenny did that acquisition. By the way. The PwC acquisition is one hundred thousand. People instantly brought IBM into that deep vertical industry expertise, and they're not going to give that up any time soon. And this so many opportunities to code. If I those services or that song you know, through software and make them repeatable services, I mean, they're at as a service. Business is one of the fastest growing parts of IBM, you know, revenue stream. So I don't see that going. Wait. All I do think there was a missed opportunity and maybe they can't talk about it for was some regulatory reason. They're just paranoid. But you had white hearse up on the stage. You just spent thirty four billion dollars. I would have liked to hurt Mohr about the rationale, even though we've heard it before. They did. You know, Jim and Jeannie did a tour there on all the big TV shows You're on Kramer. But I would have liked to heard sort of six months on what that rationale is and how they're going to help transform with this in this new chapter and what that role that red hat was going play, I thought it was a missed opportunity. >> Well, speculate on that. I think of things. Probably. They probably don't have their answer yet. IBM is very good on messaging. You know, they're pretty tight, but I think Arvin Krishna talked to assert this morning. On our first interview. He brought up the container ization and Coburn Eddie's trend. I think that's where red hat fits and melons and give them cloud Native developers in Enterprise Fortune one thousand. They also got the cloud native ecosystem behind that the C in C F etcetera. But Containers does for Legacy Container ization, and Cooper daddies really preserves legacy. It allows developers to essentially keep the old while bringing in the new and managing the life cycle of those applications, not a ribbon replace. This is an opportunity for IBM, and if I think the messaging folks and the product dies or probably figure out okay, how do we take the red hat and open shift and be cloud native and take all the goodness that comes in with cloud Native the new developers, the Devil Infrastructures code, make under the covers infrastructure programmable and is Rob Thomas pointed out, having horizontal data layer that enables new kinds of business services. So to me, container ization, it's kind of nerdy Cooper netease. But this is really a new linchpin to what could be a sea change for IBM in terms of revenue. Keeping the Legacy customs happy because then the pressure to move to Amazon goes away because I can say, Whoa, wait. If the question is, why adopt if customs have an answer for that that gives IBM time, This is what they want otherwise, cloud native worlds could move very, very fast. We've seen the velocity of the momentum, and I think that's a key move. >> I think your point about slowing down the Amazon momentum is a good one, and I want to talk about five things that Ginny said that lessons learned, she said. One. You can approach the world from outside in and focus on customer experience. Or you could do inside out, identify new ways to work and new work flows, you know, kind of driving change. The third lesson learned was You need a business platform fueled by data with invented A I. The fourth is you need an ai ai platform. And in the fifth is Rob Thomas is you can't have a eye without a word that you needed information, architecture, which, by the way, I believe it to be true. So those are business oriented discussions. It's not something that you necessarily here from Amazon there kind of chewy. There's the services component to all that. The big question I have is Well, Watson, be that ai ai platform. >> Yeah, I mean something, You know, I look at is why Doe I choose a platform and a partner. So we understand Amazon, you know, they want to be the leader and everything. They have a lot more services in anyone. But, you know, if I want data services, first cloud that comes to mind to me is Google. You know, Google has a real strength there, You know. Where does IBM have a leadership compared to Google business productivity? IBM has a lot of strength there, but Microsoft also has a place so you know, customers. If they're going to live, Multi cloud, they're going Teo in many ways go backto best of breed on DH. Therefore, where will IBM differentiate themselves from some of those? >> We have visibility down. It's clear now that the industry the fog is lifting, starting to see Cem clear lines of sight and a few major trends. And it's pretty clear on where the industry's going for the next ten years. Application developers at the top of the stack gonna build APS The infrastructures cloud cloud something multi cloud cloud, native infrastructures, code and data. And a I see that Amazon reinvent sage maker. You're seeing all the major innovations happening around APS using data power advice, cloud scale, that's it. Everything else to me is glue or some sort of fabric component. Or a piece of that distributed architecture and its cloud. Aye, aye, and an apple. >> A CZ. Dave is often said, it's the innovation sandwich of today. >> Yeah, well, so I guess the things I want to mention it because of me. There's been some high profile failed failures with Watson, But watching was trying to do some things that were not, you know, voice response to Alexa, you know, solve cancer, you know, world problems and so I think IBM is actually earned the right to be in the discussion, and the Red had acquisition gives IBM instant credibility in this game, especially in this a multi cloud game. >> Well, they got me. They have the right to be the zillions of customers. They have a lot of a lot of business model innovations with that that their customers are innovating on. And if they keep the cloud innovate, they gotta match the specs. Specs of the cloud. They gotta be there with Cloud. If they don't make the cloud work, they're going to be subservient to the other clouds. They have to make it in the top three. This is clear. Hey, I think I think we're working a lot of experience and data. I think Watson kind of finding his home is a brand's natural fit. Got a portfolio of data? I think IBM will do very well in the data front. It's the cloud game that they got a really sure up. They got to make sure that IBM cloud conserved. They're custom, >> but the good news is there is there. In the game we saw HPD tried to get into HPD, tried to get the cloud it failed. Cisco, for a while, was trying to get with Sawyer. AMC make of numerous attempts. VM were made, made numerous attempts. IBM spent two billion dollars in software. They they they've got a cloud. You know, they've transformed what was essentially a bare metal hosting platform, you know, into a cloud. They've jammed all there as a service products in there. They're SAS portfolio. So there, at least in the game and, you know, again, I've said often, I think they're very Oracle like it's not the biggest cloud. It's not going to scale to the Amazon levels, but they've got a cloud, and it's a key part of the strategy. >> Innovation Sandwich applications Cloud What data? In the middle of a I. That's the formula, David said on the Q beer. All right day to coverage for the Cuba. Four days were here in the lobby of Mosconi North, part of the new refurbished Mosconi Center in San Francisco. Howard Street's closed. It feels like Salesforce. Dreamforce event. Big event in San Francisco. I'm John First Amendment Dave along. They were here for four days Day, two of four days of coverage for IBM think back tomorrow. Thanks for watching.