>>Hey everyone, welcome to this Cube's special program series Women of the Cloud, brought to you by aws. I'm your host for the series, Lisa Martin. Very pleased to be joined by Patty Jordan, the VP of enabling processes and technology at Optimus. My next guest, Patty, welcome to the program. >>Hi Lisa. Thank you for having me. >>Tell me a little bit about yourself, a little bit about your role so the audience gets that understanding of exactly who you are. >>Sure thing. Hi, my name is Patty Jordan. As we mentioned, I am originally from Cameroon, Central Africa, but I was raised in the DC area. I'm called and what you call a bank brat. My father worked for an international organization, the the World Bank. Lived in, like I said, grew up in dc, moved to Austin, Texas about seven years ago. Been with Optum for the last nine years of my working career. And I've had multiple roles, but currently my role as is with the enabling technologies and processes, which means that I manage teams that support the platform of a lot of analytics products in Optum. >>Got it. All right. Bank Brett, that's a new one to me. I hadn't heard that. I love that you're a bank, Brit and proud of it. I can tell. Talk to me a little bit about your, the career path that you have navigated and what are some of your sort of tactical and also strategic recommendations for the audiences looking to grow their career in tech? >>So the interesting thing is, I did not start in tech. My background is as an economist. I have a bachelor's of economics from the women, from the College of Women, Mary. I also have a financial master's in public policy from American University. However, I did take some IT classes and as a kid I'm probably dating myself a little bit, but I programmed in dos, so I, I was always excited by it and I had internships as a programmer that helped me pay for my master's degree in when I graduated. I just felt like I was having fun and I was getting paid very well and I was able to pay off my graduate schools. So I just stayed with tech. >>Love that. But it sounds like you had that interest from when you were quite young and as a lot of us and end up in tech, we didn't start there originally. There's a lot of zigzaggy paths to get there. Sounds like you had that as well. What are some of your recommendations for people, either those that are in tech now or aren't who want to get into it and really expand and climb that ladder? >>So definitely, so one of the things to understand is tech could be many different things. Like one of the things could be programming, which I started doing and now dislike intensely. And then another thing could be like being in the business analyst in tech, getting the business requirements versus product management or even, you know, management. And what I would encourage people to do is really focus on what you feel happy doing, which for me is problem solving and collaborating and getting the right people together to solve very complex problems. And if you focus on that then you'll find your, your the role for you even in tech. >>I love that problem solving is such an important skill to be able to have and to cultivate regardless of the industry that you're in. But I'd love to know a little bit more about some of the successes that you've had helping organizations really navigate their cloud journeys, their migration to cloud as we've seen the last couple of years, a massive acceleration to the cloud that was really born outta the pandemic. Talk to me about some of the successes that you've been able to achieve. >>So the first, I guess most obvious thing is understanding the technology. What do you have at your disposal? What do you need for your team to succeed in the cloud or even OnPrem? But what I've learned most in the last four to five years with the projects that I work on, whether it was migrating from a host data center to one that we owned ourselves or migrating from that data center to AWS recently was you really need to get the business organization engaged. And that's not just getting the sponsorship and getting them this to write that check, but really helping them understand how this journey to the cloud is a combined journey between both organizations, right? And they will be able to be more successful as well with us going to the cloud with improved processing with revenue protection because we, there's more tools available with revenue expansion because now we can now expand faster address client needs faster. And you know, so there's various different aspects of going to cloud that are more than just we're using the coolest technology. >>You're a problem solver, has there. And one of the challenges with organizations and from a cloud migration standpoint that we often talk about is it's a cultural migration as well, which is really challenging to do for any type of organization regardless of industry. Do you have a favorite example where as a, as the problem solver, you came in and really helped the organization, the business side understand, be able to transform their cultural direction, understand why cloud migration can be such a facilitator of the business from the top line in a bottom line perspective. >>So from a bottom line perspective, I think the hardest thing for them to understand or what does not compute for them is you can't give them a set. This is what you're gonna cost in the cloud, right? Because the benefit of being in the cloud is being able to scale shrink, et cetera. So that's one hurdle that we're still fighting to be a hundred percent candid. But from a a top line perspective, what's what's been great is we've been able to ramp up more clients with the same, right? So we haven't had to go out and procure more servers, more storage, hire more staff because we're in the cloud and we've actually been able to scale our teams as well because we incorporated the DevOps functions and we do not need a team to manage a data center anymore. So that they absolutely understood, you know, savings ratified, but really just how do we get to market faster? How do we get to revenue faster and how do we get more revenue with the same pool of resources is something that they've really, really resonated with. >>Well, you're starting to speak their language so that to your point that resonates well, but there's so much productivity improvements, efficiencies to be gained by leveraging cloud computing that that really hit the bottom line of an organization that businesses, if you put it in the right way. And it sounds like as the problem solver you have, they understand the immense value and competitive advantage that cloud can bring to their organization and become sort of a ah, the blinders are off. I get it. >>Exactly. Exactly. You're just not trying to, to play with the latest toys, you are actually solving a business problem even before it happens. >>And that's the key solving business problems before they happen. Being able to predict and forecast is huge for businesses, especially as we've seen the last couple of years. Everybody racing to digital, to to pivot, to survive Now to be competitive. If they don't do that and embrace that emerging technology suite, there's a competitor that's right back here that if they're more culturally willing and able to, to be more agile, they're gonna take the place of a competing organization. So yeah, so it absolutely is a huge differentiator for organizations. And it sounds like you've had some great successes there in helping organizations really navigate the challenges, the cultural challenges, but the benefits of cloud computing. Yes. I do wanna talk to you a little bit about in your expertise, diversity is something that is talked about in every industry. We talk about it in tech all the time, there's still challenges there. What are, what's, what are your thoughts on diversity? What are you seeing and what are some of those challenges that are still sitting on the table? >>So I guess the first thing I would say is there's multiple facets to diversity, right? The first one we always lean to is gender and race, but there's also diversity of thought. And being in the healthcare industry is very important for us to have a diversity of thought and experiences so that we can target a lot of these health equity issues that are, you know, that, that are ongoing. So that's one thing that we've, we've been trying to do is making sure that I don't just have people that think like me on the team. And typically that also means not having people that look like me. So making sure that we have the right pipelines to hire for partnering with our, with some of our vendors. AWS for example, is a good one where they had avenues and they had non-profits that they worked with and they connected us with some of our staff augmentation people also did the same thing, really just expanding the scope of where we're looking for talent and, and that helps also bring that diversity of thought and the diversity of gender race into the, into the full >>It is. And it and, and there's also, there's so much data if we follow the data and of course in tech we're all about data. Every company these days, regardless of industry needs to be a data company. If we follow the data, we can see that organizations with, for example, females within the C-suite are far more profitable than those organizations that don't have that even that element of diversity. So the data is demonstrating there's tremendous business value, tremendous competitive advantage, faster time to market, more products and services that can be delivered if there is thought diversity among the entire organization, not just the C-suite. >>Exactly. And and since we have an impact on what is being delivered as an engineering organization, we also need that in engineering, right? One of the things that's very keen right now is machine language and ai. If we don't have the right models for example, then we either introduced bias or perpetuate by it. So we definitely need people on our teams as well that understand how these technologies work, how we can leverage 'em on our data sets so that we could run counter to this bias >>And countering that bias is incredibly important. Machine learning ai, so driven by data, the volumes of data, but the data needs to be as clean and and non-biased as possible. And that's a big challenge for organizations to undertake. Is there advice that you have for those folks watching who might be, I, I don't see me in this organization, I don't feel represented. How can I change that? >>Well, one would be to speak up, right? Even if you don't see you apply for the job, right? And one of the things that we're trying to address even in the DEI space is making sure that our job descriptions are not introducing any biases so that people will eliminate themselves immediately, right? But really just if you have the skill set and you feel like you can ramp up to the talent, then just apply for the job. Talk to somebody. You do have a network whether you realize it or not. So leverage that network. But really like there's this expression that my kid taught me saying, you miss a hundred percent of the shots you don't take, right? So if you don't try, you're not gonna make it by default. If you do try, there's a chance to make it right. At the very least, you build a connection with someone who can potentially help you down the line. >>That is one of my absolute favorite sayings. You miss a hundred percent of the shots that you don't take. So encouraging people to raise their hand there, there are stats, data, speaking of data we've been talking about that, that demonstrate that women are far less likely to apply for jobs like on LinkedIn for example, unless they need 100% of the job requirements, which we all know are quite stringent and not necessary in a lot of cases. So I love your advice of just try raise your hand, ask the question. All the can say is no. And at the end of the day, what is that? It's a word but can also be directional and and really guiding for people on their journey to wherever that, if it's an engineering, cloud, engineering, DevOps, whatever happen that happens to be, raise your hand the question. And to your point, you have a network, it is there, open that up. There's so much potential for people that just raise, I think that's to raise their hand and ask the question. >>And the corollary to that though is I would also encourage people who are in leader leadership roles to be strong allies, right? Like we need to be aware of what biases we might be introducing or candidates that we might be leaving on the table because we're being too stringent because we're not expanding our, our our search, right? So definitely that's something that I've started doing about five, six years old shortly after I moved to Austin, which I kind of beat myself up about not having done before, is really contributing to that community, helping out, being a mentor, being a coach, being a guide. Sometimes it's just reviewing somebody's resume. Other times it's talking to 'em about a role that I have and helping them map their current state to that role. But really just being an ally to everyone and anyone who wants to come into this space. >>I love that. I, and I have a feeling, Patty, that you're a great mentor and ally for those in your organization across organizations and those out there that may not know yet. Patty can be an ally for me. I'd love to get your take in our final minutes on a couple things. One, the, what's next in cloud from your perspective, the things that you've seen, what you've been able to achieve, and how do you see your role evolving in the industry at Optum? >>So what's next in cloud, and we've talked about that a lot, is data. How do we manage all this data? How do we catalog this data, how to reuse this data, how to reshift this data? We have data in various different environments. We're a multi-cloud company. So how do we make sure that we don't have the same data everywhere? Or even if we do, how do we reconcile that? So data, data, data, right? And from data, get to information so that we can monetize it and we can share it. So that's the, that's for me is really next step. I mean we, we know the applications that we can build, we know the analytics that we can build, but if we don't have the right data, we're limiting ourselves. So that's definitely one aspect that I know that we wanna drive. And as far as my role, I was fortunate enough to be provided with the leadership of development of a platform for analytics, which yes, involves data. >>So I'm very excited about this, right? Cuz that's, that's next level for me. I've been typically in roles that protect revenue in the DevOps and operations role. And now I'm in a revenue generating role and it has a shift in mindset. But I, I really appreciate it and I'm really taking everything I've learned up to now as a DevOps team. I knew when the bad things came. So now I'm trying to prevent, prevent my team from pushing bad things down the pipe, right? So I'm just really excited about what's, what's, what's to come because there's so many opportunities for improving the products that we build. And I'm so excited to be part of this platform. >>There are the, the horizon of opportunities is really endless, which is exciting. And to your point about data, like I mentioned, for every company, whether it's your grocery store, a retailer, the postal service has to become a data driven company. Cuz as consumers we expect that we bring that into our business lives and we expect to be able to transact in business as easily as we do on the consumer side. And that all requires organizations to not just have access to data, but to be able to build the right data infrastructure, toing insights to act on that, to feed the AI and ML models so that products services can get better, more personalized and meet the demands of the ever demanding consumer, which I know I, one of them. I wanna ask you one more final question and that is, what do you think some of the biggest challenges have been with, with respect to tech innovation in the workforce over the past five years? What are some of those things that, that you've seen that you think we're on the right track moving forward to eliminate some of these? >>That is a good question. I think one of the biggest challenges for me has been not to remain in the status quo, right? Like not to do something because it's what we've been doing, but being in the cloud allows us with so many opportunities where we can fail fast. That let's give it a shot, let's do a quick sprint, let's figure out whether it is a possibility or not. Eliminate it if it's not, and then keep moving, right? Like we don't have the same development methodology before that we had to do three months, five months, six months. You can iterate in two week chunks, get it done, confirm your, your statement or not, or negate it, but at the very least have an answer, right? So that for me is the biggest challenge. We're aware of the thinking we're just not doing. So it'd be very exciting when we, when we pivot from that and really start innovating because we have the time >>Innovating because we have the time, as I mentioned, you know, with the demand of consumers, whether it's consumer in, in on the personal side, business side, those demands are there. But the, the exciting thing is to your point, the innovations are there. The capabilities are there, the data is there. We have a lot of what we need to be able to take advantage of that. So it's gonna be exciting to see what happens over the next few years. Patty, it's been such a pleasure having you on the cube today. Thank you so much for joining. You are clearly a, a leader in terms of women in the cloud. We appreciate what you're doing, your insights, your recommendations, and your insights as to what you see in the future. You've been a great guest. Thank you so much for joining me today. >>Thank you for having me Lisa. >>My pleasure For Patty Jordan, I'm Lisa Martin. You're watching The Cubes coverage of Women of the Cloud, brought to you by aws, a special program series. We thank you so much for watching. Take care.

(techno music) >> Narrator: Live from Las Vegas, it's the Cube. Covering Service Now Knowledge 2018. Brought to you by Service Now. >> Welcome back to the Cube's coverage of Service Now Knowledge 18 here in Las Vegas, Nevada. I'm your host Rebecca Knight. I'm joined by Pat Wadors. She is the Chief Talent Officer of Service Now, and Pat Tourigney who is the Senior Vice President HR Global Shared Services at Magellan Health. Pat and Pat, thanks so much for coming on the show. >> Pat Wadors: Thank you for having us. We're excited. >> Pat Tigourney: It's so great to be here Rebecca, thank you. >> Rebecca: Well you were both on the main stage this morning talking about Magellan's, Magellan Health Service Now journey. We started talking about a personal health scare that you had Pat, that really changed the way you think about the world of work, and the employers' role in that. Can you tell our viewers a little more about it? >> Pat: I'd be happy to Rebecca. So, obviously I had been working and had taken some time off to start and raise my family. And when I went back to work I started to feel unwell. And it took about two and a half years for me to finally get an answer. I had searched for many doctors, et cetera. But literally one day I was rushed to a hospital emergency room. After a few days I was diagnosed with stage three B colon cancer, and I was told I had probably about a three percent survival chance. So at that time I faced four years of surgery, and hospitalizations, and chemo and radiation. And of course during all this time you're hearing the probably outcomes and the statistics. But what I truly focused on was my purpose. Which was my family. I had two small children and they needed me, and I needed to be there for them. And so I learned a lot of lessons during that time, and I think anyone who goes through that would say that. But the two things that have really stuck with me is knowing my purpose, and leading with empathy. And it's truly changed how I live, how I work, how I interact with other people. And I think its made a huge difference in what I do every day. >> Rebecca: What Pat was just talking about, the leading with empathy, and the finding your purpose, these are two of the things that are central to the culture at Service Now. Can you describe a little bit more for our viewers, how you view this sort of purpose driven life? >> Pat Wadors: For me and for the company, its as essential to our success as our customers. So I know that purpose driven companies outperform those that don't have a purpose. And I know from a talent brand, and how we recruit and retain talent, if their personal purpose is aligned with the company purpose, not only do you get higher engagement and higher productivity, but that impacts our customers. And they have higher engagement and higher sat. So its great business. It's something that I think creates a competitive differentiation, and its something that our employees seek as an employer. So it's just something that I totally believe in and so does our company. >> Rebecca: So talk a little bit about VERN. First of all, what does VERN stand for? >> Pat: Oh I love VERN. (laughing) >> Pat: Everyone loves VERN. VERN stands for the Virtual Employee Resource Network. And a couple things that I would probably want to say about that is number one, you don't see HR in there at all. Because it's about the employee. This is a way that we are helping our employees fundamentally change how they work and how they engage with us. The reason I think VERN works is our employees voted on that name. So we had a whole campaign to launch VERN, and we offered up four different names, and our employees voted. And when VERN won we created a VERN persona, and everything else that goes with that. And he's just become part of our team. >> Rebecca: So what does VERN do? >> Pat: Well VERN is really sort of the, it took the place of our call center. VERN is a way for our employees to learn information, and answer their basic questions, and learn to work in new ways. And it helps, it's basically a consumerized HR product. If an employee can use google or shop online, they can use VERN. Its' very simple, it's easy and fun. And truly VERN has become a part of our team. So we don't have a call center anymore. We don't use email to answer questions. Our employees know that VERN is there for them twenty four seven. >> Rebecca: They have a question and ask VERN. >> Pat: Exactly. Turn to VERN, that's our motto. >> Rebecca: (laughing) I love it. So Pat, thinking about this empathic way of leading, how would you describe what it really means when it comes to HR? You had said before it really is a competitive differentiator, and that if you're happier at work, you're going to do better at work, you're going to be more energized, you're going to then provide better service to your customers. But how can companies, how can they build a culture of empathy? >> Pat: By listening. I think that when Pat and I were talking over dinner and I talked to my peers, companies that win listen. And they listen to their customers, and they reverse engineer back to their products and services. Great cultures listen. And our employees are going to tell us what's working what's not working. And if we capture those data sets, those moments, we give them the information, we give them the tools. They are joyful, they are more productive, there's a stickiness that I can not only survive there I'll thrive. And so by being empathetic, by seeing where the pain points are, by seeing what gets you joyful, and measuring those things and turning my dials accordingly, that to me is a winning situation. >> Rebecca: We're at a point in time where we have five generations in the workforce all at once. Can you describe what that's like, from your company perspective, from talent management and HR, and how catering to these very different segments of people who their comfort with technology is one thing, but also their phase of life. How do you do that? >> Pat: Well I think, honestly, there's this joyfulness, you used that word and I love that word, of how all these different generations really do work together and help one another. In a way we're all learning from each other. And we're not afraid to learn in front of each other. And that really makes a difference I think. And I think there's just this mutual respect of, we're all there to help each other and do the right thing for the company. And I think the empathy piece of it really comes across because, when you truly understand one another in a way that you care and you're showing that, it's not about age anymore or anything else, it's that we're all people working together trying to do our best work and we're there for each other. To me that's what it means. >> Pat: The only thing I would add to that is, when you look at consumerization of the enterprise, when you look at seamless, what they call frictionless solutions, it demystifies the technology. So if you have the older generation going "I've not used a bot" or "I don't know what machine learning is" I'm like can you type in your question? I can do that. And if I serve you knowledge bites that I can digest that answers my question and move on with my life, that's a gift. And so I think that if you make it more human, if you make it more approachable, then every generation appreciates that. And I also know that from my studies and from working in the valley for a long time in tech, is that every generation wants the same thing. They want to be heard, they want to be appreciated, treated respectfully, and know that they can do their best work. That they matter. >> Rebecca: So Pat you are relatively new to Service Now. You're from LinkedIn. You are so committed to the company you dyed your hair to match the brand identity. What drew you to Service Now? >> Pat: I was a customer of Service Now while at LinkedIn. And my goldilocks is a growth company. I'm a builder. I love creating culture and leading through change. And I also love geeking out with my peeps in HR. And so Service Now has a talent place, they are helping HR solve problems, and I get to geek out with them. I get to meet people like Pat, and have a wonderful dinner and a great conversation. That feeds my soul. I don't think I am unique in the problems I'm facing, and I copy shamelessly. I'm trying to steal VERN from her. (Pat laughing) I think that's awesome, I want a VERN button. >> Pat: I'm going to get you one. >> Pat: And then the added sauce for me where I fell in love, is when John Donahoe became the CEO and wanted my partnership to build an enduring high performing healthy company. And I'm like, sign me up. >> Rebecca: Talking about the culture of Service Now and Magellan Health, culture is so hard. It's just one of those things that, or maybe its not, maybe I'm making it out to be, but when you have large companies dispersed employees, i'ts sort of hard to always stay on message and to have everyone pulling in the same direction. How do you do it? What would you say you do at Magellan? I'm interested in how you do it at Service Now too. >> Pat: Want to go first? >> Pat: I'll take a stab. So, you got to think about where you're going. So what's your purpose? I'm going back to purpose. How do you serve the customer? What are those four key milestones that matter? And repeat, and I say rinse, and then repeat. So everyone hears it. You know the top five goals in the company. And we talk about it all hands, we refer to them in our internal portal, we talk about them, we measure them. We tell the employees this is what we wanted to do, this is what we did or didn't do. This is what we do next. And we're as transparent as we possibly can be. And the magic comes when every employee can look up and say I made that goal happen. And when they start seeing those dots connect, they can't wait to connect more dots. And that's when the journey starts accelerating. That's when you get more flywheel going in the organization where what I do is actually impacting profit, impacting customer success, impacting joy. >> Rebecca: And taking some ownership of it. >> Pat: I agree. I think that when everyone sort of shares in that purpose, and they understand what they do, how it affects that, it makes a huge difference. But I also think as an organization from a leadership perspective, if you model the behavior that you're seeking, and you set your expectations really high for that, and that in a very sort of respectful way when you see things that aren't right you say something about it, the culture does start to shift. And you start to build this feeling of we're there, we're together, we have each other's backs, we treat each other with dignity and respect, and honesty and openness, and you can really start to just shift it almost organically. >> Rebecca: Pat Tourigney, Pat Wadors, thanks so much for coming on the Cube. It was a great conversation. >> Pat: Oh thank you Rebecca. It's been great. >> Pat: Thank you for having us. >> Rebecca: We'll have more with the Cube's live coverage of Service Now just after this. (techno music)

>> From theCUBE studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> Confidential computing is a technology that aims to enhance data privacy and security by providing encrypted computation on sensitive data and isolating data from apps in a fenced off enclave during processing. The concept of confidential computing is gaining popularity, especially in the cloud computing space where sensitive data is often stored and of course processed. However, there are some who view confidential computing as an unnecessary technology in a marketing ploy by cloud providers aimed at calming customers who are cloud phobic. Hello and welcome to this week's Wikibon CUBE Insights powered by ETR. In this Breaking Analysis, we revisit the notion of confidential computing, and to do so, we'll invite two Google experts to the show, but before we get there, let's summarize briefly. There's not a ton of ETR data on the topic of confidential computing. I mean, it's a technology that's deeply embedded into silicon and computing architectures. But at the highest level, security remains the number one priority being addressed by IT decision makers in the coming year as shown here. And this data is pretty much across the board by industry, by region, by size of company. I mean we dug into it and the only slight deviation from the mean is in financial services. The second and third most cited priorities, cloud migration and analytics, are noticeably closer to cybersecurity in financial services than in other sectors, likely because financial services has always been hyper security conscious, but security is still a clear number one priority in that sector. The idea behind confidential computing is to better address threat models for data in execution. Protecting data at rest and data and transit have long been a focus of security approaches, but more recently, silicon manufacturers have introduced architectures that separate data and applications from the host system. Arm, Intel, AMD, Nvidia and other suppliers are all on board, as are the big cloud players. Now the argument against confidential computing is that it narrowly focuses on memory encryption and it doesn't solve the biggest problems in security. Multiple system images updates different services and the entire code flow aren't directly addressed by memory encryption, rather to truly attack these problems, many believe that OSs need to be re-engineered with the attacker and hacker in mind. There are so many variables and at the end of the day, critics say the emphasis on confidential computing made by cloud providers is overstated and largely hype. This tweet from security researcher Rodrigo Branco sums up the sentiment of many skeptics. He says, "Confidential computing is mostly a marketing campaign for memory encryption. It's not driving the industry towards the hard open problems. It is selling an illusion." Okay. Nonetheless, encrypting data in use and fencing off key components of the system isn't a bad thing, especially if it comes with the package essentially for free. There has been a lack of standardization and interoperability between different confidential computing approaches. But the confidential computing consortium was established in 2019 ostensibly to accelerate the market and influence standards. Notably, AWS is not part of the consortium, likely because the politics of the consortium were probably a conundrum for AWS because the base technology defined by the the consortium is seen as limiting by AWS. This is my guess, not AWS's words, and but I think joining the consortium would validate a definition which AWS isn't aligned with. And two, it's got a lead with this Annapurna acquisition. This was way ahead with Arm integration and so it probably doesn't feel the need to validate its competitors. Anyway, one of the premier members of the confidential computing consortium is Google, along with many high profile names including Arm, Intel, Meta, Red Hat, Microsoft, and others. And we're pleased to welcome two experts on confidential computing from Google to unpack the topic, Nelly Porter is head of product for GCP confidential computing and encryption, and Dr. Patricia Florissi is the technical director for the office of the CTO at Google Cloud. Welcome Nelly and Patricia, great to have you. >> Great to be here. >> Thank you so much for having us. >> You're very welcome. Nelly, why don't you start and then Patricia, you can weigh in. Just tell the audience a little bit about each of your roles at Google Cloud. >> So I'll start, I'm owning a lot of interesting activities in Google and again security or infrastructure securities that I usually own. And we are talking about encryption and when encryption and confidential computing is a part of portfolio in additional areas that I contribute together with my team to Google and our customers is secure software supply chain. Because you need to trust your software. Is it operate in your confidential environment to have end-to-end story about if you believe that your software and your environment doing what you expect, it's my role. >> Got it. Okay. Patricia? >> Well, I am a technical director in the office of the CTO, OCTO for short, in Google Cloud. And we are a global team. We include former CTOs like myself and senior technologists from large corporations, institutions and a lot of success, we're startups as well. And we have two main goals. First, we walk side by side with some of our largest, more strategic or most strategical customers and we help them solve complex engineering technical problems. And second, we are devise Google and Google Cloud engineering and product management and tech on there, on emerging trends and technologies to guide the trajectory of our business. We are unique group, I think, because we have created this collaborative culture with our customers. And within OCTO, I spend a lot of time collaborating with customers and the industry at large on technologies that can address privacy, security, and sovereignty of data in general. >> Excellent. Thank you for that both of you. Let's get into it. So Nelly, what is confidential computing? From Google's perspective, how do you define it? >> Confidential computing is a tool and it's still one of the tools in our toolbox. And confidential computing is a way how we would help our customers to complete this very interesting end-to-end lifecycle of the data. And when customers bring in the data to cloud and want to protect it as they ingest it to the cloud, they protect it at rest when they store data in the cloud. But what was missing for many, many years is ability for us to continue protecting data and workloads of our customers when they running them. And again, because data is not brought to cloud to have huge graveyard, we need to ensure that this data is actually indexed. Again, there is some insights driven and drawn from this data. You have to process this data and confidential computing here to help. Now we have end to end protection of our customer's data when they bring the workloads and data to cloud, thanks to confidential computing. >> Thank you for that. Okay, we're going to get into the architecture a bit, but before we do, Patricia, why do you think this topic of confidential computing is such an important technology? Can you explain, do you think it's transformative for customers and if so, why? >> Yeah, I would maybe like to use one thought, one way, one intuition behind why confidential commuting matters, because at the end of the day, it reduces more and more the customer's thresh boundaries and the attack surface. That's about reducing that periphery, the boundary in which the customer needs to mind about trust and safety. And in a way, is a natural progression that you're using encryption to secure and protect the data. In the same way that we are encrypting data in transit and at rest, now we are also encrypting data while in use. And among other beneficials, I would say one of the most transformative ones is that organizations will be able to collaborate with each other and retain the confidentiality of the data. And that is across industry, even though it's highly focused on, I wouldn't say highly focused, but very beneficial for highly regulated industries. It applies to all of industries. And if you look at financing for example, where bankers are trying to detect fraud, and specifically double finance where you are, a customer is actually trying to get a finance on an asset, let's say a boat or a house, and then it goes to another bank and gets another finance on that asset. Now bankers would be able to collaborate and detect fraud while preserving confidentiality and privacy of the data. >> Interesting. And I want to understand that a little bit more but I'm going to push you a little bit on this, Nelly, if I can because there's a narrative out there that says confidential computing is a marketing ploy, I talked about this upfront, by cloud providers that are just trying to placate people that are scared of the cloud. And I'm presuming you don't agree with that, but I'd like you to weigh in here. The argument is confidential computing is just memory encryption and it doesn't address many other problems. It is over hyped by cloud providers. What do you say to that line of thinking? >> I absolutely disagree, as you can imagine, with this statement, but the most importantly is we mixing multiple concepts, I guess. And exactly as Patricia said, we need to look at the end-to-end story, not again the mechanism how confidential computing trying to again, execute and protect a customer's data and why it's so critically important because what confidential computing was able to do, it's in addition to isolate our tenants in multi-tenant environments the cloud covering to offer additional stronger isolation. They called it cryptographic isolation. It's why customers will have more trust to customers and to other customers, the tenant that's running on the same host but also us because they don't need to worry about against threats and more malicious attempts to penetrate the environment. So what confidential computing is helping us to offer our customers, stronger isolation between tenants in this multi-tenant environment, but also incredibly important, stronger isolation of our customers, so tenants from us. We also writing code, we also software providers will also make mistakes or have some zero days. Sometimes again us introduced, sometimes introduced by our adversaries. But what I'm trying to say by creating this cryptographic layer of isolation between us and our tenants and amongst those tenants, we're really providing meaningful security to our customers and eliminate some of the worries that they have running on multi-tenant spaces or even collaborating to gather this very sensitive data knowing that this particular protection is available to them. >> Okay, thank you. Appreciate that. And I think malicious code is often a threat model missed in these narratives. Operator access, yeah, maybe I trust my clouds provider, but if I can fence off your access even better, I'll sleep better at night. Separating a code from the data, everybody's, Arm, Intel, AMD, Nvidia, others, they're all doing it. I wonder if, Nelly, if we could stay with you and bring up the slide on the architecture. What's architecturally different with confidential computing versus how operating systems and VMs have worked traditionally. We're showing a slide here with some VMs, maybe you could take us through that. >> Absolutely. And Dave, the whole idea for Google and now industry way of dealing with confidential computing is to ensure that three main property is actually preserved. Customers don't need to change the code. They can operate on those VMs exactly as they would with normal non-confidential VMs, but to give them this opportunity of lift and shift or no changing their apps and performing and having very, very, very low latency and scale as any cloud can, something that Google actually pioneer in confidential computing. I think we need to open and explain how this magic was actually done. And as I said, it's again the whole entire system have to change to be able to provide this magic. And I would start with we have this concept of root of trust and root of trust where we will ensure that this machine, when the whole entire post has integrity guarantee, means nobody changing my code on the most low level of system. And we introduce this in 2017 called Titan. It was our specific ASIC, specific, again, inch by inch system on every single motherboard that we have that ensures that your low level former, your actually system code, your kernel, the most powerful system is actually proper configured and not changed, not tampered. We do it for everybody, confidential computing included. But for confidential computing, what we have to change, we bring in AMD, or again, future silicon vendors and we have to trust their former, their way to deal with our confidential environments. And that's why we have obligation to validate integrity, not only our software and our former but also former and software of our vendors, silicon vendors. So we actually, when we booting this machine, as you can see, we validate that integrity of all of the system is in place. It means nobody touching, nobody changing, nobody modifying it. But then we have this concept of AMD secure processor, it's special ASICs, best specific things that generate a key for every single VM that our customers will run or every single node in Kubernetes or every single worker thread in our Hadoop or Spark capability. We offer all of that. And those keys are not available to us. It's the best keys ever in encryption space because when we are talking about encryption, the first question that I'm receiving all the time, where's the key, who will have access to the key? Because if you have access to the key then it doesn't matter if you encrypted or not. So, but the case in confidential computing provides so revolutionary technology, us cloud providers, who don't have access to the keys. They sitting in the hardware and they head to memory controller. And it means when hypervisors that also know about these wonderful things saying I need to get access to the memories that this particular VM trying to get access to, they do not decrypt the data, they don't have access to the key because those keys are random, ephemeral and per VM, but the most importantly, in hardware not exportable. And it means now you would be able to have this very interesting role that customers or cloud providers will not be able to get access to your memory. And what we do, again, as you can see our customers don't need to change their applications, their VMs are running exactly as it should run and what you're running in VM, you actually see your memory in clear, it's not encrypted, but God forbid is trying somebody to do it outside of my confidential box. No, no, no, no, no, they would not be able to do it. Now you'll see cyber and it's exactly what combination of these multiple hardware pieces and software pieces have to do. So OS is also modified. And OS is modified such way to provide integrity. It means even OS that you're running in your VM box is not modifiable and you, as customer, can verify. But the most interesting thing, I guess, how to ensure the super performance of this environment because you can imagine, Dave, that encrypting and it's additional performance, additional time, additional latency. So we were able to mitigate all of that by providing incredibly interesting capability in the OS itself. So our customers will get no changes needed, fantastic performance and scales as they would expect from cloud providers like Google. >> Okay, thank you. Excellent. Appreciate that explanation. So, again, the narrative on this as well, you've already given me guarantees as a cloud provider that you don't have access to my data, but this gives another level of assurance, key management as they say is key. Now humans aren't managing the keys, the machines are managing them. So Patricia, my question to you is, in addition to, let's go pre confidential computing days, what are the sort of new guarantees that these hardware-based technologies are going to provide to customers? >> So if I am a customer, I am saying I now have full guarantee of confidentiality and integrity of the data and of the code. So if you look at code and data confidentiality, the customer cares and they want to know whether their systems are protected from outside or unauthorized access, and that recovered with Nelly, that it is. Confidential computing actually ensures that the applications and data internals remain secret, right? The code is actually looking at the data, the only the memory is decrypting the data with a key that is ephemeral and per VM and generated on demand. Then you have the second point where you have code and data integrity, and now customers want to know whether their data was corrupted, tampered with or impacted by outside actors. And what confidential computing ensures is that application internals are not tampered with. So the application, the workload as we call it, that is processing the data, it's also, it has not been tampered and preserves integrity. I would also say that this is all verifiable. So you have attestation and these attestation actually generates a log trail and the log trail guarantees that, provides a proof that it was preserved. And I think that the offer's also a guarantee of what we call ceiling, this idea that the secrets have been preserved and not tampered with, confidentiality and integrity of code and data. >> Got it. Okay, thank you. Nelly, you mentioned, I think I heard you say that the applications, it's transparent, you don't have to change the application, it just comes for free essentially. And we showed some various parts of the stack before. I'm curious as to what's affected, but really more importantly, what is specifically Google's value add? How do partners participate in this, the ecosystem, or maybe said another way, how does Google ensure the compatibility of confidential computing with existing systems and applications? >> And a fantastic question by the way. And it's very difficult and definitely complicated world because to be able to provide these guarantees, actually a lot of work was done by community. Google is very much operate in open, so again, our operating system, we working with operating system repository OSs, OS vendors to ensure that all capabilities that we need is part of the kernels, are part of the releases and it's available for customers to understand and even explore if they have fun to explore a lot of code. We have also modified together with our silicon vendors a kernel, host kernel to support this capability and it means working this community to ensure that all of those patches are there. We also worked with every single silicon vendor as you've seen, and that's what I probably feel that Google contributed quite a bit in this whole, we moved our industry, our community, our vendors to understand the value of easy to use confidential computing or removing barriers. And now I don't know if you noticed, Intel is pulling the lead and also announcing their trusted domain extension, very similar architecture. And no surprise, it's, again, a lot of work done with our partners to, again, convince, work with them and make this capability available. The same with Arm this year, actually last year, Arm announced their future design for confidential computing. It's called Confidential Computing Architecture. And it's also influenced very heavily with similar ideas by Google and industry overall. So it's a lot of work in confidential computing consortiums that we are doing, for example, simply to mention, to ensure interop, as you mentioned, between different confidential environments of cloud providers. They want to ensure that they can attest to each other because when you're communicating with different environments, you need to trust them. And if it's running on different cloud providers, you need to ensure that you can trust your receiver when you are sharing your sensitive data workloads or secret with them. So we coming as a community and we have this attestation sig, the, again, the community based systems that we want to build and influence and work with Arm and every other cloud providers to ensure that we can interrupt and it means it doesn't matter where confidential workloads will be hosted, but they can exchange the data in secure, verifiable and controlled by customers way. And to do it, we need to continue what we are doing, working open, again, and contribute with our ideas and ideas of our partners to this role to become what we see confidential computing has to become, it has to become utility. It doesn't need to be so special, but it's what we want it to become. >> Let's talk about, thank you for that explanation. Let's talk about data sovereignty because when you think about data sharing, you think about data sharing across the ecosystem and different regions and then of course data sovereignty comes up. Typically public policy lags, the technology industry and sometimes is problematic. I know there's a lot of discussions about exceptions, but Patricia, we have a graphic on data sovereignty. I'm interested in how confidential computing ensures that data sovereignty and privacy edicts are adhered to, even if they're out of alignment maybe with the pace of technology. One of the frequent examples is when you delete data, can you actually prove that data is deleted with a hundred percent certainty? You got to prove that and a lot of other issues. So looking at this slide, maybe you could take us through your thinking on data sovereignty. >> Perfect. So for us, data sovereignty is only one of the three pillars of digital sovereignty. And I don't want to give the impression that confidential computing addresses it all. That's why we want to step back and say, hey, digital sovereignty includes data sovereignty where we are giving you full control and ownership of the location, encryption and access to your data. Operational sovereignty where the goal is to give our Google Cloud customers full visibility and control over the provider operations, right? So if there are any updates on hardware, software stack, any operations, there is full transparency, full visibility. And then the third pillar is around software sovereignty where the customer wants to ensure that they can run their workloads without dependency on the provider's software. So they have sometimes is often referred as survivability, that you can actually survive if you are untethered to the cloud and that you can use open source. Now let's take a deep dive on data sovereignty, which by the way is one of my favorite topics. And we typically focus on saying, hey, we need to care about data residency. We care where the data resides because where the data is at rest or in processing, it typically abides to the jurisdiction, the regulations of the jurisdiction where the data resides. And others say, hey, let's focus on data protection. We want to ensure the confidentiality and integrity and availability of the data, which confidential computing is at the heart of that data protection. But it is yet another element that people typically don't talk about when talking about data sovereignty, which is the element of user control. And here, Dave, is about what happens to the data when I give you access to my data. And this reminds me of security two decades ago, even a decade ago, where we started the security movement by putting firewall protections and login accesses. But once you were in, you were able to do everything you wanted with the data. An insider had access to all the infrastructure, the data and the code. And that's similar because with data sovereignty we care about whether it resides, where, who is operating on the data. But the moment that the data is being processed, I need to trust that the processing of the data will abide by user control, by the policies that I put in place of how my data is going to be used. And if you look at a lot of the regulation today and a lot of the initiatives around the International Data Space Association, IDSA, and Gaia-X, there is a movement of saying the two parties, the provider of the data and the receiver of the data are going to agree on a contract that describes what my data can be used for. The challenge is to ensure that once the data crosses boundaries, that the data will be used for the purposes that it was intended and specified in the contract. And if you actually bring together, and this is the exciting part, confidential computing together with policy enforcement, now the policy enforcement can guarantee that the data is only processed within the confines of a confidential computing environment, that the workload is cryptographically verified that there is the workload that was meant to process the data and that the data will be only used when abiding to the confidentiality and integrity safety of the confidential computing environment. And that's why we believe confidential computing is one necessary and essential technology that will allow us to ensure data sovereignty, especially when it comes to user control. >> Thank you for that. I mean it was a deep dive, I mean brief, but really detailed. So I appreciate that, especially the verification of the enforcement. Last question, I met you two because as part of my year end prediction post, you guys sent in some predictions and I wasn't able to get to them in the predictions post. So I'm thrilled that you were able to make the time to come on the program. How widespread do you think the adoption of confidential computing will be in 23 and what's the maturity curve look like, this decade in your opinion? Maybe each of you could give us a brief answer. >> So my prediction in five, seven years, as I started, it'll become utility. It'll become TLS as of, again, 10 years ago we couldn't believe that websites will have certificates and we will support encrypted traffic. Now we do and it's become ubiquity. It's exactly where confidential computing is getting and heading, I don't know we deserve yet. It'll take a few years of maturity for us, but we will be there. >> Thank you. And Patricia, what's your prediction? >> I will double that and say, hey, in the future, in the very near future, you will not be able to afford not having it. I believe as digital sovereignty becomes evermore top of mind with sovereign states and also for multi national organizations and for organizations that want to collaborate with each other, confidential computing will become the norm. It'll become the default, if I say, mode of operation. I like to compare that today is inconceivable. If we talk to the young technologists, it's inconceivable to think that at some point in history, and I happen to be alive that we had data at rest that was not encrypted, data in transit that was not encrypted, and I think that will be inconceivable at some point in the near future that to have unencrypted data while in use. >> And plus I think the beauty of the this industry is because there's so much competition, this essentially comes for free. I want to thank you both for spending some time on Breaking Analysis. There's so much more we could cover. I hope you'll come back to share the progress that you're making in this area and we can double click on some of these topics. Really appreciate your time. >> Anytime. >> Thank you so much. >> In summary, while confidential computing is being touted by the cloud players as a promising technology for enhancing data privacy and security, there are also those, as we said, who remain skeptical. The truth probably lies somewhere in between and it will depend on the specific implementation and the use case as to how effective confidential computing will be. Look, as with any new tech, it's important to carefully evaluate the potential benefits, the drawbacks, and make informed decisions based on the specific requirements in the situation and the constraints of each individual customer. But the bottom line is silicon manufacturers are working with cloud providers and other system companies to include confidential computing into their architectures. Competition, in our view, will moderate price hikes. And at the end of the day, this is under the covers technology that essentially will come for free. So we'll take it. I want to thank our guests today, Nelly and Patricia from Google, and thanks to Alex Myerson who's on production and manages the podcast. Ken Schiffman as well out of our Boston studio, Kristin Martin and Cheryl Knight help get the word out on social media and in our newsletters. And Rob Hof is our editor-in-chief over at siliconangle.com. Does some great editing for us, thank you all. Remember all these episodes are available as podcasts. Wherever you listen, just search Breaking Analysis podcast. I publish each week on wikibon.com and siliconangle.com where you can get all the news. If you want to get in touch, you can email me at david.vellante@siliconangle.com or dm me @DVellante. And you can also comment on my LinkedIn post. Definitely you want to check out etr.ai for the best survey data in the enterprise tech business. I know we didn't hit on a lot today, but there's some amazing data and it's always being updated, so check that out. This is Dave Vellante for theCUBE Insights, powered by ETR. Thanks for watching and we'll see you next time on Breaking Analysis. (upbeat music)

>> Welcome Nelly and Patricia, great to have you. >> Great to be here. >> Thank you so much for having us. >> You're very welcome. Nelly, why don't you start, and then Patricia you can weigh in. Just tell the audience a little bit about each of your roles at Google Cloud. >> So I'll start, I'm honing a lot of interesting activities in Google and again, security or infrastructure securities that I usually hone, and we're talking about encryption, Antware encryption, and confidential computing is a part of portfolio. In additional areas that I contribute to get with my team to Google and our customers is secure software supply chain. Because you need to trust your software. Is it operating your confidential environment to have end to end story about if you believe that your software and your environment doing what you expect, it's my role. >> Got it, okay. Patricia? >> Well I am a technical director in the office of the CTO, OCTO for short, in Google Cloud. And we are a global team. We include former CTOs like myself and senior technologies from large corporations, institutions, and a lot of success for startups as well. And we have two main goals. First, we work side by side with some of our largest, more strategic or most strategic customers and we help them solve complex engineering technical problems. And second, we are device Google and Google Cloud engineering and product management on emerging trends in technologies to guide the trajectory of our business. We are unique group, I think, because we have created this collaborative culture with our customers. And within OCTO I spend a lot of time collaborating with customers in the industry at large on technologies that can address privacy, security, and sovereignty of data in general. >> Excellent, thank you for that both of you. Let's get into it. So Nelly, what is confidential computing from Google's perspective? How do you define it? >> Confidential computing is a tool. And it's one of the tools in our toolbox. And confidential computing is a way how would help our customers to complete this very interesting end to end lifecycle of their data. And when customers bring in the data to Cloud and want to protect it, as they ingest it to the Cloud, they protect it address when they store data in the Cloud. But what was missing for many, many years is ability for us to continue protecting data and workloads of our customers when they running them. And again, because data is not brought to Cloud to have huge graveyard, we need to ensure that this data is actually indexed. Again there is some insights driven and drawn from this data. You have to process this data and confidential computing here to help. Now we have end to end protection of our customer's data when they bring the workloads and data to Cloud, thanks to confidential computing. >> Thank you for that. Okay, we're going to get into the architecture a bit but before we do Patricia, why do you think this topic of confidential computing is such an important technology? Can you explain, do you think it's transformative for customers and if so, why? >> Yeah, I would maybe like to use one thought, one way, one intuition behind why confidential matters. Because at the end of the day it reduces more and more the customers thrush boundaries and the attack surface, that's about reducing that periphery, the boundary, in which the customer needs to mind about trust and safety. And in a way is a natural progression that you're using encryption to secure and protect data in the same way that we are encrypting data in transit and at rest. Now we are also encrypting data while in use. And among other beneficial I would say one of the most transformative ones is that organizations will be able to collaborate with each other and retain the confidentiality of the data. And that is across industry. Even though it's highly focused on, I wouldn't say highly focused, but very beneficial for highly regulated industries. It applies to all of industries. And if you look at financing for example, where bankers are trying to detect fraud and specifically double finance where you are a customer is actually trying to get a finance on an asset, let's say a boat or a house and then it goes to another bank and gets another finance on that asset. Now bankers would be able to collaborate and detect fraud while preserving confidentiality and privacy of the of the data. >> Interesting, and I want to understand that a little bit more but I'm going to push you a little bit on this, Nelly, if I can, because there's a narrative out there that says confidential computing is a marketing ploy. I talked about this upfront, by Cloud providers that are just trying to placate people that are scared of the Cloud. And I'm presuming you don't agree with that but I'd like you to weigh in here. The argument is confidential computing is just memory encryption, it doesn't address many other problems, it is overhyped by Cloud providers. What do you say to that line of thinking? >> I absolutely disagree as you can imagine, it's a crazy statement. But the most importantly is we mixing multiple concepts I guess. And exactly as Patricia said, we need to look at the end-to-end story not again the mechanism of how confidential computing trying to again execute and protect customer's data, and why it's so critically important. Because what confidential computing was able to do it's in addition to isolate our tenants in multi-tenant environments the Cloud over. To offer additional stronger isolation, we called it cryptographic isolation. It's why customers will have more trust to customers and to other customers, the tenants that's running on the same host but also us, because they don't need to worry about against threats and more malicious attempts to penetrate the environment. So what confidential computing is helping us to offer our customers, stronger isolation between tenants in this multi-tenant environment but also incredibly important, stronger isolation of our customers. So tenants from us, we also writing code, we also software providers will also make mistakes or have some zero days sometimes again us introduced, sometimes introduced by our adversaries. But what I'm trying to say by creating this cryptographic layer of isolation between us and our tenants, and amongst those tenants, they're really providing meaningful security to our customers and eliminate some of the worries that they have running on multi-tenant spaces or even collaborating together this very sensitive data, knowing that this particular protection is available to them. >> Okay, thank you, appreciate that. And I, you know, I think malicious code is often a threat model missed in these narratives. You know, operator access, yeah, could maybe I trust my Clouds provider, but if I can fence off your access even better I'll sleep better at night. Separating a code from the data, everybody's arm Intel, AM, Invidia, others, they're all doing it. I wonder if Nell, if we could stay with you and bring up the slide on the architecture. What's architecturally different with confidential computing versus how operating systems and VMs have worked traditionally? We're showing a slide here with some VMs, maybe you could take us through that. >> Absolutely, and Dave, the whole idea for Google and industry way of dealing with confidential computing is to ensure as it's three main property is actually preserved. Customers don't need to change the code. They can operate in those VMs exactly as they would with normal non-confidential VMs. But to give them this opportunity of lift and shift or no changing their apps and performing and having very, very, very low latency and scale as any Cloud can, something that Google actually pioneered in confidential computing. I think we need to open and explain how this magic was actually done. And as I said, it's again the whole entire system have to change to be able to provide this magic. And I would start with we have this concept of root of trust and root of trust where we will ensure that this machine, the whole entire post has integrity guarantee, means nobody changing my code on the most low level of system. And we introduce this in 2017 code Titan. Those our specific ASIC specific, again inch by inch system on every single motherboard that we have, that ensures that your low level former, your actually system code, your kernel, the most powerful system, is actually proper configured and not changed, not tempered. We do it for everybody, confidential computing concluded. But for confidential computing what we have to change we bring in a MD again, future silicon vendors, and we have to trust their former, their way to deal with our confidential environments. And that's why we have obligation to validate integrity not only our software and our firmware but also firmware and software of our vendors, silicon vendors. So we actually, when we booting this machine as you can see, we validate that integrity of all of this system is in place. It means nobody touching, nobody changing, nobody modifying it. But then we have this concept of the secure processor. It's special Asics best, specific things that generate a key for every single VM that our customers will run or every single node in Kubernetes, or every single worker thread in our Spark capability. We offer all of that, and those keys are not available to us. It's the best keys ever in encryption space. Because when we are talking about encryption the first question that I'm receiving all the time, where's the key, who will have access to the key? Because if you have access to the key then it doesn't matter if you encrypt it enough. But the case in confidential computing quite so revolutionary technology, ask Cloud providers who don't have access to the keys. They're sitting in the hardware and they fed to memory controller. And it means when Hypervisors that also know about these wonderful things, saying I need to get access to the memories that this particular VM I'm trying to get access to. They do not encrypt the data, they don't have access to the key. Because those keys are random, ephemeral and VM, but the most importantly in hardware not exportable. And it means now you will be able to have this very interesting role that customers all Cloud providers, will not be able to get access to your memory. And what we do, again, as you can see our customers don't need to change their applications. Their VMs are running exactly as it should run. And what you're running in VM you actually see your memory in clear, it's not encrypted. But God forbid is trying somebody to do it outside of my confidential box. No, no, no, no, no, you will not be able to do it. Now you'll see cybernet. And it's exactly what combination of these multiple hardware pieces and software pieces have to do. So OS is also modified, and OS is modified such way to provide integrity. It means even OS that you're running in UVM bucks is not modifiable and you as customer can verify. But the most interesting thing I guess how to ensure the super performance of this environment because you can imagine, Dave, that's increasing it's additional performance, additional time, additional latency. So we're able to mitigate all of that by providing incredibly interesting capability in the OS itself. So our customers will get no changes needed, fantastic performance, and scales as they would expect from Cloud providers like Google. >> Okay, thank you. Excellent, appreciate that explanation. So you know again, the narrative on this is, well you know you've already given me guarantees as a Cloud provider that you don't have access to my data but this gives another level of assurance. Key management as they say is key. Now you're not, humans aren't managing the keys the machines are managing them. So Patricia, my question to you is in addition to, you know, let's go pre-confidential computing days what are the sort of new guarantees that these hardware-based technologies are going to provide to customers? >> So if I am a customer, I am saying I now have full guarantee of confidentiality and integrity of the data and of the code. So if you look at code and data confidentiality the customer cares then they want to know whether their systems are protected from outside or unauthorized access. And that we covered with Nelly that it is. Confidential computing actually ensures that the applications and data antennas remain secret, right? The code is actually looking at the data only the memory is decrypting the data with a key that is ephemeral, and per VM, and generated on demand. Then you have the second point where you have code and data integrity and now customers want to know whether their data was corrupted, tempered, with or impacted by outside actors. And what confidential computing insures is that application internals are not tampered with. So the application, the workload as we call it, that is processing the data it's also it has not been tempered and preserves integrity. I would also say that this is all verifiable. So you have attestation, and this attestation actually generates a log trail and the log trail guarantees that provides a proof that it was preserved. And I think that the offers also a guarantee of what we call ceiling, this idea that the secrets have been preserved and not tempered with. Confidentiality and integrity of code and data. >> Got it, okay, thank you. You know, Nelly, you mentioned, I think I heard you say that the applications, it's transparent,you don't have to change the application it just comes for free essentially. And I'm, we showed some various parts of the stack before. I'm curious as to what's affected but really more importantly what is specifically Google's value add? You know, how do partners, you know, participate in this? The ecosystem or maybe said another way how does Google ensure the compatibility of confidential computing with existing systems and applications? >> And a fantastic question by the way. And it's very difficult and definitely complicated world because to be able to provide these guarantees actually a lot of works was done by community. Google is very much operate and open. So again, our operating system we working in this operating system repository OS vendors to ensure that all capabilities that we need is part of their kernels, are part of their releases, and it's available for customers to understand and even explore if they have fun to explore a lot of code. We have also modified together with our silicon vendors, kernel, host kernel, to support this capability and it means working this community to ensure that all of those patches are there. We also worked with every single silicon vendor as you've seen, and that's what I probably feel that Google contributed quite a bit in this role. We moved our industry, our community, our vendors to understand the value of easy to use confidential computing or removing barriers. And now I don't know if you noticed Intel is pulling the lead and also announcing the trusted domain extension very similar architecture and no surprise, it's again a lot of work done with our partners to again, convince, work with them, and make this capability available. The same with ARM this year, actually last year, ARM unknowns are future design for confidential computing. It's called confidential computing architecture. And it's also influenced very heavily with similar ideas by Google and industry overall. So it's a lot of work in confidential computing consortiums that we are doing. For example, simply to mention to ensure interop, as you mentioned, between different confidential environments of Cloud providers. We want to ensure that they can attest to each other. Because when you're communicating with different environments, you need to trust them. And if it's running on different Cloud providers you need to ensure that you can trust your receiver when you are sharing your sensitive data workloads or secret with them. So we coming as a community and we have this at the station, the community based systems that we want to build and influence and work with ARM and every other Cloud providers to ensure that they can interrupt. And it means it doesn't matter where confidential workloads will be hosted but they can exchange the data in secure, verifiable, and controlled by customers way. And to do it, we need to continue what we are doing. Working open again and contribute with our ideas and ideas of our partners to this role to become what we see confidential computing has to become, it has to become utility. It doesn't need to be so special but it's what what we've wanted to become. >> Let's talk about, thank you for that explanation. Let talk about data sovereignty, because when you think about data sharing you think about data sharing across, you know, the ecosystem and different regions and then of course data sovereignty comes up. Typically public policy lags, you know, the technology industry and sometimes is problematic. I know, you know, there's a lot of discussions about exceptions, but Patricia, we have a graphic on data sovereignty. I'm interested in how confidential computing ensures that data sovereignty and privacy edicts are adhered to even if they're out of alignment maybe with the pace of technology. One of the frequent examples is when you you know, when you delete data, can you actually prove the data is deleted with a hundred percent certainty? You got to prove that and a lot of other issues. So looking at this slide, maybe you could take us through your thinking on data sovereignty. >> Perfect, so for us, data sovereignty is only one of the three pillars of digital sovereignty. And I don't want to give the impression that confidential computing addresses at all. That's why we want to step back and say, hey, digital sovereignty includes data sovereignty where we are giving you full control and ownership of the location, encryption, and access to your data. Operational sovereignty where the goal is to give our Google Cloud customers full visibility and control over the provider operations, right? So if there are any updates on hardware, software, stack, any operations, that is full transparency, full visibility. And then the third pillar is around software sovereignty where the customer wants to ensure that they can run their workloads without dependency on the provider's software. So they have sometimes is often referred as survivability that you can actually survive if you are untethered to the Cloud and that you can use open source. Now let's take a deep dive on data sovereignty, which by the way is one of my favorite topics. And we typically focus on saying, hey, we need to care about data residency. We care where the data resides because where the data is at rest or in processing it typically abides to the jurisdiction, the regulations of the jurisdiction where the data resides. And others say, hey, let's focus on data protection. We want to ensure the confidentiality and integrity and availability of the data which confidential computing is at the heart of that data protection. But it is yet another element that people typically don't talk about when talking about data sovereignty, which is the element of user control. And here Dave, is about what happens to the data when I give you access to my data. And this reminds me of security two decades ago, even a decade ago, where we started the security movement by putting firewall protections and login accesses. But once you were in, you were able to do everything you wanted with the data, an insider had access to all the infrastructure, the data, and the code. And that's similar because with data sovereignty we care about whether it resides, who is operating on the data. But the moment that the data is being processed, I need to trust that the processing of the data will abide by user control, by the policies that I put in place of how my data is going to be used. And if you look at a lot of the regulation today and a lot of the initiatives around the International Data Space Association, IDSA, and Gaia X, there is a movement of saying the two parties, the provider of the data and the receiver of the data going to agree on a contract that describes what my data can be used for. The challenge is to ensure that once the data crosses boundaries, that the data will be used for the purposes that it was intended and specified in the contract. And if you actually bring together, and this is the exciting part, confidential computing together with policy enforcement. Now the policy enforcement can guarantee that the data is only processed within the confines of a confidential computing environment. That the workload is cryptographically verified that there is the workload that was meant to process the data and that the data will be only used when abiding to the confidentiality and integrity, safety of the confidential computing environment. And that's why we believe confidential computing is one, necessary and essential technology that will allow us to ensure data sovereignty especially when it comes to user control. >> Thank you for that. I mean it was a deep dive, I mean brief, but really detailed, so I appreciate that, especially the verification of the enforcement. Last question, I met you two because as part of my year end prediction post you guys sent in some predictions, and I wasn't able to get to them in the predictions post. So I'm thrilled that you were able to make the time to come on the program. How widespread do you think the adoption of confidential computing will be in '23 and what's the maturity curve look like, you know, this decade in, in your opinion? Maybe each of you could give us a brief answer. >> So my prediction in five, seven years as I started, it'll become utility. It'll become TLS. As of, again, 10 years ago we couldn't believe that websites will have certificates and we will support encrypted traffic. Now we do, and it's become ubiquity. It's exactly where our confidential computing is heading and heading, I don't know if we are there yet yet. It'll take a few years of maturity for us, but we'll do that. >> Thank you, and Patricia, what's your prediction? >> I would double that and say, hey, in the future, in the very near future you will not be able to afford not having it. I believe as digital sovereignty becomes ever more top of mind with sovereign states and also for multinational organizations and for organizations that want to collaborate with each other, confidential computing will become the norm. It'll become the default, If I say mode of operation, I like to compare that, today is inconceivable if we talk to the young technologists. It's inconceivable to think that at some point in history and I happen to be alive that we had data at address that was not encrypted. Data in transit, that was not encrypted. And I think that we will be inconceivable at some point in the near future that to have unencrypted data while we use. >> You know, and plus, I think the beauty of the this industry is because there's so much competition this essentially comes for free. I want to thank you both for spending some time on Breaking Analysis. There's so much more we could cover. I hope you'll come back to share the progress that you're making in this area and we can double click on some of these topics. Really appreciate your time. >> Anytime. >> Thank you so much.

>> From theCUBE Studios in Palo Alto in Boston, bringing you data-driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> Confidential computing is a technology that aims to enhance data privacy and security, by providing encrypted computation on sensitive data and isolating data, and apps that are fenced off enclave during processing. The concept of, I got to start over. I fucked that up, I'm sorry. That's not right, what I said was not right. On Dave in five, four, three. Confidential computing is a technology that aims to enhance data privacy and security by providing encrypted computation on sensitive data, isolating data from apps and a fenced off enclave during processing. The concept of confidential computing is gaining popularity, especially in the cloud computing space, where sensitive data is often stored and of course processed. However, there are some who view confidential computing as an unnecessary technology in a marketing ploy by cloud providers aimed at calming customers who are cloud phobic. Hello and welcome to this week's Wikibon Cube Insights powered by ETR. In this Breaking Analysis, we revisit the notion of confidential computing, and to do so, we'll invite two Google experts to the show. But before we get there, let's summarize briefly. There's not a ton of ETR data on the topic of confidential computing, I mean, it's a technology that's deeply embedded into silicon and computing architectures. But at the highest level, security remains the number one priority being addressed by IT decision makers in the coming year as shown here. And this data is pretty much across the board by industry, by region, by size of company. I mean we dug into it and the only slight deviation from the mean is in financial services. The second and third most cited priorities, cloud migration and analytics are noticeably closer to cybersecurity in financial services than in other sectors, likely because financial services has always been hyper security conscious, but security is still a clear number one priority in that sector. The idea behind confidential computing is to better address threat models for data in execution. Protecting data at rest and data in transit have long been a focus of security approaches, but more recently, silicon manufacturers have introduced architectures that separate data and applications from the host system, ARM, Intel, AMD, Nvidia and other suppliers are all on board, as are the big cloud players. Now, the argument against confidential computing is that it narrowly focuses on memory encryption and it doesn't solve the biggest problems in security. Multiple system images, updates, different services and the entire code flow aren't directly addressed by memory encryption. Rather to truly attack these problems, many believe that OSs need to be re-engineered with the attacker and hacker in mind. There are so many variables and at the end of the day, critics say the emphasis on confidential computing made by cloud providers is overstated and largely hype. This tweet from security researcher Rodrigo Bronco, sums up the sentiment of many skeptics. He says, "Confidential computing is mostly a marketing campaign from memory encryption. It's not driving the industry towards the hard open problems. It is selling an illusion." Okay. Nonetheless, encrypting data in use and fencing off key components of the system isn't a bad thing, especially if it comes with the package essentially for free. There has been a lack of standardization and interoperability between different confidential computing approaches. But the confidential computing consortium was established in 2019 ostensibly to accelerate the market and influence standards. Notably, AWS is not part of the consortium, likely because the politics of the consortium were probably a conundrum for AWS because the base technology defined by the consortium is seen as limiting by AWS. This is my guess, not AWS' words. But I think joining the consortium would validate a definition which AWS isn't aligned with. And two, it's got to lead with this Annapurna acquisition. It was way ahead with ARM integration, and so it's probably doesn't feel the need to validate its competitors. Anyway, one of the premier members of the confidential computing consortium is Google, along with many high profile names, including Aem, Intel, Meta, Red Hat, Microsoft, and others. And we're pleased to welcome two experts on confidential computing from Google to unpack the topic. Nelly Porter is Head of Product for GCP Confidential Computing and Encryption and Dr. Patricia Florissi is the Technical Director for the Office of the CTO at Google Cloud. Welcome Nelly and Patricia, great to have you. >> Great to be here. >> Thank you so much for having us. >> You're very welcome. Nelly, why don't you start and then Patricia, you can weigh in. Just tell the audience a little bit about each of your roles at Google Cloud. >> So I'll start, I'm owning a lot of interesting activities in Google and again, security or infrastructure securities that I usually own. And we are talking about encryption, end-to-end encryption, and confidential computing is a part of portfolio. Additional areas that I contribute to get with my team to Google and our customers is secure software supply chain because you need to trust your software. Is it operate in your confidential environment to have end-to-end security, about if you believe that your software and your environment doing what you expect, it's my role. >> Got it. Okay, Patricia? >> Well, I am a Technical Director in the Office of the CTO, OCTO for short in Google Cloud. And we are a global team, we include former CTOs like myself and senior technologies from large corporations, institutions and a lot of success for startups as well. And we have two main goals, first, we walk side by side with some of our largest, more strategic or most strategical customers and we help them solve complex engineering technical problems. And second, we advice Google and Google Cloud Engineering, product management on emerging trends and technologies to guide the trajectory of our business. We are unique group, I think, because we have created this collaborative culture with our customers. And within OCTO I spend a lot of time collaborating with customers in the industry at large on technologies that can address privacy, security, and sovereignty of data in general. >> Excellent. Thank you for that both of you. Let's get into it. So Nelly, what is confidential computing from Google's perspective? How do you define it? >> Confidential computing is a tool and one of the tools in our toolbox. And confidential computing is a way how we would help our customers to complete this very interesting end-to-end lifecycle of the data. And when customers bring in the data to cloud and want to protect it as they ingest it to the cloud, they protect it at rest when they store data in the cloud. But what was missing for many, many years is ability for us to continue protecting data and workloads of our customers when they run them. And again, because data is not brought to cloud to have huge graveyard, we need to ensure that this data is actually indexed. Again, there is some insights driven and drawn from this data. You have to process this data and confidential computing here to help. Now we have end-to-end protection of our customer's data when they bring the workloads and data to cloud thanks to confidential computing. >> Thank you for that. Okay, we're going to get into the architecture a bit, but before we do Patricia, why do you think this topic of confidential computing is such an important technology? Can you explain? Do you think it's transformative for customers and if so, why? >> Yeah, I would maybe like to use one thought, one way, one intuition behind why confidential computing matters because at the end of the day, it reduces more and more the customer's thrush boundaries and the attack surface. That's about reducing that periphery, the boundary in which the customer needs to mind about trust and safety. And in a way is a natural progression that you're using encryption to secure and protect data in the same way that we are encrypting data in transit and at rest. Now, we are also encrypting data while in the use. And among other beneficials, I would say one of the most transformative ones is that organizations will be able to collaborate with each other and retain the confidentiality of the data. And that is across industry, even though it's highly focused on, I wouldn't say highly focused but very beneficial for highly regulated industries, it applies to all of industries. And if you look at financing for example, where bankers are trying to detect fraud and specifically double finance where a customer is actually trying to get a finance on an asset, let's say a boat or a house, and then it goes to another bank and gets another finance on that asset. Now bankers would be able to collaborate and detect fraud while preserving confidentiality and privacy of the data. >> Interesting and I want to understand that a little bit more but I got to push you a little bit on this, Nellie if I can, because there's a narrative out there that says confidential computing is a marketing ploy I talked about this up front, by cloud providers that are just trying to placate people that are scared of the cloud. And I'm presuming you don't agree with that, but I'd like you to weigh in here. The argument is confidential computing is just memory encryption, it doesn't address many other problems. It is over hyped by cloud providers. What do you say to that line of thinking? >> I absolutely disagree as you can imagine Dave, with this statement. But the most importantly is we mixing a multiple concepts I guess, and exactly as Patricia said, we need to look at the end-to-end story, not again, is a mechanism. How confidential computing trying to execute and protect customer's data and why it's so critically important. Because what confidential computing was able to do, it's in addition to isolate our tenants in multi-tenant environments the cloud offering to offer additional stronger isolation, they called it cryptographic isolation. It's why customers will have more trust to customers and to other customers, the tenants running on the same host but also us because they don't need to worry about against rats and more malicious attempts to penetrate the environment. So what confidential computing is helping us to offer our customers stronger isolation between tenants in this multi-tenant environment, but also incredibly important, stronger isolation of our customers to tenants from us. We also writing code, we also software providers, we also make mistakes or have some zero days. Sometimes again us introduce, sometimes introduced by our adversaries. But what I'm trying to say by creating this cryptographic layer of isolation between us and our tenants and among those tenants, we really providing meaningful security to our customers and eliminate some of the worries that they have running on multi-tenant spaces or even collaborating together with very sensitive data knowing that this particular protection is available to them. >> Okay, thank you. Appreciate that. And I think malicious code is often a threat model missed in these narratives. You know, operator access. Yeah, maybe I trust my cloud's provider, but if I can fence off your access even better, I'll sleep better at night separating a code from the data. Everybody's ARM, Intel, AMD, Nvidia and others, they're all doing it. I wonder if Nell, if we could stay with you and bring up the slide on the architecture. What's architecturally different with confidential computing versus how operating systems and VMs have worked traditionally? We're showing a slide here with some VMs, maybe you could take us through that. >> Absolutely, and Dave, the whole idea for Google and now industry way of dealing with confidential computing is to ensure that three main property is actually preserved. Customers don't need to change the code. They can operate in those VMs exactly as they would with normal non-confidential VMs. But to give them this opportunity of lift and shift though, no changing the apps and performing and having very, very, very low latency and scale as any cloud can, some things that Google actually pioneer in confidential computing. I think we need to open and explain how this magic was actually done, and as I said, it's again the whole entire system have to change to be able to provide this magic. And I would start with we have this concept of root of trust and root of trust where we will ensure that this machine within the whole entire host has integrity guarantee, means nobody changing my code on the most low level of system, and we introduce this in 2017 called Titan. So our specific ASIC, specific inch by inch system on every single motherboard that we have that ensures that your low level former, your actually system code, your kernel, the most powerful system is actually proper configured and not changed, not tempered. We do it for everybody, confidential computing included, but for confidential computing is what we have to change, we bring in AMD or future silicon vendors and we have to trust their former, their way to deal with our confidential environments. And that's why we have obligation to validate intelligent not only our software and our former but also former and software of our vendors, silicon vendors. So we actually, when we booting this machine as you can see, we validate that integrity of all of this system is in place. It means nobody touching, nobody changing, nobody modifying it. But then we have this concept of AMD Secure Processor, it's special ASIC best specific things that generate a key for every single VM that our customers will run or every single node in Kubernetes or every single worker thread in our Hadoop spark capability. We offer all of that and those keys are not available to us. It's the best case ever in encryption space because when we are talking about encryption, the first question that I'm receiving all the time, "Where's the key? Who will have access to the key?" because if you have access to the key then it doesn't matter if you encrypted or not. So, but the case in confidential computing why it's so revolutionary technology, us cloud providers who don't have access to the keys, they're sitting in the hardware and they fed to memory controller. And it means when hypervisors that also know about this wonderful things saying I need to get access to the memories, that this particular VM I'm trying to get access to. They do not decrypt the data, they don't have access to the key because those keys are random, ephemeral and per VM, but most importantly in hardware not exportable. And it means now you will be able to have this very interesting world that customers or cloud providers will not be able to get access to your memory. And what we do, again as you can see, our customers don't need to change their applications. Their VMs are running exactly as it should run. And what you've running in VM, you actually see your memory clear, it's not encrypted. But God forbid is trying somebody to do it outside of my confidential box, no, no, no, no, no, you will now be able to do it. Now, you'll see cyber test and it's exactly what combination of these multiple hardware pieces and software pieces have to do. So OS is also modified and OS is modified such way to provide integrity. It means even OS that you're running in your VM box is not modifiable and you as customer can verify. But the most interesting thing I guess how to ensure the super performance of this environment because you can imagine Dave, that's increasing and it's additional performance, additional time, additional latency. So we're able to mitigate all of that by providing incredibly interesting capability in the OS itself. So our customers will get no changes needed, fantastic performance and scales as they would expect from cloud providers like Google. >> Okay, thank you. Excellent, appreciate that explanation. So you know again, the narrative on this is, well, you've already given me guarantees as a cloud provider that you don't have access to my data, but this gives another level of assurance, key management as they say is key. Now humans aren't managing the keys, the machines are managing them. So Patricia, my question to you is in addition to, let's go pre-confidential computing days, what are the sort of new guarantees that these hardware based technologies are going to provide to customers? >> So if I am a customer, I am saying I now have full guarantee of confidentiality and integrity of the data and of the code. So if you look at code and data confidentiality, the customer cares and they want to know whether their systems are protected from outside or unauthorized access, and that we covered with Nelly that it is. Confidential computing actually ensures that the applications and data antennas remain secret. The code is actually looking at the data, only the memory is decrypting the data with a key that is ephemeral, and per VM, and generated on demand. Then you have the second point where you have code and data integrity and now customers want to know whether their data was corrupted, tempered with or impacted by outside actors. And what confidential computing ensures is that application internals are not tempered with. So the application, the workload as we call it, that is processing the data is also has not been tempered and preserves integrity. I would also say that this is all verifiable, so you have attestation and this attestation actually generates a log trail and the log trail guarantees that provides a proof that it was preserved. And I think that the offers also a guarantee of what we call sealing, this idea that the secrets have been preserved and not tempered with, confidentiality and integrity of code and data. >> Got it. Okay, thank you. Nelly, you mentioned, I think I heard you say that the applications is transparent, you don't have to change the application, it just comes for free essentially. And we showed some various parts of the stack before, I'm curious as to what's affected, but really more importantly, what is specifically Google's value add? How do partners participate in this, the ecosystem or maybe said another way, how does Google ensure the compatibility of confidential computing with existing systems and applications? >> And a fantastic question by the way, and it's very difficult and definitely complicated world because to be able to provide these guarantees, actually a lot of work was done by community. Google is very much operate and open. So again our operating system, we working this operating system repository OS is OS vendors to ensure that all capabilities that we need is part of the kernels are part of the releases and it's available for customers to understand and even explore if they have fun to explore a lot of code. We have also modified together with our silicon vendors kernel, host kernel to support this capability and it means working this community to ensure that all of those pages are there. We also worked with every single silicon vendor as you've seen, and it's what I probably feel that Google contributed quite a bit in this world. We moved our industry, our community, our vendors to understand the value of easy to use confidential computing or removing barriers. And now I don't know if you noticed Intel is following the lead and also announcing a trusted domain extension, very similar architecture and no surprise, it's a lot of work done with our partners to convince work with them and make this capability available. The same with ARM this year, actually last year, ARM announced future design for confidential computing, it's called confidential computing architecture. And it's also influenced very heavily with similar ideas by Google and industry overall. So it's a lot of work in confidential computing consortiums that we are doing, for example, simply to mention, to ensure interop as you mentioned, between different confidential environments of cloud providers. They want to ensure that they can attest to each other because when you're communicating with different environments, you need to trust them. And if it's running on different cloud providers, you need to ensure that you can trust your receiver when you sharing your sensitive data workloads or secret with them. So we coming as a community and we have this at Station Sig, the community-based systems that we want to build, and influence, and work with ARM and every other cloud providers to ensure that they can interop. And it means it doesn't matter where confidential workloads will be hosted, but they can exchange the data in secure, verifiable and controlled by customers really. And to do it, we need to continue what we are doing, working open and contribute with our ideas and ideas of our partners to this role to become what we see confidential computing has to become, it has to become utility. It doesn't need to be so special, but it's what what we've wanted to become. >> Let's talk about, thank you for that explanation. Let's talk about data sovereignty because when you think about data sharing, you think about data sharing across the ecosystem in different regions and then of course data sovereignty comes up, typically public policy, lags, the technology industry and sometimes it's problematic. I know there's a lot of discussions about exceptions but Patricia, we have a graphic on data sovereignty. I'm interested in how confidential computing ensures that data sovereignty and privacy edicts are adhered to, even if they're out of alignment maybe with the pace of technology. One of the frequent examples is when you delete data, can you actually prove the data is deleted with a hundred percent certainty, you got to prove that and a lot of other issues. So looking at this slide, maybe you could take us through your thinking on data sovereignty. >> Perfect. So for us, data sovereignty is only one of the three pillars of digital sovereignty. And I don't want to give the impression that confidential computing addresses it at all, that's why we want to step back and say, hey, digital sovereignty includes data sovereignty where we are giving you full control and ownership of the location, encryption and access to your data. Operational sovereignty where the goal is to give our Google Cloud customers full visibility and control over the provider operations, right? So if there are any updates on hardware, software stack, any operations, there is full transparency, full visibility. And then the third pillar is around software sovereignty, where the customer wants to ensure that they can run their workloads without dependency on the provider's software. So they have sometimes is often referred as survivability that you can actually survive if you are untethered to the cloud and that you can use open source. Now, let's take a deep dive on data sovereignty, which by the way is one of my favorite topics. And we typically focus on saying, hey, we need to care about data residency. We care where the data resides because where the data is at rest or in processing need to typically abides to the jurisdiction, the regulations of the jurisdiction where the data resides. And others say, hey, let's focus on data protection, we want to ensure the confidentiality, and integrity, and availability of the data, which confidential computing is at the heart of that data protection. But it is yet another element that people typically don't talk about when talking about data sovereignty, which is the element of user control. And here Dave, is about what happens to the data when I give you access to my data, and this reminds me of security two decades ago, even a decade ago, where we started the security movement by putting firewall protections and logging accesses. But once you were in, you were able to do everything you wanted with the data. An insider had access to all the infrastructure, the data, and the code. And that's similar because with data sovereignty, we care about whether it resides, who is operating on the data, but the moment that the data is being processed, I need to trust that the processing of the data we abide by user's control, by the policies that I put in place of how my data is going to be used. And if you look at a lot of the regulation today and a lot of the initiatives around the International Data Space Association, IDSA and Gaia-X, there is a movement of saying the two parties, the provider of the data and the receiver of the data going to agree on a contract that describes what my data can be used for. The challenge is to ensure that once the data crosses boundaries, that the data will be used for the purposes that it was intended and specified in the contract. And if you actually bring together, and this is the exciting part, confidential computing together with policy enforcement. Now, the policy enforcement can guarantee that the data is only processed within the confines of a confidential computing environment, that the workload is in cryptographically verified that there is the workload that was meant to process the data and that the data will be only used when abiding to the confidentiality and integrity safety of the confidential computing environment. And that's why we believe confidential computing is one necessary and essential technology that will allow us to ensure data sovereignty, especially when it comes to user's control. >> Thank you for that. I mean it was a deep dive, I mean brief, but really detailed. So I appreciate that, especially the verification of the enforcement. Last question, I met you two because as part of my year-end prediction post, you guys sent in some predictions and I wasn't able to get to them in the predictions post, so I'm thrilled that you were able to make the time to come on the program. How widespread do you think the adoption of confidential computing will be in '23 and what's the maturity curve look like this decade in your opinion? Maybe each of you could give us a brief answer. >> So my prediction in five, seven years as I started, it will become utility, it will become TLS. As of freakin' 10 years ago, we couldn't believe that websites will have certificates and we will support encrypted traffic. Now we do, and it's become ubiquity. It's exactly where our confidential computing is heeding and heading, I don't know we deserve yet. It'll take a few years of maturity for us, but we'll do that. >> Thank you. And Patricia, what's your prediction? >> I would double that and say, hey, in the very near future, you will not be able to afford not having it. I believe as digital sovereignty becomes ever more top of mind with sovereign states and also for multinational organizations, and for organizations that want to collaborate with each other, confidential computing will become the norm, it will become the default, if I say mode of operation. I like to compare that today is inconceivable if we talk to the young technologists, it's inconceivable to think that at some point in history and I happen to be alive, that we had data at rest that was non-encrypted, data in transit that was not encrypted. And I think that we'll be inconceivable at some point in the near future that to have unencrypted data while we use. >> You know, and plus I think the beauty of the this industry is because there's so much competition, this essentially comes for free. I want to thank you both for spending some time on Breaking Analysis, there's so much more we could cover. I hope you'll come back to share the progress that you're making in this area and we can double click on some of these topics. Really appreciate your time. >> Anytime. >> Thank you so much, yeah. >> In summary, while confidential computing is being touted by the cloud players as a promising technology for enhancing data privacy and security, there are also those as we said, who remain skeptical. The truth probably lies somewhere in between and it will depend on the specific implementation and the use case as to how effective confidential computing will be. Look as with any new tech, it's important to carefully evaluate the potential benefits, the drawbacks, and make informed decisions based on the specific requirements in the situation and the constraints of each individual customer. But the bottom line is silicon manufacturers are working with cloud providers and other system companies to include confidential computing into their architectures. Competition in our view will moderate price hikes and at the end of the day, this is under-the-covers technology that essentially will come for free, so we'll take it. I want to thank our guests today, Nelly and Patricia from Google. And thanks to Alex Myerson who's on production and manages the podcast. Ken Schiffman as well out of our Boston studio. Kristin Martin and Cheryl Knight help get the word out on social media and in our newsletters, and Rob Hoof is our editor-in-chief over at siliconangle.com, does some great editing for us. Thank you all. Remember all these episodes are available as podcasts. Wherever you listen, just search Breaking Analysis podcast. I publish each week on wikibon.com and siliconangle.com where you can get all the news. If you want to get in touch, you can email me at david.vellante@siliconangle.com or DM me at D Vellante, and you can also comment on my LinkedIn post. Definitely you want to check out etr.ai for the best survey data in the enterprise tech business. I know we didn't hit on a lot today, but there's some amazing data and it's always being updated, so check that out. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching and we'll see you next time on Breaking Analysis. (subtle music)

>> narrator: From Las Vegas it's theCUBE covering IBM Think 2018. Brought to you by IBM. >> We're back at IBM Think 2018. My name is Dave Vellante. I'm here with Peter Burris, my co-host, and you're watching theCUBE, the leader in live tech coverage. Our day two of our wall to wall coverage of IBM Think. Madhu Kochar is here. She's the Vice President of Analytics, Product Development at IBM and she's joined by Pat Maqetuka >> Close enough. She's a data officer at Nedbank. Ladies, welcome to theCUBE. You have to say your last name for me. >> Patricia Maqetuka. >> Oh, you didn't click >> I did! >> Do it again. >> Maqetuka. >> Amazing. I wish I could speak that language. Well, welcome. >> Madhu & Pat: Thank you. >> Good to see you again. >> Madhu: Thank you. >> Let's start with IBM Think. New show for you guys you consolidated, you know, six big tent events into one. There's a lot of people, there's too many people, to count I've been joking. 30, 40 thousand people, we're not quite sure, but how's the event going for you? What are clients telling you? >> Yeah, no, I mean, to your point, yes, we brought in all three big pillars together; a lot of folks here. From data and analytics perspective, an amazing, amazing event for us. Highlights from yesterday with Arvind Krishna on our research. What's happening. You know, five for five, that was really inspiring for all of us. You know, looking into the future, and it's not all about technology, was all about how we are here to help protect the world and change the world. So that as a, as a gige, as an engineer, that was just so inspiring. And as I was talking to our clients, they walk away with IBM as really a solution provider and helping, so that was really good. I think today's, Ginni's, keynote was very inspiring, as well. From our clients, we got some of our key clients, you know, Nedbank is here with us, and we've been talking a lot about our future, our strategy. We just announced, Ginni actually announced, our new product, IBM Cloud Private for Data. Everything around data, you know, where we are really bringing the power of data and analytics all together on a private cloud. So that's a huge announcement for us, and we've been talking a lot with our clients and the strategies resonating and particularly, where I come from in terms of the co-ordinance and integration space, this is definitely becoming now the "wow" factor because it helps stitch the entire solutions together and provide, you know, better insights to the data. >> Pat from your perspective, you're coming from Johannesburg so you probably like the fact that there's all IBM in one, so you don't have to come back to three or four conferences every year, but love your perspectives on that, and can you please tell us about Nedbank and your role as Chief Data Officer. >> Nedbank is one of the big five financial banks in South Africa. I've been appointed as the CDO about 18 months ago, so it's a new role in the bank per say. However, we're going through tremendous transformation in the bank and especially our IT eco-system has been transformed because we need to keep up with what is happening in the IT world. >> Are you the banks first Chief Data Officer? >> Definitely yes. I'm the first. >> Okay. So, you're a pioneer. I have to ask you then, so where did you start when you took over as the Chief Data Officer? I mean banking is one of those industries that tends to be more Chief Data Officer oriented, but it's a new role, so where did you start? >> Well we are not necessary new in the data, per say. We have had traditional data warehousing functions in the organization with traditional warehousing or data roles in the organization. However, the Chief Data role was never existent in the bank and actual fact, the bank appointed two new roles 18 months ago. One of them was the Chief Digital Officer, who is my colleague, and myself being appointed as the Chief Data Officer. >> Interesting, okay. I talked to somebody from Northern Trust yesterday and she was the lead data person and she said, "I had to start with a mission. We had to find the mission first and then we looked at the team, and then we evolved into, how we contribute to the business, how we improve data quality, who has access, what skills we needed." Does that seem like a logical progression and did you take a similar path? >> I think every bank will look at it differently or every institution. However, from a Nedbank perspective, we were given the gift by the regulator in bringing the BCBS 239 compliancy into play, so what the bank then did, how do we leverage, not just being compliant, but leveraging the data to create competitive advantage, and to create new sources of revenue. >> Okay. Let's talk about, Madhu we talked about this in New York City, you know, governance, compliance, kind of an evil word to a lot of business people. Although, your contention was "Look, it's reality. You can actually turn it into a positive." So talk about that a little bit and then we can tie it into Nedbank's experiences. >> Yeah, so I firmly believe in, you know, in the past governance 1.0 was all about compliance and regulations, very critical, but that's all we drew. I believe now, it's all about governance 2.0, where it's not just the compliance, but how do I drive insights, you know, so data is so, so critical from that perspective, and driving insights quicker to your businesses, is going to be very important, so as we engage with Nedbank and other clients as well, they are turning that because they are incumbents. They know their data, they've got a lot of data, you know, some of, they know sitting in structure, law structure land, and it's really, really important that they quickly able to assess what's in it, classify it, right, and then quickly deliver the results to the businesses, which they're looking for, so we're, I believe in lieu of governance 2.0, and compliance and regulations are always going to be with us, and we're making, actually, a lot of improvements in our technology, introducing machine learning, how we can do these things faster and quicker. >> So one of the first modern pieces of work that Peter and I did was around data classification and that seems to be, I heard this theme before, it seems to be a component or a benefit of putting governance in place. That you can automate data classification and use it to affect policy, but Pat, from your standpoint, how do you approach governance, what are the business benefits beyond "we have to do this"? >> Like I earlier on alluded to, we took the regulation as a gift and said, "How do we turn this regulation into benefits for the organization?" So in looking at the regulation we then said, "How do we then structure the approach?" So we looked at the two prompts. The first was, the right to win. The right to win meaning that we are able to utilize the right to compete approach from a regulation perspective, to create a platform and a foundation for analytics for our organization. We also created the blueprint for our enterprise data program and in the blueprint, we also came up with key nine principles of what it means to stay true to our data. I.e. you mentioned classification, you mentioned data politic, you mentioned lineage. Those are the key aspects within our principles. The other key principle we also indicated was the issue around duplication. How do we ensure that we describe data once, we ingest it once, but we use it multiple times to answer different questions, and as you are aware, in analytics, the more you mine the data, the more inquisitive you become, so it is, (clears throat) Sorry. It's not been from data to information, information to insight, and eventually insights to foresight, so looking into the future, and now you bring it back into data. >> And also some points that you've made Pat, so the concept is, one of the challenges of using the fuel example, is that governance of fuel, is still governance of a thing. You can apply it here, you can apply it there, you can't apply it to both places. Data's different and you were very, very accurate when you said "We wanted to find it once, we want to ingest it once, we want to use it multiple times". That places a very different set of conditions on the types of governance and in many respects, in the past, other types of assets where there is this sense of scarcity, it is a problem, but one of the things that I'm, and this is a question, is the opportunity, you said the regulatory opportunity, is the opportunity, because data can be shared, should we start treating governance really as a way of thinking about how to generate value out of data, and not a way of writing down the constraints of how we use it. What do you think about that? >> I think you are quite right with that because the more you give the people the opportunity to go and explore, so you unleash empowerment, you unleash freedom for them to go and explore. They will not see governance as a stick like I initially indicated, but they see it as business as usual, so it will come natural. However, it doesn't happen overnight. People need to be matured, organization is to be matured. Now, the first step you have to do is to create those policies, create awareness around the policies, and make sure that the people who are utilizing the data are trained in to what are the do's and the don'ts. We are fully aware that cyber security's one of our biggest threats, so you can also not look at how you create security around your data. People knowing that how I use my data it is an asset of the bank and not an asset of an individual. >> I know you guys have to go across the street, but I wanted to get this in. You're a global analytics global elite client; I want to understand what the relationship is. I mean, IBM, why IBM, maybe make a few comments about your relationship with the company. >> I think we as Nedbank, we are privileged, actually, to be inculcated into this global elite program of IBM. That has helped me in actual, in advancing what we need to do from a data perspective because anytime I can pick up a phone to collaborate with the IBM MaaS, I can pick up the phone whenever I need support, I need guidance. I don't have to struggle alone because they've done it with all the other clients before, so why should I reinvent the wheel, whereas someone else has done it, so let me tap into that, so that that can progress quicker than try it first. >> Alright. Madhu, we'll give you the final word. On Think and your business and your priorities. >> So, Think is amazing, you know, the opportunity to meet with all our clients and coming from product development, talking about our strategy and getting that validation is just good, you know, sharing open road maps with clients like Nedbank and our other global elites, you know. It gives us an opportunity, not just sharing of the road maps, but actually a lot of co-creation, right, to take us into the future, so I'm having a blast. I got to go run over and meet a few other clients, but thank you for having us over here. It's a pleasure. >> You're very welcome and thank you so much for coming on and telling your story, Pat, and Madhu, always a pleasure to see you. >> Thank you. >> Alright, got to get in your high horse and go. Thanks for watching everybody, we'll be right back after this short break. You're watching theCUBE live from IBM Think 2018. We'll be right back. (electronic music)