(upbeat music) >> Hello and welcome to theCUBE's presentation of the AWS Startup Showcase. This is season two, episode four of the ongoing series covering the exciting hot startups from the AWS ecosystem. Here we're talking about cybersecurity in this episode. I'm your host, John Furrier here we're excited to have CUBE alumni who's back Snehal Antani who's the CEO and co-founder of Horizon3.ai talking about exploitable weaknesses and vulnerabilities with autonomous pen testing. Snehal, it's great to see you. Thanks for coming back. >> Likewise, John. I think it's been about five years since you and I were on the stage together. And I've missed it, but I'm glad to see you again. >> Well, before we get into the showcase about your new startup, that's extremely successful, amazing margins, great product. You have a unique journey. We talked about this prior to you doing the journey, but you have a great story. You left the startup world to go into the startup, like world of self defense, public defense, NSA. What group did you go to in the public sector became a private partner. >> My background, I'm a software engineer by education and trade. I started my career at IBM. I was a CIO at GE Capital, and I think we met once when I was there and I became the CTO of Splunk. And we spent a lot of time together when I was at Splunk. And at the end of 2017, I decided to take a break from industry and really kind of solve problems that I cared deeply about and solve problems that mattered. So I left industry and joined the US Special Operations Community and spent about four years in US Special Operations, where I grew more personally and professionally than in anything I'd ever done in my career. And exited that time, met my co-founder in special ops. And then as he retired from the air force, we started Horizon3. >> So there's really, I want to bring that up one, 'cause it's fascinating that not a lot of people in Silicon Valley and tech would do that. So thanks for the service. And I know everyone who's out there in the public sector knows that this is a really important time for the tactical edge in our military, a lot of things going on around the world. So thanks for the service and a great journey. But there's a storyline with the company you're running now that you started. I know you get the jacket on there. I noticed get a little military vibe to it. Cybersecurity, I mean, every company's on their own now. They have to build their own militia. There is no government supporting companies anymore. There's no militia. No one's on the shores of our country defending the citizens and the companies, they got to offend for themselves. So every company has to have their own military. >> In many ways, you don't see anti-aircraft rocket launchers on top of the JP Morgan building in New York City because they rely on the government for air defense. But in cyber it's very different. Every company is on their own to defend for themselves. And what's interesting is this blend. If you look at the Ukraine, Russia war, as an example, a thousand companies have decided to withdraw from the Russian economy and those thousand companies we should expect to be in the ire of the Russian government and their proxies at some point. And so it's not just those companies, but their suppliers, their distributors. And it's no longer about cyber attack for extortion through ransomware, but rather cyber attack for punishment and retaliation for leaving. Those companies are on their own to defend themselves. There's no government that is dedicated to supporting them. So yeah, the reality is that cybersecurity, it's the burden of the organization. And also your attack surface has expanded to not just be your footprint, but if an adversary wants to punish you for leaving their economy, they can get, if you're in agriculture, they could disrupt your ability to farm or they could get all your fruit to spoil at the border 'cause they disrupted your distributors and so on. So I think the entire world is going to change over the next 18 to 24 months. And I think this idea of cybersecurity is going to become truly a national problem and a problem that breaks down any corporate barriers that we see in previously. >> What are some of the things that inspired you to start this company? And I loved your approach of thinking about the customer, your customer, as defending themselves in context to threats, really leaning into it, being ready and able to defend. Horizon3 has a lot of that kind of military thinking for the good of the company. What's the motivation? Why this company? Why now? What's the value proposition? >> So there's two parts to why the company and why now. The first part was what my observation, when I left industry realm or my military background is watching "Jack Ryan" and "Tropic Thunder" and I didn't come from the military world. And so when I entered the special operations community, step one was to keep my mouth shut, learn, listen, and really observe and understand what made that community so impressive. And obviously the people and it's not about them being fast runners or great shooters or awesome swimmers, but rather there are learn-it-alls that can solve any problem as a team under pressure, which is the exact culture you want to have in any startup, early stage companies are learn-it-alls that can solve any problem under pressure as a team. So I had this immediate advantage when we started Horizon3, where a third of Horizon3 employees came from that special operations community. So one is this awesome talent. But the second part that, I remember this quote from a special operations commander that said we use live rounds in training because if we used fake rounds or rubber bullets, everyone would act like metal of honor winners. And the whole idea there is you train like you fight, you build that muscle memory for crisis and response and so on upfront. So when you're in the thick of it, you already know how to react. And this aligns to a pain I had in industry. I had no idea I was secure until the bad guy showed up. I had no idea if I was fixing the right vulnerabilities, logging the right data in Splunk, or if my CrowdStrike EDR platform was configured correctly, I had to wait for the bad guys to show up. I didn't know if my people knew how to respond to an incident. So what I wanted to do was proactively verify my security posture, proactively harden my systems. I needed to do that by continuously pen testing myself or continuously testing my security posture. And there just wasn't any way to do that where an IT admin or a network engineer could in three clicks have the power of a 20 year pen testing expert. And that was really what we set out to do, not build a autonomous pen testing platform for security people, build it so that anybody can quickly test their security posture and then use the output to fix problems that truly matter. >> So the value preposition, if I get this right is, there's a lot of companies out there doing pen tests. And I know I hate pen tests. They're like, cause you do DevOps, it changes you got to do another pen test. So it makes sense to do autonomous pen testing. So congratulations on seeing that that's obvious to that, but a lot of other have consulting tied to it. Which seems like you need to train someone and you guys taking a different approach. >> Yeah, we actually, as a company have zero consulting, zero professional services. And the whole idea is that build a true software as a service offering where an intern, in fact, we've got a video of a nine year old that in three clicks can run pen tests against themselves. And because of that, you can wire pen tests into your DevOps tool chain. You can run multiple pen tests today. In fact, I've got customers running 40, 50 pen tests a month against their organization. And that what that does is completely lowers the barrier of entry for being able to verify your posture. If you have consulting on average, when I was a CIO, it was at least a three month lead time to schedule consultants to show up and then they'd show up, they'd embarrass the security team, they'd make everyone look bad, 'cause they're going to get in, leave behind a report. And that report was almost identical to what they found last year because the older that report, the one the date itself gets stale, the context changes and so on. And then eventually you just don't even bother fixing it. Or if you fix a problem, you don't have the skills to verify that has been fixed. So I think that consulting led model was acceptable when you viewed security as a compliance checkbox, where once a year was sufficient to meet your like PCI requirements. But if you're really operating with a wartime mindset and you actually need to harden and secure your environment, you've got to be running pen test regularly against your organization from different perspectives, inside, outside, from the cloud, from work, from home environments and everything in between. >> So for the CISOs out there, for the CSOs and the CXOs, what's the pitch to them because I see your jacket that says Horizon3 AI, trust but verify. But this trust is, but is canceled out, just as verify. What's the product that you guys are offering the service. Describe what it is and why they should look at it. >> Yeah, sure. So one, when I back when I was the CIO, don't tell me we're secure in PowerPoint. Show me we're secure right now. Show me we're secure again tomorrow. And then show me we're secure again next week because my environment is constantly changing and the adversary always has a vote and they're always evolving. And this whole idea of show me we're secure. Don't trust that your security tools are working, verify that they can detect and respond and stifle an attack and then verify tomorrow, verify next week. That's the big mind shift. Now what we do is-- >> John: How do they respond to that by the way? Like they don't believe you at first or what's the story. >> I think, there's actually a very bifurcated response. There are still a decent chunk of CIOs and CSOs that have a security is a compliance checkbox mindset. So my attitude with them is I'm not going to convince you. You believe it's a checkbox. I'll just wait for you to get breached and sell to your replacement, 'cause you'll get fired. And in the meantime, I spend all my energy with those that actually care about proactively securing and hardening their environments. >> That's true. People do get fired. Can you give an example of what you're saying about this environment being ready, proving that you're secure today, tomorrow and a few weeks out. Give me an example. >> Of, yeah, I'll give you actually a customer example. There was a healthcare organization and they had about 5,000 hosts in their environment and they did everything right. They had Fortinet as their EDR platform. They had user behavior analytics in place that they had purchased and tuned. And when they ran a pen test self-service, our product node zero immediately started to discover every host on the network. It then fingerprinted all those hosts and found it was able to get code execution on three machines. So it got code execution, dumped credentials, laterally maneuvered, and became a domain administrator, which in IT, if an attacker becomes a domain admin, they've got keys to the kingdom. So at first the question was, how did the node zero pen test become domain admin? How'd they get code execution, Fortinet should have detected and stopped it. Well, it turned out Fortinet was misconfigured on three boxes out of 5,000. And these guys had no idea and it's just automation that went wrong and so on. And now they would've only known they had misconfigured their EDR platform on three hosts if the attacker had showed up. The second question though was, why didn't they catch the lateral movement? Which all their marketing brochures say they're supposed to catch. And it turned out that that customer purchased the wrong Fortinet modules. One again, they had no idea. They thought they were doing the right thing. So don't trust just installing your tools is good enough. You've got to exercise and verify them. We've got tons of stories from patches that didn't actually apply to being able to find the AWS admin credentials on a local file system. And then using that to log in and take over the cloud. In fact, I gave this talk at Black Hat on war stories from running 10,000 pen tests. And that's just the reality is, you don't know that these tools and processes are working for you until the bad guys have shown. >> The velocities there. You can accelerate through logs, you know from the days you've been there. This is now the threat. Being, I won't say lazy, but just not careful or just not thinking. >> Well, I'll do an example. We have a lot of customers that are Horizon3 customers and Splunk customers. And what you'll see their behavior is, is they'll have Horizon3 up on one screen. And every single attacker command executed with its timestamp is up on that screen. And then look at Splunk and say, hey, we were able to dump vCenter credentials from VMware products at this time on this host, what did Splunk see or what didn't they see? Why were no logs generated? And it turns out that they had some logging blind spots. So what they'll actually do is run us to almost like stimulate the defensive tools and then see what did the tools catch? What did they miss? What are those blind spots and how do they fix it. >> So your price called node zero. You mentioned that. Is that specifically a suite, a tool, a platform. How do people consume and engage with you guys? >> So the way that we work, the whole product is designed to be self-service. So once again, while we have a sales team, the whole intent is you don't need to have to talk to a sales rep to start using the product, you can log in right now, go to Horizon3.ai, you can run a trial log in with your Google ID, your LinkedIn ID, start running pen test against your home or against your network against this organization right now, without talking to anybody. The whole idea is self-service, run a pen test in three clicks and give you the power of that 20 year pen testing expert. And then what'll happen is node zero will execute and then it'll provide to you a full report of here are all of the different paths or attack paths or sequences where we are able to become an admin in your environment. And then for every attack path, here is the path or the kill chain, the proof of exploitation for every step along the way. Here's exactly what you've got to do to fix it. And then once you've fixed it, here's how you verify that you've truly fixed the problem. And this whole aha moment is run us to find problems. You fix them, rerun us to verify that the problem has been fixed. >> Talk about the company, how many people do you have and get some stats? >> Yeah, so we started writing code in January of 2020, right before the pandemic hit. And then about 10 months later at the end of 2020, we launched the first version of the product. We've been in the market for now about two and a half years total from start of the company till present. We've got 130 employees. We've got more customers than we do employees, which is really cool. And instead our customers shift from running one pen test a year to 40, 50 pen test. >> John: And it's full SaaS. >> The whole product is full SaaS. So no consulting, no pro serve. You run as often as you-- >> Who's downloading, who's buying the product. >> What's amazing is, we have customers in almost every section or sector now. So we're not overly rotated towards like healthcare or financial services. We've got state and local education or K through 12 education, state and local government, a number of healthcare companies, financial services, manufacturing. We've got organizations that large enterprises. >> John: Security's diverse. >> It's very diverse. >> I mean, ransomware must be a big driver. I mean, is that something that you're seeing a lot. >> It is. And the thing about ransomware is, if you peel back the outcome of ransomware, which is extortion, at the end of the day, what ransomware organizations or criminals or APTs will do is they'll find out who all your employees are online. They will then figure out if you've got 7,000 employees, all it takes is one of them to have a bad password. And then attackers are going to credential spray to find that one person with a bad password or whose Netflix password that's on the dark web is also their same password to log in here, 'cause most people reuse. And then from there they're going to most likely in your organization, the domain user, when you log in, like you probably have local admin on your laptop. If you're a windows machine and I've got local admin on your laptop, I'm going to be able to dump credentials, get the admin credentials and then start to laterally maneuver. Attackers don't have to hack in using zero days like you see in the movies, often they're logging in with valid user IDs and passwords that they've found and collected from somewhere else. And then they make that, they maneuver by making a low plus a low equal a high. And the other thing in financial services, we spend all of our time fixing critical vulnerabilities, attackers know that. So they've adapted to finding ways to chain together, low priority vulnerabilities and misconfigurations and dangerous defaults to become admin. So while we've over rotated towards just fixing the highs and the criticals attackers have adapted. And once again they have a vote, they're always evolving their tactics. >> And how do you prevent that from happening? >> So we actually apply those same tactics. Rarely do we actually need a CVE to compromise your environment. We will harvest credentials, just like an attacker. We will find misconfigurations and dangerous defaults, just like an attacker. We will combine those together. We'll make use of exploitable vulnerabilities as appropriate and use that to compromise your environment. So the tactics that, in many ways we've built a digital weapon and the tactics we apply are the exact same tactics that are applied by the adversary. >> So you guys basically simulate hacking. >> We actually do the hacking. Simulate means there's a fakeness to it. >> So you guys do hack. >> We actually compromise. >> Like sneakers the movie, those sneakers movie for the old folks like me. >> And in fact that was my inspiration. I've had this idea for over a decade now, which is I want to be able to look at anything that laptop, this Wi-Fi network, gear in hospital or a truck driving by and know, I can figure out how to gain initial access, rip that environment apart and be able to opponent. >> Okay, Chuck, he's not allowed in the studio anymore. (laughs) No, seriously. Some people are exposed. I mean, some companies don't have anything. But there's always passwords or so most people have that argument. Well, there's nothing to protect here. Not a lot of sensitive data. How do you respond to that? Do you see that being kind of putting the head in the sand or? >> Yeah, it's actually, it's less, there's not sensitive data, but more we've installed or applied multifactor authentication, attackers can't get in now. Well MFA only applies or does not apply to lower level protocols. So I can find a user ID password, log in through SMB, which isn't protected by multifactor authentication and still upon your environment. So unfortunately I think as a security industry, we've become very good at giving a false sense of security to organizations. >> John: Compliance drives that behavior. >> Compliance drives that. And what we need. Back to don't tell me we're secure, show me, we've got to, I think, change that to a trust but verify, but get rid of the trust piece of it, just to verify. >> Okay, we got a lot of CISOs and CSOs watching this showcase, looking at the hot startups, what's the message to the executives there. Do they want to become more leaning in more hawkish if you will, to use the military term on security? I mean, I heard one CISO say, security first then compliance 'cause compliance can make you complacent and then you're unsecure at that point. >> I actually say that. I agree. One definitely security is different and more important than being compliant. I think there's another emerging concept, which is I'd rather be defensible than secure. What I mean by that is security is a point in time state. I am secure right now. I may not be secure tomorrow 'cause something's changed. But if I'm defensible, then what I have is that muscle memory to detect, respondent and stifle an attack. And that's what's more important. Can I detect you? How long did it take me to detect you? Can I stifle you from achieving your objective? How long did it take me to stifle you? What did you use to get in to gain access? How long did that sit in my environment? How long did it take me to fix it? So on and so forth. But I think it's being defensible and being able to rapidly adapt to changing tactics by the adversary is more important. >> This is the evolution of how the red line never moved. You got the adversaries in our networks and our banks. Now they hang out and they wait. So everyone thinks they're secure. But when they start getting hacked, they're not really in a position to defend, the alarms go off. Where's the playbook. Team springs into action. I mean, you kind of get the visual there, but this is really the issue being defensible means having your own essentially military for your company. >> Being defensible, I think has two pieces. One is you've got to have this culture and process in place of training like you fight because you want to build that incident response muscle memory ahead of time. You don't want to have to learn how to respond to an incident in the middle of the incident. So that is that proactively verifying your posture and continuous pen testing is critical there. The second part is the actual fundamentals in place so you can detect and stifle as appropriate. And also being able to do that. When you are continuously verifying your posture, you need to verify your entire posture, not just your test systems, which is what most people do. But you have to be able to safely pen test your production systems, your cloud environments, your perimeter. You've got to assume that the bad guys are going to get in, once they're in, what can they do? So don't just say that my perimeter's secure and I'm good to go. It's the soft squishy center that attackers are going to get into. And from there, can you detect them and can you stop them? >> Snehal, take me through the use. You got to be sold on this, I love this topic. Alright, pen test. Is it, what am I buying? Just pen test as a service. You mentioned dark web. Are you actually buying credentials online on behalf of the customer? What is the product? What am I buying if I'm the CISO from Horizon3? What's the service? What's the product, be specific. >> So very specifically and one just principles. The first principle is when I was a buyer, I hated being nickled and dimed buyer vendors, which was, I had to buy 15 different modules in order to achieve an objective. Just give me one line item, make it super easy to buy and don't nickel and dime me. Because I've spent time as a buyer that very much has permeated throughout the company. So there is a single skew from Horizon3. It is an annual subscription based on how big your environment is. And it is inclusive of on-prem internal pen tests, external pen tests, cloud attacks, work from home attacks, our ability to harvest credentials from the dark web and from open source sources. Being able to crack those credentials, compromise. All of that is included as a singles skew. All you get as a CISO is a singles skew, annual subscription, and you can run as many pen tests as you want. Some customers still stick to, maybe one pen test a quarter, but most customers shift when they realize there's no limit, we don't nickel and dime. They can run 10, 20, 30, 40 a month. >> Well, it's not nickel and dime in the sense that, it's more like dollars and hundreds because they know what to expect if it's classic cloud consumption. They kind of know what their environment, can people try it. Let's just say I have a huge environment, I have a cloud, I have an on-premise private cloud. Can I dabble and set parameters around pricing? >> Yes you can. So one is you can dabble and set perimeter around scope, which is like manufacturing does this, do not touch the production line that's on at the moment. We've got a hospital that says every time they run a pen test, any machine that's actually connected to a patient must be excluded. So you can actually set the parameters for what's in scope and what's out of scope up front, most again we're designed to be safe to run against production so you can set the parameters for scope. You can set the parameters for cost if you want. But our recommendation is I'd rather figure out what you can afford and let you test everything in your environment than try to squeeze every penny from you by only making you buy what can afford as a smaller-- >> So the variable ratio, if you will is, how much they spend is the size of their environment and usage. >> Just size of the environment. >> So it could be a big ticket item for a CISO then. >> It could, if you're really large, but for the most part-- >> What's large? >> I mean, if you were Walmart, well, let me back up. What I heard is global 10 companies spend anywhere from 50 to a hundred million dollars a year on security testing. So they're already spending a ton of money, but they're spending it on consultants that show up maybe a couple of times a year. They don't have, humans can't scale to test a million hosts in your environment. And so you're already spending that money, spend a fraction of that and use us and run as much as you want. And that's really what it comes down to. >> John: All right. So what's the response from customers? >> What's really interesting is there are three use cases. The first is that SOC manager that is using us to verify that their security tools are actually working. So their Splunk environment is logging the right data. It's integrating properly with CrowdStrike, it's integrating properly with their active directory services and their password policies. So the SOC manager is using us to verify the effectiveness of their security controls. The second use case is the IT director that is using us to proactively harden their systems. Did they install VMware correctly? Did they install their Cisco gear correctly? Are they patching right? And then the third are for the companies that are lucky to have their own internal pen test and red teams where they use us like a force multiplier. So if you've got 10 people on your red team and you still have a million IPs or hosts in your environment, you still don't have enough people for that coverage. So they'll use us to do recon at scale and attack at scale and let the humans focus on the really juicy hard stuff that humans are successful at. >> Love the product. Again, I'm trying to think about how I engage on the test. Is there pilots? Is there a demo version? >> There's a free trials. So we do 30 day free trials. The output can actually be used to meet your SOC 2 requirements. So in many ways you can just use us to get a free SOC 2 pen test report right now, if you want. Go to the website, log in for a free trial, you can log into your Google ID or your LinkedIn ID, run a pen test against your organization and use that to answer your PCI segmentation test requirements, your SOC 2 requirements, but you will be hooked. You will want to run us more often. And you'll get a Horizon3 tattoo. >> The first hits free as they say in the drug business. >> Yeah. >> I mean, so you're seeing that kind of response then, trial converts. >> It's exactly. In fact, we have a very well defined aha moment, which is you run us to find, you fix, you run us to verify, we have 100% technical win rate when our customers hit a find, fix, verify cycle, then it's about budget and urgency. But 100% technical win rate because of that aha moment, 'cause people realize, holy crap, I don't have to wait six months to verify that my problems have actually been fixed. I can just come in, click, verify, rerun the entire pen test or rerun a very specific part of it on what I just patched my environment. >> Congratulations, great stuff. You're here part of the AWS Startup Showcase. So I have to ask, what's the relationship with AWS, you're on their cloud. What kind of actions going on there? Is there secret sauce on there? What's going on? >> So one is we are AWS customers ourselves, our brains command and control infrastructure. All of our analytics are all running on AWS. It's amazing, when we run a pen test, we are able to use AWS and we'll spin up a virtual private cloud just for that pen test. It's completely ephemeral, it's all Lambda functions and graph analytics and other techniques. When the pen test ends, you can delete, there's a single use Docker container that gets deleted from your environment so you have nothing on-prem to deal with and the entire virtual private cloud tears itself down. So at any given moment, if we're running 50 pen tests or a hundred pen tests, self-service, there's a hundred virtual private clouds being managed in AWS that are spinning up, running and tearing down. It's an absolutely amazing underlying platform for us to make use of. Two is that many customers that have hybrid environments. So they've got a cloud infrastructure, an Office 365 infrastructure and an on-prem infrastructure. We are a single attack platform that can test all of that together. No one else can do it. And so the AWS customers that are especially AWS hybrid customers are the ones that we do really well targeting. >> Got it. And that's awesome. And that's the benefit of cloud? >> Absolutely. And the AWS marketplace. What's absolutely amazing is the competitive advantage being part of the marketplace has for us, because the simple thing is my customers, if they already have dedicated cloud spend, they can use their approved cloud spend to pay for Horizon3 through the marketplace. So you don't have to, if you already have that budget dedicated, you can use that through the marketplace. The other is you've already got the vendor processes in place, you can purchase through your existing AWS account. So what I love about the AWS company is one, the infrastructure we use for our own pen test, two, the marketplace, and then three, the customers that span that hybrid cloud environment. That's right in our strike zone. >> Awesome. Well, congratulations. And thanks for being part of the showcase and I'm sure your product is going to do very, very well. It's very built for what people want. Self-service get in, get the value quickly. >> No agents to install, no consultants to hire. safe to run against production. It's what I wanted. >> Great to see you and congratulations and what a great story. And we're going to keep following you. Thanks for coming on. >> Snehal: Phenomenal. Thank you, John. >> This is the AWS Startup Showcase. I'm John John Furrier, your host. This is season two, episode four on cybersecurity. Thanks for watching. (upbeat music)

>>mhm, mm. All right. Mhm. Mhm, mm mm. Mhm. Yeah, mm. Mhm. Yeah, yeah. Mhm, mm. Okay. Mm. Yeah, Yeah. >>Mhm. Mhm. Yeah. Welcome to future cloud made possible by Cisco. My name is Dave Volonte and I'm your host. You know, the cloud is evolving like the universe is expanding at an accelerated pace. No longer is the cloud. Just a remote set of services, you know, somewhere up there. No, the cloud, it's extending to on premises. Data centers are reaching into the cloud through adjacent locations. Clouds are being connected together to each other and eventually they're gonna stretch to the edge and the far edge workloads, location latency, local laws and economics will define the value customers can extract from this new cloud model which unifies the operating experience independent of location. Cloud is moving rapidly from a spare capacity slash infrastructure resource to a platform for application innovation. Now, the challenge is how to make this new cloud simple, secure, agile and programmable. Oh and it has to be cloud agnostic. Now, the real opportunity for customers is to tap into a layer across clouds and data centers that abstracts the underlying complexity of the respective clouds and locations. And it's got to accommodate both mission critical workloads as well as general purpose applications across the spectrum cost, effectively enabling simplicity with minimal labor costs requires infrastructure i. E. Hardware, software, tooling, machine intelligence, AI and partnerships within an ecosystem. It's kind of accommodate a variety of application deployment models like serverless and containers and support for traditional work on VMS. By the way, it also requires a roadmap that will take us well into the next decade because the next 10 years they will not be like the last So why are we here? Well, the cube is covering Cisco's announcements today that connect next generation compute shared memory, intelligent networking and storage resource pools, bringing automation, visibility, application assurance and security to this new decentralized cloud. Now, of course in today's world you wouldn't be considered modern without supporting containers ai and operational tooling that is demanded by forward thinking practitioners. So sit back and enjoy the cubes, special coverage of Cisco's future cloud >>From around the globe. It's the Cube presenting future cloud one event, a world of opportunities brought to you by Cisco. >>We're here with Dejoy Pandey, a VP of emerging tech and incubation at Cisco. V. Joy. Good to see you. Welcome. >>Good to see you as well. Thank you Dave and pleasure to be here. >>So in 2020 we kind of had to redefine the notion of agility when it came to digital business or you know organizations, they had to rethink their concept of agility and business resilience. What are you seeing in terms of how companies are thinking about their operations in this sort of new abnormal context? >>Yeah, I think that's a great question. I think what what we're seeing is that pretty much the application is the center of the universe. And if you think about it, the application is actually driving brand recognition and the brand experience and the brand value. So the example I like to give is think about a banking app uh recovered that did everything that you would expect it to do. But if you wanted to withdraw cash from your bank you would actually have to go to the ATM and punch in some numbers and then look at your screen and go through a process and then finally withdraw cash. Think about what that would have, what what that would do in a post pandemic era where people are trying to go contact less. And so in a situation like this, the digitization efforts that all of these companies are going through and and the modernization of the automation is what is driving brand recognition, brand trust and brand experience. >>Yeah. So I was gonna ask you when I heard you say that, I was gonna say well, but hasn't it always been about the application, but it's different now, isn't it? So I wonder if you talk more about how the application is experience is changing. Yes. As a result of this new digital mandate. But how should organizations think about optimizing those experiences in this new world? >>Absolutely. And I think, yes, it's always been about the application, but it's becoming the center of the universe right now because all interactions with customers and consumers and even businesses are happening through that application. So if the application is unreliable or if the application is not available is untrusted insecure, uh, there's a problem. There's a problem with the brand, with the company and the trust that consumers and customers have with our company. So if you think about an application developer, the weight he or she is carrying on their shoulders is tremendous because you're thinking about rolling features quickly to be competitive. That's the only way to be competitive in this world. You need to think about availability and resiliency. Like you pointed out and experience, you need to think about security and trust. Am I as a customer or consumer willing to put my data in that application? So velocity, availability, Security and trust and all of that depends on the developer. So the experience, the security, the trust, the feature, velocity is what is driving the brand experience now. >>So are those two tensions that say agility and trust, you know, Zero Trust used to be a buzzword now it's a mandate. But are those two vectors counter posed? Can they be merged into one and not affect each other? Does the question makes sense? Right? Security usually handcuffs my speed. But how do you address that? >>Yeah that's a great question. And I think if you think about it today that's the way things are. And if you think about this developer all they want to do is run fast because they want to build those features out and they're going to pick and choose a piece and services that matter to them and build up their app and they want the complexities of the infrastructure and security and trust to be handled by somebody else is not that they don't care about it but they want that abstraction so that is handled by somebody else. And typically within an organization we've seen in the past where this friction between Netapp Sec ops I. T. Tops and and the cloud platform Teams and the developer on one side and these these frictions and these meetings and toil actually take a toll on the developer and that's why companies and apps and developers are not as agile as they would like to be. So I think but it doesn't have to be that way. So I think if there was something that would allow a developer to pick and choose, discover the apis that they would like to use connect those api is in a very simple manner and then be able to scale them out and be able to secure them and in fact not just secure them during the run time when it's deployed. We're right off the back when the fire up that I'd and start developing the application. Wouldn't that be nice? And as you do that, there is a smooth transition between that discovery connectivity and ease of consumption and security with the idea cops. Netapp psych ops teams and see source to ensure that they are not doing something that the organization won't allow them to do in a very seamless manner. >>I want to go back and talk about security but I want to add another complexity before we do that. So for a lot of organizations in the public cloud became a staple of keeping the lights on during the pandemic but it brings new complexities and differences in terms of latency security, which I want to come back to deployment models etcetera. So what are some of the specific networking challenges that you've seen with the cloud native architecture is how are you addressing those? >>Yeah. In fact, if you think about cloud, to me that is a that is a different way of seeing a distributed system. And if you think about a distributed system, what is at the center of the distributed system is the network. So my my favorite comment here is that the network is the wrong time for all distribute systems and modern applications. And that is true because if you think about where things are today, like you said, there's there's cloud assets that a developer might use in the banking example that I gave earlier. I mean if you want to build a contact less app so that you get verified, a customer gets verified on the app. They walk over to the ATM and they were broadcast without touching that ATM. In that kind of an example, you're touching the mobile Rus, let's say U S A P is you're touching cloud API is where the back end might sit. You're touching on primary PS maybe it's an oracle database or a mainframe even where transactional data exists. You're touching branch pipes were the team actually exists and the need for consistency when you withdraw cash and you're carrying all of this and in fact there might be customer data sitting in salesforce somewhere. So it's cloud API is a song premise branch. It's ass is mobile and you need to bring all of these things together and over time you will see more and more of these API is coming from various as providers. So it's not just cloud providers but saas providers that the developer has to use. And so this complexity is very, very real. And this complexity is across the wide open internet. So the application is built across this wide open internet. So the problems of discovery ability, the problems of being able to simply connect these apis and manage the data flow across these apis. The problems of consistency of policy and consumption because all of these areas have their own nuances and what they mean, what the arguments mean and what the A. P. I. Actually means. How do you make it consistent and easy for the developer? That is the networking problem. And that is a problem of building out this network, making traffic engineering easy, making policy easy, making scale out, scale down easy, all of that our networking problems. And so we are solving those problems uh Francisco. >>Yeah the internet is the new private network but it's not so private. So I want to go back to security. I often say that the security model of building a moat, you dig the moat, you get the hardened castle that's just outdated now that the queen is left her castle, I always say it's dangerous out there. And the point is you touched on this, it's it's a huge decentralized system and with distributed apps and data, that notion of perimeter security, it's just no longer valid. So I wonder if you could talk more about how you're thinking about this problem and you definitely address some of that in your earlier comments. But what are you specifically doing to address this and how do you see it evolving? >>Yeah, I mean, that's that's a very important point. I mean, I think if you think about again the wide open internet being the wrong time for all modern applications, what is perimeter security in this uh in this new world? I mean, it's to me it boils down to securing an API because again, going with that running example of this contact lists cash withdrawal feature for a bank, the ap wherever it's it's entre branch SAs cloud, IOS android doesn't matter that FBI is your new security perimeter. And the data object that is trying to access is also the new security perimeter. So if you can secure ap to ap communication and P two data object communication, you should be good. So that is the new frontier. But guess what software is buggy? Everybody's software not saying Cisco software, everybody's Softwares buggy. Uh software is buggy, humans are not reliable and so things mature, things change, things evolve over time. So there needs to be defense in depth. So you need to secure at the API layer had the data object layer, but you also need to secure at every layer below it so that you have good defense and depth if any layer in between is not working out properly. So for us that means ensuring ap to ap communication, not just during long time when the app has been deployed and is running, but during deployment and also during the development life cycle. So as soon as the developer launches an ID, they should be able to figure out that this api is security uses reputable, it has compliant, it is compliant to my to my organization's needs because it is hosted, let's say from Germany and my organization wants appears to be used only if they are being hosted out of Germany so compliance needs and and security needs and reputation. Is it available all the time? Is it secure? And being able to provide that feedback all the time between the security teams and the developer teams in a very seamless real time manner. Yes, again, that's something that we're trying to solve through some of the services that we're trying to produce in san Francisco. >>Yeah, I mean those that layered approach that you're talking about is critical because every layer has, you know, some vulnerability. And so you you've got to protect that with some depth in terms of thinking about security, how should we think about where where Cisco's primary value add is, I mean as parts of the interview has a great security business is growing business, Is it your intention to to to to add value across the entire value chain? I mean obviously you can't do everything so you've got a partner but so has the we think about Cisco's role over the next I'm thinking longer term over the over the next decade. >>Yeah, I mean I think so, we do come in with good strength from the runtime side of the house. So if you think about the security aspects that we haven't played today, uh there's a significant set of assets that we have around user security around around uh with with do and password less. We have significant assets in runtime security. I mean, the entire portfolio that Cisco brings to the table is around one time security, the secure X aspects around posture and policy that will bring to the table. And as you see, Cisco evolve over time, you will see us shifting left. I mean, I know it's an overused term, but that is where security is moving towards. And so that is where api security and data security are moving towards. So learning what we have during runtime because again, runtime is where you learn what's available and that's where you can apply all of the M. L. And I models to figure out what works what doesn't taking those learnings, Taking those catalogs, taking that reputation database and moving it into the deployment and development life cycle and making sure that that's part of that entire they have to deploy to runtime chain is what you will see. Cisco do overtime. >>That's fantastic phenomenal perspective video. Thanks for coming on the cube. Great to have you and look forward to having you again. >>Absolutely. Thank you >>in a moment. We'll talk hybrid cloud applications operations and potential gaps that need to be addressed with costume, Das and VJ Venugopal. You're watching the cube the global leader in high tech coverage. Mhm >>You were cloud. It isn't just a cloud. It's everything flowing through it. It's alive. Yeah, connecting users, applications, data and devices and whether it's cloud, native hybrid or multi cloud, it's more distributed than ever. One company takes you inside, giving you the visibility and the insight you need to take action. >>One company >>has the vision to understand it, all the experience, to securely connect at all on any platform in any environment. So you can work wherever work takes you in a cloud first world between your cloud and being cloud smart, there's a bridge. Cisco the bridge to possible. >>Okay. We're here with costume does, who is the Senior Vice President, General Manager of Cloud and compute at Cisco. And VJ Venugopal, who is the Senior Director for Product Management for cloud compute at Cisco. KTV. J. Good to see you guys welcome. >>Great to see you. Dave to be here. >>Katie, let's talk about cloud you And I last time we're face to face was in Barcelona where we love talking about cloud and I always say to people look, Cisco is not a hyper Scaler, but the big public cloud players, they're like giving you a gift. They spent almost actually over $100 billion last year on Capex. The big four. So you can build on that infrastructure. Cisco is all about hybrid cloud. So help us understand the strategy. There may be how you can leverage that build out and importantly what a customer is telling you they want out of hybrid cloud. >>Yeah, no that's that's that's a perfect question to start with. Dave. So yes. So the hybrid hyper scholars have invested heavily building out their assets. There's a great lot of innovation coming from that space. Um There's also a great innovation set of innovation coming from open source and and that's another source of uh a gift. In fact the I. T. Community. But when I look at my customers they're saying well how do I in the context of my business implement a strategy that takes into consideration everything that I have to manage um in terms of my contemporary work clothes, in terms of my legacy, in terms of everything my developer community wants to do on DEVOPS and really harnessed that innovation that's built in the public cloud, that built an open source that built internally to me, and that naturally leads them down the path of a hybrid cloud strategy. And Siskel's mission is to provide for that imperative, the simplest more power, more powerful platform to deliver hybrid cloud and that platform. Uh It's inter site we've been investing in. Inner side, it's a it's a SAS um service um inner side delivers to them that bridge between their estates of today that were closer today, the need for them to be guardians of enterprise grade resiliency with the agility uh that's needed for the future. The embracing of cloud. Native of new paradigms of deVOPS models, the embracing of innovation coming from public cloud and an open source and bridging those two is what inner side has been doing. That's kind of that's kind of the crux of our strategy. Of course we have the entire portfolio behind it to support any, any version of that, whether that is on prem in the cloud, hybrid, cloud, multi cloud and so forth. >>But but if I understand it correctly from what I heard earlier today, the inter site is really a linchpin of that strategy, is it not? >>It really is and may take a second to totally familiarize those who don't know inner side with what it is. We started building this platform quite a few years back and we we built a ground up to be an immensely scalable SAs, super simple hybrid cloud platform and it's a platform that provides a slew of service is inherently and then on top of that there are suites of services, the sweets of services that are tied to infrastructure, automation. Cisco, as well as Cisco partners. The streets of services that have nothing to do with Cisco um products from a hardware perspective. And it's got to do with more cloud orchestration and cloud native and inner side and its suite of services um continue to kind of increase in pace and velocity of delivery video. Just over the last two quarters we've announced a whole number of things will go a little bit deeper into some of those but they span everything from infrastructure automation to kubernetes and delivering community than service to workload optimization and having visibility into your cloud estate. How much it's costing into your on premise state into your work clothes and how they're performing. It's got integrations with other tooling with both Cisco Abdi uh as well as non Cisco um, assets and then and then it's got a whole slew of capabilities around orchestration because at the end of the day, the job of it is to deliver something that works and works at scale that you can monitor and make sure is resilient and that includes that. That includes a workflow and ability to say, you know, do this and do this and do this. Or it includes other ways of automation, like infrastructure as code and so forth. So it includes self service that so that expand that. But inside the world's simplest hybrid cloud platform, rapidly evolving rapidly delivering new services. And uh we'll talk about some more of those day. >>Great, thank you, Katie VJ. Let's bring you into the discussion. You guys recently made an announcement with the ASCIi corp. I was stoked because even though it seemed like a long time ago, pre covid, I mean in my predictions post, I said, ha, she was a name to watch our data partners. Et are you look at the survey data and they really have become mainstream? You know, particularly we think very important in the whole multi cloud discussion. And as well, they're attractive to customers. They have open source offerings. You can very easily experiment. Smaller organizations can take advantage. But if you want to upgrade to enterprise features like clustering or whatever, you can plug right in. Not a big complicated migration. So a very, very compelling story there. Why is this important? Why is this partnership important to Cisco's customers? Mhm. >>Absolutely. When the spot on every single thing that you said, let me just start by paraphrasing what ambition statement is in the cloud and computer group. Right ambition statement is to enable a cloud operating model for hybrid cloud. And what we mean by that is the ability to have extreme amounts of automation orchestration and observe ability across your hybrid cloud idea operations now. Uh So developers and applications team get a great amount of agility in public clouds and we're on a mission to bring that kind of agility and automation to the private cloud and to the data centers and inter site is a quickie platform and lynchpin to enable that kind of operations. Uh, Cloud like operations in the in the private clouds and the key uh As you rightly said, harsher car is the, you know, they were the inventors of the concept of infrastructure at school and in terra form, they have the world's number one infrastructure as code platform. So it became a natural partnership for Cisco to enter into a technology partnership with harsher card to integrate inter site with hardship cops, terra form to bring the benefits of infrastructure as code to the to hybrid cloud operations. And we've entered into a very tight integration and uh partnership where we allow developers devops teams and infrastructure or administrators to allow the use of infrastructure as code in a SAS delivered manner for both public and private club. So it's a very unique partnership and a unique integration that allows the benefits of cloud managed i E C. To be delivered to hybrid cloud operations. And we've been very happy and proud to be partnering with Russian government shutdown. >>Yeah, Terra form gets very high marks from customers. The a lot of value there. The inner side integration adds to that value. Let's stay on cloud native for a minute. We all talk about cloud native cady was sort of mentioning before you got the the core apps, uh you want to protect those, make sure their enterprise create but they gotta be cool as well for developers. You're connecting to other apps in the cloud or wherever. How are you guys thinking about this? Cloud native trend? What other movies are you making in this regard? >>I mean cloud native is there is one of the paramount I. D. Trends of today and we're seeing massive amounts of adoption of cloud native architecture in all modern applications. Now, Cloud Native has become synonymous with kubernetes these days and communities has emerged as a de facto cloud native platform for modern cloud native app development. Now, what Cisco has done is we have created a brand new SAs delivered kubernetes service that is integrated with inter site, we call it the inter site community service for A. Ks. And this just geared a little over one month ago. Now, what interstate kubernetes service does is it delivers a cloud managed and cloud delivered kubernetes service that can be deployed on any supported target infrastructure. It could be a Cisco infrastructure, it could be a third party infrastructure or it could even be public club. But think of it as kubernetes anywhere delivered as says, managed from inside. It's a very powerful capability that we've just released into inter site to enable the power of communities and clog native to be used to be used anywhere. But today we made a very important aspect because we are today announced the brand new Cisco service mess manager, the Cisco service mesh manager, which is available as an extension to the KS are doing decide basically we see service measures as being the future of networking right in the past we had layer to networking and layer three networking and now with service measures, application networking and layer seven networking is the next frontier of, of networking. But you need to think about networking for the application age very differently how it is managed, how it is deployed. It needs to be ready, developer friendly and developer centric. And so what we've done is we've built out an application networking strategy and built out the service match manager as a very simple way to deliver application networking through the consumers, like like developers and application teams. This is built on an acquisition that Cisco made recently of Banzai Cloud and we've taken the assets of Banzai Cloud and deliver the Cisco service mesh manager as an extension to KS. That brings the promise of future networking and modern networking to application and development gives >>God thank you. BJ. And so Katie, let's let's let's wrap this up. I mean, there was a lot in this announcement today, a lot of themes around openness, heterogeneity and a lot of functionality and value. Give us your final thoughts. >>Absolutely. So, couple of things to close on, first of all, um Inner side is the simplest, most powerful hybrid cloud platform out there. It enables that that cloud operating model that VJ talked about, but enables that across cloud. So it's sad, it's relatively easy to get into it and give it a spin so that I'd highly encouraged anybody who's not familiar with it to try it out and anybody who is familiar with it to look at it again, because they're probably services in there that you didn't notice or didn't know last time you looked at it because we're moving so fast. So that's the first thing. The second thing I close with is um, we've been talking about this bridge that's kind of bridging, bridging uh your your on prem your open source, your cloud estates. And it's so important to to make that mental leap because uh in past generation, we used to talk about integrating technologies together and then with public cloud, we started talking about move to public cloud, but it's really how do we integrate, how do we integrate all of that innovation that's coming from the hyper scale, is everything they're doing to innovate superfast, All of that innovation is coming from open source, all of that innovation that's coming from from companies around the world, including Cisco, How do we integrate that to deliver an outcome? Because at the end of the day, if you're a cloud of Steam, if you're an idea of Steam, your job is to deliver an outcome and our mission is to make it super simple for you to do that. That's the mission we're on and we're hoping that everybody that's excited as we are about how simple we made that. >>Great, thank you a lot in this announcement today, appreciate you guys coming back on and help us unpack you know, some of the details. Thank thanks so much. Great having you. >>Thank you >>Dave in a moment. We're gonna come back and talk about disruptive technologies and futures in the age of hybrid cloud with Vegas Rattana and James leach. You're watching the cube, the global leader in high tech coverage. >>What if your server box >>wasn't a box at >>all? What if it could do anything run anything? >>Be any box you >>need with massive scale precision and intelligence managed and optimized from the cloud integrated with all your clouds, private, public or hybrid. So you can build whatever you need today and tomorrow. The potential of this box is unlimited. Unstoppable unseen ever before. Unbox the future with Cisco UCS X series powered by inter site >>Cisco. >>The bridge to possible. Yeah >>we're here with Vegas Rattana who's the director of product management for Pcs at Cisco. And James Leach is the director of business development for U. C. S. At the Cisco as well. We're gonna talk about computing in the age of hybrid cloud. Welcome gentlemen. Great to see you. >>Thank you. >>Thank you because let's start with you and talk about a little bit about computing architectures. We know that they're evolving. They're supporting new data intensive and other workloads especially as high performance workload requirements. What's this guy's point of view on all this? I mean specifically interested in your thoughts on fabrics. I mean it's kind of your wheelhouse, you've got accelerators. What are the workloads that are driving these evolving technologies and how how is it impacting customers? What are you seeing? >>Sure. First of all, very excited to be here today. You're absolutely right. The pace of innovation and foundational platform ingredients have just been phenomenal in recent years. The fabric that's writers that drives the processing power, the Golden city all have been evolving just an amazing place and the peace will only pick up further. But ultimately it is all about applications and the way applications leverage those innovations. And we do see applications evolving quite rapidly. The new classes of applications are evolving to absorb those innovations and deliver much better business values. Very, very exciting time step. We're talking about the impact on the customers. Well, these innovations have helped them very positively. We do see significant challenges in the data center with the point product based approach of delivering these platforms, innovations to the applications. What has happened is uh, these innovations today are being packaged as point point products to meet the needs of a specific application and as you know, the different applications have no different needs. Some applications need more to abuse, others need more memory, yet others need, you know, more course, something different kinds of fabrics. As a result, if you walk into a data center today, it is very common to see many different point products in the data center. This creates a manageability challenge. Imagine the aspect of managing, you know, several different form factors want you to you purpose built servers. The variety of, you know, a blade form factor, you know, this reminds me of the situation we had before smartphones arrived. You remember the days when you when we used to have a GPS device for navigation system, a cool music device for listening to the music. A phone device for making a call camera for taking the photos right? And we were all excited about it. It's when a smart phones the right that we realized all those cool innovations could be delivered in a much simpler, much convenient and easy to consume through one device. And you know, I could uh, that could completely transform our experience. So we see the customers were benefiting from these innovations to have a way to consume those things in a much more simplistic way than they are able to go to that. >>And I like to look, it's always been about the applications. But to your point, the applications are now moving in a much faster pace. The the customer experience is expectation is way escalated. And when you combine all these, I love your analogy there because because when you combine all these capabilities, it allows us to develop new Applications, new capabilities, new customer experiences. So that's that I always say the next 10 years, they ain't gonna be like the last James Public Cloud obviously is heavily influencing compute design and and and customer operating models. You know, it's funny when the public cloud first hit the market, everyone we were swooning about low cost standard off the shelf servers in storage devices, but it quickly became obvious that customers needed more. So I wonder if you could comment on this. How are the trends that we've seen from the hyper scale, Is how are they filtering into on prem infrastructure and maybe, you know, maybe there's some differences there as well that you could address. >>Absolutely. So I'd say, first of all, quite frankly, you know, public cloud has completely changed the expectations of how our customers want to consume, compute, right? So customers, especially in a public cloud environment, they've gotten used to or, you know, come to accept that they should consume from the application out, right? They want a very application focused view, a services focused view of the world. They don't want to think about infrastructure, right? They want to think about their application, they wanna move outward, Right? So this means that the infrastructure basically has to meet the application where it lives. So what that means for us is that, you know, we're taking a different approach. We're we've decided that we're not going to chase this single pane of glass view of the world, which, frankly, our customers don't want, they don't want a single pane of glass. What they want is a single operating model. They want an operating model that's similar to what they can get at the public with the public cloud, but they wanted across all of their cloud options they wanted across private cloud across hybrid cloud options as well. So what that means is they don't want to just consume infrastructure services. They want all of their cloud services from this operating model. So that means that they may want to consume infrastructure services for automation Orchestration, but they also need kubernetes services. They also need virtualization services, They may need terror form workload optimization. All of these services have to be available, um, from within the operating model, a consistent operating model. Right? So it doesn't matter whether you're talking about private cloud, hybrid cloud anywhere where the application lives. It doesn't matter what matters is that we have a consistent model that we think about it from the application out. And frankly, I'd say this has been the stumbling block for private cloud. Private cloud is hard, right. This is why it hasn't been really solved yet. This is why we had to take a brand new approach. And frankly, it's why we're super excited about X series and inter site as that operating model that fits the hybrid cloud better than anything else we've seen >>is acute. First, first time technology vendor has ever said it's not about a single pane of glass because I've been hearing for decades, we're gonna deliver a single pane of glass is going to be seamless and it never happens. It's like a single version of the truth. It's aspirational and, and it's just not reality. So can we stay in the X series for a minute James? Uh, maybe in this context, but in the launch that we saw today was like a fire hose of announcements. So how does the X series fit into the strategy with inter site and hybrid cloud and this operating model that you're talking about? >>Right. So I think it goes hand in hand, right. Um the two pieces go together very well. So we have uh, you know, this idea of a single operating model that is definitely something that our customers demand, right? It's what we have to have, but at the same time we need to solve the problems of the cost was talking about before we need a single infrastructure to go along with that single operating model. So no longer do we need to have silos within the infrastructure that give us different operating models are different sets of benefits when you want infrastructure that can kind of do all of those configurations, all those applications. And then, you know, the operating model is very important because that's where we abstract the complexity that could come with just throwing all that technology at the infrastructure so that, you know, this is, you know, the way that we think about is the data center is not centered right? It's no longer centered applications live everywhere. Infrastructure lives everywhere. And you know, we need to have that consistent operating model but we need to do things within the infrastructure as well to take full advantage. Right? So we want all the sas benefits um, of a Ci CD model of, you know, the inter site can bring, we want all that that proactive recommendation engine with the power of A I behind it. We want the connected support experience went all of that. They want to do it across the single infrastructure and we think that that's how they tie together, that's why one or the other doesn't really solve the problem. But both together, that's why we're here. That's why we're super excited. >>So Vegas, I make you laugh a little bit when I was an analyst at I D C, I was deep in infrastructure and then when I left I was doing, I was working with application development heads and like you said, uh infrastructure, it was just a, you know, roadblock but but so the target speakers with Cisco announced UCS a decade ago, I totally missed it. I didn't understand it. I thought it was Cisco getting into the traditional server business and it wasn't until I dug in then I realized that your vision was really to transform infrastructure, deployment and management and change them all. I was like, okay, I got that wrong uh but but so let's talk about the the ecosystem and the joint development efforts that are going on there, X series, how does it fit into this, this converged infrastructure business that you've, you've built and grown with partners, you got storage partners like Netapp and Pure, you've got i SV partners in the ecosystem. We see cohesive, he has been a while since we we hung out with all these companies at the Cisco live hopefully next year, but tell us what's happening in that regard. >>Absolutely, I'm looking forward to seeing you in the Cisco live next year. You know, they have absolutely you brought up a very good point. You see this is about the ecosystem that it brings together, it's about making our customers bring up the entire infrastructure from the core foundational hardware all the way to the application level so that they can, you know, go off and running pretty quick. The converse infrastructure has been one of the corners 2.5 hour of the strategy, as you pointed out in the last decade. And and and I'm I'm very glad to share that converse infrastructure continues to be a very popular architecture for several enterprise applications. Seven today, in fact, it is the preferred architecture for mission critical applications where performance resiliency latency are the critical requirements there almost a de facto standards for large scale deployments of virtualized and business critical data bases and so forth with X series with our partnerships with our Stories partners. Those architectures will absolutely continue and will get better. But in addition as a hybrid cloud world, so we are now bringing in the benefits of canvas in infrastructure uh to the world of hybrid cloud will be supporting the hybrid cloud applications now with the CIA infrastructure that we have built together with our strong partnership with the Stories partners to deliver the same benefits to the new ways applications as well. >>Yeah, that's what customers want. They want that cloud operating model. Right, go ahead please. >>I was going to say, you know, the CIA model will continue to thrive. It will transition uh it will expand the use cases now for the new use cases that were beginning to, you know, say they've absolutely >>great thank you for that. And James uh have said earlier today, we heard this huge announcement, um a lot of lot of parts to it and we heard Katie talk about this initiative is it's really computing built for the next decade. I mean I like that because it shows some vision and you've got a road map that you've thought through the coming changes in workloads and infrastructure management and and some of the technology that you can take advantage of beyond just uh, you know, one or two product cycles. So, but I want to understand what you've done here specifically that you feel differentiates you from other competitive architectures in the industry. >>Sure. You know that's a great question. Number one. Number two, um I'm frankly a little bit concerned at times for for customers in general for our customers customers in general because if you look at what's in the market, right, these rinse and repeat systems that were effectively just rehashes of the same old design, right? That we've seen since before 2000 and nine when we brought you C. S to market these are what we're seeing over and over and over again. That's that's not really going to work anymore frankly. And I think that people are getting lulled into a false sense of security by seeing those things continually put in the market. We rethought this from the ground up because frankly future proofing starts now, right? If you're not doing it right today, future proofing isn't even on your radar because you're not even you're not even today proved. So we re thought the entire chassis, the entire architecture from the ground up. Okay. If you look at other vendors, if you look at other solutions in the market, what you'll see is things like management inside the chassis. That's a great example, daisy chaining them together >>like who >>needs that? Who wants that? Like that kind of complexity is first of all, it's ridiculous. Um, second of all, um, if you want to manage across clouds, you have to do it from the cloud, right. It's just common sense. You have to move management where it can have the scale and the scope that it needs to impact your entire domain, your world, which is much larger now than it was before. We're talking about true hybrid cloud here. Right. So we had to solve certain problems that existed in the traditional architecture. You know, I can't tell you how many times I heard you talk about the mid plane is a great example. You know, the mid plane and a chastity is a limiting factor. It limits us on how much we can connect or how much bandwidth we have available to the chassis. It limits us on air flow and other things. So how do you solve that problem? Simple. Just get rid of it. Like we just we took it out, right. It's not no longer a problem. We designed an architecture that doesn't need it. It doesn't rely on it. No forklift upgrades. So, as we start moving down the path of needing liquid cooling or maybe we need to take advantage of some new, high performance, low latency fabrics. We can do that with almost. No problem at all. Right, So, we don't have any forklift upgrades. Park your forklift on the side. You won't need it anymore because you can upgrade gradually. You can move along as technologies come into existence that maybe don't even exist. They they may not even be on our radar today to take advantage of. But I like to think of these technologies, they're really important to our customers. These are, you know, we can call them disruptive technologies. The reality is that we don't want to disrupt our customers with these technologies. We want to give them these technologies so they can go out and be disruptive themselves. Right? And this is the way that we've designed this from the ground up to be easy to consume and to take advantage of what we know about today and what's coming in the future that we may not even know about. So we think this is a way to give our customers that ultimate capability flexibility and and future proofing. >>I like I like that phrase True hybrid cloud. It's one that we've used for years and but to me this is all about that horizontal infrastructure that can support that vision of what true hybrid cloud is. You can support the mission critical applications. You can you can develop on the system and you can support a variety of workload. You're not locked into one narrow stovepipe and that does have legs, Vegas and James. Thanks so much for coming on the program. Great to see you. >>Yeah. Thank you. Thank you. >>When we return shortly thomas Shiva who leads Cisco's data center group will be here and thomas has some thoughts about the transformation of networking I. T. Teams. You don't wanna miss what he has to say. You're watching the cube. The global leader in high tech company. Okay, >>mm. Mhm, mm. Okay. Mhm. Yeah. Mhm. Yeah. >>Mhm. Yes. Yeah. Okay. We're here with thomas Shiva who is the Vice president of Product Management, A K A VP of all things data center, networking STN cloud. You name it in that category. Welcome thomas. Good to see you again. >>Hey Sam. Yes. Thanks for having me on. >>Yeah, it's our pleasure. Okay, let's get right into observe ability. When you think about observe ability, visibility, infrastructure monitoring problem resolution across the network. How does cloud change things? In other words, what are the challenges that networking teams are currently facing as they're moving to the cloud and trying to implement hybrid cloud? >>Yeah. Yeah, visibility as always is very, very important. And it's quite frankly, it's not just it's not just the networking team is actually the application team to write. And as you pointed out, the underlying impetus to what's going on here is the data center is where the data is. And I think we set us a couple years back and really what happens the applications are going to be deployed uh in different locations, right. Whether it's in a public cloud, whether it's on prayer, uh, and they are built differently right there, built as microservices, they might actually be distributed as well at the same application. And so what that really means is you need as an operator as well as actually a user better visibility. Where are my pieces and you need to be able to correlate between where the app is and what the underlying network is that is in place in these different locations. So you have actually a good knowledge while the app is running so fantastic or sometimes not. So I think that's that's really the problem statement. What what we're trying to go afterwards, observe ability. >>Okay, and let's double click on that. So a lot of customers tell me that you gotta stare at log files until your eyes bleed and you gotta bring in guys with lab coats who have phds to figure all this stuff out. So, so you just described, it's getting more complex, but at the same time you have to simplify things. So how how are you doing that, >>correct? So what we basically have done is we have this fantastic product that that is called 1000 Ice. And so what this does is basically as the name, which I think is a fantastic fantastic name. You have these sensors everywhere. Um, and you can have a good correlation on uh links between if I run from a site to aside from a site to a cloud, from a cloud to cloud and you basically can measure what is the performance of these links. And so what we're, what we're doing here is we're actually extending the footprint of these thousands agent. Right? Instead of just having uh inversion machine clouds, we are now embedding them with the Cisco network devices. Right? We announced this with the catalyst 9000 and we're extending this now to our 8000 catalyst product line for the for the SD were in products as well as to the data center products the next line. Um and so what you see is is, you know, half a saying, you have 1000 eyes, you get a million insights and you get a billion dollar of improvements uh for how your applications run. And this is really uh, the power of tying together the footprint of where the network is with the visibility, what is going on. So you actually know the application behavior that is attached to this network. >>I see. So okay. So as the cloud evolves and expands it connects your actually enabling 1000 eyes to go further, not just confined within a single data center location, but out to the network across clouds, et cetera, >>correct. Wherever the network is, you're going to have 1000 I sensor and you can't bring this together and you can quite frankly pick if you want to say, hey, I have my application in public cloud provider, a uh, domain one and I have another one domain to, I can't do monitor that link. I can also monitor have a user that has a campus location or branch location. I kind of put an agent there and then I can monitor the connectivity from that branch location all the way to the let's say corporations that data centre, our headquarter or to the cloud. And I can have these probes and just we have visibility and saying, hey, if there's a performance, I know where the issue is and then I obviously can use all the other foods that we have to address those. >>All right, let's talk about the cloud operating model. Everybody tells us it's really the change in the model that drives big numbers in terms of R. O. I. And I want you to maybe address how you're bringing automation and devops to this world of of hybrid and specifically how is Cisco enabling I. T. Organizations to move to a cloud operating model? Is that cloud definition expands? >>Yeah, no that's that's another interesting topic beyond the observe ability. So really, really what we're seeing and this is going on for uh I want to say a couple of years now, it's really this transition from operating infrastructure as a networking team more like a service like what you would expect from a cloud provider. Right? It's really around the network team offering services like a cloud provided us. And that's really what the meaning is of cloud operating model. Right? But this is infrastructure running your own data center where that's linking that infrastructure was whatever runs on the public club is operating and like a cloud service. And so we are on this journey for why? So one of the examples uh then we have removing some of the control software assets, the customers that they can deploy on prayer uh to uh an instance that they can deploy in a cloud provider and just busy, insane. She ate things there and then just run it that way. Right. And so the latest example for this is what we have our identity service engine that is now limited availability available on AWS and will become available in mid this year, both in Italy as unusual as a service. You can just go to market place, you can load it there and now you create, you can start running your policy control in a cloud, managing your access infrastructure in your data center, in your campus wherever you want to do it. And so that's just one example of how we see our customers network operations team taking advantage of a cloud operating model and basically employing their, their tools where they need them and when they need them. >>So what's the scope of, I hope I'm saying it right. Ice, right. I see. I think it's called ice. What's the scope of that like for instance, turn in effect my or even, you know, address simplify my security approach. >>Absolutely. That's now coming to what is the beauty of the product itself? Yes. What you can do is really is that there's a lot of people talking about else. How do I get to zero trust approach to networking? How do I get to a much more dynamic, flexible segmentation in my infrastructure. Again, whether this is only campus X as well as a data center and Ice help today, you can use this as a point to define your policies and then any connect from there. Right. In this particular case we would instant Ice in the cloud as a software load. You now can connect and say, hey, I want to manage and program my network infrastructure and my data center on my campus, going to the respective control over this DNA Center for campus or whether it is the A. C. I. Policy controller. And so yes, what you get as an effect out of this is a very elegant way to automatically manage in one place. What is my policy and then drive the right segmentation in your network infrastructure? >>zero. Trust that, you know, it was pre pandemic. It was kind of a buzzword. Now it's become a mandate. I wonder if we could talk about right. I mean I wonder if you talk about cloud native apps, you got all these developers that are working inside organizations. They're maintaining legacy apps. They're connecting their data to systems in the cloud there, sharing that data. I need these developers, they're rapidly advancing their skill sets. How is Cisco enabling its infrastructure to support this world of cloud? Native making infrastructure more responsive and agile for application developers? >>Yeah. So, you know, we're going to the top of his visibility, we talked about the operating model, how how our network operators actually want to use tools going forward. Now, the next step to this is it's not just the operator. How do they actually, where do they want to put these tools, how they, how they interact with these tools as well as quite frankly as how, let's say, a devops team on application team or Oclock team also wants to take advantage of the program ability of the underlying network. And this is where we're moving into this whole cloud native discussion, right? Which is really two angles, that is the cloud native way, how applications are being built. And then there is the cloud native way, how you interact with infrastructure. Right? And so what we have done is we're a putting in place the on ramps between clouds and then on top of it we're exposing for all these tools, a P I S that can be used in leverage by standard uh cloud tools or uh cloud native tools. Right. And one example or two examples we always have and again, we're on this journey for a while is both answerable uh script capabilities that exist from red hat as well as uh Ashitaka from capabilities that you can orchestrate across infrastructure to drive infrastructure, automation and what what really stands behind it is what either the networking operations team wants to do or even the ap team. They want to be able to describe the application as a code and then drive automatically or programmatically in situation of infrastructure needed for that application. And so what you see us doing is providing all these capability as an interface for all our network tools. Right. Whether it's this ice that I just mentioned, whether this is our D. C. And controllers in the data center, uh whether these are the controllers in the in the campus for all of those, we have cloud native interfaces. So operator or uh devops team can actually interact directly with that infrastructure the way they would do today with everything that lives in the cloud, with everything how they brought the application. >>This is key. You can't even have the conversation of op cloud operating model that includes and comprises on prem without programmable infrastructure. So that's that's very important. Last question, thomas our customers actually using this, they made the announcement today. There are there are there any examples of customers out there doing this? >>We do have a lot of customers out there that are moving down the past and using the D. D. Cisco high performance infrastructure, but also on the compute side as well as on an exercise one of the customers. Uh and this is like an interesting case. It's Rakuten uh record and is a large tackle provider, a mobile five G. Operator uh in Japan and expanding and is in different countries. Uh and so people something oh, cloud, you must be talking about the public cloud provider, the big the big three or four. But if you look at it, there's a lot of the tackle service providers are actually cloud providers as well and expanding very rapidly. And so we're actually very proud to work together with with Rakuten and help them building a high performance uh, data and infrastructure based on hard gig and actually phone a gig uh to drive their deployment to. It's a five G mobile cloud infrastructure, which is which is uh where the whole the whole world where traffic is going. And so it's really exciting to see this development and see the power of automation visibility uh together with the high performance infrastructure becoming reality and delivering actually services, >>you have some great points you're making there. Yes, you have the big four clouds, your enormous, but then you have a lot of actually quite large clouds. Telcos that are either approximate to those clouds or they're in places where those hyper scholars may not have a presence and building out their own infrastructure. So so that's a great case study uh thomas, hey, great having you on. Thanks so much for spending some time with us. >>Yeah, same here. I appreciate it. Thanks a lot. >>I'd like to thank Cisco and our guests today V Joy, Katie VJ, viscous James and thomas for all your insights into this evolving world of hybrid cloud, as we said at the top of the next decade will be defined by an entirely new set of rules. And it's quite possible things will evolve more quickly because the cloud is maturing and has paved the way for a new operating model where everything is delivered as a service, automation has become a mandate because we just can't keep throwing it labor at the problem anymore. And with a I so much more as possible in terms of driving operational efficiencies, simplicity and support of the workloads that are driving the digital transformation that we talk about all the time. This is Dave Volonte and I hope you've enjoyed today's program. Stay Safe, be well and we'll see you next time.

>> Announcer: Live from Las Vegas, it's The Cube covering IBM Think 2018. Brought to you by IBM. >> Hello and welcome to The Cube here in IBM Think 2018, I'm John Furrier. It's The Cube, our flagship program, we go out to the events and extract the signal in the noise. We're the number one live event coverage. We're here with The Cube with IBM Think 2018. Our next guess is Jesse Lund who's the vice president of IBM Blockchain. He's in the financial services side. Into blockchain, into crypto, into token economics, seeing the future, how money flows, Jesse great to have you on The Cube, thanks for joining me. >> Yeah, thanks for having me. It's great to be here. >> We were talking before on camera about blockchain, and we love blockchain, IBM certainly put it out there as part of the innovation sandwich. Blockchain, data, AI, kind of making that innovation, but it's really what it enables, and I want to talk to you about. You are involved in payments. We've been saying on The Cube that the killer app is money in this market. >> I agree, yeah. >> You agree, and you talk about it. This is a new market, so a stack is kind of developing. You got blockchain, then you got crypto which as protocols and you got infrastructure, then you got decentralized applications which you could call ICOs up top, certainly a little bit scammy and bubbly, but that's as arbitraging and optimizing the capital markets, you could argue that. But so this is a really big dynamic. Your thoughts on this trend. >> Sure, well so I joined IBM from 18 years at Wells Fargo. I spent really the majority of my career in financial services and when blockchain came along, I sort of immediately saw the impact, the potential for, I'll call it positive disruption, disruption in the positive sense. Transformational paradigm shift kind of stuff in terms of how money moves around the world and how we classify assets and how we transfer ownership of assets, I mean that's just, it's, the possibilities are limitless. And you're right, IBM is the place where I think blockchain has started as a mainstream focus for enterprises around building private networks, but that's really just the beginning. What we talked about earlier was it gets really interesting when data and money are connected together and they move at high velocities together. >> Let's get into that. I mean first let's just address the IBM thing. They got to put a stake in the ground, blockchain, it's a safe harbor to say supply chain stuff because that's their business, they've been building technologies for supply chains for companies, that's what enterprises do, that's IBM. But the game is where the money is and that's where the businesses are going to be transformed. We're talking about disrupting structural industries. This is where the money power comes in. Money's flowing, I mean if you want to move money from China, go to bitcoin. If you want to move it from anywhere, this is what's happening. >> Yeah, so think about bitcoin. It's kind of what started it all. It's a little bit of a bad word in banks and in regulated financial circles, but let's face it, the only real mainstream blockchain application today is still bitcoin, but you know we're only three years in to the blockchain industry, right? I mean think about when we were three years in to the internet industry, where we were still talking about which browser is going to win and then it went on to which application server's going to win, and it wasn't til a decade later we were really focused on what are the applications, the killer apps that are enabled by an interconnected world and that's exactly what's happening now. Other industries have already been completely disrupted. Look at retail, it's just, it's banking's turn. It's financial services turn. >> One of the founders, the co-founders of Ethereum, Anthony Diiorio, who I interviewed a couple weeks ago at the Bahamas, he said "While it is the new browser," to your points, browser wars, if you think about the payment, wallets are now becoming part of the mechanism for money transfer. If you don't have a wallet, if you want to send me some Ripple, you want to send me some Ethereum, I need a wallet. This is a no brainer, right? I mean if you want to leverage any money, that's one thing. The second thing I want to get your thoughts on besides the wallets, the fiat conversion, right? These are two threshold conversations that are going on. Your thoughts, wallet and conversion to fiat. >> Well I mean I think wallets are really important because this whole thing is based on key management, this whole concept is based on cryptography. It only works on a public, private key notion and you got to keep that private key private, but you got to keep it, right? You got to keep it safe and you got to keep it, it's like your wallet. You've got a wallet, you've got cash in your wallet, you lose your wallet, you lose your cash. It's the same kind of analogy, so wallets are really important and you're going to want to turn to providers who have made their business in encryption, who have made their business in security, I mean-- >> And cold storage, old school is kind of coming back, people are taking their keys and they're spreading them across multiple lock boxes, multiple states. People are getting broken into their house or their PCs are getting broken into. >> Right, yeah. >> I mean security, going old school. >> And why not? I mean, it works. >> Because if someone knows you got 100 million dollars in your house, they're going to get it if you don't lock it. Okay back to the reality of the money transfer. We were talking before you came on, I've been saying on The Cube, token economics really is where the action is, at least in my opinion. I want to get your thoughts because really the business model innovation is on the table because whoever can innovate the business model has more of a chance to disrupt an existing industry. This is where tokenization becomes part of the money piece of it, so how do you convert that value into capture? Is that token? Is that where you see it? What's your thoughts? >> Yeah so well first of all, I mean if you think of tokens as another form of currency, and by the way, I think we have to be careful about what we say, cryptocurrencies, the industry talks about thousands of cryptocurrencies out there where there's really not. There's maybe dozens and they're all derivatives of just a few models, bitcoin being one prominent model and there's a lot of offshoots off of that. But the rest of what we call cryptocurrencies are really tokens that represent primarily securities, which is why the SCC's getting involved. But the really interesting thing about this is these tokens move at high velocity because they're digital and so, but these digital things represent a claim on real world value, and that's where it becomes really interesting. IBM's built and launched as kind of its first foray into the solution space of financial services where IBM is an investor in this technology, a cross-border payment solution that inherently re-engineers this whole correspondent banking, this international wire process, and where FX, foreign exchange, becomes a real time capability in a series of operations that execute as an atomic unit. That's novel today. When you want to send money from here to somewhere else in the world, you go to your bank, your bank sends an instruction to another bank, and they respond and say "Yeah you know it's okay "because the person you're sending it to is not a terrorist, "is not on a some sort of sanctions list," great, now the bank has to actually go settle and it settles through another network, so the novelty is why can't the messages and the data and the value itself, the digital asset, why can't they exist and move together at the same time? That's what we've really built. But as we've built and deployed that and are getting banks and non-bank financial institutions to sign up for it because the cost of moving money goes way, way, way down and the user experience goes way, way, way up because instead of taking two or three days and you don't know how much it's going to cost until it gets there, it takes 10 or 15 seconds and you know before you even press send how much it's going to cost to get there. It all boils down to this notion of digital assets, that's what it all comes down to, is the way to settle value with finality in real time is for one party to exchange a digital asset with another party. Today, initially, the only form of negotiable digital assets are cryptocurrencies which has banks a little scared, but as we start talking through what we've learned in the enterprise blockchain space, we realized that we can tokenize all sorts of other asset classes, commodities, securities, and even fiat currencies where central banks or commercial banks can issue a token that represents a claim on deposits held at some financial institution and that's, that's a-- >> So you see tokenization as a big deal. >> It's a huge deal. I mean it's everything, I think it's-- >> It's the economic value of the ... >> I think it's the tipping point for blockchain. The irony is it goes back to bitcoin kind of started this all. You know we said "Well we like the idea of the technology "underneath bitcoin, but we want to focus on blockchain," I mean forget for a second blockchain is actually terminology that's invented by the bitcoin primer that was published nine years ago by Satoshi, so yeah it's their, whoever they are, it's their terminology, and it's kind of coming back full circle where you're seeing the convergence of all of these cool optimization capabilities, you know, immutability and workflow optimization, supply chain management-- >> And there's a lot of work to be done on performance and whatnot, but the concept of decentralized immutability data is fine, store the data. Now there's, it's got to get fixed, but I think that what that enables and I think you agree that tokenization's critical. So for a company that wants to token their business or raise money via tokens or get involved in this new economic value creation, innovation trend, how do they do it? And by the way are there tools available? You mentioned banking, and the banking business got to where it was because you had to build the picks and shovels to make it happen, you had to do a swift and you had to have this stuff go on. Now developers don't necessarily have the tools, so there's a picks and shovel market and there's also the real innovation. >> Yeah and that's I think the value contribution that IBM brings. I mean we bring 107 years of credibility in developing and operating mission critical, transactional, and financial systems, and I could do just an ad for a second, that's what the IBM blockchain platform is all about and as the industry evolves, as our platform offering evolves, what we want to be able to bring to small business, medium sized businesses, large businesses is the ability to develop solutions using our toolkit. >> So Jesse I want you to put your financial hat on and at the same time put your payments hat on and your token economics hat on, three hats. Hey I want to tokenize my business, I really want to get in. So we have an innovative team, we're seeing new business model formulas and logic that we want to disrupt, what do I do? I got an existing, growing business that I know has assets and I'm not a startup, but I'm not trying to pivot like Kodak, so I'm not dying, throwing the hail Mary, or I'm not a startup and got to build a whole product. I'm a real business, I'm growing, and I see tokenization as a way for me to be successful. What do I do? What's your advice? >> Well I think you look at it from all potential angles. If you look at any business, they're always looking to improve the bottom line by shrinking costs, right? They're also looking to improve the bottom line by increasing the top side, increasing revenue, and I think as a mid-sized business or a growing business, you have the opportunity to use tokenization, to use blockchain and digital currencies to do both of those things. You have the ability to accelerate the adoption of whatever your good or service or product is by if it's tokenizable, and most things are whether it's a utility, access to some service you provide, or whether it's an asset, some widget that you sell, you enable primary and secondary markets by creating a digital asset that can be bought by anybody anywhere around the world. I mean that's one way to do it and so I think getting people to realize the potential there-- >> You got programs, they call up IBM or get some developers, make it happen. Okay so killer apps money, that's going to be a 30 plus year trend and certainly this highlights that, but the other thing that's happened, it's coming out of either, in the open source community as well as cloud, the notion of marketplaces and communities so marketplaces and communities become a very important role in the token economics piece. What's your thoughts and opinion on that narrative? >> Well again for me, it goes back, I always go back to digital assets. We in the U.S. and around the world, when we start talking about financial instruments, we classify assets differently, but when it comes to an ecosystem and a community that becomes inherently peer to peer and inherently democratic, it's about an asset class agnostic distributed exchange where I can sell you my security token in exchange for your fiat token, or I can sell you my commodity token or utility token for the same. I think the ecosystem gets built automatically by way of new assets coming to a common network or interoperable set of networks, and that's what's missing today by the way, same in capital markets, right? The holy grail in the capital market space today is how do I shrink the time between trade and settlement? There's this whole t plus three and we're spending billions of dollars to go to t plus two, we gain a day, so the trade day and the settlement date are two days apart. I mean you just think about kind of the absurdity of that. If you just say well if the security that you're buying is a digital asset, and the money that you're buying it with is a digital asset, and they both exist on either the same network or an interoperable network, the transfer of ownership and the transfer of value happen together as two operations or a single operation in one atomic transaction, you've solved the problem. >> Speed of light can make it happen. >> Right, delivery versus payment, that's what the capital markets industry is trying to optimize for, right? Because it improves the balance sheet of all sorts of finance-- >> You had a phrase you mentioned before we came on camera, something about money, the future of money. What was that phrase? >> Programmable money? >> Programmable money. >> Yeah, right, right. >> I want you to take a minute to explain. Love this concept, Miko Matsumura, thought leader friend of ours, has a vision called open source money which is more of an open source, this hey money's flowing, it's open, it's out there, but you have a different perspective which I like too which is programmable money. What does that mean? Describe the concept and take a minute to unpack that. >> The concept of programmable money comes out of a paper that I jointly authored with Jed McCaleb who is the founder of Stellar and was the co-founder of Ripple and is a really smart guy so I feel like I have a small brain when I'm around him but we really wrote it in the context of central banking and the ultimate issuer of an asset because central banks are the issuers of currencies. Right now the primary dealers, if you will, for currencies are commercial banks and so that whole commercial, central, fractional reserve banking model has been replicated from the western world to everywhere else in the world and you can't get access to central bank money as they say. But if the central banks were to issue digital currencies which is essentially a token of fiat currency, so you own the token, you own a claim of fiat deposits held on the balance sheet of the central bank, now you have the ability to move that around. You can actually program the movement of money because it's a digital thing, it's a digital asset that's as good as cash and if you are working with a central bank who's issuing it, not only is it electronic money, it's actually legal tender because if the central bank issues it, it becomes legal tender which means everybody who accepts it has to accept that form of payment. That's pretty profound if we can get to that point and we're working with-- >> And software's a big driver in that because you need software to manage digital assets. >> Oh yeah, absolutely. >> The software's driving it. Bill Tai is an investor, I interviewed him, and he had an interesting topic and I made a highlight of it. He said after World War II, we talked about the oil situation when the dala was pegged to OPEC, that was essentially tokenizing oil. Then okay that's good, so that was their ICO. >> Right, right, yeah, essentially. >> That's what you're saying, you can actually put fiat to the digital token and take advantage of the efficiencies of digital. >> Right, yeah, okay-- >> Taking down all the structural inefficiencies that were built prior to digital. Is that ... >> It is. You fast forward a little bit and think where that takes us. It's no secret that the U.S. dollar is the trade currency of the world, and I want to be careful what I say because, you know, I'm an American patriot here but there are other large G20 nations who wouldn't mind dethroning the U.S. dollar as the trade currency of the world and so as you see central banks starting to get involved in the issuance of digital currency, you create a situation where all of a sudden well maybe oil could be traded heresy in other currencies besides the U.S. dollar which is all it's traded in today. Goes back to your ecosystem question. >> This is a great point. We could riff on this stuff, let's riff on this. The UK just signed a deal with Coinbase, this is a major signal. >> Sign, yeah. >> You got a legitimate country saying we're going to give a license to Coinbase, now they have Brexit to deal with so they're looking at it as an opportunity. Outside of the UK coming in and doing that deal with Coinbase, it's on the web, look up Coinbase in the UK, you'll see the deal. You have other companies trying to jockey for who's going to be the Wall Street for crypto? Meaning I want to convert crypto to fiat, where do I go? Do I go to Estonia? Do I go to Dubai? Bahrain? Armenia? China? There is no place yet. Your thoughts, what's going to happen? What shoe will drop first? Is there a domino effect? >> Yeah, well there's a couple things as it relates to the UK and kind of the extension to Coinbase of access to the national payment system which is really what enables them to then convert fiat to crypto and back. That's pretty interesting. Going back to the programmable money thing, though. If you have a central bank issued token, you've essentially extended the real time gross settlement system which has been only accessible by commercial banks to anybody that holds that token, right? It's a trend, I think the UK sees it coming, I think the Federal Reserve sees it coming. It's going to happen. >> Is it winner take all or winner take most? >> I think it creates a much more purely efficient market. It's a democratic system so I don't think there is going to be a new Wall Street, I think it's going to be-- >> John: Decentralized. >> Exactly, I mean that's the beauty of it. It's scary though for establishments like Wall Street to look at this and it-- >> I mean are the banks scared? You're dealing with the banks right now. >> Yes, they're scared. I mean I've actually read a recent article that Bank of America, the headline was "Bank of America's afraid of digital currency." You've seen Jamie Dimon who came out with a kind of a hard stance against bitcoin and has since kind of backed away from that. >> Of course you probably bought in when it dropped and now it's back up again. >> Well I think part of the bank was actually facilitating their clients and trading bitcoin so that might've been it. There's a natural reaction to it, especially if you're part of the mainstream establishment. >> There's no proof of that, I'm just saying we're posting on Reddit and whatnot. >> No we're just joking around. Jamie's a, he's a good guy, right? >> Can I get your thoughts on digital nations? We've been talking about this. Just a few years ago, smart cities, IoT was kind of the narrative, oh be a smart city, control the traffic lights, and instrument the physical goods and services. Now with crypto and blockchain front and center conversation is digital nations with sovereignty around their cash. This is kind of your point earlier. How are you seeing that? What's your view? Are you seeing that trend? Are there dots connecting for you? Because again, people are jockeying for a position on the global digital backbone to be a major part of the money flow, the fiat conversion, what is the goods and services? Who's going to clear the values? All digital, it's a perfect storm. >> Well I think there's always going to be the need for trusted entities to be the issuers of these assets because it all comes down to trust at the end of the day. The thing with bitcoin is that it's purely autonomous and people are a little bit skeptical of it because they're like, "Well who's controlling "the monetary policy?" and the answer is the market, you know, the users of the network are controlling it and that's why you see such volatility, right? Because the traders love it, they can go in and trade the up trends and the down trends. As long as there's volatility, traders are making money. I think there is still going to be a place for central authorities to add value, but that's going to be the pressure, is for them to prove that they're adding value not, you know, bureaucracy masquerading as process. >> I was reading an article that Telegram, which is doing a huge ICO, just got shut down by the Russian government, they went to turn over their keys, their private keys of their users. Say goodbye to the-- >> Jesse: I didn't read that, that's crazy. >> It's really crazy, so that's going to put a damper on their ICO but regulatory and then government issues around countries becomes a big deal. In your experience as Wells Fargo, at a bank, looking forward in the new digital world, is it one of those situations where path of least resistance, the countries that go more friendly get around that in a sovereignty where you domicile, where you start your company, where you do your banking. I mean I could start a company in Gibraltar and bank in Switzerland. >> Well transparency is part of the benefit or the downside of this, right? I think there may be advantages that pop up but I think they will equalize over time. I've been around the world now for IBM talking to 20 plus central banks, and I had a really interesting conversation with one of them recently in Asia. We're in the room with deputy director level people who are responsible for things like the NA money laundering policy and the economics and monetary policy and things like that and one person said, "You know, we're really torn "between two equally unacceptable decisions. "One is to ignore cryptocurrencies altogether, "and the other end of the spectrum is "to make them illegal, to ban them." I thought it was poignant that they see those as unacceptable, they have to do something in the middle. >> Do they weigh or ban? I mean look, the banning's happening. >> But okay so you saw that Trump used the executive order to prevent Americans from using or trading in the Venezuelan crypto that was issued on Ethereum, right? I saw that Venezuelan thing as a publicity stunt more than anything, an active of global defiance. So there's precedent now for, and the Russia thing with Telegram-- >> The United States of America has to step up its game because look at it, we have a lot of, I mean I remember back in the crypto days when I was just getting into the business, late 80s, early 90s, you couldn't even do it in the U.S., you go to Canada, that's why Canada's got a lot of innovation up there. We're risking our country, and I had one guy tell me in Puerto Rico, he's from South Africa, and he shouldn't be throwing any stones either but his point was, he says, "America's becoming Europe. "There's a shrinking middle class "while other emerging markets have a growing middle class," so the global impact of blockchain, cryptocurrency, and these applications are significant and have to be factored into policy decision making for governments. The U.S. can't just think about itself anymore in a vacuum. >> Right, not anymore. >> Because there's implications otherwise the U.S. will turn into Europe, regulated, all these rules, byzantine stuff. It's a real problem. Your thoughts on that. >> It is. It's cliche, but we live and work in a global economy. The flow of information globally in real time has been around now for a while and it's about time it came to money. The internet of money is a term I've heard. It's just, it's unavoidable. >> Jesse Lund here inside The Cube. Great guest, great conversation. >> Yeah, thanks. >> How do people get ahold of you on IBM's, you mentioned you got some great stuff going on, you've written a paper, you've got a lot of content, where does someone go to discover some of the stuff that you're working on they could get involved with you guys? >> Yeah well I mean the best place to go is IBM.com/blockchain, that'll tell you a lot about what we're doing and the different industry-- >> And the programmable money paper you wrote, is that there? >> It's out there as well, there's a link to that. >> On IBM.com? >> You can get me directly on LinkedIn, I try to be pretty responsive with that because I really enjoy the dialogue. This is a revolution of the peoples, man, it's all over the world, so it's great, it's great to be a part of it. >> And people tokenizing their business, there's real opportunities to change the game to bring consensus, data driven, new kind of supply chain whatever to the markets you're in, great opp-, and you need banking. >> Yeah of course. >> You need to have money. Money, marketplaces, and communities, that's my mantra. >> I subscribe to it. >> Thanks for coming on. >> Thank you, thanks for having me. >> Jesse Lund. I'm John Furrier here at IBM Think 2018. Cube coverage continues after this short break. (upbeat music)

>> Announcer: Live from San Juan, Puerto Rico, it's theCube! Covering Blockchain Unbound. Brought to you by Blockchain Industries. (lively music) >> Welcome back to theCube's live special coverage here in Puerto Rico for Blockchain Unbounded which is the global event where people from around the world are coming from Silicon Valley, New York, Miami, all over the globe, Moscow, all over the world here to talk about blockchain decentralized internet, and of course, cryptocurrency. Your next guest is Olga Petrunina with Adara.IO. Welcome to theCube. >> Hi, happy to be here. >> Thanks for coming on. So you're from Moscow which it's cold there right now. What's it like? >> It's minus 15. (laughs) It's much better here in Puerto Rico. I'm happy. >> It's so exciting to have you. Thanks for coming on. So the global conference, this is really a global phenomenon. Take a minute to explain what you're working on, what the product is, what it will become, is it launched yet, what's the company about. Take one minute to explain. >> Okay. We are building intelligent blockchain ecosystem which consists of exchange and crypto wallet with artificial intelligence mechanism inside. We are providing access to the crypto for Main Street investors who have no idea about crypto, want to invest, just put their money in our wallet, pick up the strategy, and just get money. (chuckles) >> So you're targeting mainstream investors, not like the insiders? >> No, no, of course we have professional players on our platform because we're going to educate our investment mechanics with strategy of professional groups of traders. >> So are you going to have an exchange and software behind it? Explain the architecture of the solution. >> All right, we are based NEM. It's our core partner. We are early adapter surveying their protocol, Catapult. We integrated it in our exchange because they have really good new features like aggregated transactions when you can send a pool of different currencies in one transaction. That's a really great idea. Also, they implemented the centralized exchange in their protocol. So our exchange right now is centralized. We're going to build the decentralized part of our exchange based on Catapult. >> Are you worried about the centralized portion because of recent hacks? How are you thinking about doing that? >> Yeah, in case we are using a NEM protocol, they have like four layers of security. As for me, it's the most secure and most scalable protocol. Of course, we are using the cold wallets connected to our platform so we are not storing anything on hot wallets. It's like 95% storing on the cold wallets. >> What's your biggest fear? >> Oh, (laughs) spiders. (laughs) No, I just-- >> Is that a cryptocurrency I don't know about yet? (laughs) >> As for me, the biggest problem for crypto is regulation. Now, we have to... Like they're building the structure for obtaining different licenses in different countries. So we have bought update for licenses in Dubai, in Estonia, and also we are going to apply in Switzerland. So it's really hard to negotiate, everyday the new news regarding regulations. >> So talk about where the exchange will be. You mentioned Dubai. Are you having one in one nation or you having multiple countries participating? How does it work? Does everyone have to participate? >> In case of that in Dubai, there is no legal structure, for example, bank licenses in crypto, so we're going to have to invent licenses in crypto in Switzerland. In Dubai, we obtained for license trading crypto into commodities because Dubai, they're focused on commodities base. In Estonia, we received a payment system license and brokerage license. >> So one of the big news this week is Coinbase, one of the most popular exchanges, had done a deal with the UK government. I don't know if you saw that, the Financial Conduct Authority, the FCA, just now gave them a license for their fast-payment service for Fiat. So a new government move, really interesting. Are the governments that you're talking to thinking the same way? >> Yeah, we talked to Central Bank of Dubai. They're also going to legalize all the crypto and involve their blockchain and cryptocurrency with companies to set up in their legal structure in Dubai, the same with Estonia also. Everybody want to be like the "crypto alien." (chuckles_ >> The crypto Wall Street. >> Yeah, the crypto Wall Street. >> And every country wants to do it, Puerto Rico, Armenia, Bahrain wants to get in on the action. >> Yeah, the same with Russia. We are members of Russian Blockchain Association. We are working on laws for Russian government regarding crypto. It's going to be pretty good regulation. We'll publish in this summer, like July. So I hope that the-- >> Olga, talk about the entrepreneurial landscape in Russia right now. How vibrant is it? We know they have technology savvy. >> About me? >> And Russia in general. >> And Russia in general. >> In Russia, in Moscow. >> Yeah, a lot of good blockchain developers. >> And the young kids. >> Vitalik is Russian. (laughs) >> I interviewed his mom, by the way. >> Our developers based in Moscow, that's why I'm also based in Moscow. Everybody like crazy about crypto in Moscow because I think we have a lot of good tech background in Russia so why not use it for blockchain expansion. >> Great Russian expertise. I know a lot of Russian developers are good, but also in Estonia, there's some great developers, too, all over the world. >> Right, but Russia has >> It's a global revolution. >> In blockchain. Vitalik Buterin is Russian, so it makes a lot of sense. (laughs) >> When we get him on theCube, we'll grill him. What do you hope to do in the next? What's next for you? >> We're going to be public in June. Now we already developed our exchanges for (mumbles) and security check. After that, we're going to build our artificial judges of investment mechanisms, so we need like one year and a half for educated. Our next step, we are thinking about taking utilization real assets also because we already have all these elements which is necessary for the organization in our core partners technology, NEM. So I think we will move in this year also. >> What is the main thing that you're going to use in your exchange that's going to make you different? >> What's different about your exchange? >> We have a lot of expertise from different traders around the world. All of them are claiming about their unstable APIs of exchange, and we are focused on high scalability and like best technologies in API building of exchange because we need a lot of traders on the platform. We have development that APIs for follow trade. So it's like our best feature, I guess. >> What kind of partnerships are you looking to do with other people? >> We're looking for traders, of course, because we need them to bring our platform, to bring forth great entity to our platform. We are looking for companies which going to list on our exchange. Looking for investors, also. >> Olga, what do you think about this conference here? >> Oh, it's pretty amazing. Our first time in Puerto Rico. I was really surprised. It's amazing country, amazing island, and a lot of good connections. So, I'm happy to be here. >> It's a global landscape right now. >> Yeah right, it's global, peer-to-peer economy. (laughs) >> Well, Olga, thank you for coming on and sharing, theCube. We learned something today. You don't like spiders. >> (laughs) Right. (laughs) Thank you for inviting me. >> You're afraid of spiders. >> Thank you very much. >> Thank you. >> All right, more of Cube coverage here in Puerto Rico. I'm John Furrier, the host of theCube. Extracting the signal from the noise here in Puerto Rico. It's theCube's continuing coverage of the blockchain, cryptocurrency, and the decentralized application revolution. We'll be right back after this short break. (lively music)