(upbeat music) >> Welcome back to The Cube's coverage of Fal.Con 22. I'm Dave Vellante with Dave Nicholson. This is day one of our coverage. We had the big keynotes this morning. Derek Jeter was one of the keynotes. We have a big Yankee fan here: George Kurtz is the co-founder and CEO of CrowdStrike. George, thanks for coming on The Cube. >> It's great to be here. >> Boston fan, you know, I tweeted out Derek Jeter. He broke my heart many times, but I can't hate on Jeter. You got to have respect for the guy. >> Well, I still remember I was in Japan when Boston was down you know, by three games and came back to win. So I've got my own heartbreak as well. >> It did heal some wounds, but it almost changed the rivalry, you know? I mean, >> Yeah. >> Once, it's kind of neutralized it, you know? It's just not as interesting. I mean, I'm a season ticket holder. I go to all the games and Yankee games are great. A lot of it used to be, you would never walk into Fenway park with, you know pin stripes, when today there's as many Yankee fans as there are... >> I know. >> Boston fans. Anyway, at Fenway, I mean. >> Yeah. >> Why did you start CrowdStrike? >> Biggest thing for me was to really change the game in how people were looking at security. And at my previous company, I think a lot of people were buying security and not getting the outcome that they wanted. Not- I got acquired by a company, not my first company. So, to be clear, and before I started CrowdStrike, I was in the antivirus world, and they were spending a lot of money with antivirus vendors but not getting the outcome I thought they should achieve, which is to stop the breach, not just stop malware. And for me, security should be outcome based not sort of product based. And the biggest thing for us was how could we create the sales force of security that was focused on getting the right outcome: stopping the breach. >> And the premise, I've seen it, the unstoppable breach is a myth. No CSOs don't live by that mantra, but you do. How are you doing on that journey? >> Well I think, look, there's no 100% of anything in security, but what we've done is really created a platform that's focused on identifying and stopping breaches as well as now, extending that out into helping IT identify assets and their hygiene and basically providing more visibility into IT assets. So, we talked about the convergence of that. Maybe we'll get into it, but. >> Dave Vellante: Sure. >> We're doing pretty well. And from our standpoint, we've got a lot of customers, almost 20,000, that rely on us day to day to help stop the breach. >> Well, and when you dig into the CrowdStrike architecture, what's so fascinating is, you know, Dave, we've talked about this: agent bad. Well, not necessarily, if you can have a lightweight agent that can scale and support a number of modules, then you can consolidate all these point tools out there. You talked about in your keynote, your pillars, workloads, which really end points >> Right. >> ID, which we're going to talk about. Identity data and network security. You're not a network security specialist, >> Right. >> But the other three, >> Yes. >> You're knocking down. >> Yeah. >> You guys went deep into that today. Talk about that. >> We did, most folks are going to know us for endpoint and Cloud workload protection and visibility. We did an acquisition almost two years to the day on preempt. And that was our identity play, identity threat protection and detection. And that really turned out to be a smart move, because it's the hottest topic right now. If you look at all the breaches over the last couple years, it's all identity based. Big, big talking points in our keynotes today. >> Dave Vellante: Right. >> And then the third area is on data, and data is really the you know, the new currency that people trade in. So how do you identify and protect endpoints and workloads? How do you tie that together with identity, as well as understanding how you connect the dots and the data and where data flows? And that's really been our focus and we continue to deliver on that for customers. >> And you've had a real dogma, I'll call it, about Cloud Native. I've had this conversation with Frank Slootman, "No we're not going to do a halfway house." You, I think, said it really well today. I think it was you who said it. If you've got On-Prem and Cloud, you got two code bases, >> George Kurtz: Right. >> That you got to maintain. >> That's it, yeah. >> And that means you're taking away resources from one or the other. >> That's exactly right. And what a lot of our competitors have done is they started On-Prem as an AV vendor, and then they took what they had and they basically put it in a Cloud instance called a Cloud, which doesn't really scale. And then, you know, where they need to, they basically still keep their On-Prem, and that just diffuses your engineering team. And most of the On-Prem stuff doesn't even have the features of what they're trying to offer from the Cloud. So either you're Cloud Native or you're not. You can't be halfway. >> But it doesn't mean that you can't include and ingest On-Prem data- >> Well, absolutely. >> into your platform, and that's what I think most people just some reason don't seem to understand. >> Well our agents run wherever. They certainly run On-Prem. >> Dave Vellante: Right. Right. >> And they run in the Cloud, they run wherever. But the crowd in the CrowdStrike is the fact that we can crowdsource this threat information at scale into our threat graph, which gives us unique insight, 7 trillion events per week. And you can't do that if you're not Cloud Native. And that crowd gives the, we call, community immunity. We see all kinds of attacks across 176 different countries. That benefit accrues to all of our customers. >> But how do you envision and maintain and preserve a lightweight agent that can support so many modules? As you do more acquisitions and you knock down new areas and bring in new functionality, go after things like operations technology, how is it that you're able to keep that agent lightweight? >> Well, we started as a platform company, meaning that the whole idea was we're going to build a lightweight agent. First iteration had no security capabilities. It was collect data, get it into a common data architecture or threat graph, in one spot. And then once we had the data then we applied AI to it and we created different workflows. So, the first incarnation was get data into the Cloud at scale. And that still holds true today. So if you think about why we can actually have all these different modules without an impact on the performance, it's we collect data one time. It's a threat data, you know? We're not collecting user data, but threat data collection mechanism. Once we have all that data, then we can slice and dice and create other modules. So the new modules never have to even touch the agent 'cause we've already collected the data. >> I'm going to just keep going, Dave, unless you shove your way in. >> No, no, go ahead. No, no, no. I'm waiting to pounce. >> But okay, so, I think, George, but George, I need to ask you about a comment that you made about we're not just shoving it into a data lake. But you are collecting all the data. Can you explain that nuance? >> Yeah. So there's a difference between a collect and forward agent. It means they just collect a bunch of data. They'll probably store it in a lot of space on the endpoint. It's slow and cumbersome, and then they'll forward it up into another data lake. So you have no context going into no context. Our agent is a smart agent, which actually allows us to always track the context of all these processes in what's happening on the endpoint. And it's a mini graph, meaning we keep track of the relationships. And as we ship that contextual information to the Cloud, we never lose that context. And then it goes into the bigger graph database, always with the same level of context. So, we keep the context of each individual workload or endpoint, and then across the Cloud, we have the context of all of those put together. It's massive. And that allows us to create different insights rather than a data lake, which is, you know, you're looking for, you're creating a bigger needle stack looking for needles. >> And I'm envisioning almost an index that is super, super fast. I mean, you're talking about sub, well second kind of near real time responses, correct? >> Absolutely. So a lot of what we do in terms of protection is already pushed down to the endpoint , 'cause it has intelligence and the AI model. And then again, the Cloud is always looking for different anomalies, not only on each individual endpoint or workload, but across the entire spectrum of our customer base. And that's all real time. It continually self-learns from all the data we collect. >> So when, yeah, when you've made these architectural decisions over time, there was a time when saying that you needed to run an agent could be a deal killer somewhere for people who argued against that. >> George Kurtz: Right. >> You've made the right decision there, clearly. Having everything be crowdsourced into Cloud makes perfect sense. Has that, though, posed a challenge from a sovereignty perspective? If you were deploying stuff On-Prem all over the place, you don't need to worry about that. Everything is here >> George Kurtz: Yeah. >> in a given country. How do you address the challenges of sovereignty when these agents are sending data into some sort of centralized Cloud space that crosses boundaries? >> Well, yeah, I guess what we would, let me go back to the beginning. So I started company in 2011 and I had to convince people that delivering endpoint security from the Cloud was going to be a good thing. >> Dave Vellante: Right. (chuckles) >> You know, you go into a Swiss bank and a bunch of other places and they're like, you're crazy. Right? >> Dave Nicholson: Right. >> They all became customers afterwards, right? And you have to just look at what they're doing. And the question I would have in the early days is, well, let me ask you are you using Dropbox, Box? Are you using a Microsoft? You know, what are you using? Well, they're all sending data to the Cloud. So good news! You already have a model, you've already approved that, right? So let's talk about our benefit. And you know, you can either have an adversary steal your data or you can send threat data to our Cloud, which by the way is in a lot of sovereign Clouds that are out there. And when you actually break it down to what we're sending to the Cloud, it's threat data, right? It isn't user files and documents and stuff. It's threat data. So, we work through all of that. And the Cloud is bigger than CrowdStrike. So you look at Sales Force, Service Now, Workday, et cetera. That's being used all over the place, Box, Dropbox. We just tagged onto it. Like why shouldn't security be the platform of record, and why shouldn't CrowdStrike be the platform of record and be the pillar of Cloud security? >> Explain your observability strategy, 'cause you acquired Humio for, I mean, I think it was $400 million, which is a song. >> Yeah. >> And then Reposify is the latest acquisition. I see that as an extension, 'cause it gives you visibility. Is that part of your security, of your observability play? Explain where you do play and don't play. >> Sure. Well observability is a big, you know, fluffy word. Where we play is in probably the first two areas of observability, right? There's five, kind of, pillars. We're focused on event collection. Let's get events from the endpoints. Let's get events from really anywhere in the network. And we can do that with Humio is now log scale. And then the second piece is with our agents, let's get an understanding of their, the asset itself. What is the asset? What state is it in? Does it have vulnerabilities? Does it have, you know, is it running out of disc space? Is it have, does it have a performance issue? Those are really the first two, kind of, areas of observability. We're not in application performance, we're in let's collect data from the endpoint and other sources, and let's understand if the thing is working, right? And that's a huge value for customers. And we can do that because we already have a privileged spot on the endpoint with our agent. >> Got it. Question on the TAM. Like I look at your TAMs, your charts, I love it. You know, generally do. Were you taking known data from you know, firms like IDC >> George Kurtz: Yeah. >> and saying, okay we're going to play there, now we're made this acquisition. We're new modules, now we're playing there. Awesome. I think you got a big TAM. And I guess that's, that's the point. There's no lack of market for you. >> George Kurtz: Right. >> But I do feel like there's this unknown unquantifiable piece of your TAM. IDC can't see it, 'cause they're kind of looking back >> George Kurtz: Right. >> seein' what the market do last year and we'll forecast it out. It's almost, you got to be a futurist to see it. How do you think about your total available market and the opportunity that's out there? >> Well, it's well in excess of 120 billion and we've actually updated that recently. So it's even beyond that. But if you look at all the modules each module has a discreet TAM and again, for what, you know, what we're focused on is how do you give an outcome to a customer? So a lot of the modules map back into specific TAM and product categories. When you add 'em all up and when you look at, you know, some of the new things that we're coming out with, again, it's well in excess of 120 billion. So that's why we like to say like, you know, we're not an endpoint company. We're really, truly a security platform company that was born in the Cloud. And I think if you see the growth rates, and one of the things that we've talked about, and I think you might have pointed out in prior podcasts, is we're the second fastest company to 2 billion dollars in annual recurring revenue, only behind Zoom. And you know I would argue- great company, by the way, a customer- but that was a black Swan event in a pandemic, right? >> Dave Vellante: I'll say! >> Yeah. >> So we are rarefied air when you think about the capabilities that we have and the performance and the TAM that's available to us. >> The other thing I said in my breaking analysis was 'cause you guys aspire to be a generational company. And I think you got a really good shot at being one, but to be a generational company, you have to have an ecosystem. So I'd love you to talk about the ecosystem, but where you want to see it in five years. >> Well, it really is a good point and we are a partner first company. Ecosystem is really important. Cameras probably can't see all the vendors that are here that are our partners, right? It's a big part of this show that we're at. You see a lot of, well, you see some vendors behind us. >> Yep. >> We have to realize in 2022, and I think this is something that we did well and it's my philosophy, is we are not the only game in town. We like to be, and we are, for many companies the security platform on record, but we don't do everything. We talked about network in other areas. We can't do everything. You can't be good and try to do everything. So, for customers today, what they're looking at is best of platform. And in the early days of security, I've been in it over 30 years, it used to be best of breed products, then it was best of suite, now it's best of platform. So what do I mean by that? It means that customers don't want to engineer their own solution. They, like Lego blocks, they want to pull the platforms, and they want to stitch 'em together via API. And they want to say, okay, CrowdStrike works with Okta, works with Zscaler, works with Proofpoint, et cetera. And that's what customers want. So, ecosystem is incredibly important for us. >> Explain that. You mentioned Okta, I had another question for you. I was at Reinforce, and I saw this better together presentation, CrowdStrike and Okta talking about identity. You've got an identity module. Explain to people how you're not competing with Okta. You guys complement each other, there. >> Well, an identity kind of broker, if you will, is basically what Okta does in others, right? So you log in single sign on and you get access. They broker access to all these other applications. >> Dave Vellante: Right. >> That's not what we do. What we do is we look at those endpoints and workloads and domain controllers and directory services and we figure out, are there vulnerabilities and are there threats associated with them? And we call that out. The second piece, which is critical, is we prevent lateral movement. So if credentials are stolen we can prevent those credentials from being laundered or used and moved laterally, which is a key part of how breaches happen. We then create a trust score on those endpoints and workloads. And we basically say, okay, do we think the trust on the endpoint and workload is high or low? Do we think the identity, you know, is it George on the endpoint, or not? We give that a score. And we pass that along to Okta or Ping or whoever, and they then use that as part of their calculus in how they broker access to other resources. So it really is better together. >> So your execution has been stellar. This is my competition question. You obviously have competition out there. I think architecturally, you've got some advantages. You have a great relationship with AWS. I don't know what's going on with Google, but Kevin's up on stage. >> George Kurtz: Yeah. >> They're now part of Google. >> George Kurtz: We have a great relationship with them. >> Microsoft obviously, a competitor. You obviously do some things in, >> Right. >> in Azure. Are you building the security Cloud? >> We are. We think we are, because when you look at the amount of data that we actually ingest, when you look at companies using us for critical decisions and critical protection, not only on their On-Prem, but also in their Cloud environment, and the knowledge we have, we think it is a security Cloud. You know, you had, you had Salesforce and Workday and ServiceNow and each of them had their respective Clouds. When I started the company, there was no security Cloud. You know, it wasn't any of the companies that you know. It wasn't the firewall companies, wasn't the AV companies. And I think we really defined ourselves as the security Cloud. And the level of knowledge and insights we have in our Cloud, I think, are world class. >> But you know, it's a difference of being those- 'cause you mentioned those other, you know, seminal Clouds. They, like Salesforce, Workday, they're building their own Clouds. Maybe not so much Workday, but certainly Salesforce and ServiceNow built their own >> Yeah. >> Clouds, their own data centers. You're building on top of hyperscalers, correct? >> Well, >> Well you have your own data centers, too. >> We have our own data centers, yeah. So when we first started, we started in AWS as many do, and we have a great relationship there. We continue to build out. We are a huge customer and we also have, you know, with data sovereignty and those sort of things, we've got a lot of our sort of data that sits in our private Cloud. So it's a hybrid approach and we think it's the best of both worlds. >> Okay. And you mean you can manage those costs and it's, how do you make the decision? Is it just sovereignty or is it cost as well? >> Well, there's an operational element. There's cost. There's everything. There's a lot that goes into it. >> Right. >> And at the end of the day we want to make sure that we're using the right technology in the right Clouds to solve the right problem. >> Well, George, congratulations on being back in person. That's got to feel good. >> It feels really good. >> Got a really good audience here. I don't know what the numbers are but there's many thousands here, >> Thousands, yeah. >> at the ARIA. Really appreciate your time. And thanks for having The Cube here. You guys built a great set for us. >> Well, we appreciate all you do. I enjoy your programs. And I think hopefully we've given the audience a good idea of what CrowdStrike's all about, the impact we have and certainly the growth trajectory that we're on. So thank you. >> Fantastic. All right, George Kurtz, Dave Vellante for Dave Nicholson. We're going to wrap up day one. We'll be back tomorrow, first thing in the morning, live from the ARIA. We'll see you then. (calm music)

(upbeat music) >> Okay, welcome back everyone. CUBE's coverage here in Boston, Massachusetts, AWS re:inforce 22, security conference. It's AWS' big security conference. Of course, theCUBE's here, all the reinvent, reese, remars, reinforced. We cover 'em all now and the summits. I'm John Furrier, my host Dave Vellante. We have IDC weighing in here with their analysts. We've got some great guests here, Jay Bretzmann research VP at IDC and Philip Bues research manager for Cloud security. Gentlemen, thanks for coming on. >> Thank you. >> Appreciate it. Great to be here. >> Appreciate coming. >> Got a full circle, right? (all laughing) Security's more interesting than storage, isn't it? (all laughing) >> Dave and Jay worked together. This is a great segment. I'm psyched that you guys are here. We had Crawford and Matt Eastwood on at HPE Discover a while back and really the data you guys are getting and the insights are fantastic. So congratulations to IDC. You guys doing great work. We appreciate your time. I want to get your reaction to the event and the keynotes. AWS has got some posture and they're very aggressive on some tones. Some things that we didn't hear. What's your reaction to the keynote? Share your assessment. >> So, you know, I manage two different research services at IDC right now. They are both Cloud security and identity and digital security, right? And what was really interesting is the intersection between the two this morning, because every one of those speakers that came on had something to say about identity or least privileged access, or enable MFA, or make sure that you control who gets access to what and deny explicitly. And it's always been a challenge a little bit in the identity world because a lot of people don't use MFA. And in RSA, that was another big theme at the RSA conference, MFA everywhere. Why don't they use it? Because it introduces friction and all of a sudden people can't get their jobs done. And the whole point of a network is letting people on to get that data they want to get to. So that was kind of interesting, but as we have in the industry, this shared responsibility model for Cloud computing, we've got shared responsibility for between Philip and I. (Philip laughing) I have done in the past more security of the Cloud and Philip is more security in the Cloud. >> So yeah. >> And now with Cloud operation Super Cloud, as we call it, you have on premises, private Cloud coming back, or hasn't really gone anywhere, all that on premises, Cloud operations, public Cloud, and now edge exploding with new requirements. It's really an ops challenge right now. Not so much dev. So the sec and op side is hot right now. >> Yeah, well, we've made this move from monolithic to microservices based applications. And so during the keynote this morning, the announcement around the GuardDuty Malware Protection component, and that being built into the pricing of current GuardDuty, I thought was really key. And there was also a lot of talk about partnering in security certifications, which is also so very important. So we're seeing this move towards filling in that talent gap, which I think we're all aware of in the security industry. >> So Jake, square the circle for me. So Kirk Coofell talked about Amazon AWS identity, where does AWS leave off, and companies like Okta or Ping identity or Cybertruck pickup, how are they working together? Does it just create more confusion and more tools for customers? We know the overused word of seamless. >> Yeah, yeah. >> It's never seamless, so how should we think about that? >> So, identity has been around for 35 years or something like that. Started with the mainframes and all that. And if you understand the history of it, you make more sense to the current market. You have to know where people came from and the baggage they're carrying, 'cause they're still carrying a lot of that baggage. Now, when it comes to the Cloud Service providers, they're more an accommodation from the identity standpoint. Let's make it easy inside of AWS to let you single sign on to anything in the Cloud that they have, right? Let's also introduce an additional MFA capability to keep people safer whenever we can and provide people with tools, to get into those applications somewhat easily, while leveraging identities that may live somewhere else. So there's a whole lot of the world that is still active, directory-centric, right? There's another portion of companies that were born in the Cloud that were able to jump on things like Okta and some of the other providers of these universal identities in the Cloud. So, like I said, if you understand where people came from in the beginning, you start to say, "Yeah, this makes sense." >> It's interesting you talk about mainframe. I always think about Rack F, you know. And I say, "Okay, who did what, when, where?" And you hear about a lot of those themes. So what's the best practice for MFA, that's non-SMS-based? Is it you got to wear something around your neck, is it to have sort of a third party authenticator? What are people doing that you guys would recommend? >> Yeah, one quick comment about adoption of MFA. If you ask different suppliers, what percent of your base that does SSO also does MFA, one of the biggest suppliers out there, Microsoft will tell you it's under 25%. That's pretty shocking. All the messaging that's come out about it. So another big player in the market was called Duo, Cisco bought them. >> Yep. >> And because they provide networks, a lot of people buy their MFA. They have probably the most prevalent type of MFA, it's called Push. And Push can be a red X and a green check mark to your phone, it can be a QR code, somewhere, it can be an email push as well. So that is the next easiest thing to adopt after SMS. And as you know, SMS has been denigrated by NIST and others saying, it's susceptible to man and middle attacks. It's built on a telephony protocol called SS7. Predates anything, there's no certification either side. The other real dynamic and identity is the whole adoption of PKI infrastructure. As you know, certificates are used for all kinds of things, network sessions, data encryption, well, identity increasingly. And a lot of the consumers and especially the work from anywhere, people these days have access through smart devices. And what you can do there, is you can have an agent on that smart device, generate your private key and then push out a public key and so the private key never leaves your device. That's one of the most secure ways to- >> So if our SIM card gets hacked, you're not going to be as vulnerable? >> Yeah, well, the SIM card is another challenge associated with the older ways, but yeah. >> So what do you guys think about the open source connection and they mentioned it up top. Don't bolt on security, implying shift left, which is embedding it in like sneak companies, like sneak do that. Very container oriented, a lot of Kubernetes kind of Cloud native services. So I want to get your reaction to that. And then also this reasoning angle they brought up. Kind of a higher level AI reasoning decisions. So open source, and this notion of AI reasoning. or AI reason. >> And you see more open source discussion happening, so you have your building maintaining and vetting of the upstream open source code, which is critical. And so I think AWS talking about that today, they're certainly hitting on a nerve, as you know, open source continues to proliferate. Around the automated reasoning, I think that makes sense. You want to provide guide rails and you want to provide roadmaps and you want to have sort of that guidance as to, okay, what's a correlation analysis of different tools and products? And so I think that's going to go over really well, yeah. >> One of the other key points about open source is, everybody's in a multi-cloud world, right? >> Yeah. >> And so they're worried about vendor lock in. They want an open source code base, so that they don't experience that. >> Yeah, and they can move the code around, and make sure it works well on each system. Dave and I were just talking about some of the dynamics around data control planes. So they mentioned encrypt everything which is great and I message by the way, I love that one. But oh, and he mentioned data at rest. I'm like, "What about data in flight? "Didn't hear that one." So one of the things we're seeing with SuperCloud, and now multi-cloud kind of as destinations of that, is that in digital transformation, customers are leaning into owning their data flows. >> Yeah. >> Independent of say the control plane aspects of what could come in. This is huge implications for security, where sharing data is huge, even Schmidt on stage said, we have billions and billions of things happening that we see things that no one else sees. So that implies, they're sharing- >> Quad trillion. >> Trillion, 15 zeros. (Jay laughs) >> 15 zeros. >> So that implies they're sharing that or using that pushing that into something. So sharing is huge with cyber security. So that implies open data, data flows. How do you guys see this evolving? I know it's kind of emerging, but it's becoming a nuanced point, that's critical to the architecture. >> Well, yeah, I think another way to look at that is the sharing of intelligence and some of the recent directives, from the executive branch, making it easier for private companies to share data and intelligence, which I think strengthens the cyber community overall. >> Depending upon the supplier, it's either an aggregate level of intelligence that has been anonymized or it's specific intelligence for your environment that everybody's got a threat feed, maybe two or three, right? (John laughs) But back to the encryption point, I mean, I was working for an encryption startup for a little while after I left IBM, and the thing is that people are scared of it. They're scared of key management and rotation. And so when you provide- >> Because they might lose the key. >> Exactly. >> Yeah. >> It's like shooting yourself in the foot, right? So that's when you have things like, KMS services from Amazon and stuff that really help out a lot. And help people understand, okay, I'm not alone in this. >> Yeah, crypto owners- >> They call that hybrid, the hybrid key, they don't know how they call the data, they call it the hybrid. What was that? >> Key management service? >> The hybrid- >> Oh, hybrid HSM, correct? >> Yeah, what is that? What is that? I didn't get that. I didn't understand what he meant by the hybrid post quantum key agreement. >> Hybrid post quantum key exchange. >> AWS never made a product name that didn't have four words in it. (John laughs) >> But he did reference the new NIST algos. And I think I inferred that they were quantum proof or they claim to be, and AWS was testing those. >> Correct, yeah. >> So that was kind of interesting, but I want to come back to identity for a second. So, this idea of bringing traditional IAM and Privileged Access Management together, is that a pipe dream, is that something that is actually going to happen? What's the timeframe, what's your take on that? >> So, there are aspects of privilege in every sort of identity. Back when it was only the back office that used computers for calculations, right? Then you were able to control how many people had access. There were two types of users, admins and users. These days, everybody has some aspect of- >> It's a real spectrum, really. >> Yeah. >> Granular. >> You got the C-suite, the finance people, the DevOps people, even partners and whatever. They all need some sort of privileged access, and the term you hear so much is least-privileged access, right? Shut it down, control it. So, in some of my research, I've been saying that vendors who are in the PAM space, Privilege Access Management space, will probably be growing their suites, playing a bigger role, building out a stack, because they have the expertise and the perspective that says, "We should control this better." How do we do that, right? And we've been seeing that recently. >> Is that a combination of old kind of antiquated systems meets for proprietary hyper scale, or kind of like build your own? 'Cause I mean, Amazon, these guys, Facebook, they all build their own stuff. >> Yes, they do. >> Then enterprises buy services from general purpose identity management systems. >> So as we were talking about knowing the past and whatever, Privileged Access Management used to be about compliance reporting. Just making sure that I knew who accessed what? And could prove it, so I didn't fail at all. >> It wasn't a critical infrastructure item. >> No, and now these days, what it's transitioning into, is much more risk management, okay. I know what our risk is, I'm ahead of it. And the other thing in the PAM space, was really session monitor. Everybody wanted to watch every keystroke, every screen's scrape, all that kind of stuff. A lot of the new Privileged Access Management, doesn't really require that. It's a nice to have feature. You kind of need it on the list, but is anybody really going to implement it? That's the question, right. And then if you do all that session monitoring, does anybody ever go back and look at it? There's only so many hours in the day. >> How about passwordless access? (Jay laughs) I've heard people talk about that. I mean, that's as a user, I can't wait but- >> Well, it's somewhere we want to all go. We all want identity security to just disappear and be recognized when we log in. So the thing with passwordless is, there's always a password somewhere. And it's usually part of a registration action. I'm going to register my device with a username password, and then beyond that I can use my biometrics, right? I want to register my device and get a private key, that I can put in my enclave, and I'll use that in the future. Maybe it's got to touch ID, maybe it doesn't, right? So even though there's been a lot of progress made, it's not quote, unquote, truly passwordless. There's a group, industry standards group called Fido. Which is Fast Identity Online. And what they realized was, these whole registration passwords, that's really a single point of failure. 'Cause if I can't recover my device, I'm in trouble. So they just did new extension to sort of what they were doing, which provides you with much more of like an iCloud vault that you can register that device in and other devices associated with that same identity. >> Get you to it if you have to. >> Exactly. >> I'm all over the place here, but I want to ask about ransomware. It may not be your wheelhouse. But back in the day, Jay, remember you used to cover tape. All the backup guys now are talking about ransomware. AWS mentioned it today and they showed a bunch of best practices and things you can do. Air gaps wasn't one of them. I was really surprised 'cause that's all every anybody ever talks about is air gaps and a lot of times that air gap could be a guess to the Cloud, I guess, I'm not sure. What are you guys seeing on ransomware apps? >> We've done a lot of great research around ransomware as a service and ransomware, and we just had some data come out recently, that I think in terms of spending and spend, and as a result of the Ukraine-Russia war, that ransomware assessments rate number one. And so it's something that we encourage, when we talk to vendors and in our services, in our publications that we write about taking advantage of those free strategic ransomware assessments, vulnerability assessments, as well and then security and training ranked very highly as well. So, we want to make sure that all of these areas are being funded well to try and stay ahead of the curve. >> Yeah, I was surprised to not see air gaps on the list, that's all everybody talks about. >> Well, the old model for air gaping in the land days, the novel days, you took your tapes home and put them in the sock drawer. (all laughing) >> Well, it's a form of air gap. (all laughing) >> Security and no one's going to go there and clean out. >> And then the internet came around and ruined it. >> Guys, final question we want to ask you, guys, we kind of zoom out, great commentary by the way. Appreciate it. We've seen this in many markets, a collection of tools emerge and then there's its tool sprawl. So cyber we're seeing the trend now where mon goes up on stage of all the ecosystems, probably other vendors doing the same thing where they're organizing a platform on top of AWS to be this super platform, for super Cloud capability by building a more platform thing. So we're saying there's a platform war going on, 'cause customers don't want the complexity. I got a tool but it's actually making it more complex if I buy the other tool. So the tool sprawl becomes a problem. How do you guys see this? Do you guys see this platform emerging? I mean tools won't go away, but they have to be easier. >> Yeah, we do see a consolidation of functionality and services. And we've been seeing that, I think through a 2020 Cloud security survey that we released that was definitely a trend. And that certainly happened for many companies over the last six to 24 months, I would say. And then platformization absolutely is something we talk and write about all the time so... >> Couple of years ago, I called the Amazon tool set an erector set because it really required assembly. And you see the emphasis on training here too, right? You definitely need to go to AWS University to be competent. >> It wasn't Lego blocks yet. >> No. >> It was erector set. >> Yeah. >> Very good distinction. >> Loose. >> And you lose a few. (chuckles) >> But still too many tools, right? You see, we need more consolidation. It's getting interesting because a lot of these companies have runway and you look at sale point at stock prices held up 'cause of the Thoma Bravo acquisition, but all the rest of the cyber stocks have been crushed especially the high flyers, like a Sentinel-1 one or a CrowdStrike, but just still M and A opportunity. >> So platform wars. Okay, final thoughts. What do you, think is happening next? What's your outlook for the next year or so? >> So, in the identity space, I'll talk about, Philip can cover Cloud for us. It really is more consolidation and more adoption of things that are beyond simple SSO. It was, just getting on the systems and now we really need to control what you're able to get to and who you are. And do it as transparently as we possibly can, because otherwise, people are going to lose productivity. They're not going to be able to get to what they want. And that's what causes the C-suite to say, "Wait a minute," DevOps, they want to update the product every day. Make it better. Can they do that or did security get in the way? People, every once in a while call security, the Department of No, right? >> They ditch it on stage. They want to be the Department of Yes. >> Exactly. >> Yeah. >> And the department that creates additional value. If you look at what's going on with B2C or CIAM, consumer oriented identity, that is all about opening up new direct channels and treating people like their old friends, not like you don't know them, you have to challenge them. >> We always say, you want to be in the boat together, it sinks or not. >> Yeah. Exactly. >> Philip I'm glad- >> Okay, what's your take? What's your outlook for the year? >> Yeah, I think, something that we've been seeing as consolidation and integration, and so companies looking at from built time to run time, investing in shift left infrastructure is code. And then also in the runtime detection, makes perfect sense to have both the agent and agent lists so that you're covering any of the gaps that might exist. >> Awesome, Jay Phillip, thanks for coming on "theCUBE" with IDC and sharing your- >> Oh, our pleasure- >> Perspective, commentary and insights and outlook. Appreciate it. >> You bet. >> Thank you. >> Okay, we've got the great direction here from IDC analyst here on the queue. I'm John Furrier, Dave Vellante. Be back more after this short break. (bright upbeat music)

>> From theCUBE Studios in Palo Alto and Boston bringing you data driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> After a two year hiatus, AWS re:Inforce is back on as an in-person event in Boston next week. Like the All-Star break in baseball, re:Inforce gives us an opportunity to evaluate the cyber security market overall, the state of cloud security and cross cloud security and more specifically what AWS is up to in the sector. Welcome to this week's Wikibon cube insights powered by ETR. In this Breaking Analysis we'll share our view of what's changed since our last cyber update in May. We'll look at the macro environment, how it's impacting cyber security plays in the market, what the ETR data tells us and what to expect at next week's AWS re:Inforce. We start this week with a checkpoint from Breaking Analysis contributor and stock trader Chip Simonton. We asked for his assessment of the market generally in cyber stocks specifically. So we'll summarize right here. We've kind of moved on from a narrative of the sky is falling to one where the glass is half empty you know, and before today's big selloff it was looking more and more like glass half full. The SNAP miss has dragged down many of the big names that comprise the major indices. You know, earning season as always brings heightened interest and this time we're seeing many cross currents. It starts as usual with the banks and the money centers. With the exception of JP Morgan the numbers were pretty good according to Simonton. Investment banks were not so great with Morgan and Goldman missing estimates but in general, pretty positive outlooks. But the market also shrugged off IBM's growth. And of course, social media because of SNAP is getting hammered today. The question is no longer recession or not but rather how deep the recession will be. And today's PMI data was the weakest since the start of the pandemic. Bond yields continue to weaken and there's a growing consensus that Fed tightening may be over after September as commodity prices weaken. Now gas prices of course are still high but they've come down. Tesla, Nokia and AT&T all indicated that supply issues were getting better which is also going to help with inflation. So it's no shock that the NASDAQ has done pretty well as beaten down as tech stocks started to look oversold you know, despite today's sell off. But AT&T and Verizon, they blamed their misses in part on people not paying their bills on time. SNAP's huge miss even after guiding lower and then refusing to offer future guidance took that stock down nearly 40% today and other social media stocks are off on sympathy. Meta and Google were off, you know, over 7% at midday. I think at one point hit 14% down and Google, Meta and Twitter have all said they're freezing new hires. So we're starting to see according to Simonton for the first time in a long time, the lower income, younger generation really feeling the pinch of inflation. Along of course with struggling families that have to choose food and shelter over discretionary spend. Now back to the NASDAQ for a moment. As we've been reporting back in mid-June and NASDAQ was off nearly 33% year to date and has since rallied. It's now down about 25% year to date as of midday today. But as I say, it had been, you know much deeper back in early June. But it's broken that downward trend that we talked about where the highs are actually lower and the lows are lower. That's started to change for now anyway. We'll see if it holds. But chip stocks, software stocks, and of course the cyber names have broken those down trends and have been trading above their 50 day moving averages for the first time in around four months. And again, according to Simonton, we'll see if that holds. If it does, that's a positive sign. Now remember on June 24th, we recorded a Breaking Analysis and talked about Qualcomm trading at a 12 X multiple with an implied 15% growth rate. On that day the stock was 124 and it surpassed 155 earlier this month. That was a really good call by Simonton. So looking at some of the cyber players here SailPoint is of course the anomaly with the Thoma Bravo 7 billion acquisition of the company holding that stock up. But the Bug ETF of basket of cyber stocks has definitely improved. When we last reported on cyber in May, CrowdStrike was off 23% year to date. It's now off 4%. Palo Alto has held steadily. Okta is still underperforming its peers as it works through the fallout from the breach and the ingestion of its Auth0 acquisition. Meanwhile, Zscaler and SentinelOne, those high flyers are still well off year to date, with Ping Identity and CyberArk not getting hit as hard as their valuations hadn't run up as much. But virtually all these tech stocks generally in cyber issues specifically, they've been breaking their down trend. So it will now come down to earnings guidance in the coming months. But the SNAP reaction is quite stunning. I mean, the environment is slowing, we know that. Ad spending gets cut in that type of market, we know that too. So it shouldn't be a huge surprise to anyone but as Chip Simonton says, this shows that sellers are still in control here. So it's going to take a little while to work through that despite the positive signs that we're seeing. Okay. We also turned to our friend Eric Bradley from ETR who follows these markets quite closely. He frequently interviews CISOs on his program, on his round tables. So we asked to get his take and here's what ETR is saying. Again, as we've reported while CIOs and IT buyers have tempered spending expectations since December and early January when they called for an 8% plus spending growth, they're still expecting a six to seven percent uptick in spend this year. So that's pretty good. Security remains the number one priority and also is the highest ranked sector in the ETR data set when you measure in terms of pervasiveness in the study. Within security endpoint detection and extended detection and response along with identity and privileged account management are the sub-sectors with the most spending velocity. And when you exclude Microsoft which is just dominant across the board in so many sectors, CrowdStrike has taken over the number one spot in terms of spending momentum in ETR surveys with CyberArk and Tanium showing very strong as well. Okta has seen a big dropoff in net score from 54% last survey to 45% in July as customers maybe put a pause on new Okta adoptions. That clearly shows in the survey. We'll talk about that in a moment. Look Okta still elevated in terms of spending momentum, but it doesn't have the dominant leadership position it once held in spend velocity. Year on year, according to ETR, Tenable and Elastic are seeing the biggest jumps in spending momentum, with SailPoint, Tanium, Veronis, CrowdStrike and Zscaler seeing the biggest jump in new adoptions since the last survey. Now on the downside, SonicWall, Symantec, Trellic which is McAfee, Barracuda and TrendMicro are seeing the highest percentage of defections and replacements. Let's take a deeper look at what the ETR data tells us about the cybersecurity space. This is a popular view that we like to share with net score or spending momentum on the Y axis and overlap or pervasiveness in the data on the X axis. It's a measure of presence in the data set we used to call it market share. With the data, the dot positions, you see that little inserted table, that's how the dots are plotted. And it's important to note that this data is filtered for firms with at least 100 Ns in the survey. That's why some of the other ones that we mentioned might have dropped off. The red dotted line at 40% that indicates highly elevated spending momentum and there are several firms above that mark including of course, Microsoft, which is literally off the charts in both dimensions in the upper right. It's quite incredible actually. But for the rest of the pack, CrowdStrike has now taken back its number one net score position in the ETR survey. And CyberArk and Okta and Zscaler, CloudFlare and Auth0 now Okta through the acquisition, are all above the 40% mark. You can stare at the data at your leisure but I'll just point out, make three quick points. First Palo Alto continues to impress and as steady as she goes. Two, it's a very crowded market still and it's complicated space. And three there's lots of spending in different pockets. This market has too many tools and will continue to consolidate. Now I'd like to drill into a couple of firms net scores and pick out some of the pure plays that are leading the way. This series of charts shows the net score or spending velocity or granularity for Okta, CrowdStrike, Zscaler and CyberArk. Four of the top pure plays in the ETR survey that also have over a hundred responses. Now the colors represent the following. Bright red is defections. We're leaving the platform. The pink is we're spending less, meaning we're spending 6% or worse. The gray is flat spend plus or minus 5%. The forest green is spending more, i.e, 6% or more and the lime green is we're adding the platform new. That red dotted line at the 40% net score mark is the same elevated level that we like to talk about. All four are above that target. Now that blue line you see there is net score. The yellow line is pervasiveness in the data. The data shown in each bar goes back 10 surveys all the way back to January 2020. First I want to call out that all four again are seeing down trends in spending momentum with the whole market. That's that blue line. They're seeing that this quarter, again, the market is off overall. Everybody is kind of seeing that down trend for the most part. Very few exceptions. Okta is being hurt by fewer new additions which is why we highlighted in red, that red dotted area, that square that we put there in the upper right of that Okta bar. That lime green, new ads are off as well. And the gray for Okta, flat spending is noticeably up. So it feels like people are pausing a bit and taking a breather for Okta. And as we said earlier, perhaps with the breach earlier this year and the ingestion of Auth0 acquisition the company is seeing some friction in its business. Now, having said that, you can see Okta's yellow line or presence in the data set, continues to grow. So it's a good proxy from market presence. So Okta remains a leader in identity. So again, I'll let you stare at the data if you want at your leisure, but despite some concerns on declining momentum, notice this very little red at these companies when it comes to the ETR survey data. Now one more data slide which brings us to our four star cyber firms. We started a tradition a few years ago where we sorted the ETR data by net score. That's the left hand side of this graphic. And we sorted by shared end or presence in the data set. That's the right hand side. And again, we filtered by companies with at least 100 N and oh, by the way we've excluded Microsoft just to level the playing field. The red dotted line signifies the top 10. If a company cracks the top 10 in both spending momentum and presence, we give them four stars. So Palo Alto, CrowdStrike, Okta, Fortinet and Zscaler all made the cut this time. Now, as we pointed out in May if you combined Auth0 with Okta, they jumped to the number two on the right hand chart in terms of presence. And they would lead the pure plays there although it would bring down Okta's net score somewhat, as you can see, Auth0's net score is lower than Okta's. So when you combine them it would drag that down a little bit but it would give them bigger presence in the data set. Now, the other point we'll make is that Proofpoint and Splunk both dropped off the four star list this time as they both saw marked declines in net score or spending velocity. They both got four stars last quarter. Okay. We're going to close on what to expect at re:Inforce this coming week. Re:Inforce, if you don't know, is AWS's security event. They first held it in Boston back in 2019. It's dedicated to cloud security. The past two years has been virtual and they announced that reinvent that it would take place in Houston in June, which everybody said, that's crazy. Who wants to go to Houston in June and turns out nobody did so they postponed the event, thankfully. And so now they're back in Boston, starting on Monday. Not that it's going to be much cooler in Boston. Anyway, Steven Schmidt had been the face of AWS security at all these previous events as the Chief Information Security Officer. Now he's dropped the I from his title and is now the Chief Security Officer at Amazon. So he went with Jesse to the mothership. Presumably he dropped the I because he deals with physical security now too, like at the warehouses. Not that he didn't have to worry about physical security at the AWS data centers. I don't know. Anyway, he and CJ Moses who is now the new CISO at AWS will be keynoting along with some others including MongoDB's Chief Information Security Officer. So that should be interesting. Now, if you've been following AWS you'll know they like to break things down into, you know, a couple of security categories. Identity, detection and response, data protection slash privacy slash GRC which is governance, risk and compliance, and we would expect a lot more talk this year on container security. So you're going to hear also product updates and they like to talk about how they're adding value to services and try to help, they try to help customers understand how to apply services. Things like GuardDuty, which is their threat detection that has machine learning in it. They'll talk about Security Hub, which centralizes views and alerts and automates security checks. They have a service called Detective which does root cause analysis, and they have tools to mitigate denial of service attacks. And they'll talk about security in Nitro which isolates a lot of the hardware resources. This whole idea of, you know, confidential computing which is, you know, AWS will point out it's kind of become a buzzword. They take it really seriously. I think others do as well, like Arm. We've talked about that on previous Breaking Analysis. And again, you're going to hear something on container security because it's the hottest thing going right now and because AWS really still serves developers and really that's what they're trying to do. They're trying to enable developers to design security in but you're also going to hear a lot of best practice advice from AWS i.e, they'll share the AWS dogfooding playbooks with you for their own security practices. AWS like all good security practitioners, understand that the keys to a successful security strategy and implementation don't start with the technology, rather they're about the methods and practices that you apply to solve security threats and a top to bottom cultural approach to security awareness, designing security into systems, that's really where the developers come in, and training for continuous improvements. So you're going to get heavy doses of really strong best practices and guidance and you know, some good preaching. You're also going to hear and see a lot of partners. They'll be very visible at re:Inforce. AWS is all about ecosystem enablement and AWS is going to host close to a hundred security partners at the event. This is key because AWS doesn't do it all. Interestingly, they don't even show up in the ETR security taxonomy, right? They just sort of imply that it's built in there even though they have a lot of security tooling. So they have to apply the shared responsibility model not only with customers but partners as well. They need an ecosystem to fill gaps and provide deeper problem solving with more mature and deeper security tooling. And you're going to hear a lot of positivity around how great cloud security is and how it can be done well. But the truth is this stuff is still incredibly complicated and challenging for CISOs and practitioners who are understaffed when it comes to top talent. Now, finally, theCUBE will be at re:Inforce in force. John Furry and I will be hosting two days of broadcast so please do stop by if you're in Boston and say hello. We'll have a little chat, we'll share some data and we'll share our overall impressions of the event, the market, what we're seeing, what we're learning, what we're worried about in this dynamic space. Okay. That's it for today. Thanks for watching. Thanks to Alex Myerson, who is on production and manages the podcast. Kristin Martin and Cheryl Knight, they helped get the word out on social and in our newsletters and Rob Hoff is our Editor in Chief over at siliconangle.com. You did some great editing. Thank you all. Remember all these episodes they're available, this podcast. Wherever you listen, all you do is search Breaking Analysis podcast. I publish each week on wikibon.com and siliconangle.com. You can get in touch with me by emailing avid.vellante@siliconangle.com or DM me @dvellante, or comment on my LinkedIn post and please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE Insights powered by ETR. Thanks for watching and we'll see you in Boston next week if you're there or next time on Breaking Analysis (soft music)

>> From the theCUBE studios in Palo Alto, in Boston, bringing you data-driven insights from theCUBE and ETR. This is "Breaking Analysis", with Dave Vellante. >> The recent security breach of an Okta third party supplier has been widely reported. The criticisms of Okta's response have been harsh, and the impact on Okta's value has been obvious, investors shaved about $6 billion off the company's market cap during the week the hack was made public. We believe Okta's claim that the customer technical impact was, "Near zero," may be semantically correct. However, based on customer data, we feel Okta has a blind spot. There are customer ripple effects that require clear action which are missed in Okta's public statements, in our view. Okta's product portfolio remains solid, it's a clear leader in the identity space. But in our view, one part of the long journey back to credibility requires Okta to fully understand and recognize the true scope of this breach on its customers. Hello, and welcome to this week's Wikibon "CUBE Insights", powered by ETR. In this "Breaking Analysis", we welcome our ETR colleague, Erik Bradley, to share new data from the community. Erik, welcome. >> Thank you, Dave, always enjoy being on the show, particularly when we get to talk about a topic that's not being well covered in the mainstream media in my opinion. >> Yeah, I agree, you've got some new data, and we're going to share some of that today. Let's first review the timeline of this hack. On January 20th this year, Okta got an alert that something was amiss at one of its partners, a company called Sitel, that provides low-level contact center support for Okta. The next day, Sitel retained a forensic firm to investigate, which was completed, that investigation was completed on February 28th. A report dated March 10th was created, and Okta received a summary of that from Sitel on March 17th. Five days later, Lapsus$ posted the infamous screenshots on Twitter. And later that day, sheesh, Okta got the full report from Sitel, and then responded publicly. Then the media frenzy in the back and forth ensued. So Erik, you know, there's so much wrong with this timeline, it's been picked apart by the media. But I will say this, what appeared to be a benign incident and generally has turned into a PR disaster for Okta, and I imagine Sitel as well. Who I reached out to by the way, but they did not provide a comment, whereas Okta did. We'll share that later. I mean, where do we start on this, Erik? >> It's a great question, "Where do we start?" As you know, our motto here is opinions only exist due to a lack of data, so I'm going to start with the data. What we were able to do is because we had a survey that was in the field when the news broke, is that we were able to observe the data in realtime. So we sequestered the data up until that moment when it was announced, so before March 23rd and then after March 23rd. And although most of the responses came in prior, so it wasn't as much of an end as we would've liked. It really was telling to see the difference of how the survey responses changed from before the breach was announced to after, and we can get into a little bit more- >> So let's... Sorry, sorry to interrupt, let's bring that up, let's look at some of that data. And as followers of this program know... Let me just set it up, Erik. Every quarter, ETR, they have a proprietary net score methodology to determine customer spending momentum, and that's what we're talking about here. Essentially measuring the net number of customers spending more on a particular product or platform. So apologize for interrupting, but you're on this data right here. >> Not at all. >> So take us through this. >> Yeah, so again, let's caveat. Okta is still a premier company in our work. Top five in overall security, not just in their niche, and they still remained extremely strong at the end of the survey. However, when you kind of look at that at a more of a micro analysis, what you noticed was a true difference between before March 23rd and after. Overall, their cumulative net score or proprietary spending intention score that we use, was 56% prior. That dropped to 44% during the time period after, that is a significant drop. Even a little bit more telling, and again, small sample size, I want to be very fair about that. Before March 23rd, only three of our community members indicated any indication of replacing Okta. That number went to eight afterwards. So again, small number, but a big difference when you're talking about a percentage change. >> Yeah, so that's that sort of green line that was shown there. You know, not too damaging, but definitely a noticeable downturn with the caveat that it's a small end. But here's the thing that I love working with you, we didn't stop there. You went out, you talked to customers, I talked to a number of customers. You actually organized a panel. This week, Erik hosted a deep dive on the topic with CISOs. And we have, if we could bring up that next slide, Alex. These are some of the top CISOs in the community, and I'm going to just summarize the comments and then turn it over to you, Erik. The first one was really concerning, "We heard about this in the media," ooh, ooh, ouch. Next one, "Not a huge hit, but loss of trust." "We can't just shut Okta off like SolarWinds." So there's definitely a lock in effect there. "We may need to hire new people," i.e, "There's a business impact to us beyond the technical impact." "We're rethinking contract negotiations with Okta." And bottom line, "It's still a strong solution." "We're not really worried about our Okta environment, but this is a trust and communications issue." Erik, these are painful to read, and in the end of the day, Okta has to own this. Todd McKinnon did acknowledge this. As I said at the top, there are domino business impacts that Okta may not be seeing. What are your thoughts? >> There's a lot we're going to need to get into in a little bit, and I think you were spot on earlier, when McKinnon said there was no impact. And that's not actually true, there's a lot of peripheral, derivative impact that was brought up in our panel. Before we even did the panel though, I do want to say we went out quickly to about 20 customers and asked them if they were willing to give an opinion. And it was sort of split down the middle where about, you know, half of them were saying, "You know, this is okay. We're going to stand by 'em, Okta's the best in the industry." A few were cautious, "Opinion's unchanged, but we're going to take a look deeper." And then another 40% were just flat out negative. And again, small sample size, but you don't want to see that. It's indicative of reputational damage right away. That was what led us to say, "You know what, let's go do this panel." And as you know, from reading it and looking at the panel, well, a lot of topics were brought up about the derivative impact of it. And whether that's your own, you know, having to hire people to go look into your backend to deal with and manage Okta. Whether it's cyber insurance ramifications down the road, there's a lot of aspects that need to be discussed about this. >> Yeah now, so before I go on... And by the way, I've spent a fair amount of time just parsing, listening very carefully to Todd McKinnon's commentary. He did an interview with Emily Chang, it was quite useful. But before I go on, I reached out to Okta, and they were super responsive and I appreciate that. And I do believe they're taking this seriously, here's a statement they provided to theCUBE. Quote, "As a global leader in identity, we recognize the critical role Okta plays for our customers and our customers' end users. Okta has a culture of learning and improving, and we are taking the steps to prevent this from happening again. We know trust is earned, and building back our customers' trust in Okta through our actions and our ongoing support as their secure identity partner is our top priority." Okay, so look, you know, what are you going to say, right? I mean, I think they do own it. Again, the concern is the blind spots. So we put together this visual to try to explain how Okta is describing the impact, and maybe another way to look at it. So let me walk you through this. Here's a simple way in which organizations think about the impact of a breach. What's the probability of a breach, that's the vertical axis, and what's the impact on the horizontal. Now I feel as though business impact really is the financial, you know, condition. But we've narrowed this to map to Todd McKinnon's statements of the technical impact. And they've said the technical impact in terms of things customers need to do or change, is near zero, and that's the red dot that you see there. Look, the fact is, that Okta has more than 15,000 customers, and at most, 366 were directly impacted by this. That's less than 3% of the base, and it's probably less than that, they're just being conservative. And the technical impact which Todd McKinnon described in an interview, again, with Emily Chang, was near zero in terms of actions the customers had to take on things like reporting and changes and remediation. Basically negligible. But based on the customer feedback outside of that 366, that's what we're calling that blind spot and that bracket. And then we list the items that we are hearing from customers on things that they have to do now, despite that minimal exposure. Erik, this is new information that we've uncovered through the ETR process, and there's a long list of collateral impacts that you just referred to before, actions that customers have to take, right? >> Yeah, there's a lot, and the panel really brought that to life even more than I expected to be quite honest. First of all, you're right, most of them believe that this was a minimal impact. The true damage here was reputational, and the derivatives that come from it. We had one panelist say that they now have to go hire people, because, and I hate to say this, but Okta isn't known for their best professional support. So they have to go get people now in to kind of do that themselves and manage that. That's obviously not the easiest thing to do in this environment. We had other ones express concern about, "Hey I'm an Okta customer. When I have to do my cyber insurance renewal, is my policy going to go up? Is my premium going to go up?" And it's not something that they even want to have to handle, but they do. There were a lot of concerns. One particular person didn't think the impact was minimal, and I just think it's worth bringing up. There was no demand for ransom here. So there were only two and a half percent of Okta customers that were hit, but we don't know what the second play is, right, this could just be stage one. And I think that there was one particular person on the panel who truly believes that, that could be the case, that this was just the first step. And in his opinion, there wasn't anything specific about those 366 customers that made him feel like the bad actor was targeting them. So he does believe that this might be a step one of a step two situation. Now that's a, you know, bit of an alarmist opinion and the rest of the panel didn't really echo it, but it is something that's kind of worth bringing up out there. >> Well, you know, it just pays to be paranoid. I mean, you know, it was reported that supposedly, this hack was done by a 16-year-old in England, out of his, you know, mother's house, but who knows? You know, other actors might have paid that individual to see what they could do. It could have been a little bit of reconnaissance, throw the pawn in there and see how, you know, what the response is like. So I want to parse some of Todd McKinnon's statements from that Bloomberg interview. Look, we've always, you and I both have been impressed with Okta, and Todd McKinnon's management. His decisions, execution, leadership, super impressive individual. You know, big fans of the company. And in the interview, it looked like (chuckles) the guy hadn't slept in three weeks, so really you have to feel for him. But I think there are some statements that have to be unpacked. The first one, McKinnon took responsibility and talked about how they'll be transparent about steps they're taking in the future to avoid you know, similar problems. We talked about the near-zero technical impact, we don't need to go there anymore. But Erik, the two things that struck me as communication misfires were the last two. Especially the penultimate statement there, quote, "The competitor product was at fault for this breach." You know, by the way, I believe this to be true. Evidently, Sitel was not using Okta as its identity access platform. You know, we're all trying to figure out who that is. I can tell you it definitely was not CyberArk, we're still digging to find out who. But you know, you can't say in my view, "We are taking responsibility," and then later say it was the competitor's fault. And I know that's not what he meant, but that's kind of how it came across. And even if it's true, you just don't say that later in a conversation after saying that, "We own it." Now on the last point, love your thoughts on this, Erik? My first reaction was Okta's throwing Sitel under the bus. You know, Okta's asking for forgiveness from its customers, but it just shot its partner, and I kind of get it. This shows that they're taking action but I would've preferred something like, "Look, we've suspended our use of Sitel for the time being pending a more detailed review. We've shut down that relationship to block any exposures. Our focus right now is on customers, and we'll take a look at that down the road." But I have to say in looking at the timeline, it looks like Sitel did hide the ball a little bit, and so you can't blame 'em. And you know, what are your thoughts on that? >> Well, I'll go back to my panelists again, who unanimously agreed this was a masterclass on how not to handle crisis management. And I do feel for 'em, they're a fantastic management team. The acquisition of Auth0 alone, was just such a brilliant move that you have to kind of wonder what went wrong here, they clearly were blindsided. I agree with you that Sitel was not forthcoming quickly enough, and I have a feeling that, that's what got them in this position, in a bad PR. However, you can't go ahead and fire your partner and then turn around and ask other people not to fire you. Particularly until a very thorough investigation and a root cause analysis has been released to everyone. And the customers that I have spoken to don't believe that, that is done yet. Now, when I ask them directly, "Would you consider leaving Okta?" Their answers were, "No, it is not easy to rip and replace, and we're not done doing our due diligence." So it's interesting that Okta's customers are giving them that benefit of the doubt, but we haven't seen it, you know, flow the other way with Okta's partner. >> Yeah, and that's why I would've preferred a different public posture, because who knows? I mean, is Sitel the only partner that's not using Okta as its identity management, who knows? I'd like to learn more about that. And to your point, you know, maybe Okta's got to vertically integrate here and start, you know, supporting the lower level stuff directly itself, you know, and/or tightening up those partnerships. Now of course, the impact on Okta obviously has been really serious, big hit on the stock. You know, they're piling on inflation and quantitative tightening and rate hikes. But the real damage, as we've said, is trust and reputation, which Okta has earned, and now it has to work hard to earn back. And it's unfortunate. Look, Okta was founded in 2009 and in over a decade, you know, by my count, there have been no major incidents that are obvious. And we've seen the damage that hackers can do by going after the digital supply chain and third and fourth party providers. You know, rules on disclosure is still not tight and that maybe is part of the problem here. Perhaps the new law The House just sent over to President Biden, is going to help. But the point, Erik, is Okta is not alone here. It feels like they got what looked like a benign alert. Sitel wasn't fully transparent, and Okta is kind of fumbling on the comms, which creates this spiraling effect. Look, we're going to have to wait for the real near-term and midterm impacts, but longterm, I personally believe Okta is going to be fine. But they're going to have to sacrifice some margin possibly in the near to midterm, and go through more pain to regain the loyalty of its customers. And I really would like to hear from Okta that they understand that customers, the impact of this breach to customers, actually does go beyond the 366 that were possibly compromised. Erik, I'll give you the final word. >> Yeah, there's a couple of things there if I can have a moment, and yes, Okta... Well, there was a great quote, one of the guys said, "Okta's built like a tank, but they just gave the keys to a 16 year old valet." So he said, "There is some concern here." But yes, they are best of breed, they are the leader, but there is some concern. And every one of the guys I spoke to, all CISOs, said, "This is going to come up at renewal time. At a minimum, this is leverage. I have to ask them to audit their third parties and their partners. I have to bring this up when it comes time." And then the other one that's a little bit of a concern is data-wise. We saw Ping Identity jump big, from 9% net score to 24% net score. Don't know if it's causative or correlated, but it did happen. Another thing to be concerned about out there, is Microsoft is making absolutely massive strides in security. And all four of the panelists said, "Hey, I've got an E5 license, why don't I get the most out of it? I'm at least going to look." So for Okta to say, you know, "Hey, there's no impact here," it's just not true, there is an impact, they're saying what they need to say. But there's more to this, you know, their market cap definitely got hit. But you know, I think over time if the market stabilized, we could see that recover. It's a great management team, but they did just open the door for a big, big player like Microsoft. And you and I also both know that there's a lot of emerging names out there too, that would like to, you know, take a little bit of that share. >> And you know, but here's the thing, I want to keep going here for a minute. Microsoft got hit by lapses, Nvidia got hit by lapses. But I think, Erik, I feel like people, "Oh yeah, Microsoft, they get hit all the time." They're kind of used to it with Microsoft, right? So that's why I'm saying, it's really interesting here. Customers want to consolidate their security portfolio and the number of tools that they have, you know. But then you look at something like this and you say, "Okay, we're narrowing the blast radius. You know, maybe we have to rethink that and that creates more complexity," and so it's a very complicated situation. But you know, your point about Microsoft is ironic, right. Because you know, when you see Microsoft, Amazon, you know, customers get hit all the time and it's oftentimes the fault of the customer, or the partner. And so it seems like, again, coming back to the comms of this, is that really is the one thing that they just didn't get right. >> Yeah, the biggest takeaway from this without a doubt is it's not the impact of the breach, it was the impact of their delay and how they handled it and how they managed it. That's through the course of 25 CISOs I've spoken to now, that's unanimous. It's not about that this was a huge damaging hit, but the damage really came from their reaction or lack thereof. >> Yeah, and it's unfortunate, 'cause it feels like a lot of it was sort of, I want to say out of their control because obviously they could have audited the partners. But still, I feel like they got thrown a curve ball that they really had a, you know, difficult time, you know, parsing through that. All right, hey, we got to leave it there for now. Thank you, Erik Bradley, appreciate you coming on, It's always a pleasure to have you >> Always good talking to you too, Dave, thanks a lot. >> ETR team, you guys are amazing, do some great work. I want to thank Stephanie Chan, who helps me with background research for "Breaking Analysis". Kristen Martin and Cheryl Knight, help get the word out, as do some others. Alex Myerson on production, Alex, thank you. And Rob Hof, is our EIC at SiliconANGLE. Remember, all these episodes, they are available as podcasts. Wherever you listen, just search, "Breaking Analysis podcast." I publish each week on wikibon.com and siliconangle.com. Check out etr.ai, it's the best in the business for real customer data real-time, near real-time, awesome platform. You can reach out to me at david.vellante@siliconangle.com, or @DVellante, or comment on my LinkedIn post. This is Dave Vellante, for Erik Bradley, and "theCUBE Insights", powered by ETR. Thanks for watching, be well, and we'll see you next time. (bright music)

>>Hey, everyone, welcome to the Cubes Coverage of the International Women's Showcase for 2022. I'm your host, Lisa Martin. Pleased to be here with an agreement ahead of small medium business SMB for Asia Pacific and Japan at Amazon Web services. Anna. It's great to have you on the programme, >>Lisa. I am delighted to be here and really excited to be talking about what we're gonna be talking about today, which is diversity and women in technology. >>One of the great things about International Women's Day Tuesday, March 8th, is there's always a campaign of theme. This year's theme is breaking the bias. What does that mean to you? And are we on our way to actually accomplish that? >>Look, Breaking the bias really is about all of us being more self aware in our workplaces. Really. What it means to me is understanding that the communities and the employment, the employee population, that all of us working is diverse. Um, and this is a great example of that, right? We are a global organisation and our employees come from across the world. I am representing people from across Asia Pacific and Japan. They look, feel and think differently to people in other parts of the world. So, really, what breaking the biases about is understanding our unconscious biases and thinking differently about how we approach conversations in the workplace to make sure that we're including everyone in the conversation. And honestly, Lisa, when you do that, you get much better. Business outcomes. I've seen that for sure. >>Definitely. There's some stats we can talk about later that I think really articulate that point incredibly well. But I want to talk about your background. You pivoted many times from lawyer to the CEO of ANZ Bank in the Philippines to now a leader at Amazon Web services. Talk to you about your career path with all those different pivots. How did you get to where you are tonight? >>Yeah, I mean, honestly, I recognise that I don't have a traditional Orthodox career plan, but that's my intention. I'm somebody who has always been really interested in the world around me, and I would say that my biggest driver is learning and being curious, which, as you know, is an Amazon leadership principles. So it's probably not a surprise that I ended up here at Ws, but really for me when I thought about my career and I have thought about it intentionally. I've been willing to put my hand up and take risks where I think probably others around me were not feeling as safe, and that's that's a function of who I am. But it's also a function of what I see women wanting to and needing to do more in order to bring their career forward. So as you say, I started my I had a pure technical lens when I started my career, which was being a lawyer, and there's been a lot of time just learning that and holding that skill set, I knew Lisa even then that that was not what I wanted to do forever. I wanted to do more than simply sit in an office and negotiate documents. Um, even though that was an exciting career, there was more that I wanted to do. So off the back of that, I moved into banking and was able to to learn and build some really important skill sets in terms of thinking about being a leader. And those skill sets include things like running a balance sheet, managing people thinking differently about risking compliance, which then allowed me to guess, run a bank and run the business. And then finally, how did I then pivot into technology? Well, it was a long conversation. If I'm honest with you, you know, there were there were conversations back and forth and I thought to myself and doing the right thing here. But what I could see for sure was that the world was moving to a technological context and for me not to take an opportunity to do it. A job like running a technology business across Asia, particularly Japan, just It just wasn't a possibility for me. I had to take the opportunity. So here I am, >>And that's one of the most exciting things I think is that these days every company has to be a tech company. Every company has to be a data company, a digital company with one of the lessons we've learned in the last couple of years. But another thing that we've learned is you mentioned skill sets. But it isn't just about those hard skill sets. What are some of those key soft skill sets that you think are really outstanding and really help to break down the bias. >>Yeah, again, Really interesting. So as I'm talking to women, when they hear about my career journey, a lot of them are surprised. How could you move into technology? And I think the challenge is that a lot of women view technology simply as a coding context. They view it as something that only someone with technical skills can do, and that is simply not the case. So if you look at a recent study by Deloitte Access Economics in Australia, for instance, the soft, skill intensive occupations are going to account for two thirds of all jobs by 2030. So if you think about that having a pure technical skill set, so certainly if you're going to do something like be a solutions architect or be a coda, it's really important that you must have those skills. But technology businesses are building and growing like no other, so we need all of those soft skills, like project management like P and L. Accountability and responsibility, like learning how to manage teams. These are caused fuels that have nothing to do with kind of fundamental technology, understanding that business contacts is important, but there are a lot of women out there who could be working in technology now but are a little bit scared to do so because they're thinking maybe they don't have the skills and I would encourage them to think differently. >>I think your your background with your pivots is a great articulation of you can take so many different backgrounds law banking into tech There's probably a fair amount of overlap there, but you also have you have in and of yourself thought diversity because of your background. I think that's another important thing for women to learn how important that thought diversity can be in any sort of job that they do, whether they are in a technical field. Or maybe they're in finance or operations or sales for a technology company. You guys talk about builders at A. W S. Talk to me about what a builder is, what's that definition and one of some of those key skill sets hard and soft that those builders exemplify. >>Yeah, so we are very build focused at AWS because we're building on behalf of our customers. But what that means is that the trays that make you a builder are exemplified by our leadership principles. So things like being curious. As you just pointed out, Lisa, these are the tenants of being a good builder, um, pursuing continuous learning. So whilst you you may know that you're good at something, you're not scared of trying something else. You're not scared of training and learning about something else. Being able to look around corners, um, and take calculated risks. I mean, whilst it may sound like my career journey has been pivot, pivot, pivot. Actually, if we're honest that these have been very intentional moves that I've made with my career to try to learn, as I said, to try to grow, um, and I've been fortunate and have been intentional also about building that leadership profile, But that's because I'm really fundamentally interested in how business and how people are connecting across the world. And as I said to you in a building context, really, that's about learning about how to build and run digital businesses. And at the end of the day is I guess the key message that I would send to everyone out there getting involved in a career in technology is not a bad move. >>No, it's definitely not a bad movie. I love the curiosity angle. That's one of those things that I'd love to hear. How do you encourage that? One of the biggest challenges. If we look at the stats of girls in stem programmes, from primary school to high school to university, as we see the numbers going down, we see them going up in university. And then, of course, when we're in, we're looking at the raw tech numbers. The number of women in technical positions is quite low to your point. There's many other opportunities besides technical positions. How do you encourage women to not be afraid to raise their hand and ask a question, even if they think maybe this is a dumb question? >>Uh, it's such a I think, you know, honestly, we need to see more women in leadership roles. Um, and, uh, and I think it's incumbent upon the organisations that are are running our businesses, that they make this a priority because you can't see I'm sorry. You can't be what you can't see Lisa, Um, and so it's great for us to talk about it. But once we start seeing women having active business, led conversations. That's where we're really going to see the dial shift. I have a 13 year old daughter, Um, and she's deeply interested in everything on her computer. Um, and what I try to do is encourage her to think differently about the type of roles that she could have if she was interested in, say, for instance, graphic design. She loves drawing, Um, singing. There are so many ways you can do all those YouTube videos. Maybe not, but you know, ways in which you can engage with technology to pursue a career that's interesting to you, regardless of your gender. So maybe the first part is making sure that we are talking about female leaders and what they're doing. I think also what we can do is start building programmes where we're involving women in building skills and certification skills. So here we've got this amazing event which we've built called She builds and I'm an active mentor for that. And what that's all about is kind of connecting women in the tech community and those who are interested with programmes that really speak to the way that women are thinking about their roles. So we have like minded peers. We have senior leaders, We have certification skills, programmes, always part of that, and we also have male allies. It's really important to include our male allies in that conversation, and you will have heard about things like male champions of change. These are very important conversations because again, what we know from statistics is that women are not as likely to build networks and sponsors as men are. And that's not statement of Miss Mala intense. What it means is that they just learn differently and think differently as they're building their careers. So if we're starting to get a man involved in the conversation in a more meaningful way, it's a conversation that's inclusive, and that's really what I want to drive. So I'm not sure I answered your question, but I certainly got to a couple of points that I was interested in highlighting, which is it's a conversation that has to happen at a grassroots level at a leadership level and across the organisation in terms of metrics, data understanding where women are and how to build and grow them >>right. But one of the things that you said that I was about to say was, We can't be what we can't see. We need to be able to elevate those female leaders like yourself so that more younger women and even women who maybe have been in the field for a while, can see the opportunities, the leadership. But you also brought up another great point. And that is, and something I was going to ask you about who are who are some of your mentors. And I imagine it's not just all females. It's got to be men as well. As you point out, it's incredibly important to have the men as allies. >>Yeah, absolutely. And certainly I wouldn't even be having this conversation with you now if I didn't have some amazing allies, both men and women, by my side as I've tracked this leadership journey. Certainly, um, Phil Davis, who is the head of our commercial organisation, Greg Pearson. These are people who have taken time out of their careers to talk with me about how we can help to build and grow women leaders, and to me, that's impactful. And I feel that that's an authentic engagement because there is a recognition in technology that we need to do more around this issue, and I see senior leaders like Matt Garman leading into the conversation. So for me, that's that's very inspiring. But I can't I couldn't have answered that question without telling you that the people who probably inspired me most in the organisation and within my network are those young women out there who are female founders. Now you know, I'm going to have to say a couple of names because I get the opportunity. Lisa, I've got a part of the networking, a women's networking, um, and mentoring organisation. And we have women here in Singapore like Ping Ping Han, who is building out an environmental education and sustainability digital business. We've got Francesco Cuccia, who is building Go get. She's already built it, which is an on demand workforce platform, which has over 250,000 people online that are helping people in Malaysia to work and has helped immensely during Covid. So what we're seeing with these young women is that they're actually building the digital businesses of the future, and it's not about, I mean, what I'm seeing them do is invest their time and energy in building. As I said, kind of programmes and models that are sustainable. So they're building businesses not just for the bottom line, but also to help the communities in which we operate, which to me is deeply inspirational. >>Absolutely. And the female founders need much more visibility than they're getting and obviously much more funding. One last point that I want to bring up because this is really important is that there is some data that I know that you have about performance company performance. When there are females at the helm, talk to me a little bit about that, and how can we help get that word out there more? Some more organisations understand the potential they have when they got that thought. Diversity. >>Yeah, it's such a wonderful point, and it's so well made now across the across media. But I feel like we need to double down on it because this is not a piecemeal conversation about doing the right thing. Um, sometimes we view it that way, and of course it is the right thing to have equity and diversity in our workplace. But in fact, there's so much data around how a diverse workforce creates better outcomes for business So in 2020 we had a McKenzie survey that found that companies with more than 30% of women executives were more likely to outperform companies with this percentage. So there is now a huge amount of data that's starting to show us what a diverse. And this is not just about gender. This is also about diversity across various lenses culture, ethnicity, minority groups, etcetera. So and for me, Lisa, it's just common sense. So if you're building a business that is trying to reach the most number of customers, it really is intuitive that you need to have all of those customers represented around the table. If you only have a single point of view, you're not going to represent all of those customers out there. And increasingly, those customers are expecting to be represented as part of your conversation in your business. So it totally makes sense from a business lens to build and recruit a diverse workforce. >>I couldn't agree more. One. I like to have one more question. Talk to me really quickly, briefly about how how are you building your teams to promote effectiveness through that diversity that, as you just described, can be so leading edge. >>Yeah, So what I'm doing is being intentional in my hiring practises. So this is something that all leaders can do. >>And that is really >>carefully about filling the roles in my organisation, where I'm given a role to fulfil, making sure that I'm looking at that diverse candidates, not just the same candidates who might have applied before. And that means sometimes throwing the net a bit wider than what you might usually have and thinking differently about the candidates that are applying. So, for instance, in my team, we have 50 50 men and women. Um, and we all come from very diverse backgrounds. We've got Indian, we've got Singaporean, we've got Australian talent, which means we've got a gender and cultural mix, which is actually, as I said, bringing a very different lens to the conversation when we're trying to solve customer problems. And what I would say is collaboration and respect is the cornerstone of the way that we should be. Building teams and diverse perspectives mean that our teams and the outcomes that we build are going to reflect the complexity of both the cross cultural and the divers, gender lens within which all of our customers are doing business today. >>Anna, thank you so much for joining me today, talking about the intentional pivots that you've made in your career, how inspiring those are two others and also how we're making progress on breaking the bias. My pleasure. >>Lisa. It's wonderful to join you. And thank you always think you for bringing us so much interesting data >>for Anna Greene. I'm Lisa Martin. You're watching the Cubes. Coverage of International Women's Showcase 2022.

from the cube studios in palo alto in boston bringing you data driven insights from the cube and etr this is breaking analysis with dave vellante semiconductors are the heart of technology innovation for decades technology improvements have marched the cadence of silicon advancements in performance cost power and packaging in the past 10 years the dynamics of the semiconductor industry have changed dramatically soaring factory costs device volume explosions fabulous chip companies greater programmability compressed time to tape out a lot more software content the looming presence of china these and other factors have changed the power structure of the semiconductor business chips today power every aspect of our lives and have led to a global semiconductor shortage that's been well covered but we've never seen anything like it before we believe silicon's success in the next 20 years will be determined by volume manufacturing capabilities design innovation public policy geopolitical dynamics visionary leadership and innovative business models that can survive the intense competition in one of the most challenging businesses in the world hello and welcome to this week's wikibon cube insights powered by etr in this breaking analysis it's our pleasure to welcome daniel newman in one of the leading analysts in the technology business and founder of futurum research daniel welcome to the program thanks so much dave great to see you thanks for having me big topic yeah i'll say i'm really looking forward to this and so here's some of the topics that we want to cover today if we have time changes in the semiconductor industry i've said they've been dramatic the shift to nofap companies we're going to talk about volume manufacturing those shifts that have occurred largely due to the arm model we want to cover intel and dig into that and what it has to do to to survive and thrive these changes and then we want to take a look at how alternative processors are impacting the world people talk about is moore's law dead is it alive and well daniel you have strong perspectives on all of this including nvidia love to get your thoughts on on that plus talk about the looming china threat as i mentioned in in the intro but daniel before we get into it do these topics they sound okay how do you see the state of the semiconductor industry today where have we come from where are we and where are we going at the macro level there are a lot of different narratives that are streaming alongside and they're not running in parallel so much as they're running and converging towards one another but it gradually different uh you know degrees so the last two years has welcomed a semiconductor conversation that we really hadn't had and that was supply chain driven the covid19 pandemic brought pretty much unprecedented desire demand thirst or products that are powered by semiconductors and it wasn't until we started running out of laptops of vehicles of servers that the whole world kind of put the semiconductor in focus again like it was just one of those things dave that we as a society it's sort of taken for granted like if you need a laptop you go buy a laptop if you needed a vehicle there'd always be one on the lot um but as we've seen kind of this exponentialism that's taken place throughout the pandemic what we ended up realizing is that semiconductors are eating the world and in fact the next industrial the entire industrial itself the complex is powered by semiconductor technology so everything we we do and we want to do right you went from a vehicle that might have had 50 or 100 worth of semiconductors on a few different parts to one that might have 700 800 different chips in it thousands of dollars worth of semi of semiconductors so you know across the board though yes you're dealing with the dynamics of the shortage you're dealing with the dynamics of innovation you're dealing with moore's law and sort of coming to the end which is leading to new process we're dealing with the foundry versus fab versus invention and product development uh situation so there's so many different concurrent semiconductor narratives that are going on dave and we can talk about any of them and all of them and i'm sure as we do we'll overlap all these different themes you know maybe you can solve this mystery for me there's this this this chip shortage and you can't invent vehicle inventory is so tight but yet when you listen to uh the the ads if the the auto manufacturers are pounding the advertising maybe they're afraid of tesla they don't want to lose their brand awareness but anyway so listen it's by the way a background i want to get a little bit academic here but but bear with me i want to introduce actually reintroduce the concept of wright's law to our audience we know we all know about moore's law but the earlier instantiation actually comes from theodore wright t.p wright he was this engineer in the airplane industry and the math is a little bit abstract to apply but roughly translated says as the cumulative number of units produced doubles your cost per unit declines by a fixed percentage now in airplanes that was around 15 percent in semiconductors we think that numbers more like 20 25 when you add the performance improvements you get from silicon advancements it translates into something like 33 percent cost cost declines when you can double your cumulative volume so that's very important because it confers strategic advantage to the company with the largest volume so it's a learning curve dynamic and it's like andy jassy says daniel there's no compression algorithm for experience and it definitely applies here so if you apply wright's law to what's happening in the industry today we think we can get a better understanding of for instance why tsmc is dominating and why intel is struggling any quick thoughts on that well you have to take every formula like that in any sort of standard mathematics and kind of throw it out the window when you're dealing with the economic situation we are right now i'm not i'm not actually throwing it out the window but what i'm saying is that when supply and demand get out of whack some of those laws become a little bit um more difficult to sustain over the long term what i will say about that is we have certainly seen this found um this fabulous model explode over the last few years you're seeing companies that can focus on software frameworks and innovation that aren't necessarily getting caught up in dealing with the large capital expenditures and overhead the ability to as you suggested in the topics here partner with a company like arm that's developing innovation and then and then um you know offering it uh to everybody right and for a licensee and then they can quickly build we're seeing what that's doing with companies like aws that are saying we're going to just build it alibaba we're just going to build it these aren't chip makers these aren't companies that were even considered chip makers they are now today competing as chip makers so there's a lot of different dynamics going back to your comment about wright's law like i said as we normalize and we figure out this situation on a global scale um i do believe that the who can manufacture the most will certainly continue to have significant competitive advantages yeah no so that's a really interesting point that you're bringing up because one of the things that it leads me to think is that the chip shortage could actually benefit intel i think will benefit intel so i want to introduce this some other data and then get your thoughts on this very simply the chart on the left shows pc shipments which peaked in in 2011 and then began at steady decline until covid and they've the pcs as we know have popped up in terms of volume in the past year and looks like they'll be up again this year the chart on the right is cumulative arm shipments and so as we've reported we think arm wafer volumes are 10x those of x86 volumes and and as such the arm ecosystem has far better cost structure than intel and that's why pat gelsinger was called in to sort of save the day so so daniel i just kind of again opened up this this can of worms but i think you're saying long term volume is going to be critical that's going to confer low cost advantages but in the in in the near to mid-term intel could actually benefit from uh from this chip shortage well intel is the opportunity to position itself as a leader in solving the repatriation crisis uh this will kind of carry over when we talk more about china and taiwan and that relationship and what's going on there we've really identified a massive gap in our uh in america supply chain in the global supply chain because we went from i don't have the stat off hand but i have a rough number dave and we can validate this later but i think it was in like the 30-ish high 30ish percentile of manufacturing of chips were done here in the united states around 1990 and now we're sub 10 as of 2020. so we we offshored almost all of our production and so when we hit this crisis and we needed more manufacturing volume we didn't have it ready part of the problem is you get people like elon musk that come out and make comments to the media like oh it'll be fixed later this year well you can't build a fab in a year you can't build a fab and start producing volume and the other problem is not all chips are the same so not every fab can produce every chip and when you do have fabs that are capable of producing multiple chips it costs millions of dollars to change the hardware and to actually change the process so it's not like oh we're going to build 28 today because that's what ford needs to get all those f-150s out of the lot and tomorrow we're going to pump out more sevens for you know a bunch of hp pcs it's a major overhaul every time you want to retool so there's a lot of complexity here but intel is the one domestic company us-based that has basically raised its hand and said we're going to put major dollars into this and by the way dave the arm chart you showed me could have a very big implication as to why intel wants to do that yeah so right because that's that's a big part of of foundry right is is get those volumes up so i want to hold that thought because i just want to introduce one more data point because one of the things we often talk about is the way in which alternative processors have exploded onto the scene and this chart here if you could bring that up patrick thank you shows the way in which i think you're pointing out intel is responding uh by leveraging alternative fat but once again you know kind of getting getting serious about manufacturing chips what the chart shows is the performance curve it's on a log scale for in the blue line is x86 and the orange line is apple's a series and we're using that as a proxy for sort of the curve that arm is on and it's in its performance over time culminating in the a15 and it measures trillions of operations per second so if you take the traditional x86 curve of doubling every 18 to 24 months that comes out roughly to about 40 percent improvement per year in performance and that's diminishing as we all know to around 30 percent a year because the moore's law is waning the orange line is powered by arm and it's growing at over a hundred percent really 110 per year when you do the math and that's when you combine the cpu the the the neural processing unit the the the xpu the dsps the accelerators et cetera so we're seeing apple use arm aws to you to your point is building chips on on graviton and and and tesla's using our list is long and this is one reason why so daniel this curve is it feels like it's the new performance curve in the industry yeah we are certainly in an era where companies are able to take control of the innovation curve using the development using the open ecosystem of arm having more direct control and price control and of course part of that massive arm number has to do with you know mobile devices and iot and devices that have huge scale but at the same time a lot of companies have made the decision either to move some portion of their product development on arm or to move entirely on arm part of why it was so attractive to nvidia part of the reason that it's under so much scrutiny that that deal um whether that deal will end up getting completed dave but we are seeing an era where we want we i said lust for power i talked about lust for semiconductors our lust for our technology to do more uh whether that's software-defined vehicles whether that's the smartphones we keep in our pocket or the desktop computer we use we want these machines to be as powerful and fast and responsive and scalable as possible if you can get 100 where you can get 30 improvement with each year and generation what is the consumer going to want so i think companies are as normal following the demand of consumers and what's available and at the same time there's some economic benefits they're they're able to realize as well i i don't want to i don't want to go too deep into nvidia arm but what do you handicap that that the chances that that acquisition actually happens oh boy um right now there's a lot of reasons it should happen but there are some reasons that it shouldn't i still kind of consider it a coin toss at this point because fundamentally speaking um you know it should create more competition but there are some people out there that believe it could cause less and so i think this is going to be hung up with regulators a little bit longer than we thought we've already sort of had some previews into that dave with the extensions and some of the timelines that have already been given um i know that was a safe answer and i will take credit for being safe this one's going to be a hard one to call but it certainly makes nvidia an amazing uh it gives amazing prospects to nvidia if they're able to get this deal done yeah i i agree with you i think it's 50 50. okay my i want to pose the question is intel too strategic to fail in march of this year we published this article where we posed that question uh you and i both know pat pretty well we talked about at the time the multi-front war intel is waging in a war with amd the arm ecosystem tsmc the design firms china and we looked at the company's moves which seemed to be right from a strategy standpoint the looking at the potential impact of the u.s government intel's partnership with ibm and what that might portend the us government has a huge incentive to make sure intel wins with onshore manufacturing and that looming threat from china but daniel is intel too strategic to fail and is pat gelsinger making the right moves well first of all i do believe at this current juncture where the semiconductor and supply chain shortage and crisis still looms that intel is too strategic to fail i also believe that intel's demise is somewhat overstated not to say intel doesn't have a slate of challenges that it's going to need to address long term just with the technology adoption curve that you showed being one of them dave but you have to remember the company still has nearly 90 of the server cpu market it still has a significant market share in client and pc it is seeing market share erosion but it's not happened nearly as fast as some people had suggested it would happen with right now with the demand in place and as high as it is intel is selling chips just about as quickly as it can make them and so we right now are sort of seeing the tam as a whole the demand as a whole continue to expand and so intel is fulfilling that need but where are they really too strategic to fail i mean we've seen in certain markets in certain uh process in um you know client for instance where amd has gained of course that's still x86 we've seen uh where the m1 was kind of initially thought to be potentially a pro product that would take some time it didn't take nearly as long for them to get that product in good shape um but the foundry and fab side is where i think intel really has a chance to flourish right now one it can play in the arm space it can build these facilities to be able to produce and help support the production of volumes of chips using arm designs so that actually gives intel and inroads two is it's the company that has made the most outspoken commitment to invest in the manufacturing needs of the united states both here in the united states and in other places across the world where we have friendly ally relationships and need more production capabilities if not in intel b and there is no other logical company that's us-based that's going to meet the regulator and policymakers requirements right now that is also raising their hand and saying we have the know-how we've been doing this we can do more of this and so i think pat is leaning into the right area and i think what will happen is very likely intel will support manufacturing of chips by companies like qualcomm companies like nvidia and if they're able to do that some of the market share losses that they're potentially facing with innovation challenges um and engineering challenges could be offset with growth in their fab and foundry businesses and i think i think pat identified it i think he's going to market with it and you know convincing the street that's going to be a whole nother thing that this is exciting um but i think as the street sees the opportunity here this is an area that intel can really lean into so i think i i think people generally would recognize at least the folks i talk to and it'll be interested in your thoughts who really know this business that intel you know had the best manufacturing process in in the world obviously that's coming to question but but but but for instance people say well intel's 10 nanometer you know is comparable to tsm seven nanometer and that's sort of overstated their their nanometer you know loss but but so so they they were able to point as they were able to sort of hide some of the issues maybe in design with great process and and i i believe that comes down to volume so the question i have then is and i think so i think patrick's pat is doing the right thing because he's going after volume and that's what foundry brings but can he get enough volume or does he need for inst for instance i mean one of the theories i've put out there is that apple could could save the day for intel if the if the us government gets apple in a headlock and says hey we'll back off on break up big tech but you got to give pat some of your foundry volume that puts him on a steeper learning curve do you do you worry sometimes though daniel that intel just even with like qualcomm and broadcom who by the way are competitors of theirs and don't necessarily love them but even even so if they could get that those wins that they still won't have the volume to compete on a cost basis or do you feel like even if they're numbered a number three even behind samsung it's good enough what are your thoughts on that well i don't believe a company like intel goes into a business full steam and they're not new to this business but the obvious volume and expansion that they're looking at with the intention of being number two or three these great companies and you know that's same thing i always say with google cloud google's not out to be the third cloud they're out to be one well that's intel will want to to be stronger if the us government and these investments that it's looking at making this 50 plus billion dollars is looking to pour into this particular space which i don't think is actually enough but if if the government makes these commitments and intel being likely one of the recipients of at least some of these dollars to help expedite this process move forward with building these facilities to make increased manufacturing very likely there's going to be some precedent of law a policy that is going to be put in place to make sure that a certain amount of the volume is done here stateside with companies this is a strategic imperative this is a government strategic imperative this is a putting the country at risk of losing its technology leadership if we cannot manufacture and control this process of innovation so i think intel is going to have that as a benefit that the government is going to most likely require some of this manufacturing to take place here um especially if this investment is made the last thing they're going to want to do is build a bunch of foundries and build a bunch of fabs and end up having them not at capacity especially when the world has seen how much of the manufacturing is now being done in taiwan so i think we're concluding and i i i correctly if i'm wrong but intel is too strategic to fail and and i i sometimes worry they can go bankrupt you know trying to compete with the likes of tsmc and that's why the the the public policy and the in the in the partnership with the u.s government and the eu is i think so important yeah i don't think bankruptcy is an immediate issue i think um but while i follow your train of thought dave i think what you're really looking at more is can the company grow and continue to get support where i worry about is shareholders getting exhausted with intel's the merry-go-round of not growing fast enough not gaining market share not being clearly identified as a leader in any particular process or technology and sort of just playing the role of the incumbent and they the company needs to whether it's in ai whether it's at the edge whether it's in the communications and service provider space intel is doing well you look at their quarterly numbers they're making money but if you had to say where are they leading right now what what which thing is intel really winning uh consistently at you know you look at like ai and ml and people will point to nvidia you look at you know innovation for um client you know and even amd has been super disruptive and difficult for intel uh of course you we've already talked about in like mobile um how impactful arm has been and arm is also playing a pretty big role in servers so like i said the market share and the technology leadership are a little out of skew right now and i think that's where pat's really working hard is identifying the opportunities for for intel to play market leader and technology leader again and for the market to clearly say yes um fab and foundry you know could this be an area where intel becomes the clear leader domestically and i think that the answer is definitely yes because none of the big chipmakers in the us are are doing fabrication you know they're they're all outsourcing it to overseas so if intel can really lead that here grow that large here then it takes some of the pressure off of the process and the innovation side and that's not to say that intel won't have to keep moving there but it does augment the revenue creates a new profit center and makes the company even more strategic here domestically yeah and global foundry tapped out of of sub 10 nanometer and that's why ibm's pseudonym hey wait a minute you had a commitment there the concern i have and this is where again your point is i think really important with the chip shortage you know to go from you know initial design to tape out took tesla and apple you know sub sub 24 months you know probably 18 months with intel we're on a three-year design to tape out cycle maybe even four years so they've got to compress that but that as you well know that's a really hard thing to do but the chip shortage is buying them time and i think that's a really important point that you brought out early in this segment so but the other big question daniel i want to test with you is well you mentioned this about seeing arm in the enterprise not a lot of people talk about that or have visibility on that but i think you're right on so will arm and nvidia be able to seriously penetrate the enterprise the server business in particular clearly jensen wants to be there now this data from etr lays out many of the enterprise players and we've superimposed the semiconductor giants in logos the data is an xy chart it shows net score that's etr's measure of spending momentum on the vertical axis and market share on the horizontal axis market share is not like idc market share its presence in the data set and as we reported before aws is leading the charge in enterprise architecture as daniel mentioned they're they're designing their own chips nitro and graviton microsoft is following suit as is google vmware has project monterey cisco is on the chart dell hp ibm with red hat are also shown and we've superimposed intel nvidia china and arm and now we can debate the position of the logos but we know that one intel has a dominant position in the data center it's got to protect that business it cannot lose ground as it has in pcs because the margin pressure it would face two we know aws with its annapurna acquisition is trying to control its own destiny three we know vmware has project monterey and is following aws's lead to support these new workloads beyond x86 general purpose they got partnerships with pansando and arm and others and four we know cisco they've got chip design chops as does hpe maybe to a lesser extent and of course we know ibm has excellent semiconductor design expertise especially when it comes to things like memory disaggregation as i said jensen's going hard after the data center you know him well daniel we know china wants to control its own destiny and then there's arm it dominates mobile as you pointed out in iot can it make a play for the data center daniel how do you see this picture and what are your thoughts on the future of enterprise in the context of semiconductor competition it's going to take some time i believe but some of the investments and products that have been brought to market and you mentioned that shorter tape out period that shorter period for innovation whether it's you know the graviton uh you know on aws or the aiml chips that uh with trainium and inferentia how quickly aws was able to you know develop build deploy to market an arm-based solution that is being well received and becoming an increasing component of the services and and uh products that are being offered from aws at this point it's still pretty small and i would i would suggest that nvidia and arm in the spirit of trying to get this deal done probably don't necess don't want the enterprise opportunity to be overly inflated as to how quickly the company's going to be able to play in that space because that would somewhat maybe slow or bring up some caution flags that of the regulators that are that are monitoring this at the same time you could argue that arm offering additional options in competition much like it's doing in client will offer new form factors new designs um new uh you know new skus the oems will be able to create more customized uh hardware offerings that might be able to be unique for certain enterprises industries can put more focus you know we're seeing the disaggregation with dpus and how that technology using arm with what aws is doing with nitro but what what these different companies are doing to use you know semiconductor technology to split out security networking and storage and so you start to see design innovation could become very interesting on the foundation of arm so in time i certainly see momentum right now the thing is is most companies in the enterprise are looking for something that's fairly well baked off the shelf that can meet their needs whether it's sap or whether it's you know running different custom applications that the business is built on top of commerce solutions and so intel meets most of those needs and so arm has made a lot of sense for instance with these cloud scale providers but not necessarily as much sense for enterprises especially those that don't want to necessarily look at refactoring all the workloads but as software becomes simpler as refactoring becomes easier to do between different uh different technologies and processes you start to say well arm could be compelling and you know because the the bottom line is we know this from mobile devices is most of us don't care what the processor is the average person the average data you know they look at many of these companies the same in enterprise it's always mattered um kind of like in the pc world it used to really matter that's where intel inside was born but as we continue to grow up and you see these different processes these different companies nvidia amd intel all seen as very worthy companies with very capable technologies in the data center if they can offer economics if they can offer performance if they can offer faster time to value people will look at them so i'd say in time dave the answer is arm will certainly become more and more competitive in the data center like it was able to do at the edge in immobile yeah one of the things that we've talked about is that you know the software-defined data center is awesome but it also created a lot of wasted overhead in terms of offloading storage and and networking security and that much of that is being done with general purpose x86 processors which are more expensive than than for instance using um if you look at what as you mentioned great summary of what aws is doing with graviton and trainium and other other tooling what ampere is doing um in in in oracle and you're seeing both of those companies for example particularly aws get isvs to write so they can run general purpose applications on um on arm-based processors as well it sets up well for ai inferencing at the edge which we know arms dominating the edge we see all these new types of workloads coming into the data center if you look at what companies like nebulon and pensando and and others are doing uh you're seeing a lot of their offloads are going to arm they're putting arm in even though they're still using x86 in a lot of cases but but but they're offloading to arm so it seems like they're coming into the back door i understand your point actually about they don't want to overplay their hand there especially during these negotiations but we think that that long term you know it bears watching but intel they have such a strong presence they got a super strong ecosystem and they really have great relationships with a lot of the the enterprise players and they have influence over them so they're going to use that the the the chip shortage benefits them the uh the relationship with the us government pat is spending a lot of time you know working that so it's really going to be interesting to see how this plays out daniel i want to give you the last word your final thoughts on what we talked about today and where you see this all headed i think the world benefits as a whole with more competition and more innovation pressure i like to see more players coming into the fray i think we've seen intel react over the last year under pat gelsinger's leadership we've seen the technology innovation the angstrom era the 20a we're starting to see what that roadmap is going to look like we've certainly seen how companies like nvidia can disrupt come into market and not just using hardware but using software to play a major role but as a whole as innovation continues to take form at scale we all benefit it means more intelligent software-defined vehicles it puts phones in our hands that are more powerful it gives power to you know cities governments and enterprises that can build applications and tools that give us social networks and give us data-driven experiences so i'm very bullish and optimistic on as a whole i said this before i say it again i believe semiconductors will eat the world and then you know you look at the we didn't even really talk about the companies um you know whether it's in ai uh like you know grok or grav core there are some very cool companies building things you've got qualcomm bought nuvia another company that could you know come out of the blue and offer us new innovations in mobile and personal computing i mean there's so many cool companies dave with the scale of data the uh the the growth and demand and desire for connectivity in the world um it's never been a more interesting time to be a fan of technology the only thing i will say as a whole as a society as i hope we can fix this problem because it does create risks the supply chain inflation the economics all that stuff ties together and a lot of people don't see that but if we can't get this manufacturing issue under control we didn't really talk about china dave and i'll just say taiwan and china are very physically close together and the way that china sees taiwan and the way we see taiwan is completely different we have very little control over what can happen we've all seen what's happened with hong kong so there's just so many as i said when i started this conversation we've got all these trains on the track they're all moving but they're not in parallel these tracks are all converging but the convergence isn't perpendicular so sometimes we don't see how all these things interrelate but as a whole it's a very exciting time love being in technology and uh love having the chance to come out here and talk with you i love the optimism and you're right uh that competition in china that's going to come from china as well xi has made it a part of his legacy i think to you know re-incorporate taiwan that's going to be interesting to see i mean taiwan ebbs and flows with regard to you know its leadership sometimes they're more pro i guess i should say less anti-china maybe that's the better way to say it uh and and and you know china's putting in big fab capacity for nand you know maybe maybe people look at that you know some of that is the low end of the market but you know clay christensen would say well to go take a look at the steel industry and see what happened there so so we didn't talk much about china and that was my oversight but but they're after self-sufficiency it's not like they haven't tried before kind of like intel has tried foundry before but i think they're really going for it this time but but now what are your do you believe that china will be able to get self-sufficiency let's say within the next 10 to 15 years with semiconductors yes i would never count china out of anything if they put their mind to it if it's something that they want to put absolute focus on i think um right now china vacillates between wanting to be a good player and a good steward to the world and wanting to completely run its own show the the politicization of what's going on over there we all saw what happened in the real estate market this past week we saw what happened with tech ed over the last few months we've seen what's happened with uh innovation and entrepreneurship it is not entirely clear if china wants to give the more capitalistic and innovation ecosystem a full try but it is certainly shown that it wants to be seen as a world leader over the last few decades it's accomplished that in almost any area that it wants to compete dave i would say if this is one of gigi ping's primary focuses wanting to do this it would be very irresponsible to rule it out as a possibility daniel i gotta tell you i i love collaborating with you um we met face to face just recently and i hope we could do this again i'd love to have you you back on on the program thanks so much for your your time and insights today thanks for having me dave so daniel's website futuram research that's three use in futurum uh check that out for termresearch.com uh the the this individual is really plugged in he's forward thinking and and a great resource at daniel newman uv is his twitter so go follow him for some great stuff and remember these episodes are all available as podcasts wherever you listen all you do is search for breaking analysis podcast we publish each week on wikibon.com and siliconangle.com and by the way daniel thank you for contributing your your quotes to siliconangle the writers there love you uh you can always connect on twitter i'm at divalanto you can email me at david.velante at siliconangle.com appreciate the comments on linkedin and don't forget to check out etr.plus for all the survey data this is dave vellante for the cube insights powered by etr be well and we'll see you next time you

>> From "theCUBE" studios in Palo Alto in Boston, bringing you data-driven insights from "theCUBE" in ETR. This is breaking analysis with Dave Vellante. >> Chief Information Security Officer's site trust, is the number one value attribute, they can deliver to their organizations. And when it comes to security, identity is the new attack surface. As such identity and access management, continue to be the top priority among technology decision makers. It also happens to be one of the most challenging and complicated areas of the cybersecurity landscape. Okta, a leader in the identity space has announced its intent to converge privileged access and Identity Governance in an effort to simplify the landscape and re-imagine identity. Our research shows that interest in this type of consolidation is very high, but organizations believe technical debt, compatibility issues, expense and lack of talent are barriers to reaching cyber nirvana, with their evolving Zero-Trust networks. Hello and welcome to this week's Wikibon CUBE insights, powered by ETR. In this breaking analysis, we'll explore the complex and evolving world of identity access and privileged account management, with an assessment of Okta's market expansion aspirations and fresh data from ETR, and input from my colleague Eric Bradley. Let's start by exploring identity and why it's fundamental to digital transformations. Look the pandemic accelerated digital and digital raises the stakes in cybersecurity. We've covered this extensively, but today we're going to drill into identity, which is one of the hardest nuts to crack in security. If hackers can steal someone's identity, they can penetrate networks. If that someone has privileged access to databases, financial information, HR systems, transaction systems, the backup corpus, well. You get the point. There are many bespoke tools to support a comprehensive identity access management and privilege access system. Single sign-on, identity aggregation, de-duplication of identities, identity creation, the governance of those identities, group management. Many of these tools are open source. So you have lots of vendors, lots of different systems, and often many dashboards. Practitioners tell us that it's the paper cuts that kill them, patches that aren't applied, open ports, orphan profiles that aren't disabled. They'd love to have a single dashboard, but it's often not practical for large organizations because of the bespoke nature of the tooling and the skills required to manage them. Now, adding to this complexity, many organizations have different identity systems for privileged accounts, the general employee population and customer identity. For example, around 50 percent of ETR respondents in a recent survey use different systems for workforce identity and consumer identity. Now this is often done because the consumer identity is a totally different journey. The consumer is out in the wild and takes an unknown, nonlinear path and then enters the known space inside a brand's domain. The employee identity journey is known throughout. You go onboarding, to increasing responsibilities and more access to off-boarding. Privileged access may even have different attributes, does usually like no email and, or no shared credentials. And we haven't even touched on the other identity consumers in the ecosystem like selling partners, suppliers, machines, etcetera. Like I said, it's complicated and meeting the needs of auditors is stressful and expensive for CSOs. Open chest wounds, such as sloppy histories of privileged access approvals, obvious role conflicts, missing data, inconsistent application of policy and the list goes on. The expense of securing digital operations goes well beyond the software and hardware acquisition costs. So there's a real need and often desire, to converge these systems. But technical debt makes it difficult. Companies have spent a lot of time, effort and money on their identity systems and they can't just rip and replace. So they often build by integrating piece parts or they add on to their Quasi-integrated monolithic systems. And then there's the whole Zero-Trust concept. It means a lot of different things to a lot of different people, but folks are asking if I have Zero-Trust, does it eliminate the need for identity? And what does that mean for my architecture, going forward. So, let's take a snapshot of some of the key players in identity and PAM, Privileged Access Management. This is an X-Y graph that we always like to show. It shows the net score or spending velocity, spending momentum on the vertical axis and market share or presence in the ETR dataset on the horizontal axis. It's not like revenue market share. It's just, it's mentioned market share if you will. So it's really presence in the dataset. Now, note the chart insert, the table, which shows the actual data for Net Score and Shared In, which informs the position of the dot. The red dotted line there, it indicates an elevated level. Anything over 40 percent that mark, we consider the strongest spending velocity. Now within this subset of vendors that we've chosen, where we've tried to identify some, most of them are pure plays, in this identity space. You can see there are six above that 40 percent mark including Zscaler, which tops the charts, Okta, which has been at or near the top for several quarters. There's an argument by the way, to be made that Okta and Zscaler are on a collision course as Okta expands it's TAM, but let's just park that thought for a moment. You can see Microsoft with a highly elevated spending score and a massive presence on the horizontal axis, CyberArk and SailPoint, which Okta is now aiming to disrupt and Auth zero, which Okta officially acquired in may of this year, more on that later now. Now, below that 40 percent mark you can see Cisco, which is largely acquired companies in order to build its security portfolio. For example, Duo which focuses on access and multi-factor authentication. Now, word of caution, Cisco and Microsoft in particular are overstated because, this includes their entire portfolio of security products, whereas the others are more closely aligned as pure plays in identity and privileged access. ThycotyicCentrify is pretty close to that 40 percent mark and came about as a result of the two companies merging in April of this year. More evidence of consolidation in this space, BeyondTrust is close to the red line as well, which is really interesting because this is a company whose roots go back to the VAX VMS days, which many of you don't even know what a VAX VMS is in the mid 1980s. It was the mini computer standard and the company has evolved to provide more modern PAM solutions. Ping Identity is also notable in that, it essentially emerged after the dot com bust in the early 2000s as an identity solution provider for single sign-on, SSO and multifactor authentication, MFA solutions. In IPO'd in the second half of 2019, just prior to the pandemic. It's got a $2 billion market cap-down from its highs of around $3 billion earlier this year and last summer. And like many of the remote work stocks, they bounced around, as the reopening trade and lofty valuations have weighed on many of these names, including Okta and SailPoint. Although CyberArk, actually acted well after its August 12th earnings call as its revenue growth about doubled year on year. So hot space and a big theme this year is around Okta's acquisition of Auth zero and its announcement at Oktane 2021, where it entered the PAM market and announced its thrust to converge its platform around PAM and Identity Governance and administration. Now I spoke earlier this week with Diya Jolly, who's the Chief Product Officer at Okta and I'll share some of her thoughts later in this segment. But first let's look at some of the ETR data from a recent drill down study that our friends over there conducted. This data is from a drill down that was conducted early this summer, asking organizations how important it is to have a single dashboard for access management, Identity Governance and privileged access. This goes directly to Okta strategy that it announced this year at it's Oktane user conference. Basically 80 percent of the respondents want this. So this is no surprise. Now let's stay on this theme of convergence. ETR asks security pros if they thought convergence between access management and Identity Governance would occur within the next three years. And as you can see, 89% believe this is going to happen. They either strongly agree, agree, or somewhat agree. I mean, it's almost as though the CSOs are willing this to occur. And this seemingly bodes well for Okta, which in April announced its intent to converge PAM and IGA. Okta's Diya jolly stressed to me that this move was in response to customer demand. And this chart confirms that, but there's a deeper analysis worth exploring. Traditional tools of identity, single sign-on SSO and multi-factor authentication MFA, they're being commoditized. And the most obvious example of this is OAuth or Open Authorization. You know, log in with Twitter, Google, LinkedIn, Amazon, Facebook. Now Okta currently has around a $35 billion market cap as of today, off from its highs, which were well over 40 billion earlier this year. Okta stated, previously stated, total addressable market was around 55 billion. So CEO, Todd McKinnon had to initiate a TAM expansion play, which is the job of any CEO, right? Now, this move does that. It increases the company's TAM by probably around $20 to $30 billion in our view. Moreover, the number one criticism of Okta is, "Your price is too high." That's a good problem to have I say. Regardless, Okta has to think about adding more value to its customers and prospects, and this move both expands its TAM and supports its longer-term vision to enable a secure user-controlled ubiquitous, digital identity, supporting federated users and data within a centralized system. Now, the other thing Jolly stressed to me is that Okta is heavily focused on the user experience, making it simple and consumer grade easy. At Oktane 21, she gave a keynote laying out the company's vision. It was a compelling presentation designed to show how complex the problem is and how Okta plans to simplify the experience for end users, service providers, brands, and the overall technical community across the ecosystem. But look, there are a lot of challenges, the company faces to pull this off. So let's dig into that a little bit. Zero-Trust has been the buzz word and it's a direction, the industry is moving towards, although there are skeptics. Zero-Trust today is aspirational. It essentially says you don't trust any user or device. And the system can ensure the right people or machines, have the proper level of access to the resources they need all the time, with a fantastic user experience. So you can see why I call this nirvana earlier. In previous breaking analysis segments, we've laid out a map for protecting your digital identity, your passwords, your crypto wallets, how to create Air Gaps. It's a bloody mess. So ETR asked security pros if they thought a hybrid of access management and Zero-Trust network could replace their PAM systems, because if you can achieve Zero-Trust in a world with no shared credentials and real-time access, a direction which Diya jolly clearly told me Okta is headed, then in theory, you can eliminate the need for Privileged Access Management. Another way of looking at this is, you do for every user what you do for PAM users. And that's how you achieve Zero-Trust. But you can see from this picture that there's more uncertainty here with nearly 50 percent of the sample, not in agreement that this is achievable. Practitioners in Eric Bradley's round tables tell us that you'll still need the PAM system to do things, like session auditing and credential checkouts and other things. But much of the PAM functionality could be handled by this Zero-Trust environment we believe. ETR then asks the security pros, how difficult it would be to replace their PAM systems. And this is where it gets interesting. You can see by this picture. The enthusiasm wanes quite a bit when the practitioners have to think about the challenges associated with replacing Privileged Access Management Systems with a new hybrid. Only 20 percent of the respondents see this as, something that is easy to do, likely because they are smaller and don't have a ton of technical debt. So the question and the obvious question is why? What are the difficulties and challenges of replacing these systems? Here's a diagram that shows the blockers. 53 percent say gaps in capabilities. 26 percent say there's no clear ROI. IE too expensive and 11 percent interestingly said, they want to stay with best of breed solutions. Presumably handling much of the integration of the bespoke capabilities on their own. Now speaking with our Eric Bradley, he shared that there's concern about "rip and replace" and the ability to justify that internally. There's also a significant buildup in technical debt, as we talked about earlier. One CSO on an Eric Bradley ETR insights panel explained that the big challenge Okta will face here, is the inertia of entrenched systems from the likes of SailPoint, Thycotic and others. Specifically, these companies have more mature stacks and have built in connectors to legacy systems over many years and processes are wired to these systems and would be very difficult to change with skill sets aligned as well. One practitioner told us that he went with SailPoint almost exclusively because of their ability to interface with SAP. Further, he said that he believed, Okta would be great at connecting to other cloud API enabled systems. There's a large market of legacy systems for which Okta would have to build custom integrations and that would be expensive and would require a lot of engineering. Another practitioner said, "We're not implementing Okta, but we strongly considered it." The reason they didn't go with was the company had a lot of on-prem legacy apps and so they went with Microsoft Identity Manager, but that didn't meet the grade because the user experience was subpar. So they're still searching for a solution that can be good at both cloud and on-prem. Now, a third CSO said, quote, " I've spent a lot of money, writing custom connectors to SailPoint", and he's stressed a lot of money, he said that several times. "So, who was going to write those custom connectors for me? Will Okta do it for free? I just don't see that happening", end quote. Further, this individual said, quote, "It's just not going to be an easy switch. And to be clear, SailPoint is not our PAM solution. That's why we're looking at CyberArk." So the complexity that, unquote. So the complexity and fragmentation continues. And personally I see this as a positive trend for Okta, if it can converge these capabilities. Now I pressed Okta's Diya Jolly on these challenges and the difficulties of replacing them over to our stacks of the competitors. She fully admitted, this was a real issue But her answer was that Okta is betting on the future of microservices and cloud disruption. Her premise is that Okta's platform is better suited for this new application environment, and they're essentially betting on organizations modernizing their application portfolios and Okta believes that it will be ultimately a tailwind for the company. Now let's look at the age old question of best of breed versus incumbent slash integrated suite. ETR and it's drilled down study ask customers, when thinking about identity and access management solutions, do you prefer best of breed and incumbent that you're already using or the most cost efficient solution? The respondents were asked to force rank one, two and three, and you can see, incumbent just edged out best in breed with a 2.2 score versus a 2.1, with the most cost-effective choice at 1.7. Now, overall, I would say, this is good news for Okta. Yes, they faced the issues that we brought up earlier but as digital transformations lead to modernizing much of the application portfolio with container and microservices, Okta will be in a position, assuming it continues to innovate, to pick up much of this business. And to the point earlier, where the CSO told us they're going to use both SailPoint and CyberArk. When ETR asked practitioners which vendors are in the best position to benefit from Zero-Trust, the Zero-Trust trend, the answers were not surprisingly all over the place. Lots of Okta came up. Zscaler came up a lot too, hmm. There's that collision course. But plenty of SailPoint, Palo Alto, Microsoft, Netskope, Dichotic, Centrify, Cisco, all over the map. So now let's look specifically at how practitioners are thinking about Okta's latest announcements. This chart shows the results of the question. Are you planning to evaluate Okta's recently announced Identity Governance and PAM offerings? 45 to nearly 50 percent of the respondents either were already using or plan to evaluate, with just around 40 percent saying they had no plans to evaluate. So again, this is positive news for Okta in our view. The huge portion of the market is going to take a look at what Okta's doing. Combined with the underlying trends that we shared earlier related to the need for convergence, this is good news for the company. Now, even if the blockers are too severe to overcome, Okta will be on the radar and is on the radar as you can see from this data. And as with the Microsoft MIM example, the company will be seen as increasingly strategic, Okta that is, and could get another bite at the apple. Moreover, Okta's acquisition of Auth zero is strategically important. One of the other things Jolly told me is they see initiative starting both from devs and then hand it over to IT to implement, and then the reverse where IT may be the starting point and then go to devs to productize the effort. The Auth zero acquisition gives Okta plays in both games, because as we've reported earlier, Okta wasn't strong with the devs, Auth zero that was their wheelhouse. Now Okta has both. Now on the one hand, when you talk to practitioners, they're excited about the joint capabilities and the gaps that Auth zero fills. On the other hand, it takes out one of Okta's main competitors and customers like competition. So I guess I look at it this way. Many enterprises will spend more money to save time. And that's where Okta has traditionally been strong. Premium pricing but there's clear value, in that it's easier, less resources required, skillsets are scarce. So boom, good fit. Other enterprises look at the price tag of an Okta and, they actually have internal development capabilities. So they prefer to spend engineering time to save money. That's where Auth zero has seen its momentum. Now Todd McKinnon and company, they can have it both ways because of that acquisition. If the price of Okta classic is too high, here's a lower cost solution with Auth zero that can save you money if you have the developer talent and the time. It's a compelling advantage, that's unique. Okay, let's wrap. The road to Zero-Trust networks is long and arduous. The goal is to understand, support and enable access for different roles, safely and securely, across an ecosystem of consumers, employees, partners, suppliers, all the consumers, (laughs softly) of your touch points to your security system. You've got to simplify the user experience. Today's kluge of password, password management, security exposures, just not going to cut it in the digital future. Supporting users in a decentralized, no-moat world, the queen has left her castle, as I often say is compulsory. But you must have federated governance. And there's always going to be room for specialists in this space. Especially for industry specific solutions for instance, within healthcare, education, government, etcetera. Hybrids are the reality for companies that have any on-prem legacy apps. Now Okta has put itself in a leadership position, but it's not alone. Complexity and fragmentation will likely remain. This is a highly competitive market with lots of barriers to entry, which is both good and bad for Okta. On the one hand, unseating incumbents will not be easy. On the other hand, Okta is both scaling and growing rapidly, revenues are growing almost 50% per annum and with it's convergence agenda and Auth zero, it can build a nice moat to its business and keep others out. Okay, that's it for now. Remember, these episodes are all available as podcasts, wherever you listen, just search braking analysis podcast, and please subscribe. Thanks to my colleague, Eric Bradley, and our friends over at ETR. Check out ETR website at "etr.plus" for all the data and all the survey action. We also publish a full report every week on "wikibon.com" and "siliconangle.com". So make sure you check that out and browse the breaking analysis collection. There are nearly a hundred of these episodes on a variety of topics, all available free of charge. Get in touch with me. You can email me at "david.vellante@siliconangle.com" or "@dvellante" on Twitter. Comment on our LinkedIn posts. This is Dave Vellante for "theCUBE" insights powered by ETR. Have a great week everybody. Stay safe, be well And we'll see you next time. (upbeat music)

>>Yeah. >>All right. Welcome back to our third session, which is all about administering analytics at Global Scale. We're gonna be discussing how you can implement security data compliance and governance across the globe at for large numbers of users to ensure thoughts. What is open for everyone across your organization? So coming right up is Cheryl Zang, who is a senior director of product management of Thought spot, and Kendrick. He threw the sports sports director of Systems Engineering. So, Cheryl and Kendrick, the floor is yours. >>Thank you, Tina, for the introduction. So let's talk about analytics scale on. Let's understand what that is. It's really three components. It's the access to not only data but its technology, and we start looking at the intersection of that is the value that you get as an organization. When you start thinking about analytics scale, a lot of times we think of analysts at scale and we look at the cloud as the A seven m for it, and that's a That's an accurate statement because people are moving towards the cloud for a variety of reasons. And if you think about what's been driving, it has been the applications like Salesforce, Forcados, Mongo, DB, among others. And it's actually part of where we're seeing our market go where 64% of the company's air planning to move their analytics to the cloud. And if you think of stock spotted specifically, we see that vast majority of our customers are already in the cloud with one of the Big Four Cloud Data warehouses, or they're evaluated. And what we found, though, is that even though companies are moving their analytics to the cloud, we have not solved. The problem of accessing the data is a matter of fact. Our customers. They're telling us that 10 to 25% of that data warehouse that they're leveraging, they've moved and I'm utilizing. And if you look at in General, Forrester says that 60 to 73% of data that you have is not being leveraged, and if we think about why you go through, you have this process of taking enterprise data, moving it into these cubes and aggregates and building these reports dashboards. And there's this bottleneck typically of that be I to and at the end of the day, the people that are getting that data on the right hand side or on Lee. Anywhere from 20 to 30% of the population when companies want to be data driven is 20 to 30% of the population. Really what you're looking for now it's something north of that. And if you think of Cloud data, warehouse is being the the process and you bring Cloud Data Warehouse and it's still within the same framework. You know? Why invest? Why invest and truly not fix the problem? And if you take that out and your leverage okay, you don't necessarily have the You could go directly against the warehouse, but you're still not solving the reports and dashboards. Why investing truly not scale? It's the three pillars. It's technology, it's data, and it's a accessibility. So if we look at analytics at scale, it truly is being able to get to that north of the 20 to 30% have that be I team become enablers, often organization. Have them be ableto work with the data in the Cloud Data warehouse and allow the cells marking finding supplies and then hr get direct access to that. Ask their own questions to be able to leverage that to be able to do that. You really have to look at your modern data architecture and figure out where you are in this maturity, and then they'll be able to build that out. So you look at this from the left to right and sources. It's ingestion transformation. It's the storage that the technology brains e. It's the data from a historical predictive perspective. And then it's the accessibility. So it's technology. It's data accessibility. And how do you build that? Well, if you look at for a thought to spot perspective, it truly is taking and driving and leveraging the cloud data warehouse architectures, interrogated, essay behind it. And then the accessibility is the search answers pen boards and embedded analytics. If you take that and extend it where you want to augment it, it's adding our partners from E T L R E L t. Perspective like al tricks talent Matile Ian Streaming data from data brings or if you wanna leverage your cloud, data warehouses of Data Lake and then leverage the Martin capability of your child data warehouse. The augmentation leveraging out through its data bricks and data robot. And that's where your data side of that pillar gets stronger, the technologies are enabling it. And then the accessibility from the output. This thought spot. Now, if you look at the hot spots, why and how do we make this technology accessible? What's the user experience we are? We allow an organization to go from 20 to 30% population, having access to data to what it means to be truly data driven by our users. That user experience is enabled by our ability to lead a person through the search process. There are search index and rankings. This is built for search for corporate data on top of the Cloud Data Warehouse. On top of the data that you need to be able to allow a person who doesn't understand analytics to get access to the data and the questions they need to answer, Arcuri Engine makes it simple for customers to take. Ask those questions and what you might think are not complex business questions. But they turn into complex queries in the back end that someone who typically needs to know that's that power user needs to know are very engine. Isolate that from an end user and allows them to ask that question and drive that query. And it's built on an architecture that allows us to change and adapt to the types of things. It's micro services architecture, that we've not only gone from a non grim system to our cloud offering, in a matter of of really true these 23 years. And it's amazing the reason why we can do that, do that and in a sense, future proof your investment. It's because of the way we've developed this. It's wild. First, it's Michael Services. It's able to drive. So what this architecture ER that we've talked about. We've seen different conversations of beyond its thought spot everywhere, which allows us to take that spot. One. Our ability to for search for search data for auto analyzed the Monitor with that govern security in the background and being able to leverage that not only internally but externally and then being able to take thought spot modeling language for that analysts and that person who just really good at creating and let them create these models that it could be deployed anywhere very, very quickly and then taking advantage off the Cloud Data warehouse or the technology that you have and really give you accessibility the technology that you need as well as the data that you need. That's what you need to be able to administer, uh, to take analytics at scale. So what I'm gonna do now is I'm gonna turn it over to Cheryl and she's gonna talk about administration in thought spot. Cheryl, >>thank you very much Can take. Today. I'm going to show you how you can administrator and manage South Spot for your organization >>covering >>streaming topics, the user management >>data management and >>also user adoption and performance monitoring. Let's jump into the demo. >>I think the Southport Application The Admin Council provides all the core functions needed for system level administration. Let's start with user management and authentication. With the user tab. You can add or delete a user, or you can modify the setting for an existing user. For example, user name, password email. Or you can add the user toe a different group with the group's tab. You can add or delete group, or you can manage the group setting. For example, Privileges associated with all the group members, for example, can administrate a soft spot can share data with all users or can manage data this can manage data privilege is very important. It grants a user the privileges to add data source added table and worksheet, manage data for different organizations or use cases without being an at me. There is also a field called Default Pin Board. You can select a set of PIN board that will be shown toe all of the users in that group on their homepage in terms off authentication. Currently, we support three different methods local active directory and samel By default. Local authentication is enabled and you can also choose to have several integration with an external identity provider. Currently, we support actor Ping Identity, Seaside Minor or a T. F. S. The third method is integration with active directory. You can configure integration with L DAP through active directory, allowing you to authenticate users against an elder up server. Once the users and groups are added to the system, we can share pin board wisdom or they can search to ask and answer their own questions. To create a searchable data, we first need to connect to our data warehouses with embraced. You can directly query the data as it exists in the data warehouse without having to move or transfer the data. In this page, you can add a connection to any off the six supported data warehouses. Today we will be focusing on the administrative aspect off the data management. So I will close the tap here and we will be using the connections that are already being set up. Under the Data Objects tab, we can see all of the tables from the connections. Sometimes there are a lot of tables, and it may be overwhelming for the administrator to manage the data as a best practice. We recommend using stickers toe organize your data sets here, we're going to select the Salesforce sticker. This will refined a list off tables coming from Salesforce only. This helps with data, lineage and the traceability because worksheets are curated data that's based on those tables. Let's take a look at this worksheet. Here we can see the joints between tables that created a schema. Once the data analyst created the table and worksheet, the data is searchable by end users. Let's go to search first, let's select the data source here. We can see all of the data that we have been granted access to see Let's choose the Salesforce sticker and we will see all of the tables and work ship that's available to us as a data source. Let's choose this worksheet as a data source. Now we're ready to search the search Insight can be saved either into a PIN board or an answer. Okay, it's important to know that the sticker actually persist with PIN board and answers. So when the user logging, they will be able to see all of the content that's available to them. Let's go to the Admin Council and check out the User Adoption Pin board. The User Adoption Pin board contains essential information about your soft spot users and their adoption off the platform. Here, you can see daily active user, weekly, active user and monthly active user. Count that in the last 30 days you can also see the total count off the pin board and answers that saved in the system. Here, you can see that unique count off users. Now. You can also find out the top 10 users in the last 30 days. The top 10 PIN board consumers and top 10 ad hoc searchers here, you can see that trending off weekly, active users, daily, active users and hourly active users over time. You can also get information about popular pin boards and user actions in the last one month. Now let's zoom in into this chart. With this chart, you can see weekly active users and how they're using soft spot. In this example, you can see 60% of the time people are doing at Hawk search. If you would like to see what people are searching, you can do a simple drill down on quarry tax. Here we can find out the most popular credit tax that's being used is number off the opportunities. At last, I would like to show you assistant performance Tracking PIN board that's available to the ad means this PIN board contains essential information about your soft spot. Instance performance You this pimple. To understand the query, Leighton see user traffic, how users are interacting with soft spot, most frequently loaded tables and so on. The last component toe scowling hundreds of users, is a great on boarding experience. A new feature we call Search Assist helps automate on boarding while ensuring new users have the foundation. They need to be successful on Day one, when new users logging for the first time, they're presented with personalized sample searches that are specific to their data set. In this example, someone in a sales organization would see questions like What were sales by product? Type in 2020. From there are guided step by step process helps introduce new users with search ensuring a successful on boarding experience. The search assist. The coach is a customized in product Walk through that uses your own data and your own business vocabulary to take your business users from unfamiliar to near fluent in minutes. Instead of showing the entire end user experience today, I will focus on the set up and administration side off the search assist. Search Assist is easy to set up at worksheet level with flexible options for multiple guided lessons. Using preview template, we help you create multiple learning path based on department or based on your business. Users needs to set up a learning path. You're simply feeling the template with relevant search examples while previewing what the end user will see and then increase the complexity with each additional question toe. Help your users progress >>in summary. It is easy to administrator user management, data management, management and the user adoption at scale Using soft spot Admin Council Back to you, Kendrick. >>Thank you, Cheryl. That was great. Appreciate the demo there. It's awesome. It's real life data, real life software. You know what? Enclosing here? I want to talk a little bit about what we've seen out in the marketplace and some of them when we're talking through prospects and customers, what they talk a little bit about. Well, I'm not quite area either. My data is not ready or I've got I don't have a file data warehouse. That's this process. In this thinking on, we have examples and three different examples. We have a company that actually had never I hadn't even thought about analytics at scale. We come in, we talked to them in less than a week. They're able to move their data thought spot and ask questions of the billion rose in less than a week now. We've also had customers that are early adoption. They're sticking their toes in the water around the technology, so they have a lot of data warehouse and they put some data at it, and with 11 minute within 11 minutes, we were able to search on a billion rows of their data. Now they're adding more data to combine to, to be able to work with. And then we have customers that are more mature in their process. Uh, they put large volumes of data within nine minutes. We're asking questions of their data, their business users air understanding. What's going on? A second question we get sometimes is my data is not clean. We'll talk Spot is very, very good at finding that type of data. If you take, you start moving and becomes an inner door process, and we can help with that again. Within a week, we could take data, get it into your system, start asking business questions of that and be ready to go. You know, I'm gonna turn it back to you and thank you for your time. >>Kendrick and Carol thank you for joining us today and bringing all of that amazing inside for our audience at home. Let's do a couple of stretches and then join us in a few minutes for our last session of the track. Insides for all about how Canadian Tire is delivering Korean making business outcomes would certainly not in a I. So you're there

(upbeat music) >> Announcer: From our studios, in the heart of Silicon Valley, Palo Alto, California, this is a Cube conversation. >> Everyone, welcome to this special Cube conversation here in Palo Alto Cube studios. I'm John Furrier, host of the Cube. We have special breaking news here, with Sri Ambati who is the founder and CEO of H2O.ai with big funding news. Great to see you Cube alumni, hot startup, you got some hot funding news, share with us. >> We are very excited to announce our Series D. Goldman Sachs, one of our leading customers and Ping An from China are leading our round. It's a round of $72 million, and bringing our total fundraise to 147. This is an endorsement of their support of our mission to democratize AI and an endorsement of the amazing teamwork behind the company and its customer centricity. Customers have now come to lead two of our rounds. Last round was Series C led by Wells Fargo and NVIDIA and I think it just goes to say how critical a thing we are for their success in AI. >> Well congratulations, I've been watching you guys build this company from scratch, we've had many conversations going back to 2013, '14 on The Cube. You call it-- >> You covered us long before. >> You guys were always on the wave, and you really created a category, this is a new category that Cloud 2.0 is creating which is a DevOps mindset, entrepreneurial mindset, creating a category to enable people to have the kind of infrastructure and tooling and software to enable them to do all the heavy lifting of AI without doing the heavy lifting. As the quote for cloud is, that Amazon always quotes is you do all of the undifferentiated heavy lifting that's required to stand up stuff and then provide tooling for the heavy differentiated lifting to make it easy to use. This has been a key thing. Has that been the-- >> Customers have be core to our, company building. H2O is here to build an amazing piece of innovation and technology and innovation is not new for Silicon Valley, as you know. But I think innovation, with a purpose and with a focus of customer success is something we represent and that's been kind of the key north finder for us. In terms of making things simpler, when we started, it was a grassroots movement in open source and we wanted the mind share of millions of users worldwide and that mind share got us a lot of feedback. And that feedback is how we then built the second generation of the product lines, which is driverless AI. We are also announcing our mission to make every company an AI company, this funding will power that transformation of several businesses that can then go on to build the AI superpower. >> And certainly, cloud computing, more compute more elastic resources is always a great tailwind. What are you guys going to do with the funding in terms of focus? >> You mentioned cloud which is a great story. We're obviously going to make things easier for folks who are doing the cloud, but they are the largest players, as well, Google, Microsoft, Amazon. They're right there, trying to innovate. AI is at the center of every software moment because AI eating software, software is eating the world. And so, all the software players are right there, trying to build a large AI opportunity for the world and we think in ecosystems, not just empires. So our mission is to uplift the entire AI to the place where businesses can use it, verticalize it, build new products, globalize. We are building our sales and marketing efforts now with a much bigger, faster systems-- >> So a lot of, go to market expansion, more customer focus. More field sales and support kind of thing. >> Build our center for AI research in Prague, within the CND, now we are building it in Chennai and Ottawa, and so globalizing the operation, going to China, going to build focus in Asia as well. >> So nice step up on funding at 72 million, you said? >> 72.5 million. >> 72.5 million, that's almost double what you've raised to date, nice kickup. So global expansion, nice philosophy. That's important to you guys, isn't it? >> The world has become a small village. There's no changing that, and data is global. Things are a wide global trend, it's amazing to see that AI is not just transforming the US, it's also transforming China, it's also transforming India. It's transforming Africa. Pay through mobile is a very common theme worldwide and I think data is being collected globally. I think there is no way to unbox it and box it back to a small place, so our vision is very borderless and global and we want the AI companies of the valley to also compete in a global arena and I think that's kind of why we think it's important to be-- >> Love competition, that's certainly going to force everyone to be more open. I got to ask you about the role of the developer. I love the democratization, putting AI in the hands of everybody, it's a great mission. You guys do a lot of AI for Good efforts. So congratulations on that, but how does this change the nature of the developer, because you're seeing with cloud and DevOps, developers are becoming closer to the front lines, they're becoming kingmakers. They're becoming really, really important. So the role of the developer is important. How do you change that role, if any. How do you expand it, what happens? >> There are two important transformations happening right now in the tech world. One is the role of data scientists and the role of the software engineer. Right, so they're coming closer in many ways, in actually in some of the newer places, software engineers are deploying data science models, data scientists are deploying software engineering. So Python has been a good new language, the new languages that are coming up that help that happen more closely. Software engineering as we know it, which was looking at data creating the rules and the logic that runs a program is now being automated to a degree where that logic is being generated from data using data science. So that's where the brains behind how programs run how computers build is now being, is AI inside. And so that's where the world is transforming, software engineers now get to do a lot more with a lot less of tinkering on a daily basis for little modules. They can probably build a whole slew of an application what would take 18 months to build is now compressing into 18 weeks or 18 days. >> Sri, I love how you talk about software engineering and data scientists, very specific. I was having a debate with my young son around what is computer science was the question. Well, computer science is the study of computers the science of computers. It used to be if you were a CS or a comp sci major which is not cool to say anymore but, when you were a computer science major, you were really a software engineer, that was the discipline. Now, computer science as a field has spread so far and so broad, you've got software engineering you've got data science, you have newer roles are emerging. But that brings up the question I want to put to you which is, the whole idea of, I'm a full stack developer. Well, if what you're saying you're doing is true, you're essentially cutting the stack in half. So it's a half stack developer on one end and a data scientist that's got the other half. So the notion of the full stack developer kind of goes away with the idea of horizontally scalable infrastructure and vertically specialized data and AI. Your thoughts, what's your reaction to that? >> I think the most... I would say the most scarce resource in the world is empathy, right? When developers have empathy for their users, they now start building design that cares for the users. So the design becomes still the limiting factor where you can't really automate a lot of that design. So the full stack engineer is now going closer to the front and understanding their users and making applications that are perceptive of how the users are using them and building that empathy into the product. A lot of the full stack, we used to learn how to build up a kernel, deploy it on cloud, scale it on your own servers. All of that is coming together in reasonably easier ways. With cloud is helping there, AI is helping there, data is helping there, and lessons from the data. But I think what has not gone away is imagination, creativity, and how to power that creativity with AI and get it in the hands of someone quickly. Marketing has become easier in the new world. So it's not just enough to make products, you have to make markets for your products and then deliver and get that success for customers-- >> So what you're saying-- >> The developers become-- >> The consistency of the lower end of the stack of wiring together the plumbing and the kernel and everything else is done for you. So you can move up. >> Up the stack. >> So the stack's growing, so it's still kind of full. No one calls themselves a half stack developer. I haven't met anyone say "Yeah I'm a half stack developer." They're full stack developers, but the roles are changing. >> I think what-- >> There's more to do on the front end of creativity so the stack's extending. >> Creativity is changing, I think the one thing we have learned. We've gone past Moore's Law in the valley and people are innovating architectures to run AI faster. So AI is beginning to eat hardware. So you've seen the transformation in microprocessors as well I think once AI starts being part of the overall conversation, you'll see a much more richer coexistence with being how a human programmer and a computer programmer is going to be working closely. But I think this is just the beginning of a real richness when you talk about rich interactive applications, you're going to talk about rich interactive appliances, where you start seeing intelligence really spread around the form. >> Sri, if we really want to have some fun we can just talk about what a 10x engineer is. No I'm only kidding, we're not going to go there. It's always a good debate on Twitter what a 10x engineer is. Sri, congratulations on the funding. $72.5 million in finance for global expansion on the team side as well as in geographies, congratulations. >> Thank you. >> H2O.ai >> The full stack engineer of the future is, finishing up your full stack engineer conversation is going to get that courage and become a leader. Going from managers to leaders, developers to founders. I think it's become easier to democratize entrepreneurship now than ever before and part of our mission as a company is to democratize things, democratize AI, democratize H2O like in the AI for Good, democratize water. But also democratize the art of making more entrepreneurs and remove the common ways to fail and that's also a way to create more opportunity more ownership in the world and so-- >> And I think society will benefit from this globally because in the data is truth, in the data is the notion of being transparent, if it's all there and we're going to get to the data faster and that's where AI helps us. >> That's what it is. >> Sri, congratulations, $72 million of funding for H2O. We're here with the founder and CEO Sri Ambati. Great success story here in Silicon Valley and around the world. I'm John Furrier with the Cube, thanks for watching. >> Sri: Thank you. (upbeat music)

>> Narrator: Live from Nice, France. Its the Cube, covering .Next Conference 2017, Europe. Brought to you by Nutanix. >> Welcome back, I'm Stu Miniman and you're watching, Silicon Angle Medias production of the Cube. World Wide leader in live tech coverage. Happy to welcome to the program, first time guest, Anja Manuel, who's a Co-founder and partner at, Rice Hadley Gates. Thank you so much for joining us. >> Anja: Thank you for having me, Stu. >> So, I've attended all five of the Nutanix conferences. And definitely, when we get a speaker at the Key Note from R.H.G. is one of the highlights. So, Condoleezza Rice, everybody's like, how does Nutanix get Condie Rice to come in? Robert Gates, we've actually had the pleasure of having him on the Cube. We've had Stephen Hadley on in D.C. also. And a little bit different conversation than some of the, kind of, in the weeds technical discussion. So, Anja for our audience that's not familiar, give us a little bit about your background, what you led you in to be one of the founders. >> Absolutely. Well, I've done a bit of everything. I've been an investment banker, a lawyer doing international cases. I have worked at the State Department for Condie Rice, mostly on Asia issues. And, then at the very end of 2008, Condie, Steve and I founded this firm. And we feel very lucky to be working with each other and some of the great, young and already, some already large, some fast growing tech companies in the Valley. And helping them expand around the world. And it's been a particular pleasure to work with Dheeraj and his team at Nutanix. When we started with them, they were a couple hundred people. And now look around, you've got 2,000 people at this conference. So, we're very proud of them. >> Yeah, absolutely. Great growth for Nutanix, their eco-system's blossoming. One of the jokes I always have here on the Cube is, when I talk to any end user customers, its like, well your industry's not changing that much, right? And of course, it doesn't matter what industry you're in. Digital disruption is more than just what it's affecting. Globalization is just a fact of life. It brings, especially for a lot our audiences, USA based, we reach a global audience. But when we come to some of these international events, it really puts a point on some of the things going on globally. What're you talking to, when you speak to the CIOs and you're talking to Nutanix customers and partners, what are some of the big challenges? What are the things that they need to be looking at? >> Sure, globalization is happening and of course, it's more pronounced in tech. This is the first industry that really shows no sectoral boundaries. The big platform companies can basically go into any industry sector and no geographic boundaries. It's very easy to expand internationally. So, what I'm going to be talking about today on the main stage is just globalization and its backlash. As you know we've seen, after decades of evermore, open boarders, increase trade, easier immigration, and the last year or two, you've seen really the West in sort of, what I would call a defensive crouch. And there are real reasons for it in the US where you and I both live. If you are a white male, who has a high school education or less, you live on average, 10 years less than all of the very highly educated people in this room. And there is a real issue of people being left behind. And you can see that impact politically. You see it in the US, with Trump, and I would also argue on the left with Bernie Sanders. You see it with Brexit. You see it in the impact that Marine Le Pen and Aten a Tiva for Deutschland and others have had on European politics. And I would say that impact is strong, even though those right wing parties in Europe didn't win, they're setting the agenda much more than you would've seen 10 years ago. So it's something for the tech companies to consider as they keep expanding. >> Yeah, it's a trade. On the one hand, you said that there's no boundaries for tech, but one of the things a lot of the tech community, we look at, is some of those fragments that are happening. So, like, the internet. Is the internet a global internet or does China have their own internet? Will Germany just create their own internet? And how much is governance, and having data something we look and Nutanix looks at a lot, require that you have it within those boarders, and the boundaries between government and corporations now? There's certain countries where governments are heavily involved and certain ones where it almost feels that they're fighting. In the US, it's, is the government actually helping business or stopping business? >> That's right. >> Is something that we ask a lot. So I'm curious, your thoughts. >> Well, right now, we still have one global interoperable internet and that has been a huge boon to economies all around the world. Not just the American one. And it's this little known organization called ICANN, which was started in the 1990s. It has a convoluted thing called the multi stake holder model, where they say, we're going to get people, the technologists who are working on this and GOs and governments and everyone talking about how do we actually manage this thing and make sure that it stays interoperable and global. And I'm quite happy that that system of internet governance still stands and that it hasn't been taken over by individual governments or by the United Nations. You talked about data localization. It's a real issue. We see this with a lot of the tech companies that we work with out in California. More and more. You see the Russians doing it. You see the Chinese doing it. And I worry that if that trend really continues, you will have less interaction, for example, between Chinese and Americans, which is something we so dramatically need, now that our governments seem to be more and more at odds with each other. It's more important than ever that the companies and the people are talking to each other. >> Yeah, I actually, we interviewed the former president of ICANN, Fadi Chehade, a couple of years ago and he was raising red flags as to concern about would the US step back. Cause really, it put that in place, and had a very strong connection there. So would the US, kind of, advocate from some of this or how would that be involved? So you're happy with the way ICANN's going and kind of the global discussion? >> I was very happy to see that the United States allowed it to be privatized. Which is something that'd been planned for a long time. So we're quite happy that it happened the way it did. And that even the new Trump administration didn't stop that from going through, yeah. >> All right, you've written a lot about India, some of the others. How do companies, even in the global market place? Do they have to specialize in what they're doing? Certain regionalizations, that they need to do or how do they, global company, interact in some of the more emerging markets? >> Yeah, they do have to specialize. And I think sometimes, in Silicon Valley, we're so confident in our own abilities that sometimes we think, well if it's invented here, naturally the world will love it. That worked for Facebook. It worked for Google. It doesn't necessarily work for every technology company. And so, yes, of course you have to tailor it to the local market. And there are some innovations coming out of China and India that are, frankly, really impressive and we should adopt some of them. And China, the web payments infrastructure is much more advanced than what you see in the US. Lots of people do everything through their WeChat account. They pay, they interact, they talk. It's not just texting. It's a whole echo system in a way that we haven't really seen as much in the US and Europe. So we can learn from them as well. >> Yeah so another interesting topic is, Silicon Valley prides itself on being the center of innovation. What're you seeing globally, are there certain areas or pockets? Can there be other Silicon Valleys for different technologies or is Silicon Valley going to be the Silicon Valley for all of these waves? >> Well, we are the biggest Silicon Valley. And it is a very unique eco-system. I'm lucky enough to teach at Stanford and to work with some of these tech companies. The idea that a university and a venture capital eco-system and entrepreneurs all work together in something that isn't directed by the state is very very important. And you do see these springing up everywhere. You have it in Bangalore. You have it in Boston, where you're from. You have it outside of London. You're seeing a little bit in Berlin happening. You're seeing it in China in a much bigger way than I think people appreciate. I'll give you one story. I was at the Chinese World Internet Forums, sort of their vision of the world internet, a year and a half ago. And I get back to my hotel at midnight, ready to just go to bed, and there are a thousand people in the lobby. All with their phones out. And I'm wondering, who's coming? Is it Xi Xin Ping? Is it some rock star? In walks Jack Ma and the CEO of Xiaomi phones. And a huge shout goes up as if it's the Beatles. So if you're a young millennial Chinese person, you want to be Jack Ma. So innovation fever has captured them as well. >> Yeah, what about companies being global versus being based in a country? What advice do you give to how they balance that headquarters versus being a global company? >> Yeah, this is one of the ironies and all the protectionist talk you see from governments because I think the cat is out of the bag. So to speak. Every company we work with, even the very young ones, they're global from the very beginning. Even if you think your headquarters are in New York or in California, you're supply chain most likely, incorporates 10 different countries. Your customers are somewhere else. Maybe you don't advertise it because you try to be an all American company or all European company, but there's actually no such thing as a domestic company anymore. >> I want to give you the final word. Nutanix, you give some advice. I'm sure there's things we can't talk about. But how are they doing as being a global company? What are some of the things a company like Nutanix that they'll face as they expand globally? >> Yeah, Nutanix is very impressive. First of all, if you look at Dheeraj and Sudheesh and their senior management team, what I love about working with them, is that they are good technically, they're great at the people to people skills and they are instantly global just like we just talked about. If you look at their management team, they're from all over the world. And they very quickly got people out into all the different regions. I think they try to be sensitive to how their product would be used in different places around the world. So I'm quite optimistic about what they're going to be able to achieve. >> Okay, I do have one last question for you. I was just thinking about that globalization. One of the concerns we have these days is getting enough women in tech and with your global viewpoint, just women in the workforce is still something that we're challenged with in many parts of the globe. What's your take? >> Yeah, strangely, women in the workforce are doing better in China, for example, than in the US, Europe, India, other places. I love living and working in Silicon Valley. We really have a problem. And we need to do more. And it's on the stem side. It's on the investor side. You've seen all of the news coming out about how it's so much harder for a woman entrepreneurs to get funded. There's no reason. There's actually a recent study done saying that women who get funded, their companies do, on average, far better than companies founded by men. So clearly there's some problem going on here and I'm happy that Silicon Valley's finally paying attention. >> Well Anju Manuel, really appreciate you joining us for this segment. I'm Stu Miniman and we will be back with more coverage here from Nutanix .Next in Nice, France. You're watching the Cube.

>> Announcer: theCUBE presents On the Ground. (light electronic music) >> Hello everyone, welcome to this special exclusive On the Ground Cube coverage here at Oracle's Headquarters. I'm John Furier the host of theCUBE, I'm here with my guest, Brad Tewksbury, who's the Senior Director of Business Development for the big data team at Oracle, welcome to On the Ground. >> Thank you, John, good to be here. >> So big day, Brad, you've been in this industry for a long time, you've seen the waves come and go. Certainly at Oracle you've been here for many, many years. >> Yeah. >> Oracle's transforming as as a company and you've been watching it play out. >> Brad: Yeah. >> What is the big thing that's most notable to you that you could illustrate that kind of highlights the Oracle transformation in terms of where it's come from? Obviously the database is the crown jewel, but this big data stuff that you're involved in is really transformative and getting tons of traction. With the Cloud Machine kind of tying in, is this kind of a similar moment for Oracle? Share some thoughts there. >> Yeah I think there's many, if you look at the data management path from going back to client server to where we are today, data has always played a pivotal role, but I would say now every customer is going through this decision making process where they're saying, "Ah-ha data I'm being disrupted by all different companies." Before it was you know, okay I got my data in a database and I do some reporting on it and I can run my business, but it wasn't like I was going to be disrupted by some digital company tomorrow. >> Cause the apps and the databases were kind of tied together. >> They were tied together and things just didn't move as fast as they do today. Now it's in these digital-only companies, they realize that data is their business, right? I think one of the pivotal things that we've been doing some studies with MIT is that 84% of the SMP value of some of these companies comes from companies that have no assets, right? Just data, so like UBER doesn't own any taxis. Airbnb doesn't own any hotels, yet they've got massive valuation, so companies are starting to freak out a little bit and they're starting to say, "Oh my god, I got to leverage my data." So the seminal moment here is saying, "How do I monetize my data?" Before it wasn't this urgency, now there's a sense of like I got to do something with this data, but the predicament they're in is, especially these legacy companies is they've got silos of stuff that's not talking to each other, it's all on different versions and different vendors. >> Well, Oracle's always been in the database business, so you made money by creating software to store data. >> Brad: Right. >> Now it sounds like there's a business model for moving the data around, is that kind of what I'm getting here? So it's not just storing the data software, store the data, it's software to make the data. >> Brad: Yeah. >> Accessible. Yeah, it's three things, I think it's three things. It's ingesting the data, right, from new sources outside of the company, so sensors and social media, right that's one thing. Secondly, it's then managing the data, which we've always done, and then the third thing is analyzing it, so it's that whole continuation and then what's happened here is the management platform is expanded. It's gone from just a relational base to this whole SEQUEL world and this Hadoop world, which we completely support. By no means is this relational a zero-sum game, where it's relational or nothing at all, it's we've expanded the whole data management platform to meet the criteria of whatever the application is and so these are the three data management platforms today, who knows what's going to come tomorrow, we'll support that as well, but the idea is choose the right platform for the application and what's really becoming about is applications, right? And this data management stuff is obviously table stakes, but how do I make my applications dynamic and real-time based on what I have here? >> Four years ago, and CUBE audience will remember, we did theCUBE in Hadoop World, that's called back then before it became Strata Hadoop and O'Reilly and Cloudera Show, but Mike Olson and Ping Lee said, "Oh we have a big data fund," so they thought there was going to be a tsunami of apps, never really happened. Certainly Hadoop didn't become as big as people had thought, but yet Analytics rose up, Analytics became the killer app. >> Brad: Yeah. >> But now we're beyond Analytics. >> Brad: Yeah. >> The use of data for insights, where are the apps coming from now? You had Rocana, here we had Win Disk Scope providing some solutions, where do you guys see the apps coming from? Obviously Oracle has their own set of apps, but outside of Oracle, where are the apps? >> So yeah, it's an interesting phenomena, right? Everyone thought Hadoop is the next great wave and the reality is if you go talk to customers and they're like, "Yeah, I've heard of it, but what do I do with it?" So it's like apps are like what's going to drive this whole stack forward and to that end, the number one thing that people are looking for is 360 view of customers, they all want to know more about customer. I was talking with a customer who represents the equivalent of the Tax Bureau of their county and instead of putting the customer, it's the taxpayer or the customer's at the center and all the different places that you pay taxes, so they want to have one view of you as the taxpayer, so whether you're public entity, private, the number one thing that the apps that people are looking for is show me more about customer. If I'm a bank, a retail, they want to cross-sell that's the number one app. In telcos, they want to know about networking. How do I get this network? I want to understand what's going on here so I can better support my Support Center, but secondary to that we're in this kind of holding pattern. Now what are the next set of apps and so there's a bunch of start-ups here in Silicon Valley that are thinking they have the answer for that and we're partnering with them and opening up a Cloud Marketplace to bring them in and we'll let customers decide who's going to win this. >> Talk about Rocana and their value proposition, they're here talking to us today, what's the deal with Rocana? >> So Rocana is an interesting play, what they have found is that customers, one of the ways they talk about themselves, is they offer a data warehouse to IT. So if I'm the IT guy, I want to go in and have basically a pool of all kinds of log analysis. How's my apps running, do I need to tune the apps? How's the network running, they want a one bucket of how can my operation perform better? So what we've seen from customers is they've come to us and they've said, "okay, what have you got in this new space "of Hadoop that can do that?" Look at log analysis and all kinds of app performances from a Hadoop perspective. They were one of the people, the first persons to answer that, so they're having great success finding out where security breaches are, finding out where network latencies are, better like I said, looking at logs and how things co6uld run better, so that's what they're answering for customers is basically improving IT functions, right, because what's happening is a lot of business people are in charge, right, and they're saying, "I no longer want "to go to IT for everything, I want to be able to just go to basically a data model and do my own analysis of this, "I don't want to have to call IT for everything." So these guys in some way are trying to help that manta. >> Talk about Win Disk Scope, what are they talking about here and how is their relationship with Oracle? They're speaking w6ith us today as well. >> Yeah, so you know, in this big data world what we're seeing a lot of is customers doing a lot of what we call a lab experiment. So they got all this data and they want to do lab experiments, okay great. So then they find this nugget of okay, here's a great data model, we want to do some analysis on this, so let's turn it into a production app. Okay, then what do you do, how do you take it to production? These are the guys that you would call. So they take it into an HA high-availability environment for you and they give you zero data loss, zero down time to do that. One of the things that Oracle's, we're touting is the differentiator in our Cloud is this hybrid approach where you have, you know, you could start out doing test-dev in the Cloud, bring it back on Primm, vice versa, they allow you to do that sync, that link between the Cloud and on Primm. We work today with Cloud Air, we OEM them in our big data appliance, if the customer has Hortonworks, but they also want to work with our stuff, their go-between with that as well. So it's basically they're giving you that production-ready environment that you need in an HA world. >> Brad, thanks for spending some time with us here On the Ground, really appreciate it. >> Yeah. >> I'm John Furier, we're here exclusively On the Ground here at Oracle Headquarters, thanks for watching. (light electronic music)