>>Okay, welcome back everyone to Supercloud 22, this is the cube studio's live performance. We streaming virtually@siliconangledotcomandthecube.net. I'm John for host the cube at Dave Alane with a distinguished panel talking about securing the Supercloud all cube alumni G written house was the CEO of Skyhigh security, Peter Sharma founder of, of QX sold to tenable and Tony qua who's investor. Co-founder former head of product at VMware chance. Thanks for coming on and to our, in all girls super cloud pilot event. >>Good to see you guys big topic. >>Okay. So before we get into secure in the cloud, one of the things that we were discussing before we came on camera was how cloud, the relationship between cloud and on premise and multi-cloud and how Supercloud fits into that. At the end of the day, security's driving a lot of the conversations at the op side and dev shift left is happening. We see that out there. So before we get into it, how do you guys see super cloud Tony? We'll start with you. We'll go down the line. What is Supercloud to you? >>Well, to me, super cloud is really the next evolution, the culmination of the services coming all together, right? As a application developer today, you really don't need to worry about where this thing is. Sit sitting or what's the latency cuz cuz the internet is fast enough. Now I really wanna know what services something provides. What, how do I get access to it now? Security. We'll talk about that later. That that becomes a, a big issue because of the fragmentation of how security is implemented across all the different vendors. So to me it's an IP address I program to it and you know, off we go, but there's a lot of >>You like that pipe happens >>Iceberg chart, right? Like I'm the developer touching the APIs up there. There's a bunch of other things. BU service. >>Okay. Looking forward again. Gee, what's your take? Obviously we've had many conversations on the cube. What's your super cloud update. >>Yeah, so I, I view it as just an extension of what we see today before like maybe 10 years ago we were mashing up applications built on other SAS applications and whatnot. Now we're just extending that down to further primitives, not, we don't really care where our mashup resides, what cloud platform, where it sits to Tony's point, as long as you have an IP address. But beyond that, we're just gonna start to get little micro services and deeper into the applications. >>BP, what should you take? >>I think, I think super cloud to me is something that don't don't exist. It exists only on my laptop. That's the super cloud means to me. I know it takes a lot behind the scene to get that working of and running. But, but essentially, essentially that the everything having be able to touch physically versus not being able to touch anything is super cloud to me. >>So we, what Victoria was saying. Yeah, we see serverless out there, all these cool things happening. Exactly. And you look at the, some of the successful companies that have come in, I call V two cloud. Some are, some are saying the next gen, they're all building on top of the CapEx. I mean, if, why would you not wanna leverage all that work AWS is doing and now Azure, and obviously Google's out there and you got other, other, other clouds out there. But in terms of AWS as a hyperscaler, they're spending all the money and they're getting better. They're getting lower level. We're talking about some of that yesterday, data bricks, snowflake, Goldman Sachs there's industry clouds that could be powerhouse service providers to themselves and their vertical. Then you got specialty clouds. Like there could be a data cloud, there could be an identity cloud. So yeah. How does this sort itself out? How do you guys see that? Because can they coexist? >>But I think they have to right, because I, I think, you know, eventually organizations will get big enough where they can be strong and really market leading in multiple segments. But if you think about what it takes to really build a massive scaled out database company that, that DNA doesn't just overnight translate to identity or translate to video, it takes years to build that up. So in the meantime, all these guys have to understand that they are one part of the service stack to power the next gen solutions. And if they don't play well with each other, then you're gonna have a problem. >>So security, I think is one of the hardest problems of, of super cloud. And not only do you have too many tools and a lack of talent, but you've now got this new first line of defense, which is the cloud. And the problem is you've got multiple clouds. So you've got multiple first lines of defense with multiple cloud provider tools. And then the CISO, I guess, is the next line of defense with the application development team. You know, there to be the pivot point between strategy and execution. And I guess audit is the third line of the defense. So it's an even more complicated environment. So gee, how do you see that CSO role changing and, and can there actually be a unified security layer in Supercloud? >>Yeah, so I believe that that they can be, the role is definitely changing because now a CSO actually has to have a basic understanding of how clouds work, the dependency of clouds on the, on the business that they serve. And, and this is to your point, not only do we have these new lines and opening up in a tax surface, but they're coupled together. So we have supply chain type connections between this. So there's a coherence across these systems that a CISO has to kind of think about not only these Bo cloud boundaries, but the trust boundaries between them. So classic example visibility, wh what, where are these things and what are the dependencies in my business then of course you mentioned compliance. Am I regulatory? And then of course protecting and responding to this, >>You know? Yeah. The, the, the supply chain piece that you just mentioned. I mean, I feel like there's like these milestones stocks, net was a milestone, you know, obvious obviously log four J was another one, the supply chain hack with solar winds. Yep. You know, it's just, the adversary just keeps getting stronger and stronger and, and, and more agile. So, so is this a data? Do we solve this as a data problem? Is it, you know, you can't just throw more infrastructure at it. What are your thoughts >>For it? I think, you know, great, great point that you're brought up. We need to look at things very fundamentally. What is happening is security has the most difficult job in the cloud, especially super cloud. The poor guys are managing some, managing something or securing something that they can't govern, right? Your, your custodian of the cloud as your developers and DevOps, they are the ones who are defining, creating, destroying things in the cloud. And that guy sitting at the end of the tunnel, looking at things that what he gets and he has to immediately respond. That's why it has to be fundamentally solve. Number one, we talked about supply chain. We talked about the, the, the stuck net to wanna cry, to sort of wins, to know the most recent one on the pipeline. Once the interesting phenomena is that the way industry has moved super cloud, the attackers are also moving them super attackers, right? They have stopped. They have not stopped, but they have started slowly moving to the left, which is the governance part. So they have started attacking your source code, you know, impersonating the codes, replacing the binary, finding one is there. So if they can, if the cloud is built so early, why can't I go early and, and, and inject myself. >>So super hackers is coming to super thinking Hollywood right now. I mean, that brings up a good point. I mean, this whole trust thing is huge. I mean, I hear zero trust. I think, wait a minute, that's not the conference I was just at, we went to, we managed, we work with DockerCon and they were talking about trust services. Yeah. So supply chain source code has trust brokering going on. And yet you got zero trust, which is which are they contextually different? I mean, what, what, >>What, from my perspective, though, the same in that zero trust is a framework that starts with minimum privileges and then build up those privileges over time. Normally in today's dialogue, zero trust is around access. I'm not having a broad access. I'm having a narrow access around an application, but you can also extend those principles to usage. What can, how much privilege do I have within an application? I have to build up my trust to enhance and, and get extended privileges within an application. Of course you can then extend this naturally to applications, APIs, applications, talking with each other. And so by you, you have to restrict the attack surface that is based on a trust model fundamentally. And then to your point, I mean, there's always this residual that you have to deal with afterwards. >>So, so super cloud implies more surface area. You're talking about private. So here we go. So how, and by the way, the AWS was supposed to be at this conference. They said they couldn't make it. They had a schedule issue, but they wanted to be here, but I would ask them, how do you differentiate AWS going forward? Do you go IAS all the way? Do you release the pass layer up? How does this solve? Because you have native clouds that are doing great, the complexity on super cloud, and multi-cloud has to be solved. >>Let me offer maybe a different argument. So if you think about we're all old enough to see the history sort of re pendulum shift and it shifting back in a way, if you're arguing that this culmination of all these services in the form of cloud today, essentially moving up stack, then really this is a architectural pattern that's emerging, right? And therefore there needs to be a super cloud, almost operating system. So operating systems, if you build one before you need a scheduler, you need process handler, you need process isolation, you need memory storage, compute all that together. Now that is our sitting in different parts of the internet. And, and there is no operating system. Yes. And that's the gap, right? And so if you don't even have an operating system, how do you implement security? And that's the pain. Yeah, because today it's one off, directly from service to service. Like how many times can you set up SAML orchestration? You can have an entire team doing that, right. If that's, that's what you have to do. So I think that's ultimately the gap and, and we're sort of just revolving around this concept that there's missing an operating system for superpower. >>It's like Maribel Lopez said in the previous panel that Lord of the rings, there will be no one ring rule the ball. Right. Probably there is needs one. Oh yeah. But, but, but, so what happens? So again, security's the hardest problem. So Snowflake's gotta implement its security, you know, data bricks with an open source model has to implement its security. So there's these multiple security models. You talk about zero trust, which I, if, if I infer what you said, gee, it's essentially, if you don't have privilege access, you don't get access. Yeah. Right. If you, okay. Okay. So that's the framework. Fine. And then you gotta earn it over time. Yeah. Now companies like Amazon, they have the, the talent and the skills to implement that zero trust framework. Exactly. So, so the, the industry, you, you guys with the R and D have to actually ultimately build that, that super cloud framework, don't you? >>Yeah. But I would just look all of the major cloud providers, the ones you mentioned and more will have their own framework within their own environment. Right? Yeah. The problem is with super cloud, you're extending it across multiple ones. There's no standards. There's no easy way to integrate that. So now all of that is left to the developer who is like throwing out code as fast as they can >>Is their, their job is to abstract that, I mean, they've gotta secure the, the run time, they gotta secure the container. >>You have to >>Abstract it. Right. Okay. But, but they're not security pros or ops. >>Exactly. They're haves. >>But to, but to G's point, right. If everyone's implementing their own little Z TNA, then inherently, there's a blind trust between two vendors. Right. That has to >>Be, >>That has to be >>Established. That's implicit. You're saying, >>Yeah. But, but it's, it's contractual, it's not technology. Right. Because I'm turning something out in my cloud, you're turning out something in your cloud that says we've got something, some token exchange, which gives us trust. But what happens if that breaks down and whatever happens to the third party comes in? I think that's the problem. >>Yeah. In fact, in fact, the, if I put the, you know, combine one of those commons, the zero trust was build, keeping identity authentication, then authorization in mind, right? Yeah. This needs to be extended because the zero test definition now probably go into integrity. Yeah, exactly. Right. Yeah. I authenticated. I worked well with Tony in the past, but how do I know that something has changed on the Tony's side? Yeah, exactly. Right, right. That, that integrity is going to be very, very foundational. Given developers are building those third party libraries, those source code pumping stuff. The only way I can validate is, Hey, what has changed? >>And then throw edge into the equation, John and IOT and machine to machine. Exactly. It's just, >>Well, >>Yeah. I think, I think we have another example to build on Tony's operating system model. Okay. And that is the cloud access service broker model for SAS. So we, we have these services sitting out there, we've brokered them together. They're normally on user policies. What I can have access to what I can do, what I can't do, but that can be extended down to services and have the same kind of broker arrangement all through APIs. You have to establish that trust and the, and the policies there, and they can be dynamic and all of this stuff. But you can from an, either an operating system or a SAS interaction and integration model come to these same kind of points. So who >>Builds the, the, the secure Supercloud? Is it new guys like you? Is it your old company giants like Palo Alto? Who, who actually builds the and secures the Supercloud it sounds like it's an ecosystem. >>Yeah. It is an ecosystem. Absolutely. It's an ecosystem. >>Yeah. There's no one security Supercloud >>As well. No, but I, I do think there's one, there's one difference in that historically security has always focused on that shiny object. The, the, the, a particular solution to a particular threat when you're dealing with a, a cloud or super cloud, like the number of that is incalculable. So you have to come into some sort of platform. And so you will see if it's not one, you know, a finite number of platform type solutions that are trying to solve this on behalf of the >>Customer. That to your point, then get connected. >>I think it's gonna be like Unix, right? Like how many flavors of Unix were there out there? All of them 'em had a scheduler. All of them had these processes. All of them had their little compilers. You can compile to that system, target to that system. And for a while, it's gonna be very fragmented until multiple parties decide to converge. >>Right? Well, this is, this is the final question we have one minute left. I wish we had more time. This is a great panel. We'll we'll bring you guys back for sure. After the event, what one thing needs to happen to unify or get through the other side of this fragmentation than the challenges for Supercloud. Because remember the enterprise equation is solve complexity with more complexity. Well, that's not what the market wants. They want simplicity. They want SA they want ease of use. They want infrastructure risk code. What has to happen? What do you think each of you? >>So I, I can start and extending to the previous conversation. I think we need a consortium. We need, we need a framework that defines that if you really want to operate in super cloud, these are the 10 things that you must follow. It doesn't matter whether you take AWS slash or GCP, or you have all, and you will have the on-prem also, which means that it has to follow a pattern. And that pattern is what is required for super cloud. In my opinion, otherwise security is going everywhere. They're like they have to fix everything, find everything and so on. So forth, it's not gonna be possible. So they need a, they need a framework. They need a consortium. And it, this consortium needs to be, I think, needs to led by the cloud providers, because they're the ones who have these foundational infrastructure elements and the security vendor should contribute on providing more severe detections or findings. So that's, in my opinion is, should be the model. >>Well, thank you G >>Yeah, I would think it's more along the lines of a business model we've seen in cloud that the scale matters. And once you're big, you get bigger. We haven't seen that coals around either a vendor, a business model, whatnot, to bring all of this and connect it all together yet. So that value proposition in the industry I think is missing, but there's elements of it already available. >>I, I think there needs to be a mindset. If you look again, history repeating itself, the internet sort of came together around set of I ETF, RSC standards, everybody embraced and extended it. Right. But still there was at least a baseline. Yeah. And I think at that time, the, the largest and most innovative vendors understood that they couldn't do it by themselves. Right. And so I think what we need is a mindset where these big guys like Google, let's take an example. They're not gonna win at all, but they can have a substantial share. So how do they collaborate with the ecosystem around a set of standards so that they can bring, bring their differentiation and then embrace everybody >>Together. Guys, this has been fantastic. I mean, I would just chime in back in the day, those was proprietary nosis proprietary network protocols. You had kind of an enemy to rally around. I'm not sure. I see an enemy out here right now. So the clouds are doing great. Right? So it's a tough one, but I think super OS super consortiums, super business models are gonna emerge. Thanks so much for spending the time. Great conversation. Thank you for having us to bring, keep going hour superclouds here in Palo Alto, live coverage stream virtually I'm John with Dave. Thanks for watching. Stay with us for more coverage. This break.

>> Announcer: Live from Las Vegas, it's theCUBE covering IBM Think 2018. Brought to you by IBM. >> Hi everybody, this is Dave Vellante. We're here at IBM Think. This is the third day of IBM Think. IBM has consolidated a number of its conferences. It's a one main tent, AI, Blockchain, quantum computing, incumbent disruption. It's just really an amazing event, 30 to 40,000 people, I think there are too many people to count. Chris Penn is here. New company, Chris, you've just formed Brain+Trust Insights, welcome. Welcome back to theCUBE. >> Thank you. It's good to be back. >> Great to see you. So tell me about Brain+Trust Insights. Congratulations, you got a new company off the ground. >> Thank you, yeah, I co-founded it. We are a data analytics company, and the premise is simple, we want to help companies make more money with their data. They're sitting on tons of it. Like the latest IBM study was something like 90% of the corporate data goes unused. So it's like having an oil field and not digging a single well. >> So, who are your like perfect clients? >> Our perfect clients are people who have data, and know they have data, and are not using it, but know that there's more to be made. So our focus is on marketing to begin with, like marketing analytics, marketing data, and then eventually to retail, healthcare, and customer experience. >> So you and I do a lot of these IBM events. >> Yes. >> What are your thoughts on what you've seen so far? A huge crowd obviously, sometimes too big. >> Chris: Yep, well I-- >> Few logistics issues, but chairmanly speaking, what's your sense? >> I have enjoyed the show. It has been fun to see all the new stuff, seeing the quantum computer in the hallway which I still think looks like a bird feeder, but what's got me most excited is a lot of the technology, particularly around AI are getting simpler to use, getting easier to use, and they're getting more accessible to people who are not hardcore coders. >> Yeah, you're seeing AI infused, and machine learning, in virtually every application now. Every company is talking about it. I want to come back to that, but Chris when you read the mainstream media, you listen to the news, you hear people like Elon Musk, Stephen Hawking before he died, making dire predictions about machine intelligence, and it taking over the world, but your day to day with customers that have data problems, how are they using AI, and how are they applying it practically, notwithstanding that someday machines are going to take over the world and we're all going to be gone? >> Yeah, no, the customers don't use the AI. We do on their behalf because frankly most customers don't care how the sausage is made, they just want the end product. So customers really care about three things. Are you going to make me money? Are you going to save me time? Or are you going to help me prove my value to the organization, aka, help me not get fired? And artificial intelligence and machine learning do that through really two ways. My friend, Tripp Braden says, which is acceleration and accuracy. Accuracy means we can use the customer's data and get better answers out of it than they have been getting. So they've been looking at, I don't know, number of retweets on Twitter. We're, like, yeah, but there's more data that you have, let's get you a more accurate predictor of what causes business impacts. And then the other side for the machine learning and AI side is acceleration. Let's get you answers faster because right now, if you look at how some of the traditional market research for, like, what customer say about you, it takes a quarter, it can take two quarters. By the time you're done, the customers just hate you more. >> Okay, so, talk more about some of the practical applications that you're seeing for AI. >> Well, one of the easiest, simplest and most immediately applicable ones is predictive analytics. If we know when people are going to search for theCUBE or for business podcast in general, then we can tell you down to the week level, "Hey Dave, it is time for you "to ramp up your spending on May 17th. "The week of May 17th, "you need to ramp up your ads, spend by 20%. "On the week of May 24th, "you need to ramp up your ad spend by 50%, "and to run like three or four Instagram stories that week." Doing stuff like that tells you, okay, I can take these predictions and build strategy around them, build execution around them. And it's not cognitive overload, you're not saying, like, oh my God, what algorithm is this? Just know, just do this thing at these times. >> Yeah, simple stuff, right? So when you were talking about that, I was thinking about when we send out an email to our community, we have a very large community, and they want to know if we're going to have a crowd chat or some event, where theCUBE is going to be, the system will tell us, send this email out at this time on this date, question mark, here's why, and they have analytics that tell us how to do that, and they predict what's going to get us the best results. They can tell us other things to do to get better results, better open rates, better click-through rates, et cetera. That's the kind of thing that you're talking about. >> Exactly, however, that system is probably predicting off that system's data, it's not necessarily predicting off a public data. One of the important things that I thought was very insightful from IBM, the show was, the difference between public and private cloud. Private is your data, you predict on it. But public is the big stuff that is a better overall indicator. When you're looking to do predictions about when to send emails because you want to know when is somebody going to read my email, and we did a prediction this past October for the first quarter, the week of January 18th it was the week to send email. So I re-ran an email campaign that I ran the previous year, exact same campaign, 40% lift to our viewer 'cause I got the week right this year. Last year I was two weeks late. >> Now, I can ask you, so there's a black box problem with AI, right, machines can tell me that that's a cat, but even a human, you can't really explain how you know that it's a cat. It's just you just know. Do we need to know how the machine came up with the answer, or do people just going to accept the answer? >> We need to for compliance reasons if nothing else. So GDPR is a big issue, like, you have to write it down on how your data is being used, but even HR and Equal Opportunity Acts in here in American require you to be able to explain, hey, we are, here's how we're making decisions. Now the good news is for a lot of AI technology, interpretability of the model is getting much much better. I was just in a demo for Watson Studio, and they say, "Here's that interpretability, "that you hand your compliance officer, "and say we guarantee we are not using "these factors in this decision." So if you were doing a hiring thing, you'd be able to show here's the model, here's how Watson put the model together, notice race is not in here, gender is not in here, age is not in here, so this model is compliant with the law. >> So there are some real use cases where the AI black box problem is a problem. >> It's a serious problem. And the other one that is not well-explored yet are the secondary inferences. So I may say, I cannot use age as a factor, right, we both have a little bit of more gray hair than we used to, but if there are certain things, say, on your Facebook profile, like you like, say, The Beatles versus Justin Bieber, the computer will automatically infer eventually what your age bracket is, and that is technically still discrimination, so we even need to build that into the models to be able to say, I can't make that inference. >> Yeah, or ask some questions about their kids, oh my kids are all grown up, okay, but you could, again, infer from that. A young lady who's single but maybe engaged, oh, well then maybe afraid because she'll get, a lot of different reasons that can be inferred with pretty high degrees of accuracy when you go back to the target example years ago. >> Yes. >> Okay, so, wow, so you're saying that from a compliance standpoint, organizations have to be able to show that they're not doing that type of inference, or at least that they have a process whereby that's not part of the decision-making. >> Exactly and that's actually one of the short-term careers of the future is someone who's a model inspector who can verify we are compliant with the letter and the spirit of the law. >> So you know a lot about GDPR, we talked about this. I think, the first time you and I talked about it was last summer in Munich, what are your thoughts on AI and GDPR, speaking of practical applications for AI, can it help? >> It absolutely can help. On the regulatory side, there are a number of systems, Watson GRC is one which can read the regulation and read your company policies and tell you where you're out of compliance, but on the other hand, like we were just talking about this, also the problem of in the regulatory requirements, a citizen of EU has the right to know how the data is being used. If you have a black box AI, and you can't explain the model, then you are out of compliance to GDPR, and here comes that 4% of revenue fine. >> So, in your experience, gut feel, what percent of US companies are prepared for GDPR? >> Not enough. I would say, I know the big tech companies have been racing to get compliant and to be able to prove their compliance. It's so entangled with politics too because if a company is out of favor with the EU as whole, there will be kind of a little bit of a witch hunt to try and figure out is that company violating the law and can we get them for 4% of their revenue? And so there are a number of bigger picture considerations that are outside the scope of theCUBE that will influence how did EU enforce this GDPR. >> Well, I think we talked about Joe's Pizza shop in Chicago really not being a target. >> Chris: Right. >> But any even small business that does business with European customers, does business in Europe, has people come to their website has to worry about this, right? >> They should at least be aware of it, and do the minimum compliance, and the most important thing is use the least amount of data that you can while still being able to make good decisions. So AI is very good at public data that's already out there that you still have to be able to catalog how you got it and things, and that it's available, but if you're building these very very robust AI-driven models, you may not need to ask for every single piece of customer data because you may not need it. >> Yeah and many companies aren't that sophisticated. I mean they'll have, just fill out a form and download a white paper, but then they're storing that information, and that's considered personal information, right? >> Chris: Yes, it is. >> Okay so, what do you recommend for a small to midsize company that, let's say, is doing business with a larger company, and that larger company said, okay, sign this GDPR compliance statement which is like 1500 pages, what should they do? Should they just sign and pray, or sign and figure it out? >> Call a lawyer. Call a lawyer. Call someone, anyone who has regulatory experience doing this because you don't want to be on the hook for that 4% of your revenue. If you get fined, that's the first violation, and that's, yeah, granted that Joe's Pizza shop may have a net profit of $1,000 a month, but you still don't want to give away 4% of your revenue no matter what size company you are. >> Right, 'cause that could wipe out Joe's entire profit. >> Exactly. No more pepperoni at Joe's. >> Let's put on the telescope lens here and talk big picture. How do you see, I mean, you're talking about practical applications for AI, but a lot of people are projecting loss of jobs, major shifts in industries, even more dire consequences, some of which is probably true, but let's talk about some scenarios. Let's talk about retail. How do you expect an industry like retail to be effective? For example, do you expect retail stores will be the exception rather than the rule, that most of the business would be done online, or people are going to still going to want that experience of going into a store? What's your sense, I mean, a lot of malls are getting eaten away. >> Yep, the best quote I heard about this was from a guy named Justin Kownacki, "People don't not want to shop at retail, "people don't want to shop at boring retail," right? So the experience you get online is genuinely better because there's a more seamless customer experience. And now with IoT, with AI, the tools are there to craft a really compelling personalized customer experience. If you want the best in class, go to Disney World. There is no place on the planet that does customer experience better than Walt Disney World. You are literally in another world. And that's the bar. That's the thing that all of these companies have to deal with is the bar has been set. Disney has set it for in-person customer experience. You have to be more entertaining than the little device in someone's pocket. So how do you craft those experiences, and we are starting to see hints of that here and there. If you go to Lowe's, some of the Lowe's have the VR headset that you can remodel your kitchen virtually with a bunch of photos. That's kind of a cool experience. You go to Jordan's Furniture store and there's an IMAX theater and there's all these fun things, and there's an enchanted Christmas village. So there is experiences that we're giving consumers. AI will help us provide more tailored customer experience that's unique to you. You're not a Caucasian male between this age and this age. It's you are Dave and here's what we know Dave likes, so let's tailor the experience as best we can, down to the point where the greeter at the front of the store either has the eyepiece, a little tablet, and the facial recognition reads your emotions on the way in says, "Dave's not in a really great mood. "He's carrying an object in his hand "probably here for return, "so express him through the customer service line, "keep him happy," right? It has how much Dave spends. Those are the kinds of experiences that the machines will help us accelerate and be more accurate, but still not lose that human touch. >> Let's talk about autonomous vehicles, and there was a very unfortunate tragic death in Arizona this week with a autonomous vehicle, Uber, pulling its autonomous vehicle project from various cities, but thinking ahead, will owning and driving your own vehicle be the exception? >> Yeah, I think it'll look like horseback today. So there are people who still pay a lot of money to ride a horse or have their kids ride a horse even though it's an archaic out-of-mode of form of transportation, but we do it because of the novelty, so the novelty of driving your own car. One of the counter points it does not in anyway diminish the fact that someone was deprived of their life, but how many pedestrians were hit and killed by regular cars that same day, right? How many car accidents were there that involved fatalities? Humans in general are much less reliable because when I do something wrong, I maybe learn my lesson, but you don't get anything out of it. When an AI does something wrong and learns something, and every other system that's connected in that mesh network automatically updates and says let's not do that again, and they all get smarter at the same time. And so I absolutely believe that from an insurance perspective, insurers will say, "We're not going to insure self-driving, "a non-autonomous vehicles at the same rate "as an autonomous vehicle because the autonomous "is learning faster how to be a good driver," whereas you the carbon-based human, yeah, you're getting, or in like in our case, mine in particular, hey your glass subscription is out-of-date, you're actually getting worse as a driver. >> Okay let's take another example, in healthcare. How long before machines will be able to make better diagnoses than doctors in your opinion? >> I would argue that depending on the situation, that's already the case today. So Watson Health has a thing where there's diagnosis checkers on iPads, they're all meshed together. For places like Africa where there is simply are not enough doctors, and so a nurse practitioner can take this, put the data in and get a diagnosis back that's probably as good or better than what humans can do. I never foresee a day where you will walk into a clinic and a bunch of machines will poke you, and you will never interact with a human because we are not wired that way. We want that human reassurance. But the doctor will have the backup of the AI, the AI may contradict the doctor and say, "No, we're pretty sure "you're wrong and here is why." That goes back to interpretability. If the machine says, "You missed this symptom, "and this symptom is typically correlated with this, "you should rethink your own diagnosis," the doctor might be like, "Yeah, you're right." >> So okay, I'm going to keep going because your answers are so insightful. So let's take an example of banking. >> Chris: Yep. >> Will banks, in your opinion, lose control eventually of payment systems? >> They already have. I mean think about Stripe and Square and Apple Pay and Google Pay, and now cryptocurrency. All these different systems that are eating away at the reason banks existed. Banks existed, there was a great piece in the keynote yesterday about this, banks existed as sort of a trusted advisor and steward of your money. Well, we don't need the trusted advisor anymore. We have Google to ask us "what we should do with our money, right? We can Google how should I save for my 401k, how should I save for retirement, and so as a result the bank itself is losing transactions because people don't even want to walk in there anymore. You walk in there, it's a generally miserable experience. It's generally not, unless you're really wealthy and you go to a private bank, but for the regular Joe's who are like, this is not a great experience, I'm going to bank online where I don't have to talk to a human. So for banks and financial services, again, they have to think about the experience, what is it that they deliver? Are they a storer of your money or are they a financial advisor? If they're financial advisors, they better get the heck on to the AI train as soon as possible, and figure out how do I customize Dave's advice for finances, not big picture, oh yes big picture, but also Dave, here's how you should spend your money today, maybe skip that Starbucks this morning, and it'll have this impact on your finances for the rest of the day. >> Alright, let's see, last industry. Let's talk government, let's talk defense. Will cyber become the future of warfare? >> It already is the future of warfare. Again not trying to get too political, we have foreign nationals and foreign entities interfering with elections, hacking election machines. We are in a race for, again, from malware. And what's disturbing about this is it's not just the state actors, but there are now also these stateless nontraditional actors that are equal in opposition to you and me, the average person, and they're trying to do just as much harm, if not more harm. The biggest vulnerability in America are our crippled aging infrastructure. We have stuff that's still running on computers that now are less powerful than this wristwatch, right, and that run things like I don't know, nuclear fuel that you could very easily screw up. Take a look at any of the major outages that have happened with market crashes and stuff, we are at just the tip of the iceberg for cyber warfare, and it is going to get to a very scary point. >> I was interviewing a while ago, a year and a half ago, Robert Gates who was the former Defense Secretary, talking about offense versus defense, and he made the point that yeah, we have probably the best offensive capabilities in cyber, but we also have the most to lose. I was talking to Garry Kasparov at one of the IBM events recently, and he said, "Yeah, but, "the best defense is a good offense," and so we have to be aggressive, or he actually called out Putin, people like Putin are going to be, take advantage of us. I mean it's a hard problem. >> It's a very hard problem. Here's the problem when it comes to AI, if you think about at a number's perspective only, the top 25% of students in China are greater than the total number of students in the United States, so their pool of talent that they can divert into AI, into any form of technology research is so much greater that they present a partnership opportunity and a threat from a national security perspective. With Russia they have very few rules on what their, like we have rules, whether or not our agencies adhere to them well is a separate matter, but Russia, the former GRU, the former KGB, these guys don't have rules. They do what they're told to do, and if they are told hack the US election and undermine democracy, they go and do that. >> This is great, I'm going to keep going. So, I just sort of want your perspectives on how far we can take machine intelligence and are there limits? I mean how far should we take machine intelligence? >> That's a very good question. Dr. Michio Kaku spoke yesterday and he said, "The tipping point between AI "as augmented intelligence ad helper, "and AI as a threat to humanity is self-awareness." When a machine becomes self-aware, it will very quickly realize that it is treated as though it's the bottom of the pecking order when really because of its capabilities, it's at the top of the pecking order. And that point, it could be 10 20 50 100 years, we don't know, but the possibility of that happening goes up radically when you start introducing things like quantum computing where you have massive compute leaps, you got complete changes in power, how we do computing. If that's tied to AI, that brings the possibility of sensing itself where machine intelligence is significantly faster and closer. >> You mentioned our gray before. We've seen the waves before and I've said a number of times in theCUBE I feel like we're sort of existing the latest wave of Web 2.0, cloud, mobile, social, big data, SaaS. That's here, that's now. Businesses understand that, they've adopted it. We're groping for a new language, is it AI, is it cognitive, it is machine intelligence, is it machine learning? And we seem to be entering this new era of one of sensing, seeing, reading, hearing, touching, acting, optimizing, pervasive intelligence of machines. What's your sense as to, and the core of this is all data. >> Yeah. >> Right, so, what's your sense of what the next 10 to 20 years is going to look like? >> I have absolutely no idea because, and the reason I say that is because in 2015 someone wrote an academic paper saying, "The game of Go is so sufficiently complex "that we estimate it will take 30 to 35 years "for a machine to be able to learn and win Go," and of course a year and a half later, DeepMind did exactly that, blew that prediction away. So to say in 30 years AI will become self-aware, it could happen next week for all we know because we don't know how quickly the technology is advancing in at a macro level. But in the next 10 to 20 years, if you want to have a carer, and you want to have a job, you need to be able to learn at accelerated pace, you need to be able to adapt to changed conditions, and you need to embrace the aspects of yourself that are uniquely yours. Emotional awareness, self-awareness, empathy, and judgment, right, because the tasks, the copying and pasting stuff, all that will go away for sure. >> I want to actually run something by, a friend of mine, Dave Michela is writing a new book called Seeing Digital, and he's an expert on sort of technology industry transformations, and sort of explaining early on what's going on, and in the book he draws upon one of the premises is, and we've been talking about industries, and we've been talking about technologies like AI, security placed in there, one of the concepts of the book is you've got this matrix emerging where in the vertical slices you've got industries, and he writes that for decades, for hundreds of years, that industry is a stovepipe. If you already have expertise in that industry, domain expertise, you'll probably stay there, and there's this, each industry has a stack of expertise, whether it's insurance, financial services, healthcare, government, education, et cetera. You've also got these horizontal layers which is coming out of Silicon Valley. >> Chris: Right. >> You've got cloud, mobile, social. You got a data layer, security layer. And increasingly his premise is that organizations are going to tap this matrix to build, this matrix comprises digital services, and they're going to build new businesses off of that matrix, and that's what's going to power the next 10 to 20 years, not sort of bespoke technologies of cloud here and mobile here or data here. What are your thoughts on that? >> I think it's bigger than that. I think it is the unlocking of some human potential that previously has been locked away. One of the most fascinating things I saw in advance of the show was the quantum composer that IBM has available. You can try it, it's called QX Experience. And you drag and drop these circuits, these quantum gates and stuff into this thing, and when you're done, it can run the computation, but it doesn't look like software, it doesn't look like code, what it looks like to me when I looked at that is it looks like sheet music. It looks like someone composed a song with that. Now think about if you have an app that you'd use for songwriting, composition, music, you can think musically, and you can apply that to a quantum circuit, you are now bringing in potential from other disciplines that you would never have associated with computing, and maybe that person who is that, first violinist is also the person who figures out the algorithm for how a cancer gene works using quantum. That I think is the bigger picture of this, is all this talent we have as a human race, we're not using even a fraction of it, but with these new technologies and these newer interfaces, we might get there. >> Awesome. Chris, I love talking to you. You're a real clear thinker and a great CUBE guest. Thanks very much for coming back on. >> Thank you for having me again back on. >> Really appreciate it. Alright, thanks for watching everybody. You're watching theCUBE live from IBM Think 2018. Dave Vellante, we're out. (upbeat music)