>>Hey everyone, welcome back. It's the Cube live in Las Vegas. We've been here since Monday covering the event wall to coverage on the cube at AWS Reinvent 22, Lisa Martin here with Dave Ante. Dave, we're hearing consistently north of 50,000 people here. I'm hearing close to 300,000 online. People are back. They are ready to hear from AWS and its ecosystem. Yeah, >>I think 55 is the number I'm hearing. I've been using 50 for 2019, but somebody the other day told me, no, no, it was way more than that. Right, right. Well this feels bigger in >>2019. It does feel bigger. It does feel bigger. And we've had such great conversations as you know, because you've been watching the Cube since Monday night. We're pleased to welcome from Sumo Logic. Lynn Doherty, the president of Worldwide Field Operations. Lynn, welcome to the program. >>Thank you for having me. I'm glad to be here. Talk >>To us about what's going on at Sumo Logic. We cover them. We've been following them for a long time, but what's what's new? >>We have a lot going on at Sumo Logic. What we do is provide solutions for both observability and security. And if you think about the challenges that our customers are facing today, everybody as they're doing this digital transformation is in a situation where the data and the digital exhausts that they have is growing faster than their budgets and especially in what looks like potentially uncertain economic times. And so what we do is enable them to bring that together on a platform so that they can solve both of those problems in a really cost effective way. >>What are some of the things that you're hearing from customers in the field where it relates to Sumo logic and aws? What are they asking for? >>They continue to ask for security and, and I think as everybody goes on that journey of digital transformation and, and I think what's going on now is that there are people who are kind of in wave two of that digital transformation, but security continues to be top of mind. And again, as as our customers are moving into potentially uncertain economic times and they're saying, Hey, I've gotta shore up and, and maybe do smarter things with my budget, cybersecurity is one piece of that that is not falling off the table. That their requirements around security, around audits, around compliance don't go away regardless of what else happens. >>How do you fit in the cloud ecosystem generally? AWS specifically? I think AWS is generally perceived as a more friendly environment for the ecosystem partners. We saw CrowdStrike yesterday, you know, stock got crushed. They had a great quarter, but not as great as they thought it could be. Yeah. And one, some of the analysts were saying, well, it could be Microsoft competition at the low end of the market. Okay. AWS is like the ecosystem partners are really strong in security, lot of places to add value. Where does Sumo Logic >>Fit? Yeah, we are all in with aws. So AWS is our platform of choice. It's the platform that we're built on. It's the only platform that we use. And so we work incredibly closely with aws. In fact, last year we were the first ever AWS ISV partner of the year for as Sumo Logic, which we're not as big as some of the other players, but it just is a testament to the partnership that we have with aws. >>When you're out in the field talking with customers, we talked about some of the challenges there, but where are your customer conversations? You talked about security and cyber as is not falling off the table. In fact, it's, it's rising up the stock, it's a board level conversation. So where are the customer conversations that you're having? Are they, are they at the developer level? Are they higher? Are they at the C-suite? What does that look like? >>Yeah, it's, it's actually at both the developer and the C-suite. And so there's really two motions. The first is around developers and practitioners and people that run security operation centers. And they need tools that are easy to use that integrate in their environment. And so we absolutely work with them as a starting point because if, if they aren't happy with the tools that they have, you know, the customer can't go on that digital transformation, can't have effective application usage. But we also need to talk to C-Suite and that to CIO or a CISO who's really thinking often more broadly about how do we do things as a platform and how do we consolidate some of our tools to rationalize what we're using and really make the most of the budget that we have. And so we come at it from both angles. We call it selling above the line and below the line because both of those are really important people for us to work with. >>Above the line being sort of the business executives, >>Business executives and C-suite executives. And then, but below the line are the actual people who are using the product and using a day to day interacting with the tools. >>So how are those above the line and below the line conversations, you know, different? What, what are the, what are the above the line conversations? What are the sort of keywords that, you know, that resonate? Let's start there. >>Yeah, above the line, there's a lot that's around how do we make the most of the investments that we're making. And so there are no shortage of tools, right? You can look around this AWS floor and see that there are no shortage of tools and software products out there. And so above the line it's how do we make use of the budget that we have and get the most out of the investments we've made and do that in a really smart way. Often thinking about platforms and consolidating tools and, and using the tools and getting full value of what they have below the line. I think it's really how do they have really strong ease of use? How do they get the fastest time to value? Because time to value is really important when you're a practitioner, when you're developing an application, when you're migrating and modernizing an application, having tools that are easy to use and not just give you data but give you insights. And so that's what a conversation with a practitioner for us is, is taking data and turning it into insights that they can use. >>You know, and it seems like we never get rid of stuff in it, but there's a big conversation now when you talk to practitioners, okay, well you got some budget pressures, your sales cycles are elongating. What are you doing about, a lot of 'em are saying, well, we're consolidating and nowhere is that more needed probably than insecurity. So how, how are you seeing that play out in the market? Are you able to take advantage of that as Sumo? >>I think there's the old joke that says there is no ciso. Whoever says, if I just had one more tool, I'd be secure. >>And >>Nobody ever says that it's not one more tool. It's having effective tools and having tools that integrate. And so when I think of Sumo Logic in that space, it's number one, we really integrate with so many different tools out there that give, again, not just security information, but security insights. And so that becomes a really important part of the conversation. What, when you talk about tool consolidation, that's absolutely, I think something that has been a journey that a lot of our customers have been on and probably will be on for the foreseeable future. And so that's a place that we can really help because we have a platform that you can leverage our tool on the DevOps side and on the security side. And that's a conversation that we have a lot with our customers. Are >>You helping bridge those two, the security folks, the dev folks? Cause we talk about Shift left and CISO being involved now. Is Sumo Logic helping from a cultural perspective to bridge those two? >>Yeah, well I think it's a really good point that you make. It's, there's part of it that's a technology challenge and then there's part of it that's a cultural challenge and an organization silo challenge that happens. And so it is something that we try to bring our customers together and often start in one area of the business and help move into other areas and bring them together. It, it also comes down to that data growing faster than budgets and customers can no longer afford to keep multiple copies of the same data, the same metrics, and all of that digital exhaust that comes as they move to the cloud and modernize their applications. And so we bring that together and help them get the most use out of it. >>There are a lot of, we've been talking all week in the cube about sort of adjacencies to security. We've talking about data protections now becoming an adjacency. You know, you talk about resilience within an organization, everybody was sort of caught off guard, obviously with the pandemic, not as resilient as they could have been. So it seems like the scope of security is really expanding. You know, they always say it's, it's a team sport, okay, it's a pro mine, but it's true. Right? Whereas it used to be that guy's problem. Yeah. What are you seeing in terms of that evolution? >>Yeah, I think you're absolutely right. I think the pandemics force some of that faster than was happening, but it's absolutely something that is going on that cybersecurity is now built in from the ground up and I've been in cyber security for years and it's moved from an afterthought or something that comes after the fact, Hey, let's build the application and then we'll worry about security to, it needs to be a secure application from the ground up. And so that is bringing together that dev and SEC ops a lot because it needs to be built in, the security piece needs to be built in from the ground up on the development side. >>Absolutely. The, the threat landscape has changed so much in the last couple of years. Has the fraudsters, bad actors, whatever you wanna call 'em, are getting far more sophisticated. Yeah. So security can't be an afterthought. Can't be a built on. Yeah, it's gotta be integrated, built in from the ground up for organizations to be able to be, as they've said, resilient. We're hearing a lot about resiliency and the importance of it. For any business. >>For any business, it's important for every business. And if you think about how we interact with companies now, our view of a bank isn't the branch, it's the app, our view of office, it's this, right? It's, it's on the phone, it's on digital devices, it's on a website. And so that is your interaction, that is your experience. And so that plays into, is it up, is it running, is it responsive? That application performance piece, but also the security piece of is it secure? Is my data protected? You know, do I have any vulnerability? >>Yeah, you must have, being in field operations, a favorite customer story that you really think defines the value proposition beautifully of Sumo Logic. What story is that? >>Wow, that's a good question. I have a lot of favorite stories. You know, we have customers, for example, gaming customers that maybe aren't able to predict what their usage looks like. And that's something that we really help our customers with is the peaks and valleys. And so we have gaming customers or retail customers that we're able to take their data sources and they may be at one level and go to 10 x in a day without any notice. And we're able to handle that for them. And I think that's something that I'm really proud of is that we don't make that the customer's problem. They're, they're peaks and valleys, they're spikes that may happen seasonally in retail. It's Black Friday sales that are coming up. It's a new game that gets released. It's a new music piece that gets released and they are going to see that, but they don't have to worry about that because of us. And so that really makes me proud that we handle that and take that problem off of their shoulders. I >>See Pokemon on the website, that's a hugely popular >>Game, Pokemon now. Yes. >>Last question for you, we've got about 30 seconds left. If you had a billboard to put up in Denver where you live about Sumo Logic and its impact like an elevator pitch or a phrase that you think really summarizes the impact, what would it >>Say? Yeah, well it's a really good question. I've got it on my shirt. I dunno, it's not for the G-rated, but we fix things faster. Fix shit faster. And so for us that's really, ultimately, it's not just about having information, it's not just about having the data, it's about being able to resolve your problems quickly. And whether that's an application or a security issue, we've gotta be able to fix it faster for our customers and that's what we enable them to do. >>Fix bleep faster. Lynn, it's been a pleasure having you on the program. Thank you so much. Thank you for joining us. Awesome step at Sumo Logic. For our guest and for Dave Ante. I'm Lisa Martin. You're watching The Cube Live from Las Vegas, the leader in live enterprise and emerging tech coverage.

>>Hey everyone, and welcome back to Las Vegas. Viva Las Vegas, baby. This is the Cube live at AWS Reinvent 2022 with tens of thousands of people. Lisa Martin here with Dave Valante. Dave, we've had some great conversations. This is day one of four days of wall to wall coverage on the cube. We've been talking data. Every company is a data company. Data protection, data resiliency, absolutely table stakes for organizations to, >>And I think ecosystem is the other big theme. And that really came to life last year. You know, we came out of the pandemic and it was like, wow, we are entering a new era. People no longer was the ecosystem worried about it, AWS competing with them. They were more worried about innovating and building on top of AWS and building their own value. And that's really, I think, the theme of the 2020s within the ecosystem. >>And we're gonna be talking about building on top of aws. Two guests join us, two alumni join us. Stephen Manley is here, the CTO of Druva. Welcome back. Jason crat as well is here. CIO and CTO of Summit Carbon Solutions. Guys, great to have you back on the program. >>Thank you. >>Let's start with you giving the audience an understanding of the company. What do you guys do? What do you deliver value for customers? All that good >>Stuff. Yeah, no, for sure. So Summit Carbon is the world's largest carbon capture and sequestration company capturing close to 15 million tons of carbon every year. So it doesn't go into the atmosphere. >>Wow, fantastic. Steven, the, the risk landscape today is crazy, right? There's, there's been massive changes. We've talked about this many times. What are some of the things, you know, ransomware is a, is, I know as you say, this is a, it's not a, if it's gonna happen, it's when it's how frequent, it's what's gonna be the damage. What are some of the challenges and concerns that you're hearing from customers out there today? >>Yeah, you know, it really comes down to three things. And, and everybody is, is terrified of ransomware and justifiably so. So, so the first thing that comes up is, how do I keep up? Because I have so much data in so many places, and the threats are evolving so quickly. I don't have enough money, I don't have enough people, I don't have enough skilled resources to be able to keep up. The second thing, and this ties in with what Dave said, is, is ecosystem. You know, it used to be that your, your backup was siloed, right? They'd sit in the basement and, and you wouldn't see, see them. But now they're saying, I've gotta work with my security team. So rather than hoping the security team stays away from me, how do I integrate with them? How do I tie together? And then the third one, which is on everybody's mind, is when that attack happens, and like you said, it's win and, and the bell rings and they come to me and they say, all right, it's time for you to recover. It's time for, for all this investment we've put in. Am I gonna be ready? Am I going to be able to execute? Because a ransom or recovery is so different than any other recovery they've ever done. So it's those three things that really are top of mind for >>How, so what is the, what are the key differences, if you could summarize? I mean, I >>Know it's so, so the first one is you can't trust the environment you're restoring into. Even with a disaster, it would finish and you'd say, okay, I'm gonna get my data center set up again and I'm gonna get things working. You know, when I try to recover, I don't know if everything's clean yet. I'm trying to recover while I'm still going through incident response. So that's one big difference. A second big difference is I'm not sure if the thing I'm recovering is good, I've gotta scan it. I've gotta make sure what's inside it is, is, is alright. And then the third thing is what we're seeing is the targets are usually not necessarily the crown jewels because those tend to be more protected. And so they're running into this, I need to recover a massive amount of what we might call tier two, tier three apps that I wasn't ready for because I've always been prepared for that tier one disaster. And so, so those three things they go, it's stuff I'm not prepared or covering. It's a flow. I'm not used to having to check things and I'm not sure where I'm gonna recover too when the, when the time comes. >>Yeah, just go ahead. Yeah, that's right. I mean, I think for me, the biggest concern is the blind spots of where did I actually back it up or not. You know, what did I get it? Cuz you, we always protect our e r p, we always protect these sort of classes of tiers of systems, but then it's like, oh, that user's email box didn't get it. Oh, that, you know, that one drive didn't get it. You know, or, or, or whatever it is. You know, the infrastructure behind it all. I forgot to back that up. That to me the blind spots are the scariest part of a ransomware attack. >>And, and if you think about it, some of the most high profile attacks, you know, on the, on the colonial pipeline, they didn't go after the core assets. They went after billing. That's right. But billing brought everything down so they're smart enough to say, right, I'm not gonna take the, the castle head on. Is there is they're that. Exactly. >>And so how do you, I get, I mean you can air gap and do things like that in terms of protecting the, the, the data, the corrupt data. How do you protect the corrupt environment? Like that's, that's a really challenging issue. Is >>It? I don't know. I mean, I'll, I'll you can go second here. I think that what's interesting to me about is that's what cloud's for. You can build as many environments as you want. You only pay for what you use, right? And so you have an opportunity to just reconstruct it. That's why things, everything is code matters. That's why having a cloud partner like Druva matters. So you can just go restore wherever you need to in a totally clean environment. >>So the answer is you gotta do it in the cloud. Yeah. What if it's on prem? >>So if it's on prem, what we see people do is, and, and, and this is where testing and, and where cloud can still be an asset, is you can look and say a lot of those assets I'm running in the data center, I could still recover in the cloud. And so you can go through DR testing and you can start to define what's in your on-prem so that you could make it, you know, so you can make it cloud recoverable. Now, a lot of the people that do that then say, well actually why am I even running this on prem anymore in the first place? I should just move this to the cloud now. But, but, but there are people in that interim step. But, but, but it's really important because you, you're gonna need a clean environment to play in. And it's so hard to have a clean environment set up in a data center cuz it basically means I'm not touching this, I'm just paying for something to sit idle. Whereas cloud, I can spin that up, right? Get a, a cloud foundation suite and, and just again, infrastructures code, spin things up, test it, spin it down. It doesn't cost me money on a daily basis. >>Jason, talk a little bit about how you are using Druva. Why Druva and give us a kind of a landscape of your IT environment with Druva. >>Yeah. You know, so when we first started, you know, we did have a competitor solution and, and, and it was only backing up, you know, we were a startup. It was only backing up our email. And so as you pointed out, the ecosystem really matters because we grew out of email pretty quick as a startup. And we had to have real use cases to protect and the legacy product just wouldn't support us. And so our whole direction, or my direction to my team is back it up wherever it is, you know, go get it. And so we needed somebody in the field, literally in the middle of Nebraska or Iowa to have their laptop backed up. We needed our infrastructure, our data center backed up and we needed our, our SaaS solutions backed up. We needed it all. And so we needed a partner like Druva to help us go get it wherever it's at. >>Talk about the value in, with Druva being cloud native. >>Yeah. To us it's a big deal, right? There's all sorts of products you could go by to go just do endpoint laptop protection or just do SAS backups. For us, the value is in learning one tool and mastering it and then taking it to wherever the data is. To me, we see a lot of value for that because we can have one team focus on one product, get good at it, and drive the value. >>That consolidation theme is big right now, you know, the economic headwinds and so forth. What was the catalyst for you? Was it, is that something you started, you know, years ago? Just it's good practice to do that? What's, >>Well, no, I mean luckily I'm in a very good position as a startup to do define it, you know, but I've been in those legacy organizations where we've got a lot of tech debt and then how do you consolidate your portfolio so that you can gain more value, right? Cause you only get one budget a year, right? And so I'm lucky in, in the learnings I've had in other enterprises to deal with this head on right now as we grow, don't add tech debt, put it in right. Today. >>Talk to us a little bit about the SaaS applications that you're backing up. You know, we, we talk a lot with customers, the shared, the shared responsibility model that a lot of customers aren't aware of. Where are you using that competing solution to protect SaaS applications before driven and talk about Yeah. The, the value in that going, the data protection is our responsibility and not the SA vendor. >>No, absolutely. I mean, and it is funny to go to, you know, it's like Office 365 applications and go to our, our CFO and a leadership and be like, no, we really gotta back it up to a third party. And they're like, but why? >>It's >>In the cloud, right? And so there's a lot of instruction I have to provide to my peers and, and, and my users to help them understand why these things matter. And, and, and it works out really well because we can show value really quick when anything happens. And now we get, I mean, even in SharePoint, people will come to us to restore things when they're fully empowered to do it. But my team's faster. And so we can just get it done for them. And so it's an extra from me, it's an extra SLA or never service level I can provide to my internal customers that, that gives them more faith and trust in my organization. >>How, how are the SEC op teams and the data protection teams, the backup teams, how are they coming together? Is is, is data protection backup just morphing into security? Is it more of an adjacency? What's that dynamic like? >>So I'd say right now, and, and I'll be curious to hear Jason's organization, but certainly what we see broadly is, you know, the, the teams are starting to work together, but I wouldn't say they're merging, right? Because, you know, you think of it in a couple of ways. The first is you've got a production environment and that needs to be secured. And then you've got a protection environment. And that protection environment also has to be secured. So the first conversation for a lot of backup teams is, alright, I need to actually work with the security team to make sure that, that my, my my backup environment, it's air gapped, it's encrypted, it's secured. Then I think the, the then I think you start to see people come together, especially as they go through, say, tabletop exercises for ransomware recovery, where it's, alright, where, where can the backup team add value here? >>Because certainly recovery, that's the basics. But as there log information you can provide, are there detection pieces that you can offer? So, so I think, you know, you start to see a partnership, but, but the reality is, you know, the, the two are still separate, right? Because, you know, my job as a a protection resiliency company is I wanna make sure that when you need your data, it's gonna be there for you. And I certainly want to, to to follow best secure practices and I wanna offer value to the security team, but there's a whole lot of the security ecosystem that I want to plug into. I'm not trying to replace them again. I want to be part of that broader ecosystem. >>So how, how do you guys approach it? Yeah, >>That's interesting. Yeah. So in my organization, we, we are one team and, and not to be too cheesy or you know, whatever, but as Amazon would say, security is job one. And so we treat it as if this is it. And so we never push something into production until we are ready. And ready to us means it's got a security package on it, it's backed up, the users have tested it, we are ready to go. It's not that we're ready just be to provide the service or the thing. It's that we are actually ready to productionize this. And so it's ready for production data and that slows us down in some cases. But that's where DevOps and this idea of just merging everything together into a central, how do we get this done together, has worked out really well for us. So, >>So it's really the DevOps team's responsibility. It's not a separate data protection function. >>Nope. Nope. We have specialists of course, right? Yeah, yeah. Because you need the extra level, the CISSPs and those people Yeah, yeah. To really know what they're doing, but they're just part of the team. Yeah. >>Talk about some of the business outcomes that you're achieving with Druva so far. >>Yeah. The business outcomes for me are, you know, I meet my SLAs that's promising. I can communicate that I feel more secure in the cloud and, and all of my workloads because I can restore it. And, and that to me helps everybody in my organization sleep well, sleep better. We are, we transport a lot of the carbon in a pipeline like Colonial. And so to us, we are, we are potential victims of, of a pipe, a non pipeline group, right? Attacking us, but it's carbon, you know, we're trying to get it outta atmosphere. And so by protecting it, no matter where it is, as long as we've got internet access, we can back it up. That provides tons of value to my team because we have hundreds of people in the field working for us every day who collect data and generate it. >>What would you say to a customer who's maybe on the fence looking at different technologies, why dva? >>You know, I think, you know, do the research in my mind, it'll win if you just do the research, right? I mean, there might be vendors that'll buy you nice dinners or whatever, and those are, those are nice things, but the, the reality is you have to protect your data no matter where it is. If it's in a SaaS application, if it's in a cloud provider, if it's infrastructure, wherever it is, you need it. And if you just go look at the facts, there it is, right? And so I, I'd say be objective. Look at the facts, it'll prove itself. >>Look at the data. There you go. Steven Druva recently announced a data resiliency guarantee with a big whopping financial sum. Talk to us a little bit about that, the value in it for your customers and for prospects, >>Right? So, so basically there's, there's really two parts to this guarantee. The first is, you know, across five different SLAs, and I'll talk about those, you know, if we violate those, the customers can get a payout of up to 10 million, right? So again, putting, putting our money where our mouth is in a pretty large amount. But, but for me, the exciting part, and this is, this is where Jason went, is it's about the SLAs, right? You know, one of Drew's goals is to say, look, we do the job for you, we do the service for you so you can offer that service to your company. And so the SLAs aren't just about ransomware, some of them certainly are, you know, that, that you're going to be able to recover your data in the event of a ransomware attack, that your data won't get exfiltrated as part of a ransomware attack. >>But also things like backup success rates, because as much as recovery matters a lot more than backup, you do need a backup if you're gonna be able to get that recovery done. There's also an SLA to say that, you know, if 10 years down the road you need to recover your data, it's still recoverable, right? So, so that kind of durability piece. And then of course the availability of the service because what's the point of a service if it's not there for you when you need it? And so, so having that breadth of coverage, I think really reflects who Druva is, which is we're doing this job for you, right? We want to make this this service available so you can focus on offering other value inside your business. And >>The insurance underwriters, if they threw holy water on >>That, they, they, they were okay with it. The legal people blessed it, you know, it, you know, the CEO signed off on it, the board of directors. So, you know, it, and it, it's all there in print, it's all there on the web. If you wanna look, you know, make sure, one of the things we wanted to be very clear on is that this isn't just a marketing gimmick that we're, we're putting, that we're putting substance behind it because a lot of these were already in our contracts anyway, because as a SAS vendor, you're signing up for service level agreements anyway. >>Yeah. But most of the service level agreements and SaaS vendors are crap. They're like, you know, hey, you know, if something bad happens, you know, we'll, we'll give you a credit, >>Right? >>For, you know, for when you were down. I mean, it's not, you never get into business impact. I mean, even aws, sorry, I mean, it's true. We're a customer. I read define print, I know what I'm signing up for. But, so that's, >>We read it a lot and we will not, we don't really care about the credits at all. We care about is it their force? Is it a partner? We trust, we fight that every day in our SLAs with our vendors >>In the end, right? I mean this, we are the last line of defense. We are the thing that keeps the business up and running. So if your business, you know, can't get to his data and can't operate, me coming to you and saying, Dave, I've got some credits for you after you, you know, after you declare bankruptcy, it'll be great. Yeah, that's not a win. >>It's no value, >>Not helpful. The goal's gotta be, your business is up and running cuz that's when we're both successful. So, so, so, you know, we view this as we're in it together, right? We wanna make sure your business succeeds. Again, it's not about slight of hand, it's not about, you know, just, just putting fine print in the contract. It's about standing up and delivering. Because if you can't do that, why are we here? Right? The number one thing we hear from our customers is Dr. Just works. And that's the thing I think I'm most proud of is Druva just works. >>So, speaking of Juva, just working, if there's a billboard in Santa Clara near the new offices about Druva, what's, what's the bumper sticker? What's the tagline? >>I, I, I think, I think that's it. I think Druva just works. Keeps your data safe. Simple as that. Safe and secure. Druva works to keep your data safe and secure. >>Saved me. >>Yeah. >>Truva just works. Guys, thanks so much for joining. David, me on the program. Great to have you back on the cube. Thank you. Talking about how you're working together, what Druva is doing to really putting, its its best foot forward. We appreciate your insights and your time. Thank >>You. Thanks guys. It's great to see you guys. Likewise >>The show for our guests and Dave Ante. I'm Lisa Martin, you're watching the Cube, the leader in enterprise and emerging tech coverage.

>>The cybersecurity landscape continues to be one characterized by a series of point tools designed to do a very specific job, often pretty well, but the mosaic of tooling is grown over the years causing complexity in driving up costs and increasing exposures. So the game of Whackamole continues. Moreover, the way organizations approach security is changing quite dramatically. The cloud, while offering so many advantages, has also created new complexities. The shared responsibility model redefines what the cloud provider secures, for example, the S three bucket and what the customer is responsible for eg properly configuring the bucket. You know, this is all well and good, but because virtually no organization of any size can go all in on a single cloud, that shared responsibility model now spans multiple clouds and with different protocols. Now that of course includes on-prem and edge deployments, making things even more complex. Moreover, the DevOps team is being asked to be the point of execution to implement many aspects of an organization's security strategy. >>This extends to securing the runtime, the platform, and even now containers which can end up anywhere. There's a real need for consolidation in the security industry, and that's part of the answer. We've seen this both in terms of mergers and acquisitions as well as platform plays that cover more and more ground. But the diversity of alternatives and infrastructure implementations continues to boggle the mind with more and more entry points for the attackers. This includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and how secure those components actually are. The number one challenge CISOs face in today's complex world is lack of talent to address these challenges. And I'm not saying that SecOps pros are not talented. They are. There just aren't enough of them to go around and the adversary is also talented and very creative and there are more and more of them every day. >>Now, one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of SEC off teams. Specifically we're talking about shifting much of the heavy lifting around securing servers, storage, networking, and other infrastructure and their components onto the technology vendor via r and d and other best practices like supply chain management. And that's what we're here to talk about. Welcome to the second part in our series, A Blueprint for Trusted Infrastructure Made Possible by Dell Technologies and produced by the Cube. My name is Dave Ante and I'm your host now. Previously we looked at what trusted infrastructure means and the role that storage and data protection play in the equation. In this part two of the series, we explore the changing nature of technology infrastructure, how the industry generally in Dell specifically, are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams. >>Now today, we continue the discussion and look more deeply into servers networking and hyper-converged infrastructure to better understand the critical aspects of how one company Dell is securing these elements so that dev sec op teams can focus on the myriad new attack vectors and challenges that they faced. First up is Deepak rang Garage Power Edge security product manager at Dell Technologies. And after that we're gonna bring on Mahesh Nagar oim, who was consultant in the networking product management area at Dell. And finally, we're close with Jerome West, who is the product management security lead for HCI hyperconverged infrastructure and converged infrastructure at Dell. Thanks for joining us today. We're thrilled to have you here and hope you enjoy the program. Deepak Arage shoes powered security product manager at Dell Technologies. Deepak, great to have you on the program. Thank you. >>Thank you for having me. >>So we're going through the infrastructure stack and in part one of this series we looked at the landscape overall and how cyber has changed and specifically how Dell thinks about data protection in, in security in a manner that both secures infrastructure and minimizes organizational friction. We also hit on the storage part of the portfolio. So now we want to dig into servers. So my first question is, what are the critical aspects of securing server infrastructure that our audience should be aware of? >>Sure. So if you look at compute in general, right, it has rapidly evolved over the past couple of years, especially with trends toward software defined data centers and with also organizations having to deal with hybrid environments where they have private clouds, public cloud locations, remote offices, and also remote workers. So on top of this, there's also an increase in the complexity of the supply chain itself, right? There are companies who are dealing with hundreds of suppliers as part of their supply chain. So all of this complexity provides a lot of opportunity for attackers because it's expanding the threat surface of what can be attacked, and attacks are becoming more frequent, more severe and more sophisticated. And this has also triggered around in the regulatory and mandates around the security needs. >>And these regulations are not just in the government sector, right? So it extends to critical infrastructure and eventually it also get into the private sector. In addition to this, organizations are also looking at their own internal compliance mandates. And this could be based on the industry in which they're operating in, or it could be their own security postures. And this is the landscape in which servers they're operating today. And given that servers are the foundational blocks of the data center, it becomes extremely important to protect them. And given how complex the modern server platforms are, it's also extremely difficult and it takes a lot of effort. And this means protecting everything from the supply chain to the manufacturing and then eventually the assuring the hardware and software integrity of the platforms and also the operations. And there are very few companies that go to the lens that Dell does in order to secure the server. We truly believe in the notion and the security mentality that, you know, security should enable our customers to go focus on their business and proactively innovate on their business and it should not be a burden to them. And we heavily invest to make that possible for our customers. >>So this is really important because the premise that I set up at the beginning of this was really that I, as of security pro, I'm not a security pro, but if I were, I wouldn't want to be doing all this infrastructure stuff because I now have all these new things I gotta deal with. I want a company like Dell who has the resources to build that security in to deal with the supply chain to ensure the providence, et cetera. So I'm glad you you, you hit on that, but so given what you just said, what does cybersecurity resilience mean from a server perspective? For example, are there specific principles that Dell adheres to that are non-negotiable? Let's say, how does Dell ensure that its customers can trust your server infrastructure? >>Yeah, like when, when it comes to security at Dell, right? It's ingrained in our product, so that's the best way to put it. And security is nonnegotiable, right? It's never an afterthought where we come up with a design and then later on figure out how to go make it secure, right? Our security development life cycle, the products are being designed to counter these threats right from the big. And in addition to that, we are also testing and evaluating these products continuously to identify vulnerabilities. We also have external third party audits which supplement this process. And in addition to this, Dell makes the commitment that we will rapidly respond to any mitigations and vulnerability, any vulnerabilities and exposures found out in the field and provide mitigations and patches for in attacking manner. So this security principle is also built into our server life cycle, right? Every phase of it. >>So we want our products to provide cutting edge capabilities when it comes to security. So as part of that, we are constantly evaluating what our security model is done. We are building on it and continuously improving it. So till a few years ago, our model was primarily based on the N framework of protect, detect and rigor. And it's still aligns really well to that framework, but over the past couple of years we have seen how computers evolved, how the threads have evolved, and we have also seen the regulatory trends and we recognize the fact that the best security strategy for the modern world is a zero trust approach. And so now when we are building our infrastructure and tools and offerings for customers, first and foremost, they're cyber resilient, right? What we mean by that is they're capable of anticipating threats, withstanding attacks and rapidly recurring from attacks and also adapting to the adverse conditions in which they're deployed. The process of designing these capabilities and identifying these capabilities however, is done through the zero press framework. And that's very important because now we are also anticipating how our customers will end up using these capabilities at there and to enable their own zero trust IT environments and IT zero trusts deployments. We have completely adapted our security approach to make it easier for customers to work with us no matter where they are in their journey towards zero trust option. >>So thank you for that. You mentioned the, this framework, you talked about zero trust. When I think about n I think as well about layered approaches. And when I think about zero trust, I think about if you, if you don't have access to it, you're not getting access, you've gotta earn that, that access and you've got layers and then you still assume that bad guys are gonna get in. So you've gotta detect that and you've gotta response. So server infrastructure security is so fundamental. So my question is, what is Dell providing specifically to, for example, detect anomalies and breaches from unauthorized activity? How do you enable fast and easy or facile recovery from malicious incidents? >>Right? What is that is exactly right, right? Breachers are bound to happen. And given how complex our current environment is, it's extremely distributed and extremely connected, right? Data and users are no longer contained with an offices where we can set up a perimeter firewall and say, Yeah, everything within that is good. We can trust everything within it. That's no longer true. The best approach to protect data and infrastructure in the current world is to use a zero trust approach, which uses the principles. Nothing is ever trusted, right? Nothing is trusted implicitly. You're constantly verifying every single user, every single device, and every single access in your system at every single level of your ID environment. And this is the principles that we use on power Edge, right? But with an increased focus on providing granular controls and checks based on the principles of these privileged access. >>So the idea is that service first and foremost need to make sure that the threats never enter and they're rejected at the point of entry. But we recognize breaches are going to occur and if they do, they need to be minimized such that the sphere of damage cost by attacker is minimized. So they're not able to move from one part of the network to something else laterally or escalate their privileges and cause more damage, right? So the impact radius for instance, has to be radius. And this is done through features like automated detection capabilities and automation, automated remediation capabilities. So some examples are as part of our end to end boot resilience process, we have what they call a system lockdown, right? We can lock down the configuration of the system and lock on the form versions and all changes to the system. And we have capabilities which automatically detect any drift from that lockdown configuration and we can figure out if the drift was caused to authorized changes or unauthorized changes. >>And if it is an unauthorize change can log it, generate security alerts, and we even have capabilities to automatically roll the firm where, and always versions back to a known good version and also the configurations, right? And this becomes extremely important because as part of zero trust, we need to respond to these things at machine speed and we cannot do it at a human speed. And having these automated capabilities is a big deal when achieving that zero trust strategy. And in addition to this, we also have chassis inclusion detection where if the chassis, the box, the several box is opened up, it logs alerts, and you can figure out even later if there's an AC power cycle, you can go look at the logs to see that the box is opened up and figure out if there was a, like a known authorized access or some malicious actor opening and chain something in your system. >>Great, thank you for that lot. Lot of detail and and appreciate that. I want to go somewhere else now cuz Dell has a renowned supply chain reputation. So what about securing the, the supply chain and the server bill of materials? What does Dell specifically do to track the providence of components it uses in its systems so that when the systems arrive, a customer can be a hundred percent certain that that system hasn't been compromised, >>Right? And we've talked about how complex the modern supply chain is, right? And that's no different for service. We have hundreds of confidence on the server and a lot of these form where in order to be configured and run and this former competence could be coming from third parties suppliers. So now the complexity that we are dealing with like was the end to end approach. And that's where Dell pays a lot of attention into assuring the security approach approaching. And it starts all the way from sourcing competence, right? And then through the design and then even the manufacturing process where we are wetting the personnel leather factories and wetting the factories itself. And the factories also have physical controls, physical security controls built into them and even shipping, right? We have GPS tagging of packages. So all of this is built to ensure supply chain security. >>But a critical aspect of this is also making sure that the systems which are built in the factories are delivered to the customers without any changes or any tapper. And we have a feature called the secure component verification, which is capable of doing this. What the feature does this, when the system gets built in a factory, it generates an inventory of all the competence in the system and it creates a cryptographic certificate based on the signatures presented to this by the competence. And this certificate is stored separately and sent to the customers separately from the system itself. So once the customers receive the system at their end, they can run out to, it generates an inventory of the competence on the system at their end and then compare it to the golden certificate to make sure nothing was changed. And if any changes are detected, we can figure out if there's an authorized change or unauthorize change. >>Again, authorized changes could be like, you know, upgrades to the drives or memory and ized changes could be any sort of temper. So that's the supply chain aspect of it. And bill of metal use is also an important aspect to galing security, right? And we provide a software bill of materials, which is basically a list of ingredients of all the software pieces in the platform. So what it allows our customers to do is quickly take a look at all the different pieces and compare it to the vulnerability database and see if any of the vulner, which have been discovered out in the wild affected platform. So that's a quick way of figuring out if the platform has any known vulnerabilities and it has not been patched. >>Excellent. That's really good. My last question is, I wonder if you, you know, give us the sort of summary from your perspective, what are the key strengths of Dell server portfolio from a security standpoint? I'm really interested in, you know, the uniqueness and the strong suit that Dell brings to the table, >>Right? Yeah. We have talked enough about the complexity of the environment and how zero risk is necessary for the modern ID environment, right? And this is integral to Dell powered service. And as part of that like you know, security starts with the supply chain. We already talked about the second component verification, which is a beneath feature that Dell platforms have. And on top of it we also have a silicon place platform mode of trust. So this is a key which is programmed into the silicon on the black service during manufacturing and can never be changed after. And this immutable key is what forms the anchor for creating the chain of trust that is used to verify everything in the platform from the hardware and software integrity to the boot, all pieces of it, right? In addition to that, we also have a host of data protection features. >>Whether it is protecting data at risk in news or inflight, we have self encrypting drives, which provides scalable and flexible encryption options. And this couple with external key management provides really good protection for your data address. External key management is important because you know, somebody could physically steam the server, walk away, but then the keys are not stored on the server, it stood separately. So that provides your action layer of security. And we also have dual layer encryption where you can compliment the hardware encryption on the secure encrypted drives with software level encryption. Inion to this we have identity and access management features like multifactor authentication, single sign on roles, scope and time based access controls, all of which are critical to enable that granular control and checks for zero trust approach. So I would say like, you know, if you look at the Dell feature set, it's pretty comprehensive and we also have the flexibility built in to meet the needs of all customers no matter where they fall in the spectrum of, you know, risk tolerance and security sensitivity. And we also have the capabilities to meet all the regulatory requirements and compliance requirements. So in a nutshell, I would say that, you know, Dell Power Service cyber resident infrastructure helps accelerate zero tested option for customers. >>Got it. So you've really thought this through all the various things that that you would do to sort of make sure that your server infrastructure is secure, not compromised, that your supply chain is secure so that your customers can focus on some of the other things that they have to worry about, which are numerous. Thanks Deepak, appreciate you coming on the cube and participating in the program. >>Thank you for having >>You're welcome. In a moment I'll be back to dig into the networking portion of the infrastructure. Stay with us for more coverage of a blueprint for trusted infrastructure and collaboration with Dell Technologies on the cube. Your leader in enterprise and emerging tech coverage.

>>Welcome back everyone to the Cube and Horizon three.ai special presentation. I'm John Furrier, host of the Cube. We with Chris Hill, Sector head for strategic accounts and federal@horizonthree.ai. Great innovative company. Chris, great to see you. Thanks for coming on the Cube. >>Yeah, like I said, you know, great to meet you John. Long time listener. First time call. So excited to be here with >>You guys. Yeah, we were talking before camera. You had Splunk back in 2013 and I think 2012 was our first splunk.com. Yep. And boy man, you know, talk about being in the right place at the right time. Now we're at another inflection point and Splunk continues to be relevant and continuing to have that data driving security and that interplay. And your ceo, former CTO of Splunk as well at Horizons Neha, who's been on before. Really innovative product you guys have, but you know, Yeah, don't wait for a brief to find out if you're locking the right data. This is the topic of this thread. Splunk is very much part of this new international expansion announcement with you guys. Tell us what are some of the challenges that you see where this is relevant for the Splunk and the Horizon AI as you guys expand Node zero out internationally? >>Yeah, well so across, so you know, my role within Splunk was working with our most strategic accounts. And so I look back to 2013 and I think about the sales process like working with, with our small customers. You know, it was, it was still very siloed back then. Like I was selling to an IT team that was either using us for IT operations. We generally would always even say, yeah, although we do security, we weren't really designed for it. We're a log management tool. And you know, we, and I'm sure you remember back then John, we were like sort of stepping into the security space and in the public sector domain that I was in, you know, security was 70% of what we did. When I look back to sort of the transformation that I was, was witnessing in that digital transformation, you know when I, you look at like 2019 to today, you look at how the IT team and the security teams are, have been forced to break down those barriers that they used to sort of be silo away, would not communicate one, you know, the security guys would be like, Oh this is my BA box it, you're not allowed in today. >>You can't get away with that. And I think that the value that we bring to, you know, and of course Splunk has been a huge leader in that space and continues to do innovation across the board. But I think what we've we're seeing in the space that I was talking with Patrick Kauflin, the SVP of security markets about this, is that, you know, what we've been able to do with Splunk is build a purpose built solution that allows Splunk to eat more data. So Splunk itself, as you well know, it's an ingest engine, right? So the great reason people bought it was you could build these really fast dashboards and grab intelligence out of it, but without data it doesn't do anything, right? So how do you drive and how do you bring more data in? And most importantly from a customer perspective, how do you bring the right data in? >>And so if you think about what node zero and what we're doing in a Horizon three is that, sure we do pen testing, but because we're an autonomous pen testing tool, we do it continuously. So this whole thought of being like, Oh, crud like my customers, Oh yeah, we got a pen test coming up, it's gonna be six weeks. The wait. Oh yeah. You know, and everyone's gonna sit on their hands, Call me back in two months, Chris, we'll talk to you then. Right? Not, not a real efficient way to test your environment and shoot, we, we saw that with Uber this week. Right? You know, and that's a case where we could have helped. >>Well just real quick, explain the Uber thing cause it was a contractor. Just give a quick highlight of what happened so you can connect the >>Dots. Yeah, no problem. So there it was, I think it was one of those, you know, games where they would try and test an environment. And what the pen tester did was he kept on calling them MFA guys being like, I need to reset my password re to set my password. And eventually the customer service guy said, Okay, I'm resetting it. Once he had reset and bypassed the multifactor authentication, he then was able to get in and get access to the domain area that he was in or the, not the domain, but he was able to gain access to a partial part of the network. He then paralleled over to what would I assume is like a VA VMware or some virtual machine that had notes that had all of the credentials for logging into various domains. And so within minutes they had access. And that's the sort of stuff that we do under, you know, a lot of these tools. >>Like not, and I'm not, you know, you think about the cacophony of tools that are out there in a CTA orchestra architecture, right? I'm gonna get like a Zscaler, I'm gonna have Okta, I'm gonna have a Splunk, I'm gonna do this sore system. I mean, I don't mean to name names, we're gonna have crowd strike or, or Sentinel one in there. It's just, it's a cacophony of things that don't work together. They weren't designed work together. And so we have seen so many times in our business through our customer support and just working with customers when we do their pen test, that there will be 5,000 servers out there. Three are misconfigured. Those three misconfigurations will create the open door. Cause remember the hacker only needs to be right once, the defender needs to be right all the time. And that's the challenge. And so that's why I'm really passionate about what we're doing here at Horizon three. I see this my digital transformation, migration and security going on, which we're at the tip of the sp, it's why I joined say Hall coming on this journey and just super excited about where the path's going and super excited about the relationship with Splunk. I get into more details on some of the specifics of that. But you know, >>I mean, well you're nailing, I mean we've been doing a lot of things around super cloud and this next gen environment, we're calling it NextGen. You're really seeing DevOps, obviously Dev SecOps has, has already won the IT role has moved to the developer shift left as an indicator of that. It's one of the many examples, higher velocity code software supply chain. You hear these things. That means that it is now in the developer hands, it is replaced by the new ops, data ops teams and security where there's a lot of horizontal thinking. To your point about access, there's no more perimeter. So >>That there is no perimeter. >>Huge. A hundred percent right, is really right on. I don't think it's one time, you know, to get in there. Once you're in, then you can hang out, move around, move laterally. Big problem. Okay, so we get that. Now, the challenges for these teams as they are transitioning organizationally, how do they figure out what to do? Okay, this is the next step. They already have Splunk, so now they're kind of in transition while protecting for a hundred percent ratio of success. So how would you look at that and describe the challenges? What do they do? What is, what are the teams facing with their data and what's next? What do they, what do they, what action do they take? >>So let's do some vernacular that folks will know. So if I think about dev sec ops, right? We both know what that means, that I'm gonna build security into the app, but no one really talks about SEC DevOps, right? How am I building security around the perimeter of what's going inside my ecosystem and what are they doing? And so if you think about what we're able to do with somebody like Splunk is we could pen test the entire environment from soup to nuts, right? So I'm gonna test the end points through to it. So I'm gonna look for misconfigurations, I'm gonna, and I'm gonna look for credential exposed credentials. You know, I'm gonna look for anything I can in the environment. Again, I'm gonna do it at at light speed. And, and what we're, what we're doing for that SEC dev space is to, you know, did you detect that we were in your environment? >>So did we alert Splunk or the SIM that there's someone in the environment laterally moving around? Did they, more importantly, did they log us into their environment? And when did they detect that log to trigger that log? Did they alert on us? And then finally, most importantly, for every CSO out there is gonna be did they stop us? And so that's how we, we, we do this in, I think you, when speaking with Stay Hall, before, you know, we've come up with this boils U Loop, but we call it fine fix verify. So what we do is we go in is we act as the attacker, right? We act in a production environment. So we're not gonna be, we're a passive attacker, but we will go in un credentialed UN agents. But we have to assume, have an assumed breach model, which means we're gonna put a Docker container in your environment and then we're going to fingerprint the environment. >>So we're gonna go out and do an asset survey. Now that's something that's not something that Splunk does super well, you know, so can Splunk see all the assets, do the same assets marry up? We're gonna log all that data and think then put load that into the Splunk sim or the smoke logging tools just to have it in enterprise, right? That's an immediate future ad that they've got. And then we've got the fix. So once we've completed our pen test, we are then gonna generate a report and we could talk about about these in a little bit later. But the reports will show an executive summary the assets that we found, which would be your asset discovery aspect of that, a fixed report. And the fixed report I think is probably the most important one. It will go down and identify what we did, how we did it, and then how to fix that. >>And then from that, the pen tester or the organization should fix those. Then they go back and run another test. And then they validate through like a change detection environment to see, hey, did those fixes taste, play take place? And you know, SNA Hall, when he was the CTO of JS o, he shared with me a number of times about, he's like, Man, there would be 15 more items on next week's punch sheet that we didn't know about. And it's, and it has to do with how we, you know, how they were prioritizing the CVEs and whatnot because they would take all CVS was critical or non-critical. And it's like we are able to create context in that environment that feeds better information into Splunk and whatnot. That >>Was a lot. That brings, that brings up the, the efficiency for Splunk specifically. The teams out there. By the way, the burnout thing is real. I mean, this whole, I just finished my list and I got 15 more or whatever the list just can, keeps, keeps growing. How did Node zero specifically help Splunk teams be more efficient? Now that's the question I want to get at, because this seems like a very scalable way for Splunk customers and teams, service teams to be more efficient. So the question is, how does Node zero help make Splunk specifically their service teams be more efficient? >>So to, so today in our early interactions with building Splunk customers, what we've seen are five things, and I'll start with sort of identifying the blind spots, right? So kind of what I just talked about with you. Did we detect, did we log, did we alert? Did they stop node zero, right? And so I would, I put that at, you know, a a a more layman's third grade term. And if I was gonna beat a fifth grader at this game would be, we can be the sparring partner for a Splunk enterprise customer, a Splunk essentials customer, someone using Splunk soar, or even just an enterprise Splunk customer that may be a small shop with three people and, and just wants to know where am I exposed. So by creating and generating these reports and then having the API that actually generates the dashboard, they can take all of these events that we've logged and log them in. >>And then where that then comes in is number two is how do we prioritize those logs, right? So how do we create visibility to logs that are, have critical impacts? And again, as I mentioned earlier, not all CVEs are high impact regard and also not all are low, right? So if you daisy chain a bunch of low CVEs together, boom, I've got a mission critical AP CVE that needs to be fixed now, such as a credential moving to an NT box that's got a text file with a bunch of passwords on it, that would be very bad. And then third would be verifying that you have all of the hosts. So one of the things that Splunk's not particularly great at, and they, they themselves, they don't do asset discovery. So do what assets do we see and what are they logging from that? And then for, from, for every event that they are able to identify the, one of the cool things that we can do is actually create this low-code, no-code environment. >>So they could let, you know, float customers can use Splunk. So to actually triage events and prioritize that events or where they're being routed within it to optimize the SOX team time to market or time to triage any given event. Obviously reducing mtr. And then finally, I think one of the neatest things that we'll be seeing us develop is our ability to build glass tables. So behind me you'll see one of our triage events and how we build a lock Lockheed Martin kill chain on that with a glass table, which is very familiar to this Splunk community. We're going to have the ability, not too distant future to allow people to search, observe on those IOCs. And if people aren't familiar with an ioc, it's an incident of compromise. So that's a vector that we want to drill into. And of course who's better at drilling in into data and Splunk. >>Yeah, this is a critical, this is awesome synergy there. I mean I can see a Splunk customer going, Man, this just gives me so much more capability. Action actionability. And also real understanding, and I think this is what I wanna dig into, if you don't mind understanding that critical impact, okay. Is kind of where I see this coming. I got the data, data ingest now data's data. But the question is what not to log, You know, where are things misconfigured? These are critical questions. So can you talk about what it means to understand critical impact? >>Yeah, so I think, you know, going back to those things that I just spoke about, a lot of those CVEs where you'll see low, low, low and then you daisy chain together and you're suddenly like, oh, this is high now. But then to your other impact of like if you're a, if you're a a Splunk customer, you know, and I had, I had several of them, I had one customer that, you know, terabytes of McAfee data being brought in and it was like, all right, there's a lot of other data that you probably also wanna bring, but they could only afford, wanted to do certain data sets because that's, and they didn't know how to prioritize or filter those data sets. And so we provide that opportunity to say, Hey, these are the critical ones to bring in. But there's also the ones that you don't necessarily need to bring in because low CVE in this case really does mean low cve. >>Like an ILO server would be one that, that's the print server where the, your admin credentials are on, on like a, a printer. And so there will be credentials on that. That's something that a hacker might go in to look at. So although the CVE on it is low, if you daisy chain was something that's able to get into that, you might say, ah, that's high. And we would then potentially rank it giving our AI logic to say that's a moderate. So put it on the scale and we prioritize though, versus a, a vulner review scanner's just gonna give you a bunch of CVEs and good luck. >>And translating that if I, if I can and tell me if I'm wrong, that kind of speaks to that whole lateral movement. That's it. Challenge, right? Print server, great example, look stupid low end, who's gonna wanna deal with the print server? Oh, but it's connected into a critical system. There's a path. Is that kind of what you're getting at? >>Yeah, I used daisy chain. I think that's from the community they came from. But it's, it's just a lateral movement. It's exactly what they're doing. And those low level, low critical lateral movements is where the hackers are getting in. Right? So that's what the beauty thing about the, the Uber example is that who would've thought, you know, I've got my multifactor authentication going in a human made a mistake. We can't, we can't not expect humans to make mistakes. Were fall, were fallible, right? Yeah. The reality is is once they were in the environment, they could have protected themselves by running enough pen tests to know that they had certain exposed credentials that would've stopped the breach. Yeah. And they did not, had not done that in their environment. And I'm not poking. Yeah, >>They put it's interesting trend though. I mean it's obvious if sometimes those low end items are also not protected well. So it's easy to get at from a hacker standpoint, but also the people in charge of them can be fished easily or spear fished because they're not paying attention. Cause they don't have to. No one ever told them, Hey, be careful of what you collect. >>Yeah. For the community that I came from, John, that's exactly how they, they would meet you at a, an international event introduce themselves as a graduate student. These are national actor states. Would you mind reviewing my thesis on such and such? And I was at Adobe at the time though I was working on this and start off, you get the pdf, they opened the PDF and whoever that customer was launches, and I don't know if you remember back in like 2002, 2008 time frame, there was a lot of issues around IP being by a nation state being stolen from the United States and that's exactly how they did it. And John, that's >>Or LinkedIn. Hey I wanna get a joke, we wanna hire you double the salary. Oh I'm gonna click on that for sure. You know? Yeah, >>Right. Exactly. Yeah. The one thing I would say to you is like when we look at like sort of, you know, cuz I think we did 10,000 pen test last year is it's probably over that now, you know, we have these sort of top 10 ways that we think then fine people coming into the environment. The funniest thing is that only one of them is a, a CVE related vulnerability. Like, you know, you guys know what they are, right? So it's it, but it's, it's like 2% of the attacks are occurring through the CVEs, but yet there's all that attention spent to that. Yeah. And very little attention spent to this pen testing side. Yeah. Which is sort of this continuous threat, you know, monitoring space and, and, and this vulnerability space where I think we play such an important role and I'm so excited to be a part of the tip of the spear on this one. >>Yeah. I'm old enough to know the movie sneakers, which I love as a, you know, watching that movie, you know, professional hackers are testing, testing, always testing the environment. I love this. I gotta ask you, as we kind of wrap up here, Chris, if you don't mind the benefits to team professional services from this alliance, big news Splunk and you guys work well together. We see that clearly. What are, what other benefits do professional services teams see from the Splunk and Horizon three AI alliance? >>So if you're a, I think for, from our, our, from both of our partners as we bring these guys together and many of them already are the same partner, right? Is that first off, the licensing model is probably one of the key areas that we really excel at. So if you're an end user, you can buy for the enterprise by the enter of IP addresses you're using. But if you're a partner working with this, there's solution ways that you can go in and we'll license as to MSPs and what that business model on our MSPs looks like. But the unique thing that we do here is this c plus license. And so the Consulting Plus license allows like a, somebody a small to midsize to some very large, you know, Fortune 100, you know, consulting firms uses by buying into a license called Consulting Plus where they can have unlimited access to as many ips as they want. >>But you can only run one test at a time. And as you can imagine when we're going and hacking passwords and checking hashes and decrypting hashes, that can take a while. So, but for the right customer, it's, it's a perfect tool. And so I I'm so excited about our ability to go to market with our partners so that we underhand to sell, understand how not to just sell too or not tell just to sell through, but we know how to sell with them as a good vendor partner. I think that that's one thing that we've done a really good job building bringing into market. >>Yeah. I think also the Splunk has had great success how they've enabled partners and professional services. Absolutely. They've, you know, the services that layer on top of Splunk are multifold tons of great benefits. So you guys vector right into that ride, that wave with >>Friction. And, and the cool thing is that in, you know, in one of our reports, which could be totally customized with someone else's logo, we're going to generate, you know, so I, I used to work at another organization, it wasn't Splunk, but we, we did, you know, pen testing as a, as a for, for customers and my pen testers would come on site, they, they do the engagement and they would leave. And then another really, someone would be, oh shoot, we got another sector that was breached and they'd call you back, you know, four weeks later. And so by August our entire pen testings teams would be sold out and it would be like, wow. And in March maybe, and they'd like, No, no, no, I gotta breach now. And, and, and then when they do go in, they go through, do the pen test and they hand over a PDF and they pat you on the back and say, there's where your problems are, you need to fix it. And the reality is, is that what we're gonna generate completely autonomously with no human interaction is we're gonna go and find all the permutations that anything we found and the fix for those permutations and then once you fixed everything, you just go back and run another pen test. Yeah. It's, you know, for what people pay for one pen test, they could have a tool that does that. Every, every pat patch on Tuesday pen test on Wednesday, you know, triage throughout the week, >>Green, yellow, red. I wanted to see colors show me green, green is good, right? Not red. >>And once CIO doesn't want, who doesn't want that dashboard, right? It's, it's, it is exactly it. And we can help bring, I think that, you know, I'm really excited about helping drive this with the Splunk team cuz they get that, they understand that it's the green, yellow, red dashboard and, and how do we help them find more green so that the other guys are >>In Yeah. And get in the data and do the right thing and be efficient with how you use the data, Know what to look at. So many things to pay attention to, you know, the combination of both and then, then go to market strategy. Real brilliant. Congratulations Chris. Thanks for coming on and sharing this news with the detail around this Splunk in action around the alliance. Thanks for sharing, >>John. My pleasure. Thanks. Look forward to seeing you soon. >>All right, great. We'll follow up and do another segment on DevOps and IT and security teams as the new new ops, but, and Super cloud, a bunch of other stuff. So thanks for coming on. And our next segment, the CEO of Verizon, three AA, will break down all the new news for us here on the cube. You're watching the cube, the leader in high tech enterprise coverage.

foreign [Music] Lisa Martin of the cube here hpe and AMD better together with Shi is the name of our segment and I'm here with four guests please welcome Charlie mulrooney Global pre-sales engineering manager at SHI John saw is also of shi joins us Global pre-sales Technical consultant and back with me are Terry Richardson North American Channel Chief and Dr John Fry Chief technologist of sustainable transformation at hpe welcome gang great to have you here all here Thank you Lisa thank you good to be here all right Charlie let's go ahead and start with you keeping the Earth sustainable and minimizing carbon emissions greenhouse gases is a huge priority for businesses right everywhere globally can you talk truly about what Shi is seeing in the marketplace with respect to sustainable I.T sure so starting about a year and a half two years ago we really noticed that our customers certainly our largest Enterprise customers were putting into their annual reports their Chairman's letters their SEC filings that they had sustainability initiatives ranging from achieving carbon neutral uh or carbon zero goals starting with 20 50 dates and then since then we've seen 20 40 and 2030 targets to achieve net neutrality and rfps rfis that we're Fielding certainly all now contain elements of that so this is certainly top of mind for our largest customers our Fortune 250 and Fortune 500 customers for sure where we're seeing an onslaught of requests for this we get into many conversations with the folks that are leading these efforts to understand you know here's what we have today what can we do better what can we do different to help make it an impact on those goals so making an impact top of Mind pretty much for everyone as you mentioned John Sal's let's bring you into the conversation now when you're in customer conversations what are some of the things that you talk about with respect to shi's approach to sustainability sustainable I.T are you seeing more folks that are implementing things tactically versus strategically what's going on in the customer space well so Charlie touched on something really important that you know the the wake-up moment for us was receiving you know proposal requests or customer meeting requests that were around sustainability and it was really around two years ago I suppose for the first time and those requests started coming from european-based companies because they had a bit of a head start uh over the U.S based global companies even um and what we found was that sustainability was already well down the road and that they were doing very interesting things to uh use renewable energy for data centers uh utilized they were already considering sustainability for new technologies as a high priority versus just performance costs and other factors that you typically had at the top so as we started working with them uh I guess that beginning was more tactical because we really had to find a way to respond uh we were starting to be asked about our own efforts and in regards to sustainability we have our headquarters in Somerset and our second Headquarters in Austin Texas um those are the gold certified we've been installing solar panels producing waste across the company recycling efforts and so forth charging stations for electric vehicles all that sort of thing to make our company more sustainable in in uh in our offices and in our headquarters um but it's a lot more than that and what we found was that we wanted to look to our vast number of supply of customers and partners we have over 30 000 partners that would work with globally and tens of thousands of customers and we wanted to find best practices and Technologies and services that we could uh talk about with these customers and apply and help integrate together as a as a really large Global uh reseller and integrator we can have a play there and bring these things together from multiple uh partners that we work with to help solve customer problems and so over time it's become more strategic and we've been uh as a company building the uh the the the forward efforts through organizing a true formal sustainability team and growing that um and then also reporting for CDP echovatus and so forth and it's really that all has been coming about in the last couple of years and we take it very seriously it sounds like it also sounds like from the customer's perspective they're shifting from that tactical maybe early initial approach to being more strategic to really enabling sustainable I.T across their organization and I imagine from a business driver's perspective John saws and Charlie are you hearing customers you talked about it being part of rfps but also where are customers in terms of we need to have a sustainable I.T strategy so that we can attract and retain the right investors we can attract and retain customers Charlie John what are your thoughts on that yeah that's top of mind with uh with all the folks that we're talking to uh I would say there's probably a three-way tie for the importance of uh attracting and retaining investors as you said plus customers customers are shopping their customers are shopping for who has aligned their ESG priorities in sustainable priorities uh with their own and who is going to help them with their own reporting of you know spoke to and ultimately scope three reporting from greenhouse gas emissions and then the attracting and retaining Talent uh it's another element now of when you're bringing on a new talent to your organization they have a choice and they're thinking with their decision to accept a role or not within your organization of what your strategies are and do they align so we're seeing those almost interchangeable in terms of priorities with with the customers we're talking to it was a little surprising because we thought initially this is really focused on investors attracting the investors but it really has become quite a bit more than that and it's been actually very interesting to see the development of that prioritization more comprehensive across the organization let's bring Dr John Fry into the conversation and Terry your neck so stay tuned Dr Frey can you talk about hpe and Shia partnering together what are some of the key aspects of the relationship that help one another support and enable each other's aggressive goals where sustainability is concerned yeah it's a great question and one of the things about the sustainability domain in solving these climate challenges that we all have is we've got to come together and partner to solve them no one company's going to solve them by themselves and for our Collective customers the same way from an hpe perspective we bring the expertise on our products we bring in a sustainable I.T point of view where we've written many white papers on the topic and even workbooks that help companies Implement a sustainable I.T program but our direct sales forces can't reach all of our customers and in many cases we don't have the local knowledge that our business partners like Shi bring to the table so they extend the reach they bring their own expertise their portfolio that they offer to the customer is wider than just Enterprise Products so by working together we can do a better job of helping the customer meet their own needs give them the right Technology Solutions and enhance that customer experience it's because they get more value from us collectively it really is better together which is a very appropriate name for our segment here Terry let's bring you into the conversation talk to us about AMD how is it helping customers to create that sustainable I.T strategy and what are some of the differentiators that what AMD is doing that that are able to be delivered through Partners like Shi well Lisa you use the word enabling um just a short while ago and fundamentally AMD enables hpe and partners like Shi to bring differentiated solutions to customers so in the data center space We Begin our journey in 2017 with some fundamental Design Elements for our processor technology that we're really keenly focused on improving performance but also efficiency so now the the most common measure that we see for the types of customers that Charlie and John were talking about was really that measure of performance per watt and you'll continue to see AMD enable um customers to to try to find ways to to do more in a sustainable way within the constraints that they may be facing whether it's availability of power data center space or just needing to meet overall sustainability goals so we have skills and expertise and tools that we make available to hpe and to Shi to help them have even stronger differentiated conversations with customers sounds like to me Terry that it's that AMD can be even more of an more than an enabler but really an accelerator of what customers are able to do from a strategic perspective on sustainability you're right about that and and we actually have tools greenhouse gas TCO tools that can be leveraged to really quantify the impact of some of the the new technology decisions that customers are making to allow them to achieve their goals so we're really proud of the work that we're doing in partnership with companies like hpe and Shi Better Together as we've said at the beginning and just a minute ago Charlie let's bring you back in talk to us a little bit about what Shi is doing to leverage sustainable I.T and enable your customers to meet their sustainability goals and their initiatives so for quite a while we've had uh some offerings to help customers especially in the end user compute side a lot of customers were interested in I've got assets for you know let's say a large sales force that had been carrying tablets or laptops and you know those need to be refreshed what do I do with those how do I responsibly retire or recycle those and we've been offering solutions for that for quite some time it's within the last year or two when we started offering for them guarantees and Assurance assurances of how they can if that equipment is reusable by somebody else how can we issue them you know credits for uh carving credits for reuse of that equipment somewhere else so it's not necessarily going to be E-Waste it's uh something that can be recycled and reused we have other programs with helping extend the life of of some systems where they look at boy I have an awful lot of data on these machines where historically they might want to just retire those because the the sensitivity of the data needed to be handled very specifically we can help them properly remove the sensitive data and still allow reuse of that equipment so we've been able to accomplish some Creative Solutions specifically around end user compute in the past but we are looking to new ways now to to really help extend that into Data Center infrastructure and Beyond to really help with what are the needs what are the the best ways to help our customers handle the things that are challenging them [Music] that's a great point that you bring up Charlie and the security kind of popped into my head here John saw his question for you when you're in customer conversations and you're talking about or maybe they're talking about help us with waste reduction with recycling where are you having those customer conversations I know sustainability is a board level it's a c-level discussion but where are you having those conversations within the customer organization well so it's a it's a combination of um organizations within the customer these are these Global organizations typically when we're talking about asset like cycle management asset recovery how do you do that in a sustainable Green Way and securely the customers we're dealing with I mean security is top sustainability is right up there too obviously but uh um Charlie touched on a lot of those things and these are Global rollouts tens of thousands of employees typically to to have mobile devices laptops and phones and so forth um and they often are looking for a true managed service around the world that takes into consideration things like the most efficient way to ship products to to the employees and how do you do that in a sustainable way you need to think about that does it all go to a central location um or to each individual's home during the pandemic that made a lot of sense to do it that way I think the reason I wanted to touch on those things is that well for for example one European pharmaceutical that the states and their reports that they are already in scope one in scope two they're fully uh Net Zero at this point and and they say but that only solves three percent of our overall sustainability goals uh 97 is scope three it's travel it's shipping it's it's uh it's all the all these things that are out of their direct control a lot of times but they're coming to us now as a as a supplier and ask and and we're filling out forms and rfps and so forth uh to show that we can be a sustainable supplier in their supply chain because that's their next big goal so sustainable supply chain absolutely Dr John Fry and Terry I want to kind of get your perspectives Charlie talked about from a customer requirements perspective customers coming through RFP saying hey we've got to work with vendors who have clear sustainability initiatives that are well underway hpe and AMD hearing the same thing Dr Fry will start with you and then Terry sure absolutely we receive about 2500 customer questionnaires just on sustainability every year and that's come up from a few hundred so yeah absolutely accelerating then the conversations turn deeper can you help us quantify our carbon emissions and power consumption then the conversation has recently gone even further to when can hpe offer Net Zero or carbon neutral Technology Solutions to the customer so that they don't have to account for those Solutions in their own carbon footprint so the questions are getting more sophisticated the need for the data and the accuracy of the data is climbing and as we see potential regulatory disclosure requirements around carbon emissions I think this trend is just going to continue up yeah and we see the same thing uh we get asked more and more from our customers and partners around our own corporate sustainability goals but the surveying that the survey work that we've done with customers has led us to you know understand that you know approximately 75 percent of customers are going to make sustainability goals a key component of their rfis in 2023 which is right around the corner and you know 60 of those same customers really expect to have business level kpis uh in the new year that are really related to sustainability so this is not just a a kind of a buzzword topic this is this is kind of business imperatives that you know the company the companies like hpe and AMD and the partners like Shi that really stand behind it and really are proactive in getting out in front of customers to help are really going to be ahead of the game that's a great point that you make Terry there that this isn't we're not talking about a buzzword here we're talking about a business imperative for businesses of probably all sizes across all Industries and Dr Farr you mentioned regulations and something that we just noticed is that the SEC recently said it's proposing some rules where companies must disclose greenhouse gas emissions um if they were if that were to to come into play I'm going to come back to Charlie and John saws how would Shi and frankly at hpe and AMD be able to help companies comply if that type of Regulation were to be implemented Charlie yeah so we are in the process right now of building out a service to help customers specifically with that with the reporting we know reporting is a challenge uh the scope 2 reporting is a challenge and scope three that I guess people thought was going to be a ways out now all of a sudden hey if you have made a public statement that you're going to make an impact on your scope three uh targets and you have to report on them so that that has become really important very quickly uh as word about this requirement is rumbling around uh there's concern so we are actually working right now on something it's a little too early to fully disclose but stay tuned because we have something coming that's interesting definitely peaked my ears are are parked here Charlie well stay tuned for that Dr Brian Terry can you talk about together with Shi hpe and AMD enabling customers to manage access to the data obviously which is critical and it's doing nothing but growing and proliferating key folks need access to it we talked a little bit about security but how are from a Better Together perspective Dr Fry will start with you how are you really helping organizations on that sustainability journey to ensure that data can be accessible to those who need it when they need it and these days what is real-time requirements yeah it's an increasing challenge in fact we have changed the HP Story the way we talk about hpe's value proposition to talk about data first modernization so how often do you collect data where do you store it how do you avoid moving it how do you make sure if you're going to collect data you get insights from that data that change your business or add business value and then how long do you retain that data afterward and all of that factors into sustainable I.T because when I talk to technology Executives what they tell me again and again is there's this presumption within their user community that storage is free and so when when they have needs for collecting data for example if if once an hour would do okay but the system would collect it once a minute the default the user asks for of course is once a minute and then are you getting insights from that data or are we moving it that becomes more important when you're moving data back and forth between the public cloud or the edge because there is quite a network penalty for moving that equipment across your network there's huge power and carbon implications of doing that so it's really making a better decision about what do we collect why do we collect it what we're going to do with it when we collect and how we store it and for years customers have really talked about you know modernization and the need to modernize their data center you know I fundamentally believe that sustainability is really that Catalyst to really Drive true modernization and as they think forward um you know when we work with with hpe you know they offer a variety of purpose-built servers that can play a role in you know specific customer workloads from the larger supercomputers down to kind of general purpose servers and when we work with Partners like Shi not only can they deliver the full Suite of um offerings for on-premise deployments they're also very well positioned to leverage the public Cloud infrastructure for those workloads that really belong there and that certainly can help customers kind of achieve an end-to-end sustainability goal that's a great point that that it needs to be strategic but it also needs to be an end-to-end goal we're just about out of time but I wanted to give John saws the last word here take us out John what are some of the things Charlie kind of teased some of the things that are coming out that piqued my interest but what are some of the things that you're excited about as hpe AMD and Shi really help customers achieve their sustainability initiatives sure um a couple of comments here um so Charlie yeah you touched on some upcoming capabilities uh that uh Shi will have around the area of monitoring and management see this is difficult for all customers to be able to report in this formal way this is a train coming at everybody very quickly and um they're not ready most customers aren't ready and if we can help um as as a reseller integrator assessments to be able to understand what they're currently running compared to different scenarios of where they could go to in a future state that seems valuable if we can help in that way that's those are things that we're looking into specifically uh you know greenhouse gas emissions relevant assessments and and um and what in the comments uh of Terry and John around the power per watt and um the vast um uh portfolio of technologies that they that they had to address various workloads is uh is fantastic we'd be able to help point to Technologies like that and move customers in that direction I think as a as an integrator and a technical advisor to customers I saw an article on BBC this morning that I I think if we think about how we're working with our customers and we can help them maybe think differently about how they're using their technology to solve problems um the BBC article mentioned this was ethereum a cryptocurrency and they have a big project called merge and today was a go live date and BBC US news outlets have been reporting on it they basically changed the model from a model called The Power of work which takes a a lot of compute and graphic GPU power and so forth around the world and it's now called a power of stake which means that the people that validate that their actions in this environment are correct they have to put up a stake of their own cryptocurrency and if they're wrong it's taken from them this new model reduces the emissions of their um uh environment by 99 plus percent the June emissions from ethereum were it was 120 uh terawatts per per year terawatt hours per year and they reduced it um actually that's the equivalent of what the Netherlands needed for energy so the comparable to a medium-sized country so if you can think differently about how to solve problems it may be on-prem it may be extremely it may be that may be the public cloud in some cases or other you know interesting Innovative Technologies that the AMD hpe other partners that we can bring in along along with them as well we can solve problems differently there is a lot going on the opportunities that you all talked about to really make such a huge societal impact and impact to our planet are exciting we thank you so much for talking together about how hpe AMD and sha are really working in partnership in Synergy to help your customers across every organization really become much more focused much more collaborative about sustainable I.T guys we so appreciate your time and thank you for your insights Thank you Lisa thank you my pleasure for my guests I'm Lisa Martin in a moment Dan Molina is going to join me he's the co-president and chief technology officer of nth generation you're watching the cube the leader in high tech Enterprise coverage [Music]

>> Announcer: theCube presents HPE Discover 2022 brought to you by HPE. >> Hello and welcome back to theCube's continuous coverage HPE Discover 2022 and from Las Vegas the formerly Sands Convention Center now Venetian, John Furrier and Dave Vellante here were excited to welcome in Jen Huffstetler. Who's the Chief product Sustainability Officer at Intel Jen, welcome to theCube thanks for coming on. >> Thank you very much for having me. >> You're really welcome. So you dial back I don't know, the last decade and nobody really cared about it but some people gave it lip service but corporations generally weren't as in tune, what's changed? Why has it become so top of mind? >> I think in the last year we've noticed as we all were working from home that we had a greater appreciation for the balance in our lives and the impact that climate change was having on the world. So I think across the globe there's regulations industry and even personally, everyone is really starting to think about this a little more and corporations specifically are trying to figure out how are they going to continue to do business in these new regulated environments. >> And IT leaders generally weren't in tune cause they weren't paying the power bill for years it was the facilities people, but then they started to come together. How should leaders in technology, business tech leaders, IT leaders, CIOs, how should they be thinking about their sustainability goals? >> Yeah, I think for IT leaders specifically they really want to be looking at the footprint of their overall infrastructure. So whether that is their on-prem data center, their cloud instances, what can they do to maximize the resources and lower the footprint that they contribute to their company's overall footprint. So IT really has a critical role to play I think because as you'll find in IT, the carbon footprint of the data center of those products in use is actually it's fairly significant. So having a focus there will be key. >> You know compute has always been one of those things where, you know Intel's been makes chips so that, you know heat is important in compute. What is Intel's current goals? Give us an update on where you guys are at. What's the ideal goal in the long term? Where are you now? You guys always had a focus on this for a long, long time. Where are we now? Cause I won't say the goalpost of changed, they're changing the definitions of what this means. What's the current state of Intel's carbon footprint and overall goals? >> Yeah, no thanks for asking. As you mentioned, we've been invested in lowering our environmental footprint for decades in fact, without action otherwise, you know we've already lowered our carbon footprint by 75%. So we're really in that last mile. And that is why when we recently announced a very ambitious goal Net-Zero 2040 for our scope one and two for manufacturing operations, this is really an industry leading goal. And partly because the technology doesn't even exist, right? For the chemistries and for making the silicon into the sand into, you know, computer chips yet. And so by taking this bold goal, we're going to be able to lead the industry, partner with academia, partner with consortia, and that drive is going to have ripple effects across the industry and all of the components in semiconductors. >> Is there a changing definition of Net-Zero? What that means, cause some people say they're Net-Zero and maybe in one area they might be but maybe holistically across the company as it becomes more of a broader mandate society, employees, partners, Wall Street are all putting pressure on companies. Is the Net-Zero conversation changed a little bit or what's your view on that? >> I think we definitely see it changing with changing regulations like those coming forth from the SEC here in the US and in Europe. Net-Zero can't just be lip service anymore right? It really has to be real reductions on your footprint. And we say then otherwise and even including in our supply chain goals what we've taken new goals to reduce, but our operations are growing. So I think everybody is going through this realization that you know, with the growth, how do we keep it lower than it would've been otherwise, keep focusing on those reductions and have not just renewable credits that could have been bought in one location and applied to a different geographical location but real credible offsets for where the the products manufactured or the computes deployed. >> Jen, when you talk about you've reduced already by 75% you're on that last mile. We listened to Pat Gelsinger very closely up until recently he was the number one most frequently had on theCube guest. He's been busy I guess. But as you apply that discipline to where you've been, your existing business and now Pat's laid out this plan to increase the Foundry business how does that affect your... Are you able to carry through that reduction to, you know, the new foundries? Do you have to rethink that? How does that play in? >> Certainly, well, the Foundry expansion of our business with IBM 2.0 is going to include the existing factories that already have the benefit of those decades of investment and focus. And then, you know we have clear goals for our new factories in Ohio, in Europe to achieve goals as well. That's part of the overall plan for Net-Zero 2040. It's inclusive of our expansion into Foundry which means that many, many many more customers are going to be able to benefit from the leadership that Intel has here. And then as we onboard acquisitions as any company does we need to look at the footprint of the acquisition and see what we can do to align it with our overall goals. >> Yeah so sustainable IT I don't know for some reason was always an area of interest to me. And when we first started, even before I met you, John we worked with PG&E to help companies get rebates for installing technologies that would reduce their carbon footprint. >> Jen: Very forward thinking. >> And it was a hard thing to get, you know, but compute was the big deal. And there were technologies and I remember virtualization at the time was one and we would go in and explain to the PG&E engineers how that all worked. Cause they had metrics and that they wanted to see, but anyway, so virtualization was clearly one factor. What are the technologies today that people should be paying, flash storage was another one. >> John: AI's going to have a big impact. >> Reduce the spinning disk, but what are the ones today that are going to have an impact? >> Yeah, no, that's a great question. We like to think of the built in acceleration that we have including some of the early acceleration for virtualization technologies as foundational. So built in accelerated compute is green compute and it allows you to maximize the utilization of the transistors that you already have deployed in your data center. This compute is sitting there and it is ready to be used. What matters most is what you were talking about, John that real world workload performance. And it's not just you know, a lot of specsmanship around synthetic benchmarks, but AI performance with the built in acceleration that we have in Xeon processors with the Intel DL Boost, we're able to achieve four X, the AI performance per Watts without you know, doing that otherwise. You think about the consolidation you were talking about that happened with virtualization. You're basically effectively doing the same thing with these built in accelerators that we have continued to add over time and have even more coming in our Sapphire Generation. >> And you call that green compute? Or what does that mean, green compute? >> Well, you are greening your compute. >> John: Okay got it. >> By increasing utilization of your resources. If you're able to deploy AI, utilize the telemetry within the CPU that already exists. We have customers KDDI in Japan has a great Proofpoint that they already announced on their 5G data center, lowered their data center power by 20%. That is real bottom line impact as well as carbon footprint impact by utilizing all of those built in capabilities. So, yeah. >> We've heard some stories earlier in the event here at Discover where there was some cooling innovations that was powering moving the heat to power towns and cities. So you start to see, and you guys have been following this data center and been part of the whole, okay and hot climates, you have cold climates, but there's new ways to recycle energy where's that cause that sounds very Sci-Fi to me that oh yeah, the whole town runs on the data center exhaust. So there's now systems thinking around compute. What's your reaction to that? What's the current view on re-engineering a system to take advantage of that energy or recycling? >> I think when we look at our vision of sustainable compute over this horizon it's going to be required, right? We know that compute helps to solve society's challenges and the demand for it is not going away. So how do we take new innovations looking at a systems level as compute gets further deployed at the edge, how do we make it efficient? How do we ensure that that compute can be deployed where there is air pollution, right? So some of these technologies that you have they not only enable reuse but they also enable some you know, closing in of the solution to make it more robust for edge deployments. It'll allow you to place your data center wherever you need it. It no longer needs to reside in one place. And then that's going to allow you to have those energy reuse benefits either into district heating if you're in, you know Northern Europe or there's examples with folks putting greenhouses right next to a data center to start growing food in what we're previously food deserts. So I don't think it's science fiction. It is how we need to rethink as a society. To utilize everything we have, the tools at our hand. >> There's a commercial on the radio, on the East Coast anyway, I don't know if you guys have heard of it, it's like, "What's your one thing?" And the gentleman comes on, he talks about things that you can do to help the environment. And he says, "What's your one thing?" So what's the one thing or maybe it's not just one that IT managers should be doing to affect carbon footprint? >> The one thing to affect their carbon footprint, there are so many things. >> Dave: Two, three, tell me. >> I think if I was going to pick the one most impactful thing that they could do in their infrastructure is it's back to John's comment. It's imagine if the world deployed AI, all the benefits not only in business outcomes, you know the revenue, lowering the TCO, but also lowering the footprint. So I think that's the one thing they could do. If I could throw in a baby second, it would be really consider how you get renewable energy into your computing ecosystem. And then you know, at Intel, when we're 80% renewable power, our processors are inherently low carbon because of all the work that we've done others have less than 10% renewable energy. So you want to look for products that have low carbon by design, any Intel based system and where you can get renewables from your grid to ask for it, run your workload there. And even the next step to get to sustainable computing it's going to take everyone, including every enterprise to think differently and really you know, consider what would it look like to bring renewables onto my site? If I don't have access through my local utility and many customers are really starting to evaluate that. >> Well Jen its great to have you on theCube. Great insight into the current state of the art of sustainability and carbon footprint. My final question for you is more about the talent out there. The younger generation coming in I'll say the pressure, people want to work for a company that's mission driven we know that, the Wall Street impact is going to be financial business model and then save the planet kind of pressure. So there's a lot of talent coming in. Is there awareness at the university level? Is there a course where can, do people get degrees in sustainability? There's a lot of people who want to come into this field what are some of the talent backgrounds of people learning or who might want to be in this field? What would you recommend? How would you describe how to onboard into the career if they want to contribute? What are some of those factors? Cause it's not new, new, but it's going to be globally aware. >> Yeah well there certainly are degrees with focuses on sustainability maybe to look at holistically at the enterprise, but where I think the globe is really going to benefit, we didn't really talk about the software inefficiency. And as we delivered more and more compute over the last few decades, basically the programming languages got more inefficient. So there's at least 35% inefficiency in the software. So being a software engineer, even if you're not an AI engineer. So AI would probably be the highest impact being a software engineer to focus on building new applications that are going to be efficient applications that they're well utilizing the transistor that they're not leaving zombie you know, services running that aren't being utilized. So I actually think-- >> So we got a program in assembly? (all laughing) >> (indistinct), would get really offended. >> Get machine language. I have to throw that in sorry. >> Maybe not that bad. (all laughing) >> That's funny, just a joke. But the question is what's my career path. What's a hot career in this area? Sustainability, AI totally see that. Anything else, any other career opportunities you see or hot jobs or hot areas to work on? >> Yeah, I mean, just really, I think it takes every architect, every engineer to think differently about their design, whether it's the design of a building or the design of a processor or a motherboard we have a whole low carbon architecture, you know, set of actions that are we're underway that will take to the ecosystem. So it could really span from any engineering discipline I think. But it's a mindset with which you approach that customer problem. >> John: That system thinking, yeah. >> Yeah sustainability designed in. Jen thanks so much for coming back in theCube, coming on theCube. It's great to have you. >> Thank you. >> All right. Dave Vellante for John Furrier, we're sustaining theCube. We're winding down day three, HPE Discover 2022. We'll be right back. (upbeat music)

(upbeat music) >> We're back at VeeamON 2022. We're here at the Aria in Las Vegas Dave Vellante with Dave Nicholson. Bill Andrews is here. He's the president and CEO of ExaGrid, mass boy. Bill, thanks for coming on theCUBE. >> Thanks for having me. >> So I hear a lot about obviously data protection, cyber resiliency, what's the big picture trends that you're seeing when you talk to customers? >> Well, I think clearly we were talking just a few minutes ago, data's growing like crazy, right This morning, I think they said it was 28% growth a year, right? So data's doubling almost just a little less than every three years. And then you get the attacks on the data which was the keynote speech this morning as well, right. All about the ransomware attacks. So we've got more and more data, and that data is more and more under attack. So I think those are the two big themes. >> So ExaGrid as a company been around for a long time. You've kind of been the steady kind of Eddy, if you will. Tell us about ExaGrid, maybe share with us some of the differentiators that you share with customers. >> Sure, so specifically, let's say in the Veeam world you're backing up your data, and you really only have two choices. You can back that up to disc. So some primary storage disc from a Dell, or a Hewlett Packard, or an NetApp or somebody, or you're going to back it up to what's called an inline deduplication appliance maybe a Dell Data Domain or an HPE StoreOnce, right? So what ExaGrid does is we've taken the best of both those but not the challenges of both those and put 'em together. So with disc, you're going to get fast backups and fast restores, but because in backup you keep weekly's, monthly's, yearly retention, the cost of this becomes exorbitant. If you go to a deduplication appliance, and let's say the Dell or the HPs, the data comes in, has to be deduplicated, compare one backup to the next to reduce that storage, which lowers the cost. So fixes that problem, but the fact that they do it inline slows the backups down dramatically. All the data is deduplicated so the restores are slow, and then the backup window keeps growing as the data grows 'cause they're all scale up technologies. >> And the restores are slow 'cause you got to rehydrate. >> You got to rehydrate every time. So what we did is we said, you got to have both. So our appliances have a front end disc cache landing zone. So you're right directed to the disc., Nothing else happens to it, whatever speed the backup app could write at that's the speed we take it in at. And then we keep the most recent backups in that landing zone ready to go. So you want to boot a VM, it's not an hour like a deduplication appliance it's a minute or two. Secondly, we then deduplicate the data into a second tier which is a repository tier, but we have all the deduplicated data for the long term retention, which gets the cost down. And on top of that, we're scale out. Every appliance has networking processor memory end disc. So if you double, triple, quadruple the data you double, triple, quadruple everything. And if the backup window is six hours at 100 terabyte it's six hours at 200 terabyte, 500 terabyte, a petabyte it doesn't matter. >> 'Cause you scale out. >> Right, and then lastly, our repository tier is non-network facing. We're the only ones in the industry with this. So that under a ransomware attack, if you get hold of a rogue server or you hack the media server, get to the backup storage whether it's disc or deduplication appliance, you can wipe out all the backup data. So you have nothing to recover from. In our case, you wipe it out, our landing zone will be wiped out. We're no different than anything else that's network facing. However, the only thing that talks to our repository tier is our object code. And we've set up security policies as to how long before you want us to delete data, let's say 10 days. So if you have an attack on Monday that data doesn't get deleted till like a week from Thursday, let's say. So you can freeze the system at any time and do restores. And then we have immutable data objects and all the other stuff. But the culmination of a non-network facing tier and the fact that we do the delayed deletes makes us the only one in the industry that can actually truly recover. And that's accelerating our growth, of course. >> Wow, great description. So that disc cache layer is a memory, it's a flash? >> It's disc, it's spinning disc. >> Spinning disc, okay. >> Yeah, no different than any other disc. >> And then the tiered is what, less expensive spinning disc? >> No, it's still the same. It's all SaaS disc 'cause you want the quality, right? So it's all SaaS, and so we use Western Digital or Seagate drives just like everybody else. The difference is that we're not doing any deduplication coming in or out of that landing zone to have fast backups and fast restores. So think of it like this, you've got disc and you say, boy it's too expensive. What I really want to do then is put maybe a deduplication appliance behind it to lower the cost or reverse it. I've got a deduplication appliance, ugh, it's too slow for backups and restores. I really want to throw this in front of it to have fast backups first. Basically, that's what we did. >> So where does the cost savings, Bill come in though, on the tier? >> The cost savings comes in the fact that we got deduplication in that repository. So only the most recent backup >> Ah okay, so I get it. >> are the duplicated data. But let's say you had 40 copies of retention. You know, 10 weekly's, 36 monthly's, a few yearly. All of that's deduplicated >> Okay, so you're deduping the stuff that's not as current. >> Right. >> Okay. >> And only a handful of us deduplicate at the layer we do. In other words, deduplication could be anywhere from two to one, up to 50 to one. I mean it's all over the place depending on the algorithm. Now it's what everybody's algorithms do. Some backup apps do two to one, some do five to one, we do 20 to one as well as much as 50 to one depending on the data types. >> Yeah, so the workload is going to largely determine the combination >> The content type, right. with the algos, right? >> Yeah, the content type. >> So the part of the environment that's behind the illogical air gap, if you will, is deduped data. >> Yes. >> So in this case, is it fair to say that you're trading a positive economic value for a little bit longer restore from that environment? >> No, because if you think about backup 95% of the customers restores are from the most recent data. >> From the disc cache. >> 95% of the time 'cause you think about why do you need fast restores? Somebody deleted a file, somebody overwrote a file. They can't go work, they can't open a file. It's encrypted, it's corrupted. That's what IT people are trying to keep users productive. When do you go for longer-term retention data? It's an SEC audit. It's a HIPAA audit. It's a legal discovery, you don't need that data right away. You have days and weeks to get that ready for that legal discovery or that audit. So we found that boundary where you keep users productive by keeping the most recent data in the disc cache landing zone, but anything that's long term. And by the way, everyone else is long term, at that point. >> Yeah, so the economics are comparable to the dedupe upfront. Are they better, obviously get the performance advance? >> So we would be a lot looped. The thing we replaced the most believe it or not is disc, we're a lot less expensive than the disc. I was meeting with some Veeam folks this morning and we were up against Cisco 3260 disc at a children's hospital. And on our quote was $500,000. The disc was 1.4 million. Just to give you an example of the savings. On a Data Domain we're typically about half the price of a Data Domain. >> Really now? >> The reason why is their front end control are so expensive. They need the fastest trip on the planet 'cause they're trying to do inline deduplication. >> Yeah, so they're chasing >> They need the fastest memory >> on the planet. >> this chips all the time. They need SSD on data to move in and out of the hash table. In order to keep up with inline, they've got to throw so much compute at it that it drives their cost up. >> But now in the case of ransomware attack, are you saying that the landing zone is still available for recovery in some circumstances? Or are you expecting that that disc landing zone would be encrypted by the attacker? >> Those are two different things. One is deletion, one is encryption. So let's do the first scenario. >> I'm talking about malicious encryption. >> Yeah, absolutely. So the first scenario is the threat actor encrypts all your primary data. What's does he go for next? The backup data. 'Cause he knows that's your belt and suspend is to not pay the ransom. If it's disc he's going to go in and put delete commands at the disc, wipe out the disc. If it's a data domain or HPE StoreOnce, it's all going to be gone 'cause it's one tier. He's going to go after our landing zone, it's going to be gone too. It's going to wipe out our landing zone. Except behind that we have the most recent backup deduplicate in the repository as well as all the other backups. So what'll happen is they'll freeze the system 'cause we weren't going to delete anything in the repository for X days 'cause you set up a policy, and then you restore the most recent backup into the landing zone or we can restore it directly to your primary storage area, right? >> Because that tier is not network facing. >> That's right. >> It's fenced off essentially. >> People call us every day of the week saying, you saved me, you saved me again. People are coming up to me here, you saved me, you saved me. >> Tell us a story about that, I mean don't give me the names but how so. >> I'll actually do a funnier story, 'cause these are the ones that our vendors like to tell. 'Cause I'm self-serving as the CEO that's good of course, a little humor. >> It's your 15 minutes of job. >> That is my 15 minutes of fame. So we had one international company who had one ExaGrid at one location, 19 Data Domains at the other locations. Ransomware attack guess what? 19 Data Domains wiped out. The one ExaGrid, the only place they could restore. So now all 20 locations of course are ExaGrids, China, Russia, Mexico, Germany, US, et cetera. They rolled us out worldwide. So it's very common for that to occur. And think about why that is, everyone who's network facing you can get to the storage. You can say all the media servers are buttoned up, but I can find a rogue server and snake my way over the storage, I can. Now, we also of course support the Veeam Data Mover. So let's talk about that since we're at a Veeam conference. We were the first company to ever integrate the Veeam Data Mover. So we were the first actually ever integration with Veeam. And so that Veeam Data Mover is a protocol that goes from Veeam to the ExaGrid, and we run it on both ends. So that's a more secure protocol 'cause it's not an open format protocol like SaaS. So with running the Veeam Data Mover we get about 30% more performance, but you do have a more secure protocol layer. So if you don't get through Veeam but you get through the protocol, boom, we've got a stronger protocol. If you make it through that somehow, or you get to it from a rogue server somewhere else we still have the repository. So we have all these layers so that you can't get at it. >> So you guys have been at this for a while, I mean decade and a half plus. And you've raised a fair amount of money but in today's terms, not really. So you've just had really strong growth, sequential growth. I understand it, and double digit growth year on year. >> Yeah, about 25% a year right now >> 25%, what's your global strategy? >> So we have sales offices in about 30 countries already. So we have three sales teams in Brazil, and three in Germany, and three in the UK, and two in France, and a lot of individual countries, Chile, Argentina, Columbia, Mexico, South Africa, Saudi, Czech Republic, Poland, Dubai, Hong Kong, Australia, Singapore, et cetera. We've just added two sales territories in Japan. We're adding two in India. And we're installed in over 50 countries. So we've been international all along the way. The goal of the company is we're growing nicely. We have not raised money in almost 10 years. >> So you're self-funding. You're cash positive. >> We are cash positive and self-funded and people say, how have you done that for 10 years? >> You know what's interesting is I remember, Dave Scott, Dave Scott was the CEO of 3PAR, and he told me when he came into that job, he told the VCs, they wanted to give him 30 million. He said, I need 80 million. I think he might have raised closer to a hundred which is right around what you guys have raised. But like you said, you haven't raised it in a long time. And in today's terms, that's nothing, right? >> 100 is 500 in today's terms. >> Yeah, right, exactly. And so the thing that really hurt 3PAR, they were public companies so you could see all this stuff is they couldn't expand internationally. It was just too damn expensive to set up the channels, and somehow you guys have figured that out. >> 40% of our business comes out of international. We're growing faster internationally than we are domestically. >> What was the formula there, Bill, was that just slow and steady or? >> It's a great question. >> No, so what we did, we said let's build ExaGrid like a McDonald's franchise, nobody's ever done that before in high tech. So what does that mean? That means you have to have the same product worldwide. You have to have the same spares model worldwide. You have to have the same support model worldwide. So we early on built the installation. So we do 100% of our installs remotely. 100% of our support remotely, yet we're in large enterprises. Customers racks and stacks the appliances we get on with them. We do the entire install on 30 minutes to about three hours. And we've been developing that into the product since day one. So we can remotely install anywhere in the world. We keep spares depots all over the world. We can bring 'em up really quick. Our support model is we have in theater support people. So they're in Europe, they're in APAC, they're in the US, et cetera. And we assign customers to the support people. So they deal with the same support person all the time. So everything is scalable. So right now we're going to open up India. It's the same way we've opened up every other country. Once you've got the McDonald's formula we just stamp it all over the world. >> That's amazing. >> Same pricing, same product same model, same everything. >> So what was the inspiration for that? I mean, you've done this since day one, which is what like 15, 16 years ago. Or just you do engineering or? >> No, so our whole thought was, first of all you can't survive anymore in this world without being an international company. 'Cause if you're going to go after large companies they have offices all over the world. We have companies now that have 17, 18, 20, 30 locations. And there were in every country in the world, you can't go into this business without being able to ship anywhere in the world and support it for a single customer. You're not going into Singapore because of that. You're going to Singapore because some company in Germany has offices in the U.S, Mexico Singapore and Australia. You have to be international. It's a must now. So that was the initial thing is that, our goal is to become a billion dollar company. And we're on path to do that, right. >> You can see a billion. >> Well, I can absolutely see a billion. And we're bigger than everybody thinks. Everybody guesses our revenue always guesses low. So we're bigger than you think. The reason why we don't talk about it is we don't need to. >> That's the headline for our writers, ExaGrid is a billion dollar company and nobody's know about it. >> Million dollar company. >> On its way to a billion. >> That's right. >> You're not disclosing. (Bill laughing) But that's awesome. I mean, that's a great story. I mean, you kind of are a well kept secret, aren't you? >> Well, I dunno if it's a well kept secret. You know, smaller companies never have their awareness of big companies, right? The Dells of the world are a hundred billion. IBM is 70 billion, Cisco is 60 billion. Easy to have awareness, right? If you're under a billion, I got to give a funny story then I think we got to close out here. >> Oh go ahead please. >> So there's one funny story. So I was talking to the CIO of a super large Fortune 500 company. And I said to him, "Just so who do you use?" "I use IBM Db2, and I use, Cisco routers, and I use EMC primary storage, et cetera. And I use all these big." And I said, "Would you ever switch from Db2?" "Oh no, the switching costs would kill me. I could never go to Oracle." So I said to him, "Look would you ever use like a Pure Storage, right. A couple billion dollar company." He says, "Who?" >> Huh, interesting. >> I said to him, all right so skip that. I said, "VMware, would you ever think about going with Nutanix?" "Who?" Those are billion dollar plus companies. And he was saying who? >> Public companies. >> And he was saying who? That's not uncommon when I talk to CIOs. They see the big 30 and that's it. >> Oh, that's interesting. What about your partnership with Veeam? Tell us more about that. >> Yeah, so I would actually, and I'm going to be bold when I say this 'cause I think you can ask anybody here at the conference. We're probably closer first of all, to the Veeam sales force than any company there is. You talk to any Veeam sales rep, they work closer with ExaGrid than any other. Yeah, we are very tight in the field and have been for a long time. We're integrated with the Veeam Data Boomer. We're integrated with SOBR. We're integrated with all the integrations or with the product as well. We have a lot of joint customers. We actually do a lot of selling together, where we go in as Veeam ExaGrid 'cause it's a great end to end story. Especially when we're replacing, let's say a Dell Avamar to Dell Data Domain or a Dell Network with a Dell Data Domain, very commonly Veeam ExaGrid go in together on those types of sales. So we do a lot of co-selling together. We constantly train their systems engineers around the world, every given week we're training either inside sales teams, and we've trained their customer support teams in Columbus and Prague. So we're very tight with 'em we've been tight for over a decade. >> Is your head count public? Can you share that with us? >> So we're just over 300 employees. >> Really, wow. >> We have 70 open positions, so. >> Yeah, what are you looking for? Yeah, everything, right? >> We are looking for engineers. We are looking for customer support people. We're looking for marketing people. We're looking for inside sales people, field people. And we've been hiring, as of late, major account reps that just focus on the Fortune 500. So we've separated that out now. >> When you hire engineers, I mean I think I saw you were long time ago, DG, right? Is that true? >> Yeah, way back in the '80s. >> But systems guy. >> That's how old I am. >> Right, systems guy. I mean, I remember them well Eddie Castro and company. >> Tom West. >> EMV series. >> Tom West was the hero of course. >> The EMV 4000, the EMV 20,000, right? >> When were kids, "The Soul of a New Machine" was the inspirational book but anyway, >> Yeah Tracy Kidder, it was great. >> Are you looking for systems people, what kind of talent are you looking for in engineering? >> So it's a lot of Linux programming type stuff in the product 'cause we run on a Linux space. So it's a lot of Linux programs so its people in those storage. >> Yeah, cool, Bill, hey, thanks for coming on to theCUBE. Well learned a lot, great story. >> It's a pleasure. >> That was fun. >> Congratulations. >> Thanks. >> And good luck. >> All right, thank you. >> All right, and thank you for watching theCUBE's coverage of VeeamON 2022, Dave Vellante for Dave Nicholson. We'll be right back right after this short break, stay with us. (soft beat music)

(light music playing) >> Welcome back to VEEAMON 2022 in Las Vegas. We're at the Aria. This is theCUBE and we're covering two days of VEEAMON. We've done a number of VEEAMONs before, we did Miami, we did New Orleans, we did Chicago and we're, we're happy to be back live after two years of virtual VEEAMONs. I'm Dave Vellante. My co-host is David Nicholson. Eric Herzog is here. You think he's, Eric's been on theCUBE, I think more than any other guest, including Pat Gelsinger, who at one point was the number one guest. Eric Herzog, CMO of INFINIDAT great to see you again. >> Great, Dave, thank you. Love to be on theCUBE. And of course notice my Hawaiian shirt, except I now am supporting an INFINIDAT badge on it. (Dave laughs) Look at that. >> Is that part of the shirt or is that a clip-on? >> Ah, you know, one of those clip-ons but you know, it looks good. Looks good. >> Hey man, what are you doing at VEEAMON? I mean, you guys started this journey into data protection several years ago. I remember we were actually at one of their competitors' events when you first released it, but tell us what's going on with Veeam. >> So we do a ton of stuff with Veeam. We do custom integration. We got some integration on the snapshotting side, but we do everything and we have a purpose built backup appliance known as InfiniGuard. It works with Veeam. We also actually have some customers who use our regular primary storage device as a backup target. The InfiniGuard product will do the data reduction, the dedupe compression, et cetera. The standard product does not, it's just a standard high performance array. We will compress the data, but we have customers that do it either way. We have a couple customers that started with the InfiniBox and then transitioned to the InfiniGuard, realizing that why would you put it on regular storage? Why not go to something that's customized for it? So we do that. We do stuff in the field with them. We've been at all the VEEAMONs since the, since like, I think the second one was the first one we came to. We're doing the virtual one as well as the live one. So we've got a little booth inside, but we're also doing the virtual one today as well. So really strong work with Veeam, particularly at the field level with the sales guys and in the channel. >> So when INFINIDAT does something, you guys go hardcore, high end, fast recovery, you just, you know, reliable, that's kind of your brand. Do you see this movement into data protection as kind of an adjacency to your existing markets? Is it a land and expand strategy? Can you kind of explain the strategy there. >> Ah, so it's actually for us a little bit of a hybrid. So we have several accounts that started with InfiniBox and now have gone with the InfiniGuard. So they start with primary storage and go with secondary storage/modern data protection. But we also have, in fact, we just got a large PO from a Fortune 50, who was buying the InfiniGuard first and now is buying our InfiniBox. >> Both ways. Okay. >> All flash array. And, but they started with backup first and then moved to, so we've got them moving both directions. And of course, now that we have a full portfolio, our original product, the InfiniBox, which was a hybrid array, outperformed probably 80 to 85% of the all flash arrays, 'cause the way we use DRAM. And what's so known as our mural cash technology. So we could do very well, but there is about, you know, 15, 20% of the workloads we could not outperform the competition. So then we had an all flash array and purpose built backup. So we can do, you know, what I'll say is standard enterprise storage, high performance enterprise storage. And then of course, modern data protection with our partnerships such as what we do with Veeam and we've incorporated across the entire portfolio, intense cyber resilience technology. >> Why does the world, Eric, need another purpose built backup appliance? What do you guys bring that is filling a gap in the marketplace? >> Well, the first thing we brought was much higher performance. So when you look at the other purpose built backup appliances, it's been about our ability to have incredibly high performance. The second area has been CapEx and OpEx reduction. So for example, we have a cloud service provider who happens to be in South Africa. They had 14 purpose built backup appliances from someone else, seven in one data center and seven in another. Now they have two InfiniGuards, one in each data center handling all of their backup. You know, they're selling backup as a service. They happen to be using Veeam as well as one other backup company. So if you're the cloud provider from their perspective, they just dramatically reduce their CapEx and OpEx. And of course they've made it easier for them. So that's been a good story for us, that ability to consolidation, whether it be on primary storage or secondary storage. We have a very strong play with cloud providers, particularly those meeting them in small that have to compete with the hyperscalers right. They don't have the engineering of Amazon or Google, right? They can't compete with what the Azure guys have got, but because the way both the InfiniGuard and the InfiniBox work, they could dramatically consolidate workloads. We probably got 30 or 40 midsize and actually several members of the top 10 telcos use us. And when they do their clouds, both their internal cloud, but actually the clouds that are actually running the transmissions and the traffic, it actually runs on InfiniBox. One of them has close to 200 petabytes of InfiniBox and InfiniBox, all flash technology running one of the largest telcos on the planet in a cloud configuration. So all that's been very powerful for us in driving revenue. >> So phrases of the week have been air gap, logical air gap, immutable. Where does InfiniGuard fit into that universe? And what's the profile of the customer that's going to choose InfiniGuard as the target where they're immutable, Write Once Read Many, data is going to live. >> So we did, we announced our InfiniSafe technology first on the InfiniGuard, which actually earlier this year. So we have what I call the four legs of the stool of cyber resilience. One is immutable snapshots, but that's only part of it. Second is logical air gapping, and we can do both local and remote and we can provide and combine local with remote. So for example, what that air gap does is separate the management plane from the actual data plane. Okay. So in this case, the Veeam data backup sets. So the management cannot touch that immutable, can't change it, can't delete it. can't edit it. So management is separated once you start and say, I want to do an immutable snap of two petabytes of Veeam backup dataset. Then we just do that. And the air gap does it, but then you could take the local air gap because as you know, from inception to the end of an attack can be close to 300 days, which means there could be a fire. There could be a tornado, there could be a hurricane, there could be an earthquake. And in the primary data center, So you might as well have that air gap just as you would do- do a remote for disaster recovery and business continuity. Then we have the ability to create a fenced forensic environment to evaluate those backup data sets. And we can do that actually on the same device. That is the purpose built backup appliance. So when you look at the architectural, these are public from our competitors, including the guys that are in sort of Hopkinton/Austin, Texas. You can see that they show a minimum of two physical devices. And in many cases, a third, we can do that with one. So not only do we get the fence forensic environment, just like they do, but we do it with reduction, both CapEx and OpEx. Purpose built backup is very high performance. And then the last thing is our ability to recover. So some people talk about rapid recovery, I would say, they dunno what they're talking about. So when we launched the InfiniGuard with InfiniSafe, we did a live demo, 1.5 petabytes, a Veeam backup dataset. We recovered it in 12 minutes. So once you've identified and that's on the InfiniGuard. On the InfiniBox, once you've identified a good copy of data to do the recovery where you're free of malware ransomware, we can do the recovery in three to five seconds. >> Okay. >> So really, really quick. Actually want to double click on something because people talk about immutable copies, immutable snapshots in particular, what have the actual advances been? I mean, is this simply a setting that maybe we didn't set for retention at some time in the past, or if you had to engineer something net new into a system so to provide that logical air gap. >> So what's net new is the air gapping part. Immutable snapshots have been around, you know, before we were on screen, you talked about WORM, Write Once Read Many. Well, since I'm almost 70 years old, I actually know what that means. When you're 30 or 40 or 50, you probably don't even know what a WORM is. Okay. And the real use of immutable snapshots, it was to replace WORM which was an optical technology. And what was the primary usage? Regulatory and compliance, healthcare, finance and publicly traded companies that were worried about. The SEC or the EU or the Japanese finance ministry coming down on them because they're out of compliance and regulatory. That was the original use of immutable snap. Then people were, well, wait a second. Malware ransomware could attack me. And if I got something that's not changeable, that makes it tougher. So the real magic of immutability was now creating the air gap part. Immutability has been around, I'd say 25 years. I mean, WORMs sort of died back when I was at Mac store the first time. So that was 1990-ish is when WORMs sort of fell away. And there have been immutable snapshots from most of the major storage vendors, as well as a lot of the small vendors ever since they came out, it's kind of like a checkbox item because again, regulatory and compliance, you're going to sell to healthcare, finance, public trade. If you don't have the immutable snapshot, then they don't have their compliance and regulatory for SEC or tax purposes, right? With they ever end up in an audit, you got to produce data. And no one's using a WORM drive anymore to my knowledge. >> I remember the first storage conference I ever went to was in Monterey. It had me in the early 1980s, 84 maybe. And it was a optical disc drive conference. The Jim Porter of optical. >> Yep. (laughs) >> I forget what the guy's name was. And I remember somebody coming up to me, I think it was like Bob Payton rest his soul, super smart strategy guy said, this is never going to happen because of the cost and that's what it was. And now you've got that capability on flash, you know, hard disk, et cetera. >> Right. >> So the four pillars, immutability, the air gap, both local and remote, the fence forensics and the recovery speed. Right? >> Right. Pick up is one thing. Recovery is everything. Those are the four pillars, right? >> Those are the four things. >> And your contention is that those four things together differentiate you from the competition. You mentioned, you know, the big competition, but how unique is this in the marketplace, those capabilities and how difficult is it to replicate? >> So first of all, if someone really puts their engineering hat to it, it's not that hard to replicate. It takes a while. Particularly if you're doing an enterprise, for example, our solutions all have a hundred percent availability guarantee. That's hard to do. Most guys have seven nines. >> That's hard. >> We really will guarantee a hundred percent availability. We offer an SLA that's included when you buy. We don't charge extra for it. It's like if you want it, like you just get it. Second thing is really making sure on the recovery side is the hardest part, particularly on a purpose built backup appliance. So when you look at other people and you delve into their public material, press releases, white paper, support documentation. No one's talking about. Yeah, we can take a 1.5 petabyte Veeam backup data set and make it available in 12 minutes and 12 seconds, which was the exact time that we did on our live demo when we launched the product in February of 2022. No one's talking that. On primary storage, you're hearing some of the vendors such as my old employer that also who, also starts with an "I", talk about a recovery time of two to three hours once you have a known good copy. On primary storage, once we have a known good copy, we're talking three to five seconds for that copy to be available. So that's just sort of the power of the snapshot technology, how we manage our metadata and what we've done, which previous to cyber resiliency, we were known for our replication capability and our snapshot capability from an enterprise class data store. That's what people said. INFINIDAT really knows how to do the replication snapshot. I remember our founder was one of the technical founders of EMC for a product known as the Symmetric, which then became the DMAX, the VMAX and is now is the PowerMax. That was invented by the guy who founded INFINIDAT. So that team has the real chops at enterprise high-end storage to the global fortune 2000. And what are the key feature checkbox items they need that's in both the InfiniBox and also in the InfiniGuard. >> So the business case for cyber resiliency is changing. As Dave said, we've had a big dose last several months, you know, couple years actually, of the importance of cyber resiliency, given all the ransomware tax, et cetera. But it sounds like the business case is shifting really focused on avoiding that risk, avoiding that downtime time versus the cost. The cost is always important. I mean, you got a consolidation play here, right? >> Yeah, yeah. >> Dedupe, does dedupe come into play? >> So on the InfiniGuard we do both dedupe and compression. On the InfiniBox we only do compression. So we do have data reduction. It depends on which product you're using from a Veeam perspective. Most of that now is with the InfiniGuard. So you get the block level dedupe and you get compression. And if you can do both, depending on the data set, we do both. >> How does that affect recovery time? >> Yeah, good question. >> So it doesn't affect recovery times. >> Explain why. >> So first of all, when you're doing a backup data set, the final final recovery, you recovered the backup data set, whether it's Veeam or one of their competitors, you actually make it available to the backup administrator to do a full restore of a backup data set. Okay. So in that case, we get it ready and expose it to the Veeam admin or some other backup admin. And then they launch the Veeam software or the other software and do a restore. Okay. So it's really a two step process on the secondary storage model and actually three. First identifying a known good backup copy. Second then we recover, which is again 12, 13 minutes. And then the backup admin's got to do a, you know, a restore of the backup 'cause it's backup data set in the format of backup, which is different from every backup vendor. So we support that. We get it ready to go. And then whether it's a Veeam backup administrator and quite honestly, from our perspective, most of our customers in the global fortune 2000, 25% of the fortune 50 use INIFINIDAT products. 25% and we're a tiny company. So we must have some magic fairy dust that appeals to the biggest companies on the planet. But most of our customers in that area and actually say probably in the fortune 500 actually use two to three different backup packages. So we can support all those on a single InfiniGuard or multiples depending on how big their backup data sets. Our biggest InfiniGuard is 50 petabytes counting the data reduction technology. So we get that ready. On the InfiniBox, the recovery really is, you know, a couple of seconds and in that case, it's primary data in block format. So we just make that available. So on the InfiniBox, the recovery is once, well two. Identifying a known good copy, first step, then just doing recovery and it's available 'cause it's blocked data. >> And that recovery doesn't include movement of a whole bunch of data. It's essentially realignment of pointers to where the good data is. >> Right. >> Now in the InfiniBox as well as in InfiniGuard. >> No, it would be, So in the case of that, in the case of the InfiniGuard, it's a full recovery of a backup data set. >> Okay. >> So the backup software just launches and it sees, >> Okay. >> your backup one of Veeam and just starts doing a restore with the Veeam restoration technology. Okay? >> Okay. >> In the case of the block, as long as the physical InfiniBox, if that was the primary storage and then filter box is not damaged when you make it available, it's available right away to the apps. Now, if you had an issue with the app side or the physical server side, and now you're pointing new apps and you had to reload stuff on that side, you have to point it at that InfiniBox which has the data. And then you got to wait for the servers and the SAP or Oracle or Mongo, Cassandra to recognize, oh, this is my primary storage. So it depends on the physical configuration on the server side and the application perspective, how bad were the apps damaged? So let's take malware. Malware is even worse because you either destroying data or messing, playing with the app so that the app is now corrupted as well as the data is corrupted. So then it's going to take longer the block data's ready, the SAP workload. And if the SAP somehow was compromised, which is a malware thing, not a ransomware thing, they got to reload a good copy of SAP before it can see the data 'cause the malware attacked the application as well as the data. Ransomware doesn't do that. It just holds it for ransom and it encrypts. >> So this is exactly what we're talking about. When we talk about operational recovery and automation, Eric is addressing the reality that it doesn't just end at the line above some arbitrary storage box, you know, reaching up real recovery, reaches up into the application space and it's complicated. >> That's when you're actually recovered. >> Right. >> When the application- >> Well, think of it like a disaster. >> Okay. >> Yes, right. >> I'll knock on woods since I was born and still live in California. Dave too. Let's assume there's a massive earthquake in the bay area in LA. >> Let's not. >> Okay. Let's yes, but hypothetically and the data center's cat five. It doesn't matter what they're, they're all toast. Okay. Couple weeks later it's modern. You know, people figure out what to do and certain buildings don't fall down 'cause of the way earthquake standards are in California now. So there's data available. They move into temporary space. Okay. Data's sitting there in the Colorado data center and they could do a restore. Well, they can't do a restore. How many service did they need? Had they reloaded all of the application software to do a restoration. What happened to the people? If no one got injured, like in the 1989 earthquake in California, very few people got injured yet cost billions of dollars. But everyone was watching this San Francisco giants played in Oakland, >> I remember >> so no one was on the road. >> Al Michael's. >> Epic moment. >> Imagine it's in the middle of commute time in LA and San Francisco, hundreds of thousands of people. What if it's your data center team? Right? So there's a whole bunch around disaster recovery and business country that have nothing to do with the storage, the people, what your process. So I would argue that malware ransomware is a disaster and it's exactly the same thing. You know, you got the known good copy. You've got okay. You're sure that the SAP and Oracle, especially on the malware side, weren't compromised. On the ransomware side, you don't have to worry about that. And those things, you got to take a look at just as if it, I would argue malware and ransomware is a disaster and you need to have a process just like you would. If there was an earthquake, a fire or a flood in the data center, you need a similar process. That's slightly different, but the same thing, servers, people, software, the data itself. And when you have that all mapped out, that's how you do successful malware ransomeware recovery. It's a different type of disaster. >> It's absolutely a disaster. It comes down to business continuity and be able to transact business with as little disruption as possible. We heard today from the keynotes and then Jason Buffington came on about the preponderance of ransomware. Okay. We know that. But then the interesting stat was the percentage of customers that paid the ransom about a third weren't able to recover. And so 'cause you kind of had this feeling of all right, well, you know, see it on, you know, CNBC, should you pay the ransom or not? You know, pay the ransom. Okay. You'll get back. But no, it's not the case. You won't necessarily get back. So, you know, Veeam stated, Hey, our goal is to sort of eliminate that problem. Are you- You feel like you guys in a partnership can actually achieve that. >> Yes. >> So, and you have customers that have actually avoided, you know, been hit and were able to- >> We have people who won't publicly say they've been hit, but the way they talk about what they did, like in a meeting, they were hit and they were very thankful. >> (laughs) Yeah. >> And so that's been very good. I- >> So we got proof. >> Yes, we absolutely have proof. And quite honestly, with the recent legislation in the United States, malware and ransomware actually now is also regulatory and compliance. >> Yeah. >> Because the new law states mid-March that whether it's Herzog's bar and grill to bank of America or any large foreign company doing business in the US, you have to report to the United States federal government, any attack, same with the county school district with any local government, any agency, the federal government, as well as every company from the tiniest to the largest in the world that does, they're supposed to report it 'cause the government is trying to figure out how to fight it. Just the way if you don't report burglary, how they catch the burglars. >> Does your solution simplify testing in any way or reduce the risk of testing? >> Well, because the recovery is so rapid, we recommend that people do this on a regular basis. So for example, because the recovery is so quick, you can recover in 12 minutes while we do not practice, let's say once a month or once every couple weeks. And guess what? It also allows you to build a repository of known good copies. Remember when you get ransomeware, no one's going to come say, Hey, I'm Mr. Rans. I'm going to steal your stuff. It's all done surreptitiously. They're all James Bond on the sly who doesn't say "By the way, I'm James Bond". They are truly underneath the radar. And they're very slowly encrypting that data set. So guess what? Your primary data and your backup data that you don't want to be attacked can be attacked. So it's really about finding a known good copy. So if you're doing this on a regular basis, you can get an index of known good copies. >> Right. >> And then, you know, oh, I can go back to last Tuesday and you know that that's good. Otherwise you're literally testing Wednesday, Thursday, Friday, Saturday to try to find a known good copy, which delays the recovery process 'cause you really do have to test. They make sure it's good. >> If you increase that frequency, You're going to protect yourself. That's why I got to go. Thanks so much for coming on theCUBEs. Great to see you. >> Great. Thank you very much. I'll be wearing a different Hawaiian shirt next to. >> All right. That sounds good. >> All right, Eric Herzog, Eric Herzog on theCUBE, Dave Vallante for David Nicholson. We'll be right back at VEEAMON 2022. Right after this short break. (light music playing)

>>mhm. Hello and welcome to the cubes Ducker con coverage. I'm John Ferry, host of the Cube. We've got a great segment here with slim dot AI CEO John Amaral. Stealth mode, SAS Company. Start up in the devops space with tools today and open source around. Supply chain security with containers closed beta with developers. John, Thanks for coming on. Congratulations for being platinum sponsor here, Dr Khan. Thanks for coming on The Cube. >>Thanks so much on my pleasure. >>You know, container analysis, management optimisation. You know, that's super important. But security is at the centre of all the action we're seeing with containers. We've been talking shift left on a lot of cube conversations. What that means? Is it an outcome? Is that the product software supply chain? You seek them? A secure where malware. All these things are part of now the new normal in cloud Native. You guys at the centre of this, the surface areas change. All these things are important. Take a minute to explain what you guys are doing as a as a tools and open source. Some of the things you're doing, I know you got a stealth mode product. You probably can't talk about. But you gotta close, Beta. Can you give us a little bit of a teaser? What slim dot ai about >>sure. So someday I is about helping developers build secure containers fast, and that really plays to a few trends in the marketplace that are really apparent and important right now in a federal mandate and a bunch of really highly publicised breaches that have all been caused by software supply, chain risks and security and software supply, chain security has become a really top of mind concept for people who secure things and people who develop software and runs. SAS so slim that AI has built a bunch of capabilities and tools that allow software developers at their desks to better understand and build secure containers that really reduce software supply. Chain risk as you think about containers being run in production. And we do three things to help developers one, as we help them know everything about their software. It's a kind of a core concept of suffering supply chain security. Just know what software is in your containers to. Another core concept is only ship to production. What you need to run. That's all about risk surface and the ability for you to easily make a container small that has as much a software reduction in it as possible. And three, it's removed as many vulnerabilities as possible to Slim Toolset. Both are open source and our SAS data platform make that easy for developers to do >>so. Basically, you have a nice, clean, secure environment. Know what's in there. Don't only put in production was needed and make sure it's tight and it's trimmed down perfectly. So you're kind of teasing out this concept of slimming, which is in the name of the company. But it really is about surface area of attack around containers and super important as it becomes more and more prominent in the environment these days. What is container slimming and why is it important for supply chain security? >>Sure. So in the in the in the realm of software supply chain security, best practises right, there are three core concepts. One is the idea of an S bahn that you should know the inventory of all the software that runs in your world to its security posture, signing containers, making sure that the authenticity of the software that you use and production is well understood. And the third is, well, managing exactly what shopper you ship. The first two things I said are simply just inventory and basics about knowing what software you have. But no one answers the question. What software do I need? So I run a container and say, It's a gig and it's got all these packages in. It comes from the operating system from note, etcetera. It's got all this stuff in it. I know the parts that I write my code to. But all that other stuff, what is it? Why is it there? What's the risk in it? That slimming part is all about managing the list of things you actually shipped to the absolute minimum and with confidence that you know that that code will actually work when it gets production but be as small as possible. That's what slimming is all about, and it really reduces supply chain risk by lowering the attack surface in your container, but also trimming your supply chain to only the minimum pieces you need, which really causes a lot of improvements in in the operational overhead of having software supply chain security >>It's interesting as you get more more volume and velocity around containers, uh, and automation kicks in. Sometimes things are turning on and off you don't even know. And shift left has been a great trend for getting in the CI CD pipeline for developer productivity. Really cool. What are some of the consequences that's going on with this? Because then you start to get into some of these areas like some stuff happens that the developers have to come shift back and can take care of stuff. So, you know, C. Tus and CSOs are really worried about this container dynamic. What's the What's the new thing that's causing the problems here? What's the issue around the management that CDOs and CDOs care about? >>Sure. And I'll talk about the shift left implications as well for that exact point. So as you start to worry about software supply, chain security and get a handle on all the software you ship to prod well, part of that is knowledge is power. But it's also, um, risk and work as soon as I know about problems with my containers or the risk surface, and I got to do something about it so we're really getting into the age where everyone has to know about the software they ship. As soon as you know about that, say there's a vulnerability or a package that's a little risky or some surface area you don't really understand. The only place that can be evaded is by going back to the developers and asking them. What is that? How do I remove it? Please do that work. So the software supply chain security knowledge turns into developer security work. Now the problem is, is that historically, the knowledge was imperfect, and the developer, you know, involvement in that was, I'd say, at Hawk, meaning that developers had best practises that did the best they could. But the scrutiny we have now on minimising this kind of risk is really high. The beautiful part about containers is their portable, and it's an easily transferrable piece of software. So you have a lot of producers and a lot of consumers of containers. Consumers of containers that care about supply chain risk are now starting to push back on, producers saying, Take those vulnerabilities out, move those packages, make this thing more secure, lower the risk profile this works its way all the way back to the developers who don't really have the tools, capabilities and automation is to do the work I just described easily, and that's an opportunity that Slim is really addressing, making it easy for developers to remove risk. >>And that's really the consequences of shifting left without having the slimming. Because what you're saying is your shift left and that's kind of annulled out because you've got to go back and fix it. The work comes, >>that's right. And yeah, and it's not an easy task for a developer to understand the code that they didn't intentionally put in the container. It's like, Okay, there's a package in that operating system. What does it do? I don't know. Do I even use it? I don't know. So there's like tonnes of analytic and I would say even optimisation questions and work to be done, but they're just not equipped to, because the tooling for that is really immature Slims on a mission to make that really easy for them and do it automatically so they don't have to think about it. We just automatically remove stuff you don't use and voila! You've got this like perfectly pre optimised capability. >>You know, this suffer supply chain is huge, and I remember when open source started when I remember when I was breaking into the business. Now it's such a height in such an escalation of new developers. This it's a real issue that that's going to be resolved. It has to be because supply chain is part of open source, right? As more code comes in, you got to verify. You gotta make sure it's it's slimming where it needs to be slim and optimised. There needs to be optimised, huge trend. Um and so I just love this area. I think it's really innovative and needed. So congratulations on that, you know, have one more question for you before we get into to close out. Um, you guys are part of the Docker Extensions launch and your partner, >>Why >>is this important to participate in this programme and and what do you guys hope to hope it does for slim dot ai, >>First of all, doctors, the ubiquitous platform, their hub has millions and millions of containers. We've got millions and millions of developers using Docker desktop to actually build and work on containers. It's like literally the sandbox for all local work for building containers. It's a fair statement. So inclusion in Dr Khan and the relationship we're building with Docker is really important for developers and that we're bringing these capabilities to the place where developers work and live every day. It's where all the containers live in the world. So we want to have our technology be easy to use with docker tools. We want to keep developers workflows and systems and and tools of record be the same. We just want to help them use those tools better and optimist outputs. From that we've we've worked since our inception to make our tools really, really friendly for darker and darker environments to, um, we are building a doctor extension. Uh, they have, uh, in this darker con. They're launching their doctor extensions programme to the worldwide audience. We have been one of the lucky Cos that's been selected to build one of the early Dr desktop plug ins. It's derived from our capabilities and our Saas platform and an open source, and it's it's effectively an MRI machine, an awesome analytic tool that allows any developer to really understand the composition, security and profile of any container they work with. So it's giving the sight to the blind, so to speak, that it's this new tool to make container analysis easy. >>Well, John, you guys got a great opportunity. Container analysis, management, optimisation key to security, enabling it and maintaining and sustaining it. And it's changing. I know you guys. Your co founder also did a doctor Slim. So you guys are deep in the open source. I Congratulations on that. We'll see a Q. Khan for the remaining time. We have give a plug for the company, obviously in stealth mode price going to come out later this year. You got a developer preview? What's What's the company all about? What's the most important story here? Dr. Khan? >>Sure, just to playback. So we help developers do three important things. Know everything about the software in their containers to only ship stuff to production that you need, and and and three remove as many vulnerabilities as possible. That's really about managing and understanding the risk surface. It ties right back to software supply chain security, and any developer can use these tools today to emit and build containers that are more secure and better production grade containers, and it's easy to do. We have an open source project called Dioxin. Go check it out. Uh, it's not. It's on git Hub. It's easy to find if you go to w w w dot slim that ai you can find access to that. We have tens of thousands of developers, 500,000 plus downloads. We have developers everywhere using those tools today and open source to do the objectives. I just said You can also easily sign up for our data for our Saas platform, you can use the doctor extension, go ahead and do that and really get on your journey to make those outcomes reality for you. And really kind of make those SEC ops people downstream not have to shift anything left. It's super easy for you to be a great participant in software slash insecurity. >>All right. John Amaral, CEO slim dot ai Stealth. Most thanks for coming The Cube Cube coverage of Dr Khan. Thanks for watching. I'm John Kerry hosted the Cube back to more Dr Khan after the short break. Mhm mhm

>> The Cube presents Dell Technologies World brought to you by Dell. (crowd murmuring) >> Welcome back to Las Vegas. It's The Cube live at Dell Technologies World 2022. This is day two of our coverage Lisa Martin, with Dave Vellante. We've had a lot of great conversations all day today half a day yesterday. We've got another great conversation coming up about ESG environmental, social and governance. Please welcome JJ Davis, the Chief Corporate Affairs Officer at Dell Technologies. Welcome to the program. >> Hi, thanks for having me. >> Hey, hey. >> It's great to be here. >> ESG is a very popular topic. >> Yes. >> It's one thing to talk about another thing to actually have a plan, have a strategy, have those 20, 30 moonshot goals and implement. Talk to us about what ESG means for Dell Technologies and some of these great things, that you have going on. >> Absolutely. So you said it, I mean it can be acronym soup. When you think about, is it social impact? Is it corporate social responsibility? Is it ESG and the beauty of having an environmental social governance strategy is we now are bringing ESG much closer to the corporate strategy and how we meet the needs of all of our stakeholders. So I'd love to just back it up for a minute and think about the purpose of Dell Technologies is to create technologies that advance human potential. Our vision is to be the most essential technology company for the data era. The way we do that is we're growing and modernizing our core businesses like PC servers and storage while we're building the technology ecosystem of the future. Well guess what? ESG is embedded in all of that because the future is more sustainable, built by people that represent our customer base with a workforce that is more diverse and a workplace that is more inclusive. We put human rights and the needs of people at the center of what we do as well as the needs of the planet. And when I get to put together purpose planet and profit and bring that strategy together in partnership with so many leaders of across the company and meeting the demands of our customers. ESG is just a part of the way we do business now >> It's part of the DNA. >> Yeah. >> Talk to us about some of the key priorities from a climate perspective, for example. >> Sure. >> What are some of Dell's key focus areas where that's concerned? >> So when we think about our ESG priorities as a whole there are four climate, circular, economy, diverse workplace and digital inclusion. And so within our sustainability pillar of our strategy or the E, we are committed to being net zero across scopes 1, 2 and 3 emissions by 2050. We are revamping our product energy goal right now to relaunch that. When we think about our customers 95% of our big customer RFPs ask about sustainability and our commitment and what we'll be doing to help them because they're going to be reliant on technology to meet their own sustainability and climate goals, whether it's green IT or IT for green and they're going to really be looking to us to help them. >> You know, I love this purpose planet profit. >> Yeah. >> You and I have talked about this a little bit. It's actually good business. Explain why ESG is good business? >> Well, I mean, used to social impact kind of sat off to the side. We might have been called do gooders or people that are passionate about things that maybe don't align to the corporate strategy. And now when you think about business round table and Michael Dell as a member and they came out with their purpose of a company statement it'll be three years in August to really redefine the purpose of a company to meet the needs of all stakeholders from employees, to customers, to shareholders as well. And so we know that new hires and new buyers demand more of their employer and of the companies they buy from. They want their own personal values to align with that of the company they work for or buy from. And so now we need to the needs of our business commitments, but also if companies don't take a leadership role, we're screwed, we're not going to be able to reverse the negative impacts. So climate change and technology plays a big role. >> Yeah. "The earth gets the last at bat," as they say. >> Yeah. >> From an accountability perspective that you mentioned 95% of RFPs are coming in and customers are looking for- >> Yes. >> Dell Technologies's commitment to ESG. Talk about the accountability to your customers to all customers where ESG is concerned and how is it measured? >> Sure. So we've been spending a lot of time over the last year, year and a half on the G of ESG the governance. And so we have been doing this for a couple decades really moving the needle on social impact. Michael talked about it in his key note, that this is in our DNA like you said. But now we have to be able to really measure. You can't manage what you can't measure. We have put a lot of governance around, what do we disclose and why Michael Dell is an active participant in the world economic forum, common metrics project because, you know, there's too many metrics and frameworks to know what companies need to be measuring and how we hold ourselves accountable and what we ultimately report to our shareholders. And so there's a lot of work to get more clarity there. You're seeing the SEC put out new rules around climate and human rights. And so when you start to get regulated that changes the game in terms of how transparent you need to be. And then what are the third party assurances that you need to have to validate the data that you're reporting on? We do have an annual ESG report that comes out every June where we report across several moonshot goals across sustainability, inclusive culture, transforming lives and ethics and privacy. Then we have sub goals. There's probably about 25 in total. And we're going to tell you our stakeholders every year how we're doing against our 20, 30 commitment. And I think it's that level of transparency and measurement that we have to hold ourselves accountable to and our customers do as well. >> Can you share a little bit about where you are on the 2030 moonshot that was announced about a couple years ago at the beginning of 20, yeah, towards the beginning of 2020. Where is Dell on the that, what's your moonscape look like? >> Yeah, sure. So we are announcing our update from calendar year 21 in June. So I'm not going to get the numbers exactly right. But if you take sustainability so one of our moonshot goals is around 100% of our packaging by 2030 will be made of recycled or renewable content. We're over 90% now. So we're going to probably restate that goal and evolve it or meet it early and set a new one. In terms of product contents. We have a goal that is 50% of our product contents will be from recycled over renewable materials. That's a little harder, plastic is easy, steel is hard. And so we're still working through how across the main components that go into our machines. How does that become more renewed and sustainable? If you think about 50% women in our workforce 25% African American or Hispanic in our US workforce we're making really good progress. And we have scaled programs that are helping us deliver on those commitments. >> Yeah. I think I'm quoting JJ Davis, correct me if I'm wrong but, "ESG marries who we are with what we do." What do you mean by that? >> So when you think about what we do, we build technology that delivers or advances human progress. We help our customers solve their biggest problems but really who we are. We are a founder-led company and Michael Dell was a purpose led driven CEO before that was even a term. And so he always wanted to have an ethical company that just did business above and beyond what the law required. And we'd been recycling PC for more than 20 years. And so we are an inclusive culture where we can bring our full selves to work and we are entrepreneurial. And, you know, if we have an idea and you raise that idea or a problem, you see then oftentimes the management will say, "Okay you go fix that." And so I think just what we do, we build technology. Who we are, is we're problem solvers for our customers. And that is good for business and good for the environment and what it is society really expects of us. And we're empowered to make a difference. Feels good. >> One of, I'm curious to get your perspective on , you know, the events of the last two years. One of the things that's happened is the great resignation. I think we all all know multiple people who have decided they're moving forward, lots of opportunity but where is Dell's ESG strategy as a differentiator for people going, I get it, I support that, that's the kind of company I want to work for? >> Our Chief Human Resources Officer Jen Saavedra calls it, "The great reshuffle." I think that's maybe a more positive way to look at it. And, you know, I've had people actually join my team because they are really positive on our mission and not just our proactive strategy around ESG but how we have handled our response to social issues. >> Yeah. >> I mean, who knew that company CEOs would be expected to speak out on voter access or LGBTQ rights and, you know. So a lot of people are coming to work for us because we are very measured in where we weigh in and what we stand for, how we speak out. But they're also really buying into our ESG strategy. I would also say our flexible work commitment. It's a big part of our DNI strategy as well and helps us attract and retain diverse talent. You can live and work wherever you want to proximity the headquarters is no longer criteria for advancement. And that's going to be a really big differentiator companies that get this right will win the talent war. And that means they'll better serve their customers. >> When you took over this role, I'm guessing you kind of did a scan to see who else was out there, what others were doing, not just in Tech. >> Sure. >> Not just in North America, but globally. What did you find? Where do you get your inspiration? Are there any organizations out there that are really models that you get inspiration from? Or is it so new? You are the model. Can you just talk about that? >> Well I mean, I think we're doing a really good job and we're pretty advanced, but nobody has this figured out and frankly, we need to do it together. This is a space where you don't actually want to compete. >> Right. >> You want to partner. And so we have our own sustainability advisory aboard and companies like Boeing or on that. I serve on a sustain the advisory board from McLaren and Unilever's chief sustainability officers there. That is a company that is really inspirational to us. And so partners like Intel, they're very involved in 50. So the next 50% that needs to get connected to the internet and participate in the digital economy. We're big partner, as you know we're their largest customer. And so there's a lot going on across our competition our customers and our partners. And we're all inspiring each other and figuring it out together. Cause it's evolving so fast. Nobody has all the answers. >> But that's a great point. The evolution is happening so quickly and every day you turn on the news and there's something else that needs to be responded to. >> Yeah. >> I mean, think that from a strategic perspective from that overall vision perspective, it sounds like what and there's been some announcements this week. >> Yeah. >> That respect to issue. What's been some of the feedback from the part of ecosystem, from customers, from investors on this laser focused vision that Dell has with respect to sustainability and ESG? >> So Cassandra Garber, our head of ESG just finished out of cycle road show with investors and had really good conversations. They're asking a lot of questions about our strategy. They're asking questions about executive compensation tied to ESG as an example. Our customers are very positive and responding. They're looking for technology solutions. As I mentioned to meet their own climate commitments. And from our channel partners they really want to partner on our initiatives and really go do good and make an impact together. And we're getting really good feedback. >> So carrot or stick, it's probably not 100% that the channel partners or even suppliers, you know, some just don't have the resource possibly or maybe they don't share your values. >> Right. >> So how do you approach that? Is it through inspiration? Is it through a little tap in the head or a little headlock? How do you deal with that? >> It's both. I mean, our suppliers have to adhere to the contract and the RSA code of conduct that they have to sign on to uphold. And so we very much hold them accountable just like we do our ourselves. And so that is more compliance driven but we do have partners like Western's Green in our supply chain who we're really involved with us in some early work around recycled gold and partners that are involved with us in setting up the ocean plastic supply chain. And so we have great partnership but there are things they have to do from a human rights perspective or commitment to the environment that are required. From a channel partner perspective, you know, we want to incent them. We want to make money together. We are for profit businesses after all. And ESG can be a part of that. And if you don't have the resources to drive your own take back initiative, then we can do that in partnership through our asset recovery services which partners can sell and then use our infrastructure to take back and recycle old equipment. >> I mean, I feel like a lot of my questions are two-way but you feel as though you're in influencing public policy or a public policy is influencing you? >> Both. I mean, early on when the SEC was looking at the climate rules that they just put out, there was, I think we submitted a six page response to their, you know, ask for inquiry and response. And so that's good. We're able to talk to each other and have conversations and shape things, but ultimately we'll be regulated in these areas and that's fine. We just got to make sure that we're ready. >> Great. >> It's always good to have that push and pull it's like with the pandemic all the silver linings that have come out of the acceleration, we talk about that all the time on this show. The acceleration of digital transformation, we were talking about the acceleration of retail in the intelligence store. >> Right. >> And as consumers, we expect that, but that push and pull sometimes those forcing functions are necessary to be able to drive forward. >> For sure. >> Yeah. >> Yeah. >> My last question for you is Dell just came off it's most successful year. >> Yes. >> First time hitting north of 100 billion. >> Yes. >> In the company's history. What are some of the things that we think is the moonshot goals, we're only in 2020. >> I know. >> But as time is going by so quickly, what are some of the things that you are personally looking forward to from a corporate affairs ESG perspective say the next like three to five years? >> Well, I'm really excited about some of the groundwork we've laid in digital inclusion. We just made some new hires there. We're connecting the dots, you know, and we have a lot of initiatives that can really if we can scale them, make a big impact. So we have student tech crew, it's where high school students serve as the technical support in their local high school and get certified. So they are job ready the minute they graduate. If they don't want to go to community college or university they can go right into the workforce. How do we marry that up with other skill building initiatives that we have? And if you add 1 plus 1 it equals 3. And I think this year will be a really big accelerator for us in the area of digital inclusion and how we bring connectivity, community services and support and digital skills together. Because that's what, you know, those that aren't participating in the digital economy we need to partner and really deliver on the promise of what it means to be in technology and at least have the skills to compete >> Right. Start eliminating that digital divide. JJ, thank you for joining David and me today talking about ESG- >> Thank you. >> corporate affairs, such an interesting focused efforts that Dell is really wrapped around. And it sounds like there's that push pull from the customers, from policy, but ultimately going in a great direction that can be measured. Thank you for your insights and your time. >> Thank you. >> For JJ and Dave Vellante I'm Lisa Martin. You've been watching The Cube live from Las Vegas. This is the end of day 2 of our coverage of Dell Technologies World. We thank you for watching. You can find all of our content on replay on theCUBE.net. And of course, we will be here tomorrow with John Farrier and Dave Nicholson as well. Have a great night. We'll see you tomorrow. (upbeat music)

(upbeat music) >> Hello, welcome to theCUBE's presentation of Unstoppable Domains Partner Showcase. I'm John Furrier, host of theCUBE here in Palo Alto. Got some great guests here on this panel to talk about DeFi, the relevance of it, the importance, and all the major things happening in the changing world of finance and decentralized web, which is Web 3. Great wave here going on. We got Jaime Rogozinski, founder of WallStreetBets and strategic advisor of WallStreetBets app. Great to have you on. We've got Michael So, Partner, Head of Business Development, Cook Finance, and Mike Morhulets, CEO of DeHive. Gentlemen, thank you for coming. I'm super excited about this panel conversation here in the Unstoppable Domains Partner Showcase. Thanks for coming on. >> Yeah, thanks for having us on. >> Thanks for having us. >> So, first of all, it's been a crazy ride. Even just go back from... Just go back eight years ago now, and then go to you had the big ICO craze, you had now the operationalizing of crypto, applications, blockchain. I see the price of Bitcoin has been going great. Everyone's been making a lot of money. But it's really about the fundamental change of users and DeFi, decentralized finance has been one of the tip of the spears here from terms of change 'cause money's involved. and that's the shift here. So before we get into it, I want to get you guys to help me define what is DeFi? If someone says, "Hey, what's DeFi?" And everyone wants to know, "What's DeFi? What does it mean?" What is DeFi? >> Well, I think it's still being defined to be quite honest with you, right? Like it stands for decentralized finance, but for the most part, it's figuring out a way to use these crypto coins, tokens assets, Dallas Dap, this, that, the other to try and integrate this worldwide transactional parallel ecosystem to traditional finance, right? So I'd say for the most part, you're able to transact, send money, buy things, invest it, generating interest rates, et cetera. >> So is it a new money system, is it an architecture? How should people think about this 'cause, you know, to me it seems like a whole another stack, if you will, I had to use the word stack, tech stack, but it's really more of a different thing. People still scratch their heads. Does it help me, does it hurt me? How would you explain it to someone who's like saying, "Hey, I got a bank, got my app on my phone." What's the difference? >> Yeah. To me, there are three things that define DeFi. You know, one is the fact that it is non-custodial, meaning there is no counterparties who take hold of your money and decide when they want to release it back to you. You own it, you hold assets, you know, on your own wallet. You know, that's one clear, you know, defining moment of DeFi. Second is the fact that, you know, where the value of transfer happens. And TraFi, traditional finance. You know, you would see how the actual transfer may not even happen, actually outside of a particular location, such as for example, a centralized exchange. However, on DeFi, you can clearly see how the value of transfer happens on chain, on Ethereum, on other lines, you know, on other chain as well. And third and last, you know, to me is how the organizations define what decisions, what setups are to be made within, right? For example, you know, DAO, you know, the centralized autonomous organization, they will actually use the communities to define how things can be decided. So that's one way to see it. >> Yeah. It's interesting. I saw these protocols and the tokens and infrastructure, Mike, there's a complex system going on here. It's the plumbing, right? I mean, it's a money system. You know, how decisions are made, you got communities involved in there, you got actually mechanisms for immutability and security. You got application developers. So you got to kind of think of like an operating system here to make it all work. What's your take on this whole impact of what is DeFi relative to what people see on their phones as just an app or just some finance app. There's a lot of stuff going on under the covers. >> Yeah. I want to totally agree with Michael because it's all about one point of entering to Web 3, yeah? I have just my personal key, and can use all my wallets, get access to my funds from different point in the world. And I just have enter to all these applications, all these huge amount of services and monies. Second general part for me that is all about smart contracts and not intermediate here. Then people want to cooperate on many ways to each other on stable coins, yeah. And this is just smart contract. And one person from another side and another person from other side, that's it. It's all about DeFi ecosystem, you know, into words. >> I mean, this idea of disintermediating the middle man is a huge part of this. I mean, smart contracts is critical to this. You got to have the infrastructure, you got to have the user behavior. This is why it's important. Can you guys weigh in on some of the things on the importance of DeFi and where we are right now relative to progress? Because even just in the past two years, the cultural shift of DeFi has changed a lot. Where are we right now in DeFi? Can you guys share your perspectives on kind of, you know, progress compared to the evolution of where it will go? >> No, I think that DeFi has DeFinitely made a lot of progress with regards to adoption. Not only by retail participants, but also by institutional ones, right? They're warming up the idea of these first stops from Bitcoin or whatever these larger ones that have more proven track record. And they're starting to experiment more and more from taking crypto transactions, et cetera. But from the retail standpoint, it's also made a lot of progress. I'd say the biggest benefit to the DeFi world is community, right? It works because it's decentralized, which means one of the requirements is a lot of participants. But one of the hindrances, which is one of the biggest ones that's kind of been in the way is the usability, which although it's improved a lot, it's still not ready for the mainstream user that's used to just one click, buy it, whatever, don't care to understand how things work. But those two worlds are starting to bridge, right? People getting comfortable, institutions getting comfortable, as well as retail participants not being scared away by the process. >> Yeah. I mean that... I will just ask you to follow up on that Jaime, if you don't mind. Is that that community user piece is huge. A lot of people in the old guard will dismiss things as meme stocks, if you will. You know, we've seen a lot of the traction. But when you have communities moving at massive forces, that's in a way infrastructure, right? So you have behavior changes, whether you got some peer to peer community happening, it can't be dismissed. I mean, yeah, this is my arbitrage and a little bit of a, you know, I won't say crypto vandalism or kind of fun, but at the end of the day, that's a behavior. That is specific change. That points to... It can't be dismissed. What do you guys react to that? What's your reaction to that? >> Right. Actually, at my firm, Cook Finance, we are actually at the forefront of seeing that movement. So at Cook, you know, we label ourselves as compostable finance. And one thing that we've seen is that our communities, consistently we propose very interesting strategies, connecting different DeFi protocols together to basically execute on a portfolio execution that allows them to achieve a certain objectives. And we have to say, you know, if you were to define Web 2 as read and write and Web 3 as read, write, and create, you know, then this is really, you know, where the difference lies. We are now at this point where we are simply providing an infrastructure, as you said before, but allowing, you know, the creativities, you know, from everybody to come together and let the crowd wisdom everywhere, you know, to decide exactly, you know, what should take home from a product perspective. So we're very excited about that. >> Yeah. And these are new protocols that need to built. I mean, what does that mean, right? So how does software adapt to that? This comes into the question, I think, why it can't be dismissed. Jaime, what's your reaction to that? Because you're in the middle of it, you see all these behaviors, and Wall Street certainly is an environment where there's a lot of activity 'cause there's finance all this money there, right? And then again, a lot of that is old money, old systems. Now moving to the new, now, global, et cetera. What's your take? >> Well, I mean, first of all, I don't think that one is going to move over to the other one. I believe there's going to be elements where they coexist, right? Traditional finance still has a lot of merits to it and it has a lot of use of practical applications, but they can feed off of each other. There's a lot of things that DeFi can learn from traditional finance and vice versa. So I think that we're just going to start seeing this convergence of these two different worlds. And I think it's extremely powerful, right? Because the way that you think about sequential and transactional systems that are centralized, right? Like it requires all sorts of mechanisms. For example, I know I'm speaking arbitrary, but like you have a market with an exchange in an order book with limit orders and then you have the guy come in there and push market buy or sell, pushes the price, right? That's the mechanism by which you see something flash on your screen. In the world of DeFi, there's additional mechanisms that have previously been impossible, like automated market makers, right? They don't have order books and there's no counterparty. I mean, there is, but they're distributed. So the risk profile is really different. So like it's just a matter of rethinking and looking at all the advantages and all the benefits that DeFi has to offer. >> I love that whole point there. 'Cause that's basically refactoring existing markets in the new way. And this becomes the next question is, is that okay, if you have like say Unstoppable, where they got this access through an NFT, which is super cool with kind of like an identity, the development environment is really key in all these big ways. Because if you think about what needs to happen next, does you need more software developers or developers in general on this new paradigm, right? So with that in mind, how do you guys see the market of more innovation being developed on top of where we are now? 'cause that's the next key flywheel in this equation, which is, I need simplicity, I got to make ease of use, and reduce the time it takes to do things. And that's just going to come from development. So what's you guys reaction to with the wave coming in from a development standpoint? You mentioned smart contracts earlier, Mike, what do you guys think? >> Yeah. At that moment, I'm thinking about Web 3.0 identity. It's very close to Unstoppable Domains doing, because they're doing that you can connect by your domain to different apps, to different projects and so on. And the next step after that will be Web 3.0 identity. I think there will be some custodial service when you will put your passport or verification service and we will get NFT identifying you. And then with this NFT, you will go to every service which should be identified. For example, tomorrow SEC will create new law that all users for U-Swap should be identifying and you'll use this identity NFT for using this UniSwap. And I think it will be huge amount of works for all Web 3 applications and always that. >> Michael, what is Unstoppable matter? Why does Unstoppable matter to DeFi? What's your take on that? >> Yeah. Yeah. First of all, you know, I have been a big fan of Unstoppable both since day one, you know, from the NFT domain, you know, rollout. But one thing that I'm super excited about Unstoppable is the fact that it provides a digital identity, exactly like what Mike said. And the fact that, you know, you can leverage Unstoppable. And the fact that the digital identity can be use in a different way than where we see the traditional finance data such as owning all your PII, you know, all the personal identifiable informations, you know. The NFT aspect allows, you know, only certain informations to be transferred, but at the same time, allow all the participants in the ecosystem, DeFi or even TraFi institutional alike, you know, to only pick certain pieces such that they can still live within, you know, the existing framework. So I think that really is powerful in a way, it bridges in a way, the existing money or value transfer happens, to a way in the future, how people can use the different infrastructure to perform the very same actions. >> Jaime, what's your take on the Unstoppable position here relative to DeFi? >> Look, I think Unstoppable is in a really great position, right? The whole spirit of DeFi is to removing bottlenecks, right? Removing kind of choke points, which can either be, you know, by some people choose to label that as the government, but I choose to think of it as more as a technological, right? Like you have this distributed naming system and this idea of identifying yourself has uncalculable benefits, right? I don't think we're at the point yet where we can just imagine it. Right now we start off by associating it with, I'm going to sign into a website with my username and password. And this is the new version of that. That doesn't have any huge feel to it, right? But what's under the hood is what actually allows people to do a lot more things such as like being able to port these things across and into connectivity on different websites. And being able to have control over your data, right? Like to actually be able to open up markets for even being able to monetize your own data, right? So that when you sign into a thing, you can just decide what things to share and whatnot. Like there's so many ways that we can't quite yet imagine the use for this, and I think that Unstoppable's in an incredible position to take advantage of that. >> That's awesome insight. That's a great way to talk about it. I mean, you look at distributed naming system, first of all, it really has not been done at large scale. I mean, the traditional naming systems have been centralized. So if you look at that as an enabling platform, I mean, it's limitless possibilities. Again, you start initially with some problems, but there's real technical enablement here. So in the last few minutes, I'd love to pivot on that point, and go, what's possible with this DeFi going forward? Because if you take that premise that you have this enabling system, that people are going to kind of align with defacto and then ultimately maybe standard, what does that enable? 'Cause you're now in a growth mode for the sector. Okay. Which is innovation coders. And when you start seeing protocols start to become defacto, that's a good thing. So let's talk about in the last few minutes, what's next for DeFi? Jaime, will start with you. What's your take on what's next? 'Cause you kind of teed it up. Take us through the... Walk down that path. In hypothetical of course, but you know, let's take a road. >> So, you know, I think that for starters, DeFi gets more powerful the more that people use it, right? So we're going to just start by saying there's going to be more adoption, so this thing is going to be more robust. And more things can actually live on this decentralized platform. One of the biggest benefits of decentralization is its robustness. You think about like the worldwide web, it's really not a web, it's more like just like a pipe of data that's owned by a handful of companies and the internet and the servers that host it and all these different things. We're already starting to see decentralized storage or servers. We're already starting to see decentralized networks, right? So that you're actually able to slowly start reducing those choke points. You're going to have this entire system where the world is interconnected, where people can communicate without these choke points, without being able to worry about censorship. You'll be able to have... The world that's able to transact, interact, and where you live is no longer going to be as much of a factor as it is today. >> Awesome. Michael, what's your take? What's possible? Where's it going? >> Yeah, I would take what Jaime said earlier. You know, I mean using the AMM example, the automated market making example. From our end, you know, I think one of the defining moment was, you know, when UniSwap first roll out, you know, in the big way, it allowed many individuals to become market makers for the first time in their lives. And I think that's very powerful, you know. It changes the dynamic as to where the, I guess, you know, the forces and the power of finance, you know, lies. In addition to that, you know, like I said before, I think many people would start to come up with their own ideas as to how things, you know, can be executed from a finance perspective to achieve many different risk reward profiles. So from that sense, you know, I think it is only the beginning that now we are seeing how, you know, digital identities, you know, can be linked, you know, to an individual. And at the same time, also the value creation side of the story. >> All right. Mike, your take. What's next? >> Yeah. I believe in two things. First, this is cross-chain and will it chain liquidity? Because right now it's not simple way for transferring, for example, USDC or stablecoin from polygon to cosmos network. But I believe in common liquidity for cross-chain. And the second one is more user friendly interfaces like hybrid interfaces and connecting DeFi and traditional financial startups like near ecosystem building now. Then you have layer one, blockchain solution, and then layer two, application with who are connected to our one application. More user friendly and more common useless applications. >> Great stuff, guys. Amazing content. Great panel. You guys are awesome. Great on the front front range of this whole wave. We got one minute left. So quick lightning questions. So in one quick statement, what one thing should people pay attention to in DeFi as we look at the next, you know, year or two as we go forward? What are the key innovations? What should people look at? It could be an area that's obvious, it could be an area that's not obvious that people should look at, pay attention, that's super important. That is the most important area. Mike, we'll start with you and we'll go across. >> Sure. I would say one thing is composability. I really am excited about the fact that everyone are starting to generate ideas on their own and simply leveraging the existing DeFi infrastructure to allow that to happen. So that's one thing I would say. >> Jaime? >> Sorry. I think NFTs, right? NFTs, I'm not talking about the JPEGs or the pictures. I'm talking about the use of these technologies in much the same way that we were talking about being able to identify yourself online or buying actual real estate or whatever it might be. I think that we're unable to imagine what's going to be some of the biggest uses and I'm very, very excited about seeing what's going to happen. >> Okay. Mike, final statement. What one thing should people pay attention to? >> To my mind, we don't know what market will be next year. And I will recommend to pay attention for stable strategies, for stable core and projects, for stable rates, and always stable coin farming sphere for DeFi market. >> Guys, thanks so much for sharing your insight on this topic. Really appreciate your time for coming into theCUBE here in Palo Alto for the Unstoppable Domains Partner Showcase. Really thankful. Thanks for sharing. >> Thank you very much. >> Okay. This is theCUBE conversation here. I'm John Furrier with theCube. Thanks for watching. (upbeat music)

>>Here you are new. Welcome back to the cubes. Continuing coverage of AWS reinvent 2021 live from Las Vegas. Lisa Martin, with John farrier, John, we have two live sets. There's a dueling set right across from us two remote studios over 100 guests on the cube at AWS reinvent 2021. Been great. We've had great conversations. We're talking about the next generation of cloud innovation and we're pleased to welcome one of our alumni back to the program. Lisa Bernays here, the CEO and co-founder of D L Z P group. Lisa. Welcome. >>Hi, thank you. I appreciate the opportunity to be here with you and John. It's a great opportunity >>And John's lucky he gets to lease us for the price of London. One second. Talk to me about da DLDP. This is a woman and minority owned company. Congratulations. That's awesome. But talk to us about your organization and then we'll kind of dig into your partnership with AWS. >>Sure. So DLC P group, we found it in 2012. Um, and for us, we were at the time we were just looking for a way to offer a value added service to our customers. We wanted to always make sure that we were giving them the best quality, but what I also wanted to do is I wanted to create an environment for my employees, where they felt valued, and we kind of built these core values back then about respect, flat hierarchy, um, team, team learning, mentorship, and we incorporated, so everybody can do this remotely from around the world. So we've always made sure that our employees and customers are getting the best value. >>Well, what kind of customers, what target market, what kind of customers do you guys work with? >>Well, we've actually made sure that we're diverse. We make sure that we have 50% in public sector and 50% in private sector, but it's been very, very interesting journey for us because once we started one sec, like we started with cities and then a number of cities started contacting us to do more business. So it's always been this hurdle to make sure we're diverse enough to make sure we offer the best solutions. >>And you jumped in with AWS back in 2012 when most folks were still to your point. I saw your interview earlier this summer, thinking about Amazon as a bookstore, why a debit? What did you see as the opportunity back in 2012 with them? >>Well, when we first heard about AWS, my first thought is, well, it's amazon.com. What is AWS? And then once we started talking to them, we saw the capabilities and the potential there. We saw what it could do. So we partnered with them to actually have the first working PeopleSoft customer on AWS. So that's a large ERP application and that helped build the foundation to prove what could actually run on the cloud. And since then, we've been able to prove so much more about the technology and what AWS is accomplishing. >>Was it a hard sell back in the day? >>It was a little bit hard, but it was interesting because we were speaking with one of our customers they're on premise and they're like, well, you know, we're going to have to re do a whole data center. We're talking about millions of dollars. We don't really have the budget to redo this. And that's when we're like, well, we have this great partnership with Amazon. We think this would be the perfect opportunity to let you try the cloud and see how successful it was. >>At least I want to point out you got your, one of the Pathfinders that Adams Leschi pointed out because back in 2012, getting PeopleSoft onto the cloud, which is really big effort, but that's what everyone's doing now. I just saw the news here. SAP is running their application on graviton too, right? So you start to see and public sector during the pandemic, we saw a ton of connect. So you were really on this whole ERP. ERP is our big applications. It's not small, but now it's, everyone's kind of going that way. What's the current, uh, you feel how you feel about that one? And what's the current update relative to the kind of projects you got going on? >>Well, we've, we've evolved quite a bit. I mean, PeopleSoft is always going to be in our DNA. A lot of my employees are ex or Oracle employees. They have developed a lot of the foundations for PeopleSoft, but since then, like we've worked with serverless technology when that was released a number of years ago, we, we asked our team, okay, AWS just talked about Lambda, serverless technology, go figure out what is the best solution. We ended up running ours, our website serverless. We were one of the first. And from that, we brought our website costs down from hundreds of dollars to pennies a month. So it's a huge savings. And then we started, um, about two years ago, we spoke with our utility company. Um, there were saying how with machine learning, they were only going to be able to get a 75% accuracy for their wind turbines. And we said, well, let us take a shot at it. We have some great solutions on AWS that we think might work. We were able to redo their algorithm using AWS cloud native tools, open source data to get a 97 to 99% accuracy on a daily basis. And that saves them millions of dollars each day. >>Don's right. And as Adam was saying with some of the folks, customers, he was highlighting on main stage the other day, you are a Pathfinder. How did you get the confidence? Especially as a female minority owned business. I'd love to just get maybe for some of those younger viewers out there. How did you get the confidence to, you know what? I think we can do this. >>I think for me, I, I, I don't like to take no for an answer. There's always a solution. So we're always looking at technology, seeing how we can use it to get a better answer. >>What do you think about reinvent this year? A lot of goodies here every year, there's always new creative juices flowing because it's a learning conference, but it's also feels like a futuristic kind of conference. What's your take this year? >>I don't know if you happen to attend midnight madness when they were talking about robotics and the future with that. I mean, we've been talking about that for a number of years of what could be created with robotics. Like even my son back in middle school was talking about creating a robot Butler. He just, everybody knows what the future is. And it's so great that we finally have the foundation in technology to be able to create these >>Well, if you're someone that doesn't like to say, no, does your son actually have a robot Butler these >>Days? He's still working on it. >>That's a good answer to say, Hey, sorry, your mom's not going to be there to get the robot. The latency thing. This is the robot. First of all, we'd love the robotics, I think is huge. We just had George on who's the fraught PM for ECE to edge and late, the wavelength stuff looks really promising for the robotics stuff. Super exciting. >>Yes. We can't wait to start playing with it more. I mean, it's something that our team has been dabbling. We spent probably about 30% of our time on R and D. So we're looking at the future and what we can invent next because >>You guys can affect such dramatic changes for customers. You talked about that wind turbine customer going from 75% accuracy to 97, 90 8%. Where are your customer conversations? Cause that's, is, are they at the C level with showing organizations that dramatic reduction in costs and workforce productivity increased that they can get? >>We talk with everyone it's it could be the solution architect. It could be an intern. It could, and we're just sharing our ideas with them. And we also talk with the C level. Um, it's just, it's everybody is interested in and they have different, different ideas that they want to share. So with the solution architect, we can share with them the code and how we're going to architect it. While the C level, we just pointed out black and white, this is your cost. Now this is what your cost is going to be. And everybody is happy. They, they jump on board with it. >>Lisa, you mentioned 30% R and D by the way, it's awesome. By the way, that's well above most averages, what are you working on? Because I totally think companies should have a big R and D play around budget, get a sandbox, going get some tinkering. Cause you never know where the real discoveries we had. David Brown who runs NC to nitro, came out of a card on the network. So you'd never know where the next innovation comes from. What's the, what are you guys doing for R and D? What's the fun projects are what endeavors. >>So there's two of them. One is actually a product, which is a little bit out of our comfort zone, but we're, we're, we're looking to develop something that will be able to help, um, NASA. So that's the goal where, you know, we've been working on it since they released their ma their mission to Mars projection. So it's something that we're very passionate about, but then we're also building a software. Uh, we've been working on it for about three years now and we actually have two customers prototyping it. So we're hoping to be able to launch it to the public within the next year. >>You mentioned NASA and I just about jumped out of my chair. That was my first job out of grad school was really the space program. Can you tell us a little bit more about what you're helping them do? I love how forward-thinking that they are, obviously they always have been, but tell me a little bit more about that. >>So I can't share too much because it's one of those things is a common sense thing. Once you think about a little bit more, it's kind of like why didn't anybody never think about this? So we're using new technology and old technology together to combine the solution. >>Ooh, I can't wait to learn more. Talk to us about these. Think big for small business TB SB program at AWS. How long have you guys been a part of that and what is it enabling? What is it going to enable you to do in 2022? So >>The think big for small business program was the brainchild is Sandy Carter. And I am always, always going to be grateful to her. Um, I met with her in 2019. I shared her journey, our journey with her about how we started out being a premier partner and then over time, because there's so many other partners, we were downgraded. And because just because we're a small business, and even if I had every employee, even my admin staff certified, we would never have enough employees to be to the next level, even though we had the customers, the references. So she listened to us and other small businesses and created the program. And it's been a great opportunity for us because we're, we're gaining access to capital, you know, funding for opportunities. We're getting resources for training. So it, for us, it's been a huge advantage. >>It sounds like a part of that AWS flywheel that we always talk about. John Sandy Carter being one of our famous Cuba alumni. She was just on yesterday with you. Okay. >>And there's so many opportunities for all businesses because you can, you can tackle these problems. You don't have to be a large partner. You can have specialty in AI works really well in these specialized environments. And even technically single-threaded multithreaded applications, which is a technical CS term is actually better to have a single threaded. If you have too many cores, it's actually bad technically. So the world's changing like big time on how technology. So I'm a huge fan of the program. And I think like it's just one of those things where people can get it from cloud and be successful. >>Yes. And that's the goal. I mean, there is so much opportunity in the cloud and we bring interns on all the time, just so they can learn. And what, what resonated with me the most was we brought a high school senior in, he goes, I was with you guys for three months. I learned more in three months, I did four years of high school. And he's like, you set me up for the future. >>Oh my gosh. If there's not validation for you doing in that statement alone. My goodness. Well, you know, some of the things that, that are so many exciting announcements that have come out of this reinvent, so great to be back in person one. Um, but also, you know, being able to help AWS customers become data companies. Because as we were been talking about the last couple of days, every company has to be a data company. You gotta figure it out. If you're, if you haven't by now, there's a competitor right back here, who's ready to take your spot. Talk to us about what excites you about enabling companies to become data companies as we head into 2020. >>Well, for us, everybody has so much data nowadays. You know, I mean even think about cell phones, how much data is stored in that. So each device has so much information, but what do you do with it? So it's great because a lot of these companies are trying to figure out what, how can we use this data to prove that improve the experience for our customers? So that's where we've been coming in and showing them, okay, well, you can take that data. You look at Lisa and John cell phone. You see that they, they love to look up where they're going to go on their next vacation. You can start creating algorithms to make sure that they get the best experience one for the next vacation to make sure it's not a won't Rob the bank. >>Awesome. And going on vacation tomorrow. So I'll be, I'll be expecting some help from you on that. It's been great to have you on the program. Yeah. Congratulations on the success, the partnership, and where can folks go if if young or old years are watching and are interested in working with you, it's the website where they, where can they go to learn more >>Information? So they can go to D L Z P group.com >>DLZ P group.com. Awesome. Lisa, thanks so much for coming back on the program. Great >>To see you. Thank you so much. All >>Right. For John furrier, I'm Lisa Martin and you're watching the cube, the global leader in live tech coverage.

>> We're back at AWS reinvent 2021. You're watching theCUBE. We're here live with one of the first live events, very few live events this year. It's the biggest hybrid event really of the year, of the season. Hopefully it portends a great future. We don't know it's a lot of uncertainty, but AWS said they're going to go for it. Close to 30,000 people here, Chris Wiborg is here. He's the VP of product marketing at Cohesity. Chris, great to see you face to face man. >> It's great to see you live again Dave. You understand that. >> Over the last couple of years we've had a lot of virtual meetup, hang out, and we talk every other quarter. >> Yeah. >> So it's great to see. Wow. You know, we were talking before the show. Well, we didn't really know what it was going to be like. I don't think AWS knew. >> No. >> It's like everything these days. >> You know, we did our own virtual event back in October because that was the time. And this is the first thing we've been back to live. And I was wondering, what's going to be like when I show up, but it's great to see all the folks that are here. >> Yeah. So I could see the booth. You know, you guys have had some good traffic. >> We have, yeah. >> A lot of customers here, obviously huge ecosystem. This, you know, the "flywheel keeps going". >> Yeah. You and I had a conversation recently about data management. It's something that you guys have put a stake in the ground. >> Absolutely. >> Saying, you know, we're not just backup, we're a good data management. It's fuzzy to a lot of people, we've had that conversation, but you're really starting to, through customer feedback, hone that message and the product portfolio. So let's start from the beginning. What is data management to cohesity? >> Well, so for us it's about the data lifecycle, right? And you heard a little bit about this actually during the keynote today, right? >> Right. >> When you think about the various services, you need to apply to data along the way to do basic things like protect it, be able to make sure you can recover from disasters, obviously deal with security today given the prevalence of ransomware out there, all the way down to at the end, how do you get more value out of it? And we do that in some cases with our friends from AWS using some of their AIML services. >> So your view of data may mean, it's kind of stops at the database right underneath. There's an adjacency to security that we've talked about. >> Yeah, very much. >> Data protection is now becoming an increasingly important component of a security strategy. >> It is. >> It's not a direct security play, but it's just the same way that it's not just the SecOps team has to worry about security anymore. It's kind of other parts of the organization. Talk about that a little bit. >> Yeah, well, we actually had a customer advisory board about two months or so ago now. And we talked to many of our customers there, and one of them I won't name, a large financial institution. We asked them, you know, where did we stand in your spend these days? And he's able to tell you, a while back about a year ago, having new backup and recovery is a starting point was kind of on the wishlist. And he said today it's number two. And I said, well why? He said well, because of ransomware, right? You'd be able to come back from that and ask, well, great, what's number one? He said, well, endpoint security. So there you are, number one and number two, right? Top of mind for customers these days in dealing with really the scourge that's affecting so many organizations out there. And I think where you're going, you starting to see these teams work together in a way that perhaps they hadn't before, or you've got the SecOps team, you've got the IT operations team. And while exactly your point, we don't position ourselves as just a data security company, that's part of what we do. We are part of that strategy now where if you have to think about the various stages and dealing with that, defending your backups, 'cause that's often the first point of attack now for the bad guys. Being able to detect what's going on through AI and the anomaly detection and such, and then being able to rapidly recover, right? In the recover phase, that's not something that security guys spend time on necessarily, but it's important for the business to be able to bring themselves back when they're subject to an attack, and that's where we come in in spades. >> Yeah. So the security guys are busy trying to figure out, okay, what happened? How do we stop it from happening again? >> There's another business angle which is okay, how do we get back up and running? How much data did we lose? Ideally none. How fast can we get it back up? That's that's another vector that's now becoming part of that broader security stack. >> That's right. I mean, I think if you look at the traditional NIST cybersecurity framework, right? Stage five has always been the recover piece. And so this is where we're working with some of the players in the security space. You may see an announcement we did with Cisco around secure access recently. Where, you know, we're working together, not only to unite two tribes within large organizations. Right? The SecOps and ITOps guys. But then bringing vendors together because it's through that, that really, we think we're going to solve that problem best. >> Before we get into the portfolio, and I want to talk about how you've evolved that, let's talk a little about ransomware, it's in the news. You know, I just wrote a piece recently and just covered some of the payments that have made. I mean, I think the biggest is 40 million, but many tens of millions here and there. And it was, you know, one case, I think it was the Irish health service did not pay, thus far hasn't paid, but it's costing him $600 million to recover as the estimate. So this is serious threat. And as I've said, many times on theCUBE, exactly anybody can be a ransomware as they go on the dark web. >> Ransomware is a service. >> Right, ransomware is a service. Hey, can you set up a help desk for me to help me negotiate? And I'm going to put a stick into a server and you know, I hope that individual gets arrested but you never know. Okay. So now it's top of mind, what are you guys doing? First of all, what are you seeing from customers? How are they responding? What are you guys doing to help? >> Well, I think you're right. First of all, it's just a huge problem. I think the latest stat I saw was something like every 11 seconds there's a new attack because I can go into your point with a credit card, sign up as a service and then launch an attack. And the average payment is around 4.2 million or such, but there's some that are obviously lots bigger. And I think what's challenging is beyond the costs of recovering and invent itself is there's also the issue around brand and reputation, and customer service. And all these downstream effects that I think, you know, the IT guys don't think about necessarily. We talked to one customer or a regional hospital where the gentleman there told me that what he's starting to see after the fact is now, you've actually got class action suits from patients coming after them saying like, "Hey you, you let my data get stolen. Right? Can you imagine no IT guys thinking about that. So the cost is huge. And so it's not just an issue I think that was once upon a time just for ITOps or SecOps through the CIO, even it's even past the board level now if you can imagine. It's something the general public worries about and we actually did a survey recently where we asked people on the consumer side, are you more or less likely to do business with companies if you know they've been subject to ransomware or attacks? And they said, no, we are concerned about that, we are more reticent to do business with people as consumers if they're not doing the right things to defend their business against ransomware. Fascinating. Right? It's long past the tipping point where this is an IT only issue. >> So, high-level strategy. So we talk about things like air gaps, when I talked about your service to ensure immutability, >> Yeah, yeah. >> And at 50,000 foot level, what's the strategy then I want to get into specifics on it. >> Let's talk a little bit about, so the evolution of the attack, nature of attacks, right? So once upon a time, this is in the distant past now, the bad guys that you used to come after your production data, right? And so that was pretty easy to fix with companies like us. It's just restore from backup. They got a little smarter< let's call that ransomware 2.0, right? Where now, they say, let's go after the backup first and encrypt or destroy that. And so there, to your point, you need immutability down to the file system level. So you can't destroy the backup. You got to defend the backup data itself. And increasingly we're seeing people take in isolation in a different way than they used to. So you probably recall the sort of standard three, two, one rule, right? >> Yeah, sure. >> Where the one traditionally meant, take that data offsite on magnetic tape, send it to Iron mountain for example, and then get the data back when I need it. Well, you know, if your business is at risk, trying to recover from tape, it just takes too long. That's just no reason. >> It can be weeks. >> It can be weeks and you've got to locate the tapes, you got to ship them, then you got to do the restore. And just because of the physical media nature, it takes a while. So what we're starting to see now is people figuring out how to use the cloud as a way to do that and be able to have effectively that one copy stored offsite in a different media, and use the cloud for that. And so one of the things we announced actually back in our show in October, was a new service that allows you to do just that. We're calling it for now Project Fort Knox. We're not sure if that name is going to work globally, right? But the idea is a bunker, an isolated copy of the data in the cloud that's there, that can restore quickly. Now, is it as fast as having a local replica copy? Of course not. But, it's way better than tape. And this is a way to really give you that sort of extra layer of insurance on top of what you're already doing probably to protect your data. >> And I think that's the way to think of it. It's an extra layer. It's not like, hey, do this instead of tape, you're still going to do tape, you know. >> There's some that do that for all sorts of reasons, including compliance and governance and regulatory ones. Right? >> Yeah. >> And, you know, even disaster recovery scenarios of the worst case, I hope I never have to go through it. Yeah, you could go to the cloud. >> That's right. >> So, local copy is the best. If that's not there, you've got your air gap copy in the cloud. >> Yap. >> If that's not there for some crazy reason. >> We have a whole matrix we've been sharing with our customers recently with a different options. Right? And it's actually really interesting the conversation that occurs between the IT operations folks, and the SecOps folks back to that. So, you know, some SecOps folks, if they could, they just unplug everything from the network, it's safe. Right? But they can't really do business that way. So it's always a balance of what's the return that you need to meet. And by return I mean, coming back from an attack or disaster versus the security. And so again, think of this as an extra layer that gives you that ability to sleep better at night knowing that you've got a third, a tertiary copy, stored somewhere offsite in a different media, but you can bring it back at the same time. >> How have you evolve your portfolio to deal with both the data management trends that we've talked about and the cyber threats. >> Yeah. Well, a number of things. So amongst the other announcements we made back in October is DR. So DR is not a security thing per se, you know, who gets paged when something goes wrong? It's not the info SEC guys for DR, it's the ITOps guys. And so we've always had that capability, but one of the things we announced is be able to do that to do that to the cloud now in AWS. So, instead of site to site, being able to do it site to cloud, and for some organizations, that is all about being able to maybe eliminate a secondary site, you know, smaller organizations, others that are larger enterprises, they probably have a hybrid strategy where that's a part of their strategy now. And the value there is, it's an OpEx cost, right? It's not CapEx anymore. And so again, you lower your cost of operations. So that's one thing in the data management side. On the security side, another thing we announced was yet another service that runs in AWS, we call Cohesity Data Govern. And this is a way to take a look at your data before something ever occurs. One of the key things in dealing with ransomware is hygiene is prevention, right? And so you sort of have classically security folks that are trying to protect your data, and then another set of folks, certainly a large enterprise that are more on the compliance regulatory front, wanting to know where your PII is, your private sensitive data. And we believe those things need to come together. So this data governance product actually does that. It takes a look at first classifying your data, and then being able to detect anomalies in terms of who's coming in from where to get to it, to help you proactively understand what's at threat, and first of all, you know, where your crown jewels really are and make sure that you're protecting those appropriately and maybe modifying access policies If you have set up in your existing native applications,. So it's a little bit of awareness, a little bit prevention, and then when things start to go wrong, another layer that helps you know what's wrong. >> I love that the other side of the coin, I mean, you going to get privacy as a service along with my data protection as a service, know that's a better model. Tight on time sir, but the last question. >> Sure. >> The ecosystem. >> Yeah. >> So you mentioned endpoint security, I know identity access is cloud security, and since the remote work has really escalated, we talk about the ecosystem and some of the partnerships that you're enabling, API integration. >> Yeah, totally. So, you know, we have this, what we call our threat defense model, has got four layers to it. One is the core, is all about resiliency. You need to assume failure. We have, you know, the ability to fail over, fail back down our file system. It has to be immutable to keep the bad guys out. You have to have encryption, basic things like that. The next layer, particularly in this world of zero trust. Right? Is you have to have various layers access control, obvious things like multifactor authentication, role-based access control, as well as things like quorum features. It's the two keys in the safety deposit box to unlock it. But that's not enough. The third layer is AI powered anomaly detection, and being able to do data classification and stuff and such. But then the fourth layer, and this was beyond just us, is the ability to easily integrate in that ecosystem. Right? So I'll go back to the Cisco example I gave you before. We know that despite having our own admin console, there's no SecOps person that's going to be looking at that. They're going to look at something like a SecureAX, or maybe a Palo Alto XR, and be able to pull signals from different places including endpoints, including firewall. >> You going to feed that. >> Exactly. So we'll send signals over that, they can get a better view and then because we're all API based, they can actually invoke the remedy on their side and initiate the workflow that then triggers us to do the right thing from a data protection standpoint, and recovery standpoint. >> It's great to have you here. Thanks so much for coming on. >> It's good to see you again live today. >> See you in the evolution of cohesity. Yes, absolutely. Hopefully we do this a lot in 2022, Chris. >> Absolutely, looking forward to. >> All right. Me too. All right, thank you for watching this is theCUBE's coverage, AWS reinvent. We are the leader in high tech coverage, we'll be right back.

(upbeat music playing) >> Welcome to theCUBE's coverage of Couchbase ConnectONLINE Mary Roth, VP of Engineering Operations with Couchbase is here for Couchbase ConnectONLINE. Mary. Great to see you. Thanks for coming on remotely for this segment. >> Thank you very much. It's great to be here. >> Love the fire in the background, a little fireside chat here, kind of happening, but I want to get into it because, Engineering and Operations with the pandemic has really kind of shown that, engineers and developers have been good, working remotely for a while, but for the most part it's impacted companies in general, across the organizations. How did the Couchbase engineering team adapt to the remote work? >> Great question. And I actually think the Couchbase team responded very well to this new model of working imposed by the pandemic. And I have a unique perspective on the Couchbase journey. I joined in February, 2020 after 20 plus years at IBM, which had embraced a hybrid, in-office remote work model many years earlier. So in my IBM career, I live four minutes away from my research lab in Almaden Valley, but IBM is a global company with headquarters on the East Coast, and so throughout my career, I often found myself on phone calls with people around the globe at 5:00 AM in the morning, I quickly learned and quickly adapted to a hybrid model. I'd go into the office to collaborate and have in-person meetings when needed. But if I was on the phone at 5:00 AM in the morning, I didn't feel the need to get up at 4:30 AM to go in. I just worked from home and I discovered I could be more productive there, doing think time work, and I really only needed the in-person time for collaboration. This hybrid model allowed me to have a great career at IBM and raise my two daughters at the same time. So when I joined Couchbase, I joined a company that was all about being in-person and instead of a four minute commute, it was going to be an hour or more commute for me each way. This was going to be a really big transition for me, but I was excited enough by Couchbase and what it offered, that I decided to give it a try. Well, that was February, 2020. I showed up early in the morning on March 10th, 2020 for an early morning meeting in-person only to learn that I was one of the only few people that didn't get the memo. We were switching to a remote working model. And so over the last year, I have had the ability to watch Couchbase and other companies pivot to make this remote working model possible and not only possible, but effective. And I'm really happy to see the results. A remote work model does have its challenges, that's for sure, but it also has its benefits, better work-life balance and more time to interact with family members during the day and more quiet time just to think. We just did a retrospective on a major product release, Couchbase server 7.0, that we did over the past 18 months. And one of the major insights by the leadership team is that working from home actually made people more effective. I don't think a full remote model is the right approach going forward, but a hybrid model that IBM adopted many years ago and that I was able to participate in for most of my career, I believe is a healthier and more productive approach. >> Well, great story. I love the come back and now you take leverage of all the best practices from the IBM days, but how did they, your team and the Couchbase engineering team react? And were there any best practices or key learnings that you guys pulled out of that? >> The initial reaction was not good. I mean, as I mentioned, it was a culture based on in-person, people had to be in in-person meetings. So it took a while to get used to it, but there was a forcing function, right? We had to work remotely. That was the only option. And so people made it work. I think the advancement of virtual meeting technology really helps a lot. Over earlier days in my career where I had just bad phone connections, that was very difficult. But with the virtual meetings that you have, where you can actually see people and interact, I think is really quite helpful. And probably the key. >> What's the DNA of the company there? I mean, every company's got the DNA, Intel's Moore's Law, and what's the engineering culture at Couchbase like, if you could describe it. >> The engineering culture at Couchbase is very familiar to me. We are at our heart, a database company, and I grew up in the database world, which has a very unique culture based on two values, merit and mentorship. And we also focus on something that I like to call growing the next generation. Now database technology started in the late sixties, early seventies, with a few key players and institutions. These key players were extremely bright and they tackled and solved really hard problems with elegant solutions, long before anybody knew they were going to be necessary. Now, those original key players, people like Jim Gray, Bruce Lindsay, Don Chamberlin, Pat Selinger, David Dewitt, Michael Stonebraker. They just love solving hard problems. And they wanted to share that elegance with a new generation. And so they really focused on growing the next generation of leaders, which became the Mike Carey's and the Mohan's and the Lagerhaus's of the world. And that culture grew over multiple generations with the previous generation cultivating, challenging, and advocating for the next, I was really lucky to grow up in that culture. And I've advanced my career as a result, as being part of it. The reason I joined Couchbase is because I see that culture alive and well here. Our two fundamental values on the engineering side, are merit and mentorship. >> One of the things I want to get your thoughts on, on the database questions. I remember, back in the old glory days, you mentioned some of those luminaries, you know, there wasn't many database geeks out there, there was kind of a small community, now, as databases are everywhere. So you see, there's no one database that has rule in the world, but you starting to see a pattern of database, kinds of things are emerging, more databases than ever before, they are on the internet, they are on the cloud, there are none the edge. It's essentially, we're living in a large distributed computing environment. So now it's cool to be in databases because they're everywhere. (laughing) So, I mean, this is kind of where we are at. What's your reaction to that? >> You're absolutely right. There used to be a few small vendors and a few key technologies and it's grown over the years, but the fundamental problems are the same, data integrity, performance and scalability in the face of distributed systems. Those were all the hard problems that those key leaders solved back in the sixties and seventies. They're not new problems. They're still there. And they did a lot of the fundamental work that you can apply and reapply in different scenarios and situations. >> That's pretty exciting. I love that. I love the different architectures that are emerging and allows for more creativity for application developers. And this becomes like the key thing we're seeing right now, driving the business and a big conversation here at the, at the event is the powering of these modern applications that need low latency. There's no more, not many spinning disks anymore. It's all in RAM, all these kinds of different memory, you got centralization, you got all kinds of new constructs. How do you make sense of it all? How do you talk to customers? What's the main core thing happening right now? If you had to describe it. >> Yeah, it depends on the type of customer you're talking to. We have focused primarily on the enterprise market and in that market, there are really fundamental issues. Information for these enterprises is key. It's their core asset that they have and they understand very well that they need to protect it and make it available more quickly. I started as a DBA at Morgan Stanley, back, right out of college. And at the time I think it was, it probably still is, but at the time it was the best run IT shop that I'd ever seen in my life. The fundamental problems that we had to solve to get information from one stock exchange to another, to get it to the SEC are the same problems that we're solving today. Back then we were working on mainframes and over high-speed Datacom links. Today, it's the same kind of problem. It's just the underlying infrastructure has changed. >> Yeah, the key, there has been a big supporter of women in tech. We've done thousands of interviews and why I got you. I want to ask you if you don't mind, career advice that you give women who are starting out in the field of engineering, computer science. What do you wish you knew when you started your career? And if you could be that person now, what would you say? >> Yeah, well, a lot of things I wish I knew then that I know now, but I think there are two key aspects to a successful career in engineering. I actually got started as a math major and the reason I became a math major is a little convoluted. As a girl, I was told we were bad at math. And so for some reason I decided that I had to major in it. That's actually how I got my start, but I've had a great career. And I think there are really two key aspects. First, is that it is a discipline in which respect is gained through merit. As I had mentioned earlier, engineers are notoriously detail-oriented and most are, perfectionists. They love elegant, well thought-out solutions and give respect when they see one. So understanding this can be a very important advantage if you're always prepared and you always bring your A-game to every debate, every presentation, every conversation, you have build up respect among your team, simply through merit. While that may mean that you need to be prepared to defend every point early on, say, in your graduate career or when you're starting, over time others will learn to trust your judgment and begin to intuitively follow your lead just by reputation. The reverse is also true. If you don't bring your A-game and you don't come prepared to debate, you will quickly lose respect. And that's particularly true if you're a woman. So if you don't know your stuff, don't engage in the debate until you do. >> That's awesome advice. >> That's... >> All right, continue. >> Thank you. So my second piece of advice that I wish I could give my younger self is to understand the roles of leaders and influencers in your career and the importance of choosing and purposely working with each. I like to break it down into three types of influencers, managers, mentors, and advocates. So that first group are the people in your management chain. It's your first line manager, your director, your VP, et cetera. Their role in your career is to help you measure short-term success. And particularly with how that success aligns with their goals and the company's goals. But it's important to understand that they are not your mentors and they may not have a direct interest in your long-term career success. I like to think of them as, say, you're sixth grade math teacher. You know, you getting an A in the class and advancing to seventh grade. They own you for that. But whether you get that basketball scholarship to college or getting to Harvard or become a CEO, they have very little influence over that. So a mentor is someone who does have a shared interest in your long-term success, maybe by your relationship with him or her, or because by helping you shape your career and achieve your own success, you help advance their goals. Whether it be the company success or helping more women achieve leadership positions or getting more kids into college on a basketball scholarship, whatever it is, they have some long-term goal that aligns with helping you with your career. And they give great advice. But that mentor is not enough because they're often outside the sphere of influence in your current position. And while they can offer great advice and coaching, they may not be able to help you directly advance. That's the role of the third type of influencer. Somebody that I call an advocate. An advocate is someone that's in a position to directly influence your advancement and champion you and your capabilities to others. They are in influential positions and others place great value in their opinions. Advocates stay with you throughout your career, and they'll continue to support you and promote you wherever you are and wherever they are, whether that's the same organization or not. They're the ones who, when a leadership position opens up will say, I think Mary's the right person to take on that challenge, or we need to move in a new direction, I think Mary's the right person to lead that effort. Now advocates are the most important people to identify early on and often in your career. And they're often the most overlooked. People early on often pay too much attention and rely on their management chain for advancement. Managers change on a dime, but mentors and advocates are there for you for the long haul. And that's one of the unique things about the database culture. Those set of advocates were just there already because they had focused on building the next generation. So I consider, you know, Mike Carey as my father and Mike Stonebraker as my grandfather, and Jim Gray as my great-grandfather and they're always there to advocate for me. >> That's like a schema and a database. You got to have it all right there, kind of teed up. Beautiful. (laughing) Great advice. >> Exactly. >> Thank you for that. That was really a masterclass. And that's going to be great advice for folks, really trying to figure out how to play the cards they have and the situation, and to double down or move and find other opportunities. So great stuff there. I do have to ask you Mary, thanks for coming on the technical side and the product side. Couchbase Capella was launched in conjunction with the event. What is the bottom line for that as, as an Operations and Engineering, built the products and rolled it out. What's the main top line message for about that product? >> Yeah. Well, we're very excited about the release of Capella and what it brings to the table is that it's a fully managed and automated database cloud offering so that customers can focus on development and building and improving their applications and reducing the time to market without having to worry about the hard problems underneath, and the operational database management efforts that come with it. As I mentioned earlier, I started my career as a DBA and it was one of the most sought after and highly paid positions in IT because operating a database required so much work. So with Capella, what we're seeing is, taking that job away from me. I'm not going to be able to apply for a DBA tomorrow. >> That's great stuff. Well, great. Thanks for coming. I really appreciate it. Congratulations on the company and the public offering this past summer in July and thanks for that great commentary and insight on theCUBE here. Thank you. >> Thank you very much. >> Okay. Mary Roth, VP of Engineering Operations at Couchbase part of Couchbase ConnectONLINE. I'm John Furrier, host of theCUBE. Thanks for watching. (upbeat music playing)